Security Tips - Archives
April 2018 Security Tip
Beware of ATM, Debit and Credit Card ‘Skimming’ Schemes
How to help protect yourself from high-tech thieves who steal account information
From FDIC Consumer News
You may have heard in the news that automated teller machines (ATMs) are being targeted by criminals who secretly attach high-tech devices to the machines in order to record consumers' keystrokes and steal or, as it is sometimes called, "skim" personal identification numbers (PINs) along with credit or debit card account numbers. In addition, criminals are known to add similar devices to credit or debit card readers at checkout registers, especially at gas stations, convenience stores or other merchants where customers may be in a hurry and not notice or take the time to report something suspicious.
"Security experts and law enforcement officials warn that card skimming is present in many communities," said Michael Benardo, manager of the FDIC's Cyber Fraud and Financial Crimes Section. "With the information that can be skimmed, a thief can go on an online shopping spree or sell that valuable data to other con artists."
And how do thieves retrieve the data they gather? Some return to the scene of the crime to remove their devices, while others can communicate electronically with their hardware using a laptop or mobile phone and wireless connections.
Through the years, FDIC Consumer News has warned readers to be on the lookout for keystroke-recording devices on ATMs or checkout registers.
Here's a reminder of the different kinds of skimming devices and what to look for:
- Card-reader overlays: The most common ATM skimmer, and perhaps the easiest device to detect, is the card-reader overlay. It is made of plastic and fits over the slot where you insert your card. As you insert your card, the device reads the data from your card and stores it. How can you tell if there's an overlay hiding an illegal card reader? "Before inserting your card, look at the card reader for signs it has been altered," said Amber Holmes, a financial crimes information specialist with the FDIC. "Be suspicious if your card doesn't easily go into the machine or if the card reader appears loose, crooked or damaged, or if you notice scratches, glue, adhesive tape or other possible signs of tampering."
- Hidden cameras: While banks typically have security cameras near their ATMs to keep an eye on the area, thieves sometimes hide tiny cameras on or around ATMs. "If positioned correctly, a brochure holder on an ATM is the perfect place to hide a mini-camera that can record PIN numbers as customers type them," warned Benardo. "Also check for tiny holes in the ATM housing or in something else that looks like it was hastily stuck onto the ATM to cover a small camera."
- PIN-capture overlays: Criminals have been known to attach dummy keypads over an ATM's real keypad to record and capture PIN numbers as they are entered. The keypad might be fake if it looks too thick or different from what you're used to seeing.
- Fake ATM faceplates: Some thieves go as far as placing a fake ATM cover that could contain card-reader overlays, hidden cameras and PIN-capture overlays over some or all of a real, fully operating machine. "The best way to determine if an ATM has a false cover is to look for flaws like loose wires, seams that are not flush and slots or keypads that look out of place," said Holmes.
What should you do if you believe your debit or credit card account has been compromised?
There are consumer protection regulations that can help. For example, the Electronic Funds Transfer Act (EFTA) and the Consumer Financial Protection Bureau's (CFPB's) "Regulation E" limit a consumer's liability for losses from unauthorized transactions using his or her ATM or debit card or card numbers. If your debit card or the card number is used to make an unauthorized withdrawal from a checking or savings account, you can minimize your losses by contacting your bank as soon as possible. Your maximum liability under the EFTA is $50 if you notify your bank within two business days after learning of the loss. If you wait longer, you could lose more, according to the law. If it's your credit card number that is used without your authorization, your liability is normally capped by the Truth in Lending Act (TILA) and the CFPB's "Regulation Z" at $50 for all unauthorized transactions, and remaining credit card losses are typically absorbed by the card issuer.
"Even consumers who know the telltale signs of a skimming device may inadvertently use an ATM or a sales terminal that has been tampered with. That's why it's great to know that there are consumer protections available," said Tracie Greenway Morris, an FDIC senior community affairs specialist.
Some other worthwhile precautions you can take include:
- Do not use an ATM or a credit or debit card reader if anything looks suspicious, such as loose or extra parts. Alert the machine owner or the police immediately.
- Avoid ATMs in remote places, especially if the area is not well lit or not visible to security cameras and the general public. "ATMs in secluded locations are more likely to be altered," Benardo said.
- Go elsewhere if you see a sign directing you to only one of multiple ATMs in a location. It could be the machine that was tampered with by a crook.
- Shield the keypad with your hand when typing your PIN at the ATM or a retailer's checkout area. Doing so won't protect you from skimmers who use keypad overlays, but it will block the view of a hidden camera.
- Regularly check your bank and credit card accounts for unauthorized transactions, even small transactions that you think might not be worth reporting to your bank. "Thieves might make low-dollar withdrawals or charges as a way to test a counterfeit debit or credit card before they use it for big-dollar transactions," Holmes explained. "If you spot a potential problem, notify your bank as quickly as possible."
Check back next month for more tips and tricks to protect your financial information.
March 2018 Security Tip
Beware of Malware: Think Before You Click!
From FDIC Consumer News
Malicious software — or “malware” for short — is a broad class of software built with malicious intent. “You may have heard of malware being referred to as a ‘computer bug’ or ‘virus’ because most malware is designed to spread like a contagious illness, infecting other computers it comes into contact with,” said Michael Benardo, manager of the FDIC’s Cyber Fraud and Financial Crimes Section. “And if you don’t protect your computer, it could become infected by malware that steals your personal financial information, spies on you by capturing your keystrokes, or even destroys data.”
Law enforcement agencies and security experts have seen an increase in a certain kind of malware known as “ransomware,” which restricts someone’s access to a computer or a smartphone — literally holding the device hostage — until a ransom is paid. While businesses have been targeted more than consumers to date, many home computer users have been victims of ransomware.
The most common way malware spreads is when someone clicks on an email attachment — anything from a document to a photo, video or audio file. Criminals also might try to get you to download malware by including a link in the wording of an email or in a social media post that directs you somewhere else, often to an infected file or web page on the Internet. The link might be part of a story that sounds very provocative, such as one with a headline that says, “How to Get Rich” or “You Have to See This!”
Malware also can spread across a network of linked computers, be downloaded from an infected website, or be passed around on a contaminated portable storage device, such as a thumb drive or flash drive.
Here are reminders, plus additional tips on how to generally keep malware off your computer.
Don’t immediately open email attachments or click on links in unsolicited or suspicious-looking emails. Think before you click! Cybercriminals are good at creating fake emails that look legitimate but can install malware. Either ignore unsolicited requests to open attachments or files or independently verify that the supposed source did send the email to you (by using a published email address or telephone number). “Even if the attachment is from someone you know, consider if you really need to open the attachment, especially if the email looks suspicious,” added Benardo.
Install good anti-virus software that periodically runs to search for and remove malware. Make sure to set the software to update automatically and scan for the latest malware.
Be diligent about using spam (junk mail) filters provided by your email provider. These services help block mass emails that might contain malware from reaching your email inbox.
Don’t visit untrusted websites and don’t believe everything you read. Criminals might create fake websites and pop-ups with enticing messages intended to draw you in and download malware. “Anyone can publish information online, so before accepting a statement as fact or taking action, verify that the source is reliable,” warned Amber Holmes, a financial crimes information specialist with the FDIC. “And please, don’t click on a link to learn more. If something sounds too good to be true, then most likely it’s fraudulent or harmful.”
Be careful if anyone — even a well-intentioned friend or family member — gives you a disk or thumb drive to insert in your computer. It could have hidden malware on it. “Don’t access a disk or thumb drive without first scanning it with your security software,” said Holmes. “If you are still unsure, don’t take a chance.”
February 2018 Security Tip
Protecting Your Mobile Device
Your mobile device provides convenient access to your email, bank and social media accounts. Unfortunately, it can potentially provide the same convenient access for criminals. The American Bankers Association recommends following these tips to keep your information – and your money – safe.
- Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.
- Log out completely when you finish a mobile banking session.
- Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.
- Use caution when downloading apps. Apps can contain malicious software, worms, and viruses. Beware of apps that ask for unnecessary “permissions” and delete unused or rarely used apps.
- Download the updates for your phone and mobile apps.
- Avoid storing sensitive information like passwords or a social security number on your mobile device.
- Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you’re punching in sensitive information.
- Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
- Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don’t know. And be wary of ads (not from your security provider) claiming that your device is infected.
- Watch out for public Wi-Fi. Public connections aren't very secure, so don’t perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network.
- Report any suspected fraud to immediately.
January 2018 Security Tip
Taking Charge of Smartphone Safety
It may be small enough to fit in the palm of your hand, but the part it plays in your daily life is huge. It's your smartphone — and your connection to your prized photos, important calendar dates, and the phone numbers of nearly everyone you know. Most of us don't realize how vital our smartphones are to our lives until we lose them or they are no longer functioning. That's why it's so important to make protecting your smartphone — and the personal information it holds — a priority. Here are some tips:
- Use a Password or PIN. Your smartphone is great in your hands, but in someone else's hands, it could be dangerous, especially if you have personal or financial information easily accessible. To protect yourself, set a PIN or password on your phone.
- Regularly update your operating system. Although downloading updates on your operating system may be inconvenient at times, it's an easy way to ensure you have the latest security features on your device.
- Buy safe apps. Be sure to purchase apps from companies you know and trust.
- Avoid public charging stations. When you're out and about and your battery is low, it's tempting to charge your phone at public charging stations often available at airports and malls. Connecting your phone to these public ports can put your phone at risk for a data breach from a hacker. It's much safer to invest in a portable battery charger.
- Watch your wireless and Bluetooth connections. If you want to save money on your data usage fees, you'll likely want to connect to wireless networks. However, public wireless networks can present a serious security risk. One way to protect yourself is to switch off a wireless connection if you are not using it. You should do the same with your Bluetooth connection. You'll not only protect yourself, but also conserve your battery.
One of the smartest moves you can make to protect the information on your device is to regularly back up your data. That way if the unthinkable happens – you get separated from your smartphone — you'll still have access to the information you need.
Check back next month for more tips and tricks to protect your financial information.
December 2017 Security Tip
Tips for Shopping Online
Federal Trade Commission Consumer Information
The holiday season is in full swing. As you join the ranks of online shoppers, be sure to keep your personal and financial information safe.
Know who you're dealing with.
Anyone can set up shop online under almost any name. Confirm the online seller's physical address and phone number in case you have questions or problems. And if you get an email or pop-up message that asks for your financial information while you’re browsing, don't reply or follow the link. Legitimate companies don't ask for information that way.
Know what you're buying.
Read the seller's description of the product closely, especially the fine print. Words like "refurbished," "vintage," or "close-out" may indicate that the product is in less-than-mint condition, while name-brand items with bargain basement prices could be counterfeits.
Know what it will cost.
Check out websites that offer price comparisons and then compare "apples to apples." Factor shipping and handling into the total cost of your purchase. Do not send cash or money transfers under any circumstances.
Check out the terms of the deal, like refund policies and delivery dates.
Can you return the item for a full refund if you're not satisfied? If you return it, who pays the shipping costs or restocking fees, and when you will get your order? A Federal Trade Commission (FTC) rule requires sellers to ship items as promised or within 30 days after the order date if no specific date is promised. Many sites offer tracking options, so you can see exactly where your purchase is and estimate when you’ll get it.
Pay by credit card.
If you pay by credit or charge card online, your transaction will be protected by the Fair Credit Billing Act. Under this law, you can dispute charges under certain circumstances and temporarily withhold payment while the creditor investigates them. In the event that someone uses your credit card without your permission, your liability generally is limited to the first $50 in charges. Some companies guarantee that you won’t be held responsible for any unauthorized charges made to your card online; some cards provide additional warranty, return, and purchase protection benefits.
Print or save records of your online transactions, including the product description and price, the online receipt, and the emails you send and receive from the seller. Read your credit card statements as you receive them; be on the lookout for charges that you don’t recognize.
Protect Your Information
Don't email any financial information. Email is not a secure method of transmitting financial information like your credit card, checking account, or Social Security number. If you begin a transaction and need to give your financial information through an organization's website, look for indicators that the site is secure, like a URL that begins "https" (the "s" stands for secure). Unfortunately, no indicator is foolproof; some fraudulent sites have forged security icons.
November 2017 Security Tip
Don't Fall Victim to the "Grandparent" Scam
ABA Consumer News
In 2016, the Federal Trade Commission received more than 400,000 complaints from consumers reporting that they’d been exposed to impersonation scams. The “grandparent scam” is one type that deliberately targets older Americans.
To commit this crime, fraudsters call claiming to be a family member in serious trouble and in need of money immediately. The scammer might say he’s stranded or has been mugged, and call in the middle of the night to add to the urgency and confusion. Once the money is wired, the victim later finds out that it wasn’t their grandchild they were helping, it was a criminal.
- Confirm the caller. Fraudsters are using social networking sites to gain the personal information of friends and relatives to carry out their crimes. Verify the caller by calling them back on a known number or consult a trusted family member before acting on any request.
- Don’t be afraid to ask questions. Fraudsters want to execute their crimes quickly. In this type of scam, they count on fear and your concern for your loved one to make you act before you think. The more questions you ask the more inclined they will be to ditch the scam if they suspect you’re on to them.
- Never give personal information to anyone over the phone unless you initiated the call and the other party is trusted.
- Never rush into a financial decision and trust your instincts. Don’t be fooled—if something doesn’t feel right, it may not be right. Feel free to say no and get more information before you send money to someone.
For more information, please visit www.aba.com/seniors.
Check back next month for more tips and tricks to protect your financial information.
October 2017 Security Tip
A Cyber Security Checklist
FDIC Consumer News
Reminders about 10 simple things bank customers can do to help protect their computers and their money from online criminals.
- Have computer security programs running and regularly updated to look for the latest threats. Install anti-virus software to protect against malware (malicious software) that can steal information such as account numbers and passwords, and use a firewall to prevent unauthorized access to your computer.
- Be smart about where and how you connect to the Internet for banking or other communications involving sensitive personal information. Public Wi-Fi networks and computers at places such as libraries or hotel business centers can be risky if they don't have up-to-date security software.
- Get to know standard Internet safety features. For example, when banking or shopping online, look for a padlock symbol on a page (that means it is secure) and "https://" at the beginning of the Web address (signifying that the website is authentic and encrypts data during transmission).
- Ignore unsolicited emails asking you to open an attachment or click on a link if you're not sure it's who truly sent it and why. Cybercriminals are good at creating fake emails that look legitimate, but can install malware. Your best bet is to either ignore unsolicited requests to open attachments or files or to independently verify that the supposed source actually sent the email to you by making contact using a published email address or telephone number.
- Be suspicious if someone contacts you unexpectedly online and asks for your personal information. A safe strategy is to ignore unsolicited requests for information, no matter how legitimate they appear, especially if they ask for information such as a Social Security number, bank account numbers and passwords.
- Use the most secure process you can when logging into financial accounts. Create "strong" passwords that are hard to guess, change them regularly, and try not to use the same passwords or PINs (personal identification numbers) for several accounts.
- Be discreet when using social networking sites. Criminals comb those sites looking for information such as someone's place of birth, mother's maiden name or a pet's name, in case those details can help them guess or reset passwords for online accounts.
- Be careful when using smartphones and tablets. Don't leave your mobile device unattended and use a device password or other method to control access if it's stolen or lost.
- Parents and caregivers should include children in their cybersecurity planning. Talk with your child about being safe online, including the risks of sharing personal information with people they don't know, and make sure the devices they use to connect to the Internet have up-to-date security.
- Small business owners should have policies and training for their employees on topics similar to those provided in this checklist for customers, plus other issues that are specific to the business. For example, consider requiring more information beyond a password to gain access to your business's network, and additional safety measures, such as requiring confirmation calls with your financial institution before certain electronic transfers are authorized.
September 2017 Security Tip
Financial Readiness in an Emergency
Unfortunately, the news in recent months has been full of headlines about natural disasters across the country. Home is where most people feel safe and comfortable. But sometimes when a hurricane, flood, tornado, wildfire, or other disaster strikes it's safest to pack up and go to another location.
When it comes to preparing for situations like weather emergencies, financial readiness is as important as a flashlight with fully charged batteries. Leaving your home can be stressful, but knowing that your financial documents are up-to-date, in one place, and portable can make a big difference at a difficult time.
Here are some tips for financial readiness in case of an emergency:
Conduct a household inventory. Make a list of your possessions and document it with photos or a video. This could help if you are filing insurance claims. Keep one copy of your inventory in your home on a shelf in a lockable, fireproof file box; keep another in a safe deposit box or other secure location.
Buy a lockable, fireproof file box. Place important documents in the box; keep the box in a secure, accessible location on a shelf in your home so that you can "grab it and go" if the need arises. Among the contents:
- your household inventory
- a list of emergency contacts, including family members who live outside your area
- copies of current prescriptions
- health insurance cards or information
- policy numbers for auto, flood, renter's, or homeowner's insurance, and a list of telephone numbers of your insurance companies
- copies of other important financial and family records (or notes about where they are) including deeds, titles, wills, birth and marriage certificates, passports, and relevant employee benefit and retirement documents. Except for wills, keep originals in a safe deposit box or some other location. If you have a will, ask your attorney to keep the original document.
- a list of phone numbers or email addresses of your creditors, financial institutions, landlords, and utility companies (sewer, water, gas, electric, telephone, cable)
- a list of bank, loan, credit card, mortgage, lease, debit and ATM, and investment account numbers
- Social Security cards
- backups of financial data you keep on your computer
- an extra set of keys for your house and car
- the key to your safe deposit box
- a small amount of cash or traveler's checks (financial institutions or ATMs may be closed)
Consider renting a safe deposit box for storage of important documents. Original documents to store in a safe deposit box might include:
- deeds, titles, and other ownership records for your home, autos, RVs, or boats
- credit, lease, and other financial and payment agreements
- birth certificates, naturalization papers, and Social Security cards
- marriage license/divorce papers and child custody papers
- passports and military papers (if you need these regularly, you could place the originals in your fireproof box and a copy in your safe deposit box)
- appraisals of expensive jewelry and heirlooms
- certificates for stocks, bonds, and other investments and retirement accounts trust agreements
- living wills, powers of attorney, and health care powers of attorney insurance policies
- home improvement records
- household inventory documentation
- a copy of your will
Choose an out-of-town contact. Ask an out-of-town friend or relative to be the point of contact for your family, and make sure everyone in your family has the information. After some emergencies, it can be easier to make a long distance call than a local one.
Update all your information. Review the contents of your household inventory, your fireproof box, safe deposit box, and the information for your out-of-town contact at least once a year.
August 2017 Security Tip
Advanced Password Tips and Tricks
Federal Trade Commission Consumer Information
Time to create another password? Make it a secure one. A little extra attention when you create a strong password can prevent an attacker from getting access to your account.
Your password should be long, complex, and unique. Here are additional steps you can take to help create strong passwords and secure your accounts:
- Avoid common words, phrases, or information. Don't use information available to others like your birthday, phone number, or Social Security number. Attackers often use a dictionary of previously exposed passwords and information gathered from the internet to help them guess a password.
- Change passwords quickly if there is a breach. Attackers who steal data from companies often obtain password information. If you receive a notification from a company about a possible breach, change that password and any account that uses a similar password immediately.
- Consider a password manager. Most people have trouble keeping track of all their passwords. Consider storing your passwords and security questions in a password manager, an easy-to-access application that allows you store all your valuable password information in one place. Use a strong password to secure the information in your password manager.
What about security questions? If you forget your password, many companies require you to answer security questions to regain access. Here are some tips to make sure an attacker can't use your security questions as a way to get into your account:
- Select security questions where only you know the answer. Many security questions ask for answers to information available in public records or online, like your zip code, mother's maiden name, birth place. That is information a motivated attacker can obtain.
- Don't use answers to security questions that can be guessed. An attacker can guess the answer to a security question that has a limited number of responses (dates, colors, states, countries). Avoid questions like "What state were you born in?" or "What color was your first car?" which allow an attacker to guess all possible answers.
- Don't give a generic answer to a security question. Find an answer to a security question that you will remember but is also more complicated than a generic word. For example, if the security question asks "What is your favorite childhood memory?" the answer "watching the Dodgers with my mom" is more secure than "baseball."
July 2017 Security Tip
10 Scams Targeting Bank Customers
From FDIC Consumer News - Summer 2017
The FDIC often hears from bank customers who believe they may be the victims of financial fraud or theft, and our staff members provide information on where and how to report suspicious activity. To help further, FDIC Consumer News includes crime prevention tips in practically every issue. As part of that coverage, we feature here a list of 10 scams that you should be aware of, plus key defenses to remember.
- Government “imposter” frauds: These schemes often start with a phone call, a letter, an email, a text message or a fax supposedly from a government agency, requiring an upfront payment or personal financial information, such as Social Security or bank account numbers.
“They might tell you that you owe taxes or fines or that you have an unpaid debt. They might even threaten you with a lawsuit or arrest if you don’t pay,” said Michael Benardo, manager of the FDIC’s Cyber Fraud and Financial Crimes Section. “Remember that if you provide personal information it can be used to commit fraud or be sold to identity thieves. Also, federal government agencies won’t ask you to send money for prizes or unpaid loans, and they won’t ask you to wire money to pay for anything.”
- Debt collection scams: Be on the lookout for fraudsters posing as debt collectors or law enforcement officials attempting to collect a debt that you don’t really owe. Red flags include a caller who won’t provide written proof of the debt you supposedly owe or who threatens you with arrest or violence for not paying.
- Fraudulent job offers: Criminals pose online or in classified advertisements as employers or recruiters offering enticing opportunities, such as working from home. But if you’re required to pay money in advance to “help secure the job” or you must provide a great deal of personal financial information for a “background check,” those are red flags of a potential fraud.
Another variation on this scam involves fake offers of part-time jobs as “mystery shoppers,” who are people paid to visit retail locations and then submit confidential reports about the experience. In an example of the fraudulent version, your job might be to receive a $500 check, go “undercover” to your bank, deposit the check into your account there, and then report back about the service provided. But you also would be instructed to immediately wire your new “employer” $500 out of your bank account to cover the check you just deposited. Days later, the bank will inform you that the check you deposited is counterfeit and you just lost $500 to thieves. One warning sign of this type of scam is that the potential employer requires you to have a bank account.
- “Phishing” emails: Scam artists send emails pretending to be from banks, popular merchants or other known entities, and they ask for personal information such as bank account numbers, Social Security numbers, dates of birth and other valuable details. The emails usually look legitimate because they include graphics copied from authentic websites and messages that appear valid.
“We have also seen emails with links to fake websites that are exact copies of real websites for FDIC-insured banks, except the web addresses are slightly different than the real ones,” said Doreen Eberley, director of the FDIC’s Division of Risk Management Supervision, which is in charge of the agency’s policies and programs related to financial crimes. “These sites are used to trick people into giving up valuable personal information that can be used to commit identity theft.”
- Mortgage foreclosure rescue scams: Today, many homeowners who are struggling financially and risk losing their homes may be vulnerable to false promises to refinance a mortgage under better terms or rates. But borrowers should always be on the lookout for scammers who falsely claim to be lenders, loan servicers, financial counselors, mortgage consultants, loan brokers or representatives of government agencies who can help avoid a mortgage foreclosure and offer a great deal at the same time. These criminals will present homeowners with what sounds like the life-saving offer they need. Instead, the homeowner is required to pay significant upfront fees or, even worse, tricked into signing documents that, in the fine print, transfer the ownership of the property to the criminal involved. Common warning signs of fraudulent mortgage assistance offers include a “guarantee” that foreclosure will be avoided and pressure to act fast.
- Lottery scams: You might be told you won a lottery (typically one that you never entered) and asked to first send money to the “lottery company” to cover certain taxes and fees. Similar examples involve bogus prize winnings and sweepstakes. “In one example, a scammer sent a letter to people using falsified FBI and FDIC letterhead telling them they won a popular, well-known lottery but that they needed to send money by wire transfer to a lottery ‘official’ in order to secure the winnings,” Benardo said. “The ‘official’ was really a crook hoping to trick people into sending money.”
- Elder frauds: Thieves sometimes target older adults to try to cheat them out of some of their life savings. For example, telemarketing scams may involve sales of bogus products and services that will never be delivered. Warning signs include unsolicited phone calls asking for a large amount of money before receiving the goods or services, and special offers for senior citizens that seem too good to be true, like an investment “guaranteeing” a very high return. To help seniors and their caregivers avoid financial exploitation, the FDIC and the Consumer Financial Protection Bureau have developed Money Smart for Older Adults, a curriculum with information and resources.
- Overpayment scams: This popular scam starts when a stranger sends a consumer or a business a check for something, such as an item being sold on the internet, but the check is for far more than the agreed-upon sales price. The scammer then tells the consumer to deposit the check and wire the difference to someone else who is supposedly owed money by the same check writer. In a few days, the check is discovered to be a counterfeit, and the depositor may be held responsible for any money wired out of the bank account. Victims may end up owing thousands of dollars to the financial institution that wired the money, and sometimes they’ve also sent the merchandise to the fraud artists, too.
- "Ransomware": This term refers to malicious software that holds a computer, smartphone or other device hostage by restricting access until a ransom is paid. The most common way ransomware and other malicious software spreads is when someone clicks on an infected email attachment or a link in an email that leads to a contaminated file or website. Malware also can spread across a network of linked computers or be passed around on a contaminated storage device, such as a thumb drive.
- Jury duty scams: A thief makes phone calls pretending to be a law enforcement official warning innocent people that they failed to appear for jury duty and threating an arrest unless a “fine” is paid immediately. And to pay up, the caller asks for debit account and PIN numbers, allowing the perpetrator to create a fake debit card and drain the account.
For more information, please visit the FDIC Consumer News website.
June 2017 Security Tip
Protecting the Elderly From Financial Abuse
From American Bankers' Association
You, or someone you know, could become the victim of a growing crime in America — financial abuse of older Americans. Seniors are increasingly becoming targets for financial abuse. As people over 50 years old control over 70 percent of the nation's wealth, fraudsters are using new tactics to take advantage of retiring baby boomers and the growing number of older Americans. Senior financial abuse is estimated to have cost victims at least $2.9 billion last year alone.
What Is Elder Financial Abuse?
It’s a crime that deprives older adults of their resources and ultimately their independence. Anyone who sees signs of theft, fraud, misuse of a person’s assets or credit, or use of undue influence to gain control of an older person’s money or property should be on the alert. Those are signs of possible exploitation. Older Americans that may have disabilities or rely on others for help can be susceptible to scams and other fraud. Advances in technology can also make it difficult for seniors to know who to trust and what's safe.
Despite these threats, taking simple steps to safeguard personal information and being aware of warning signs can protect aging men and women from financial abuse.
Tips for Seniors: What should you do to protect yourself?
- Plan ahead to protect your assets and to ensure your wishes are followed. Talk to someone at your financial institution, an attorney, or financial advisor about the best options for you.
- Shred receipts, bank statements and unused credit card offers before throwing them away.
- Carefully choose a trustworthy person to act as your agent in all estate-planning matters.
- Lock up your checkbook, account statements and other sensitive information when others will be in your home.
- Order copies of your credit report once a year to ensure accuracy.
- Never give personal information, including Social Security Number, account number or other financial information to anyone over the phone unless you initiated the call and the other party is trusted.
- Never pay a fee or taxes to collect sweepstakes or lottery “winnings.”
- Never rush into a financial decision. Ask for details in writing and get a second opinion.
- Consult with a financial advisor or attorney before signing any document you don’t understand.
- Get to know your banker and build a relationship with the people who handle your finances. They can look out for any suspicious activity related to your account.
- Check references and credentials before hiring anyone. Don’t allow workers to have access to information about your finances.
- Pay with checks and credit cards instead of cash to keep a paper trail.
- Feel free to say “no.” After all, it’s your money.
- You have the right not to be threatened or intimidated. If you think someone close to you is trying to take control of your finances, call your local Adult Protective Services or tell someone at your bank.
- Trust your instincts. Exploiters and abusers often are very skilled. They can be charming and forceful in their effort to convince you to give up control of your finances. Don’t be fooled—if something doesn’t feel right, it may not be right. If it sounds too good to be true, it probably is.
May 2017 Security Tip
Laptop Security Tips
From The Federal Trade Commission
A minor distraction is all it takes for a laptop to vanish. If it goes missing, all the valuable information stored on it may fall into the hands of an identity thief. Keep these tips in mind when you’re out and about with your laptop:
Treat your laptop like cash: If you had a wad of money sitting out in a public place, would you turn your back on it — even for just a minute? Would you put it in checked luggage? Leave it on the backseat of your car? Of course not. Keep the same watchful eye on your laptop as you would on your cash.
Lock your laptop with a security cable: In the office, a hotel, or some other public place, use a laptop security cable. Attach it to something immovable or to a heavy piece of furniture — say, a table or a desk.
Be on guard in airports and hotels: Keep your eye on your laptop as you go through airport security. Hold onto it until the person in front of you has gone through the metal detector — and keep an eye out when it emerges on the other side. The confusion and shuffle of security checkpoints can be fertile ground for theft. If you stay in hotels, a security cable may not be enough. Store your laptop in the safe in your room. If you leave your laptop attached to a security cable in your hotel room, consider hanging the "do not disturb" sign on your door.
Consider an alarm: Depending on your security needs, an alarm on your laptop can be a useful tool. Some laptop alarms sound when there's unexpected motion, or when the computer moves outside a specified range. A program that reports the location of your stolen laptop once it's connected to the internet also can be useful.
Consider carrying your laptop in something else less obvious than a laptop case:When you take your laptop on the road, carrying it in a computer case may advertise what's inside. Consider using a suitcase, a padded briefcase, or a backpack instead.
Don't leave it — even for just a minute:
Your conference colleagues seem trustworthy, so you're comfortable leaving your laptop while you network during a break. The people at the coffee shop seem nice, so you ask them to keep an eye on it while you use the restroom. Not a good idea.
Don't leave your laptop unguarded — even for a minute: Take it with you if you can, or at least use a cable to secure it to something heavy.
Don't leave your laptop in a car:Parked cars are a favorite target of laptop thieves. If you have no choice and you must leave it in your car, keep it locked up and out of sight.
Don’t put your laptop on the floor:No matter where you are in public — at a conference, a coffee shop, or a registration desk — don’t put your laptop on the floor. If you must put it down, place it between your feet or up against your leg so you remember that it’s there.
Don’t keep passwords with your laptop or in its case: Remembering strong passwords or access numbers can be a challenge. However, leaving them in your laptop carrying case or on your laptop is like leaving your keys in your car. Don’t make it easy for a thief to get to your personal or corporate information.
Telephone Banking Safety Tips
From FDIC Consumer News
Being aware of Vishing is an important part of telephone banking safety. Vishing (or voice phishing) is when fraudsters obtain personal details through the phone asking you to reveal or key-in confidential details. Fraudsters could contact you via calls, text messages, voice messages, etc. Please ensure that you do not respond to such unsolicited communications.
You know that it is an attempt at vishing when:
• You receive promotional messages asking you to provide confidential information.
• You receive calls made from persons claiming to be a bank representative who do not know your first and last name. Keep in mind, Washington Trust will never call to ask for your Social Security Number, Account Number or Debit Card Number. If you receive a call from someone indicating they are from Washington Trust or are affiliated with a service; and personal identifying information is requested, hang up and contact Washington Trust directly.
• You receive an automated call telling you that transactions have taken place on your account and instructing you to either provide confidential bank account information or call back a particular number. Always refer to advertised Telephone Banking phone numbers from Washington Trust (800-226-5877 or 401-348-1399). If the telephone number seems suspicious, do not provide any information whether you’re talking with a live person or responding to automated prompts using a touch tone phone.
Additional telephone safety tips:
• Do not share or write down your account number or PIN.
• Select a PIN that’s easy for you to remember but that is not easily researched. Avoid using the last four digits of your Social Security Number, Account Number or Date of Birth. Also, avoid simple sequences such as 1234 or 1111.
• Do not access the telephone banking system through public phones.
Avoiding Scams: Sticking to the Basics Can Go a Long Way
From FDIC Consumer News
There is plenty of information available to consumers to help avoid being a fraud or theft victim. "But some people complain that there is too much to remember and that being vigilant can be a daunting task," said Millie Spencer, a financial crimes specialist with the FDIC. Here's a short list of simple ways to avoid many financial crimes.
Never provide passwords, credit or debit card information, Social Security numbers and similar personal information in response to an unsolicited text message, e-mail, call or letter. An identity thief can use this information to apply for credit cards or loans, access your bank accounts online or otherwise commit fraud using your name.
Crooks often send e-mails, text messages or phone messages that appear to be from a legitimate, trusted organization asking consumers to "verify" or "update" personal information. The scam is called phishing because the criminals throw out bait in hopes of luring a consumer into biting.
Criminals also create bogus web sites in hopes that consumers will enter valuable personal information. "We've seen everything from fake bank web sites to sites offering payday loans or credit repair services," added Michael Benardo, Manager of the FDIC's Cyber Fraud and Financial Crimes Section. "Some of these sites offer incredibly low prices or other enticing promotions."
And, as Spencer noted, "Always be suspicious of these types of requests because a legitimate organization would not solicit updates in an unsecured manner for information it already has."
Think twice before opening attachments or clicking on links in unsolicited e-mails and text messages. These messages may install "malware" (malicious software) on your computer or cellphone. "This software could allow crooks to spy on you and gain access to your online banking sites," explained Benardo.
To confirm a message's validity, contact the supposed sender. "But don't automatically assume the contact information listed in the e-mail is accurate," said Benardo. He recommended finding the telephone number, web site or e-mail address from an independent, reliable source.
Deal only with reputable merchants, service providers and charities. Friends and family may be able to provide recommendations. You can search for complaints against a business by contacting your state or local consumer affairs office and your local Better Business Bureau. There also are popular sites on the Internet for consumer ratings and reviews of businesses.
Fraud artists also claim to be from legitimate charitable organizations — especially after a major disaster — and ask for "donations." The Better Business Bureau's Wise Giving Alliance and other organizations can help you find legitimate charities with good reputations.
Be on guard against counterfeit checks, cashier's checks or money orders. These often are associated with scams that say you have won a lottery or other prize, are bogus work-from-home offers, or are attempts to steal something you are selling on the Internet.
They can also be associated with offers to purchase items you are selling online or through classified ads. Be especially leery if you get a check for more than the amount due and you're instructed to return the difference by depositing the check and wiring the excess amount to the other party's account or to an associate. If the check turns out to be counterfeit, you will be out the money regardless of whether you sent a check, wire or cash.
Be wary of unsolicited investment offers that sound too good to pass up or that require you to act fast. "Statements about low-risk investments with ‘guaranteed returns' that are unusually high are red flags," said Luke W. Reynolds, Acting Associate Director in the FDIC's Division of Depositor and Consumer Protection.
He also advised walking away from any offer that involves pressure to pay cash or provide personal information right away.
Protect your mail and other documents at home. Thieves know that credit card or bank statements and other documents contain valuable, confidential information. Try to use a secure mailbox for your incoming mail. Keep bank and credit card statements, tax returns, credit and debit cards and blank checks secure, even at home. Also shred sensitive documents before discarding them. Similarly, use an updated security program to protect your computer.
Look at your bank statements and credit card bills as soon as they arrive. Immediately report any discrepancy or anything suspicious, such as an unauthorized withdrawal or charge, to your financial institution.
Periodically review your credit reports and dispute any inaccurate information, which could indicate identity theft. You are entitled to a free copy from each of the nation's three major credit bureaus every 12 months.
To learn more about protecting yourself from common financial frauds, see back issues of FDIC Consumer News at www.fdic.gov/consumernews.
The Taxman Cometh
The income tax filing season has begun and important tax documents should be arriving in your mailbox. Even though your return is not due until April, you can make tax time easier on yourself with an early start.
Here are the Internal Revenue Service's top 10 tips to ensure a smooth tax-filing process.
- Gather your records. Round up any documents you'll need when filing your taxes: receipts, canceled checks and other documents that support income or deductions you're claiming on your return.
- Be on the lookout. W-2s and 1099s will be coming soon; you'll need these to file your tax return.
- Have a question? Use the Interactive Tax Assistant available on the IRS website to find answers to your tax questions about credits, deductions, general filing questions and more.
- Use Free File. Let Free File do the hard work for you with brand-name tax software or online fillable forms. It's available exclusively at www.irs.gov. Everyone can find an option to prepare their tax return and e-file it for free. If you made $57,000 or less, you qualify to use free tax software offered through a private-public partnership with manufacturers. If you made more or are comfortable preparing your own tax return, there's Free File Fillable Forms, the electronic versions of IRS paper forms. Visit www.irs.gov/freefile to review your options.
- Try IRS e-file. IRS e-file is the safe, easy and most common way to file a tax return. Last year, 79 percent of taxpayers — 106 million people — used IRS e-file. Many tax preparers are now required to use e-file. If you owe taxes, you have payment options to file immediately and pay by the tax deadline. Best of all, the IRS issues refunds to 98 percent of electronic filers by direct deposit within 14 days, if there are no problems, and some may be issued in as few as 10 days.
- Consider other filing options. There are many options for filing your tax return. You can prepare it yourself or go to a tax preparer. You may be eligible for free face-to-face help at a volunteer site. Give yourself time to weigh all the options and find the one that best suits your needs.
- Consider direct deposit. If you elect to have your refund directly deposited into your bank account, you'll receive it faster than a paper check in the mail.
- Visit the official IRS website often. The IRS website at www.irs.gov is a great place to find everything you need to file your tax return: forms, publications, tips, answers to frequently asked questions and updates on tax law changes.
- Remember this number: 17. Check out IRS Publication 17, Your Federal Income Tax, on the IRS website. It's a comprehensive resource for taxpayers, highlighting everything you'll need to know when filing your return.
- Review! Review! Review! Don't rush. We all make mistakes when we rush. Mistakes slow down the processing of your return. Be sure to double check all the Social Security numbers and math calculations on your return as these are the most common errors. Don't panic! If you run into a problem, remember the IRS is there to help.
How Do You Deposit a Check with Your Smartphone or Tablet?
Start by taking photos ... and taking precautions
From FDIC Consumer News
Did you know you can use a smartphone or tablet to deposit a check into your account from anywhere you can access your account remotely?
Simply endorse the check (just like you would at the ATM or teller), use your mobile device to snap a photo of the front and back, and deposit the check using the Washington Trust Mobile Banking app. This service is becoming more common and more popular with consumers. Still, there are potential costs and security risks.
Review and understand any policies and fees. You can find more information about Washington Trust's Mobile Check Deposit here. “For example, find out if there is a limit on the total dollar amount or number of checks that you can deposit via remote deposit capture (RDC) in a certain time period,” said Deborah Shaw, an FDIC senior technology specialist.
Additionally, you should determine how long the bank requires you to keep the original check after you deposit it using RDC.
Confirm when the funds from your deposited check will be made available to you. Federal rules allow banking institutions to put a temporary “hold” on certain deposits, and require institutions to provide disclosures to customers stating when their funds will be available for withdrawal. “If you do not find this information on the bank’s app or website, talk to an employee,” said Luke W. Reynolds, Chief of the FDIC’s Outreach and Program Development Section. “Also confirm the cutoff time for deposits to be considered received that day; this may not be the same as the bank’s normal closing time.”
Take steps to avoid potential problems. RDC creates the risk that a check could be deposited more than once. That could happen accidentally if, for example, a wife deposits a check electronically using RDC and then her spouse, not realizing that the check is already deposited, sees the paper check and deposits it at the bank. Or, a fraudster could steal a check, alter it and attempt to deposit the funds.
Shaw advises writing “for mobile deposit only” or “deposited” on the back of the paper check and securely storing the check for as long as required according to your bank’s policies. After the bank’s recommended retention period ends, RDC users should shred the paper check.
Always monitor your accounts. As you would if you were depositing money any other way, make sure deposits and other transactions have been properly posted to your account. “You can check your account online or through the mobile app,” Shaw said. “Your bank also may provide email alerts about changes in account balances or unusual activity on your account.”
She added that your bank also may be able to notify you by email or text message when RDC deposits are posted to your account or if there is a problem with a deposit.
For more help or information regarding Mobile Check Deposit, contact our Customer Solutions Center at (800) 475-2265.