Security Tips - Archives
January 2019 Security Tip
A Closer Look at Mobile Banking
What’s new, how you can benefit, and how to protect yourself from security risks
FDIC Consumer News
With advances in technology, financial institutions are now increasingly providing customers the ability to use mobile phones for banking transactions and to pay for just about anything from a retail purchase to a restaurant bill you’re splitting with friends. "Mobile phones provide opportunities for consumers to conduct their banking transactions and make payments from anywhere at any time," said FDIC Senior Technology Specialist Deborah Shaw. "This is a convenient and beneficial way for consumers to incorporate banking and shopping into their busy lives."
Consumer concerns about safety and security, however, continue to be cited in Federal Reserve Board (Fed) annual reports on mobile financial services (most recently from 2016) as reasons some people do not sign up. Here is the latest overview from FDIC Consumer News to help consumers better understand the current state of mobile financial services, how they might benefit, and how they can protect themselves against security risks.
While many people access their bank accounts by going to their bank, using the telephone or an ATM, or accessing services online with their personal computer, consumers are increasingly using their mobile banking options. That might involve text messaging the bank, accessing a bank's website, or using mobile applications (apps) to check account balances, retrieve account information or initiate financial transactions.
The Fed survey found that 43 percent of all mobile phone users with bank accounts had used mobile banking in the previous 12 months, up from 22 percent in the agency's 2011 survey. Among mobile banking users with smartphones (cell phones with internet connectivity), 53 percent with bank accounts used mobile banking in the previous 12 months.
"A mobile banking application makes it easy to transfer funds within your bank, perhaps to send money to a child's account there or to confirm if you have enough funds to make a purchase or pay a bill," added Ben Navarro, a policy analyst at the FDIC. "The mobile banking app can also often be used for payments across banks."
Mobile banking also can assist consumers in making informed decisions. According to the Fed survey, 62 percent of mobile banking users checked their account balance on their phone before making a large purchase in the store, and 50 percent decided not to purchase an item as a result of their account balance or credit limit.
As previously reported in the Summer 2016 FDIC Consumer News, consumers also can conveniently deposit checks from practically anywhere by transmitting an electronic image of each check and relevant information. Many consumers also are using high-tech wristwatches (called "smartwatches") to read bank alerts or to make purchases applied to their credit, debit or prepaid cards (the latter have money deposited on them but they are not linked to a checking or savings account).
For years, consumers have been using smartphones to make purchases at retailers' sales terminals and person-to-person or "P2P" payment services (mobile apps) to conduct everyday payment transactions among family or friends without exchanging cash or a check.
"One of the benefits of mobile P2P apps is that payments are typically initiated on a mobile device using the recipient's smartphone number or email address," Shaw noted. "In this way, a consumer does not have to give the recipient a bank account or card number in order to make a payment; this information remains behind the scenes."
What's changing recently is that there are increasingly more P2P mobile apps being offered by banks and nonbanks that provide consumers many choices. These apps are going beyond personal payments and including broader options for paying for goods and services at stores and other businesses. In 2017, banks began to offer a new service that enables U.S. mobile banking consumers to send funds from one bank account to another in minutes, using only a recipient's email address or mobile number on a mobile banking app. Some of these services offer recipients quicker access to their received (deposited) funds, typically within minutes during business days.
Here are some suggestions to help consumers be safe and secure as they use mobile banking and payment products and services:
Be proactive in how you protect the data on your mobile devices. Start by using "strong" passwords and PINs. If you're given the option to use more than your username and password to access your bank account or mobile apps on your phone – for example, if you can choose to receive a one-time passcode by email or text message that also will be needed to access a certain account or app – that will provide added security.
Avoid using an unsecured Wi-Fi network, often found in public places, such as coffee shops, because fraudsters might be able to access the information you are transmitting or viewing. Log out of your bank account or mobile app when it's not in use. Just like with your laptop, use a mobile security/anti-virus software and keep it updated.
Take additional precautions in case your device is misplaced, lost or stolen. Set the screen on your mobile phone to lock after a certain amount of time and use a PIN or password and/or a biometric indicator (for example, a fingerprint or facial recognition) to unlock your mobile phone. Likewise, use PINs or other security features enabled on your smartwatch, such as one that will lock the watch if it is not on your wrist or too far from your mobile phone. Don't store your PINs or passwords on your mobile phone or tape it to the underside of your smartwatch or mobile phone.
Consider signing up for transaction alerts from your credit card, bank and mobile app provider. These messages canhelp you identify unauthorized activity quickly. Alternatively, check your transactions regularly on your cards, bank account and mobile app website.
Research any mobile app before downloading and using it. "Make sure you are comfortable that the mobile app is from a reputable source," said Shaw. "Going to the bank's or company's website to find directions for downloading their app can help to ensure you are downloading a legitimate app."
Transaction alerts from your credit card, bank and mobile app provider … can help you identify unauthorized activity quickly.
Be on guard against fraudulent emails or text messages. These communications typically appear to be from a government agency or a legitimate business in order to trick you into divulging valuable personal information (including your birthday, Social Security number, passwords and PIN numbers) that can be used to commit identity theft. The emails and texts could also ask you to click on a link that will install malicious software on your mobile phone and enable the fraudster to gain access to your mobile banking apps.
"To protect yourself, never provide passwords, credit or debit card information, Social Security numbers and similar personal information in response to an unsolicited text message or email," said Michael Benardo, manager of the FDIC's Cyber Fraud and Financial Crimes Section. "If you have any questions regarding the legitimacy of an email or a text, call your bank or mobile app provider, or the business or government agency that claims to have sent the email or text, and be sure to use a phone number you have looked up on your own and not what is in the email or text in question."
Note: These messages are often called "phishing" emails and "smishing" text messages. Phishing is a term given to fraudulent emails "fishing" for valuable personal information, and "smishing" is a variation of that when referring to "Short Message Service" or "SMS" text messages. "Security experts for years have warned consumers about smishing scams, but as more people have smartphones, smishing is becoming more common," Benardo said.
December Security Tip
Fraud Against the Elderly: How You Can Spot and Prevent
FDIC Consumer Information
Each year millions of senior citizens are victimized by financial fraud or theft of money, property or valuable personal information. Often, an adult child or other relative is responsible. Other situations may involve trusted individuals such as caregivers, legal guardians, investment advisors or new "friends." And because the types of abuse may differ widely, it's important to take a variety of precautions. Here are suggestions for protecting yourself and your loved ones:
Choose an advisor carefully. If you're considering hiring a new broker, attorney, accountant or other professional, even someone recommended by a friend or relative, it's best to independently look into that person's background and reputation before investing money or paying for services. For example, you can confirm that this person is properly registered or licensed and has a clean record with regulators and other consumers. When in doubt about how to research this information, ask your state Attorney General's office or local consumer protection agency for guidance.
Make sure you not only understand the role an advisor will be playing, but trust that this individual will do what's best for you and your finances. Don't be afraid to ask questions or say no. After all, it's your money!
Be careful with powers of attorney. At some point, you may want to have a power of attorney, a legal document that authorizes another person to transact business on your behalf. While powers of attorney can be very helpful, be careful who you name as your representative. "Powers of attorney can be easily misused because they allow the appointed person to step into your shoes and do everything you can do, including taking money from your account and borrowing money in your name," warned Debi Hodes, an FDIC Consumer Affairs Specialist. "This is a matter to discuss with a lawyer who should prepare or review the document for you."
Protect your personal financial information. Never give out your bank account numbers, Social Security numbers, PINs (personal identification numbers), passwords or other sensitive information unless you initiate the contact. These requests may come from an unsolicited phone caller, letter writer, e-mailer or a person who shows up at your door. Be especially wary of someone who congratulates you about winning a (bogus) prize or lottery but first demands payment for taxes or other fees.
Also, keep your checkbook, account statements, and other sensitive information in a safe place. And shred paper documents containing sensitive information that is no longer needed.
Closely monitor your credit card and bank account activity. Review your account statements as soon as you receive them and look for unauthorized or suspicious transactions, which should be reported to your bank immediately.
Take your time when deciding on a major financial decision or investment. Make sure you understand the transaction and ask questions if you don't. If you need to, ask a lawyer or financial advisor to help you understand the documents and discuss what's best for you. "Walk away from anyone who says you must make a decision or otherwise do something right now," said Hodes.
Be aware of scams involving reverse mortgages. These loans enable homeowners age 62 or older to borrow money from the equity in their homes. However, reverse mortgages can be complex products with a variety of risks and costs, and there are many reports of schemes by unscrupulous individuals using deceptive offers and high-pressure tactics to steer senior citizens into using the funds from a reverse mortgage for inappropriate or costly loans or investments. For guidance on the responsible use of a reverse mortgage, including how to locate a lender or a housing counselor approved by the U.S. Department of Housing and Urban Development's Federal Housing Administration, start here or call 1-800-569-4287.
Finally, here are additional tips:
- Beware of callers asking for money or information. If you'd like to reduce the number of telemarketing calls you receive, consider signing up for the national Do Not Call Registry (call 1-888-382-1222 or visit www.donotcall.gov). If you are on this list, be suspicious of calls from any company or organization that you have reason to believe is not eligible to contact you under the registry's rules.
- Don't comply with requests from strangers to deposit a check into your account (perhaps as part of an Internet sale) and wire some or all of it back. "If you send the money and the check is counterfeit, you may be held responsible by your financial institution for the losses," said Michael Benardo, Chief of the FDIC's Cyber-Fraud and Financial Crimes Section.
- If you use social media, many security experts advise against posting the names of relatives and anyone's home address, full date of birth and daily activities because those can be valuable to a thief. "A scam on the rise involves con artists who look for personal information on the Internet that they can use to call or e-mail an elderly person and pretend to be a relative in distress — such as a grandchild being injured, in jail or lost in a foreign country — and needing money sent fast, without telling anyone else in the family," added Benardo. "They may also represent themselves as a lawyer or law enforcement agent needing money to help your relative."
November Security Tip
Mobile Wallet Services Protection
Federal Communications Commission
Consumers are increasingly using their smartphones, tablets and other mobile devices as "mobile wallets" to pay for goods and services, downloading software that allows them to complete both mobile and in-person transactions. As the use of mobile wallet services increases, consumers need to protect their smartphones, mobile wallet applications, associated data, and mobile wallet services from theft and cyber-attacks.
How to Safeguard Your Mobile Wallet Smartphone
- Consider your surroundings and use your smartphone or mobile device discreetly.
- Do not use mobile wallet services to conduct financial transactions over an unsecured Wi-Fi network.
- Never leave your smartphone unattended in a public place. Don't leave it visible in an unattended car; lock it up in the glove compartment or trunk.
- The police may need your smartphone's unique identifying information if it is stolen or lost. Write down the make, model number, serial number, and unique device identification number (either the International Mobile Equipment Identifier (IMEI) or the Mobile Equipment Identifier (MEID) number). Some phones display the IMEI/MEID number when you dial *#06#. The IMEI/MEID can also be found on a label located beneath the phone's battery or on the box that came with your phone.
- Review the service agreement for the financial account used in your mobile wallet to find out what will happen and who to contact if your smartphone is stolen or lost, or if your mobile wallet application is hacked.
- Monitor the financial account used in your mobile wallet for any fraudulent charges.
- Choose a unique password for your mobile wallet. Should your smartphone be lost or stolen, this may help protect you from both unwanted charges and from theft and misuse of your personal data.
- Install and maintain security software. Apps are available to:
- Locate your smartphone from any computer;
- Lock your smartphone to restrict access;
- Wipe sensitive personal information and mobile wallet credentials from your smartphone; and
- Make your smartphone emit a loud sound ("scream") to help you or the police locate it.
- Adjust your "locked screen" display to show your contact information so that your smartphone may be returned to you if found.
- Be careful about what information you store. Social networking and other apps may pose a security risk and allow unwanted access to your personal information and mobile wallet data.
What to Do if Your Mobile Wallet Smartphone Is Stolen
If you are not certain whether your smartphone or mobile device has been stolen or if you have simply misplaced it, attempt to locate the smartphone by calling it or by using the security software's GPS locator. Even if you may have only lost the smartphone, you should remotely lock it to be safe.
If you have installed security software on your smartphone, use it to lock the device, wipe sensitive personal information, and/or activate the alarm.
Immediately report the theft or loss to your wireless carrier. You will typically be responsible for any charges incurred prior to when you report the stolen or lost smartphone. If you provide your carrier with the IMEI or MEID number, your carrier may be able to disable your smartphone, your mobile wallet services, and block access to your personal information and sensitive mobile wallet data. Request written confirmation from your carrier that you reported the smartphone as missing and that the smartphone was disabled.
If your smartphone or mobile device was stolen, also immediately report the theft to the police, including the make and model, serial and IMEI or MEID number. Some carriers require proof that the smartphone was stolen, and a police report can provide that documentation.
If you are unable to lock your stolen or lost smartphone, change all of your passwords for mobile wallet services and banking accounts that you have accessed using your smartphone service.
For more information about what to do if your wireless device is lost or stolen, and contact information for service providers, go to: www.fcc.gov/guides/stolen-and-lost-wireless-devices
October Security Tip
When a Criminal's Cover Is Your Identity: Minimizing the Risk of Identity Theft
From FDIC Consumer News
Your good name and reputation are among your most valuable assets. Unfortunately, criminals know the value of a good name and reputation, too. That's why increasing numbers of con artists are “stealing” identities. They typically start by using theft or deception to learn a person's Social Security number, date of birth or other personal information. Armed with those details, the perpetrators can open credit card accounts, make purchases, take out loans, or make counterfeit checks and ATM cards in your name. In effect, the crook becomes you to commit fraud or theft.
Federal and state laws plus banking industry practices may limit your losses from identity theft, also known as ID theft. Under the Truth in Lending Act, if a crook opened a credit card account in your name and ran up thousands of dollars in charges, the most you'd owe is $50—and many creditors will agree to excuse you of all liability. Still, innocent victims are likely to face long hours (and sometimes years) closing tarnished accounts and opening new ones, fixing credit records, and otherwise cleaning up the damage. They may even be denied loans, jobs and other opportunities because an identity theft ruined their reputation and credit rating.
Here are things you can do to minimize your risk of becoming a victim of ID theft:
Protect your Social Security number, credit card numbers, account passwords and other personal information. Never divulge this kind of information unless you initiate the contact with a person or company you know and trust. A con artist can use these details and a few more, such as your mother's maiden name, to withdraw money from your bank or order credit cards or checks in your name. If you get an unsolicited offer that sounds too good to be true and asks for bank account numbers and other personal information before you receive anything in return, this is probably a scam. Likewise, if a caller claims to represent your financial institution, the police department or some similar organization and asks you to "verify" (reveal) confidential information, hang up fast. Real bankers and government investigators don't make these kinds of calls.
Keep thieves from turning your trash into their cash. Thieves known as “dumpster divers” pick through garbage looking for credit card applications and receipts, canceled checks, bank statements, expired charge cards and other documents or information they can use to counterfeit or order new checks or credit cards. Before putting these items in the garbage bin, tear them up as best you can. Any paper you don't need that contains private information should be shredded.
Pay attention to your bank account statements and credit card bills. Contact your financial institution immediately if there's a discrepancy in your records or if you notice something suspicious, such as a missing payment or an unauthorized withdrawal. While federal and state laws may limit your losses if you're victimized by a bank fraud or theft, sometimes your protections are stronger if you report the problem quickly and in writing.
Review one or more of your credit reports approximately once a year. Your credit reports (prepared by credit bureaus) will include identifying information such as your name, address, Social Security number and date of birth, as well as details about credit cards and loans in your name. Make sure each report you obtain is accurate, and that includes monitoring it for unauthorized bank accounts, credit cards and purchases. Under federal law, you can get at least one free report from each of the nationwide credit bureaus every 12 months. To order your free annual reports from the three major credit bureaus — Equifax, Experian and TransUnion — visit www.AnnualCreditReport.com or call toll-free 1-877-322-8228.
Don't let ID theft take on a life of its own — yours. If someone is using your personal information to cash in on your name, visit www.identitytheft.gov, the federal government’s one-stop resource to help people report and recover from ID theft.
August Security Tip
7 Tips for Hurricane Preparedness
From American Bankers' Association
ABA is encouraging consumers to prepare for hurricane season by assessing their home’s risk and developing emergency plans to protect against a potential storm.
Assemble an emergency kit. The emergency kit should include first aid supplies, a flashlight, extra batteries, at least three days of non-perishable foods and water, towels and a supply of any necessary medications. Stay informed of the storm’s path and progress by monitoring Wireless Emergency Alerts via text message and having a battery-powered radio or TV available.
Develop a family communications plan. Know how you will contact one another; how you will get back together, if separated; and what you will do in different situations. Having a plan can eliminate some of the stress and confusion.
Establish an evacuation route. Prior to a storm, contact your local American Red Cross to locate the shelter nearest you or download their Shelter Finder App. Identify the safest route to get there. Be sure to check if your local emergency shelter allows animals and family pets.
Secure your home. Outdoor furniture and other objects can pose a potential hazard. Turn off propane tanks and other utilities if instructed to do so by emergency personnel.
Protect financial documents.In the event of a disaster, you will need identification and financial documents to begin the recovery process. Safeguard important documents in a bank safety deposit box, computer storage devices (USB drive, CD/DVD), and/or waterproof storage containers, including:
- Personal identification (driver’s licenses, birth certificates, military IDs, passports, etc.)
- Financial account information (checking, savings, retirement and investment accounts, credit/debit cards).
- Insurance policies on all personal property, including appraisals and lists and photos of valuable items.
- Ownership or leasing documentation for homes and vehicles (deeds, titles, registrations, rental agreements, etc.)
- All health and medical insurance documentation.
Know the details of your insurance policy. Talk with your agent to determine if you have adequate coverage or if you need to reassess your plan. This is especially important if your property’s flood map has changed.
For more resources, visit theFEMA site: http://www.ready.gov/hurricanes.
July 2018 Security Tip
How to Avoid a ‘Card Cracking’ Scam
From American Bankers' Association
Banks and law enforcement are cracking down on an emerging scam known as “card cracking.” Card cracking is a form of fraud where consumers respond to an online solicitation for “easy money” and provide a debit card for withdrawal of fake check deposits. Criminals use social media platforms like Facebook, Twitter, or Instagram to solicit consumers, often targeting people between the ages of 19 and 25 years-old, as well as college students, newly enlisted military and single parents.
Customers who respond to these solicitations, now accomplices, provide a debit card, PIN and online credentials to give the criminal direct access to their account. The fraudster deposits worthless checks using mobile deposit and immediately withdraws the funds at an ATM. The customer then calls to report a stolen card or compromised credentials. The bank reimburses the customer for funds lost and the criminal provides the customer with a cut of the money withdrawn using worthless checks.
- Do not respond to online solicitations for “easy money.” Card cracking advertisements will suggest that this is a quick, safe way to earn extra cash. Keep in mind that easy money is rarely legal money.
- Never share your account and PIN number. Keep this information private at all times. By sharing it with others, you expose yourself to potential fraud.
- Do not file false fraud claims with your bank. By filing a false claim, you are a co-conspirator to fraud. Banks’ detection techniques for card cracking are constantly improving and suspicious claims will be investigated.
- Report suspicious posts linked with scams. If you notice postings that appear to be linked with a possible scam, report them to the social media site. There is usually a drop down menu near the post to allow for easy reporting.
Check back next month for more tips and tricks to protect your financial information.
June 2018 Security Tip
Protecting Your Small Biz Account
From American Bankers' Association
Corporate account takeover is a type of fraud where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable. The American Bankers Association recommends following these tips to keep your small business safe.
- Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
- Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised.
- Keep records of what happened.
- Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.
Check back next month for more tips and tricks to protect your financial information.
May 2018 Security Tip
Protecting Your Identity
From American Bankers' Association
Identity theft continues to be one of the fastest growing crimes in the United States. In 2013, an American fell victim to identity fraud every two seconds. ABA recommends following these tips to keep your information – and your money – safe.
- Don't share your secrets Don’t provide your Social Security number or account information to anyone who contacts you online or over the phone. Protect your PINs and passwords and do not share them with anyone. Use a combination of letters and numbers for your passwords and change them periodically. Do not reveal sensitive or personal information on social networking sites.
- Shred sensitive papers Shred receipts, banks statements and unused credit card offers before throwing them away.
- Keep an eye out for missing mail Fraudsters look for monthly bank or credit card statements or other mail containing your financial information. Consider enrolling in online banking to reduce the likelihood of paper statements being stolen. Also, don’t mail bills from your own mailbox with the flag up.
- Use online banking to protect yourself Monitor your financial accounts regularly for fraudulent transactions. Sign up for text or email alerts from your bank for certain types of transactions, such as online purchases or transactions of more than $500.
- Monitor your credit report Order a free copy of your credit report every four months from one of the three credit reporting agencies at annualcreditreport.com.
- Protect your computer Make sure the virus protection software on your computer is active and up to date. When conducting business online, make sure your browser’s padlock or key icon is active. Also look for an “s” after the “http” to be sure the website is secure.
- Report any suspected fraud to your bank
Check back next month for more tips and tricks to protect your financial information.
April 2018 Security Tip
Beware of ATM, Debit and Credit Card ‘Skimming’ Schemes
How to help protect yourself from high-tech thieves who steal account information
From FDIC Consumer News
You may have heard in the news that automated teller machines (ATMs) are being targeted by criminals who secretly attach high-tech devices to the machines in order to record consumers' keystrokes and steal or, as it is sometimes called, "skim" personal identification numbers (PINs) along with credit or debit card account numbers. In addition, criminals are known to add similar devices to credit or debit card readers at checkout registers, especially at gas stations, convenience stores or other merchants where customers may be in a hurry and not notice or take the time to report something suspicious.
"Security experts and law enforcement officials warn that card skimming is present in many communities," said Michael Benardo, manager of the FDIC's Cyber Fraud and Financial Crimes Section. "With the information that can be skimmed, a thief can go on an online shopping spree or sell that valuable data to other con artists."
And how do thieves retrieve the data they gather? Some return to the scene of the crime to remove their devices, while others can communicate electronically with their hardware using a laptop or mobile phone and wireless connections.
Through the years, FDIC Consumer News has warned readers to be on the lookout for keystroke-recording devices on ATMs or checkout registers.
Here's a reminder of the different kinds of skimming devices and what to look for:
- Card-reader overlays: The most common ATM skimmer, and perhaps the easiest device to detect, is the card-reader overlay. It is made of plastic and fits over the slot where you insert your card. As you insert your card, the device reads the data from your card and stores it. How can you tell if there's an overlay hiding an illegal card reader? "Before inserting your card, look at the card reader for signs it has been altered," said Amber Holmes, a financial crimes information specialist with the FDIC. "Be suspicious if your card doesn't easily go into the machine or if the card reader appears loose, crooked or damaged, or if you notice scratches, glue, adhesive tape or other possible signs of tampering."
- Hidden cameras: While banks typically have security cameras near their ATMs to keep an eye on the area, thieves sometimes hide tiny cameras on or around ATMs. "If positioned correctly, a brochure holder on an ATM is the perfect place to hide a mini-camera that can record PIN numbers as customers type them," warned Benardo. "Also check for tiny holes in the ATM housing or in something else that looks like it was hastily stuck onto the ATM to cover a small camera."
- PIN-capture overlays: Criminals have been known to attach dummy keypads over an ATM's real keypad to record and capture PIN numbers as they are entered. The keypad might be fake if it looks too thick or different from what you're used to seeing.
- Fake ATM faceplates: Some thieves go as far as placing a fake ATM cover that could contain card-reader overlays, hidden cameras and PIN-capture overlays over some or all of a real, fully operating machine. "The best way to determine if an ATM has a false cover is to look for flaws like loose wires, seams that are not flush and slots or keypads that look out of place," said Holmes.
What should you do if you believe your debit or credit card account has been compromised?
There are consumer protection regulations that can help. For example, the Electronic Funds Transfer Act (EFTA) and the Consumer Financial Protection Bureau's (CFPB's) "Regulation E" limit a consumer's liability for losses from unauthorized transactions using his or her ATM or debit card or card numbers. If your debit card or the card number is used to make an unauthorized withdrawal from a checking or savings account, you can minimize your losses by contacting your bank as soon as possible. Your maximum liability under the EFTA is $50 if you notify your bank within two business days after learning of the loss. If you wait longer, you could lose more, according to the law. If it's your credit card number that is used without your authorization, your liability is normally capped by the Truth in Lending Act (TILA) and the CFPB's "Regulation Z" at $50 for all unauthorized transactions, and remaining credit card losses are typically absorbed by the card issuer.
"Even consumers who know the telltale signs of a skimming device may inadvertently use an ATM or a sales terminal that has been tampered with. That's why it's great to know that there are consumer protections available," said Tracie Greenway Morris, an FDIC senior community affairs specialist.
Some other worthwhile precautions you can take include:
- Do not use an ATM or a credit or debit card reader if anything looks suspicious, such as loose or extra parts. Alert the machine owner or the police immediately.
- Avoid ATMs in remote places, especially if the area is not well lit or not visible to security cameras and the general public. "ATMs in secluded locations are more likely to be altered," Benardo said.
- Go elsewhere if you see a sign directing you to only one of multiple ATMs in a location. It could be the machine that was tampered with by a crook.
- Shield the keypad with your hand when typing your PIN at the ATM or a retailer's checkout area. Doing so won't protect you from skimmers who use keypad overlays, but it will block the view of a hidden camera.
- Regularly check your bank and credit card accounts for unauthorized transactions, even small transactions that you think might not be worth reporting to your bank. "Thieves might make low-dollar withdrawals or charges as a way to test a counterfeit debit or credit card before they use it for big-dollar transactions," Holmes explained. "If you spot a potential problem, notify your bank as quickly as possible."
Check back next month for more tips and tricks to protect your financial information.
March 2018 Security Tip
Beware of Malware: Think Before You Click!
From FDIC Consumer News
Malicious software — or “malware” for short — is a broad class of software built with malicious intent. “You may have heard of malware being referred to as a ‘computer bug’ or ‘virus’ because most malware is designed to spread like a contagious illness, infecting other computers it comes into contact with,” said Michael Benardo, manager of the FDIC’s Cyber Fraud and Financial Crimes Section. “And if you don’t protect your computer, it could become infected by malware that steals your personal financial information, spies on you by capturing your keystrokes, or even destroys data.”
Law enforcement agencies and security experts have seen an increase in a certain kind of malware known as “ransomware,” which restricts someone’s access to a computer or a smartphone — literally holding the device hostage — until a ransom is paid. While businesses have been targeted more than consumers to date, many home computer users have been victims of ransomware.
The most common way malware spreads is when someone clicks on an email attachment — anything from a document to a photo, video or audio file. Criminals also might try to get you to download malware by including a link in the wording of an email or in a social media post that directs you somewhere else, often to an infected file or web page on the Internet. The link might be part of a story that sounds very provocative, such as one with a headline that says, “How to Get Rich” or “You Have to See This!”
Malware also can spread across a network of linked computers, be downloaded from an infected website, or be passed around on a contaminated portable storage device, such as a thumb drive or flash drive.
Here are reminders, plus additional tips on how to generally keep malware off your computer.
Don’t immediately open email attachments or click on links in unsolicited or suspicious-looking emails. Think before you click! Cybercriminals are good at creating fake emails that look legitimate but can install malware. Either ignore unsolicited requests to open attachments or files or independently verify that the supposed source did send the email to you (by using a published email address or telephone number). “Even if the attachment is from someone you know, consider if you really need to open the attachment, especially if the email looks suspicious,” added Benardo.
Install good anti-virus software that periodically runs to search for and remove malware. Make sure to set the software to update automatically and scan for the latest malware.
Be diligent about using spam (junk mail) filters provided by your email provider. These services help block mass emails that might contain malware from reaching your email inbox.
Don’t visit untrusted websites and don’t believe everything you read. Criminals might create fake websites and pop-ups with enticing messages intended to draw you in and download malware. “Anyone can publish information online, so before accepting a statement as fact or taking action, verify that the source is reliable,” warned Amber Holmes, a financial crimes information specialist with the FDIC. “And please, don’t click on a link to learn more. If something sounds too good to be true, then most likely it’s fraudulent or harmful.”
Be careful if anyone — even a well-intentioned friend or family member — gives you a disk or thumb drive to insert in your computer. It could have hidden malware on it. “Don’t access a disk or thumb drive without first scanning it with your security software,” said Holmes. “If you are still unsure, don’t take a chance.”
February 2018 Security Tip
Protecting Your Mobile Device
Your mobile device provides convenient access to your email, bank and social media accounts. Unfortunately, it can potentially provide the same convenient access for criminals. The American Bankers Association recommends following these tips to keep your information – and your money – safe.
- Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.
- Log out completely when you finish a mobile banking session.
- Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.
- Use caution when downloading apps. Apps can contain malicious software, worms, and viruses. Beware of apps that ask for unnecessary “permissions” and delete unused or rarely used apps.
- Download the updates for your phone and mobile apps.
- Avoid storing sensitive information like passwords or a social security number on your mobile device.
- Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you’re punching in sensitive information.
- Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
- Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don’t know. And be wary of ads (not from your security provider) claiming that your device is infected.
- Watch out for public Wi-Fi. Public connections aren't very secure, so don’t perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network.
- Report any suspected fraud to immediately.
January 2018 Security Tip
Taking Charge of Smartphone Safety
It may be small enough to fit in the palm of your hand, but the part it plays in your daily life is huge. It's your smartphone — and your connection to your prized photos, important calendar dates, and the phone numbers of nearly everyone you know. Most of us don't realize how vital our smartphones are to our lives until we lose them or they are no longer functioning. That's why it's so important to make protecting your smartphone — and the personal information it holds — a priority. Here are some tips:
- Use a Password or PIN. Your smartphone is great in your hands, but in someone else's hands, it could be dangerous, especially if you have personal or financial information easily accessible. To protect yourself, set a PIN or password on your phone.
- Regularly update your operating system. Although downloading updates on your operating system may be inconvenient at times, it's an easy way to ensure you have the latest security features on your device.
- Buy safe apps. Be sure to purchase apps from companies you know and trust.
- Avoid public charging stations. When you're out and about and your battery is low, it's tempting to charge your phone at public charging stations often available at airports and malls. Connecting your phone to these public ports can put your phone at risk for a data breach from a hacker. It's much safer to invest in a portable battery charger.
- Watch your wireless and Bluetooth connections. If you want to save money on your data usage fees, you'll likely want to connect to wireless networks. However, public wireless networks can present a serious security risk. One way to protect yourself is to switch off a wireless connection if you are not using it. You should do the same with your Bluetooth connection. You'll not only protect yourself, but also conserve your battery.
One of the smartest moves you can make to protect the information on your device is to regularly back up your data. That way if the unthinkable happens – you get separated from your smartphone — you'll still have access to the information you need.
Check back next month for more tips and tricks to protect your financial information.
December 2017 Security Tip
Tips for Shopping Online
Federal Trade Commission Consumer Information
The holiday season is in full swing. As you join the ranks of online shoppers, be sure to keep your personal and financial information safe.
Know who you're dealing with.
Anyone can set up shop online under almost any name. Confirm the online seller's physical address and phone number in case you have questions or problems. And if you get an email or pop-up message that asks for your financial information while you’re browsing, don't reply or follow the link. Legitimate companies don't ask for information that way.
Know what you're buying.
Read the seller's description of the product closely, especially the fine print. Words like "refurbished," "vintage," or "close-out" may indicate that the product is in less-than-mint condition, while name-brand items with bargain basement prices could be counterfeits.
Know what it will cost.
Check out websites that offer price comparisons and then compare "apples to apples." Factor shipping and handling into the total cost of your purchase. Do not send cash or money transfers under any circumstances.
Check out the terms of the deal, like refund policies and delivery dates.
Can you return the item for a full refund if you're not satisfied? If you return it, who pays the shipping costs or restocking fees, and when you will get your order? A Federal Trade Commission (FTC) rule requires sellers to ship items as promised or within 30 days after the order date if no specific date is promised. Many sites offer tracking options, so you can see exactly where your purchase is and estimate when you’ll get it.
Pay by credit card.
If you pay by credit or charge card online, your transaction will be protected by the Fair Credit Billing Act. Under this law, you can dispute charges under certain circumstances and temporarily withhold payment while the creditor investigates them. In the event that someone uses your credit card without your permission, your liability generally is limited to the first $50 in charges. Some companies guarantee that you won’t be held responsible for any unauthorized charges made to your card online; some cards provide additional warranty, return, and purchase protection benefits.
Print or save records of your online transactions, including the product description and price, the online receipt, and the emails you send and receive from the seller. Read your credit card statements as you receive them; be on the lookout for charges that you don’t recognize.
Protect Your Information
Don't email any financial information. Email is not a secure method of transmitting financial information like your credit card, checking account, or Social Security number. If you begin a transaction and need to give your financial information through an organization's website, look for indicators that the site is secure, like a URL that begins "https" (the "s" stands for secure). Unfortunately, no indicator is foolproof; some fraudulent sites have forged security icons.
November 2017 Security Tip
Don't Fall Victim to the "Grandparent" Scam
ABA Consumer News
In 2016, the Federal Trade Commission received more than 400,000 complaints from consumers reporting that they’d been exposed to impersonation scams. The “grandparent scam” is one type that deliberately targets older Americans.
To commit this crime, fraudsters call claiming to be a family member in serious trouble and in need of money immediately. The scammer might say he’s stranded or has been mugged, and call in the middle of the night to add to the urgency and confusion. Once the money is wired, the victim later finds out that it wasn’t their grandchild they were helping, it was a criminal.
- Confirm the caller. Fraudsters are using social networking sites to gain the personal information of friends and relatives to carry out their crimes. Verify the caller by calling them back on a known number or consult a trusted family member before acting on any request.
- Don’t be afraid to ask questions. Fraudsters want to execute their crimes quickly. In this type of scam, they count on fear and your concern for your loved one to make you act before you think. The more questions you ask the more inclined they will be to ditch the scam if they suspect you’re on to them.
- Never give personal information to anyone over the phone unless you initiated the call and the other party is trusted.
- Never rush into a financial decision and trust your instincts. Don’t be fooled—if something doesn’t feel right, it may not be right. Feel free to say no and get more information before you send money to someone.
For more information, please visit www.aba.com/seniors.
Check back next month for more tips and tricks to protect your financial information.
October 2017 Security Tip
A Cyber Security Checklist
FDIC Consumer News
Reminders about 10 simple things bank customers can do to help protect their computers and their money from online criminals.
- Have computer security programs running and regularly updated to look for the latest threats. Install anti-virus software to protect against malware (malicious software) that can steal information such as account numbers and passwords, and use a firewall to prevent unauthorized access to your computer.
- Be smart about where and how you connect to the Internet for banking or other communications involving sensitive personal information. Public Wi-Fi networks and computers at places such as libraries or hotel business centers can be risky if they don't have up-to-date security software.
- Get to know standard Internet safety features. For example, when banking or shopping online, look for a padlock symbol on a page (that means it is secure) and "https://" at the beginning of the Web address (signifying that the website is authentic and encrypts data during transmission).
- Ignore unsolicited emails asking you to open an attachment or click on a link if you're not sure it's who truly sent it and why. Cybercriminals are good at creating fake emails that look legitimate, but can install malware. Your best bet is to either ignore unsolicited requests to open attachments or files or to independently verify that the supposed source actually sent the email to you by making contact using a published email address or telephone number.
- Be suspicious if someone contacts you unexpectedly online and asks for your personal information. A safe strategy is to ignore unsolicited requests for information, no matter how legitimate they appear, especially if they ask for information such as a Social Security number, bank account numbers and passwords.
- Use the most secure process you can when logging into financial accounts. Create "strong" passwords that are hard to guess, change them regularly, and try not to use the same passwords or PINs (personal identification numbers) for several accounts.
- Be discreet when using social networking sites. Criminals comb those sites looking for information such as someone's place of birth, mother's maiden name or a pet's name, in case those details can help them guess or reset passwords for online accounts.
- Be careful when using smartphones and tablets. Don't leave your mobile device unattended and use a device password or other method to control access if it's stolen or lost.
- Parents and caregivers should include children in their cybersecurity planning. Talk with your child about being safe online, including the risks of sharing personal information with people they don't know, and make sure the devices they use to connect to the Internet have up-to-date security.
- Small business owners should have policies and training for their employees on topics similar to those provided in this checklist for customers, plus other issues that are specific to the business. For example, consider requiring more information beyond a password to gain access to your business's network, and additional safety measures, such as requiring confirmation calls with your financial institution before certain electronic transfers are authorized.
September 2017 Security Tip
Financial Readiness in an Emergency
Unfortunately, the news in recent months has been full of headlines about natural disasters across the country. Home is where most people feel safe and comfortable. But sometimes when a hurricane, flood, tornado, wildfire, or other disaster strikes it's safest to pack up and go to another location.
When it comes to preparing for situations like weather emergencies, financial readiness is as important as a flashlight with fully charged batteries. Leaving your home can be stressful, but knowing that your financial documents are up-to-date, in one place, and portable can make a big difference at a difficult time.
Here are some tips for financial readiness in case of an emergency:
Conduct a household inventory. Make a list of your possessions and document it with photos or a video. This could help if you are filing insurance claims. Keep one copy of your inventory in your home on a shelf in a lockable, fireproof file box; keep another in a safe deposit box or other secure location.
Buy a lockable, fireproof file box. Place important documents in the box; keep the box in a secure, accessible location on a shelf in your home so that you can "grab it and go" if the need arises. Among the contents:
- your household inventory
- a list of emergency contacts, including family members who live outside your area
- copies of current prescriptions
- health insurance cards or information
- policy numbers for auto, flood, renter's, or homeowner's insurance, and a list of telephone numbers of your insurance companies
- copies of other important financial and family records (or notes about where they are) including deeds, titles, wills, birth and marriage certificates, passports, and relevant employee benefit and retirement documents. Except for wills, keep originals in a safe deposit box or some other location. If you have a will, ask your attorney to keep the original document.
- a list of phone numbers or email addresses of your creditors, financial institutions, landlords, and utility companies (sewer, water, gas, electric, telephone, cable)
- a list of bank, loan, credit card, mortgage, lease, debit and ATM, and investment account numbers
- Social Security cards
- backups of financial data you keep on your computer
- an extra set of keys for your house and car
- the key to your safe deposit box
- a small amount of cash or traveler's checks (financial institutions or ATMs may be closed)
Consider renting a safe deposit box for storage of important documents. Original documents to store in a safe deposit box might include:
- deeds, titles, and other ownership records for your home, autos, RVs, or boats
- credit, lease, and other financial and payment agreements
- birth certificates, naturalization papers, and Social Security cards
- marriage license/divorce papers and child custody papers
- passports and military papers (if you need these regularly, you could place the originals in your fireproof box and a copy in your safe deposit box)
- appraisals of expensive jewelry and heirlooms
- certificates for stocks, bonds, and other investments and retirement accounts trust agreements
- living wills, powers of attorney, and health care powers of attorney insurance policies
- home improvement records
- household inventory documentation
- a copy of your will
Choose an out-of-town contact. Ask an out-of-town friend or relative to be the point of contact for your family, and make sure everyone in your family has the information. After some emergencies, it can be easier to make a long distance call than a local one.
Update all your information. Review the contents of your household inventory, your fireproof box, safe deposit box, and the information for your out-of-town contact at least once a year.
August 2017 Security Tip
Advanced Password Tips and Tricks
Federal Trade Commission Consumer Information
Time to create another password? Make it a secure one. A little extra attention when you create a strong password can prevent an attacker from getting access to your account.
Your password should be long, complex, and unique. Here are additional steps you can take to help create strong passwords and secure your accounts:
- Avoid common words, phrases, or information. Don't use information available to others like your birthday, phone number, or Social Security number. Attackers often use a dictionary of previously exposed passwords and information gathered from the internet to help them guess a password.
- Change passwords quickly if there is a breach. Attackers who steal data from companies often obtain password information. If you receive a notification from a company about a possible breach, change that password and any account that uses a similar password immediately.
- Consider a password manager. Most people have trouble keeping track of all their passwords. Consider storing your passwords and security questions in a password manager, an easy-to-access application that allows you store all your valuable password information in one place. Use a strong password to secure the information in your password manager.
What about security questions? If you forget your password, many companies require you to answer security questions to regain access. Here are some tips to make sure an attacker can't use your security questions as a way to get into your account:
- Select security questions where only you know the answer. Many security questions ask for answers to information available in public records or online, like your zip code, mother's maiden name, birth place. That is information a motivated attacker can obtain.
- Don't use answers to security questions that can be guessed. An attacker can guess the answer to a security question that has a limited number of responses (dates, colors, states, countries). Avoid questions like "What state were you born in?" or "What color was your first car?" which allow an attacker to guess all possible answers.
- Don't give a generic answer to a security question. Find an answer to a security question that you will remember but is also more complicated than a generic word. For example, if the security question asks "What is your favorite childhood memory?" the answer "watching the Dodgers with my mom" is more secure than "baseball."
July 2017 Security Tip
10 Scams Targeting Bank Customers
From FDIC Consumer News - Summer 2017
The FDIC often hears from bank customers who believe they may be the victims of financial fraud or theft, and our staff members provide information on where and how to report suspicious activity. To help further, FDIC Consumer News includes crime prevention tips in practically every issue. As part of that coverage, we feature here a list of 10 scams that you should be aware of, plus key defenses to remember.
- Government “imposter” frauds: These schemes often start with a phone call, a letter, an email, a text message or a fax supposedly from a government agency, requiring an upfront payment or personal financial information, such as Social Security or bank account numbers.
“They might tell you that you owe taxes or fines or that you have an unpaid debt. They might even threaten you with a lawsuit or arrest if you don’t pay,” said Michael Benardo, manager of the FDIC’s Cyber Fraud and Financial Crimes Section. “Remember that if you provide personal information it can be used to commit fraud or be sold to identity thieves. Also, federal government agencies won’t ask you to send money for prizes or unpaid loans, and they won’t ask you to wire money to pay for anything.”
- Debt collection scams: Be on the lookout for fraudsters posing as debt collectors or law enforcement officials attempting to collect a debt that you don’t really owe. Red flags include a caller who won’t provide written proof of the debt you supposedly owe or who threatens you with arrest or violence for not paying.
- Fraudulent job offers: Criminals pose online or in classified advertisements as employers or recruiters offering enticing opportunities, such as working from home. But if you’re required to pay money in advance to “help secure the job” or you must provide a great deal of personal financial information for a “background check,” those are red flags of a potential fraud.
Another variation on this scam involves fake offers of part-time jobs as “mystery shoppers,” who are people paid to visit retail locations and then submit confidential reports about the experience. In an example of the fraudulent version, your job might be to receive a $500 check, go “undercover” to your bank, deposit the check into your account there, and then report back about the service provided. But you also would be instructed to immediately wire your new “employer” $500 out of your bank account to cover the check you just deposited. Days later, the bank will inform you that the check you deposited is counterfeit and you just lost $500 to thieves. One warning sign of this type of scam is that the potential employer requires you to have a bank account.
- “Phishing” emails: Scam artists send emails pretending to be from banks, popular merchants or other known entities, and they ask for personal information such as bank account numbers, Social Security numbers, dates of birth and other valuable details. The emails usually look legitimate because they include graphics copied from authentic websites and messages that appear valid.
“We have also seen emails with links to fake websites that are exact copies of real websites for FDIC-insured banks, except the web addresses are slightly different than the real ones,” said Doreen Eberley, director of the FDIC’s Division of Risk Management Supervision, which is in charge of the agency’s policies and programs related to financial crimes. “These sites are used to trick people into giving up valuable personal information that can be used to commit identity theft.”
- Mortgage foreclosure rescue scams: Today, many homeowners who are struggling financially and risk losing their homes may be vulnerable to false promises to refinance a mortgage under better terms or rates. But borrowers should always be on the lookout for scammers who falsely claim to be lenders, loan servicers, financial counselors, mortgage consultants, loan brokers or representatives of government agencies who can help avoid a mortgage foreclosure and offer a great deal at the same time. These criminals will present homeowners with what sounds like the life-saving offer they need. Instead, the homeowner is required to pay significant upfront fees or, even worse, tricked into signing documents that, in the fine print, transfer the ownership of the property to the criminal involved. Common warning signs of fraudulent mortgage assistance offers include a “guarantee” that foreclosure will be avoided and pressure to act fast.
- Lottery scams: You might be told you won a lottery (typically one that you never entered) and asked to first send money to the “lottery company” to cover certain taxes and fees. Similar examples involve bogus prize winnings and sweepstakes. “In one example, a scammer sent a letter to people using falsified FBI and FDIC letterhead telling them they won a popular, well-known lottery but that they needed to send money by wire transfer to a lottery ‘official’ in order to secure the winnings,” Benardo said. “The ‘official’ was really a crook hoping to trick people into sending money.”
- Elder frauds: Thieves sometimes target older adults to try to cheat them out of some of their life savings. For example, telemarketing scams may involve sales of bogus products and services that will never be delivered. Warning signs include unsolicited phone calls asking for a large amount of money before receiving the goods or services, and special offers for senior citizens that seem too good to be true, like an investment “guaranteeing” a very high return. To help seniors and their caregivers avoid financial exploitation, the FDIC and the Consumer Financial Protection Bureau have developed Money Smart for Older Adults, a curriculum with information and resources.
- Overpayment scams: This popular scam starts when a stranger sends a consumer or a business a check for something, such as an item being sold on the internet, but the check is for far more than the agreed-upon sales price. The scammer then tells the consumer to deposit the check and wire the difference to someone else who is supposedly owed money by the same check writer. In a few days, the check is discovered to be a counterfeit, and the depositor may be held responsible for any money wired out of the bank account. Victims may end up owing thousands of dollars to the financial institution that wired the money, and sometimes they’ve also sent the merchandise to the fraud artists, too.
- "Ransomware": This term refers to malicious software that holds a computer, smartphone or other device hostage by restricting access until a ransom is paid. The most common way ransomware and other malicious software spreads is when someone clicks on an infected email attachment or a link in an email that leads to a contaminated file or website. Malware also can spread across a network of linked computers or be passed around on a contaminated storage device, such as a thumb drive.
- Jury duty scams: A thief makes phone calls pretending to be a law enforcement official warning innocent people that they failed to appear for jury duty and threating an arrest unless a “fine” is paid immediately. And to pay up, the caller asks for debit account and PIN numbers, allowing the perpetrator to create a fake debit card and drain the account.
For more information, please visit the FDIC Consumer News website.
June 2017 Security Tip
Protecting the Elderly From Financial Abuse
From American Bankers' Association
You, or someone you know, could become the victim of a growing crime in America — financial abuse of older Americans. Seniors are increasingly becoming targets for financial abuse. As people over 50 years old control over 70 percent of the nation's wealth, fraudsters are using new tactics to take advantage of retiring baby boomers and the growing number of older Americans. Senior financial abuse is estimated to have cost victims at least $2.9 billion last year alone.
What Is Elder Financial Abuse?
It’s a crime that deprives older adults of their resources and ultimately their independence. Anyone who sees signs of theft, fraud, misuse of a person’s assets or credit, or use of undue influence to gain control of an older person’s money or property should be on the alert. Those are signs of possible exploitation. Older Americans that may have disabilities or rely on others for help can be susceptible to scams and other fraud. Advances in technology can also make it difficult for seniors to know who to trust and what's safe.
Despite these threats, taking simple steps to safeguard personal information and being aware of warning signs can protect aging men and women from financial abuse.
Tips for Seniors: What should you do to protect yourself?
- Plan ahead to protect your assets and to ensure your wishes are followed. Talk to someone at your financial institution, an attorney, or financial advisor about the best options for you.
- Shred receipts, bank statements and unused credit card offers before throwing them away.
- Carefully choose a trustworthy person to act as your agent in all estate-planning matters.
- Lock up your checkbook, account statements and other sensitive information when others will be in your home.
- Order copies of your credit report once a year to ensure accuracy.
- Never give personal information, including Social Security Number, account number or other financial information to anyone over the phone unless you initiated the call and the other party is trusted.
- Never pay a fee or taxes to collect sweepstakes or lottery “winnings.”
- Never rush into a financial decision. Ask for details in writing and get a second opinion.
- Consult with a financial advisor or attorney before signing any document you don’t understand.
- Get to know your banker and build a relationship with the people who handle your finances. They can look out for any suspicious activity related to your account.
- Check references and credentials before hiring anyone. Don’t allow workers to have access to information about your finances.
- Pay with checks and credit cards instead of cash to keep a paper trail.
- Feel free to say “no.” After all, it’s your money.
- You have the right not to be threatened or intimidated. If you think someone close to you is trying to take control of your finances, call your local Adult Protective Services or tell someone at your bank.
- Trust your instincts. Exploiters and abusers often are very skilled. They can be charming and forceful in their effort to convince you to give up control of your finances. Don’t be fooled—if something doesn’t feel right, it may not be right. If it sounds too good to be true, it probably is.
May 2017 Security Tip
Laptop Security Tips
From The Federal Trade Commission
A minor distraction is all it takes for a laptop to vanish. If it goes missing, all the valuable information stored on it may fall into the hands of an identity thief. Keep these tips in mind when you’re out and about with your laptop:
Treat your laptop like cash: If you had a wad of money sitting out in a public place, would you turn your back on it — even for just a minute? Would you put it in checked luggage? Leave it on the backseat of your car? Of course not. Keep the same watchful eye on your laptop as you would on your cash.
Lock your laptop with a security cable: In the office, a hotel, or some other public place, use a laptop security cable. Attach it to something immovable or to a heavy piece of furniture — say, a table or a desk.
Be on guard in airports and hotels: Keep your eye on your laptop as you go through airport security. Hold onto it until the person in front of you has gone through the metal detector — and keep an eye out when it emerges on the other side. The confusion and shuffle of security checkpoints can be fertile ground for theft. If you stay in hotels, a security cable may not be enough. Store your laptop in the safe in your room. If you leave your laptop attached to a security cable in your hotel room, consider hanging the "do not disturb" sign on your door.
Consider an alarm: Depending on your security needs, an alarm on your laptop can be a useful tool. Some laptop alarms sound when there's unexpected motion, or when the computer moves outside a specified range. A program that reports the location of your stolen laptop once it's connected to the internet also can be useful.
Consider carrying your laptop in something else less obvious than a laptop case:When you take your laptop on the road, carrying it in a computer case may advertise what's inside. Consider using a suitcase, a padded briefcase, or a backpack instead.
Don't leave it — even for just a minute:
Your conference colleagues seem trustworthy, so you're comfortable leaving your laptop while you network during a break. The people at the coffee shop seem nice, so you ask them to keep an eye on it while you use the restroom. Not a good idea.
Don't leave your laptop unguarded — even for a minute: Take it with you if you can, or at least use a cable to secure it to something heavy.
Don't leave your laptop in a car:Parked cars are a favorite target of laptop thieves. If you have no choice and you must leave it in your car, keep it locked up and out of sight.
Don’t put your laptop on the floor:No matter where you are in public — at a conference, a coffee shop, or a registration desk — don’t put your laptop on the floor. If you must put it down, place it between your feet or up against your leg so you remember that it’s there.
Don’t keep passwords with your laptop or in its case: Remembering strong passwords or access numbers can be a challenge. However, leaving them in your laptop carrying case or on your laptop is like leaving your keys in your car. Don’t make it easy for a thief to get to your personal or corporate information.
Telephone Banking Safety Tips
From FDIC Consumer News
Being aware of Vishing is an important part of telephone banking safety. Vishing (or voice phishing) is when fraudsters obtain personal details through the phone asking you to reveal or key-in confidential details. Fraudsters could contact you via calls, text messages, voice messages, etc. Please ensure that you do not respond to such unsolicited communications.
You know that it is an attempt at vishing when:
• You receive promotional messages asking you to provide confidential information.
• You receive calls made from persons claiming to be a bank representative who do not know your first and last name. Keep in mind, Washington Trust will never call to ask for your Social Security Number, Account Number or Debit Card Number. If you receive a call from someone indicating they are from Washington Trust or are affiliated with a service; and personal identifying information is requested, hang up and contact Washington Trust directly.
• You receive an automated call telling you that transactions have taken place on your account and instructing you to either provide confidential bank account information or call back a particular number. Always refer to advertised Telephone Banking phone numbers from Washington Trust (800-226-5877 or 401-348-1399). If the telephone number seems suspicious, do not provide any information whether you’re talking with a live person or responding to automated prompts using a touch tone phone.
Additional telephone safety tips:
• Do not share or write down your account number or PIN.
• Select a PIN that’s easy for you to remember but that is not easily researched. Avoid using the last four digits of your Social Security Number, Account Number or Date of Birth. Also, avoid simple sequences such as 1234 or 1111.
• Do not access the telephone banking system through public phones.
Avoiding Scams: Sticking to the Basics Can Go a Long Way
From FDIC Consumer News
There is plenty of information available to consumers to help avoid being a fraud or theft victim. "But some people complain that there is too much to remember and that being vigilant can be a daunting task," said Millie Spencer, a financial crimes specialist with the FDIC. Here's a short list of simple ways to avoid many financial crimes.
Never provide passwords, credit or debit card information, Social Security numbers and similar personal information in response to an unsolicited text message, e-mail, call or letter. An identity thief can use this information to apply for credit cards or loans, access your bank accounts online or otherwise commit fraud using your name.
Crooks often send e-mails, text messages or phone messages that appear to be from a legitimate, trusted organization asking consumers to "verify" or "update" personal information. The scam is called phishing because the criminals throw out bait in hopes of luring a consumer into biting.
Criminals also create bogus web sites in hopes that consumers will enter valuable personal information. "We've seen everything from fake bank web sites to sites offering payday loans or credit repair services," added Michael Benardo, Manager of the FDIC's Cyber Fraud and Financial Crimes Section. "Some of these sites offer incredibly low prices or other enticing promotions."
And, as Spencer noted, "Always be suspicious of these types of requests because a legitimate organization would not solicit updates in an unsecured manner for information it already has."
Think twice before opening attachments or clicking on links in unsolicited e-mails and text messages. These messages may install "malware" (malicious software) on your computer or cellphone. "This software could allow crooks to spy on you and gain access to your online banking sites," explained Benardo.
To confirm a message's validity, contact the supposed sender. "But don't automatically assume the contact information listed in the e-mail is accurate," said Benardo. He recommended finding the telephone number, web site or e-mail address from an independent, reliable source.
Deal only with reputable merchants, service providers and charities. Friends and family may be able to provide recommendations. You can search for complaints against a business by contacting your state or local consumer affairs office and your local Better Business Bureau. There also are popular sites on the Internet for consumer ratings and reviews of businesses.
Fraud artists also claim to be from legitimate charitable organizations — especially after a major disaster — and ask for "donations." The Better Business Bureau's Wise Giving Alliance and other organizations can help you find legitimate charities with good reputations.
Be on guard against counterfeit checks, cashier's checks or money orders. These often are associated with scams that say you have won a lottery or other prize, are bogus work-from-home offers, or are attempts to steal something you are selling on the Internet.
They can also be associated with offers to purchase items you are selling online or through classified ads. Be especially leery if you get a check for more than the amount due and you're instructed to return the difference by depositing the check and wiring the excess amount to the other party's account or to an associate. If the check turns out to be counterfeit, you will be out the money regardless of whether you sent a check, wire or cash.
Be wary of unsolicited investment offers that sound too good to pass up or that require you to act fast. "Statements about low-risk investments with ‘guaranteed returns' that are unusually high are red flags," said Luke W. Reynolds, Acting Associate Director in the FDIC's Division of Depositor and Consumer Protection.
He also advised walking away from any offer that involves pressure to pay cash or provide personal information right away.
Protect your mail and other documents at home. Thieves know that credit card or bank statements and other documents contain valuable, confidential information. Try to use a secure mailbox for your incoming mail. Keep bank and credit card statements, tax returns, credit and debit cards and blank checks secure, even at home. Also shred sensitive documents before discarding them. Similarly, use an updated security program to protect your computer.
Look at your bank statements and credit card bills as soon as they arrive. Immediately report any discrepancy or anything suspicious, such as an unauthorized withdrawal or charge, to your financial institution.
Periodically review your credit reports and dispute any inaccurate information, which could indicate identity theft. You are entitled to a free copy from each of the nation's three major credit bureaus every 12 months.
To learn more about protecting yourself from common financial frauds, see back issues of FDIC Consumer News at www.fdic.gov/consumernews.
The Taxman Cometh
The income tax filing season has begun and important tax documents should be arriving in your mailbox. Even though your return is not due until April, you can make tax time easier on yourself with an early start.
Here are the Internal Revenue Service's top 10 tips to ensure a smooth tax-filing process.
- Gather your records. Round up any documents you'll need when filing your taxes: receipts, canceled checks and other documents that support income or deductions you're claiming on your return.
- Be on the lookout. W-2s and 1099s will be coming soon; you'll need these to file your tax return.
- Have a question? Use the Interactive Tax Assistant available on the IRS website to find answers to your tax questions about credits, deductions, general filing questions and more.
- Use Free File. Let Free File do the hard work for you with brand-name tax software or online fillable forms. It's available exclusively at www.irs.gov. Everyone can find an option to prepare their tax return and e-file it for free. If you made $57,000 or less, you qualify to use free tax software offered through a private-public partnership with manufacturers. If you made more or are comfortable preparing your own tax return, there's Free File Fillable Forms, the electronic versions of IRS paper forms. Visit www.irs.gov/freefile to review your options.
- Try IRS e-file. IRS e-file is the safe, easy and most common way to file a tax return. Last year, 79 percent of taxpayers — 106 million people — used IRS e-file. Many tax preparers are now required to use e-file. If you owe taxes, you have payment options to file immediately and pay by the tax deadline. Best of all, the IRS issues refunds to 98 percent of electronic filers by direct deposit within 14 days, if there are no problems, and some may be issued in as few as 10 days.
- Consider other filing options. There are many options for filing your tax return. You can prepare it yourself or go to a tax preparer. You may be eligible for free face-to-face help at a volunteer site. Give yourself time to weigh all the options and find the one that best suits your needs.
- Consider direct deposit. If you elect to have your refund directly deposited into your bank account, you'll receive it faster than a paper check in the mail.
- Visit the official IRS website often. The IRS website at www.irs.gov is a great place to find everything you need to file your tax return: forms, publications, tips, answers to frequently asked questions and updates on tax law changes.
- Remember this number: 17. Check out IRS Publication 17, Your Federal Income Tax, on the IRS website. It's a comprehensive resource for taxpayers, highlighting everything you'll need to know when filing your return.
- Review! Review! Review! Don't rush. We all make mistakes when we rush. Mistakes slow down the processing of your return. Be sure to double check all the Social Security numbers and math calculations on your return as these are the most common errors. Don't panic! If you run into a problem, remember the IRS is there to help.
How Do You Deposit a Check with Your Smartphone or Tablet?
Start by taking photos ... and taking precautions
From FDIC Consumer News
Did you know you can use a smartphone or tablet to deposit a check into your account from anywhere you can access your account remotely?
Simply endorse the check (just like you would at the ATM or teller), use your mobile device to snap a photo of the front and back, and deposit the check using the Washington Trust Mobile Banking app. This service is becoming more common and more popular with consumers. Still, there are potential costs and security risks.
Review and understand any policies and fees. You can find more information about Washington Trust's Mobile Check Deposit here. “For example, find out if there is a limit on the total dollar amount or number of checks that you can deposit via remote deposit capture (RDC) in a certain time period,” said Deborah Shaw, an FDIC senior technology specialist.
Additionally, you should determine how long the bank requires you to keep the original check after you deposit it using RDC.
Confirm when the funds from your deposited check will be made available to you. Federal rules allow banking institutions to put a temporary “hold” on certain deposits, and require institutions to provide disclosures to customers stating when their funds will be available for withdrawal. “If you do not find this information on the bank’s app or website, talk to an employee,” said Luke W. Reynolds, Chief of the FDIC’s Outreach and Program Development Section. “Also confirm the cutoff time for deposits to be considered received that day; this may not be the same as the bank’s normal closing time.”
Take steps to avoid potential problems. RDC creates the risk that a check could be deposited more than once. That could happen accidentally if, for example, a wife deposits a check electronically using RDC and then her spouse, not realizing that the check is already deposited, sees the paper check and deposits it at the bank. Or, a fraudster could steal a check, alter it and attempt to deposit the funds.
Shaw advises writing “for mobile deposit only” or “deposited” on the back of the paper check and securely storing the check for as long as required according to your bank’s policies. After the bank’s recommended retention period ends, RDC users should shred the paper check.
Always monitor your accounts. As you would if you were depositing money any other way, make sure deposits and other transactions have been properly posted to your account. “You can check your account online or through the mobile app,” Shaw said. “Your bank also may provide email alerts about changes in account balances or unusual activity on your account.”
She added that your bank also may be able to notify you by email or text message when RDC deposits are posted to your account or if there is a problem with a deposit.
For more help or information regarding Mobile Check Deposit, contact our Customer Solutions Center at (800) 475-2265.