Security Tips - Archives
October Security Tip
October is National Cybersecurity Awareness Month
A Cyber Security Checklist
From FDIC Consumer News
October is National Cybersecurity Awareness Month and this year it is more important than ever to make sure your personal and financial information is safe online. Consumers increasingly rely on computers and the Internet for everything from shopping and communicating to banking and bill paying. While the benefits of faster and more convenient "cyber" services are clear, the strategies for preventing online fraud and theft may not be as well-known by many bank customers. Below are 10 simple things customers can do to help protect their computers and their money from online criminals.
1. Have computer security programs running and regularly updated to look for the latest threats. Install anti-virus software to protect against malware (malicious software) that can steal information such as account numbers and passwords, and use a firewall to prevent unauthorized access to your computer.
2. Be smart about where and how you connect to the Internet for banking or other communications involving sensitive personal information. Public Wi-Fi networks and computers at places such as libraries or hotel business centers can be risky if they don’t have up-to-date security software.
3. Get to know standard Internet safety features.For example, when banking or shopping online, look for a padlock symbol on a page (that means it is secure) and “https://” at the beginning of the Web address (signifying that the website is authentic and encrypts data during transmission).
4. Ignore unsolicited emails asking you to open an attachment or click on a link if you’re not sure it’s who truly sent it and why. Cybercriminals are good at creating fake emails that look legitimate, but can install malware. Your best bet is to either ignore unsolicited requests to open attachments or files or to independently verify that the supposed source actually sent the email to you by making contact using a published email address or telephone number.
5. Be suspicious if someone contacts you unexpectedly online and asks for your personal information. A safe strategy is to ignore unsolicited requests for information, no matter how legitimate they appear, especially if they ask for information such as a Social Security number, bank account numbers and passwords.
6. Use the most secure process you can when logging into financial accounts. Create “strong” passwords that are hard to guess, change them regularly, and try not to use the same passwords or PINs (personal identification numbers) for several accounts.
7. Be discreet when using social networking sites. Criminals comb those sites looking for information such as someone’s place of birth, mother’s maiden name or a pet’s name, in case those details can help them guess or reset passwords for online accounts.
8. Be careful when using smartphones and tablets. Don’t leave your mobile device unattended and use a device password or other method to control access if it’s stolen or lost.
9. Parents and caregivers should include children in their cybersecurity planning. Talk with your child about being safe online, including the risks of sharing personal information with people they don’t know, and make sure the devices they use to connect to the Internet have up-to-date security.
10. Small business owners should have policies and training for their employees on topics similar to those provided in this checklist for customers, plus other issues that are specific to the business. For example, consider requiring more information beyond a password to gain access to your business’s network, and additional safety measures, such as requiring confirmation calls with your financial institution before certain electronic transfers are authorized.
August Security Tip
Safe Mobile Banking: Latest Tips from the FDIC
From FDIC Consumer News
Using a smartphone, tablet computer or other mobile device to manage your finances can be convenient and help you monitor your money from practically anywhere. At the same time, it's important to take steps to protect your account information.
Be proactive in securing the mobile device itself. Depending on what security options are available on your device, create a "strong" password (consisting of unusual combinations of upper- and lower-case letters, numbers and symbols) or PIN (with random numbers instead of, say, 1234 or the last four digits of your Social Security number) and periodically change it.
"Always secure the device with a strong password or PIN in case it falls into the wrong hands," said Elizabeth Khalil, a Senior Policy Analyst in the FDIC's Division of Depositor and Consumer Protection. "Don't give that password or PIN to anyone or write it down anywhere." Also, never leave your mobile device unattended. And make sure you enable the "time-out" or "auto-lock" feature that secures your mobile device when it is left unused for a certain period of time.
Be careful about where and how you conduct transactions. Don't use an unsecured Wi-Fi network, such as those found at coffee shops, because fraud artists might be able to access the information you are transmitting or viewing. Also, don't send account numbers or other sensitive information through regular emails or text messages because those are not necessarily secure.
Take additional precautions in case your device is lost or stolen. Check with your wireless provider in advance to find out about features that enable you to remotely erase content or turn off access to your device or account if you lose your phone. Quickly contact your financial services providers to let them know about the loss or theft of your device. Notifying your bank quickly will help prevent or resolve problems with unauthorized transactions.
Research any app before downloading it. Just because the name of an app resembles the name of your bank — or of another company you're familiar with — don't assume that it is the official one of that bank or company. It could be a fraudulent app designed to trick users into believing that the service is legitimate.
"The best place to download an app is from the official Web site of the bank or company that you are doing business with or from a legitimate app store. Note that the business will often direct you to an app store," said Jeffrey Kopchik, a Senior Policy Analyst in the FDIC's Division of Risk Management Supervision. "Also, if possible, be sure to protect your financial apps, ideally with a password that is different from the password for your device."
Be on guard against unsolicited emails or text messages appearing to link to a financial institution's Web site. Those could be "phishing" messages containing some sort of urgent request (such as a warning that you need to "verify" bank account or other personal information) or an amazing offer (one that is "too good to be true") designed to lead you to a fake Web site controlled by thieves.
"The concern is that on that fraudulent site you may provide sensitive information while believing you are providing the information to your bank or another trusted party," said Matthew Homer, a Policy Analyst in the FDIC's Division of Depositor and Consumer Protection.
July Security Tip
Fraud in the COVID-19 pandemic
As seen on The Rhode Show
Fraudsters are aggressively exploiting the COVID-19 pandemic, targeting consumers in new ways steal their hard-earned money, or recruit them to act as unwitting participants in the scams to move money. Criminals are also using current events to make their scams sound more convincing and to put a new face on some old schemes.
It’s especially important to check on your senior friends and family who may be isolated more than before and might be lonely and therefore more open to conversations with callers.
Here are a few examples of current scams to be aware of, which often involve multiple channels, like texting, phone calls and the internet:
- New twists on old scams – Fraudsters are still using the romance scams* , lottery schemes* and stranded traveler schemes*, but putting a new spin on these by referencing protests or COVID-19 related illness or quarantine as reasons they need money or can’t be reached to verify themselves.
- Tech support scams – Fraudsters are also taking advantage of the number of people working remotely to launch tech support scams.
- The consumer sees a popup on their computer or gets a phone call telling them they have a virus.
- They agree to pay a fee to have the computer cleaned, and gives the scammer access to the computer.
- The scammer helps them log into their online banking and make the payment for the “service” and unbeknownst to the consumer, initiates other transactions in their online banking session.
- Reminder: Never provide access to your online banking to allow someone to perform transactions on your behalf.
- Unemployment fraud – An organized ring is using stolen identity information to apply for unemployment benefits in states all over the country. Many consumers have had their identity stolen in this scheme. Other consumers are getting caught up in this scam by allowing their accounts to be used to deposit the funds and then passing that money on to the fraudsters, thinking they’re helping a friend or loved one. This is frequently related to romance scams.
How Can You Protect Yourself and your family?
- Never provide access to your online banking to allow someone to perform transactions on your behalf. Just like you wouldn’t let a stranger in your front door – don’t let anyone you don’t know into your computer
- Never send money to an individual whom you have never met. Ask questions and independently verify everything. When in doubt, say no.
- Practice good password hygiene:
- Do not reuse passwords across applications, websites or social media.
- Change online banking and email passwords frequently and if not recently changed, now is a good time.
- Use complex passwords that will be easy to remember, but difficult for a fraudster to guess.
- Think of passwords like toothbrushes- Change often and never share.
- Be careful about what you post on social media. For example, if you want to use your high school mascot, pet’s name or street you lived on as a child as a password or security question, make sure you’re not posting that detail on Facebook!
- Monitor your financial accounts for other signs of unauthorized activity even ones you don’t regularly use. Report any suspicious activity promptly to your bank
- If you’ve had a fraudulent unemployment claim filed in your name: Fill out a report on the RI State Police website
If you think you have been the victim of a scam, please contact our Customer Solutions Center at 800-475-2265.
*Romance scams - a fake romance, slowly building up trust and a seemingly real relationship while using that built trust to steal information about their identity
Lottery Scams - scammers inform the target that they’ve won a lottery or sweepstakes and need to make some sort of payment to unlock the prize. Often, they will be sent a check that they can deposit in their bank account, knowing that while it shows up in their account immediately, it will take a few days before the (fake) check is rejected.
Stranded Traveler Scam: The con artist gets the victim to wire or send money on the pretext that a relative is in the hospital, jailed or in trouble and needs the money. Scammers may mine social media to get personal info to make the call more convincing.
June Security Tip
Protect yourself against scammers
From the FDIC Consumer News
The Federal Deposit Insurance Corporation (FDIC) has received reports of fraudulent communications that have the appearance of being from this agency. Fraudsters know that people trust the FDIC name, so scammers use the FDIC’s name and logo, and even the names of actual employees, in perpetrating fraudulent schemes.
These scams may involve a variety of communication channels, including emails, phone calls, letters, text messages, faxes, and social media. The messages might ask you to “confirm” or “update” confidential personal financial information, such as bank account numbers. In other cases, the communication might be an offer to help victims of current or previous frauds with an investigation or to recover losses.
Some scams have included official looking forms for such things as filing insurance claims or paying taxes on prize winnings. They might tell you that you have an unpaid debt and threaten you with a lawsuit or to arrest you if you don’t pay. Other recent examples have included check endorsements, bankruptcy claimant verification forms, stock confirmations, and investment purchases.
Additional known scams ask for an upfront payment in the form of gift cards or digital currency before service can be provided. They might include a cashier’s check with instructions to deposit the check and send some portion of the funds back via wire transfer service. Learn how to protect yourself from fake check scams with these tips from FDIC Consumer News. Scammers might ask for personal information such as Social Security numbers, dates of birth, and other valuable details that they can use to commit fraud or sell your identity.
Here’s what you need to know to protect yourself against government scammers like these:
- The FDIC DOES NOT send unsolicited correspondence asking for money or sensitive personal information, and we’ll never threaten you.
- No government agency will ever demand that you pay by gift card, wiring money, or digital currency.
- The FDIC would never contact you asking for personal details, such as bank account information, credit and debit card numbers, social security numbers, or passwords.
If you think you have been the victim of a scam, please contact our Customer Solutions Center at 800-475-2265.
May Security Tip
Tips to Protect Yourself Online
From the American Bankers Association
Although the internet has many advantages, it can also make users vulnerable to fraud, identity theft and other scams. According to a 2018 Gallup Poll, one in four Americans has experienced cybercrime. The American Bankers Association recommends the following tips to keep you safe online:
- Keep your computers and mobile devices up to date. Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.
- Establish passwords. A strong password is at least eight characters in length and includes a mix of upper and lowercase letters, numbers, and special characters.
- Watch out for phishing scams. Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. Do not click on links or open any attachments or pop-up screens from sources you are not familiar with.
- Forward phishing emails to the Federal Trade Commission (FTC) at email@example.com — and to the company, bank, or organization impersonated in the email.
- Recognize and avoid bogus website links. Cybercriminals embed malicious links to download malware onto devices and/or/ route users to bogus websites. Hover over suspicious links to view the actual URL that you are being routed to. Fraudulent links are often disguised by simple changes in the URL. For example: www.ABC-Bank.com vs ABC_Bank.com
- Keep personal information personal. Hackers can use social media profiles to figure out your passwords and answer those security questions in the password reset tools. Lock down your privacy settings and avoid posting things like birthdays, addresses, mother’s maiden name, etc. Be wary of requests to connect from people you do not know.
- Secure your internet connection. Always protect your home wireless network with a password. When connecting to public Wi-Fi networks, be cautious about what information you are sending over it. Consider using a Virtual Private Network (VPN) app to secure and encrypt your communications when connecting to a public Wi-Fi network. (See the Federal Trade Commission’s tips for selecting a VPN app.)
- Shop safely. Before shopping online, make sure the website uses secure technology. When you are at the checkout screen, verify that the web address begins with https. Also, check to see if a tiny locked padlock symbol appears on the page.
If you think your information has been compromised, please contact our Customer Solutions Center at 800-475-2265.
April Security Tip
Tips to Protect Yourself From Fraud During a Pandemic
Scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both. Don’t let them. Protect yourself and do your research before clicking on links purporting to provide information on the virus, donating to a charity online or through social media, purchasing products online or giving up your personal information in order to receive money or other benefits. Below are some different types of scams that are prevalent at this time.
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, pretending to be a trusted entity, dupes a victim into opening an email. There continues to be an increase in phishing scams related to COVID-19 and potential treatments, as well as government stimulus check scams. Below are links to articles which provide additional details about these types threats.
With companies having a majority of their workforce working remotely, the use of online conferencing platforms such as WebEx or Zoom has been on the rise. Cybercriminals have started to attack these platforms. Below is a link to the FBI’s warning around Teleconferencing hijacking.
We remind you to always use good cyber hygiene and security measures. By remembering the following tips, you can protect yourself and help stop criminal activity:
- Do not open attachments or click links within emails from senders you don't recognize.
- Do not provide your username, password, date of birth, social security number, financial data, or other personal information in response to an email or robocall.
- Always verify the web address of legitimate websites and manually type them into your browser.
- Check for misspellings or wrong domains within a link (for example, an address that should end in a ".gov" ends in .com" instead).
March Security Tip
7 Reasons to Balance Your Bank Accounts Each Month
It is essential to track your expenses each month, so you know what you have spent and where. It is just as important to balance your checking account and credit cards to your bank statement each month, so you can spot potential problems with your account or prevent overdrafts. The following tips can help:
Catch Mistakes You Made
One of the biggest reasons you should balance your checking account to your statement is to catch any mistakes with your record keeping. Even if you are using software, you may make mistakes in entering your deposits or transactions. These may be minor mistakes, but transposing numbers can throw your ending balance off. Balancing to your bank statement will help catch those and prevent you from accidentally overdrawing.
Track Your Spending
When you balance your checking account, you can also track your expenses. There are many types of personal finance apps that will automatically track your spending so you know if you’re staying within your budget. You can also review your spending for the year and budget for annual expenses you may have overlooked.
Catch Mistakes Your Bank Has Made
Banks have been known to make mistakes. However, if you are not balancing to your account, you may not realize that a deposit is missing or withdrawal is unauthorized. If you review your account and suspect an error has been made, contact your bank as soon as possible to rectify the situation.
Catch Fraudulent Changes
Banks and credit card companies have a period of time in which you can report fraudulent charges, usually between thirty and ninety days from the date of the statement. It is important to balance your account each month so you catch small discrepencies, like a transaction accidentally being run twice at a store, or larger issues, like possible identity theft.
Be Aware of Where You Are Financially
You should always carefully track your spending to make sure you do not accidentally overdraw your account. It is important to balance your account so that you know where you are and how much money you have left to spend until your next paycheck. You can also avoid this by building in a cushion of at least $100 into your budget. This can prevent you from overdrawing because of a simple math mistake.
Catch Automatic Payments That Have Not Gone Through
You may have an automatic payment set up to pay club dues, pay medical bills, insurance, or other small monthly payments. These payments should go through without a hitch, but sometimes if the company has switched over to a new system or you get a new credit card number, the payments may not go through. In some cases, it may not be a big deal, but if it ends up with your insurance being canceled, or late fees, it may end up costing you more than you realize. When you balance your statement each month, it allows you to catch these mistakes and contact the company to make sure that everything is okay.
Stop Small Things From Becoming Large Things
When you balance your account, you may catch small fees or mistakes that do not seem like a lot on the surface. You may remember to record the ATM withdrawal, but not the additional fee that your bank charges for using a different bank’s ATM. These fees may be small, but if you do not catch them and add them into your balance, you may end up overdrawing your account. When you overdraw your account, fees can add up quickly and send you into the overdraft cycle.
February Security Tip
How to Handle Unauthorized Transactions on Your Account
If you run into unauthorized transactions on your bank account, it is important to act quickly to protect yourself and to stop any further unauthorized charges. Following these steps may help:
Contact Your Bank
Contact your bank to find out more about the transaction. They will be able to tell you if the unauthorized truncation was from a debit card, or if it was an ACH (or electronic) transaction. If it was a debit card of point of sale transaction, then cancelling your debit card may be enough to stop fraudulent transactions in the future. The Bank should be able to cancel the debit card for you right over the phone. If it was an ACH transaction, you will most likely need to close your account. Most banks require you to visit a physical branch location to close your account in person. They should also place a “temporary freeze” on the account to stop additional charges from accruing.
Contact the Vendor
You should contact the vendor listed on the fraudulent transaction to begin the process of disputing the charge. This process may take a couple of days. Reviewing your checking account transactions on a regular basis may help you detect fraudulent charges more quickly, which may help you resolve the issue faster.
Dispute the Charge With Your Bank or Credit Card Company
You may be able to dispute a charge with your bank or credit card company by filling out a form online and providing some information about the fraudulent charge. Some banks may ask you to fill out a form in person at your local branch. You have 60 days to dispute your charge formally, so it is important to act as quickly as you can. Balancing your account with your bank statement on a regular basis, either monthly or weekly, is a good way to stay vigilant.
File a Fraud or Police Report
Depending on the number of charges made and the severity of the situation, you may need to file a fraud report with your local police department. This shows the bank that you did not make the charges and can help to clear up your account. The police report may also be necessary if you find out that the thief has attempted identity theft, as well. Be sure to keep a copy of the police report on file in case you need it in the future.
Monitor Your Account and Credit Closely
Finally, you need to continue to monitor your account and your credit report closely. If the user had direct access to your checking account and not just your debit card, you may want to put a temporary freeze on your credit report to add a layer of extra protection.
Remember, it is important to put a stop to any fraudulent charges before it can turn into full-blown identity theft. Be sure to check your credit report every few months, and check on your checking account daily to make sure no additional fraudulent charges are made.
January Security Tip
National Clean Up Your Computer Month
January is National Clean Up Your Computer Month! Your computer. It's always there when you need it, an integral part of daily life, and has more of your personal information than many of your friends and family members you've known your whole life.
Most of us don't realize how important our computers are until something happens and we have to live without them.
There's a special time of the year to remind us about the importance of our computers and taking care of them — National Clean Up Your Computer Month. This annual awareness day, which takes places every January, reminds us to clean up your computer's hardware and software, which are vital in ensuring the health and longevity of our computers. Here are some specific ways you can give your computer the TLC it deserves:
- Clean your keyboard and mouse. Both are havens for germs, dust, and other unwanted debris. Use canned air to get in between keyboard keys. Also, wipe down your keys and your mouse with computer-approved cleaning agents.
- Wipe down your monitor. Be sure to use products specifically designed for computers and to follow the instructions. Never use glass cleaner and other household cleaning products.
- Remove unused files. Carrying excess files can slow down the performance of your computer. Take some time to delete old files as well as temporary files.
- Empty your trash or recycle bin. You wouldn't leave a full trash barrel under your kitchen sink, so why leave a full barrel of trash in your computer?
- Back up important files. If you've ever accidentally deleted a file you needed, you know how important it is to regularly back up your files.
- Clean out your cookies. If you do a lot of Internet surfing, you'll probably have old cookies that can affect the performance of your computer. Clean out cookies in your browser.
- Do a virus scan. If you don't have virus protection software, make sure you purchase it from a reputable provider and run a scan immediately and regularly.
- Uninstall old software programs. If you haven't used an application in the last several months, take it off your computer by running an uninstall program. You just might find your computer runs faster.
December Security Tip
Tips for Holiday Shopping Online
The holiday shopping season is here! If you are planning to do your shopping online this year, consider the following tips to keep your personal and financial information safe.
Know who you're dealing with. Anyone can set up shop online under almost any name. Confirm the online seller's physical address and phone number in case you have questions or problems. And if you get an email or pop-up message that asks for your financial information while you’re browsing, don't reply or follow the link. Legitimate companies don't ask for information that way. Know what you're buying.
Read the seller's description of the product closely, especially the fine print. Words like "refurbished," "vintage," or "close-out" may indicate that the product is in less-than-mint condition, while name-brand items with bargain basement prices could be counterfeits.
Know what it will cost.Check out websites that offer price comparisons and then compare "apples to apples." Factor shipping and handling into the total cost of your purchase. Do not send cash or money transfers under any circumstances.
Check out the terms of the deal, like refund policies and delivery dates. Can you return the item for a full refund if you're not satisfied? If you return it, who pays the shipping costs or restocking fees, and when you will get your order? A Federal Trade Commission (FTC) rule requires sellers to ship items as promised or within 30 days after the order date if no specific date is promised. Many sites offer tracking options, so you can see exactly where your purchase is and estimate when you’ll get it.
Pay by credit card.If you pay by credit or charge card online, your transaction will be protected by the Fair Credit Billing Act. Under this law, you can dispute charges under certain circumstances and temporarily withhold payment while the creditor investigates them. In the event that someone uses your credit card without your permission, your liability generally is limited to the first $50 in charges. Some companies guarantee that you won’t be held responsible for any unauthorized charges made to your card online; some cards provide additional warranty, return, and purchase protection benefits.
Keep Records. Print or save records of your online transactions, including the product description and price, the online receipt, and the emails you send and receive from the seller. Read your credit card statements as you receive them; be on the lookout for charges that you don’t recognize.
Protect Your Information Don't email any financial information. Email is not a secure method of transmitting financial information like your credit card, checking account, or Social Security number. If you begin a transaction and need to give your financial information through an organization's website, look for indicators that the site is secure, like a URL that begins "https" (the "s" stands for secure). Unfortunately, no indicator is foolproof; some fraudulent sites have forged security icons.
If you feel that your information has been compromised, please contact out Customer Solutions Center at 800-475-2265.
November Security Tip
Banking at the Speed of Technology
Follow these tips to help ensure your money stays secure
From FDIC Consumer News
Millions of people today use mobile devices to manage their finances, and the number of users continues to grow. Why? Mobile banking technology and services provide so much convenience. You can access your account from just about anywhere using a smartphone or mobile computer device today. As demand grows, the banking industry strives to improve online services while keeping customers’ funds safe.
Money Transfer Services: Person-to-person payment services and mobile payment apps have become part of everyday life for many people. Payment services and apps let you send money to people without having to write a check, swipe a card, or hand them cash. These services are becoming increasingly popular for things like dividing the cost of rent with a roommate or tracking costs and splitting the bills when traveling. With the development of new payment methods, there are also new risks, so keep the following in mind when using these services and apps:
Have your friend send you a request for payment first. If you’re sending money to someone for the first time, ask that they send a "request" from their app, if that service is available. This helps ensure that you’re sending funds to the right person for the right amount. If the payment app does not have a request for payment function, consider sending a small, test payment to the recipient to confirm it is the right person before sending larger amounts.
Double-check before you press that send button. A simple mistype can send money to the wrong person or the wrong amount. Always double-check the amount you entered and the person you selected to pay. Most payment apps require a username, phone number, or email address to identify payment recipients. Ask the recipient to be sure he or she is registered in the app with the information you intend to use to send them money. You can sometimes "stop payment" with written checks, dispute a credit card charge, or cancel a bill payment, but mobile payment services generally don’t have a recall or retrieval feature. For these reasons, it’s important to be certain you want to make a payment via transfer, then verify how much and to whom before pressing send.
Know when to expect to receive transferred money or when it should leave your account. You may have to wait to spend money you receive in a transfer. Even if the money appears to be in your balance instantly, you may not be able to spend the money as quickly as it shows up, so be sure to read the disclosures to find out how much time they have to complete the transaction. When you send money via mobile apps, most payments get deducted from your balance immediately.
Depositing checks using Remote Deposit Capture: Many banks allow customers to use Remote Deposit Capture (RDC), which allows customers to take a picture of a check with their mobile device and deposit that check electronically without ever visiting a branch or using an ATM. This service is becoming popular, especially among customers who don’t live or work close to a bank branch. If you use RDC, carefully track the checks you deposit. For example, you might write the date you deposited the item on the front of the paper check and hold onto it until the check has cleared and the money is in your account. Once the deposit is verified, you can destroy the check, preferably using a high-quality paper shredder. Ask your bank more about how this service works.
Additional tips for mobile banking:
Set account alerts. Most mobile banking systems allow you to sign up for alerts on your mobile device or email to notify you if your account balance drops below a set dollar amount and thereby help you avoid overdrawing from your account. You may also be able to receive text alerts if your bank observes suspicious or potentially fraudulent transactions involving your account. Some systems even let you set spending limit alerts to help keep track of your spending.
Research apps before downloading. Just because the name of an app resembles the name of your bank or another company you're familiar with, that doesn’t mean it is their official app. Fraudulent apps are created all the time, so verify that you have the correct one before adding any personal information to your new app.
Be on guard against unsolicited email or text messages appearing to link to a financial institution's website. Those could be "phishing" messages, which often contain an urgent request (such as a warning that you need to verify bank account or other personal information). Sometimes it is disguised as an amazing offer, designed to lure you to a fake website where fraudsters hope to steal your information and ultimately your funds. Learn more about phishing scams by visiting: 10 Scams Targeting Bank Customers.
Be proactive in securing your mobile device. Never leave your mobile device unattended and make sure you enable the auto-lock feature to secure your mobile device when it is left untouched for a period of time. Be sure to create a strong password or PIN on your mobile device and don’t make it obvious (like your birthday or social security number). You should periodically change your pin or password, which also helps keep it secure. Most importantly, don't give that password or PIN to anyone, or write it down where others can find it, especially with the device. You may also want to consider using a mobile device with a biometric authentication method, which verifies your identity by scanning your physical characteristics, such as your fingerprint or face.
Be careful where and how you conduct transactions. Don't use unsecured Wi-Fi networks to conduct your private business. Fraud artists might be able to access the information you are transmitting or viewing. Also, don't send account numbers or other sensitive information through regular email or text messages, because they are also vulnerable to hackers.
If your mobile banking services are not functioning properly, it might be due to technical difficulties. Be sure to contact the service provider as soon as possible to help resolve this issue.
Take additional precautions if your device is lost or stolen. Check with your wireless provider in advance to find out about features that enable you to remotely erase content or turn off access to your device or account. Contact your financial services providers to let them know about the loss or theft of your device. Notifying your bank quickly will help prevent or resolve problems should any unauthorized transactions occur as a result.
For more information about protecting your financial and personal information, please contact our Customer Solutions Center at 800-475-2265.
October Security Tip
How to Avoid Common Scams and Frauds
Each year millions of people are victimized by financial fraud or theft of money, property or valuable personal information. Click here to continue reading about common scams and how to report and prevent them.
Banking Scams Banking scams involve attempts to access your bank account. Some popular banking scams include:
Overpayment scams - A scam artist sends you a counterfeit check. They tell you to deposit it in your bank account, and wire part of the money back to them. Since the check was fake, you’ll have to pay your bank the amount of the check, plus you’ll lose any money you wired.
Unsolicited check fraud - A scammer sends you a check for no reason. If you cash it, you may be authorizing the purchase of items or signing up for a loan you didn’t ask for.
Automatic withdrawals - A company sets up an automatic debit from your bank account, as part of a free trial or to collect lottery winnings.
Phishing - You receive an email message that asks you to verify your bank account or debit card number.
Report Banking Scams
The proper organization to report a banking scam to depends on which type you were a victim of.
Report fake checks you receive by mail to the US Postal Inspection Service.
Report counterfeit checks to the Federal Trade Commission, either online or by phone at 1-877-382-4357.
Contact your bank to report and stop unauthorized automatic withdrawals from your account.
Forward phishing emails to the Federal Trade Commission at firstname.lastname@example.org.
How to Protect Yourself
Remember these tips to avoid being a victim of a banking scam:
- Be suspicious if you are told to wire a portion of funds from a check you received back to a company.
- Be wary of lotteries or free trials that ask for your bank account number.
- Verify the authenticity of a cashier’s check with the bank that it is drawn on before depositing a check.
- When verifying a check or the issuer, use contact information on a bank’s website.
- Don’t trust the appearance of checks or money orders. Scammers can make them look legitimate and official.
- Don’t deposit checks or money orders from strangers or companies you don’t have a relationship with.
- Don’t wire money to people or companies you don’t know.
- Don’t give your bank account number to someone who calls you, even for verification purposes.
- Don’t click on links in an email to verify your bank account.
- Don’t accept a check that includes an overpayment.
For more information about protecting your financial and personal information, please contact our Customer Solutions Center at 800-475-2265.
September Security Tip
Financial Preparedness for Hurricane Season
When it comes to preparing for situations like weather emergencies, financial readiness is as important as a flashlight with fully charged batteries.
Not only is September the peak of hurricane season, it is also National Preparedness Month. National Preparedness Month is sponsored by the Ready Campaign of FEMA and held each September to encourage Americans to take simple steps to prepare for potential emergencies in their homes, businesses and communities. The Ready Campaign asks individuals to do three key things to prepare for the unexpected:
1) Get an emergency supply kit
2) Make a family emergency plan
3) Be informed about the different types of emergencies that could occur and their appropriate responses.
Something else to consider is your financial readiness in case of an emergency. When it comes to preparing for situations like weather emergencies, financial readiness is as important as a flashlight with fully charged batteries. Leaving your home can be stressful, but knowing that your financial documents are up-to-date, in one place, and portable can make a big difference at a difficult time.
Here are some tips on how you can best prepare your financial information for an emergency:
Conduct a household inventory. Make a list of your possessions and document it with photos or a video. This could help if you are filing insurance claims. Keep one copy of your inventory in your home on a shelf in a lockable, fireproof file box; keep another in a safe deposit box or other secure location.
Buy a lockable, fireproof file box. Place important documents in the box; keep the box in a secure, accessible location on a shelf in your home so that you can "grab it and go" if the need arises. Among the contents:
Consider renting a safe deposit box for storage of important documents. Original documents to store in a safe deposit box might include:
Choose an out-of-town contact. Ask an out-of-town friend or relative to be the point of contact for your family, and make sure everyone in your family has the information. After some emergencies, it can be easier to make a long distance call than a local one.
Update all your information. Review the contents of your household inventory, your fireproof box, safe deposit box, and the information for your out-of-town contact at least once a year.
- Your household inventory
- A list of emergency contacts, including family members who live outside your area
- Copies of current prescriptions
- Health insurance cards or information
- Policy numbers for auto, flood, renter's, or homeowner's insurance, and a list of telephone numbers of your insurance companies
- Copies of other important financial and family records (or notes about where they are) including deeds, titles, wills, birth and marriage certificates, passports, and relevant employee benefit and retirement documents. Except for wills, keep originals in a safe deposit box or some other location. If you have a will, ask your attorney to keep the original document.
- A list of phone numbers or email addresses of your creditors, financial institutions, landlords, and utility companies (sewer, water, gas, electric, telephone, cable)
- A list of bank, loan, credit card, mortgage, lease, debit and ATM, and investment account numbers
- Social Security cards
- Backups of financial data you keep on your computer
- An extra set of keys for your house and car
- The key to your safe deposit box
- A small amount of cash or traveler's checks (financial institutions or ATMs may be closed)
- Deeds, titles, and other ownership records for your home, autos, RVs, or boats
- Credit, lease, and other financial and payment agreements
- Birth certificates, naturalization papers, and Social Security cards
- Marriage license/divorce papers and child custody papers
- Passports and military papers (if you need these regularly, you could place the originals in your fireproof box and a copy in your safe deposit box)
- Appraisals of expensive jewelry and heirlooms
- Certificates for stocks, bonds, and other investments and retirement accounts trust agreements
- Living wills, powers of attorney, and health care powers of attorney insurance policies
- Home improvement records
- Household inventory documentation
- A copy of your will
August Security Tip
Credit Identity Theft — Don't Become a Victim
Identity theft has become one of the fastest growing crimes in America. This unauthorized access to your personal information is used to open new financial accounts or access your existing accounts, enabling the thief to steal your money or charge items on your credit card, leaving you with the bills. But with a few common sense efforts, you can avoid becoming a victim.
Identity thieves are most interested in the personal information that would enable them to pass as you. This includes social security numbers, date of birth, mother's maiden name and existing account numbers at your financial institutions.
Identity thieves may try to get this information in one of these ways:
- Stealing wallets or purses with everything in them.
- Taking mail from your mailbox, especially bank statements and credit card statements.
- Diverting your mail by using a change of address form at the Post Office.
- Searching through your trash for tossed copies of statements.
- Posing as a representative of your financial institution on the phone and asking about your account.
To keep your information private, here are some of the steps to consider:
- Carry as few credit cards as possible and periodically check to make sure you still have them.
- Avoid carrying your social security card and passport unless they are needed.
- Never print your social security number on your checks.
- Shred all important papers that contain financial information before disposing of them.
- Shred credit card and ATM receipts properly if they contain your account number.
- Consider signing up for online statements and online bill pay to reduce the number of statements in your mailbox.
- Sign new credit cards as soon you receive them.
- Guard your PIN (personal identification number) carefully.
- Make your PIN and passwords hard for someone else to guess. Don't use your birth date, phone number or last four digits of your social security number.
- Keep a list of your credit card and financial account numbers with phone numbers in a safe place.
- Guard against mail theft by mailing payment envelopes from a collection box instead of raising the flag on your home mailbox.
- Never give personal information over the phone unless you made the call or you know with whom you are speaking.
- Review your financial and credit card statements carefully for unknown transactions. If you see one, call the institution immediately.
- Periodically, order credit reports from the three major credit bureaus to check for fraudulent activity on your accounts.
An ounce of prevention is worth a pound of cure
While there are no guarantees that these steps will prevent credit identity thieves from attacking you, the harder you make it to steal your identity, the less likely you are to become an identity theft victim.
July Security Tip
How can I create a unique username and complex password that’s easy to remember?
A strong username and password is your first line of defense against intruders and imposters. Never share your username or password with anyone and don’t use the same username or password for multiple sites. Also, never write down your username or password. If you find that you need to write it down, never leave it where someone has access to it. Your username and password should never include your name, email address, date of birth or anything else that is known to others.
- Use a pass phrase
- Make the password at least 12 characters long
- Include numbers, capital letters and symbols – consider using a $ instead of an S or a 1 instead of an L
A complex password uses different types of characters in unique ways to increase security.
Using a pass phrase is a good way to create a complex password that you can remember without writing it down. Statements are easier to remember than a random string of characters and you can recite the pass phrase to yourself while typing in your password.
Use these steps to help create a complex password.
If you have any questions, please contact our Customer Solutions Center.
- Think of a sentence or phrase you can remember. For example, take your favorite movie or song lyric.
Song lyric: One for the money, two for the show.
- Use the sentence directly if you can. Many of us are used to typing sentences and are less likely to make mistakes.
Complex password: OneForTheMoneyTwoForTheShow
- If you can’t use the sentence directly, add complexity. Replace a letter with a number, add a few more uppercase letters, and throw in some punctuation.
Added complexity: 14TheMoney24TheShow
- Convert the sentence to a password (if you want a shorter password). Use the first letter of each word to create a password that is at least 8 characters.
Shortened password: 14Tm24Ts
June Security Tip
Protecting Seniors from Financial Abuse
FDIC Consumer News
Be organized, proactive, and aware to protect yourself, family and friends from financial abuse
It’s easier than ever to handle our finances without setting foot inside a bank with so many advances in technology, but these changes have also made fraud and financial abuse a prevalent problem for older adults. Most elder financial abuse involves scams, forgery, identity theft, or undue pressure to give someone access to property or funds by simply providing information over the phone. Older adults are often targeted for such exploitation because they may be perceived as trusting, they may be cognitively impaired, they may have more funds available after a lifetime of saving, and potentially less exposure to technological advances.
Tips for Protecting Finances
Seniors can protect themselves from financial abuse by making sure financial records are organized and being aware of how much money is in all accounts. In addition, you can protect your assets by talking to someone at your bank, an attorney, or a financial advisor to discuss your options for ensuring your wishes for managing your money and property are followed in the event you become incapacitated. Other activities to help protect yourself include:
- Carefully choosing a trustworthy person to share your financial planning matters with so they can assist you with tracking your finances if you are unable to do so yourself.
- Locking up your checkbook, account statements, and other sensitive information.
- Ordering copies of your credit report to review for suspicious activity. (You are entitled to a free copy of your credit report from each of the three major credit bureaus once every twelve months. To order your free annual reports, go to AnnualCreditReport.com or call toll- free 1-877-322-8228.)
- Never providing personal information, including your Social Security number, account numbers, or other financial information to anyone over the phone unless you initiated the call.
- Asking for details in writing and getting a second opinion from a financial advisor or attorney before signing any document you don’t understand.
- Paying with checks and credit cards instead of cash to have records of transactions.
Tips for Family and Friends
Family and friends can also help by being aware of the many ways in which an older person may be financially exploited. There are many scams and frauds that attempt to get bank account information or Social Security numbers from the elderly to steal their identity or money. Be on the lookout for signs of possible financial abuse, including:
- Unexplained account withdrawals.
- Another individual unexpectedly making financial decisions on the older person’s behalf.
- Disappearance of funds or valuable possessions.
- Unanticipated transfer of assets to another individual.
- Sudden changes to a will or other important financial documents.
- Suspicious signatures on checks.
If you suspect elder financial abuse, talk to the victim to determine what is happening and who is involved. For instance, you’ll want to know whether a new person in their life is helping them manage their money or a relative is using their credit card without permission. If financial abuse seems likely, you may want to contact your state’s adult protective services and the local police for assistance.
You should also contact any bank or other financial institution involved to notify them of the potential abuse, and they may be able to assist you. They may not be able to provide you with specific information about accounts or transactions due to privacy laws, but they have the ability to review information for potential abuse as well as the resources to report abuse.
Also be aware of consumer financial protection regulations that help protect funds withdrawn from an account without authorization. For example, most cases of fraud and identity theft are committed using an access device, such as when an individual steals an older person’s debit card and pin number to withdraw money from a checking account.
The Electronic Fund Transfer Act, which is implemented through Regulation E, protects consumers from losses that may occur as a result of certain unauthorized electronic financial transactions, such as unauthorized ATM withdrawals and point-of-sale terminal transfers in stores. If a debit card or the card number is used to make an unauthorized withdrawal from a checking or savings account, you can minimize your losses by contacting your bank as soon as possible. Your maximum liability under Regulation E is $50 if you notify your bank within two business days after learning of the loss. Additionally, many credit card issuers have zero-liability policies, meaning that customers typically do not pay for unauthorized transactions, so contact your credit card issuer as soon as you discover any.
If you have any questions, please contact our Customer Solutions Center.
May Security Tip
Your Wallet: How to Keep Your Financial Information Safe
FDIC Consumer News
How to protect your money, your credit record — and your sanity — if you become a victim
Consider this: Your wallet is stolen. You immediately call your bank and credit card company to report the problem, close old accounts and open new ones. You even remember to call the Social Security Administration to notify them that you had your Social Security card in your wallet. At the end of the day, you feel fairly confident that the incident is behind you.
But weeks later you receive past-due notices on bills for merchandise you never purchased, and a few months later your application for an auto loan gets rejected because someone has used your name and Social Security number to open new accounts and run up thousands of dollars in debt. The good news: Your actual liability for these unauthorized purchases is limited by law or industry standards. The bad news: It’s likely that you’ll spend many frustrating hours trying to clear your name and straighten out your credit history.
Here are safety tips from FDIC Consumer News that can greatly reduce the chances of becoming a victim.
Limit the amount of confidential information in your wallet. Only carry the identification, checks, credit cards or debit/ATM cards you really need. The rest, including bank account numbers, personal identification numbers (PINs), passwords, and most importantly, Social Security cards, are best kept elsewhere in a safe place. Likewise, don’t pre-print your Social Security number or driver’s license number on your checks, because either one could help a thief apply for a loan, credit card or bank account in your name. Keep good backup information about your bank and credit card accounts, just in case your wallet is lost or stolen. You'll want account numbers and phone numbers that can be used to report your losses or request new cards. "Some people make copies of the front and back of all the cards or important notes in their wallet to help jog their memory," said FDIC Regional Ombudsman Janet Kincaid.
Review your credit card bills and your checking account statements as soon as they arrive. Make sure that no fraudulent activity is taking place.
Periodically request your credit reports. Look for signs that someone may have obtained loans or tried to commit other fraud in your name. By federal law, you are entitled to one free copy of your credit report every 12 months from each of the three nationwide credit bureaus — Equifax, Experian and TransUnion. Go to www.AnnualCreditReport.com or call toll-free 1-877-322-8228 to order your free credit reports.
Experts often suggest that, to maximize your monitoring capability, you spread out your requests and receive a report from each of the three credit reporting agencies at separate times rather than all at once.
If you've already been victimized, take steps to limit your liability. Immediately call your bank (to report a lost debit/ATM card) and your credit card companies. And if you spot an unauthorized charge on your credit card, you must follow up on any phone calls to your card issuer with a letter disputing the transaction.
"Under the Fair Credit Billing Act, you must dispute unauthorized charges appearing on your credit card statement in writing within 60 days after it was sent to you," noted Joni Creamean, Chief of the FDIC's Consumer Response Center. "The letter also must be sent to the bank's designated address for billing inquiries, not to where you’d mail your payments."
To learn more about avoiding identity theft, including steps you can take if your wallet has been lost or stolen, visit www.ftc.gov/idtheft.
April Security Tip
Scams: When Telemarketer Calls Don’t Ring True
Have you ever received a robocall? Do you know how to protect yourself from scammers who are increasingly using robocalls to steal consumer information? Here are some things to consider:
What is a robocall? Robocalls are calls made with an autodialer or that contain a message made with a prerecorded or artificial voice. Advances in technology have unfortunately allowed illegal and spoofed robocalls to be made from anywhere in the world and more cheaply and easily than ever before. That's why it's become more of a problem for consumers, and a more difficult problem to solve.
How are robocalls used to scam consumers? Some companies continue to make robocalls to people who have signed up for the Do Not Call Registry, using fake “caller IDs” that make them hard to identify or trace. These calls might be scams. Additionally, Caller ID spoofing is when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity. Spoofing is often used as part of an attempt to trick someone into giving away valuable personal information so it can be used in fraudulent activity or sold illegally.
What should I do if I receive a robocall? If you get a robocall, hang up. Don’t press “1” to speak to a live operator and don’t press any other number to (supposedly) get your phone number off a call list. Doing so will probably just lead to more robocalls. Never give out personal identification information over the phone unless you initiate the call and know the other party is reputable. This includes bank account and credit card numbers, Social Security numbers, account passwords and PIN numbers.
Here are a few red flags that can help you spot a scam:
- You’re told to send money or provide bank account information before you receive anything in return;
- You sense a reluctance on the part of the caller to answer questions or provide written information; and
- You’re told you already agreed to pay money but you don’t remember doing so.
If you think you’re a victim, file a complaint with the FTC (at www.ftc.gov/complaint or toll-free at 1-877-382-4357) and with your police. For more tips on topics like reducing robocalls, avoiding phone scams and stopping unwanted mail and calls, start at the FTC’s Web site (www.ftc.gov).
How else can I protect myself against phone scams like robocalls? There are a number of proactive steps you can take to protect yourself from scammers targeting you through your phone.
- Don't answer calls from unknown numbers. Let them go to voicemail.
- If the caller claims to be from a legitimate company or organization, hang up and call them back using a valid number found on their website or on your latest bill if you do business with them.
- If you answer and the caller (often a recording) asks you to press a button to stop receiving calls, or asks you to say "yes" in response to a question, just hang up. Scammers often use these tricks to identify, and then target, live respondents, or to use your "yes" to apply unauthorized charges on your bill.
- Be Aware: Caller ID showing a "local" number no longer means it is necessarily a local caller.
- If you answer and the caller asks for payment using a gift card, it's likely a scam. Legitimate organizations like law enforcement will not ask for payment with a gift card.
- If you receive a scam call, file a complaint with the FCC Consumer Complaint Center by selecting the "phone" option and selecting "unwanted calls." The data we collect helps us track trends and supports our enforcement investigations.
- Ask your phone company if it offers a robocall blocking service. If not, encourage them to offer one. You can also visit the FCC's website for more information about illegal robocalls and resources on available robocall blocking tools to help reduce unwanted calls.
- Consider registering your telephone numbers in the National Do Not Call Registry. Lawful telemarketers use this list to avoid calling consumers on the list.
March 2019 Security Tip
Tax Season and Your Refund Options
FDIC Consumer News
Changes in banking technology make managing your refund safer and easier than ever
Here are a few tips to ensure that your refund arrives as quickly and safely as possible as well as some ideas on how to get the most out of your money when it does.
The Refund Process
Once you have submitted your federal taxes and know you have a refund coming to you, the fastest way to get your tax refund is to have it electronically deposited into your financial account through the IRS’s Direct Deposit Program. It’s free to consumers, and it allows you to deposit your refund into as many as three separate accounts.
While you can still receive your refund in the form of a paper check, there are several advantages to direct deposit. Not only is it faster, direct deposit is also more secure. Refund checks sent through the mail can be lost, stolen, or returned to the IRS, if undeliverable. If you don’t already have a bank account, this might be the perfect time to open one.
Another option is to have your refund deposited onto a prepaid card. If you use a prepaid card, read the fine print and make sure you know how to deposit money onto the card and any fees involved. Cards differ in the types of deposits allowed, the process for receiving government deposits, and the fees charged for certain transactions. If you set up a new prepaid card account for your refund, you may be required to provide information to validate your identity, such as your Social Security number and date of birth.
Whichever method you choose, you can track the status of your federal tax return from the time the IRS received it by visiting https://sa.www4.irs.gov/and filling out the appropriate information, or by downloading the mobile app IRS2GO at https://www.irs.gov/newsroom/irs2goapp.
For more information on tax refunds, visit https://www.irs.gov/refunds.
Protect Your Money from Tax Scams
If your personally identifiable information (PII), such as your name, address, and Social Security number, has been stolen, the information can be used to open credit cards and loans or file a fraudulent tax return in your name, allowing the thief to claim your refund. If you suspect that your information was stolen, contact the IRS by calling 800-908-4490 or visiting the IRS website for identity protection at https://www.irs.gov/identity-theft-fraud-scams.
Be wary of phone calls and emails from anyone claiming to be from the IRS. Identity thieves have been known to pose as IRS agents, providing a fake name and IRS badge number and even creating a fake phone number that appears on caller ID as coming from the IRS. These thieves often threaten people with audits, deportation, and other legal action or promise checks for unclaimed funds.
The IRS typically does not initiate emails to individuals asking for personal information. Before acting on any phone call or email purportedly from the IRS, call the agency at 800-829-1040. An agent will be able to verify whether the IRS is in fact trying to get in touch with you. If you are certain the contact was part of a scam, report it to the Treasury Inspector General for Tax Administration by calling 800-366-4484. You can also report unsolicited emails by forwarding it to mailto:phishing@IRS.gov.
Some people use tax preparers to assist them with preparing their tax return. While most tax preparers are recognized professionals who can be very helpful, some preparers are scammers. Be wary of tax preparers who advertise with fliers or posters promising large refunds or special inside knowledge of little known tax credits and rebates or those volunteering to come to your home to prepare your taxes. These scammers make money stealing your personal information for later use and collecting fees. If you aren’t sure, ask for the tax preparer’s PTIN, which is the IRS tax preparer identification number that all legitimate preparers must have. Also, ask the preparer for references.
For more information on protecting your tax refund, visit: https://www.irs.gov/newsroom/tax-scams-consumer-alerts and https://www.fdic.gov/consumers/assistance/protection/idtheft.html.
What to Do With Your Refund
Once you have received your refund, you need to decide what to do with it. Many people use tax refunds to make large purchases they might not have the cash for at other times of the year. It can also provide a great opportunity to start a new savings option, contribute to your emergency fund, or reduce outstanding debt.
The IRS allows you to divide your federal tax refund into two or three additional financial accounts. By splitting your refund, you have a convenient option for managing your money – sending some of your refund to an account for immediate use and setting some aside for savings. For example, you could have part of your refund deposited to your checking account and the remainder sent to your Individual Retirement Account, or you might use some of your refund to purchase U.S. Series I Savings Bonds. (For more information on purchasing Savings Bonds with your tax refund, visit https://www.treasurydirect.gov)
You may also want to consider using your refund to start or augment emergency savings. Having emergency savings provides peace of mind when something unexpected occurs, such as a major car or home repair. The amount to set aside for your emergency fund will depend on factors such as your monthly expenses and the number of people in your household, but the general rule of thumb is to save at least three to six months’ worth of expenses.
If you are carrying a credit card balance, think about using your tax refund to pay it down or even pay it off. To get the most from your money, it may make sense to pay off a credit card with a high interest rate, compounding against you month after month. Going this route allows you to have more money every month once that credit card payment vanishes from your list of bills, and it can help build your credit as you reduce that debt.
Making extra payments on your mortgage may be another way to use your refund, saving you money over the long term. Since so much of your mortgage payment goes toward paying interest, using your tax refund to make an extra payment or two against the principal will go a long way to reducing the debt and overall cost of the loan.
If you are getting a tax refund this year, remember to take steps to keep your refund safe, know the refund options available to you, and consider different ways to make your money work harder for you.
For more help or information, go to FDIC.gov or call the FDIC toll-free at 1-877-ASK-FDIC (1-877-275-3342).
February 2019 Security Tip
Avoiding Scams: Sticking to the Basics Can Go a Long Way
From FDIC Consumer News
There is plenty of information available to consumers to help avoid being a fraud or theft victim. "But some people complain that there is too much to remember and that being vigilant can be a daunting task," said Millie Spencer, a financial crimes specialist with the FDIC. Here's a short list of simple ways to avoid many financial crimes.
Never provide passwords, credit or debit card information, Social Security numbers and similar personal information in response to an unsolicited text message, e-mail, call or letter. An identity thief can use this information to apply for credit cards or loans, access your bank accounts online or otherwise commit fraud using your name.
Crooks often send e-mails, text messages or phone messages that appear to be from a legitimate, trusted organization asking consumers to "verify" or "update" personal information. The scam is called phishing because the criminals throw out bait in hopes of luring a consumer into biting.
Criminals also create bogus web sites in hopes that consumers will enter valuable personal information. "We've seen everything from fake bank web sites to sites offering payday loans or credit repair services," added Michael Benardo, Manager of the FDIC's Cyber Fraud and Financial Crimes Section. "Some of these sites offer incredibly low prices or other enticing promotions."
And, as Spencer noted, "Always be suspicious of these types of requests because a legitimate organization would not solicit updates in an unsecured manner for information it already has."
Think twice before opening attachments or clicking on links in unsolicited e-mails and text messages. These messages may install "malware" (malicious software) on your computer or cellphone. "This software could allow crooks to spy on you and gain access to your online banking sites," explained Benardo.
To confirm a message's validity, contact the supposed sender. "But don't automatically assume the contact information listed in the e-mail is accurate," said Benardo. He recommended finding the telephone number, web site or e-mail address from an independent, reliable source.
Deal only with reputable merchants, service providers and charities. Friends and family may be able to provide recommendations. You can search for complaints against a business by contacting your state or local consumer affairs office and your local Better Business Bureau. There also are popular sites on the Internet for consumer ratings and reviews of businesses.
Fraud artists also claim to be from legitimate charitable organizations — especially after a major disaster — and ask for "donations." The Better Business Bureau's Wise Giving Alliance and other organizations can help you find legitimate charities with good reputations.
Be on guard against counterfeit checks, cashier's checks or money orders. These often are associated with scams that say you have won a lottery or other prize, are bogus work-from-home offers, or are attempts to steal something you are selling on the Internet.
They can also be associated with offers to purchase items you are selling online or through classified ads. Be especially leery if you get a check for more than the amount due and you're instructed to return the difference by depositing the check and wiring the excess amount to the other party's account or to an associate. If the check turns out to be counterfeit, you will be out the money regardless of whether you sent a check, wire or cash.
Be wary of unsolicited investment offers that sound too good to pass up or that require you to act fast. "Statements about low-risk investments with ‘guaranteed returns' that are unusually high are red flags," said Luke W. Reynolds, Acting Associate Director in the FDIC's Division of Depositor and Consumer Protection.
He also advised walking away from any offer that involves pressure to pay cash or provide personal information right away.
Protect your mail and other documents at home. Thieves know that credit card or bank statements and other documents contain valuable, confidential information. Try to use a secure mailbox for your incoming mail. Keep bank and credit card statements, tax returns, credit and debit cards and blank checks secure, even at home. Also shred sensitive documents before discarding them. Similarly, use an updated security program to protect your computer.
Look at your bank statements and credit card bills as soon as they arrive. Immediately report any discrepancy or anything suspicious, such as an unauthorized withdrawal or charge, to your financial institution.
Periodically review your credit reports and dispute any inaccurate information, which could indicate identity theft. You are entitled to a free copy from each of the nation's three major credit bureaus every 12 months.
To learn more about protecting yourself from common financial frauds, see back issues of FDIC Consumer News at www.fdic.gov/consumernews.
January 2019 Security Tip
A Closer Look at Mobile Banking
What’s new, how you can benefit, and how to protect yourself from security risks
FDIC Consumer News
With advances in technology, financial institutions are now increasingly providing customers the ability to use mobile phones for banking transactions and to pay for just about anything from a retail purchase to a restaurant bill you’re splitting with friends. "Mobile phones provide opportunities for consumers to conduct their banking transactions and make payments from anywhere at any time," said FDIC Senior Technology Specialist Deborah Shaw. "This is a convenient and beneficial way for consumers to incorporate banking and shopping into their busy lives."
Consumer concerns about safety and security, however, continue to be cited in Federal Reserve Board (Fed) annual reports on mobile financial services (most recently from 2016) as reasons some people do not sign up. Here is the latest overview from FDIC Consumer News to help consumers better understand the current state of mobile financial services, how they might benefit, and how they can protect themselves against security risks.
While many people access their bank accounts by going to their bank, using the telephone or an ATM, or accessing services online with their personal computer, consumers are increasingly using their mobile banking options. That might involve text messaging the bank, accessing a bank's website, or using mobile applications (apps) to check account balances, retrieve account information or initiate financial transactions.
The Fed survey found that 43 percent of all mobile phone users with bank accounts had used mobile banking in the previous 12 months, up from 22 percent in the agency's 2011 survey. Among mobile banking users with smartphones (cell phones with internet connectivity), 53 percent with bank accounts used mobile banking in the previous 12 months.
"A mobile banking application makes it easy to transfer funds within your bank, perhaps to send money to a child's account there or to confirm if you have enough funds to make a purchase or pay a bill," added Ben Navarro, a policy analyst at the FDIC. "The mobile banking app can also often be used for payments across banks."
Mobile banking also can assist consumers in making informed decisions. According to the Fed survey, 62 percent of mobile banking users checked their account balance on their phone before making a large purchase in the store, and 50 percent decided not to purchase an item as a result of their account balance or credit limit.
As previously reported in the Summer 2016 FDIC Consumer News, consumers also can conveniently deposit checks from practically anywhere by transmitting an electronic image of each check and relevant information. Many consumers also are using high-tech wristwatches (called "smartwatches") to read bank alerts or to make purchases applied to their credit, debit or prepaid cards (the latter have money deposited on them but they are not linked to a checking or savings account).
For years, consumers have been using smartphones to make purchases at retailers' sales terminals and person-to-person or "P2P" payment services (mobile apps) to conduct everyday payment transactions among family or friends without exchanging cash or a check.
"One of the benefits of mobile P2P apps is that payments are typically initiated on a mobile device using the recipient's smartphone number or email address," Shaw noted. "In this way, a consumer does not have to give the recipient a bank account or card number in order to make a payment; this information remains behind the scenes."
What's changing recently is that there are increasingly more P2P mobile apps being offered by banks and nonbanks that provide consumers many choices. These apps are going beyond personal payments and including broader options for paying for goods and services at stores and other businesses. In 2017, banks began to offer a new service that enables U.S. mobile banking consumers to send funds from one bank account to another in minutes, using only a recipient's email address or mobile number on a mobile banking app. Some of these services offer recipients quicker access to their received (deposited) funds, typically within minutes during business days.
Here are some suggestions to help consumers be safe and secure as they use mobile banking and payment products and services:
Be proactive in how you protect the data on your mobile devices. Start by using "strong" passwords and PINs. If you're given the option to use more than your username and password to access your bank account or mobile apps on your phone – for example, if you can choose to receive a one-time passcode by email or text message that also will be needed to access a certain account or app – that will provide added security.
Avoid using an unsecured Wi-Fi network, often found in public places, such as coffee shops, because fraudsters might be able to access the information you are transmitting or viewing. Log out of your bank account or mobile app when it's not in use. Just like with your laptop, use a mobile security/anti-virus software and keep it updated.
Take additional precautions in case your device is misplaced, lost or stolen. Set the screen on your mobile phone to lock after a certain amount of time and use a PIN or password and/or a biometric indicator (for example, a fingerprint or facial recognition) to unlock your mobile phone. Likewise, use PINs or other security features enabled on your smartwatch, such as one that will lock the watch if it is not on your wrist or too far from your mobile phone. Don't store your PINs or passwords on your mobile phone or tape it to the underside of your smartwatch or mobile phone.
Consider signing up for transaction alerts from your credit card, bank and mobile app provider. These messages canhelp you identify unauthorized activity quickly. Alternatively, check your transactions regularly on your cards, bank account and mobile app website.
Research any mobile app before downloading and using it. "Make sure you are comfortable that the mobile app is from a reputable source," said Shaw. "Going to the bank's or company's website to find directions for downloading their app can help to ensure you are downloading a legitimate app." Transaction alerts from your credit card, bank and mobile app provider … can help you identify unauthorized activity quickly. Be on guard against fraudulent emails or text messages. These communications typically appear to be from a government agency or a legitimate business in order to trick you into divulging valuable personal information (including your birthday, Social Security number, passwords and PIN numbers) that can be used to commit identity theft. The emails and texts could also ask you to click on a link that will install malicious software on your mobile phone and enable the fraudster to gain access to your mobile banking apps.
"To protect yourself, never provide passwords, credit or debit card information, Social Security numbers and similar personal information in response to an unsolicited text message or email," said Michael Benardo, manager of the FDIC's Cyber Fraud and Financial Crimes Section. "If you have any questions regarding the legitimacy of an email or a text, call your bank or mobile app provider, or the business or government agency that claims to have sent the email or text, and be sure to use a phone number you have looked up on your own and not what is in the email or text in question."
Note: These messages are often called "phishing" emails and "smishing" text messages. Phishing is a term given to fraudulent emails "fishing" for valuable personal information, and "smishing" is a variation of that when referring to "Short Message Service" or "SMS" text messages. "Security experts for years have warned consumers about smishing scams, but as more people have smartphones, smishing is becoming more common," Benardo said.
December Security Tip
Fraud Against the Elderly: How You Can Spot and Prevent Financial Abuse
FDIC Consumer Information
Each year millions of senior citizens are victimized by financial fraud or theft of money, property or valuable personal information. Often, an adult child or other relative is responsible. Other situations may involve trusted individuals such as caregivers, legal guardians, investment advisors or new "friends." And because the types of abuse may differ widely, it's important to take a variety of precautions. Here are suggestions for protecting yourself and your loved ones:
Choose an advisor carefully. If you're considering hiring a new broker, attorney, accountant or other professional, even someone recommended by a friend or relative, it's best to independently look into that person's background and reputation before investing money or paying for services. For example, you can confirm that this person is properly registered or licensed and has a clean record with regulators and other consumers. When in doubt about how to research this information, ask your state Attorney General's office or local consumer protection agency for guidance.
Make sure you not only understand the role an advisor will be playing, but trust that this individual will do what's best for you and your finances. Don't be afraid to ask questions or say no. After all, it's your money!
Be careful with powers of attorney. At some point, you may want to have a power of attorney, a legal document that authorizes another person to transact business on your behalf. While powers of attorney can be very helpful, be careful who you name as your representative. "Powers of attorney can be easily misused because they allow the appointed person to step into your shoes and do everything you can do, including taking money from your account and borrowing money in your name," warned Debi Hodes, an FDIC Consumer Affairs Specialist. "This is a matter to discuss with a lawyer who should prepare or review the document for you."
Protect your personal financial information. Never give out your bank account numbers, Social Security numbers, PINs (personal identification numbers), passwords or other sensitive information unless you initiate the contact. These requests may come from an unsolicited phone caller, letter writer, e-mailer or a person who shows up at your door. Be especially wary of someone who congratulates you about winning a (bogus) prize or lottery but first demands payment for taxes or other fees.
Also, keep your checkbook, account statements, and other sensitive information in a safe place. And shred paper documents containing sensitive information that is no longer needed.
Closely monitor your credit card and bank account activity. Review your account statements as soon as you receive them and look for unauthorized or suspicious transactions, which should be reported to your bank immediately.
Take your time when deciding on a major financial decision or investment. Make sure you understand the transaction and ask questions if you don't. If you need to, ask a lawyer or financial advisor to help you understand the documents and discuss what's best for you. "Walk away from anyone who says you must make a decision or otherwise do something right now," said Hodes.
Be aware of scams involving reverse mortgages. These loans enable homeowners age 62 or older to borrow money from the equity in their homes. However, reverse mortgages can be complex products with a variety of risks and costs, and there are many reports of schemes by unscrupulous individuals using deceptive offers and high-pressure tactics to steer senior citizens into using the funds from a reverse mortgage for inappropriate or costly loans or investments. For guidance on the responsible use of a reverse mortgage, including how to locate a lender or a housing counselor approved by the U.S. Department of Housing and Urban Development's Federal Housing Administration, start here or call 1-800-569-4287.
Finally, here are additional tips:
- Beware of callers asking for money or information. If you'd like to reduce the number of telemarketing calls you receive, consider signing up for the national Do Not Call Registry (call 1-888-382-1222 or visit www.donotcall.gov). If you are on this list, be suspicious of calls from any company or organization that you have reason to believe is not eligible to contact you under the registry's rules.
- Don't comply with requests from strangers to deposit a check into your account (perhaps as part of an Internet sale) and wire some or all of it back. "If you send the money and the check is counterfeit, you may be held responsible by your financial institution for the losses," said Michael Benardo, Chief of the FDIC's Cyber-Fraud and Financial Crimes Section.
- If you use social media, many security experts advise against posting the names of relatives and anyone's home address, full date of birth and daily activities because those can be valuable to a thief. "A scam on the rise involves con artists who look for personal information on the Internet that they can use to call or e-mail an elderly person and pretend to be a relative in distress — such as a grandchild being injured, in jail or lost in a foreign country — and needing money sent fast, without telling anyone else in the family," added Benardo. "They may also represent themselves as a lawyer or law enforcement agent needing money to help your relative."
November Security Tip
Mobile Wallet Services Protection
Federal Communications Commission
Consumers are increasingly using their smartphones, tablets and other mobile devices as "mobile wallets" to pay for goods and services, downloading software that allows them to complete both mobile and in-person transactions. As the use of mobile wallet services increases, consumers need to protect their smartphones, mobile wallet applications, associated data, and mobile wallet services from theft and cyber-attacks.
How to Safeguard Your Mobile Wallet Smartphone
- Consider your surroundings and use your smartphone or mobile device discreetly.
- Do not use mobile wallet services to conduct financial transactions over an unsecured Wi-Fi network.
- Never leave your smartphone unattended in a public place. Don't leave it visible in an unattended car; lock it up in the glove compartment or trunk.
- The police may need your smartphone's unique identifying information if it is stolen or lost. Write down the make, model number, serial number, and unique device identification number (either the International Mobile Equipment Identifier (IMEI) or the Mobile Equipment Identifier (MEID) number). Some phones display the IMEI/MEID number when you dial *#06#. The IMEI/MEID can also be found on a label located beneath the phone's battery or on the box that came with your phone.
- Review the service agreement for the financial account used in your mobile wallet to find out what will happen and who to contact if your smartphone is stolen or lost, or if your mobile wallet application is hacked.
- Monitor the financial account used in your mobile wallet for any fraudulent charges.
- Choose a unique password for your mobile wallet. Should your smartphone be lost or stolen, this may help protect you from both unwanted charges and from theft and misuse of your personal data.
- Install and maintain security software. Apps are available to:
- Locate your smartphone from any computer;
- Lock your smartphone to restrict access;
- Wipe sensitive personal information and mobile wallet credentials from your smartphone; and
- Make your smartphone emit a loud sound ("scream") to help you or the police locate it.
- Adjust your "locked screen" display to show your contact information so that your smartphone may be returned to you if found.
- Be careful about what information you store. Social networking and other apps may pose a security risk and allow unwanted access to your personal information and mobile wallet data.
What to Do if Your Mobile Wallet Smartphone Is Stolen
If you are not certain whether your smartphone or mobile device has been stolen or if you have simply misplaced it, attempt to locate the smartphone by calling it or by using the security software's GPS locator. Even if you may have only lost the smartphone, you should remotely lock it to be safe.
If you have installed security software on your smartphone, use it to lock the device, wipe sensitive personal information, and/or activate the alarm.
Immediately report the theft or loss to your wireless carrier. You will typically be responsible for any charges incurred prior to when you report the stolen or lost smartphone. If you provide your carrier with the IMEI or MEID number, your carrier may be able to disable your smartphone, your mobile wallet services, and block access to your personal information and sensitive mobile wallet data. Request written confirmation from your carrier that you reported the smartphone as missing and that the smartphone was disabled.
If your smartphone or mobile device was stolen, also immediately report the theft to the police, including the make and model, serial and IMEI or MEID number. Some carriers require proof that the smartphone was stolen, and a police report can provide that documentation.
If you are unable to lock your stolen or lost smartphone, change all of your passwords for mobile wallet services and banking accounts that you have accessed using your smartphone service.
For more information about what to do if your wireless device is lost or stolen, and contact information for service providers, go to: www.fcc.gov/guides/stolen-and-lost-wireless-devices
October Security Tip
When a Criminal's Cover Is Your Identity: Minimizing the Risk of Identity Theft
From FDIC Consumer News
Your good name and reputation are among your most valuable assets. Unfortunately, criminals know the value of a good name and reputation, too. That's why increasing numbers of con artists are “stealing” identities. They typically start by using theft or deception to learn a person's Social Security number, date of birth or other personal information. Armed with those details, the perpetrators can open credit card accounts, make purchases, take out loans, or make counterfeit checks and ATM cards in your name. In effect, the crook becomes you to commit fraud or theft.
Federal and state laws plus banking industry practices may limit your losses from identity theft, also known as ID theft. Under the Truth in Lending Act, if a crook opened a credit card account in your name and ran up thousands of dollars in charges, the most you'd owe is $50—and many creditors will agree to excuse you of all liability. Still, innocent victims are likely to face long hours (and sometimes years) closing tarnished accounts and opening new ones, fixing credit records, and otherwise cleaning up the damage. They may even be denied loans, jobs and other opportunities because an identity theft ruined their reputation and credit rating.
Here are things you can do to minimize your risk of becoming a victim of ID theft:
Protect your Social Security number, credit card numbers, account passwords and other personal information. Never divulge this kind of information unless you initiate the contact with a person or company you know and trust. A con artist can use these details and a few more, such as your mother's maiden name, to withdraw money from your bank or order credit cards or checks in your name. If you get an unsolicited offer that sounds too good to be true and asks for bank account numbers and other personal information before you receive anything in return, this is probably a scam. Likewise, if a caller claims to represent your financial institution, the police department or some similar organization and asks you to "verify" (reveal) confidential information, hang up fast. Real bankers and government investigators don't make these kinds of calls.
Keep thieves from turning your trash into their cash. Thieves known as “dumpster divers” pick through garbage looking for credit card applications and receipts, canceled checks, bank statements, expired charge cards and other documents or information they can use to counterfeit or order new checks or credit cards. Before putting these items in the garbage bin, tear them up as best you can. Any paper you don't need that contains private information should be shredded.
Pay attention to your bank account statements and credit card bills. Contact your financial institution immediately if there's a discrepancy in your records or if you notice something suspicious, such as a missing payment or an unauthorized withdrawal. While federal and state laws may limit your losses if you're victimized by a bank fraud or theft, sometimes your protections are stronger if you report the problem quickly and in writing.
Review one or more of your credit reports approximately once a year. Your credit reports (prepared by credit bureaus) will include identifying information such as your name, address, Social Security number and date of birth, as well as details about credit cards and loans in your name. Make sure each report you obtain is accurate, and that includes monitoring it for unauthorized bank accounts, credit cards and purchases. Under federal law, you can get at least one free report from each of the nationwide credit bureaus every 12 months. To order your free annual reports from the three major credit bureaus — Equifax, Experian and TransUnion — visit www.AnnualCreditReport.com or call toll-free 1-877-322-8228.
Don't let ID theft take on a life of its own — yours. If someone is using your personal information to cash in on your name, visit www.identitytheft.gov, the federal government’s one-stop resource to help people report and recover from ID theft.
August Security Tip
7 Tips for Hurricane Preparedness
From American Bankers' Association
ABA is encouraging consumers to prepare for hurricane season by assessing their home’s risk and developing emergency plans to protect against a potential storm.
Assemble an emergency kit. The emergency kit should include first aid supplies, a flashlight, extra batteries, at least three days of non-perishable foods and water, towels and a supply of any necessary medications. Stay informed of the storm’s path and progress by monitoring Wireless Emergency Alerts via text message and having a battery-powered radio or TV available.
Develop a family communications plan. Know how you will contact one another; how you will get back together, if separated; and what you will do in different situations. Having a plan can eliminate some of the stress and confusion.
Establish an evacuation route. Prior to a storm, contact your local American Red Cross to locate the shelter nearest you or download their Shelter Finder App. Identify the safest route to get there. Be sure to check if your local emergency shelter allows animals and family pets.
Secure your home. Outdoor furniture and other objects can pose a potential hazard. Turn off propane tanks and other utilities if instructed to do so by emergency personnel.
Protect financial documents.In the event of a disaster, you will need identification and financial documents to begin the recovery process. Safeguard important documents in a bank safety deposit box, computer storage devices (USB drive, CD/DVD), and/or waterproof storage containers, including:
Know the details of your insurance policy. Talk with your agent to determine if you have adequate coverage or if you need to reassess your plan. This is especially important if your property’s flood map has changed.
- Personal identification (driver’s licenses, birth certificates, military IDs, passports, etc.)
- Financial account information (checking, savings, retirement and investment accounts, credit/debit cards).
- Insurance policies on all personal property, including appraisals and lists and photos of valuable items.
- Ownership or leasing documentation for homes and vehicles (deeds, titles, registrations, rental agreements, etc.)
- All health and medical insurance documentation.
For more resources, visit theFEMA site: http://www.ready.gov/hurricanes.
July 2018 Security Tip
How to Avoid a ‘Card Cracking’ Scam
From American Bankers' Association
Banks and law enforcement are cracking down on an emerging scam known as “card cracking.” Card cracking is a form of fraud where consumers respond to an online solicitation for “easy money” and provide a debit card for withdrawal of fake check deposits. Criminals use social media platforms like Facebook, Twitter, or Instagram to solicit consumers, often targeting people between the ages of 19 and 25 years-old, as well as college students, newly enlisted military and single parents.
Customers who respond to these solicitations, now accomplices, provide a debit card, PIN and online credentials to give the criminal direct access to their account. The fraudster deposits worthless checks using mobile deposit and immediately withdraws the funds at an ATM. The customer then calls to report a stolen card or compromised credentials. The bank reimburses the customer for funds lost and the criminal provides the customer with a cut of the money withdrawn using worthless checks.
Check back next month for more tips and tricks to protect your financial information.
- Do not respond to online solicitations for “easy money.” Card cracking advertisements will suggest that this is a quick, safe way to earn extra cash. Keep in mind that easy money is rarely legal money.
- Never share your account and PIN number. Keep this information private at all times. By sharing it with others, you expose yourself to potential fraud.
- Do not file false fraud claims with your bank. By filing a false claim, you are a co-conspirator to fraud. Banks’ detection techniques for card cracking are constantly improving and suspicious claims will be investigated.
- Report suspicious posts linked with scams. If you notice postings that appear to be linked with a possible scam, report them to the social media site. There is usually a drop down menu near the post to allow for easy reporting.