Security Tips - Archives
August Security Tip
Credit Identity Theft — Don't Become a Victim
Identity theft has become one of the fastest growing crimes in America. This unauthorized access to your personal information is used to open new financial accounts or access your existing accounts, enabling the thief to steal your money or charge items on your credit card, leaving you with the bills. But with a few common sense efforts, you can avoid becoming a victim.
Identity thieves are most interested in the personal information that would enable them to pass as you. This includes social security numbers, date of birth, mother's maiden name and existing account numbers at your financial institutions.
Identity thieves may try to get this information in one of these ways:
- Stealing wallets or purses with everything in them.
- Taking mail from your mailbox, especially bank statements and credit card statements.
- Diverting your mail by using a change of address form at the Post Office.
- Searching through your trash for tossed copies of statements.
- Posing as a representative of your financial institution on the phone and asking about your account.
To keep your information private, here are some of the steps to consider:
- Carry as few credit cards as possible and periodically check to make sure you still have them.
- Avoid carrying your social security card and passport unless they are needed.
- Never print your social security number on your checks.
- Shred all important papers that contain financial information before disposing of them.
- Shred credit card and ATM receipts properly if they contain your account number.
- Consider signing up for online statements and online bill pay to reduce the number of statements in your mailbox.
- Sign new credit cards as soon you receive them.
- Guard your PIN (personal identification number) carefully.
- Make your PIN and passwords hard for someone else to guess. Don't use your birth date, phone number or last four digits of your social security number.
- Keep a list of your credit card and financial account numbers with phone numbers in a safe place.
- Guard against mail theft by mailing payment envelopes from a collection box instead of raising the flag on your home mailbox.
- Never give personal information over the phone unless you made the call or you know with whom you are speaking.
- Review your financial and credit card statements carefully for unknown transactions. If you see one, call the institution immediately.
- Periodically, order credit reports from the three major credit bureaus to check for fraudulent activity on your accounts.
An ounce of prevention is worth a pound of cure
While there are no guarantees that these steps will prevent credit identity thieves from attacking you, the harder you make it to steal your identity, the less likely you are to become an identity theft victim.
July Security Tip
How can I create a unique username and complex password that’s easy to remember?
A strong username and password is your first line of defense against intruders and imposters. Never share your username or password with anyone and don’t use the same username or password for multiple sites. Also, never write down your username or password. If you find that you need to write it down, never leave it where someone has access to it. Your username and password should never include your name, email address, date of birth or anything else that is known to others.
- Use a pass phrase
- Make the password at least 12 characters long
- Include numbers, capital letters and symbols – consider using a $ instead of an S or a 1 instead of an L
A complex password uses different types of characters in unique ways to increase security.
Using a pass phrase is a good way to create a complex password that you can remember without writing it down. Statements are easier to remember than a random string of characters and you can recite the pass phrase to yourself while typing in your password.
Use these steps to help create a complex password.
If you have any questions, please contact our Customer Solutions Center.
- Think of a sentence or phrase you can remember. For example, take your favorite movie or song lyric.
Song lyric: One for the money, two for the show.
- Use the sentence directly if you can. Many of us are used to typing sentences and are less likely to make mistakes.
Complex password: OneForTheMoneyTwoForTheShow
- If you can’t use the sentence directly, add complexity. Replace a letter with a number, add a few more uppercase letters, and throw in some punctuation.
Added complexity: 14TheMoney24TheShow
- Convert the sentence to a password (if you want a shorter password). Use the first letter of each word to create a password that is at least 8 characters.
Shortened password: 14Tm24Ts
June Security Tip
Protecting Seniors from Financial Abuse
FDIC Consumer News
Be organized, proactive, and aware to protect yourself, family and friends from financial abuse
It’s easier than ever to handle our finances without setting foot inside a bank with so many advances in technology, but these changes have also made fraud and financial abuse a prevalent problem for older adults. Most elder financial abuse involves scams, forgery, identity theft, or undue pressure to give someone access to property or funds by simply providing information over the phone. Older adults are often targeted for such exploitation because they may be perceived as trusting, they may be cognitively impaired, they may have more funds available after a lifetime of saving, and potentially less exposure to technological advances.
Tips for Protecting Finances
Seniors can protect themselves from financial abuse by making sure financial records are organized and being aware of how much money is in all accounts. In addition, you can protect your assets by talking to someone at your bank, an attorney, or a financial advisor to discuss your options for ensuring your wishes for managing your money and property are followed in the event you become incapacitated. Other activities to help protect yourself include:
- Carefully choosing a trustworthy person to share your financial planning matters with so they can assist you with tracking your finances if you are unable to do so yourself.
- Locking up your checkbook, account statements, and other sensitive information.
- Ordering copies of your credit report to review for suspicious activity. (You are entitled to a free copy of your credit report from each of the three major credit bureaus once every twelve months. To order your free annual reports, go to AnnualCreditReport.com or call toll- free 1-877-322-8228.)
- Never providing personal information, including your Social Security number, account numbers, or other financial information to anyone over the phone unless you initiated the call.
- Asking for details in writing and getting a second opinion from a financial advisor or attorney before signing any document you don’t understand.
- Paying with checks and credit cards instead of cash to have records of transactions.
Tips for Family and Friends
Family and friends can also help by being aware of the many ways in which an older person may be financially exploited. There are many scams and frauds that attempt to get bank account information or Social Security numbers from the elderly to steal their identity or money. Be on the lookout for signs of possible financial abuse, including:
- Unexplained account withdrawals.
- Another individual unexpectedly making financial decisions on the older person’s behalf.
- Disappearance of funds or valuable possessions.
- Unanticipated transfer of assets to another individual.
- Sudden changes to a will or other important financial documents.
- Suspicious signatures on checks.
If you suspect elder financial abuse, talk to the victim to determine what is happening and who is involved. For instance, you’ll want to know whether a new person in their life is helping them manage their money or a relative is using their credit card without permission. If financial abuse seems likely, you may want to contact your state’s adult protective services and the local police for assistance.
You should also contact any bank or other financial institution involved to notify them of the potential abuse, and they may be able to assist you. They may not be able to provide you with specific information about accounts or transactions due to privacy laws, but they have the ability to review information for potential abuse as well as the resources to report abuse.
Also be aware of consumer financial protection regulations that help protect funds withdrawn from an account without authorization. For example, most cases of fraud and identity theft are committed using an access device, such as when an individual steals an older person’s debit card and pin number to withdraw money from a checking account.
The Electronic Fund Transfer Act, which is implemented through Regulation E, protects consumers from losses that may occur as a result of certain unauthorized electronic financial transactions, such as unauthorized ATM withdrawals and point-of-sale terminal transfers in stores. If a debit card or the card number is used to make an unauthorized withdrawal from a checking or savings account, you can minimize your losses by contacting your bank as soon as possible. Your maximum liability under Regulation E is $50 if you notify your bank within two business days after learning of the loss. Additionally, many credit card issuers have zero-liability policies, meaning that customers typically do not pay for unauthorized transactions, so contact your credit card issuer as soon as you discover any.
If you have any questions, please contact our Customer Solutions Center.
May Security Tip
Your Wallet: How to Keep Your Financial Information Safe
FDIC Consumer News
How to protect your money, your credit record — and your sanity — if you become a victim
Consider this: Your wallet is stolen. You immediately call your bank and credit card company to report the problem, close old accounts and open new ones. You even remember to call the Social Security Administration to notify them that you had your Social Security card in your wallet. At the end of the day, you feel fairly confident that the incident is behind you.
But weeks later you receive past-due notices on bills for merchandise you never purchased, and a few months later your application for an auto loan gets rejected because someone has used your name and Social Security number to open new accounts and run up thousands of dollars in debt. The good news: Your actual liability for these unauthorized purchases is limited by law or industry standards. The bad news: It’s likely that you’ll spend many frustrating hours trying to clear your name and straighten out your credit history.
Here are safety tips from FDIC Consumer News that can greatly reduce the chances of becoming a victim.
Limit the amount of confidential information in your wallet. Only carry the identification, checks, credit cards or debit/ATM cards you really need. The rest, including bank account numbers, personal identification numbers (PINs), passwords, and most importantly, Social Security cards, are best kept elsewhere in a safe place. Likewise, don’t pre-print your Social Security number or driver’s license number on your checks, because either one could help a thief apply for a loan, credit card or bank account in your name. Keep good backup information about your bank and credit card accounts, just in case your wallet is lost or stolen. You'll want account numbers and phone numbers that can be used to report your losses or request new cards. "Some people make copies of the front and back of all the cards or important notes in their wallet to help jog their memory," said FDIC Regional Ombudsman Janet Kincaid.
Review your credit card bills and your checking account statements as soon as they arrive. Make sure that no fraudulent activity is taking place.
Periodically request your credit reports. Look for signs that someone may have obtained loans or tried to commit other fraud in your name. By federal law, you are entitled to one free copy of your credit report every 12 months from each of the three nationwide credit bureaus — Equifax, Experian and TransUnion. Go to www.AnnualCreditReport.com or call toll-free 1-877-322-8228 to order your free credit reports.
Experts often suggest that, to maximize your monitoring capability, you spread out your requests and receive a report from each of the three credit reporting agencies at separate times rather than all at once.
If you've already been victimized, take steps to limit your liability. Immediately call your bank (to report a lost debit/ATM card) and your credit card companies. And if you spot an unauthorized charge on your credit card, you must follow up on any phone calls to your card issuer with a letter disputing the transaction.
"Under the Fair Credit Billing Act, you must dispute unauthorized charges appearing on your credit card statement in writing within 60 days after it was sent to you," noted Joni Creamean, Chief of the FDIC's Consumer Response Center. "The letter also must be sent to the bank's designated address for billing inquiries, not to where you’d mail your payments."
To learn more about avoiding identity theft, including steps you can take if your wallet has been lost or stolen, visit www.ftc.gov/idtheft.
April Security Tip
Scams: When Telemarketer Calls Don’t Ring True
Have you ever received a robocall? Do you know how to protect yourself from scammers who are increasingly using robocalls to steal consumer information? Here are some things to consider:
What is a robocall? Robocalls are calls made with an autodialer or that contain a message made with a prerecorded or artificial voice. Advances in technology have unfortunately allowed illegal and spoofed robocalls to be made from anywhere in the world and more cheaply and easily than ever before. That's why it's become more of a problem for consumers, and a more difficult problem to solve.
How are robocalls used to scam consumers? Some companies continue to make robocalls to people who have signed up for the Do Not Call Registry, using fake “caller IDs” that make them hard to identify or trace. These calls might be scams. Additionally, Caller ID spoofing is when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity. Spoofing is often used as part of an attempt to trick someone into giving away valuable personal information so it can be used in fraudulent activity or sold illegally.
What should I do if I receive a robocall? If you get a robocall, hang up. Don’t press “1” to speak to a live operator and don’t press any other number to (supposedly) get your phone number off a call list. Doing so will probably just lead to more robocalls. Never give out personal identification information over the phone unless you initiate the call and know the other party is reputable. This includes bank account and credit card numbers, Social Security numbers, account passwords and PIN numbers.
Here are a few red flags that can help you spot a scam:
- You’re told to send money or provide bank account information before you receive anything in return;
- You sense a reluctance on the part of the caller to answer questions or provide written information; and
- You’re told you already agreed to pay money but you don’t remember doing so.
If you think you’re a victim, file a complaint with the FTC (at www.ftc.gov/complaint or toll-free at 1-877-382-4357) and with your police. For more tips on topics like reducing robocalls, avoiding phone scams and stopping unwanted mail and calls, start at the FTC’s Web site (www.ftc.gov).
How else can I protect myself against phone scams like robocalls? There are a number of proactive steps you can take to protect yourself from scammers targeting you through your phone.
- Don't answer calls from unknown numbers. Let them go to voicemail.
- If the caller claims to be from a legitimate company or organization, hang up and call them back using a valid number found on their website or on your latest bill if you do business with them.
- If you answer and the caller (often a recording) asks you to press a button to stop receiving calls, or asks you to say "yes" in response to a question, just hang up. Scammers often use these tricks to identify, and then target, live respondents, or to use your "yes" to apply unauthorized charges on your bill.
- Be Aware: Caller ID showing a "local" number no longer means it is necessarily a local caller.
- If you answer and the caller asks for payment using a gift card, it's likely a scam. Legitimate organizations like law enforcement will not ask for payment with a gift card.
- If you receive a scam call, file a complaint with the FCC Consumer Complaint Center by selecting the "phone" option and selecting "unwanted calls." The data we collect helps us track trends and supports our enforcement investigations.
- Ask your phone company if it offers a robocall blocking service. If not, encourage them to offer one. You can also visit the FCC's website for more information about illegal robocalls and resources on available robocall blocking tools to help reduce unwanted calls.
- Consider registering your telephone numbers in the National Do Not Call Registry. Lawful telemarketers use this list to avoid calling consumers on the list.
March 2019 Security Tip
Tax Season and Your Refund Options
FDIC Consumer News
Changes in banking technology make managing your refund safer and easier than ever
Here are a few tips to ensure that your refund arrives as quickly and safely as possible as well as some ideas on how to get the most out of your money when it does.
The Refund Process
Once you have submitted your federal taxes and know you have a refund coming to you, the fastest way to get your tax refund is to have it electronically deposited into your financial account through the IRS’s Direct Deposit Program. It’s free to consumers, and it allows you to deposit your refund into as many as three separate accounts.
While you can still receive your refund in the form of a paper check, there are several advantages to direct deposit. Not only is it faster, direct deposit is also more secure. Refund checks sent through the mail can be lost, stolen, or returned to the IRS, if undeliverable. If you don’t already have a bank account, this might be the perfect time to open one.
Another option is to have your refund deposited onto a prepaid card. If you use a prepaid card, read the fine print and make sure you know how to deposit money onto the card and any fees involved. Cards differ in the types of deposits allowed, the process for receiving government deposits, and the fees charged for certain transactions. If you set up a new prepaid card account for your refund, you may be required to provide information to validate your identity, such as your Social Security number and date of birth.
Whichever method you choose, you can track the status of your federal tax return from the time the IRS received it by visiting https://sa.www4.irs.gov/and filling out the appropriate information, or by downloading the mobile app IRS2GO at https://www.irs.gov/newsroom/irs2goapp.
For more information on tax refunds, visit https://www.irs.gov/refunds.
Protect Your Money from Tax Scams
If your personally identifiable information (PII), such as your name, address, and Social Security number, has been stolen, the information can be used to open credit cards and loans or file a fraudulent tax return in your name, allowing the thief to claim your refund. If you suspect that your information was stolen, contact the IRS by calling 800-908-4490 or visiting the IRS website for identity protection at https://www.irs.gov/identity-theft-fraud-scams.
Be wary of phone calls and emails from anyone claiming to be from the IRS. Identity thieves have been known to pose as IRS agents, providing a fake name and IRS badge number and even creating a fake phone number that appears on caller ID as coming from the IRS. These thieves often threaten people with audits, deportation, and other legal action or promise checks for unclaimed funds.
The IRS typically does not initiate emails to individuals asking for personal information. Before acting on any phone call or email purportedly from the IRS, call the agency at 800-829-1040. An agent will be able to verify whether the IRS is in fact trying to get in touch with you. If you are certain the contact was part of a scam, report it to the Treasury Inspector General for Tax Administration by calling 800-366-4484. You can also report unsolicited emails by forwarding it to mailto:phishing@IRS.gov.
Some people use tax preparers to assist them with preparing their tax return. While most tax preparers are recognized professionals who can be very helpful, some preparers are scammers. Be wary of tax preparers who advertise with fliers or posters promising large refunds or special inside knowledge of little known tax credits and rebates or those volunteering to come to your home to prepare your taxes. These scammers make money stealing your personal information for later use and collecting fees. If you aren’t sure, ask for the tax preparer’s PTIN, which is the IRS tax preparer identification number that all legitimate preparers must have. Also, ask the preparer for references.
For more information on protecting your tax refund, visit: https://www.irs.gov/newsroom/tax-scams-consumer-alerts and https://www.fdic.gov/consumers/assistance/protection/idtheft.html.
What to Do With Your Refund
Once you have received your refund, you need to decide what to do with it. Many people use tax refunds to make large purchases they might not have the cash for at other times of the year. It can also provide a great opportunity to start a new savings option, contribute to your emergency fund, or reduce outstanding debt.
The IRS allows you to divide your federal tax refund into two or three additional financial accounts. By splitting your refund, you have a convenient option for managing your money – sending some of your refund to an account for immediate use and setting some aside for savings. For example, you could have part of your refund deposited to your checking account and the remainder sent to your Individual Retirement Account, or you might use some of your refund to purchase U.S. Series I Savings Bonds. (For more information on purchasing Savings Bonds with your tax refund, visit https://www.treasurydirect.gov)
You may also want to consider using your refund to start or augment emergency savings. Having emergency savings provides peace of mind when something unexpected occurs, such as a major car or home repair. The amount to set aside for your emergency fund will depend on factors such as your monthly expenses and the number of people in your household, but the general rule of thumb is to save at least three to six months’ worth of expenses.
If you are carrying a credit card balance, think about using your tax refund to pay it down or even pay it off. To get the most from your money, it may make sense to pay off a credit card with a high interest rate, compounding against you month after month. Going this route allows you to have more money every month once that credit card payment vanishes from your list of bills, and it can help build your credit as you reduce that debt.
Making extra payments on your mortgage may be another way to use your refund, saving you money over the long term. Since so much of your mortgage payment goes toward paying interest, using your tax refund to make an extra payment or two against the principal will go a long way to reducing the debt and overall cost of the loan.
If you are getting a tax refund this year, remember to take steps to keep your refund safe, know the refund options available to you, and consider different ways to make your money work harder for you.
For more help or information, go to FDIC.gov or call the FDIC toll-free at 1-877-ASK-FDIC (1-877-275-3342).
February 2019 Security Tip
Avoiding Scams: Sticking to the Basics Can Go a Long Way
From FDIC Consumer News
There is plenty of information available to consumers to help avoid being a fraud or theft victim. "But some people complain that there is too much to remember and that being vigilant can be a daunting task," said Millie Spencer, a financial crimes specialist with the FDIC. Here's a short list of simple ways to avoid many financial crimes.
Never provide passwords, credit or debit card information, Social Security numbers and similar personal information in response to an unsolicited text message, e-mail, call or letter. An identity thief can use this information to apply for credit cards or loans, access your bank accounts online or otherwise commit fraud using your name.
Crooks often send e-mails, text messages or phone messages that appear to be from a legitimate, trusted organization asking consumers to "verify" or "update" personal information. The scam is called phishing because the criminals throw out bait in hopes of luring a consumer into biting.
Criminals also create bogus web sites in hopes that consumers will enter valuable personal information. "We've seen everything from fake bank web sites to sites offering payday loans or credit repair services," added Michael Benardo, Manager of the FDIC's Cyber Fraud and Financial Crimes Section. "Some of these sites offer incredibly low prices or other enticing promotions."
And, as Spencer noted, "Always be suspicious of these types of requests because a legitimate organization would not solicit updates in an unsecured manner for information it already has."
Think twice before opening attachments or clicking on links in unsolicited e-mails and text messages. These messages may install "malware" (malicious software) on your computer or cellphone. "This software could allow crooks to spy on you and gain access to your online banking sites," explained Benardo.
To confirm a message's validity, contact the supposed sender. "But don't automatically assume the contact information listed in the e-mail is accurate," said Benardo. He recommended finding the telephone number, web site or e-mail address from an independent, reliable source.
Deal only with reputable merchants, service providers and charities. Friends and family may be able to provide recommendations. You can search for complaints against a business by contacting your state or local consumer affairs office and your local Better Business Bureau. There also are popular sites on the Internet for consumer ratings and reviews of businesses.
Fraud artists also claim to be from legitimate charitable organizations — especially after a major disaster — and ask for "donations." The Better Business Bureau's Wise Giving Alliance and other organizations can help you find legitimate charities with good reputations.
Be on guard against counterfeit checks, cashier's checks or money orders. These often are associated with scams that say you have won a lottery or other prize, are bogus work-from-home offers, or are attempts to steal something you are selling on the Internet.
They can also be associated with offers to purchase items you are selling online or through classified ads. Be especially leery if you get a check for more than the amount due and you're instructed to return the difference by depositing the check and wiring the excess amount to the other party's account or to an associate. If the check turns out to be counterfeit, you will be out the money regardless of whether you sent a check, wire or cash.
Be wary of unsolicited investment offers that sound too good to pass up or that require you to act fast. "Statements about low-risk investments with ‘guaranteed returns' that are unusually high are red flags," said Luke W. Reynolds, Acting Associate Director in the FDIC's Division of Depositor and Consumer Protection.
He also advised walking away from any offer that involves pressure to pay cash or provide personal information right away.
Protect your mail and other documents at home. Thieves know that credit card or bank statements and other documents contain valuable, confidential information. Try to use a secure mailbox for your incoming mail. Keep bank and credit card statements, tax returns, credit and debit cards and blank checks secure, even at home. Also shred sensitive documents before discarding them. Similarly, use an updated security program to protect your computer.
Look at your bank statements and credit card bills as soon as they arrive. Immediately report any discrepancy or anything suspicious, such as an unauthorized withdrawal or charge, to your financial institution.
Periodically review your credit reports and dispute any inaccurate information, which could indicate identity theft. You are entitled to a free copy from each of the nation's three major credit bureaus every 12 months.
To learn more about protecting yourself from common financial frauds, see back issues of FDIC Consumer News at www.fdic.gov/consumernews.
January 2019 Security Tip
A Closer Look at Mobile Banking
What’s new, how you can benefit, and how to protect yourself from security risks
FDIC Consumer News
With advances in technology, financial institutions are now increasingly providing customers the ability to use mobile phones for banking transactions and to pay for just about anything from a retail purchase to a restaurant bill you’re splitting with friends. "Mobile phones provide opportunities for consumers to conduct their banking transactions and make payments from anywhere at any time," said FDIC Senior Technology Specialist Deborah Shaw. "This is a convenient and beneficial way for consumers to incorporate banking and shopping into their busy lives."
Consumer concerns about safety and security, however, continue to be cited in Federal Reserve Board (Fed) annual reports on mobile financial services (most recently from 2016) as reasons some people do not sign up. Here is the latest overview from FDIC Consumer News to help consumers better understand the current state of mobile financial services, how they might benefit, and how they can protect themselves against security risks.
While many people access their bank accounts by going to their bank, using the telephone or an ATM, or accessing services online with their personal computer, consumers are increasingly using their mobile banking options. That might involve text messaging the bank, accessing a bank's website, or using mobile applications (apps) to check account balances, retrieve account information or initiate financial transactions.
The Fed survey found that 43 percent of all mobile phone users with bank accounts had used mobile banking in the previous 12 months, up from 22 percent in the agency's 2011 survey. Among mobile banking users with smartphones (cell phones with internet connectivity), 53 percent with bank accounts used mobile banking in the previous 12 months.
"A mobile banking application makes it easy to transfer funds within your bank, perhaps to send money to a child's account there or to confirm if you have enough funds to make a purchase or pay a bill," added Ben Navarro, a policy analyst at the FDIC. "The mobile banking app can also often be used for payments across banks."
Mobile banking also can assist consumers in making informed decisions. According to the Fed survey, 62 percent of mobile banking users checked their account balance on their phone before making a large purchase in the store, and 50 percent decided not to purchase an item as a result of their account balance or credit limit.
As previously reported in the Summer 2016 FDIC Consumer News, consumers also can conveniently deposit checks from practically anywhere by transmitting an electronic image of each check and relevant information. Many consumers also are using high-tech wristwatches (called "smartwatches") to read bank alerts or to make purchases applied to their credit, debit or prepaid cards (the latter have money deposited on them but they are not linked to a checking or savings account).
For years, consumers have been using smartphones to make purchases at retailers' sales terminals and person-to-person or "P2P" payment services (mobile apps) to conduct everyday payment transactions among family or friends without exchanging cash or a check.
"One of the benefits of mobile P2P apps is that payments are typically initiated on a mobile device using the recipient's smartphone number or email address," Shaw noted. "In this way, a consumer does not have to give the recipient a bank account or card number in order to make a payment; this information remains behind the scenes."
What's changing recently is that there are increasingly more P2P mobile apps being offered by banks and nonbanks that provide consumers many choices. These apps are going beyond personal payments and including broader options for paying for goods and services at stores and other businesses. In 2017, banks began to offer a new service that enables U.S. mobile banking consumers to send funds from one bank account to another in minutes, using only a recipient's email address or mobile number on a mobile banking app. Some of these services offer recipients quicker access to their received (deposited) funds, typically within minutes during business days.
Here are some suggestions to help consumers be safe and secure as they use mobile banking and payment products and services:
Be proactive in how you protect the data on your mobile devices. Start by using "strong" passwords and PINs. If you're given the option to use more than your username and password to access your bank account or mobile apps on your phone – for example, if you can choose to receive a one-time passcode by email or text message that also will be needed to access a certain account or app – that will provide added security.
Avoid using an unsecured Wi-Fi network, often found in public places, such as coffee shops, because fraudsters might be able to access the information you are transmitting or viewing. Log out of your bank account or mobile app when it's not in use. Just like with your laptop, use a mobile security/anti-virus software and keep it updated.
Take additional precautions in case your device is misplaced, lost or stolen. Set the screen on your mobile phone to lock after a certain amount of time and use a PIN or password and/or a biometric indicator (for example, a fingerprint or facial recognition) to unlock your mobile phone. Likewise, use PINs or other security features enabled on your smartwatch, such as one that will lock the watch if it is not on your wrist or too far from your mobile phone. Don't store your PINs or passwords on your mobile phone or tape it to the underside of your smartwatch or mobile phone.
Consider signing up for transaction alerts from your credit card, bank and mobile app provider. These messages canhelp you identify unauthorized activity quickly. Alternatively, check your transactions regularly on your cards, bank account and mobile app website.
Research any mobile app before downloading and using it. "Make sure you are comfortable that the mobile app is from a reputable source," said Shaw. "Going to the bank's or company's website to find directions for downloading their app can help to ensure you are downloading a legitimate app." Transaction alerts from your credit card, bank and mobile app provider … can help you identify unauthorized activity quickly. Be on guard against fraudulent emails or text messages. These communications typically appear to be from a government agency or a legitimate business in order to trick you into divulging valuable personal information (including your birthday, Social Security number, passwords and PIN numbers) that can be used to commit identity theft. The emails and texts could also ask you to click on a link that will install malicious software on your mobile phone and enable the fraudster to gain access to your mobile banking apps.
"To protect yourself, never provide passwords, credit or debit card information, Social Security numbers and similar personal information in response to an unsolicited text message or email," said Michael Benardo, manager of the FDIC's Cyber Fraud and Financial Crimes Section. "If you have any questions regarding the legitimacy of an email or a text, call your bank or mobile app provider, or the business or government agency that claims to have sent the email or text, and be sure to use a phone number you have looked up on your own and not what is in the email or text in question."
Note: These messages are often called "phishing" emails and "smishing" text messages. Phishing is a term given to fraudulent emails "fishing" for valuable personal information, and "smishing" is a variation of that when referring to "Short Message Service" or "SMS" text messages. "Security experts for years have warned consumers about smishing scams, but as more people have smartphones, smishing is becoming more common," Benardo said.
December Security Tip
Fraud Against the Elderly: How You Can Spot and Prevent Financial Abuse
FDIC Consumer Information
Each year millions of senior citizens are victimized by financial fraud or theft of money, property or valuable personal information. Often, an adult child or other relative is responsible. Other situations may involve trusted individuals such as caregivers, legal guardians, investment advisors or new "friends." And because the types of abuse may differ widely, it's important to take a variety of precautions. Here are suggestions for protecting yourself and your loved ones:
Choose an advisor carefully. If you're considering hiring a new broker, attorney, accountant or other professional, even someone recommended by a friend or relative, it's best to independently look into that person's background and reputation before investing money or paying for services. For example, you can confirm that this person is properly registered or licensed and has a clean record with regulators and other consumers. When in doubt about how to research this information, ask your state Attorney General's office or local consumer protection agency for guidance.
Make sure you not only understand the role an advisor will be playing, but trust that this individual will do what's best for you and your finances. Don't be afraid to ask questions or say no. After all, it's your money!
Be careful with powers of attorney. At some point, you may want to have a power of attorney, a legal document that authorizes another person to transact business on your behalf. While powers of attorney can be very helpful, be careful who you name as your representative. "Powers of attorney can be easily misused because they allow the appointed person to step into your shoes and do everything you can do, including taking money from your account and borrowing money in your name," warned Debi Hodes, an FDIC Consumer Affairs Specialist. "This is a matter to discuss with a lawyer who should prepare or review the document for you."
Protect your personal financial information. Never give out your bank account numbers, Social Security numbers, PINs (personal identification numbers), passwords or other sensitive information unless you initiate the contact. These requests may come from an unsolicited phone caller, letter writer, e-mailer or a person who shows up at your door. Be especially wary of someone who congratulates you about winning a (bogus) prize or lottery but first demands payment for taxes or other fees.
Also, keep your checkbook, account statements, and other sensitive information in a safe place. And shred paper documents containing sensitive information that is no longer needed.
Closely monitor your credit card and bank account activity. Review your account statements as soon as you receive them and look for unauthorized or suspicious transactions, which should be reported to your bank immediately.
Take your time when deciding on a major financial decision or investment. Make sure you understand the transaction and ask questions if you don't. If you need to, ask a lawyer or financial advisor to help you understand the documents and discuss what's best for you. "Walk away from anyone who says you must make a decision or otherwise do something right now," said Hodes.
Be aware of scams involving reverse mortgages. These loans enable homeowners age 62 or older to borrow money from the equity in their homes. However, reverse mortgages can be complex products with a variety of risks and costs, and there are many reports of schemes by unscrupulous individuals using deceptive offers and high-pressure tactics to steer senior citizens into using the funds from a reverse mortgage for inappropriate or costly loans or investments. For guidance on the responsible use of a reverse mortgage, including how to locate a lender or a housing counselor approved by the U.S. Department of Housing and Urban Development's Federal Housing Administration, start here or call 1-800-569-4287.
Finally, here are additional tips:
- Beware of callers asking for money or information. If you'd like to reduce the number of telemarketing calls you receive, consider signing up for the national Do Not Call Registry (call 1-888-382-1222 or visit www.donotcall.gov). If you are on this list, be suspicious of calls from any company or organization that you have reason to believe is not eligible to contact you under the registry's rules.
- Don't comply with requests from strangers to deposit a check into your account (perhaps as part of an Internet sale) and wire some or all of it back. "If you send the money and the check is counterfeit, you may be held responsible by your financial institution for the losses," said Michael Benardo, Chief of the FDIC's Cyber-Fraud and Financial Crimes Section.
- If you use social media, many security experts advise against posting the names of relatives and anyone's home address, full date of birth and daily activities because those can be valuable to a thief. "A scam on the rise involves con artists who look for personal information on the Internet that they can use to call or e-mail an elderly person and pretend to be a relative in distress — such as a grandchild being injured, in jail or lost in a foreign country — and needing money sent fast, without telling anyone else in the family," added Benardo. "They may also represent themselves as a lawyer or law enforcement agent needing money to help your relative."
November Security Tip
Mobile Wallet Services Protection
Federal Communications Commission
Consumers are increasingly using their smartphones, tablets and other mobile devices as "mobile wallets" to pay for goods and services, downloading software that allows them to complete both mobile and in-person transactions. As the use of mobile wallet services increases, consumers need to protect their smartphones, mobile wallet applications, associated data, and mobile wallet services from theft and cyber-attacks.
How to Safeguard Your Mobile Wallet Smartphone
- Consider your surroundings and use your smartphone or mobile device discreetly.
- Do not use mobile wallet services to conduct financial transactions over an unsecured Wi-Fi network.
- Never leave your smartphone unattended in a public place. Don't leave it visible in an unattended car; lock it up in the glove compartment or trunk.
- The police may need your smartphone's unique identifying information if it is stolen or lost. Write down the make, model number, serial number, and unique device identification number (either the International Mobile Equipment Identifier (IMEI) or the Mobile Equipment Identifier (MEID) number). Some phones display the IMEI/MEID number when you dial *#06#. The IMEI/MEID can also be found on a label located beneath the phone's battery or on the box that came with your phone.
- Review the service agreement for the financial account used in your mobile wallet to find out what will happen and who to contact if your smartphone is stolen or lost, or if your mobile wallet application is hacked.
- Monitor the financial account used in your mobile wallet for any fraudulent charges.
- Choose a unique password for your mobile wallet. Should your smartphone be lost or stolen, this may help protect you from both unwanted charges and from theft and misuse of your personal data.
- Install and maintain security software. Apps are available to:
- Locate your smartphone from any computer;
- Lock your smartphone to restrict access;
- Wipe sensitive personal information and mobile wallet credentials from your smartphone; and
- Make your smartphone emit a loud sound ("scream") to help you or the police locate it.
- Adjust your "locked screen" display to show your contact information so that your smartphone may be returned to you if found.
- Be careful about what information you store. Social networking and other apps may pose a security risk and allow unwanted access to your personal information and mobile wallet data.
What to Do if Your Mobile Wallet Smartphone Is Stolen
If you are not certain whether your smartphone or mobile device has been stolen or if you have simply misplaced it, attempt to locate the smartphone by calling it or by using the security software's GPS locator. Even if you may have only lost the smartphone, you should remotely lock it to be safe.
If you have installed security software on your smartphone, use it to lock the device, wipe sensitive personal information, and/or activate the alarm.
Immediately report the theft or loss to your wireless carrier. You will typically be responsible for any charges incurred prior to when you report the stolen or lost smartphone. If you provide your carrier with the IMEI or MEID number, your carrier may be able to disable your smartphone, your mobile wallet services, and block access to your personal information and sensitive mobile wallet data. Request written confirmation from your carrier that you reported the smartphone as missing and that the smartphone was disabled.
If your smartphone or mobile device was stolen, also immediately report the theft to the police, including the make and model, serial and IMEI or MEID number. Some carriers require proof that the smartphone was stolen, and a police report can provide that documentation.
If you are unable to lock your stolen or lost smartphone, change all of your passwords for mobile wallet services and banking accounts that you have accessed using your smartphone service.
For more information about what to do if your wireless device is lost or stolen, and contact information for service providers, go to: www.fcc.gov/guides/stolen-and-lost-wireless-devices
October Security Tip
When a Criminal's Cover Is Your Identity: Minimizing the Risk of Identity Theft
From FDIC Consumer News
Your good name and reputation are among your most valuable assets. Unfortunately, criminals know the value of a good name and reputation, too. That's why increasing numbers of con artists are “stealing” identities. They typically start by using theft or deception to learn a person's Social Security number, date of birth or other personal information. Armed with those details, the perpetrators can open credit card accounts, make purchases, take out loans, or make counterfeit checks and ATM cards in your name. In effect, the crook becomes you to commit fraud or theft.
Federal and state laws plus banking industry practices may limit your losses from identity theft, also known as ID theft. Under the Truth in Lending Act, if a crook opened a credit card account in your name and ran up thousands of dollars in charges, the most you'd owe is $50—and many creditors will agree to excuse you of all liability. Still, innocent victims are likely to face long hours (and sometimes years) closing tarnished accounts and opening new ones, fixing credit records, and otherwise cleaning up the damage. They may even be denied loans, jobs and other opportunities because an identity theft ruined their reputation and credit rating.
Here are things you can do to minimize your risk of becoming a victim of ID theft:
Protect your Social Security number, credit card numbers, account passwords and other personal information. Never divulge this kind of information unless you initiate the contact with a person or company you know and trust. A con artist can use these details and a few more, such as your mother's maiden name, to withdraw money from your bank or order credit cards or checks in your name. If you get an unsolicited offer that sounds too good to be true and asks for bank account numbers and other personal information before you receive anything in return, this is probably a scam. Likewise, if a caller claims to represent your financial institution, the police department or some similar organization and asks you to "verify" (reveal) confidential information, hang up fast. Real bankers and government investigators don't make these kinds of calls.
Keep thieves from turning your trash into their cash. Thieves known as “dumpster divers” pick through garbage looking for credit card applications and receipts, canceled checks, bank statements, expired charge cards and other documents or information they can use to counterfeit or order new checks or credit cards. Before putting these items in the garbage bin, tear them up as best you can. Any paper you don't need that contains private information should be shredded.
Pay attention to your bank account statements and credit card bills. Contact your financial institution immediately if there's a discrepancy in your records or if you notice something suspicious, such as a missing payment or an unauthorized withdrawal. While federal and state laws may limit your losses if you're victimized by a bank fraud or theft, sometimes your protections are stronger if you report the problem quickly and in writing.
Review one or more of your credit reports approximately once a year. Your credit reports (prepared by credit bureaus) will include identifying information such as your name, address, Social Security number and date of birth, as well as details about credit cards and loans in your name. Make sure each report you obtain is accurate, and that includes monitoring it for unauthorized bank accounts, credit cards and purchases. Under federal law, you can get at least one free report from each of the nationwide credit bureaus every 12 months. To order your free annual reports from the three major credit bureaus — Equifax, Experian and TransUnion — visit www.AnnualCreditReport.com or call toll-free 1-877-322-8228.
Don't let ID theft take on a life of its own — yours. If someone is using your personal information to cash in on your name, visit www.identitytheft.gov, the federal government’s one-stop resource to help people report and recover from ID theft.
August Security Tip
7 Tips for Hurricane Preparedness
From American Bankers' Association
ABA is encouraging consumers to prepare for hurricane season by assessing their home’s risk and developing emergency plans to protect against a potential storm.
Assemble an emergency kit. The emergency kit should include first aid supplies, a flashlight, extra batteries, at least three days of non-perishable foods and water, towels and a supply of any necessary medications. Stay informed of the storm’s path and progress by monitoring Wireless Emergency Alerts via text message and having a battery-powered radio or TV available.
Develop a family communications plan. Know how you will contact one another; how you will get back together, if separated; and what you will do in different situations. Having a plan can eliminate some of the stress and confusion.
Establish an evacuation route. Prior to a storm, contact your local American Red Cross to locate the shelter nearest you or download their Shelter Finder App. Identify the safest route to get there. Be sure to check if your local emergency shelter allows animals and family pets.
Secure your home. Outdoor furniture and other objects can pose a potential hazard. Turn off propane tanks and other utilities if instructed to do so by emergency personnel.
Protect financial documents.In the event of a disaster, you will need identification and financial documents to begin the recovery process. Safeguard important documents in a bank safety deposit box, computer storage devices (USB drive, CD/DVD), and/or waterproof storage containers, including:
Know the details of your insurance policy. Talk with your agent to determine if you have adequate coverage or if you need to reassess your plan. This is especially important if your property’s flood map has changed.
- Personal identification (driver’s licenses, birth certificates, military IDs, passports, etc.)
- Financial account information (checking, savings, retirement and investment accounts, credit/debit cards).
- Insurance policies on all personal property, including appraisals and lists and photos of valuable items.
- Ownership or leasing documentation for homes and vehicles (deeds, titles, registrations, rental agreements, etc.)
- All health and medical insurance documentation.
For more resources, visit theFEMA site: http://www.ready.gov/hurricanes.
July 2018 Security Tip
How to Avoid a ‘Card Cracking’ Scam
From American Bankers' Association
Banks and law enforcement are cracking down on an emerging scam known as “card cracking.” Card cracking is a form of fraud where consumers respond to an online solicitation for “easy money” and provide a debit card for withdrawal of fake check deposits. Criminals use social media platforms like Facebook, Twitter, or Instagram to solicit consumers, often targeting people between the ages of 19 and 25 years-old, as well as college students, newly enlisted military and single parents.
Customers who respond to these solicitations, now accomplices, provide a debit card, PIN and online credentials to give the criminal direct access to their account. The fraudster deposits worthless checks using mobile deposit and immediately withdraws the funds at an ATM. The customer then calls to report a stolen card or compromised credentials. The bank reimburses the customer for funds lost and the criminal provides the customer with a cut of the money withdrawn using worthless checks.
Check back next month for more tips and tricks to protect your financial information.
- Do not respond to online solicitations for “easy money.” Card cracking advertisements will suggest that this is a quick, safe way to earn extra cash. Keep in mind that easy money is rarely legal money.
- Never share your account and PIN number. Keep this information private at all times. By sharing it with others, you expose yourself to potential fraud.
- Do not file false fraud claims with your bank. By filing a false claim, you are a co-conspirator to fraud. Banks’ detection techniques for card cracking are constantly improving and suspicious claims will be investigated.
- Report suspicious posts linked with scams. If you notice postings that appear to be linked with a possible scam, report them to the social media site. There is usually a drop down menu near the post to allow for easy reporting.