In the last decade many frauds – to steal your money by stealing your personal information – have arisen using increasingly sophisticated technology. Exchange Bank will never contact you and ask for your personal information. DO NOT give out personal information when called, texted or emailed. Contact us if you feel your identity or accounts have been compromised or for more information.
Here is a review of today’s most prevalent frauds and some advice on how to protect yourself:
- DATA BREACH – An electronic breach of a proprietary file that contains personal information that could potentially lead to identity theft, including Social Security numbers, financial account information, driver’s license numbers and medical information.
- CORPORATE ACCOUNT TAKEOVER – form of corporate identity theft where a business’ online credentials are stolen by malware. Criminal entities can then initiate fraudulent banking activity. Click here for more information and resources.
- SLEEPER FRAUD – Sleeper fraud can be defined in two ways. Sleeper fraud type 1. An account is opened at an early stage of the sleeper’s cycle. It may operate in a normal manner for months or even years, with no unusual transaction volume, and maintained in a current status, with regular payments. Because the fraudster has built a positive account relationship, traditional performance scores on the account may lead to increased credit lines and offers of pre-approved credit products. Then, at some point, the fraudulent account is activated—in addition to a credit card, this may include a checking account or other direct deposit accounts. In this type of fraud, the sleeper may act independently—but more often is connected to a sophisticated network. Sleeper fraud type 2. In the second type of sleeper fraud, these networks might steal or purchase information related to a “real” cardholder with a history of responsible account management. Sophisticated, state-sponsored fraud rings sell compromised data on the black market. In many cases not only do they get a name, email, and address, but also a phone number, a social security number, and possibly passwords. They are then able to manipulate this consumer information to enable fraudulent purchases, while disallowing the lender (and collections, specifically) from making contact with the original account holder in an attempt to reconcile the account.
- PROTECT YOURSELF by checking your credit report no less than once a year. Sign up for credit report and debit card alerts.
- PHISHING – the criminal attempt to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email, directing users to enter personal financial details at a fake website whose look and feel are almost identical to a legitimate one, such as their bank. Even when using server authentication, it may require tremendous skill to detect that the website is fake.
- PROTECT YOURSELF by remembering that your financial institution will never send an email asking for personal information, or send you to a special site to “update personal information”. If you do not know the source, delete the email and contact the source yourself to verify and/or report the scam.
- SPEAR PHISHING – a variation of phishing. With phishing, criminals might send a single mass email to thousands of people. Spear phishing attacks are customized and sent to a single person at a time. The spear phishing email usually contains personal information such as your name or some disarming fact about your employment. The email usually includes a link leading to a fake web site that requests personal information. The phony email may contain a downloadable file. They often appear to com from an employer or another seemingly legitimate source. But the file contains malware, and once downloaded to your computer, collects your personal information and transmits it to the criminal.
- PROTECT YOURSELF by understanding that these attacks are usually limited to corporate targets. Nearly all of the spear phishing complaints that have been investigated have come from corporate employees. If you receive a suspicious email like this, go directly to your company’s information technology department to learn whether the email is legitimate.
- VISHING– the name for phishing attacks using the telephone. The term is a combination of voice and phishing, and is typically used to steal credit card numbers, bank account numbers and passwords. You might receive a phone call advising you that your credit card has been used illegally, and to cal a certain number to “verify” your account number.
- PROTECT YOURSELF by being suspicious of any phone call asking you to provide credit card or bank numbers. Rather than provide the information, contact your bank or credit card company directly to verify the validity of the message.
- SMISHING– yet another variation of phishing, the name combination of SMS (short message service, the technology used in text messaging) and phishing. In this scam, the fraudster uses cell phone text messages to lure you to a website or to use a phone number that connects to an automated voice response system. The smishing text message typically urges your immediate attention. For example, it might say it is confirming an order for a large computer purchase, and you need to follow the scammer’s directions in order not to be charged for the item. Once you click on the URL or call the phone number, you are asked to provide card numbers, account numbers, PIN numbers, etc.
- PROTECT YOURSELF by assuming that no legitimate business would contact you by text message with a request of this nature. If the message seems credible, use your phone to call Directory Service for the correct phone number, then call customer service and ask about the message.
- DEBIT AND CREDIT CARD SKIMMING – the attempt to hijack your personal information and your identity by tampering with ATM machines. Fraudsters set up a device that is capable of capturing the debit card magnetic stripe and keypad information from the ATM, and then sell this information to criminals who use it to create new cards with your account numbers.
- PROTECT YOURSELF first by reducing your risk at ATMS – use machines from institutions you know and trust. A thief has to be able to attach and retrieve a skimming device to use the data it’s gathered, which is easier in settings where there’s less traffic and no surveillance cameras. Additionally, if you notice a change at an ATM you use routinely, such as a color difference in the card reader or a gap where something appears to be glued onto the slot where you insert your card, that’s a warning sign to find another machine. It will also be appreciated if you contact the owner of the ATM to alert him of your concerns.
- FAKE CHECK SCAMS – using technology to create realistic cashiers checks. These checks are used by scammers to pay for online purchases or most notoriously, some form of foreign lottery that you are told you won. The scam always involves your accepting the fake cashier’s check, which is for more than the purchase price, then you’re sending the difference in a separate check to the scammer. You keep the worthless fake check and the scammer keeps your real check.
- PROTECT YOURSELF using your business sense. If you are selling something, insist the buyer pay by traditional means. Remember that if you didn’t enter a lottery, you would not win it. And of course, never accept a check for more than the amount due.
- PROTECT YOURSELF by maintaining up-to-date anti-spyware and virus protection software and firewalls help avoid these risks.
- SPYWARE AND VIRUSES – destructive programs loaded on your computer without your permission or knowledge. Spyware appears as a legitimate application on your computer but actually monitors your activity and collects sensitive information. Viruses are harmful programs spread through the Internet that can compromise the security of your computer.
- POP-UP ADVERTISEMENTS – appear in a separate browser window and, when clicked, can download harmful spyware or adware to your computer. While some make legitimate offers, many pop-ups are attempts to obtain your sensitive information.
- PROTECT YOURSELF by blocking pop-ups on your computer – and never “click” on the pop-up site.
- IRS SCAMS – The Internal Revenue Service reports that criminals are using phishing scams which ask an individual to update their e-files. The criminals also use telephone calls impersonating IRS Agents complete with false badge numbers. The IRS doesn’t initiate contact with taxpayers by telephone, email, text messages or social media channels to request personal or financial information – period. If you believe a tax criminal has targeted you, report the contact to the IRS: www.irs.gov/help-resources.
Other Helpful Tips to Protect You
While online banking is safe, as a general rule you should always be careful about giving out your personal financial information over the Internet. Review the following tips to protect your personal information while using the Internet.
- Regularly log into your online accounts to verify that your bank, credit, and debit card statements and transactions are legitimate.
- Instead of clicking on links in emails, type in the URL that you’re familiar with, such as www.exba.com, or select the Web address saved in your browser’s “Favorites”.
- If an offer sounds too good to be true, it probably is and should be avoided.
- If you have any doubts about the validity of an email, contact the sender using a telephone number you know to be genuine.
- Before you initiate an online transaction, make sure your personal information is protected by looking for indicators that the site is secure. URLs for secure sites typically begin with “https” instead of “http” and display a lock in the lower right corner of your browser.
- Use anti-virus software and keep it up-to-date.
- Make sure you have applied the latest security patches for your computer. Most software providers, like Microsoft, offer free security patches.
- If you have broad-band Internet access, such as cable modem or DSL, make sure that you have a firewall.
We take numerous steps to keep your account information secure. However, you must take precautions as well.
- Choose a good passcode – Your online passcode, along with your access ID, authenticate your identity when accessing online accounts. You should carefully select a passcode that is difficult to guess and not use personal information or a word that can be found in the dictionary.
- Keep your passcode safe – Even the best passcode is worthless if it’s written on a note attached to your computer or kept in your checkbook. Memorize your passcode and never tell it to anyone.
- Change your passcode regularly – It’s important to change your passcode regularly. Every time you choose a new passcode, our online banking system runs a quick program to test its safety. If we can guess it, we will immediately ask you to choose another one.
- Remember to log off properly – You may not always be at your own computer when banking online. Therefore, it’s important to log off using the “log off” link at the top of each Internet banking page. If you forget to do so, the system automatically signs you off after 10 minutes of inactivity.
If you need any assistance, you can also contact us at (256) 538-7875.