Go Safe: Fraud & Identity Theft Prevention

Ten Steps to Smartphone Security

How to Protect Yourself Online – FCC Consumer Facts

WARNING: Internet Pirates are Trying to Steal YOUR Personal Financial Information
Here's the Good News—YOU have the Power to Stop Them


There's a new type of Internet piracy called "phishing." It's pronounced "fishing," and that's exactly what these thieves are doing: "fishing" for your personal financial information. What they want are account numbers, passwords, Social Security numbers, and other confidential information that they can use to loot your checking account or run up bills on your credit cards.

In the worst case, you could find yourself a victim of identity theft. With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even driver's licenses in your name. They can do damage to your financial history and personal reputation that can take years to unravel. But if you understand how phishing works and how to protect yourself, you can help stop this crime.

Social Engineering: 

Social Engineering Definition: The practice of deceiving someone, either in person, over the phone, or using a computer, with the express intent of breaching some level of security either personal or professional. Social engineering techniques are considered con games which are performed by con artists. The con artist may already have some degree of information about you and will try to trick you into divulging more. The targets of social engineering may never realize they have been victimized.

Phishing: The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The web site, however, is bogus and set up only to steal the user’s information.

Smishing: A form of criminal activity using social engineering techniques similar to phishing. The name is derived from "SMs phISHING". SMS (Short Message Service) is the technology used for text messages on cell phones. Similar to phishing, smishing uses cell phone text messages to deliver the "bait" to get you to divulge your personal information. The "hook" (the method used to actually "capture" your information) in the text message may be a web site URL, however it has become more common to see a phone number that connects to automated voice response system.

Vishing: A social engineering technique for acquiring personal or financial information from consumers using the telephone network. A classic scam that we have seen includes automated phone calls stating ‘your debit card needs to be reactivated’ or ‘there is a billing issue with your card’. If you receive one of these calls, simply hang up. If you do give out your personal information, monitor your account closely through your online banking solution and contact your financial institution as soon as possible.

Pharming: A type of fraud that involves redirection from a legitimate site to a site that appears to be legitimate, but has been created by fraudsters in an attempt to gain your personal or account information.

In any case, you may be asked to update your account information or to provide information for verification purposes: your Social Security number, your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother’s maiden name or your place of birth.

If you provide the requested information, you may find yourself the victim of identity theft.

We caution you to NEVER give out your personal information when solicited to do so. Please keep in mind that most companies that you do business with will already have your personal information and would not need it from you again. Contact the alleged sender before responding to any suspicious contact.

How to Protect Yourself:

1. Never provide your personal information in response to an unsolicited request, whether it is over the phone or over the internet. E-mails and internet pages created by phishers may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure site. If you did not initiate the communication, you should not provide any information.

2. If you believe the contact may be legitimate, contact the financial institution yourself. You can find phone numbers and web sites on the monthly statements you receive from your financial institution, or you can look the company up in a phone book or on the internet. The key is that you should be the one to initiate the contact, using contact information that you have verified yourself.

3. Never provide your password over the phone or in response to an unsolicited Internet request. A financial institution would never ask you to verify your account information online. Thieves armed with this information and your account number can help themselves to your savings.

4. Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving, call your financial institution to find out why. If your financial institution offers electronic account access, periodically review activity online to catch suspicious activity.

You Can Fight Identity Theft – Here’s How:

Never provide personal financial information, including your Social Security number, account numbers or passwords, over the phone or the internet if you did not initiate the contact.

Never click on the link provided in an e-mail you believe is fraudulent. It may contain a virus that can contaminate your computer.

Do not be intimidated by an e-mail or caller who suggests dire consequences if you do not immediately provide or verify financial information.

If you believe the contact is legitimate, go to the company’s web site by typing in the site address directly or using a page you have previously book marked, instead of a link provided in the e-mail.

If you fall victim to an attack, act immediately to protect yourself. Alert your financial institution. Place fraud alerts on your credit files. Monitor your credit files and account statements closely.


What to do if you fall victim:

  • Contact your financial institution immediately and alert it to the situation.
     
  • If you have disclosed sensitive information in a phishing attack, you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name. Here is the contact information for each bureau’s fraud division:

    Equifax
    800-525-6285
    P.O. Box 740250
    Atlanta, GA 30374
    Experian
    888-397-3742
    P.O. Box 1017
    Allen, TX 75013
    TransUnion
    800-680-7289
    P.O. Box 6790
    Fullerton, CA 92634