Protect Your Online and Account Privacy
Internet Fraud Warnings
First Central Savings Bank welcomes the responsibility of protecting our customers’ privacy. In an effort to educate our customers we have posted information on phishing and spoofing on our bank websites. Brochures have also been distributed with all of our checking account statements.
Phishing is the latest form of identity theft. It’s when thieves act as if they are representing an organization and try to hook the consumer into providing personal information. Once the consumer is hooked, the thieves can do lasting damage to a consumer’s financial accounts. They can dupe customers into providing their Social Security numbers, financial account numbers, PINs, mothers’ maiden names and other personal information.
The thieves often pose as a:
- Financial institution
- Credit card company
- Online merchant
- Utility or other biller
- Internet service provider
- Government agency
- Prospective employer
Estimated to cost consumers $1.2 billion last year, according to research firm Gartner, Inc., phishing is perpetuated by both phone and e-mail, although email is more prevalent.
Here’s how it works: Consumers receive an email from an organization with which they do business. The email typically includes bogus appeals such as problems with an account or billing errors, and asks the consumer to confirm his/her personal information. Different approaches include things such as “We’re updating our records,” “We’ve identified fraudulent activity on your account,” or “Valuable account and personal information was lost due to a computer glitch.” To encourage people to act immediately, the email usually threatens that the account could be closed or canceled.
Most emails ask recipients to follow an embedded link that takes them to an exact replica of the victim company’s Web site. Graphics on the counterfeit site are so convincing that even experts often can have a hard time distinguishing the fake site from the real one.
Despite the convincing appeals, consumers should not respond to unsolicited emails that direct them to divulge personal identifying information. Reputable organizations that consumers legitimately do business with generally do not request account numbers or passwords unless the consumer initiated the transaction.
Unfortunately, by hijacking the trusted brands of well-known and reputable organizations nationwide, phishers are able to convince up to 5% of recipients to respond to them, according to the Anti-Phishing Working Group. Gartner, Inc. recently reported that more than 57 million Americans think they have received a phishing email, and the FBI has called phishing the “hottest, most troubling new scam on the Internet.”
Members of the Virginia Financial Group have learned through the FBI, FDIC and ABA (American Bankers Association) that there have been several instances of unsolicited email and telephone scams that have attempted to glean personal and banking information from the general public. These emails have the appearance of coming from one of the above mentioned agencies. For more information, you can visit the sites below:
FDIC Consumer Assistance
ABA Fraud Alert
FBI Spoofing
We want to assure our customers that we do not send any email asking you to send us, via email, any personal or private identifying information.
Below are some security suggestions for Internet users:
- If you encounter an unsolicited email that asks you, either directly or through a website, for personal financial or identity information (such as social security number, passwords, account numbers or other identifiers), DO NOT RESPOND.
- If a web site address is not familiar to you, then it is probably not real. Only use the address that you have used before or start at your normal homepage.
- Always report fraudulent or suspicious email to your Internet Service Provider. Reporting instances of spoof web sites will help get those bogus websites shut down before they can do any more harm.
- Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and “https” in front of the website address.
- Take note of the header address on the website. Most legitimate sites will have a relatively short internet address that usually depicts the business followed by .com, .net or .org. Spoof sites are more likely to have an excessively long string of characters in the header with a legitimate business name somewhere in the string, or possibly not at all.
- If you have any doubts about an email or website, contact the legitimate company directly. Make a copy of the questionable web site’s URL address, send it to the legitimate business and ask if the address is legitimate.
- If you’ve been victimized by a spoofed email or website, you should contact your local police or sheriff’s department and file a complaint with the FBI’s Internet Fraud Complaint Center
- When creating your passwords, don’t use information that could easily be linked to you (i.e. phone number, your date of birth, address numbers).
- Change your password often. We suggest changing your password every 30 days.
- Do not share your passwords or PINs with anyone.
- Do not write your passwords or PINs down where they may easily be found by others.
To learn more about email scams and what you can do to protect yourself online, the Federal Trade Commission has information on its web site.
Identity Theft Information
First Central Savings Bank welcomes the responsibility of protecting our customers’ privacy. We know how traumatic identity theft can be and you may not know where to turn. Below is a list of useful links that will help you piece your life back together.
If you feel that your First Central Savings Account has been compromised, please call us immediately at: 1-866-400-FCSB (3272)
Credit Bureau Fraud Departments
Experian
1-888-397-3742
www.experian.com
TransUnion
1-800-680-7289
www.transunion.com
Other Important Contact Information
Federal Trade Commission
1-877-ID-THEFT
Reporting your incident to the F.T.C. may help law enforcement solve your case as well as others.
Social Security Administration
1-800-269-0271
Depending on your case, you may be able to attain a new social security number.
U.S. Postal Inspection Service
Report any mail fraud to the USPS.
PROTECT YOUR CARD FROM UNAUTHORIZED USE
- Sign your card upon receipt
- Report a lost or stolen card immediately
- If you use a Personal Identification Number (PIN), memorize it. Don’t write the PIN on the card or keep it with the card.
- Remember to take your ATM receipt.
- Always take and destroy merchant carbons.
- Destroy your old card when it expires or when a new card is issued.
ATM SAFETY TIPS
- Commit your PIN to memory and never share your PIN
- As you approach an ATM, be aware of your surroundings.
- Wait until you leave the ATM to count your money.
- Immediately report a lost or stolen card to the Financial Institution
WALK-UP ATM SAFETY TIPS
- Have your card ready when you approach the ATM.
- Wait until previous customers have finished their transactions.
- Stand close to the ATM when entering your PIN.
DRIVE-UP ATM SAFETY TIPS
- Pull up close to ATM.
- Remain in your car with doors locked.
- Keep your car running while operating the ATM.
Please visit your local branch and pick up your free ATM/Debit/Credit Card Sleeve.
1-866-400-FCSB (3272)
E-Banking/ Mobile Banking Safety Tips
Today, we have lots of options when it comes to financial transactions. Mobile Banking (and E-Banking) is an increasingly popular way to monitor and manage your money. While Mobile Banking is fairly secure just because if the variations of applications (apps) and services provided, there are certain rules you should follow to make sure your banking information remains safe when using these channels.
- Don’t Follow Links You may have heard the term phishing. Phishing refers to the practice of tricking someone into revealing private information. Fishing and phishing are similar concepts — there’s bait involved with both. With a phishing scheme, that bait might be as simple as a text message or e-mail. You should never follow a banking link sent to you in a text message or e-mail. These links could potentially lead you to a spoofed Web site. If you enter your information into such a site, you’ve just handed that data over to thieves. It’s always a good idea to navigate to our site directly (or even better, bookmark it). Also, you should never send your account information or password via text message or e-mail. It’s a common phishing scheme to send out bogus requests for such information.
- Avoid Banking While on Public Networks Many mobile devices allow you to connect to different types of networks, including Wi-Fi networks. You might be tempted to check your balance or make some transfers while you are outside of your home, such as at a coffee shop. But before you log into your account, make sure you’re not connected to a public network. Public connections aren’t very secure — most places that offer a public Wi-Fi hotspot warn users not to share sensitive information over the network. If you need to access your account information, you may want to switch to another network. If you’re using a smartphone or other cellular device, disabling the Wi-Fi and switching to a cellular network is a good solution. You never know who might be listening in over the public network.
- Only Use Official Apps Many organizations and institutions, especially banks, now offer official applications in smartphone and tablet app stores. In general, these apps tend to be more secure than sending information by SMS message or e-mail. Most organizations go to great lengths to make sure any information (especially sensitive information) sent across a network by an app is encrypted. Make sure your app is officially sanctioned before you download and install it. Almost all organizations will include a section on their web sites to let you know about their official app. Once you’ve verified the app is official, it shouldn’t be difficult to download and install to your device.
- Be Careful of What You Download While there aren’t as many examples of malware out in the mobile device market as there are on traditional PCs, the fact remains that mobile devices are just specialized computers. That means it’s possible for someone to design an app that could try to access your information. You should be careful when downloading apps – and not just your banking app, but all apps. Do a little research before you download that next widget or game to make sure the app developer has a good reputation. And if you’ve jailbroken (or rooted) a mobile device, or you’ve side-loaded unapproved apps, be aware that your data could be vulnerable.
- Keep Track of Your Mobile Device Perhaps the biggest risk is also the reason why mobile banking is so popular — mobile devices are easy to carry around everywhere we go. They can contain everything from passwords to contact lists to our calendar appointments. Information like that can be dangerous if your mobile device falls into the wrong hands, but there are a few things you can do to minimize your risk. If your device has a digital locking mechanism you should use it. Some devices require you to trace a pattern or insert a PIN. While it might slow you down to have to enter a PIN each time you want to use your phone, that layer of security might be enough to keep a thief from accessing your bank account before you can report your phone as missing.
Don’t be scared off from using your mobile device to access your bank accounts. Just be sure to practice good, safe behaviors and keep track of your gadgets. With a little common sense and attention, mobile banking can be both convenient and secure.
The FDIC also offers Consumer Protection tips for Mobile Banking, you can access them here.