All types of fraud are still growing at an alarming rate; however, there are some relatively simple precautions you can take to protect yourself from becoming the victim of identity theft and/or other types of scams and deceptions. Below is information on some of the more prevalent fraudulent activity currently in active operation:
ATM/Debit Cards – Vulnerabilities
A stolen Debit Card can be taken to any merchant and used to charge purchases to your bank account. Keep careful track of your card; do not leave it laying around. Crooks who use Debit Cards for telephone and online purchases do not have to give a personal identification number (PIN) or a signature to the merchant. Fraudsters are always observant and can obtain your PIN if you are not cautious when performing a transaction. In addition, skimming devices on ATMs, or at other places such as gas pumps, can collect confidential information from your ATM card. If you write your PIN on your ATM/Debit card, and it is lost or stolen, the criminal has all the information necessary to clean out your bank account.
Protect Yourself Against ATM/Debit Card Fraud:
- At an ATM, watch for anything unusual attached to the machine which could be a skimming device (if you are concerned, do not use your card and contact your bank), and be careful when entering your PIN that no one is watching what you enter.
- Keep your Debit Card in view if at all possible (especially at restaurants); retrieve your card promptly after using it.
- Avoid signing a blank receipt. Draw a line through blank spaces above the total when you sign a card receipt (this includes credit cards).
- Emails: Do not click on a link in an email to make a purchase. Get out of the email and go to the merchant's official site to make your purchase; this step will help avoid possible Phishing attempts.
- If a merchant contacts you by phone to sell his/her merchandise, if you are interested in making the purchase, explain that you will call the company back. Do not use any phone number the caller may have provided, but look up the merchant's number and call that number back. You may ask for the name of the person who contacted you. The caller may be unhappy with this procedure especially if he is not local, but there are numerous callers impersonating representatives of legitimate companies (e.g. trying to sell various types of insurance).
- As noted with phone calls purportedly from a business, if you receive a call from a charitable organization, if interested in donating, look up the charity's information and contact it yourself.
- Check your bank account statement frequently (sign up for online banking so that you can view your statement as often as you want). Report any transaction which you do not think you made to your bank immediately, regardless of how small (e.g. $.99, $1.00, $2.00 etc – these might be attempts by the scammer to see if your card is valid).
- Never give out your card number over the phone unless you initiated the transaction and are confident the company is legitimate and reputable.
- Be very careful about what you post on a social networking site. Often this information can be used by scammers to contact you by phone, mail, or email to attempt to sell you a fraudulent product or service or to obtain additional confidential information from you.
What is Phishing?
Don’t trust an email because it looks like it came from a trusted source. Thieves may disguise an email to make it appear to come from a business you recognize such as your bank or from a government agency. Such email may warn you of a serious problem that requires immediate attention and may encourage you to click on a button to go to the Web site of the bank or agency. You will probably be directed to a phony Web site, which may look very real. If it is a fake Web site, a pop up window will appear for the purpose of acquiring your financial information. You may be asked to update your account information or to provide confidential information for verification purposes. If you provide the requested information, you may find yourself the victim of identity theft.
Protect Yourself Against Phishing:
- Never provide your personal information in response to an unsolicited request, whether over the phone or the Internet. Internet pages created by phishers may look real, may even have a fake padlock icon. If you did not initiate the communication, you should NOT provide any information. If you are concerned about the site; do not click on the link provided; get out of the email and go directly to the Web site yourself.
- If you believe the contact may be legitimate, contact the bank or business yourself. You should be the one to initiate the contact, using contact information that you have verified yourself.
- Never provide your password over the phone or in response to an unsolicited Internet request. The bank will never ask you to disclose your financial information online.
- Review your account statements regularly to ensure all charges are correct. Contact the bank if your statement is late in arriving. If you have access to online banking, periodically check the activity on your account to determine if anything appears suspicious.
What is Spyware/Key Loggers?
Spyware refers to software that collects information about a person or organization without his/her knowledge or informed consent and reports such data back to a third party (could include user IDs and passwords).
- Spyware can be downloaded with other Internet downloads.
- May be directly downloaded by users who have been persuaded that the technology offers a benefit.
- May be installed by an Internet browsing technique called "drive-by downloads" – spyware is installed when a user simply visits a Web site. The user accepts a download believing it is necessary to view the Web page or a user is prompted to install the program through a pop up window which remains open.
- May be downloaded automatically when a user opens or views unsolicited e-mail messages.
- Make sure your Windows updates are current!
Protect Yourself Against Spyware, Key Loggers, Trojans
The user may be unaware that his computer is infected.
There might not be a “removal” option, or when such an option is present, the removal process may not eliminate all components or it may redirect the user to an Internet site to complete the removal. This often results in new or additional infection rather than removal.
You may have an infected computer if: you notice performance problems such as Internet Explorer not working properly; your computer "hangs up" frequently; your computer has slowed down significantly.
To protect against Spyware, Key Loggers, Trojans (viruses):
- Use Anti-Spyware and or Anti-Virus Program(s); often an Anti-Virus program will include anti-spyware and anti-adware programs
- Use Anti-Spam programs
- Don't inadvertently install adware or spyware; beware of free file-sharing software and of clicking the OK button in pop up dialog boxes.
- Install a pop-up blocker to prevent adware and spyware pop-up windows.
- If you unwittingly click on a link that appears legitimate and a dialog box pops up, don't click the install button, until you are sure this is the program you were intending to install.
- Consider installing firewall protection.
- Adjust your browser settings to prompt the user whenever a Web site tries to install a new program or Active-X control.
- Carefully read End User Licensing Agreements for new software (especially "free" software) to ensure it does not automatically include adware.
What is Ransomeware?
Ransomeware is malware (may appear as a pop-up or perhaps email) that attempts to extort money from the recipient by threatening to place a virus on his/her computer; or in some cases he may have already encrypted the owner’s files with the virus. He then demands money to unencrypt the data. If the computer owner refuses, the files remain encrypted and the user is locked out of his own files OR worse, the files are “executed” – deleted, several at a time until the “ransom” is paid.
Most importantly: BACK UP YOUR DATA. If someone locks you out of your computer data, you will still be able to get into your information fairly quickly if you have backed it up on a CD or DVD.
Protect yourself against Ransomeware:
- Make sure you have a virus scanning program.
- Don't open emails from sources you don't know, and don't open attachments within e-mails unless you know exactly what the attachment is.
- Be cautious of opening pop-ups.
- If you have a wireless router that lets you connect wireless devices to your network, make sure they are password protected.
- If concerned about losing your files to malware or Ransomeware, shut down your PC.
- Never provide personal financial information (including social security number, account number or passwords) over the phone or the Internet if you did not initiate the contact.
- Do not provide unencrypted confidential information through email.
- Never click on the link provided in an email you believe is fraudulent. It may contain a virus that can contaminate your computer.
- Do not be intimidated by an email or caller who suggests dire consequences if you do not immediately provide or verify financial information.
- If you believe the contact is legitimate, go to the company's Web site by typing in the site address directly or using a page you have previously book marked, instead of clicking on a link provided in the email.
- Report suspicious emails or calls to the Federal Trade Commission through the Internet at http://www.ftc.gov/ftc/contact.shtm, or by calling 1-877-IDTHEFT.
**If you are concerned about an email that appears to come from The Bank of Union, do not hesitate to call the Bank for further information (405-262-6577) or (405-483-5308). The Bank will not ask you to provide confidential information such as your social security number, password, or account number through an email.
Account takeover occurs when a fraudster obtains an individual's or a business's confidential information and uses this information to make an address change with the financial institution or is able to access or change User IDs and Passwords thereby gaining access to computer programs and information, ordering wire transfers or ACH transactions.
Protect yourself/your business against Account Takeover:
- Put a lock on your home and/or business mailbox
- Shred receipts and statements that contain account information and credit card application information requests.
- Periodically check credit bureau information.
- Review billing statements thoroughly.
- Frequently check bank account activity.
- Use "strong" passwords (not your pet's or child's name) and include a number(s) and symbol.
- Businesses: Use a dedicated computer which is used exclusively to transact business (e.g. for online banking, to communicate sensitive information to the bank such as ACH originated items, for remotely deposited items or wires).
- Use, and keep updated, anti-virus software.
Social Networking Sites
Helpful tips regarding security and privacy while using social networking sites:
- Ensure that any computer you use to connect to a social media site has proper security measures in place (anti-virus software and keep your operating system patches up to date).
- Use caution when clicking a link to another page or running an online application. Many applications embedded within social networking sites require you to share your information when you use them - this is how malware can be disseminated.
- Use strong and unique passwords.
- If screen names are allowed, do not choose one that gives away too much personal information.
- Be careful who you add as a "friend," or what groups or pages you join.
- Do not assume privacy on a social networking site (personal or business).
- Use discretion before posting information or commenting about anything.
- Configure privacy settings to allow only those people you trust to have access to the information you post.
- Restrict the ability for others to post information to your page.
Internet (Online) Banking Security Precautions
Recently, The Bank of Union ("Bank") has seen significant changes in the internet banking threat landscape. Fraudsters have continued to develop and deploy more sophisticated, effective, and malicious methods to compromise authentication mechanisms and gain unauthorized access to customers' online accounts. Rapidly growing organized criminal groups have become more specialized in financial fraud and have been successful in compromising an increasing array of controls. Various complicated types of attack tools have been developed and automated into downloadable kits. Fraudsters are responsible for losses of hundreds of millions of dollars resulting from online account takeovers and unauthorized funds transfers. The Bank is providing the below security awareness information for your use and action to help protect your online account and transaction information.Below are the protections and liabilities for consumer transactions using The Bank of Union's Internet Banking program:
To access our Internet Banking service, you must use the ID and/or other means of access we establish or provide for your Internet Banking Customer Account together with a PIN. It is your responsibility to safeguard the ID and PIN we provide. Anyone to whom you give your Internet Banking ID and PIN or other means of access will have full access to your accounts even if you attempt to limit that person's authority.
You, or someone you have authorized by giving them your Internet Banking ID and PIN or other means of access (even if that person exceeds your authority), can instruct us to perform the following transactions:
- Make transfers between your qualifying accounts to the extent authorized;
- Obtain information that we make available about your qualifying accounts;
- Obtain other services or perform other transactions that we authorize (e.g. bill payments).
You must have enough money or credit in any account from which you instruct us to make a payment or transfer. You also agree to the Terms & Conditions of your deposit account that you received when you opened your deposit account.
Your Internet Banking payments and transfers will be indicated on the monthly or quarterly statements we provide. Please notify us promptly if you change your address or if you believe there are any errors or unauthorized transactions on any statement, or statement information.
UNAUTHORIZED TRANSACTIONS OR LOSS OF THEFT OF YOUR INTERNET (ONLINE) BANKING ID OR PIN
If you believe your Internet (Online) Banking ID or PIN or other means of access have been lost or stolen, or that someone has used them without your authorization, call us immediately at (405) 262-6577, during normal business hours. After hours you may notify us by: *going to the "Contact Us" tab on our Website and completing the information in the box provided; *or if you are in Online Banking, just click on the word "Contact" at the top right side of your screen, at which time a "Message Center" screen will pop up, click on "new" to input your information; or write us at The Bank of Union, 2000 South Country Club Road, El Reno, OK., 73036. Immediately contacting us by phone is the best way of reducing your possible losses, since not all e-mail may arrive at their destinations. We will send an e-mail back to you as confirmation that we did receive it. Because e-mail may not be secure, do not include any of your account or social security numbers with your e-mail. Your name, address, and a brief message as to what the problem might be is all we will need. If you have given someone your Internet Banking ID and PIN or other means of access and want to terminate that person's authority, you must change your identification number and password or other means of access or take additional steps to prevent further access by such person.
You may terminate your Internet Banking Agreement at any time upon giving the Bank written notice of the termination. If you terminate, you authorize us to continue making transfers you have previously authorized until we have had a reasonable opportunity to act upon your termination notice. Once we have acted upon your termination notice, we will make no further transfers or payments from your Internet Banking Account. If we terminate your use of your Internet Banking Account, we reserve the right to make no further transfers of payments from your account including any transactions you have previously authorized.
You are responsible for all transfers you authorize using the Internet Banking services under your Online Banking Agreement. If you permit other persons to use your Access Code, you are responsible for any transactions they authorize or conduct on any of your accounts. However, tell us at once if you believe anyone has used your Access Code and gained entry to your accounts without your authority. Telephoning is the best way of keeping your possible losses down.
Consumer Accounts. The following three paragraphs apply only to consumer accounts (an account belonging to a natural person and used primarily for personal, family, or household purposes):
For Internet Banking transactions for consumer accounts, if you tell us within 2 business days, you can lose no more than $50 if someone accessed your account without your permission. If you do not tell us within 2 business days after you learn of the unauthorized use of your account or Access Code, and we can prove that we could have prevented the unauthorized transaction(s) if you had told us in time, you could lose as much as $500 or more. Also, if your statement shows Internet Banking transfers that you did not make, tell us at once. If you do not tell us within sixty (60) days of the mailing date of your statement, you may be liable for the full amount of the loss if we can prove that we could have prevented the unauthorized transactions if you had told us in time. Should some emergency such as extended travel or hospitalization prevent you from contacting us, a reasonable extension of time will be allowed.
If you tell us orally, we may require that you send us your complaint or question in writing within ten (10) business days. We will tell you the results of our investigation within ten (10) business days after we hear from you and will correct any error promptly. For errors related to transactions occurring within thirty (30) days after the first deposit to the account (new accounts), we will tell you the results of our investigation within twenty (20) business days. If we need more time, however, we may take up to forty-five (45) days to investigate your complaint or question (ninety (90) calendar days for new account transaction errors, or errors involving transactions initiated outside the United States). If we decide to do this, we will re-credit your account within ten (10) business days for the amount you think is in error, so that you will have the use of the money during the time it takes us to complete our investigation. If we ask you to put your complaint or question in writing and we do not receive it within ten (10) business days, we may not re-credit your account.
If we decide after our investigation that an error did not occur, we will deliver or mail to you an explanation of our findings within three (3) business days after the conclusion of our investigation. If you request, we will provide you copies of documents (to the extent possible without violating other members' rights to privacy) relied upon to conclude that the error did not occur.
Limitation of Liability for Internet Banking Services. The Bank's sole responsibility for an error in a fund transfer or bill payment will be to correct the error, but in no case shall the Bank be liable for any indirect, punitive, special, incidental, or consequential damages (even if you have informed us of the possibility of such damages). You agree that neither we nor the service providers shall be responsible for any property damage or loss, whether caused by the equipment, software, the Bank, or by Online browser providers such as Netscape (Netscape Navigator browser) and Microsoft (Microsoft Internet Explorer browser), or by Internet access providers or by online service providers or by an agent or subcontractor of any of the foregoing. Neither we nor the service providers will be responsible for any direct, indirect, special or consequential economic or other damages arising in any way out of the installation, download, use, or maintenance of the equipment, software, the Bank Internet Banking services or Internet Browser or access software. In this regard, although we have taken measures to provide security for communications from you to us via the Bank Internet Banking Services, and may have referred to such communication as "secured," we cannot and do not provide any warranty or guarantee of such security. In states that do not allow the exclusions or limitation of such damages, our liability is limited to the extent permitted by applicable law.
Additionally, the Bank will not be liable for the following:
- If, through no fault of ours, you do not have enough money in your account to complete a transaction, your account is inactive or closed, or the transaction amount would exceed the credit limit on your line of credit.
- If you used the wrong Access Code or you have not properly followed any applicable computer, Internet, or the Bank user instructions for making transfer and bill payment transactions.
- If your computer fails or malfunctions or the Internet Banking service was not properly working and such problem was or should have been apparent when you attempted such transaction.
- If, through no fault of ours, a bill payment or funds transfer transaction does not reach a particular creditor and a fee, penalty, or interest is assessed against you.
- If circumstances beyond our control (such as fire, flood, telecommunications outages, strikes, equipment or power failure) prevent the transaction.
- If the funds in your account are subject to legal process or other claim, or if your account is frozen because of a delinquent loan, overdrawn account, or suspected fraud.
- If the error was caused by a system beyond the Bank's control such as a telecommunications system, or Internet service provider.
- If you have not given the Bank complete, correct, or current information so the Bank can process a transaction.
Billing Errors. In case of errors or questions about your Internet Banking transactions, telephone us at the phone numbers or write us at the address set forth above as soon as you can. We must hear from you no later than sixty (60) days after we sent the first statement on which the problem appears.
- Tell us your name and account number.
- Describe the transaction you are unsure about, including the transaction confirmation or reference number if applicable, and explain as clearly as you can why you believe it is an error or why you need more information.
- Tell us the dollar amount of the suspected error.
Other important information all Online banking customers should keep in mind:
- The Bank will never contact any customer and request electronic banking credentials. If you get a call asking for your credentials, hang up and call us!
- If you are a Bank commercial online banking customer we suggest you periodically evaluate the possible risks to your account. Some key areas to check are:
- Who has access to the Internet banking PC and credentials?
- Is (Are) the Internet banking PC or PCs secured after normal business hours?
- Do you have up to date antivirus and antimalware software on the PC?
- How often do you change the Internet banking password and who knows the password?
- Is there a firewall active on your PC?
- The Bank strongly urges each business customer to perform a periodic risk assessment of their own electronic activity (e.g. online transfers, bill payments, cash management files, etc.) including a review of who has access to, and authority over, electronic activity and devices (as well as when dual control should be in place).
- Tips to Reduce the Risk in Internet Banking?
- Block cookies on your Web browser: When you surf, hundreds of data points are being collected by the sites you visit. These data get combined together to form an integral part of your "digital profile," which is then sold without your consent to companies around the world. By blocking cookies, you'll prevent some of the data collection about you. Yes, you'll have to enter passwords more often, but it's a smarter way to surf.
- Don't put your full birth date on your social-networking profiles: Identity thieves use birth dates as cornerstones of their craft. If you want your friends to know your birthday, try just the month and day, and leave off the year.
- Don't download Facebook apps from outside the United States: Apps on social networks can access huge amounts of personal information. Some unscrupulous or careless entities collect lots of data and then lose, abuse, or sell them. If the app maker is in the U.S., it's probably safer, and at least you have recourse if something should ever go wrong.
- Use multiple usernames and passwords: Keep your usernames and passwords for social networks, online banking, e-mail, and online shopping all separate. Having distinct passwords is not enough nowadays: if you have the same username across different Web sites, your entire personal, professional, and e-commerce life can be mapped and re-created with some simple algorithms. It's happened before.
- Internet Banking Problems, Concerns, or something doesn't look right? Call us at (405) 262-6577.
Here is a list of some free Antivirus programs:
Malwarebytes (especially good for cleaning):