Tips for Spotting a Fraudulent Email
Personal Information Request
Provident will never ask you to respond to an email with any personal information. This includes your Social Security number (SSN) or your ATM or 24 Hour Access Plus Direct Talk Personal Identification Number (PIN) numbers
Threat of closing an account if information is not provided
This type of email informs you that your account will be closed if you fail to "authenticate" or verify your personal information. Provident will never ask you to confirm information in this manner.
Security or system emails.
This type of email indicates that the bank needs you to confirm important information. The email will ask you to update your information online. Provident will never ask you to confirm information in this manner.
An offer that sounds "too good to be true."
This email may ask that you complete a short survey in order to receive money credited to your account. It will ask for your account(s) and bank routing number(s) in order to complete the deposit to your account. Provident will never ask for your information in this manner.
Misspellings and/or grammatical errors.
Emails containing these issues are often an indicator of attempted fraud. Watch for typos, grammatical errors, awkward wording, and poor design.
Unusual URLs.
Many web pages and emails will display the destination URL of the link when you hover over the link with your cursor. (Please do not click the link) A URL formatted provident.suspicious.com will take you to a site that is not a part of the Provident web site even though Provident is contained within the URL.
Please, do not reply to any of these types of emails!
Tips for Secure Passwords
It is critical to use a highly secure password for all of your financial accounts. Never use passwords like your child's name, your pet's name, your Social Security number, your account or PIN number, or anything else that a person with the intention of performing fraud could easily discover. Passwords that are the most secure use at least 12 characters but preferably 16 and/or combinations of letters, numbers, and special characters. Do not just use an address, phone number, birthdate, or worst of all, simple passwords such as 1111 or 1234. For additional security, please change your password on a regular basis and do not use the same password for multiple accounts.
If you feel you have given out any personal information in regard to your Provident account(s) (such as your account number, password, or PIN), or typed it into a website that may not be legitimate, please contact us immediately. We will take the necessary steps to help you secure your account.
Common Sense Tips
Don't give out financial information such as account numbers, credit card numbers, ATM PIN number, and especially your Social Security number over the phone unless you have initiated the call and know the person/organization you are transacting business with. Please do not give this information to a stranger even if they claim to be representing Provident.
Report lost or stolen checks, credit cards, or ATM cards immediately.
Don't preprint your driver's license, telephone, or Social Security numbers on your checks.
Please notify Provident of any suspicious telephone inquiries that might ask for account information.
Don't write your (PIN) on or with your ATM or credit cards.
Remember that protecting your financial information is often asking the question: How can I protect myself?
Online Banking Account Protection That Works 24/7... Just Like You Do
Provident Bank's Online Banking Identity Verification feature
What is the security feature?
In order to make your online banking experience as secure as possible we have introduced a security feature that watches for uncharacteristic or unusual behavior involving your internet banking access. If anything out of the ordinary is detected, we will ask you to verify your identity.
How does it work?
In the rare case we detect any unusual or uncharacteristic activity, we will ask you to answer security questions or if there are problems with answering the questions, allow us to phone you to make sure that it is really you trying to sign on. Most of the time you will not notice that the security feature is even there, but it will still be protecting you 24 hours a day and 7 days a week.
Do I need to sign up for the security system?
The security system is automatically available to all of our customers. Expect to be prompted at some point while banking online to enter additional information. This may include choosing some security questions that only you know the answers to as well as supplying phone numbers where you can be reached while banking online. Once this occurs, you have added a layer of protection to your Online Banking access and best of all, it's free!
Frequently Asked Questions for our Identity Verification Feature
What is this security system?
As our customer, we know how you typically behave. For example, when and from where you normally access internet banking. If we detect any activities that do not seem like your typical behavior, we will prompt you to further verify your identity. This process will ensure us it is you and not someone else trying to access your information. This will only happen on rare occasions. Normally you will not be asked for any additional information. For example, if someone tries to sign in with your user name and password from a computer in a foreign country shortly after you have logged off from your normal computer at home, we may decide to verify that it is really you trying to access your account.
How do I sign up for the security system?
There is no need to sign up. The security is there right from the start! Expect to be prompted at some point while banking online to enter additional information. This may include choosing several security questions that only you know the answers to, as well as supplying phone numbers where you can be reached while banking online. Once this occurs you have added a layer of protection to your internet banking access!
How much will it cost?
There is absolutely no cost associated with the new security system.
When will I be asked for more information?
You will only be prompted to enter additional information when a particular activity or transaction appears to be unusual or uncharacteristic of your typical behavior. You will also be prompted to enter your information when you are first prompted to set up your security information.
What additional information will I be asked?
If any unusual or uncharacteristic behavior is detected, you will be asked to answer several of the security questions you chose. You may also be asked to answer an automated phone call.
What is unusual or uncharacteristic behavior?
Uncharacteristic or unusual behavior is anything that appears out-of-the-ordinary compared to how you normally would bank online and where you normally bank online. If the action being requested does not appear to be something you would normally do, we will ask you for more information to make sure it is really you and not an unauthorized user.
Will I be asked for more information all the time now?
No, you will only be asked for more information when unusual or uncharacteristic behavior is detected. This will most likely be a very rare occurrence.
How are you able to detect unusual or uncharacteristic behavior?
The security system takes into account factors such as the computers you typically use to access your account, or the typical security settings for your computer. Hundreds of factors, such as these, create a profile that is unique to you that allows us to make decisions about whether the person conducting a given activity appears to be really you.
How do I know it is working?
You only need to complete the set-up process once; afterwards the new security system will work automatically. That means you are being protected every moment; when you are online and more importantly when you are not.
How will my phone numbers be used?
If any unusual or uncharacteristic behavior is detected, you may be asked to answer an automated phone call. Once you answer the phone call, you will be prompted to enter the code that will appear on your computer screen at that time in order to verify your identity. Your phone numbers will not be sold to a third party, nor will they be used to contact you about marketing offers and promotions.
How many phone numbers should I provide?
You must provide at least one phone number but are encouraged to provide up to three. In case we need to verify your identity, you may receive an automated phone call at one of the numbers you have provided. It is important to provide numbers where you can be reached when you are banking online. For instance, if you bank online at work you should provide your work or cell phone number so you can be reached there. This will ensure you can continue your online banking session without any inconvenience.
What if I need to change my phone number?
If you need to change your phone number, please contact customer service at (800) 442-5201 Monday through Friday 8AM to 6PM and on Saturday 10AM to 2PM. You may also be occasionally asked to verify that your information is up to date during your Online Banking session.
What if I cannot be contacted at any of the phone numbers listed?
If you cannot be contacted at any of the phone numbers listed, please contact customer service at (800) 442-5201 Monday through Friday 8AM to 6PM and on Saturday 10AM to 2PM.
Is my personal information still safe?
Yes. In fact, your personal information is safer than ever before because we are making sure it is really you and not an unauthorized user trying to access your information.
I have already set up my contact numbers, why am I being asked for them again?
Occasionally we may prompt you to make sure that the information we have on file is up to date.
How will this help prevent online fraud?
If your user name and password are stolen, the fraudster would have to be able to answer your security questions correctly or answer a call at one of the numbers you provided before being able to access your information. If the user is not able to provide this information or be reached on the phone, the activity would be blocked. This added layer of security helps us protect your information.
I check my account very often, wouldn't I know if something unusual showed up on my account?
It is great you check your account! It is always a good idea to regularly monitor your account for any unusual activities (like payments you didn't make). This security service helps prevent those incidences from ever occurring, so when you check your account everything is exactly how it should be.
I share my computer with someone who has their own account. Can both of us still log in from this machine?
Yes, you can both use the same computer to log on to your individual accounts. There is no limit on how many people can log on the website from the same computer.
I already have anti-virus and a personal firewall. Why do I need this?
We are glad to hear you use anti-virus and a personal firewall. Be sure that you keep both software programs up to date for the best possible protection against viruses, Trojans, and hackers. This new security feature protects against other types of threats such as a stolen user name and password. It works with your other personal security programs, but it does not replace them.
Is Your Computer Secure?
If the computer you are currently using is not protected, identity thieves and other fraudsters may be able to get access and steal your personal information.
If you are using safety measures and good practices to protect your home computer, you can protect your privacy and your family. Here are some tips Provident would like to suggest to help you lower your risk while you're online.
Suggestions from Provident Bank
Install and use a firewall
Definition: A firewall is a software program or piece of hardware that blocks hackers from entering and using your computer. Hackers search the Internet in a similar manner as telemarketers automatically dial random phone numbers. They send out a ping (call) to thousands of computers and wait for a response. Firewalls prevent your computer from responding to these unsolicited calls. A firewall blocks communications to and from sources you don't permit. This is especially important if you have a high-speed Internet connection, like DSL or cable. Some computer operating systems have built-in firewalls that may be shipped in the "off" mode. Ensure that your firewall is on. To always be effective, your firewall must be set up correctly and updated regularly. You can check your online "Help" feature for specific instructions.
Install and use anti-virus software
Anti-virus software helps to protect your computer from viruses that can destroy your data, slow down/ crash your computer, or allow spammers to send email from your account. Anti-virus protection scans your computer and your incoming email for viruses, and then removes them. Anti-virus software must be updated regularly to cope with the latest "bugs" (viruses) circulating on the Internet. Most anti-virus software includes a feature to download updates automatically while you are online. Always make sure that the software is continually running and checking your system for viruses, especially if you download files from the Web or are checking your email. Set your anti-virus software to check for viruses when you first turn on your computer. You should also set the anti-virus software to scan your complete system at least twice a month.
Install and use anti-spyware software
Spyware is software installed without your consent or knowledge that has the ability to monitor your online activities and collect your personal information while you are surfing the Web. Certain types of spyware, called keyloggers, record everything you type in - including your passwords, credit card numbers, and financial information. Signs that your computer may be infected with spyware include a sudden influx of pop-up ads, being taken to websites you don't want to go to, and slower performance.
Spyware protection is included in some anti-virus software products. Review your anti-virus software documentation for information on how to activate the spyware protection options. You also purchase separate anti-spyware software programs. Keep your anti-spyware software up to date and run it regularly.
To avoid spyware in the first place, download software only from sites you know and trust. Piggybacking spyware is often an unseen cost of many "free" programs. Do not click on links in pop-up windows or in spam email.
Update and maintain your system and browser to protect your privacy
Hackers are continually searching and trying to find flaws and holes in operating systems and browsers. In order to protect your computer and all of your information on it, try to leave the security settings for your device and your browser to the defaults. Install updates to your system and browser regularly (as often as they are requested). You should consider taking advantage of automatic updating whenever available.
Secure your home wireless network
If you have a wireless network in your home, make sure you take precautions to secure it against hacking. Encrypt your home wireless communications. Select a wireless router that has an encryption feature and turn it on. WPA encryption is considered stronger than WEP. Your computer, router, and other equipment must use the same encryption type. If your router enables identifier broadcasting, be sure to disable it. Note the SSID name so you can connect your computers to the network manually. Hackers know the pre-set passwords of this kind of equipment. Be sure to change the default identifier on your router and the default administrative password. You may want to turn off your wireless network when you are not using it.
Remember that public "hot spots" found in many stores, restaurants and hotels may not be secure. It's safest to avoid accessing or sending sensitive personal or financial information over a public wireless network.
Is your company taking the steps necessary to safeguard information?
Most companies keep sensitive information in their files, whether it's names, Social Security numbers (SSN), credit cards, or other account data that identifies customers or employees. Businesses often need this information to fill orders, meet payroll, or perform other business functions. But if the information falls into the wrong hands, it can lead to fraud or identity theft. The cost of a security breach can be measured in the loss of your customers' trust and perhaps even a lawsuit, which makes safeguarding personal information just plain good business.
A sound data security plan is built on five key principles:
Take stock. Know what personal information you have in your files and on your computers.
Inventory all file storage and electronic equipment. Where does your company store sensitive data?
Talk with your employees and outside service providers to determine who sends personal information to your business, and how it is sent.
Consider all the ways you collect personal information from customers, and what kind of information you collect.
Review where you keep the information you collect, and who has access to it.
Scale down. Keep only what you need for your business.
Use Social Security numbers only for required and lawful purposes. Don't use SSNs as employee identifiers or customer locators.
Keep customer credit card information only if you have a business need for it. Change the default settings on your software that reads customers' credit cards.
Don't keep information you don't need. Review the forms you use to gather data - like credit applications and fill-in-the blank web screens for potential customers - and revise them to eliminate requests for information you don-t need.
Truncate the account information on electronically printed credit and debit card receipts you give your customers. You may include no more than the last five digits of the credit card number, and you must delete the card's expiration date.
Develop a written records retention policy, especially if you must keep information for business reasons or to comply with the law.
Lock it. Protect the information that you keep.
Put documents and other materials containing personally identifiable information in a locked room or file cabinet.
Remind employees to put files away, log off their computers, and lock their file cabinets and office doors at the end of the day.
Implement appropriate access controls for your building.
Encrypt sensitive information if you must send it over public networks.
Regularly run up-to-date anti-virus and anti-spyware programs on individual computers.
Require employees to use strong passwords.
Caution employees against transmitting personal information via email.
Create a laptop security policy, for within your office and when your employees are traveling.
Use a firewall to protect your computers and your network.
Set "access controls" to allow only trusted employees with a legitimate business need to access the network.
Monitor incoming Internet traffic for signs of security breaches.
Check references and do background checks before hiring employees who will have access to sensitive data.
Create a procedure to make sure that workers who leave your organization or transfer to another part of the company no longer have access to sensitive information.
Educate employees about how to avoid phishing and phone pretexting scams.
Visit OnGuardOnline.gov for computer security tips, tutorials, and quizzes.
Pitch it. Properly dispose of what you no longer need.
Create and implement information disposal practices.
Dispose of paper records by shredding, burning, or pulverizing them.
Defeat dumpster divers by encouraging your staff to separate the stuff that's safe to trash from sensitive data that needs to be discarded with care.
Make shredders available throughout the workplace, including next to the photocopier.
Use wipe utility programs when disposing of old computers and portable storage devices.
Give business travelers and employees who work from home a list of procedures for disposing of sensitive documents, old computers, and portable devices.
Plan ahead. Create a plan for responding to security incidents.
Designate a response team led by a senior staff person.
Draft contingency plans for how your business will respond to different kinds of security incidents. Some threats may come out of left field; others - a lost laptop or a hack attack, to name just two - are unfortunate, but foreseeable.
Investigate security incidents immediately.
Create a list of who to notify - inside or outside your organization - in the event of a security breach.
Immediately disconnect a compromised computer from the Internet.
Identity Theft
Identity theft happens when a person uses your name, Social Security number (SSN), or some other personal, financial, or medical information without your permission to commit fraud and/or other crimes. Online threats like phishing, malware, or hacking may also lead to identity theft.
If your personal information is lost, stolen, or compromised, you can reduce the potential damage from identity theft.
View Our Identity Theft Flyer
Protect Your Identity
Do not give out personal or account information over the phone, by mail, emails or through the Internet unless you initiated the contact or you are sure you know who you are dealing with.
Never respond to unsolicited requests for your SSN, or requests to verify your financial information.
Secure your personal information in your home, especially if you have roommates, employ outside help or are having service work done in your home.
Guard your mail and trash from theft. Before discarding, shred all documents containing personal information. (Receipts, statements, etc.)
Check all credit card and bank statements monthly for accuracy.
Never open an email or click on the link provided in an email if you think it is fraudulent or is a request for personal information. Internet pages and email links may look like the official site. Call the institution or type in the site address you are familiar with instead of using the link provided in the email.
Obtain a copy of your credit report yearly and check it for accuracy. You can obtain a free copy of your credit report annually from the three major credit bureaus.
Report suspicious emails or calls to the Federal Trade Commission at:(877) IDTHEFT (438-4338)
If you Become a Victim
Put a Fraud Alert on Your Credit Reports
Contact one of the three nationwide credit reporting companies, so they can put a fraud alert on your credit report:
Equifax: (888) 378-4329 / Experian: (888) 397-3742 / TransUnion: (800) 680-7289
The one company you call is required to contact the others to place fraud alerts on your file.
A fraud alert may make it more difficult for an identity thief to open any accounts in your name. The alert is maintained on your credit report for at least 90 days. After you create an Identity Theft Report, you may request an extended alert on your file.
Review Your Credit Reports
After you place a fraud alert on your credit reports, you are entitled to one free copy of your credit report from each of the three credit reporting companies. Read and review the reports; verify that your name, address, SSN, accounts, and other information are correct.
If the report reflects accounts that you did not open or debts that are not yours, contact the credit reporting companies to report the fraud and have them corrected. You should also contact the security or fraud department of each company where an account was misused or opened without your consent. Ask the company to send you proof that the problem accounts have been corrected or closed.
Create an Identity Theft Report
An Identity Theft Report will help resolve issues with the credit reporting companies, debt collectors, and businesses that allowed the identity thief to open new accounts in your name. The Report can help you:
- Have fraudulent information permanently removed from your credit report
- Prevent a company from collecting debts that result from identity theft or selling the debts to other companies for collection
- Get an extended fraud alert placed on your credit report
Three steps are required to create an Identity Theft Report:
- File an identity theft complaint with the FTC. - Online: http://ftc.gov/idtheft / Phone: (877) 438-4338
- When you file your complaint with the FTC, obtain a copy of the FTC affidavit that shows the details of your complaint. The online complaint site describes how you can print your completed affidavit. If your complaint is filed by phone, ask the counselor how to get a copy of your affidavit.
- Take your completed FTC identity theft affidavit to your local police, or to the police where the theft occurred, and file a police report. Obtain a copy of the police report or the report number.
Your FTC identity theft affidavit plus your police report create an Identity Theft Report. Send a copy of the Identity Theft Report to each company where you report fraud. Request that they remove or correct fraudulent information on your accounts.
To learn more about how to protect your personal information and respond to identity theft go to https://identitytheft.gov
Privacy
Provident Bank values your trust and respects your expectation of privacy. As such, we are committed to maintaining the confidentiality of your personal financial information. This document outlines our privacy policy for visitors to our web site.
In addition to the protections you enjoy through our Online Privacy Policy, your online activities may also be covered by our Online Privacy Policy for consumers. This policy explains our collection, use, retention, and security of consumer information and applies to customers who obtain financial products and services primarily for personal, family, or household purposes.
At Provident Bank, protecting the privacy and security of your personal information is important to us. We collect, retain, and use information about you in order to administer our business and to provide quality products and services that may be of benefit to you. We consider safeguarding your financial information a fundamental part of our business philosophy.
Information We Collect
When you visit our website, we may collect the following information in order to service your accounts:
Information we receive from you on applications or other forms (such as your name, address, Social Security number, assets and income)
Information about your online transactions with us, as well as information about our online communications with you. Examples include your online bill payments and your activity on the website, such as collecting information on product information reviewed.
Visitors to Our Website
Visitors to our website remain anonymous, unless they register for a service or otherwise elect to disclose their identity to us. Although we do not collect personally identifying information about persons who simply visit our site, we do collect certain limited information about visitors, such as their IP address (a numeric address assigned automatically to computers when they access the Internet).
We also may place "cookies" on a computer to track a visitor's use of our website. A cookie is a piece of data that is stored on your hard drive. It takes up very little room on your system and helps us to customize our site and make its navigation easier for you. We sometimes use cookies to help estimate the number of visitors to our site and to determine which areas are the most popular. Unless you register with us for a service (such as our Online Banking service), the cookie does not provide us with any personally identifying information about you, such as your name or address.
Web Browser Settings and Control of Personally Identifiable Information Collection
You may have the ability to activate web browser tracking settings or other mechanisms that give you the option to control the collection of personally identifiable information about your online activities over time and across third-party websites or online services. Our response to these settings and mechanisms will depend on the setting and mechanism and the impact on our collection and tracking practices. At this time, our website only tracks your activities while on our website and, unless you register with us for a service, we do not collect any personally identifiable information about you. The tracking is facilitated using 'cookies' that we place on your computer. If you choose not to accept cookies or remove locally stored cookies, we will not track your activity on our website; however, some features and services on our website may not be available to you. For more information regarding cookies, refer to 'Visitors to Our Website' in this policy.
Third Parties
When you use our website or online service, third parties acting on our behalf may collect the personally identifiable information and website activity identified above. This may include the personally identifiable information collected when you register with us for a service. Depending on the third party websites you visit, as well as any preferences and authorizations you have provided to others, your activity on our website and across other websites, including personally information you provide, may be tracked and collected by third parties. Also, third parties may offer services on our website from time to time. If you access their websites or provide them with information, these third parties may track your activity across websites and collect your personally identifiable information, all subject to the third party's privacy and security practices.
For further details, refer to 'Links to Other Web Sites' and 'Services and Advertisements by Third Parties' in this policy.
Disclosure Of Non-Public Personal Information
We do not disclose non-public personal information about our customers to non-affiliated third parties, except as permitted by law. You do not have to take any action or instruct us to keep your information confidential. We will protect your privacy automatically. If you end your relationship with the Bank, we will continue to adhere to the information policies and practices described in this policy.
There are instances when information about you may be provided to others. For example, we are permitted by law to share information:
- Within the Bank in order to service your accounts or to market other products or services we may offer.
- With non-financial companies that perform services on our behalf, such as check printers, data processing companies, companies that prepare or mail account statements, or companies that perform marketing services on our behalf.
- With credit bureaus about loans we make, whether or not they are handled properly, and about deposit accounts that are not handled properly.
- In order to comply with a number of laws and regulations we are required to furnish various reports to federal, state, and/or local government officials regarding certain transactions or accounts.
- To comply with subpoenas and other legal processes that require us to provide information about your accounts or other business with the Bank.
- If we suspect that a crime involving you or your loan or deposit account may have been committed.
- With our regulatory agencies and agents of the Bank or its affiliated companies, such as our independent auditors, consultants or attorneys, all of who will be bound to protect the information as we do.
- With others that you, or any other person with signing authority over your account, have given us oral or written permission to do so.
Maintaining accurate Information
We have procedures in place that help us to maintain the accuracy of the personally identifiable information that we collect. Please contact us at the number or address set forth below if you believe that our information about you is incomplete, out-of-date, or incorrect. If you are an online banking customer, sign-on to Online Banking to review and correct information about yourself, such as a change in your address or email address.
Links to Other Web Sites
Our web site may feature links to third party web sites that offer goods, services or information. Some of these sites may appear as windows-within-windows at this site. When you click on one of these links, you will be leaving our site and will no longer be subject to this policy. We are not responsible for the information collection practices of the other web sites that you visit and urge you to review their privacy policies before you provide them with any personally identifiable information. Third party sites may collect and use information about you in a way that is different from this policy.
Services and Advertisements by Third Parties
Third parties may offer services from time to time at our web site. If you provide them with information, their use of that information will be subject to their privacy policy, if any, and will not be subject to this policy. If you accept third party goods or services advertised at our web site, the third party may be able to identify that you have a relationship with us (e.g., if the offer was only made through our site).
Minors
We feel strongly about protecting the privacy of children and teenagers. As such, we do not knowingly collect personally identifiable information from such individuals through our web site.
Changes to This Policy
We may add to, delete from, or otherwise change the terms of this Online Privacy Policy from time to time by posting a notice of the change (or an amended Online Privacy Policy) at this website. If required by law, we will send you a notice of the change. Your continued use of our web site or any on-line service following notification will constitute your agreement to the revised Policy.
Questions
If you have any questions or concerns about the integrity of your account information, or any other aspect of our business operations, please do not hesitate to telephone or come in to talk to our staff. You may also write to:
Provident Bank
Attention: Compliance Officer
3756 Central Ave.
Riverside, CA 92506
(800) 442-5201
We value your business and hope you will continue banking with us for many years to come.
At Provident Bank, protecting the privacy and security of your personal information is important to us. In order to proactively combat cybersecurity and decrease the likelihood of you, our customers, being compromised, we have implemented this CyberSecurity Tips Monthly Newsletter. It should help you grow to be security-conscious both at home and at work by providing helpful tips to consider in your everyday activities. A list of our current and previous issues of our newsletter have been provided below.
Disclaimer for links provided in this newsletter: If you click on a link within the following newsletters, you will be linking to another website not owned or operated by Provident Bank. Provident Bank is not responsible for the availability or content of this website and does not represent either the linked website or you should you enter into a transaction. We encourage you to review their privacy and security policies which may differ from Provident Bank.
Cyber Security Tips Monthly Newsletters
2024-08 Understanding Cyber Threats
|
Aug 2024
Understanding Cyber Threats
|
Monthly Security Tips Newsletter
|
|
Understanding Cyber Threats
|
Summary
The one thing cybersecurity threats have in common is that they are harmful and the cybercriminal is committed to destroying, stealing, or disrupting data, critical systems, and digital life in general. Your financial institution uses numerous security applications and incorporates processes to keep your financial information and assets secure and to comply with regulatory guidelines.
However, security is everyone's responsibility, and you can do the following three things to help safeguard your assets.
First, educate yourself about the various tactics, techniques, and processes (TTP) cybercriminals use to steal from you. TTPs are like fashion – what’s in style one month is out-of-date the next – so cybercrimes change over time. Below you’ll see the most current attack types and TTPs.
|
|
|
|
|
Second, install security applications on your personal computers and mobile devices. Those applications – especially anti-virus and content-blocking applications – are an additional layer of protection for devices connected to the outside world. It's important to secure all your devices, especially those used by your whole family.
As tempting as free security applications are, they aren’t always the best way to protect your financial data. Research and select applications offering the best protection. Consider it an investment that protects you from the hassles of restoring your online financial life to some degree of normal.
Third, regularly monitor your account activity and tell your financial institution about suspicious activity. Many financial services providers offer mobile apps that alert you to activity on your accounts. Those apps help you and your institution remediate cybercrime quickly.
|
|
|
|
Tips To Help You Remain On Guard
- Don’t reveal personal or financial information in a text or email, and don’t respond to email solicitations for this information.
- Don’t click on links sent in a text or email – you might wind up in a scam site built by a cybercriminal.
- Don't send sensitive information over the internet without checking the website's security. Look for URLs that begin with "https" – the ‘s’ stands for secure – rather than "http." A website safety checker like Google Safe Browsing helps, too.
|
|
|
|
If You’re a Victim?
Immediately change any passwords you might have revealed. Consider reporting the attack to IC3.gov and the police, and file a report with the Federal Trade Commission.
|
|
|
|
Getting Help
If you identify suspicious activity involving your institution, contact them immediately.
|
|
|
|
| |
©2024 FS-ISAC, Inc. | All Rights Reserved.
2024-07 Keeping an Eye Out for Telcom Attacks
|
Jul 2024
Keeping an Eye Out for Telcom Attacks
|
Monthly Security Tips Newsletter
|
|
Keeping an Eye Out for Telcom Attacks
Summary
Voice Over Internet Protocols (VoIP) is one-way threat actors attempt to trick unsuspecting consumers into sharing their confidential information, such as user names, passwords, bank account information, and the like. These actors frequently use “ID Spoofing” as vehicles in their attack campaigns.
ID Spoofing is when a caller deliberately falsifies the information transmitted to a caller ID display to disguise their identity. Scammers often use “neighbor spoofing” so it appears that an incoming call is coming from a local number, or spoof a number from a company or a government agency that the victim probably knows and trusts. Then they use scam scripts to try to steal money or valuable personal information that can be used in fraudulent activity.
Smishing is a similar form of social engineering fraud, but it exploits SMS, or text, messages rather than VoIP. In a smishing scheme, the scammer purports to be a known entitity and texts a link to such things as webpages, email addresses, or phone numbers that, when clicked, automatically open a browser window or email message or dial a number. This integration of email, voice, text message, and web browser functionality increases the likelihood that users will fall victim to engineered malicious activity.
Red Flags
- Demands for payment
- Account verification
- Program enrollment
- Order/shipping confirmation
- Winning a prize
- Tech support
Tips To Help You Remain On Guard
- Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
- Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
- Do not reveal personal or financial information in a text or email, and do not respond to email solicitations for this information. This includes following links sent in a text or email.
- Don't send sensitive information over the internet without checking a website's security.
- Pay attention to the Uniform Resource Locator (URL) of a website. Look for URLs that begin with "https" - an indication that sites are secure - rather than "http."
Resources
- If You're a Victim?
- Immediately change any passwords you might have revealed. Consider reporting the attack to IC3.gov, and the police, and file a report with the Federal Trade Commission.
- Getting Help
- If you identify suspicious activity involving your [Institution] account, contact us immediately.
|
| |
|
|
|
©2024 FS-ISAC, Inc. | All Rights Reserved.
|
2024-06 Protecting Vulnerable Adults
|
Jun 2024
Protecting Vulnerable Adults
|
Monthly Security Tips Newsletter
|
|
Protecting Vulnerable Adults
Summary
Elder abuse refers to an intentional or negligent act by any person that causes harm or a serious risk of harm to an older adult. The trauma of elder abuse can result in premature death, the deterioration of physical and psychological health, destruction of social and familial ties, devastating financial loss, and more. Older adults can be mistreated in multiple settings (homes, nursing homes, assisted living facilities) by family members, friends and neighbors, professionals, and strangers.
Abuse Types
Elder abuse is a term used to describe five subtypes:
Elder Abuse Red Flags
While no single red flag may signal abuse, observing several may indicate that intervention is required to protect a loved one.
Warning signs of physical abuse
- Bruises, black eyes, welts, lacerations, or rope marks
- Bone fractures, broken bones, or skull fractures; sprains, dislocations, or internal injuries/bleeding
- Open wounds, cuts, punctures, untreated injuries in various stages of healing
- Broken eyeglasses/frames, physical signs of being subjected to punishment, or signs of being restrained
- Laboratory findings of medication overdose or under-utilization of prescribed drugs
- An older adult’s sudden change in behavior
Warning signs of emotional/psychological abuse
- Being emotionally upset or agitated
- Being extremely withdrawn, non-communicative, or non-responsive
- Unusual behavior, such as sucking, biting, or rocking
- A caregiver controlling or isolating an older adult
- Exhibiting a change in sleeping patterns or eating habits
- Personality changes, such as apologizing excessively
- Depression or anxiety
- An older adult’s report of being verbally or emotionally mistreated
Warning signs of financial exploitation
- Sudden changes in bank accounts or banking practices, including an unexplained withdrawal of large sums of money by a person accompanying the older adult
- The inclusion of additional names on an older adult’s bank signature card
- Unauthorized withdrawal of the older adult’s funds using their ATM card
- Abrupt changes in a will or other financial documents
- Unexplained disappearance of funds or valuable possessions
- Provision of substandard care or bills left unpaid despite the availability of adequate financial resources
- Discovery of a forged signature for financial transactions or for the titles of the older adult’s possessions
- Sudden appearance of previously uninvolved relatives claiming their rights to an older adult’s property or possessions
- Unexplained sudden transfer of assets to a family member or someone outside the family
- The provision of services that are not necessary
- An older adult’s report of financial exploitation
- Unexplained credit card charges
Warning signs of neglect and abandonment
- Dehydration, malnutrition, untreated bed sores, and poor personal hygiene
- Unattended or untreated health problems
- Hazardous or unsafe living conditions or arrangements (e.g., improper wiring, no heat, or no running water)
- Unsanitary and unclean living condition (e.g., dirt, fleas, lice on person, soiled bedding, fecal/urine smell, inadequate clothing)
- The desertion of an older adult at a hospital, a nursing facility, or other similar institution, or a shopping center or other public location
- An older adult’s report of being neglected or abandoned
- Lack of food in the refrigerator or cupboards
Warning signs of sexual abuse
- Bruises around the private areas
- Unexplained sexually transmitted disease
- Changes in an older adult’s demeanor, such as showing fear or becoming withdrawn when a specific person is around
- Blood found on sheets, linens, or an older adult’s clothing
- An older adult’s report of being sexually assaulted or raped
Resources
Call
If this is an emergency, call 911 for immediate help.
For non-life-threatening emergencies, call either:
National Elder Fraud Hotline
1-833-FRAUD-11 (833-372-8311)
10 a.m. - 6 p.m. Eastern Time | Monday - Friday
Eldercare Locator helpline
1-800-677-1116
|
| |
|
|
|
©2024 FS-ISAC, Inc. | All Rights Reserved.
|
2024-05 Spotting Scams
|
May 2024
Spotting Scams
|
Monthly Security Tips Newsletter
|
|
Spotting Scams
Summary
Sharing a romance scam experience with someone you know takes courage. If an elderly person or vulnerable adult trusts you enough to share their scam story, especially if they are still in touch with the scammer, here’s some information that you or your loved ones will benefit from.
Romance Scams
Say your loved one is contacted on social media by someone interested in getting to know them. Or maybe they meet someone special on a dating website or mobile app. Soon the scammer wants to write to them directly or start talking on the phone. The scammer says it’s true love, but lives far away — maybe because of work, or because they’re in the military.
Then the scammer starts asking for money. Maybe it’s for a plane ticket to visit. Or emergency surgery. Or something else urgent.
Scammers of all ages, genders, and sexual orientations make fake profiles, sometimes using photos of other people — even stolen pictures of real military personnel. They build relationships — some even pretend to plan weddings — before they disappear with your loved one’s money.
How You Can Help
Lead with empathy. Respond with kindness and concern instead of criticizing or expressing disappointment. Scams can happen to anyone. Keep lines of communication open with a kind, concerned response.
Let them tell their story. Talking about a scam experience helps both of you understand what happened. And talking about the scam also helps both of you spot another attempt in the future.
Validate their story. The only person at fault here is the scammer — not your friend or family member. It’s a scammer’s job to steal money or information, and they’ll target anyone. Ask them not to blame themselves and, instead, blame the scammer.
Remind them not to send money. Never send cash, gift cards, wire transfers, or cryptocurrency to an online love interest. They won’t get it back.
Ask what we can do next together. See if their personal information was involved, too, because identity theft might be a concern. Ask if they might want to report the scam. Their story can help protect friends, family, their community, and themselves, as well as help law enforcement agencies like the FTC fight that scam.
Getting Help
If you realize you or your family member clicked or responded to a phishing email involving your [Institution] account, contact us immediately. You will need to change your passphrase. Additionally, you can report the incident to the FTC at ReportFraud.ftc.gov or the Internet Crime Center at www.ic3.gov. Please remember, that security is everyone’s responsibility.
|
| |
|
|
|
©2024 FS-ISAC, Inc. | All Rights Reserved.
|
2024-04 Protecting Our Children
|
Apr 2024
Protecting Our Children
|
Monthly Security Tips Newsletter
|
|
Protecting Our Children
Summary
The surge in cyberattacks on K-12 schools, targeting vulnerable computer systems and exploiting the lack of cybersecurity experts, is causing widespread disruptions across the nation. With incidents doubling in 2023, these attacks, often involving ransomware and data theft, underscore the urgent need for enhanced cybersecurity measures to safeguard student records and maintain the continuity of education. (NPR)
Prevention Tips
At home and at school, protect your systems by performing the following:
- Deploy multi-factor authentication. (MFA)
- Mitigate known exploited vulnerabilities.
- Implement and test backups.
- Regularly exercise an incident response plan.
- Implement a strong cybersecurity training program.
If you lack adequate resources, consider leveraging:
- The State and Local Cybersecurity Grant Program (SLCGP).
- Free or low-cost services to make near-term improvements in resource-constrained environments.
- Technology providers enable strong security controls by default for no additional charge.
- Minimizing the burden of security by migrating IT services to more secure cloud versions.
- CISA’s online toolkit provides additional free cybersecurity training and resources available for the K-12 community
Every K-12 organization—large and small—must be prepared to respond to disruptive cyber incidents. The Cybersecurity Infrastructure and Security Agency (CISA) is available to help you prepare for, respond to, and mitigate the impact of cyberattacks. When cyber incidents are reported quickly, they can use this information to render assistance and as a warning to prevent other organizations and entities from falling victim to a similar attack. CISA encourages our stakeholders to voluntarily share information about cyber-related events that could help mitigate current or emerging cybersecurity threats to critical infrastructure.
Sharing thwarted or actual cyber incidents with an information-sharing organization could help mitigate current or emerging cybersecurity threats to critical infrastructure.
If you realize you clicked or responded to a phishing email involving your [Institution] account, contact us immediately. You will need to change your passphrase. Additionally, you can report the incident to the FTC at ReportFraud.ftc.gov or the Internet Crime Center at www.ic3.gov. Please remember, that security is everyone’s responsibility.
|
| |
|
|
|
©2024 FS-ISAC, Inc. | All Rights Reserved.
|
2024-03 Protecting Your Identity
|
Mar 2024
Security is Everyone's Responsibility
|
Monthly Security Tips Newsletter
|
|
Protecting Your Identity
Summary
Is it worth being cautious with your personally identifiable information in light of so many data breaches? Yes! The Federal Trade Commission (FTC) estimates that it can take approximately six months and 200 hours of work to recover from an identity theft. This estimation is based on the amount of work needed to follow the necessary steps to ensure the victim is not responsible for the debt incurred (Privacy Guard).
Warning Signs of Identity Theft
You may not know that you experienced ID theft immediately, so be aware of:
- Bills for items you did not buy.
- Debt collection calls for accounts you did not open.
- Information on your credit report for accounts you did not open.
|
- Denials of loan applications.
- Mail stops coming to, or is missing from your mailbox.
|
Prevention Tips
How can you protect yourself?
- Use multi-factor authentication wherever offered. Do not reuse passwords, and if you have a lot of passwords, consider using a password vault.
- Do not answer phone calls, texts, social media messages, or emails from numbers or people you do not know. Enable blockers to help filter out scam numbers.
- Do not share personal information like your bank account number, social security number, or date of birth.
- Collect your mail every day and place a hold on your mail when you will be on vacation or away from your home.
- Review credit card and bank account statements. Watch for and report unauthorized or suspicious transactions.
- Understand how ATM skimming works and how to protect yourself.
- Learn when it is safe to use a public Wi-Fi network.
- Store personal information, including your social security card, in a safe place. Do not carry it in your wallet.
- Do not share personal information or dates of vacations on social media.
If you realize you clicked or responded to a phishing email involving your [Institution] account, contact us immediately. You will need to change your passphrase. Additionally, you can report the incident to the FTC at ReportFraud.ftc.gov or the Internet Crime Center at www.ic3.gov. Please remember, that security is everyone’s responsibility.
|
| |
|
|
|
©2024 FS-ISAC, Inc. | All Rights Reserved.
|
2024-02 Quishing, the New Phishing
|
Feb 2024
Security is Everyone's Responsibility
|
Monthly Security Tips Newsletter
|
|
Quishing, the New Phishing
Summary
Do you work hard for the money you earn? We feel you do. We work diligently behind the scenes to protect your information and money from fraudsters, but security is a shared responsibility between us. That’s why Provident Bank wants to ensure you start 2024 on the right track.
QR codes seem to be everywhere. You may have scanned one to see the menu at a restaurant or pay for public parking. You may have used one on your phone to get into a concert or sporting event or to board a flight. There are countless other ways to use them, which explains their popularity. Unfortunately, scammers hide harmful links in QR codes to steal personal information. Here’s what to know.
There are reports of scammers covering up QR codes on parking meters with a QR code of their own. And some crafty scammers might send you a QR code by text message or email and make up a reason for you to scan it. These are some of the ways they try to con you:
- Lying and saying they couldn't deliver your package and you need to contact them to reschedule
- Pretending like there’s a problem with your account and you need to confirm your information
- Lying and saying they noticed suspicious activity on your account, and you need to change your password
These are all lies they tell you to create a sense of urgency. They want you to scan the QR code and open the URL without thinking about it. A scammer’s QR code could take you to a spoofed site that looks real but isn’t. And if you log in to the spoofed site, the scammers could steal any information you enter. Or the QR code could install malware that steals your information before you realize it.
Prevention Tips
How can you protect yourself?
- If you see a QR code in an unexpected place, inspect the URL before you open it. If it looks like a URL you recognize, make sure it’s not spoofed — look for misspellings or a switched letter.
- Don’t scan a QR code in an email or text message you weren’t expecting — especially if it urges you to act immediately. If you think the message is legitimate, use a phone number or website you know is real to contact the company.
- Protect your phone and accounts. Update your phone's operating system to protect against hackers and protect your online accounts with strong passwords and multi-factor authentication.
If you realize you clicked or responded to a phishing email involving your [Institution] account, contact us immediately. You will need to change your passphrase. Additionally, you can report the incident to the FTC at ReportFraud.ftc.gov or the Internet Crime Center at www.ic3.gov. Please remember, that security is everyone’s responsibility.
|
| |
|
|
|
©2024 FS-ISAC, Inc. | All Rights Reserved.
|
2024-01 Starting Your Year Off Right
|
Jan 2024
Security is Everyone's Responsibility
|
Monthly Security Tips Newsletter
|
|
Starting Your Year Off Right
Summary
Do you work hard for the money you earn? We feel you do. We work diligently behind the scenes to protect your information and money from fraudsters, but security is a shared responsibility between us. That’s why Provident Bank wants to ensure you start 2024 on the right track.
Prevention Tips
Improve password security. Passwords are one of the most vulnerable cyber defenses. Improve your password security by doing the following:
- Create a strong password. Use a strong password that is unique for each device or account. Longer passwords are more secure. An option to help you create a long password is using a passphrase - four or more random words grouped and used as a password. To create strong passwords, the National Institute of Standards and Technology (NIST) suggests using simple, long, and memorable passwords or passphrases. (See Choosing and Protecting Passwords)
- Consider using a password manager. Password manager applications manage different accounts and passwords while having added benefits, including identifying weak or repeated passwords. There are many different options, so start by looking for an application that has a large install base (e.g., 1 million plus) and an overall positive review. Properly using one of these password managers may help improve your overall password security.
- Use multifactor authentication, if available. Multifactor authentication (MFA) is a more secure method of authorizing access. It requires two out of the following three types of credentials: something you know (e.g., a password or personal identification number [PIN]), something you have (e.g., a token or ID card), and something you are (e.g., a biometric fingerprint). Because one of the required credentials requires physical presence, this step makes it more difficult for a threat actor to compromise your device. (See Supplementing Passwords)
- Use security questions properly. For accounts that ask you to set up one or more password reset questions, use private information about yourself that only you would know. Answers that can be found on your social media or facts everyone knows about you can make it easier for someone to guess your password.
- Create unique accounts for each user per device. Set up individual accounts that allow only the access and permissions needed by each user. When you need to grant daily use accounts administrative permissions, do so only temporarily. This precaution reduces the impact of poor choices, such as clicking on phishing emails or visiting malicious websites.
- Choose secure networks. Use internet connections you trust, such as your home service or Long-Term Evolution connection through your wireless carrier. Public networks are not very secure, which makes it easy for others to intercept your data. If you choose to connect to open networks, consider using antivirus and firewall software on your device or using a Virtual Private Network (VPN) service, which allows you to connect to the internet securely by keeping your exchanges private. When setting up your home wireless network, use Wi-Fi Protected Accessed 3 (WPA3) encryption. All other wireless encryption methods are outdated and more vulnerable to exploitation. (See Securing Wireless Networks)
- Keep all of your personal electronic device software current. Manufacturers issue updates as they discover vulnerabilities in their products. Automatic updates make this easier for many devices—including computers, phones, tablets, and other smart devices but you may need to manually update other devices. Only apply updates from manufacturer websites and built-in application stores, third-party sites and applications are unreliable and can result in an infected device. When shopping for new connected devices, consider the brand's consistency in providing regular support updates.
- Be suspicious of unexpected emails. Phishing emails are currently one of the most prevalent risks to the average user. The goal of a phishing email is to gain information about you, steal money from you, or install malware on your device. Be suspicious of all unexpected emails. (See Avoiding Social Engineering and Phishing Attacks)
If you realize you clicked or responded to a phishing email involving your FS-ISAC account, contact us immediately. You will need to change your passphrase. Additionally, you can report the incident to the FTC at ReportFraud.ftc.gov or the Internet Crime Center at www.ic3.gov. Please remember, that security is everyone’s responsibility.
|
| |
|
|
|
©2024 FS-ISAC, Inc. | All Rights Reserved.
|
2023-12 Tis The Season For Scams
|
Dec 2023
Security is Everyone's Responsibility
|
Monthly Security Tips Newsletter
|
|
‘Tis The Season For Scams
It ‘tis the season… for fraud.
Did you know “about half of consumers who said they've been targeted by an online holiday shopping or phishing scheme ended up getting scammed, according to a new survey by Norton, a seller of cybersecurity software? Respondents who fell victim to scammers lost an average of $1,500,” it said according to a report by Forbes.
Scam Prevention Tips
Remain vigilant during the 2023 holiday season by reviewing these common scams.
|
Gift Card Scams. Budgets can become tight when finding gifts for your loved ones, so any financial relief is welcomed. You may, however, come across emails or pop-up ads offering free gift cards. Be wary of these tempting opportunities. They are often a ploy to collect your personal information that can be later used to steal your identity.
|
|
Charity Scams. Charity scams can take place online and even over the phone. According to the Federal Trade Commission (FTC), scammers will rush people into donating, or trick them by thanking them for a donation they never paid for and then asking for payment. They will also use vague and sentimental claims while asking for a donation but won’t detail how they’ll donate your money. Always research any charity before you donate and never give money by gift card, cryptocurrency, or wire transfer.
|
|
Package Delivery Scams. The Federal Communications Commission (FCC) warns of delivery notification scam calls and texts. These text messages and calls look like they’re from a legitimate mail or package courier, such as the US Postal Service, and include a fake tracking link. The link will lead you to a website to enter personal information, or it will install malware, software designed to gain unauthorized access, on your phone or computer. The malware will then start stealing your information.
|
|
Fake Gift Exchanges. You're invited via social media to join a gift exchange, which sounds harmless and fun. Why wouldn't it be? If you buy one $10 gift for a stranger, you will receive as many as 36 gifts back! It's a hoax with the same premise as a pyramid scheme where it relies on constantly recruiting new participants. In the US, pyramid schemes are illegal, so it's best to just respectfully decline any invitations to participate.
|
|
Emergency Scam. No one wants to hear a family member or friend is dealing with an emergency, like a serious accident or incarceration. We quickly want to help, which is an admirable trait, but scammers take advantage of it. They target people claiming to be a family member or friend where the circumstance requires money to be resolved. Before sending any money, verify their story with other family and friends, but call directly. You can also ask questions that would be hard for an impostor to answer correctly.
|
|
Bogus Websites. Online shopping is convenient especially when trying to avoid the holiday shopping rush. When you do shop online, make sure to only use legitimate websites. Scammers use URLs that look remarkably similar to those of legitimate sites. Always double-check the URL before making a purchase and be wary of sites where the brand name is included with long URLs.
|
|
Malware Email. Don't be quick to click! Clicking on the wrong link or downloading a scammer's attachment can result in malware spreading to your computer. This computer virus or "bug" can steal personal information or even hold your device hostage unless you pay a price. Links and attachments can come in the form of emails or pop-up advertisements.
|
|
Puppy Scams. Pets make great gifts, but there's a lot you should first consider. Should you decide it's the right decision, be careful about adopting a pet online. You could end up with a puppy mill pooch, or nothing at all. Fake pet sellers can lure you into thinking you're getting a four-legged friend, only to take your money and not deliver.
|
What to Do If You Are Scammed
- If you feel that someone is scamming you, don't respond to the email, and block it. If it's a phone call - hang up!
- If you provide your personal information (account, date of birth, online banking userID, password, etc.) contact your financial institution immediately.
- Use multi-factor authentication wherever possible.
 Update security software on your computer and mobile device.
|
| |
|
|
|
©2023 FS-ISAC, Inc. | All Rights Reserved.
|
2023-11 Check Fraud - A Low Tech, Increasing Crime
|
Nov 2023
Security is Everyone's Responsibility
|
Monthly Security Tips Newsletter
|
|
Check Fraud – A Low Tech, Increasing Crime
Key Points
- Check fraud is low tech and an increasing problem
- Check fraud losses estimate to reach $20 billion in losses
- Our customers can be a part of the solution to deter check fraud
Many consumers may not realize the different types of check fraud they face which brings greater risk should they fail to exercise appropriate awareness. According to the Federal Reserve, last year, banks issued about 680,000 reports of check fraud, nearly double what they reported in 2021. One expert predicted total check fraud will hit $24 billion in losses this year, roughly twice what it was just five years ago.
In everyday transactions, checks still offer a convenient way of paying for both individuals and businesses and create a literal “paper trail.” Checks can be made more secure, such as writing with permanent, indelible black gel ink that cannot be removed through washing techniques, because the ink seeps into the fibers of a check.
Smart Asset reminds consumers, “Check holds are designed to protect both you and the bank. They allow the bank time to ensure that the check deposit will go through so that you're not in danger of going into overdraft or having the check returned.”
Check Fraud Prevention Tips
Check fraud is supported by sophisticated criminal operations, with participants infiltrating post office distribution centers, setting up fake businesses, or creating fake IDs to deposit checks. Below are tips to reduce your risk:
- Deposit mail containing checks in boxes close to collection times or only inside post office locations
- Use pens with permanent ink that can’t be removed through washing techniques
- Monitor and balance checking accounts regularly to quickly spot anomalies
|
- Consider using “Informed Delivery,” a free US Postal Service option that sends you a picture of your mail before delivery, so you can determine if anything is missing after it arrives
- Whenever possible, switch to secure electronic payment methods
|
What to Do If You Are Scammed
If you think you’ve been targeted by a check fraud scam, report it to us immediately. In addition to notifying the bank whose name is on the check, you can notify the website or online service where you encountered the scammer (for example, the online auction website or job posting website), so they can block them from utilizing their services in the future. You can also contact any of the following agencies:
- The US Postal Inspection Service at www.uspis.gov (if you received the check in the mail).
- Your state or local consumer protection agencies. Visit NAAG (www.naag.org) for a list of state Attorneys General.
- For possible online crimes involving counterfeit checks and money orders, file an online complaint with the Internet Crime Complaint Center (www.ic3.gov) (a joint project of the FBI and National White Collar Crime Center).
Of course, it’s always important to regularly monitor and balance checking accounts to quickly spot anomalies, report suspected fraud, and stop future fraud attempts. Lastly, we support the safety of our business and individual checking accounts by watching for signs of check fraud, including non-consecutive check numbers and unusually large check amounts or deposits.
|
|
|
|
|
|
©2023 FS-ISAC, Inc. | All Rights Reserved.
|
2023-10 Meeting the Challenge to be Cyber Safe
|
Oct 2023
Security is Everyone's Responsibility
|
Monthly Security Tips Newsletter
|
|
Meeting the Challenge to be Cyber Safe
Key Points
- You are the target of cyber criminals
- Cybersecurity awareness is available to reduce your risk
- There are four key behaviors for improved self-protection
Most consumers are unaware that malicious cyber activity is a criminal enterprise, and like any business, there is a business model based on profit. Within its structure are various teams comprising leadership, marketing, operations, security, business development, and more. You are their customer/victim target. The below rewards of good cyber hygiene will help you remain cyber safe!
There are also other considerations such as a person’s awareness and the sophistication of the scam. It’s important for consumers to consider these factors now, especially as the holiday season nears. October 2023 is Cybersecurity Awareness Month. Since 2004, October has been a dedicated month for the public and private sectors and tribal communities to work together to raise awareness about the importance of cybersecurity. This Cybersecurity Awareness Month will focus on four key behaviors:
|
Risk
|
Reward
|
|
Not using long, unique, and complex passwords. Would you leave all your most precious valuables in a tin box with a plastic zip-tie? Of course not. However, if you’re using short, common, and simple passwords for each online account or reusing passwords, that is what you’re doing. With compromised passwords, cybercriminals can access banking accounts, take over, wire transfer money, or make online purchases.
|
First, verify if your email address(es) has been compromised at https://haveibeenpwned.com. If so, there is a strong likelihood that your password has been compromised too. Next, create a new long, unique, and complex passphrase like “1mnevergonn@BaVictim” for each account or use a password manager that can generate and store all of your passwords, so you only need to remember a single long, unique, and complex passphrase.
|
|
Not enabling or using multi-factor authentication. Using the above illustration, if you had the opportunity to place your most precious valuables in a vault but didn’t, your valuables would still be vulnerable. You risk losing them, perhaps never regaining them.
|
Multi-factor authentication is a cybersecurity measure for an account that requires anyone logging in to prove their identity multiple ways. Multi-factor authentication makes it extremely hard for hackers to access your online accounts, even if they know your password, thus adding greater security to protect your assets. Implement multi-factor authentication for any account that permits it, especially any account associated with work, school, email, banking, and social media.
|
|
Not uploading and installing software patches timely. Failing to patch the multitude of applications is akin to leaving your keys in the front door and securing your safe with scotch tape.
|
Every day, software and app developers focus on keeping their users and products secure. If you install the latest updates for devices, software, and apps, not only are you getting the best security available, but you also ensure that you get access to the latest features and upgrades.
|
|
|
|
|
|
|
©2023 FS-ISAC, Inc. | All Rights Reserved.
|
2023-09 Be Fraud Wise
|
Sept 2023
Security is Everyone's Responsibility
|
Monthly Security Tips Newsletter
|
Be Fraud Wise
Summary
You’ve won a lottery that you did not register for. Congratulations! Now if you will only provide us with funds to pay for the taxes up front and provide us with your bank account information…
The tactics found in all fraud scams include the same goal: To obtain your personally identifiable and financial information to steal money. When it comes to fraud, there are no exceptions to the rule.
Fraud Victim Types
When we think about fraud victim types, Psychology Today states, “Findings in this area are mixed, particularly in terms of education, sex, and race. As for age, some data indicates older people may be at a greater risk of losing more money per fraud incident; nevertheless, victimization rates appear to be highest in the middle-aged age group.” There are also other considerations such as a person’s awareness and sophistication of the scam.
Prevention Tips
Always exercise caution when it comes to your personal information, banking account information, and online banking credentials. Remember to:
- Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token - a small physical device that can hook onto your key ring. Read Multi-Factor Authentication (MFA) How-to-Guide for more information.
- Use the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts. Read Creating a Password Tip Sheet for more information.
|
Practice safe web browsing wherever you are by checking for the “green lock” or padlock icon in your browser bar—this signifies a secure connection.
|
|
When you find yourself out in the great “wild Wi-Fi West,” avoid free Internet access with no encryption.
|
|
If you do use an unsecured public access point, practice good Internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or debit/credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi.
|
|
Don’t reveal personally identifiable information such as your bank account number, social security number, date of birth, or banking credentials to unknown sources.
|
|
Type website URLs directly into the address bar instead of clicking on links or cutting and pasting from the email.
|
Top Fraud Scams
The Consumer Financial Protection Bureau identifies some of the most common types of fraud and scams.
- Charity
- Debt collection, settlement, and relief
- Regulator logo misuse
- Foreclosure relief, mortgage loan modification
- Grandparent
- Imposter
- Mail
- Money mule
- Money Transfer, mobile payment services
- Lottery
- Romance
Please remember, if you have had your bank account information stolen or find out that you have been a victim of fraud, report it to your financial institution immediately and visit https://www.usa.gov/where-report-scams and report the matter to the appropriate agency.
|
|
|
|
|
|
©2023 FS-ISAC, Inc. | All Rights Reserved.
|
Identifying and Preventing Elder Abuse
- What is Elder Abuse?
Elder abuse is a willful act or a failure to act that creates or causes a risk of harm to an older adult. An older adult is considered to be someone age 60 or older. The abuse occurs at the hands of a family member, a caregiver, or a person the elder trusts. Common types of elder abuse include:
- Physical abuse occurs when an elderly person encounters illness, pain, injury, functional impairment, distress, or death as a result of the willful use of physical force and may include actions such as kicking, hitting, pushing, slapping, or burning.
- Sexual abuse is the unwanted or forced sexual interaction of any kind with an older adult. This could include unwanted sexual contact or non-contact actions such as sexual harassment.
- Psychological or Emotional abuse refers to verbal or nonverbal behaviors that inflict anguish, mental pain, fear, or distress on an older adult. Examples may include humiliation and/or disrespect, verbal and non-verbal threats, harassment, and isolation (geographic or interpersonal).
- Neglect is a failure to meet an older adult’s basic needs. These needs may include food, water, clothing, shelter, hygiene, and essential medical care.
- Financial Abuse is the unauthorized, improper, or illegal use of an older adult’s money, assets, benefits, property, or belongings for the explicit benefit of someone other than
the elderly adult. Common financial abuse scenarios include:
- Misappropriation of income or assets
- Improper or fraudulent use of the power of attorney or fiduciary authority
- Obtain money or property by undue influence
- Scams
- How big is the problem?
Elder abuse is a serious problem in the United States. The number of cases is underestimated as the number of nonfatal injuries is limited to older adults who
are treated in emergency departments. The information doesn’t include those treated by other providers or those that do not need or do not seek treatment. Additionally, because elders are afraid or
unable to tell police, friends, or family about the violence, many cases aren't reported. Victims need to decide whether to tell someone they are being hurt or continue to be abused by someone they depend upon
or care for deeply.
Elder abuse is common. Approximately 1 in 10 people aged 60 and over who live at home experienced abuse, including exploitation and neglect. In the years 2002 through 2016,
more than 643,000 older adults were treated in the emergency department for nonfatal assaults and over 19,000 homicides occurred.
Financial abuse is hard-to-detect and is becoming a widespread issue. Financial neglect occurs when an older adult’s financial responsibilities such as paying rent or mortgage, medical expenses or
insurance, utility bills, or property taxes, are ignored, and the person’s bills are not paid. Even strangers can steal financial information using the telephone, internet, or email. Be careful about sharing any financial information
over the phone or online.
- How can elder abuse be prevented?
There are many factors that may increase or decrease the risk of inflicting and/or experiencing elder abuse. To prevent elder abuse, we must observe and correct the factors that put people at risk for or protect them from violence.
- Observe signs of insufficient care or unpaid bills despite adequate financial resources.
- Learn how signs of elder abuse are different from the normal aging process.
- Listen to older adults and their caregivers to understand challenges and provide support.
- Learn how to recognize and report elder abuse
- Provide stressed caregivers with support from family and friends, day care programs, and counseling.
- How can you avoid becoming a victim of financial abuse?
- Use direct deposit for all checks. Sign your own checks and do not sign a "blank check" for anyone.
- Have a trusted third person review your bank statement if someone helps you manage your finances. Put all financial instructions in writing and be specific.
- Establish a banking relationship with the staff at your bank.
- Execute a power of attorney with a trusted friend, relative, or attorney. The definition of this may be as limited or as broad as you wish.
- Do not sign over money or property to anyone in return for care, including family and friends.
- Keep all important documents together. This includes wills/trusts, insurance policies, and bank account information. Be sure to let someone know where these documents are kept.
- Never give out credit card numbers over the phone unless you placed the call. Never give out your Social Security Number or bank account number over the phone.
- If something seems "to good to be true," it is probably a scam. This includes being told you won a prize for a drawing you did not enter or that someone will get you 100 percent return on an investment.
- How can elder abuse be reported?
To report elder abuse and to learn more, please follow the links below.
Security Basics
Online Security
Computer Safety
Business Protection
Identity Theft
Privacy Policy
Cyber Tips Newsletters
Elder Abuse
