Identity Theft / Security Tips

While the techniques online criminals use to fraudulently obtain your personal information is constantly evolving, most online threats will fall into one of the following categories:

Phishing (pronounced “fishing”):   Phishing involves a fraudster impersonating a trustworthy company with the intent of fraudulently acquiring sensitive information.   Impersonations can occur through illegitimate websites and emails using legitimate logos.  Legitimate organizations would never request such information from you via email.  They would already have this information on file.

Smishing:  Smishing is a form of phishing that uses text messages sent to a user falsely claiming to be a legitimate company.  The message will direct the text message recipient to a website or to call a phone number where they are asked for personal information. The website or phone number is bogus and set up only to steal the user’s information.

Vishing:  Vishing typically involves using a telephone to acquire sensitive financial information, again masquerading as a legitimate company.  The call may direct the recipient to visit a website or call a number where you are then asked to update your personal information.  The website or phone number is bogus and set up only to steal the user’s information.

Malware (aka malicious software):  Malware is software designed to infiltrate a computer system without the owner’s informed consent.  Malware can include computer viruses, worms, trojan horses, spyware and other malicious and unwanted software.  You can get malware by opening a deceptive email (phishing) or text (smishing) and clicking on the attachment or link provided.   Once malware is downloaded on your computer or mobile device it is often used to collect personal data and spy on your online activities.

Ransomware: Ransomware is a very fast-growing form of malware that targets critical data and systems for the purpose of extortion.  Commonly, ransomware is delivered through phishing emails.

Due to their convenience and usefulness, mobile devices such as smartphones and tablets have become commonplace in today’s world. Because these devices allow others to go online, they also carry threats of identity theft. Many of these threats are like those of a personal computer also. To stay protected while using a mobile device, we recommend the following tips:

• Protect your mobile device with a password or a passcode.
• Do not share or write down your device’s passwords or login credentials.
• Do not keep your passwords or login credentials on your device.
• Set up your device to automatically lock and require a password after not being in use.
• When using apps that utilize sensitive information, such as your online banking app, always “Log out” when you have completed your session.
• Never send any personal information via text message; they are not secure and can be intercepted by hackers.
• Be careful when browsing the internet, do not allow your device to connect to unknown wireless networks.
• Consider adding additional security and antivirus software to your mobile device.
• Smartphones require periodic updates. If updates are neglected, it increases the risk of having your device hacked or compromised.

Scammers have many ways to trick you out of your personal identifying information and/or money. Below are just a few you should be aware of.

Job Employment Scam

Criminals promote fake job opportunities through many of the same job boards that legitimate companies use, such as online job sites, social media platforms and newspapers. The fake postings claim to offer employment but are instead used to acquire victims’ personal information and financial assets.

Money Mule Scams

Money Mules are criminals who obtain money illegally and need to hide or launder the source of the funds. One method they use is to look for people to transfer that money for them. If someone sends you money and asks you to send some or all of it to someone else, you could be a money mule. Often, scammers will approach you online, but they may also call you directly. Assisting as a money mule is a crime.

Peer-to-Peer Payment Scams

Peer-to-Peer payments allow consumers to transfer money using their bank accounts, debit cards or credit cards through a website or mobile app such as Cash App, Google Pay, PayPal, Remitly, Venmo and Zelle. Although the payment services can be easy to set up, simple to use and are generally secure, it is important to be aware that criminals may try to scam you into sending money using these services. Please ensure you know the person you are sending funds to when asked to pay via peer-to-peer payments.

Online Shopping Scam

Online shopping scams involve scammers pretending to be legitimate online sellers, either with a fake website or a fake ad on a genuine retail site. While many online sellers are legitimate, unfortunately scammers can use the anonymous nature of the internet to rip off unsuspecting shoppers by taking their payments and providing poor quality products or no products at all.

Credit Card Scams

Credit card fraud can happen online, over the phone, by text and in person. You can receive fake emails, have your information stolen in a data breach, or have your physical cards stolen. Here are some of the most common types of credit card fraud:

• Card-not-present (CNP) fraud: Scanners steal a cardholder’s credit card and personal information and then they use it to make purchases online or by the phone.
• Credit card application fraud: Criminals use stolen personal information to apply for credit cards.
• Account takeover: After stealing personal information, scammers contact credit card companies pretending to be the cardholder. They then change passwords and PIN numbers so they can take over the account.
• Credit card skimming: Skimmers are devices that steal credit card information from the magnetic strip on the back of the card. Scammers attach them to the credit card reader machines in ATMs, retail stores, gas stations and other businesses.
• Lost or stolen cards: One of the most basic credit card fraud schemes is to simply steal someone’s credit card or use a card someone has lost. Thieves also intercept credit cards sent to the cardholders in the mail.

Charity Scams

Charity scams may happen at any time, but they often occur after disasters or emergencies. Scams may be linked to current events such as international crises, to a recurrent concern like a cure for a disease. Some scammers chose to impersonate legitimate organizations, while others use a carefully crafted charity name to deceive you. Scammers may use social media posts, fake websites, emails or some may even go door-to-door to get you to donate.

Social Security Number Scam

In the latest twist on a scam related to Social Security Numbers, scammers claim to be able to suspend or cancel the victim’s SSN. It’s yet another attempt by scammers to get individuals to return ‘robocalls’ and give out more information.

Romance Scam

Millions of people are using dating apps or social networking sites to meet someone. Romance scammers will create fake profiles on those sites so you gain their trust, and they will talk you into sending them money electronically. Scammers do these things to pressure you into acting immediately.

• Always protect your card and keep it in a safe place, just like you would cash, credit cards or checks.
• Do not leave your card lying around, no one should have access to your card but you, immediately notify your bank if it’s lost or stolen.
• Keep your Personal Identification Number (PIN) a secret. Never write it down anywhere, especially on your card.
• Never give any information about your card or PIN over the phone. For example, if you receive a call, supposedly from your bank wanting to verify your PIN, do not give that information. Notify your bank immediately.

• Be aware of your surroundings! If you observe or sense suspicious people or circumstances, do not use the machine at that time.
• Have your card ready and in your hand as you approach the ATM.
• Visually inspect the ATM for possible skimming devices. Potential indicators can include evidence of an adhesive used by criminals to attach it to a device, scratches, damaged or crooked pieces, loose or extra attachments on the card slot, or noticeable resistance when pressing the keypad.
• Be careful that no one can see your PIN number at the ATM. Use your other hand or body to shield the ATM keyboard as you enter your PIN into the ATM.
• Keep your account information confidential, always take your receipts or transaction records with you.
• Do not count or visually display any money you received from the ATM. Immediately put your money into your pocket or purse and count it later.
• If you are using a drive-up ATM, be sure passenger windows are rolled up and all doors are locked. If you leave your car and walk to the ATM, lock your car.

There are many steps you can take to protect yourself from becoming a victim of identity theft:

• Regularly check your bank and billing statements.
• Do not carry personal information in your wallet or purse such as social security cards, bank or credit card numbers with passwords or PINs.
• Do not write your social security number or driver’s license number on checks.
• Use the post office or a postal box for outgoing mail.
• Shred or otherwise dispose of receipts and other personal documents.
• Regularly order a copy of your credit report to check for unusual items.
• Use strong or unique passwords (upper- and lower-case letters, numbers and special characters) on all devices.
• Never provide your personal information in response to an unsolicited call, fax, letter and email or internet advertisement.
• Do not respond to emails that may demand an immediate response and warn of dire consequences such as account closure or suspension. Contact the company to confirm the validity of the mail using the telephone number you know to be genuine.
• Never click on a link in an email or text that seems to come from your bank, IRS or any other company. If you think the message could be valid, log into your account directly without using the supplied link.
• Never open an attachment in an email or files downloaded from the internet unless you are sure they are from a trusted source.
• Install an antivirus solution on your computer, but never run more than one antivirus tool on your computer at the same time.
• Make sure you have the latest version of all installed software on all devices.

If you suspect you have become a victim of identity theft, take charge and act immediately.  The longer you avoid the problem the worse it will become.  Suggested action steps include:

• Contact each of the credit reporting agencies to request a fraud alert be placed in your credit file.

Equifax, visit them online at https://www.equifax.com/personal

Experian, visit them online at http://www.experian.com

Transunion, visit them online at https://www.transunion.com/

• Contact your local law enforcement agency and file a report. Be sure to get a copy of the report.
• Notify Bank 1st and any other credit grantors.
• Contact Government Agencies - The Federal Trade Commission is the federal government’s one-stop resource to help you report and recover from identity theft. Visit them online at https://www.identitytheft.gov.