Security of Your Personal Information
The popularity and rapid growth of the Internet has certainly provided consumers with an unprecedented amount of information and services. Access to information from financial institutions is no exception. Banking customers in the U.S. alone perform millions of account transactions each day. Online banking certainly has benefits for Internet-savvy customers.
Unfortunately, online banking also has benefits for Internet-savvy criminals. According to the SANS Institute, a cooperative research and education organization that monitors Internet security, the vast majority of organized attacks on Internet-connected computers are orchestrated by criminals. These attackers are usually interested in two things; finding a way to 'hijack' and take control of your computer so they can use it for their own purposes, or gaining access to your computer to scan for personal information that can be used to their advantage. The information they look for is usually credit card numbers, bank account numbers, account passwords and PIN's - basically any personal information that can be used to gain access to your financial accounts.
Any computer that is connected to the Internet, whether by telephone dial-up service, wireless service or broadband service, is vulnerable to such attacks. The following information is provided to educate our customers on the many ways criminals try to gain access to your personal information.
Identity fraud is the fastest-growing crime in the United States, costing its victims over $475 million per year, according to the Federal Trade Commission. Yet, it happens so quietly, most people don't realize they've been victimized until months later. Identity theft -- or fraud -- occurs when someone uses your personal information without your permission to make illegal purchases, withdrawals, or to open financial accounts. This can damage your credit rating and your reputation.
What is The Bank of LaFayette Doing to Prevent Fraud?
After the events of September 11, 2001, legislation was passed to help prevent fraud. Evidence shows that credit card, debit card, and similar fraud is a major source of funding for terrorists. To safeguard our nation against terrorists, and to help prevent you from becoming a victim of fraud, all financial institutions are required to more carefully verify the identity of our account owners, loan applicants, parties to trusts, and individuals who purchase investment products.
This means we may ask you additional questions at the time of your transaction. We may also ask you to provide one or more types of identification (ID), such as a driver's license, U.S. taxpayer ID number, or other government-issued document that verifies your nationality or residence. By answering these questions and providing the required forms of identification, you can help us to meet the requirements and better protect you against identity theft.
What Happens to the Information You Provide Us?
What Else Can You Do to Prevent Fraud?
You may also wish to do the following:
What if You Discover That You Are A Victim of Fraud?
Contact the Federal Trade Commission at www.ftc.gov or by phone at 1-877-438-4338 or by mail at Consumer Response Center, F.T.C., 600 Pennsylvania Avenue NW, Washington, DC 20580
Contact the following three major credit reporting agencies to put yourself on Fraud Alert and request a copy of your credit report:
Cancel all accounts that have fraudulent activity or are at risk.
Contact your local law enforcement agency.
Contact the U.S. Postal Service if you know or suspect your mail has been stolen.
Keep detailed records of any theft of your identity and of your activities to resolve the theft, including logs of the following:
(Portions of the information on Identity Fraud were prepared by the Banker's Systems, Inc.)
Law enforcement officials use the word "phishing" to describe a type of identity theft by which scammers use fake Web sites and e-mails to "fish" for valuable personal information from consumers. In the typical phishing scam, you receive an e-mail supposedly from a company or financial institution you may do business with or from a government agency. The e-mail describes a reason you must "verify" or "re-submit" confidential information — such as bank account and credit card numbers, Social Security numbers, passwords and personal identification numbers (PINs) — using a return e-mail, a form on a linked Web site, or a pop-up message with the name and even the logo of the company or government agency. Perhaps you're told that your bank account information has been lost or stolen or that limits may be imposed on your account unless you provide additional details. If you comply, the thieves hiding behind the seemingly legitimate Web site or e-mail can use the information to make unauthorized withdrawals from your bank account, pay for online purchases using your credit card, or even sell your personal information to other thieves.
"These thieves are very good at convincing you that you are receiving a legitimate message or using a Web site from a trusted source," says Michael Benardo, a manager in the FDIC's Technology Supervision Branch.
While federal and state laws and industry practices generally limit dollar losses for unauthorized transfers from accounts, if an ID thief uses your name to commit fraud you are likely to spend a great deal of time and money — sometimes hundreds or thousands of dollars — correcting your credit files or otherwise defending yourself. Therefore, it's very important to be on guard against phishing scams and other types of Internet fraud.
What Can I Do To Protect Myself from Phishing Scams?
Never provide your personal information in response to an unsolicited call, fax, letter, e-mail or Internet advertisement. "If you did not initiate the communication, do not give this information, regardless of how legitimate or genuine these people or entities may appear to be," says William Henley, Jr., an FDIC electronic banking specialist.
If you decide to initiate a transaction with a bank or other entity on the Web, take some simple precautions. Don't provide personal information to a Web site using a link from an e-mail or an Internet advertisement, no matter how legitimate it may appear. "Clicking on a link in an e-mail or an Internet ad is very risky," says Donald Saxinger, another FDIC electronic banking specialist. "You're always safer typing in the URL (Web address) from scratch, assuming you type it in correctly." The problem with typing a URL incorrectly or guessing about a Web address is that some fraudulent, copycat sites deliberately use URLs that are very similar to, but not the same as, those for well-known companies or government agencies. When contacting your bank, for example, use the phone number or Web address listed on your monthly statements or other literature from the institution.
Quickly report anything suspicious to the proper authorities. Report any questionable e-mail message or Web site to the real bank, company or government agency, using a phone number or e-mail address from a reliable source. Example: If your bank's Web page looks different or unusual, contact the institution directly to confirm that you haven't landed on a copycat Web site set up by criminals. "Customer inquiries about changes to a Web site are one of the most prevalent ways that banks and other organizations are finding out about unauthorized sites containing the look and feel of a legitimate Web site," says Paul Onischuk, also an FDIC electronic banking specialist. And if you're pretty sure an e-mail or Web site is fraudulent, contact the Internet Crime Complaint Center (www.ifccfbi.gov), a partnership between the FBI and the National White Collar Crime Center.
What If I Am Already A Victim of a Phishing Scam?
If you believe you are a victim of ID theft due to a phishing scam, perhaps because you submitted personal information in response to a suspicious, unsolicited e-mail or you spotted unauthorized charges on your credit card, immediately contact your financial institution and, if necessary, close existing accounts and open new ones. Also contact the police and request a copy of any police report or case number for later reference. In addition, call the three major credit bureaus (Equifax at 800-525-6285, Experian at 888-397-3742 and TransUnion at 800-680-7289) to request that a fraud alert be placed on your credit report.
You also can file a complaint or learn more about ID theft and Phishing scams by going to the Federal Trade Commission Web site at www.ftc.gov or calling toll-free 877-382-4357.
(The information on Phishing was taken from FDIC Consumer News - Winter 2003/2004)
"Pharming" is the practice of redirecting Internet domain name requests to false Web sites in order to capture personal information, which may later be used to commit fraud and identity theft. For example, an Internet banking customer, who routinely logs in to his online banking Web site, may be redirected to an illegitimate Web instead of accessing his or her bank's Web site.
Pharming can occur in four different ways:
What Can I Do to Protect Myself from Pharming Scams?
The Bank of LaFayette has taken stringent steps to reduce the likelihood that domain hijacking and DNS poisoning will occur. If you are a customer of The Bank of LaFayette (or any other financial institution for that matter) you need to be concerned about domain name spoofing and malicious software.
Domain Name Spoofing
If you are suspicious of a website you have accessed, call your financial institution and ask them to give you the their website's address. Inform the institution if the address is different. When calling the institution, look up the telephone number yourself and do not depend on the accuracy of any phone numbers on the website as it may be fraudulent as well.
Malicious software (Malware)
Make sure that you have current versions of virus detection software, firewalls and spyware scanning tools installed on your computer(s) to reduce computer infections. You should also regularly update these tools to combat new threats.
(Portions of the information provided on pharming was taken from FDIC Financial Institution Letter FIL-64-2005)
One of the fastest growing 'threats' on the Internet has become “spyware” – a form of software that collects personal and confidential information about a person or organization without their proper knowledge or informed consent, and reports it to a third party. Many firewall and anti-virus software packages do not protect computers from spyware.
How Can My PC Become Infected with Spyware?
Spyware is usually installed without a user's knowledge or permission. However, users may intentionally install spyware without understanding the full ramifications of their actions. A user may be required to accept an End User Licensing Agreement (EULA), which often does not clearly inform the user about the extent or manner in which information is collected. In such cases, the software is installed without the user's “informed consent.”
Spyware can be installed through the following methods:
What Are the Behaviors Associated With Spyware?
Spyware can be difficult to detect and remove because it:
What Are The Risks Associated With Spyware?
Spyware increases the risk to users by:
What Can I Do To Minimize The Risk Of A Spyware Infection On My Computer?
You can prevent and detect spyware by:
(portions of the information provided on spyware was taken from FDIC Institutional Letter FIL-66-2005)