Protect Your Identity
Protect Your Identity
Protect yourself by becoming informed about fraud and identity theft. Fraudulent email (also called phishing, spoofing or imposter email) and fraudulent Web sites are used to trick people into providing personal information that can be used for identity theft.
To help protect you against ID Theft as well as other Internet fraud, Tri-County Bank has developed a Checklist: Ten tips for accessing your accounts safely online. We recommend that you follow each of these steps to ensure you are taking the necessary safety precautions to protect your account information.
Protect yourself by becoming informed about fraud and identity theft. Fraudulent email (also called phishing, spoofing or imposter email) and fraudulent Web sites are used to trick people into providing personal information that can be used for identity theft.
To help protect you against ID Theft as well as other Internet fraud, Tri-County Bank has developed a Checklist: Ten tips for accessing your accounts safely online. We recommend that you follow each of these steps to ensure you are taking the necessary safety precautions to protect your account information.
- What is identity theft?
- Ten Tips for accessing your accounts safely online.
- How to recognize fraudulent email.
- What you can do about phishing schemes.
- How to avoid e-mail viruses and other malicious programs.
- Some recent examples of email and internet fraud.
- How to protect your identity off line.
- Some things you can do if you are a victim of identity theft. (section 2 )
What is identity theft?
Identity thieves want your personal information so they can:
Other ways are:
An Example (true story):
An attorney has his wallet stolen. Within a week, the thieve(s) ordered an expensive monthly cell phone package, applied for a VISA credit card, had a credit line approved to buy a Gateway computer, received a PIN number from the Department of Motor Vehicles to change his driving record info online. By the time the attorney discovered this by placing a fraud alert through the credit reporting bureaus (almost two weeks after the theft), all the damage had been done. There were records of all the credit checks initiated by the thieves’ purchases, none of which the attorney knew about before placing the alert. Since then, no additional damage has been done, and the thieves threw away his wallet (someone turned it in). It seemed to have stopped them dead in their tracks by placing the fraud alerts.
Identity thieves want your personal information so they can:
- Open a new credit card account, using your name, date of birth, and Social Security Number.
- Call your credit card issuer, pretending to be you, change the mailing address on your account, and then run charges up on your account.
- Open a bank account in your name and write bad checks on that account.
Other ways are:
- “dumpster diving”
- “skimming”
- “double swipe”
- “wallets and purses stolen”
- “personal information from your home”
- “pretexting”
- “phishing”
- “pharming”
- “counterfeit cashiers checks”
- “counterfeit money orders”
An Example (true story):
An attorney has his wallet stolen. Within a week, the thieve(s) ordered an expensive monthly cell phone package, applied for a VISA credit card, had a credit line approved to buy a Gateway computer, received a PIN number from the Department of Motor Vehicles to change his driving record info online. By the time the attorney discovered this by placing a fraud alert through the credit reporting bureaus (almost two weeks after the theft), all the damage had been done. There were records of all the credit checks initiated by the thieves’ purchases, none of which the attorney knew about before placing the alert. Since then, no additional damage has been done, and the thieves threw away his wallet (someone turned it in). It seemed to have stopped them dead in their tracks by placing the fraud alerts.
10 Tips for accessing your accounts safely online.
(To the top)
Read a newspaper or watch the evening news and chances are there will be something about identity theft or other types of Internet fraud. As Internet usage has grown, so has Internet-related crime, especially fraud. Since this will continue to be a growing issue of concern for consumers and the financial services industry alike, Tri-County Bank is taking aggressive steps to protect your information online, using sophisticated detection and prevention systems. We’ve also developed a checklist to help you protect yourself. We recommend that you implement each of these safety precautions to protect your account information.
1. Update your online banking password.
This is perhaps the easiest precaution! Although changing your password is not required, we strongly recommend that you change it on a regular basis. This will help keep your accounts secure should someone obtain your user ID and password. Choose passwords that are not obvious and that would be difficult to guess. To strengthen security, choose a password consisting of both alphabetic and numeric characters. And remember – never share your password with anyone else.
You can keep your Online Banking accounts more secure every time you access them by verifying your previous login date. Your login information appears on the bottom left-hand side of the Account Listing page under "Customer Summary Information." If you feel that the information may be inaccurate, please call us immediately at 1-888-632-7004 or 308-632-7004. Ask for Barb Gorr, Manager of NetBanking, Monday thru Friday, 8:00 am to 5:00 pm, or Saturday 8:30 am to12 noon, or report it to a Personal Banker at the location you do your banking.
3. Don’t open links in emails.
Hackers frequently try to get information from individuals by sending emails asking for verification of account information. These deceptive emails may say that your bank account has been closed due to fraudulent activity or that it needs to be verified. If you ever receive an email of this nature, do not open the attached files, and do not provide any personal information. Tri-County Bank will never solicit your personal or account information through email.
If you receive any email from Tri-County Bank or from anyone else – requesting personal or account information, please treat it as fraudulent and forward it to us at "Contact Us." Or, you can call us at Toll Free 1-888-632-7004 or, or 308-632-7004, or at any local Tri-County Bank that you do business with. Our Personal Bankers are available weekdays, 8:00 a.m. to 5:00 p.m. MST and Saturdays, 8 am to 12 noon.
4. Install a firewall.
A firewall is your computer’s first line of defense, because it protects your machine from hackers and intruders. A firewall is a software program that guards the entrance to your private network and keeps out unauthorized or unwanted traffic. It acts as a buffer between your computer and the outside world, allowing you to determine what traffic may access your computer. Purchase a firewall program from any local computer store. Most firewall programs allow you to set the level of security protection that you desire. A good rule of thumb is to start with the highest protection setting and then relax the settings as necessary. The price of a firewall program starts at about $40 and includes features such as email attachment protection, advertisement blocking, pop-up-window protection and other automatic functions.
5. Use anti-virus software.
Anti-virus software protects your computer against viruses – unauthorized computer codes that attach to a program or portions of a computer system. Viruses reproduce and spread from one computer to another, destroying stored information and interrupting operations. An anti-virus program detects and destroys these unauthorized codes. With new viruses emerging daily, you need to have your anti-virus program updated regularly. Software manufacturers often sell their anti-virus programs with their firewall as a package, since they’re natural complements.
6. Use anti-spyware software.
Spyware is any software program that aids in gathering information electronically about people or organizations without their knowledge or consent. It then relays that information to an unauthorized third party. Users most often open the door to spyware unknowingly by downloading free software indiscriminately or by clicking on pop-ups or dialogue boxes.
Some kinds of spyware will redirect your browser to a new home page (not of your choosing). Others generate multiple pop-up ads that can make web surfing a chore. Another type of spyware known as a “keystroke logger” can cause the most damage, because this type of program records a copy of each character you type (such as user names and passwords to secure web sites) and sends that information to an unauthorized party who can steal your personal information. Among the anti-spyware programs on the market today, some are free, but most cost about $25
7. Read your user licensing agreements.
It’s possible for you to inadvertently agree to accept spyware with a program you're downloading. So be sure to thoroughly read any agreement included with applications or software you’re about to download. Complete the download only if you recognize the additional programs included and you know they are safe. Always deal with reliable sources – products or companies you know or that are recommended by others you trust.
8. Examine browser security settings.
Make sure the security settings in your browser (Internet Explorer, for example) are set to provide an appropriate level of protection. Browser-based attacks can occur when a user visits a web page containing hidden code intended to sabotage a computer or compromise one’s privacy. Use the "Help" feature of your Internet browser program to familiarize yourself with the security features available for your particular browser, or visit the browser manufacturer’s web site for more information.
Your Internet service provider (AOL, for example) and your Internet browser software manufacturer (for example, Microsoft) periodically issue security updates. These updates are often created to patch holes that allow viruses to get through. Many reputable software manufacturers dedicate sections of their web sites to security updates of this kind. If you don't have or don’t use auto-update mechanisms in your software, it’s a good idea to visit the manufacturers’ websites regularly to make sure you have the latest fixes.
10. Use a secured computer at all times!
Use a computer that is secured at all times, even when you’re traveling. Even if you follow all the steps outlined here for your home computer, none of it will matter if you use a different computer that isn’t secured. Be especially aware of this if you are traveling, for instance, or whenever you’re using a work or personal computer that you typically don’t use. If you must use a computer other than your own, first make sure that it has all of the items on this checklist installed and updated on its system.
For the same reasons, it is also a good rule of thumb to avoid letting unfamiliar people have access to your computer. And, whenever you’re not using the Internet, we recommend disconnecting your Internet access.
Read a newspaper or watch the evening news and chances are there will be something about identity theft or other types of Internet fraud. As Internet usage has grown, so has Internet-related crime, especially fraud. Since this will continue to be a growing issue of concern for consumers and the financial services industry alike, Tri-County Bank is taking aggressive steps to protect your information online, using sophisticated detection and prevention systems. We’ve also developed a checklist to help you protect yourself. We recommend that you implement each of these safety precautions to protect your account information.
1. Update your online banking password.
This is perhaps the easiest precaution! Although changing your password is not required, we strongly recommend that you change it on a regular basis. This will help keep your accounts secure should someone obtain your user ID and password. Choose passwords that are not obvious and that would be difficult to guess. To strengthen security, choose a password consisting of both alphabetic and numeric characters. And remember – never share your password with anyone else.
To change your password2. Verify your last login date.
1. Log in to Online NetBanking.
2. Select the "Options" Tab on blue line at top.
3. Select "Personal Options--Change Password".
4. Follow the remaining instructions to change your password.
You can keep your Online Banking accounts more secure every time you access them by verifying your previous login date. Your login information appears on the bottom left-hand side of the Account Listing page under "Customer Summary Information." If you feel that the information may be inaccurate, please call us immediately at 1-888-632-7004 or 308-632-7004. Ask for Barb Gorr, Manager of NetBanking, Monday thru Friday, 8:00 am to 5:00 pm, or Saturday 8:30 am to12 noon, or report it to a Personal Banker at the location you do your banking.
3. Don’t open links in emails.
Hackers frequently try to get information from individuals by sending emails asking for verification of account information. These deceptive emails may say that your bank account has been closed due to fraudulent activity or that it needs to be verified. If you ever receive an email of this nature, do not open the attached files, and do not provide any personal information. Tri-County Bank will never solicit your personal or account information through email.
If you receive any email from Tri-County Bank or from anyone else – requesting personal or account information, please treat it as fraudulent and forward it to us at "Contact Us." Or, you can call us at Toll Free 1-888-632-7004 or, or 308-632-7004, or at any local Tri-County Bank that you do business with. Our Personal Bankers are available weekdays, 8:00 a.m. to 5:00 p.m. MST and Saturdays, 8 am to 12 noon.
4. Install a firewall.
A firewall is your computer’s first line of defense, because it protects your machine from hackers and intruders. A firewall is a software program that guards the entrance to your private network and keeps out unauthorized or unwanted traffic. It acts as a buffer between your computer and the outside world, allowing you to determine what traffic may access your computer. Purchase a firewall program from any local computer store. Most firewall programs allow you to set the level of security protection that you desire. A good rule of thumb is to start with the highest protection setting and then relax the settings as necessary. The price of a firewall program starts at about $40 and includes features such as email attachment protection, advertisement blocking, pop-up-window protection and other automatic functions.
5. Use anti-virus software.
Anti-virus software protects your computer against viruses – unauthorized computer codes that attach to a program or portions of a computer system. Viruses reproduce and spread from one computer to another, destroying stored information and interrupting operations. An anti-virus program detects and destroys these unauthorized codes. With new viruses emerging daily, you need to have your anti-virus program updated regularly. Software manufacturers often sell their anti-virus programs with their firewall as a package, since they’re natural complements.
6. Use anti-spyware software.
Spyware is any software program that aids in gathering information electronically about people or organizations without their knowledge or consent. It then relays that information to an unauthorized third party. Users most often open the door to spyware unknowingly by downloading free software indiscriminately or by clicking on pop-ups or dialogue boxes.
Some kinds of spyware will redirect your browser to a new home page (not of your choosing). Others generate multiple pop-up ads that can make web surfing a chore. Another type of spyware known as a “keystroke logger” can cause the most damage, because this type of program records a copy of each character you type (such as user names and passwords to secure web sites) and sends that information to an unauthorized party who can steal your personal information. Among the anti-spyware programs on the market today, some are free, but most cost about $25
7. Read your user licensing agreements.
It’s possible for you to inadvertently agree to accept spyware with a program you're downloading. So be sure to thoroughly read any agreement included with applications or software you’re about to download. Complete the download only if you recognize the additional programs included and you know they are safe. Always deal with reliable sources – products or companies you know or that are recommended by others you trust.
8. Examine browser security settings.
Make sure the security settings in your browser (Internet Explorer, for example) are set to provide an appropriate level of protection. Browser-based attacks can occur when a user visits a web page containing hidden code intended to sabotage a computer or compromise one’s privacy. Use the "Help" feature of your Internet browser program to familiarize yourself with the security features available for your particular browser, or visit the browser manufacturer’s web site for more information.
To edit your security settings for Internet Explorer:9. Take advantage of security updates.
1. Click on Tools on the menu bar.
2. Then click on Internet Options on the pull-down menu.
3. Last, click on Security.
Your Internet service provider (AOL, for example) and your Internet browser software manufacturer (for example, Microsoft) periodically issue security updates. These updates are often created to patch holes that allow viruses to get through. Many reputable software manufacturers dedicate sections of their web sites to security updates of this kind. If you don't have or don’t use auto-update mechanisms in your software, it’s a good idea to visit the manufacturers’ websites regularly to make sure you have the latest fixes.
10. Use a secured computer at all times!
Use a computer that is secured at all times, even when you’re traveling. Even if you follow all the steps outlined here for your home computer, none of it will matter if you use a different computer that isn’t secured. Be especially aware of this if you are traveling, for instance, or whenever you’re using a work or personal computer that you typically don’t use. If you must use a computer other than your own, first make sure that it has all of the items on this checklist installed and updated on its system.
For the same reasons, it is also a good rule of thumb to avoid letting unfamiliar people have access to your computer. And, whenever you’re not using the Internet, we recommend disconnecting your Internet access.
How to recognize fraudulent email.
(To the top)
Be wary of any seemingly legitimate looking email (usually with a colored official looking logo) request for account information, asking you to verify or reconfirm confidential personal information such as account numbers, Social Security Numbers, passwords or other sensitive information.
It’s often hard to detect a fraudulent email. That’s because the email address of the sender often seems genuine (such as "support@yourbank.com"), as do the design and graphics. But there are clear signs to be aware of. For example, fraudulent emails often try to extract personal information from you in one of two ways:
Do not reply to any email requesting your personal information, or one that sends you personal information and asks you to update or confirm it. If you receive an email you are suspicious of, contact the bank, credit card company or any other company through an address or telephone number you know to be genuine. Tri-County Bank will never send you any email that requests your account information or asks you to verify a statement.
If you suspect you have provided confidential account or personal information to a fraudulent Web site, change your password immediately, monitor your account activity frequently and report any suspicious activity to the company.
Be wary of any seemingly legitimate looking email (usually with a colored official looking logo) request for account information, asking you to verify or reconfirm confidential personal information such as account numbers, Social Security Numbers, passwords or other sensitive information.
It’s often hard to detect a fraudulent email. That’s because the email address of the sender often seems genuine (such as "support@yourbank.com"), as do the design and graphics. But there are clear signs to be aware of. For example, fraudulent emails often try to extract personal information from you in one of two ways:
1. By luring you into providing it on the spot (e.g., by replying to the email), orLike the email, a fraudulent Web site is designed to trick you into believing it belongs to a company you know by using its brands as domain names and/or its logo graphics. The ultimate goal of this fraud is to use your information to gain unauthorized access to your bank or financial accounts or to engage in other illegal acts.
2. Including links to a Web site that tries to get you to disclose personal data
Do not reply to any email requesting your personal information, or one that sends you personal information and asks you to update or confirm it. If you receive an email you are suspicious of, contact the bank, credit card company or any other company through an address or telephone number you know to be genuine. Tri-County Bank will never send you any email that requests your account information or asks you to verify a statement.
If you suspect you have provided confidential account or personal information to a fraudulent Web site, change your password immediately, monitor your account activity frequently and report any suspicious activity to the company.
What you can do about phishing schemes?
(To the top)
The Department of Justice recommends following three simple rules when you see emails or Web sites that may be part of a phishing scheme: Stop, Look, and Call.
1. Stop. Phishers typically include upsetting or exciting (but false) statements in their emails with one purpose in mind. They want people to react immediately to that false information, by clicking on the link and inputting the requested data before they take time to think through what they are doing. Resist that impulse to click immediately. No matter how upsetting or exciting the statements in the email may be, there is always enough time to check out the information more closely.
2. Look. Look more closely at the claims made in the email, think about whether those claims make sense, and be highly suspicious if the email asks for numerous items of your personal information such as account numbers, usernames, or passwords.
The Department of Justice recommends following three simple rules when you see emails or Web sites that may be part of a phishing scheme: Stop, Look, and Call.
1. Stop. Phishers typically include upsetting or exciting (but false) statements in their emails with one purpose in mind. They want people to react immediately to that false information, by clicking on the link and inputting the requested data before they take time to think through what they are doing. Resist that impulse to click immediately. No matter how upsetting or exciting the statements in the email may be, there is always enough time to check out the information more closely.
2. Look. Look more closely at the claims made in the email, think about whether those claims make sense, and be highly suspicious if the email asks for numerous items of your personal information such as account numbers, usernames, or passwords.
For example:3. Call. If the email or Web site purports to be from a legitimate company or financial institution, call that company directly and ask whether the email or Web site is really from that company. To be sure that you are contacting the real company or institution where you have accounts: credit card accountholders, call the toll-free customer numbers on the backs of your cards; and bank customers can call the telephone numbers on your bank statements.
A. If the email indicates that it comes from a bank or other financial institution where you have a bank or credit card account, but tells you that you have to enter your account information again, that makes no sense. Legitimate banks and financial institutions already have their customers' account numbers in their records. Even if the email says a customer's account is being terminated, the real bank or financial institution will still have that customer's account number and identifying information.
B. If the email says that you have won a prize or are entitled to receive some special "deal," but asks for financial or personal data, there is good reason to be highly suspicious. Legitimate companies that want to give you a real prize, don’t ask you for extensive amounts of personal and financial information before you're entitled to receive it.
How to avoid viruses and other malicious programs.
(To the top)
If you receive a suspicious email, don’t open it. Immediately delete both the email and the attachment, as it may contain a virus or malicious program. Do not open the attachment. If you do open an attachment containing a virus or other malicious program, clean your system using anti-virus software and change your Internet and system passwords. We encourage you to use and maintain the most updated anti-virus software. Never open emails or attachments that come from an unrecognized source
If you receive a suspicious email, don’t open it. Immediately delete both the email and the attachment, as it may contain a virus or malicious program. Do not open the attachment. If you do open an attachment containing a virus or other malicious program, clean your system using anti-virus software and change your Internet and system passwords. We encourage you to use and maintain the most updated anti-virus software. Never open emails or attachments that come from an unrecognized source
Some recent examples of e-mail and internet fraud.
(To the top)
"Closed account” hoaxes: An email is sent purporting to be from a financial institution or the FDIC, saying that the recipient’s account has been closed or frozen, and requesting that they click on a link provided in the email. The link takes them to an imposter Web site, which requests that they provide information about their account. The fake FDIC emails attempted to frighten the recipient by saying falsely that the Director of the Department of Homeland Security has advised the FDIC to suspend all deposit insurance on the email recipient's bank account due to violations of the USA Patriot Act.
“Accounting department” hoax: Email has been sent to individuals at various companies, purportedly from that company’s accounting department. The message asks the recipient to open an attachment to read an Internet Billing Notice. The attachment contains a virus, which then sends itself to everyone in the recipient’s email contact list.
”Internet auction” hoaxes: People selling items on eBay and other Internet auction sites have been given counterfeit checks in payment for an item. The buyer sends the seller a counterfeit check for more than the item’s selling price and requests that the seller send the difference back to the buyer through Western Union or some other means. When selling an item on the Internet, only accept payment for the actual amount of the item that you are selling. If you suspect the payment item might not be good, call the bank from which it is drawn to verify the form of payment before shipping the item.
"Closed account” hoaxes: An email is sent purporting to be from a financial institution or the FDIC, saying that the recipient’s account has been closed or frozen, and requesting that they click on a link provided in the email. The link takes them to an imposter Web site, which requests that they provide information about their account. The fake FDIC emails attempted to frighten the recipient by saying falsely that the Director of the Department of Homeland Security has advised the FDIC to suspend all deposit insurance on the email recipient's bank account due to violations of the USA Patriot Act.
“Accounting department” hoax: Email has been sent to individuals at various companies, purportedly from that company’s accounting department. The message asks the recipient to open an attachment to read an Internet Billing Notice. The attachment contains a virus, which then sends itself to everyone in the recipient’s email contact list.
”Internet auction” hoaxes: People selling items on eBay and other Internet auction sites have been given counterfeit checks in payment for an item. The buyer sends the seller a counterfeit check for more than the item’s selling price and requests that the seller send the difference back to the buyer through Western Union or some other means. When selling an item on the Internet, only accept payment for the actual amount of the item that you are selling. If you suspect the payment item might not be good, call the bank from which it is drawn to verify the form of payment before shipping the item.
(To the top)
Dumpster Diving: Dispose of printed account statements, ATM receipts, store and restaurant receipts and other documents containing your account information in a secure location. Shred papers with account or other personal information. Many identity thieves have obtained the information they needed by going through the victim’s trash, which is dumpster diving.
Shredder: Do not leave statements or other documents with your personal information lying around where others can see them. Shred them with a “cross-cut” shredder.
Minimize the amount of personal identifying information you carry. Reduce the risk of a criminal stealing this information. Don’t carry extra credit cards, your Social Security card, extra gas cards, store charge cards, insurance cards, birth certificate or passport.
As soon as you receive your credit card, do not sign the back. Instead, put “PHOTO ID REQUIRED.”
If you have been taken by identity theft —you should cancel your credit cards, bank accounts immediately. But the key is having the toll free numbers handy so you know whom to call. Make a list of all your credit cards, loans, account numbers, expiration dates and customer service phone number to call in a safe place in case of theft or loss to cancel. Make that list TODAY by taking everything out of your billfold and start listing, or photocopy the information on both sides!
Never give information over the phone for credit card numbers or loan account numbers unless you initiated the call.
Check your credit report for accuracy at least once in twelve months. The law now allows consumers to check their credit one time a year at each of the three national credit reporting agencies within a twelve month period ( look at the "Reporting Identity Theft" link above).
Take care when using ATM machines to shield the keyboard from view when you enter your PIN. Someone could look over your shoulder; either takes a picture with a cell phone, or memorizes your PIN, and uses it to gain access to your information later.
Be aware of who is listening when you give personal information over the phone, whether at your desk at work, or in public on a pay phone or cell phone.
Dumpster Diving: Dispose of printed account statements, ATM receipts, store and restaurant receipts and other documents containing your account information in a secure location. Shred papers with account or other personal information. Many identity thieves have obtained the information they needed by going through the victim’s trash, which is dumpster diving.
Shredder: Do not leave statements or other documents with your personal information lying around where others can see them. Shred them with a “cross-cut” shredder.
Minimize the amount of personal identifying information you carry. Reduce the risk of a criminal stealing this information. Don’t carry extra credit cards, your Social Security card, extra gas cards, store charge cards, insurance cards, birth certificate or passport.
As soon as you receive your credit card, do not sign the back. Instead, put “PHOTO ID REQUIRED.”
If you have been taken by identity theft —you should cancel your credit cards, bank accounts immediately. But the key is having the toll free numbers handy so you know whom to call. Make a list of all your credit cards, loans, account numbers, expiration dates and customer service phone number to call in a safe place in case of theft or loss to cancel. Make that list TODAY by taking everything out of your billfold and start listing, or photocopy the information on both sides!
Never give information over the phone for credit card numbers or loan account numbers unless you initiated the call.
Check your credit report for accuracy at least once in twelve months. The law now allows consumers to check their credit one time a year at each of the three national credit reporting agencies within a twelve month period ( look at the "Reporting Identity Theft" link above).
Take care when using ATM machines to shield the keyboard from view when you enter your PIN. Someone could look over your shoulder; either takes a picture with a cell phone, or memorizes your PIN, and uses it to gain access to your information later.
Be aware of who is listening when you give personal information over the phone, whether at your desk at work, or in public on a pay phone or cell phone.
