Consumer Alerts

Going Mobile: How to be Safer When Using a Smartphone or Tablet


FDIC Consumer News Winter 2016


Everywhere you look, people are using smartphones and tablets as portable, hand-held computers. "Unfortunately, cybercriminals are also interested in using or accessing these devices to steal information or commit other crimes," said Michael Benardo, manager of the FDIC's Cyber Fraud and Financial Crimes Section. "That makes it essential for users of mobile devices to take measures to secure them, just as they would a desktop computer."


Here are some basic steps you can take to secure your mobile devices.


Avoid apps that may contain malware. Buy or download from well-known app stores, such as those established by your phone manufacturer or cellular service provider. Consult your financial institution's website to confirm where to download its official app for mobile banking.


Keep your device's operating system and apps updated. Consider opting for automatic updates because doing so will ensure that you have the latest fixes for any security weaknesses the manufacturer discovers. "Cybercriminals try to take advantage of known flaws, so keeping your software up to date will help reduce your vulnerability to foul play," said Robert Brown, a senior ombudsman specialist at the FDIC.


Consider using mobile security software and apps to protect your device. For example, anti-malware software for smartphones and tablets can be purchased from a reputable vendor.


Use a password or other security feature to restrict access in case your device is lost or stolen. Activate the "time out" or "auto lock" feature that secures your mobile device when it is left unused for a certain number of minutes. Set that security feature to start after a relatively brief period of inactivity. Doing so reduces the likelihood that a thief will be able to use your phone or tablet.


Back up data on your smartphone or tablet. This is good to do in case your device is lost, stolen or just stops working one day. Data can easily be backed up to a computer or to a back-up service, which may be offered by your mobile carrier.


Have the ability to remotely remove data from your device if it is lost or stolen. A "remote wipe" protects data from prying eyes. If the device has been backed up, the information can be restored on a replacement device or the original (if you get it back). A number of reputable apps can enable remote wiping.


February 2016

Identity Fraud May be Down But Your Guard Needs to Stay Up!


Fraud comes in many shapes and sizes and unfortunately, it will never go away. Nor will the money and time spent fixing it. That's why it's vital to ramp up your security arsenal.


While fraud operators are constantly developing new viruses, spyware and online fraud schemes, the good news is that you can take action to protect yourself against online fraud. Delve into this site to find out how: http://www.diproductsite.com/security_microsite/index.html



Avoiding online tax scams

It's tax season, which means it's also time for tax scams. Some tax scams occur when fraudulent tax returns are filed in the victim's name, while other variants occur when the malicious actors call the victim and pretend to be IRS agents. There are even malicious actors who use the tax season to spread malware and phishing emails.


Tax scams where the malicious actor files the return in the victim's name include identity theft and fraud, as well as tax fraud. This scenario occurs when the malicious actor finds or receives information about the tax filer, including the filer's name, address, date of birth and Social Security number. The malicious actor then uses this information to file a malicious tax return, citing as many deductions as possible to create a large tax refund.


Another variant of tax scams occurs when the malicious actor contacts the victim and tries to convince him or her to do something, such as immediately pay a fine or provide his or her financial information so a refund can be issued. In these instances the malicious actor uses what he or she knows about the victim, often information gained from a data breach or social networking website, to convince the victim that the caller has access to the victim's tax information. During these calls, the caller will frequently pretend to be an IRS agent.


In the third type of tax scam, malicious actors use tax-related spam, phishing emails and fraudulent websites to trick victims into providing login names, passwords or additional information, which can be used in further fraud. Other emails or websites may download malware onto the victim's computer.


What to watch out for •Watch for "spoofed" websites that look like the official website but are fake.

•Don't be fooled by unsolicited calls. The IRS will never call to demand an immediate payment or require you to use a specific payment method, such as pre-loaded debit cards, pre-loaded credit cards or wire transfers. It will never claim anything is "urgent" or due immediately, nor will it request payment over the telephone.

•The IRS won't be hostile, insulting or threatening, nor will it threaten to involve law enforcement to have you arrested or deported.

•Sometimes malicious actors change their caller ID to read as the IRS. If you're not sure, ask for the agent's name, hang up and call the IRS (or your state tax agency) using a telephone number from its official website.


Recommendations

If you believe you're the victim of identity theft or fraud, there are a couple of steps you should take: •File a report with your local law enforcement agency.

•File a report with the Federal Trade Commission (FTC).

•File a report with the three major credit bureaus -- Equifax, Experian and TransUnion -- and request a "fraud alert" for your account.

If you receive spam or a phishing email about your taxes, don't click on the links or open any attachments; instead, forward the email to phishing@irs.gov.


Other tax scams or fraud can be reported according to the directions found on the IRS website.

Department of Commerce Warns of Unclaimed Funds Scam!

The Ohio Department of Commerce is warning Ohioans that, "Unclaimed Money Discovery," has emailed Ohioans saying that a recovery agent has been assigned to help them find and claim their unclaimed funds. The email asks that the recipients pay $29.95 for the service. Once the fee is paid they send a claim form to www.missingmoney.com a legitimate unclaimed fund site to complete the process. The department noted that Unclaimed Money Discovery is not registered or authorized to perform this service. The Ohio Department of Commerce wants Ohioans to know that a fee is not required to claim funds that are rightfully theirs. It is unfortunate that during the holiday season there are people trying to take advantage of others for their own personal financial gain.


Computer Security Tips for Bank Customers: A Basic Checklist


Computer-related crimes affecting businesses or consumers are frequently in the news. While federally insured financial institutions are required to have vigorous information security programs to safeguard financial data, consumers also need to know how to protect and maintain their computer systems so they can steer clear of fraudsters. Here is a short checklist.


1. Protect your computer.Install anti-virus software that scans your computer for malicious software ("malware") that can steal login IDs, passwords and account information (including credit or debit card numbers). Also use a firewall program to guard against unauthorized access to your computer. "Anti-virus protection and firewall options vary, and some are free," said Michael Benardo, Manager of the FDIC's Cyber Fraud and Financial Crimes Section. "Choose one, install it, and then set the software to update automatically."


2. Safeguard your smartphone, tablet and similar mobile devices, especially when using them for banking or shopping. Reduce your risk of downloading "apps" (applications) that contain malware by using well-known app stores, such as those established by your phone manufacturer or cellular service provider, or from the official Web site of the bank.


Also, to ensure that you have the latest fixes to software problems affecting mobile devices, opt for automatic updates for your operating system and apps or manually download updates as soon as you receive notice that they are available. Some banks provide customers with anti-malware software that can be loaded on a smartphone. You can also purchase the software from a reputable vendor.


And, don't leave your mobile device unattended. In case your device does get lost or stolen, use a password or other security feature to restrict access. You should enable the "time-out" or "auto-lock" feature on your mobile device to secure it when it's not used for a period of time. "Some phones have a remote feature that will allow you to erase all the personal information on your phone or disable it in the event that your phone is lost or stolen," said Jeff Kopchik, a Senior Policy Analyst with the FDIC.


3. Understand your Internet safety features. When you are buying something online or filling out an application that contains sensitive personal information, you can have greater confidence in a Web site that encrypts or scrambles the information as it travels to and from your computer. Look for a padlock symbol on the page and a Web address that starts with "https://." The "s" stands for "secure."


4. Be careful where and how you connect to the Internet. A public computer, such as at an Internet café or hotel business center, may not have up-to-date security software and could be infected with malware. Also, for online banking or shopping, avoid connecting your computer, tablet or smartphone to a wireless network at a public "hotspot" (such as a coffee shop, hotel or airport).


5. Be suspicious of unsolicited e-mails and text messages asking you to click on a link or download an attachment. It's easy for fraudsters to copy corporate or government logos into fake e-mails that can install malware on your computer.


"Your best bet is to ignore any unsolicited request for immediate action or personal information, no matter how genuine it looks," Benardo said. "If you decide to validate the request by contacting the party that it is supposedly from, use a phone number or e-mail address that you have used before or otherwise know to be correct. Don't rely on the one provided in the e-mail."


6. Use "strong" IDs and passwords and keep them secret. Choose combinations of upper- and lower-case letters, numbers and symbols that are hard for a hacker to guess. Don't, for example, use your birthdate or address. Also don't use the same password for different accounts because a criminal who obtains one password can log in to other accounts. Finally, make sure to change your passwords on a regular basis.


7. Take precautions on social networking sites. Criminals can go there to gather details such as someone's date or place of birth, mother's maiden name or favorite pet and use that information to figure out and reset passwords. Fraudsters also may pretend to be your "friend" to persuade you to send money or divulge personal information. More tips on avoiding fraud on social media sites are available from the FBI and the Internet Crime Complaint Center.


For more tips on computer and Internet security for bank customers, including how to protect yourself from data breaches, see back issues of FDIC Consumer News. Also watch the FDIC's multimedia presentation "Don't Be an Online Victim."


Also visit OnGuardOnline.gov for a variety of information from the federal government on how to be safe online. The site includes new videos from the Federal Trade Commission on what to do if your e-mail is hacked or malware attacks your computer.


Changes Could Help Boost Credit Scores


Your credit score, which is mainly based on your history of repaying loans, can determine your ability to borrow money and how much you will pay for it. Here is good news for some consumers: Your score may improve as a result of changes in how credit reports and scores are compiled.


In one development, FICO, a company that provides software used to produce many consumer credit scores, announced in August 2014 that unpaid medical debt will not have as big an impact on the new version of its most popular credit score.


And in December 2014, the Consumer Financial Protection Bureau (CFPB) announced that it will require the major consumer reporting agencies to provide regular accuracy reports to the Bureau on how disputes from consumers are being handled. The CFPB said medical debt in particular is a source of numerous complaints because the billing process can be complicated and confusing to consumers. The CFPB noted that the accuracy reports will help it hold credit reporting companies accountable for ensuring that erroneous information does not damage a consumer's credit score.


Separately, as part of an agreement in March 2015 with the New York Attorney General's Office, the nation's three major credit reporting agencies -- Equifax, Experian, and TransUnion -- are taking steps that could help some consumers raise their scores. For example, they committed to conduct a more thorough review of documents provided by a consumer who is disputing information in a credit report. Also, they are clarifying how consumers can appeal the decision that the credit reporting company makes. In addition, medical debts will not appear on credit reports until they are at least 180 days past due.


These changes may help raise some consumers' credit scores and reduce their borrowing costs. In general, though, to build or maintain a good credit score, consumers need to manage their money carefully, and that includes using caution when taking on additional debt.


Here are reminders from FDIC Consumer News about how to achieve and maintain good credit scores:


Be cautious with how much you borrow: Credit scores are generally higher for consumers who do not "max out" or otherwise use a large share of their available credit. Being careless about borrowing money can lead to debt overload. "Keep in mind that filing for bankruptcy harms your credit score and can remain on your credit report for 10 years," noted Elizabeth Khalil, a Senior Policy Analyst at the FDIC.


Always make your payments on time: "Whether it's your phone bill, utility bill, car loan or credit card, pay at least the minimum due, and pay it on time, because payments that are 30 days late may start lowering your credit score," said Heather St. Germain, an FDIC Senior Consumer Affairs Specialist. "Setting up automatic payments can help you make the due dates."


Check your credit report regularly: Erroneous or outdated information on your report or fraudulent information can hurt your credit score. "The Fair Credit Reporting Act gives you the right to dispute information on your credit report and have corrections made," St. Germain said. "However, many people don't check their credit reports. It's better to find errors and get them corrected, since your credit report is used for many decisions, such as when an employer is making hiring decisions or when you are applying to rent an apartment."


By law, consumers are entitled to receive a free credit report every 12 months. To request your free credit reports from each of the three major credit reporting agencies, go to AnnualCreditReport.com or call toll-free 1-877-322-8228.


ICBA Provides Tips for Consumers to Protect Themselves Against Cyber Crimes

Washington, D.C. (Feb. 10, 2015)--The Independent Community Bankers of America® (ICBA) and the nation's more than 6,500 community banks want consumers to be aware of ways to protect themselves and their personal financial information against identity theft and cybersecurity-related crimes.

"It is vital that customers alert their community banks immediately if they know or suspect their personal information has been compromised," said ICBA Chairman John Buhrmaster, president and CEO of 1st National Bank of Scotia, N.Y. "Criminals are on the hunt to capture confidential consumer financial information and personal data. The community banking industry wants consumers to have as much information, education and resources as possible so they can protect themselves against such attacks."

Community banks across the nation work aggressively to protect their customers' financial, personal and sensitive information on a daily basis. Community bankers have been informing their customers about multiple layers of security protection, monitoring customer accounts for fraudulent activity, reissuing credit and debit cards as appropriate and educating consumers on how to avoid fraud, identity theft and becoming a victim of a cyber crime.

Additionally, the Federal Trade Commission provides guidance on immediate steps consumers should take to repair identity theft. If any consumer believes they have had their identity stolen or are victim of fraudulent charges on a credit or debit card, reach out to your community bank immediately.

ICBA provides consumers valuable tips when it comes to taking proactive security measures:

•Monitor all of your financial accounts and report any suspicious activity, such as false or multiple charges, to your community bank immediately.

•Be sure to use unique passwords for all financial online accounts. Never share or duplicate usage of your password, account number, PIN or answers to security questions.

•Do not save credit or debit card, banking account or routing numbers, or other financial information, on your computer, phone or tablet.

•Use caution when sharing personal information about yourself on social media channels and the Internet. Identity thieves and cyber criminals can use information to gain access into your life. Never post account numbers, credit card statements or bank details.

•Be vigilant about using a password on mobile devices. Be sure to set your devices to automatically lock after a selected period of time to ensure no one can access your smartphone, tablet or laptop.

•Be aware of the location of your mobile devices (smartphones, tablets) at all times. Only log on financial websites when you have a secure, safe and trusted Internet connection.

•Shred ATM receipts, credit card offers or statements, checks and other similar documents when you no longer need them.

•Consider getting an IP PIN. An IP PIN is a six-digit number assigned to eligible taxpayers that helps prevent the misuse of Social Security numbers on fraudulent federal income tax forms, per the IRS.

•Do not provide your secure financial information over the phone or Internet if you are unsure of who is asking for it. Contact your community bank directly by using the phone number on the back of your debit or credit card, or stop in your bank to speak with someone in person. Remember, Sutton Bank will never contact or text you asking for personal or banking information.



ICBA and SHCPF Provide Tips to Protect Elderly Veterans from Financial Abuse


The Independent Community Bankers of America and the Senior Housing Crime Prevention Foundation have banned together to provide tips on preventing financial abuse for our nation's elder veterans and their families, offering the following tips on ways to prevent financial abuse for our nation's elder veterans:


•Secure all of your valuables in a bank safety deposit box. These valuables can include your Social Security card, passports, credit card account numbers, will and other legal documents, financial statements and medical records.

•Do not give financial information to callers that contact you and claim to be from established organizations such as your bank or credit card companies, especially if they ask you to wire funds or send them private information. If you are concerned about your bank account, contact your local community bank directly.

•Check your bank accounts and bill statements carefully. You can check them online so you can zoom in easily in case you need to make the statement larger for easier reading. Plus, online banking makes it easy to check your transactions on a regular basis. If you notice unauthorized charges, alert your bank immediately.

•Do not give your personal information, such as bank account numbers or PINs, to anyone in a phone call, letter, email, fax or in a text message.

"Protecting our nation's veterans is a need that must be addressed. These men and women have dedicated their lives to protecting us and SHCPF is dedicated to protecting them now," said SHCPF Chairman, President and CEO Peter K. Gwaltney. "Elder financial abuse is a rapidly growing problem in our country and we owe it to our veterans and all of the elderly to stop financial exploitation."