Identity Theft and Prevention
Identity Theft and Prevention
Your security is extremely important to us here at First Landmark Bank. Provided below are tools and resources to help prevent identity theft and educate you on security. Please take a moment to review this important information by clicking on the links below.
Phishing is a high-tech scam that uses spam or pop-up messages to attempt to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, and other sensitive information. Phishing is the term coined by hackers who imitate legitimate companies in e-mails to entice people to share passwords or credit card numbers. First Landmark Bank will never send e-mails requesting personal information. We will never ask you to “verify” personal financial information through an e-mail. We will never ask you to click on a special site link to do so. While emails of this nature may look like they are from us, and may even use our logo, they are likely a “phishing” scam. Do not answer them. If you receive an email purporting to be from us, do not hesitate to call us to confirm it.
Pretending to be something it is not, on the Internet, usually an e-mail or a Web site.
We suggest reporting phishing e-mails or spoofed Web sites to the following groups:
- Forward the e-mail to firstname.lastname@example.org.
- Forward the e-mail to the Federal Trade Commission at email@example.com.
- Notify the Internet Crime Complaint Center of the FBI by filing a complaint on their Web site: www.ic3.gov.
Recommended Actions if You become a Victim of a Phishing Scam
- Report the incident to the card issuer as quickly as possible.
- Report using toll-free numbers and 24-hour service that many companies have established to deal with such emergencies.
- Request your card issuer close your compromised account number and reissue you a new card with a different number.
- Monitor your account activity and review account statements carefully after the information loss.
- If any unauthorized charges appear, call the card issuer immediately and follow up with a hard copy letter via a traditional delivery service such as the U.S. Postal Service (keep a copy for yourself) describing each questionable charge.
Your maximum liability under federal law for unauthorized use of your credit card is generally $50. However, that $50 potential liability probably does not apply for unauthorized telephone and Internet transactions because there is “no means to identify the cardholder” in those cases.
Under Regulation Z, you must mail a notice about a billing error, which includes unauthorized transaction, no later than 60 days after the card issuer sent the first statement containing the unauthorized transaction in order to trigger the billing error procedure provisions.
- Your liability under federal law for unauthorized use of your ATM or debit card depends on how quickly you report the loss.
- You risk unlimited loss if you fail to report an unauthorized transfer within 60 days after your bank statement containing unauthorized use is mailed to you for transactions made after the 60-day period.
- Report the theft of this information to the bank as quickly as possible.
- Request the bank close the compromised account and re-open a like account with a different account number.
Some phishing attacks use viruses and/or “Trojan Horses” to install programs called “key loggers” on your computer. These programs capture and send out any information that you type to the phisher, including credit card numbers, user names and passwords, Social Security numbers, etc. If this happens, it’s likely you may not be aware of it until you notice unusual transactions in your account. To minimize the risk, you should:
- Install and/or update anti-virus and personal firewall software.
- Update all virus definitions and run a full scan.
- If your system appears to have been compromised, repair it and then change your password again, since you may well have transmitted the new one to the hacker.
- Check your other accounts. The fraudsters may have helped themselves to many different accounts: eBay account, PayPal, your e-mail ISP, online bank accounts, online trading accounts and other e-commerce accounts, and everything else for which you use online passwords.
If You Have Given Out Your Personal Identification Information
If you believe you have given out personal information such as your name, address, and Social Security number to someone who may use it for fraud:
Contact the three major credit reporting agencies – Experian, Equifax, and Trans Union – and do the following:
- Request that the agencies place a fraud alert and a victim’s statement in your file.
- Request a free copy of your credit report to check whether any accounts were opened without your consent.
- Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft.
Equifax – www.equifax.com
- To order your report, call: 800-685-111 or write: P.O. Box 740241, Atlanta, GA 30374-0241.
- To report a fraud, call: 800-525-6285 and write: P.O. Box 740241, Atlanta, GA 30374-0241.
- Hearing impaired call: 800-255-0056 and ask the operator to call the Auto Disclosure Line at 800-685-1111 to request a copy of the report.
Experian – www.experian.com
- To order your report, call: 888-EXPERIAN (397-3742) or write: P.O. Box 2002, Allen, TX 75013.
- To report fraud, call 888-EXPERIAN (397-3742) and write: P.O. Box 9530, Allen, TX 75013. TDD: 800-972-0322.
Trans Union – www.transunion.com
- To order your report, call: 800-888-4213 or write: P.O. Box 1000, Chester, PA 19022.
- To report fraud, call: 800-680-7289 and write: Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92634 TDD: 877-553-7803.
- If bank accounts were set up without your consent, close them.
- Contact your local police department to file a criminal report.
- Contact the Social Security Administration’s Fraud Hotline to report the unauthorized use of your personal identification information.
- Notify the Department of Motor Vehicles of your identity theft.
- Check to see whether an unauthorized driver’s license number has been issued in your name.
- Notify the passport office to be on the lookout for anyone ordering a passport in your name.
- File a complaint with the Federal Trade Commission. Ask for a free copy of “ID Theft: When Bad Things Happen in Your Good Name,” a guide that will help you guard against and recover from your theft – and guard against it in the future.
- File a complaint with the Internet Crime Complaint Center (IC3) by visiting their Web site: www.ic3.gov. IC3 is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), with a mission to address fraud committed over the Internet. For victims of Internet fraud, the Center provides a convenient and easy-to-use reporting mechanism that alerts authorities of a suspected criminal or civil violation.
- Document the names and phone numbers of everyone you speak to regarding the incident. Follow up your phone calls with letters. Keep copies of all correspondence.
The number and sophistication of phishing and spoofing scams sent out to consumers is continuing to increase dramatically. While online banking is widely considered to be as safe as or safer than in-branch or ATM banking, as a general rule you should be careful about giving out your personal financial information over the Internet. Remember, no reputable financial institution will ever request your personal information via e-mail.
Here is a list of recommendations to follow in order to avoid becoming a victim of scam:
- Be suspicious of any e-mail with urgent requests for personal financial information. Phishers have been known to include upsetting or enticing (but false) statements in their e-mails to get people to react immediately. More recently, some phishers have toned down their language, as e-mail recipients have become more aware of the use of this tactic. Either way, the e-mail typically asks for information such as user names, passwords, credit card numbers, Social Security numbers, etc.
- Be careful of e-mails that are not personalized and/or may contain spelling errors and/or awkward syntax and phrasing.Many phishing e-mails are sent in great bulk and, therefore, are not personalized. If you are suspicious of an e-mail claiming to be from First Landmark Bank that is not personalized, please disregard the e-mail and delete it immediately. Remember, First Landmark Bank will never send e-mails requesting personal information. Many e-mails also are being sent from other countries from individuals for whom English is a foreign language, thus resulting in misspelled words and awkward syntax and phrasing.
- Be careful of personalized e-mails that ask for personal financial information. Be suspicious of any e-mail that contains some personal financial information, such as a bank account number and asks for other information, such as PIN. First Landmark Bank will never ask for or send you personal financial information by e-mail.
- Do not use links in an e-mail to get to any Web page. Instead, call First Landmark Bank on the telephone to confirm the address, or log onto the Web site directly by typing in the Web address, http://www.firstlandmarkonline.com/, in your browser.
- Do not complete forms in e-mail messages that ask for personal financial information. First Landmark Bank will never ask you to complete such a form.
- Only communicate information, such as credit card numbers or account information, via a secure Web site or the telephone. When submitting financial information to a Web site, look for the padlock or key icon at the bottom of your browser, and make sure the Internet address begins with “https.” A secure Web server designation can be found by checking the beginning of the Web address in your browser’s address bar – the address should begin “https://…” rather than just “http://…” While you cannot be completely sure that a Web site is secure when its address starts with “https,” you can be sure the Web site is not secure when it does not start with “https.”
- Regularly log on to your online accounts and check your bank, credit and debit card statements to ensure that all transactions are legitimate. One of the real advantages of banking online is being able to regularly review your account for unauthorized or unusual activity. If anything is suspicious, contact us here at First Landmark Bank immediately.
- Ensure that your browser is up to date and security patches are applied. Always visit your browser’s home page to download the latest security updates even if they don’t alert you to do so.
- Use online statements to reduce the volume of paper mailed. Paper today is the cause of more actual instances of identity fraud than are electronic thefts.
How does phishing work? What is phishing?
The term phishing (FISHing) refers to a scam thieves attempt to undertake to steal victims’ personal financial information. Most often the scammer sends an e-mail to thousands of people asking for information such as Social Security numbers, credit card numbers, bank account numbers, and personal identification numbers (PINs). Although it seems obvious, the trick to phishing is creating a counterfeit Web site of a trusted financial or other company Web site to which the unsuspecting consumer is directed. The subjects of these e-mails are often “Account Information Update Required” or other phrasing that suggests that the account with the “spoofed” company has been compromised or will be canceled. The counterfeit Web sites register the data entered by the victim and scammers can then use this information to commit fraud and steal the victim’s identity by charging purchases and opening new accounts.
Where did the term phishing come from?
The term phishing (FISHing) was coined because thieves are fishing for your personal financial information. They send out thousands of lures and hook only a few victims. The “ph” comes from a common hacking term. The first type of hacking was called “phreaking.” In the mid-1990s, America Online accounts were some of the first hacked accounts and were called “phish”. These phish were treated as a form of currency where scammers could trade phish for hacking software.
What is spoofing?
Spoofing is something pretending to be something it is not, on the Internet, usually an e-mail or Web site. Typically, it is a technique used to gain unauthorized access to computers, whereby the intruder hijacks a target’s root Internet address (known as an Internet Provider or IP address) to make it appear as though fraudulent e-mails are from a trusted source. To engage in IP spoofing, a hacker must first use a variety of techniques to find an IP address of a trusted host and then modify its identifying information on the Internet. Spoofers can be anyone. They can be ordinary criminals out to steal money, competitors trying to cripple your business, disgruntled employees or irate customers. Attacks can be personally motivated or simply random. Spoofing of a bank Web site is nothing more than just another attempt to rob the bank.
Are people falling for phishing scams?
Because most people have grown increasingly aware of this scam, most phishing e-mails are deleted. However, the sheer quantity of attacks has increased, thus reaching more victims – and the technology the criminals employ has become more sophisticated. Overall, the number of successful attacks is small in comparison to the number of e-mails that are sent out each day as lures. Yet, it’s still important to note that roughly 3 percent to 5 percent of people who receive phishing scams take the bait.
How do you know if an e-mail or phone call is “phishy”?
If the e-mail or phone call you receive is unsolicited and from a company with which you do no business, you know it is a scam. If you receive an unsolicited e-mail or phone call from a company you hold an account with, you know it’s a scam it they ask for personal information the company should already have on file about you. Remember, First Landmark Bank will never ask for personal information by e-mail. If you’re still not sure about the legitimacy of an e-mail, call the company at a phone number you know to be accurate.
What should you do if you’ve given personal information to phishers?
Act immediately. Contact your bank and any companies you deal with and make them aware of the problem as well. Check your bank and credit card statements and contact all credit reporting agencies, such as Experian, Equifax, and TransUnion if appropriate. Change all of your online user names and passwords associated with personal accounts.
How do phishers get your e-mail address?
Phishing e-mails are essentially dangerous spam. Spammers utilize a variety of techniques to gather e-mail addresses – Web sites, newsgroups, guesswork and list trading. These are the same methods used by phishers. Phishers do not gather e-mail addresses from bank records; unfortunately, one common misconception by consumers is that their bank actually provided the criminals with their names and e-mail addresses. This is simply not the case.
How do I report a phishing attack?
The Internet Crime Complaint Center and the Anti-Phishing Working Group register phishing scams and are a good resource for more information on what to do if you’re a victim of phishing.
What is pharming?
Pharming is a scam that often relies on infected, hacked, or otherwise compromised computers. Once a computer has been compromised, customers attempting to navigate to a legitimate bank’s Web site by a customer will be re-directed to a spoofed Web site. This can be accomplished in a number of ways. A virus or malware on a PC can re-route a customer to a spoofed Web site even when the customer has directly entered the address on their browser. Domain Name System (“DNS”) cache poisoning (altering DNS re-routing) by phishers causes customers to be re-directed by the Domain Name System. DNS addresses are text, such as ‘www.google.com,’ but are translated into numeric addresses. Pharmers attack the translation process and redirect your computer to the scamming IP address and Web site. The sites will likely look similar and the information you enter will be sent to the scammer, not to your trusted site.
What is Malware?
Malware (malicious software) is software that is surreptitiously installed on a private computer’s hard drive that is designed to harm or take unauthorized control over a computer system or to steal the data it contains. Malware is often distributed as an attachment to spam and phishing e-mails. When a customer reads the e-mail, they unknowingly install the malware on their computer. Numerous terms are used for different types of malware, usually based upon how they spread and what they are intended to do. Computer viruses, Trojans, and worms can all be used to install malware on a vulnerable computer. Monikers such as spyware, adware, key loggers, and back doors refer to the goal of the malware. Some malware attacks attempt to capture the actual keystrokes entered by an individual on their computer’s keyboard. The primary purpose of malware is to steal private information that can be exploited in some way.
What can be done to stop phishing?
Educating customers, installing fraud detection software, and working with industry coalitions, can accomplish combating phishing. These coalitions, along with law enforcement agencies at local, state, and federal and international levels, are working together to find phishers, shut down their Web sites and prosecute them to the full extent of the law. Since these anonymous scammers are so elusive – and often based outside the United States – consumer education is extremely important. The more people know about phishing and other identity theft scams, the fewer victims will be affected by these scams.
Is online banking still safe despite phishing and pharming?
Online banking is a safe and effective way to manage your money; however, just as you would not share your financial information with a stranger who knocked at your front door, so should you be guarded when online. Treat unsolicited e-mails asking for information with extreme caution and do not click on links within e-mails. Go to the Web addresses you know to be accurate and confirm that the sites you are visiting are secure – shown by a padlock in the bottom right corner or “https” at the beginning of the Web address. Also, make sure your computer’s security software is current and that you download the most recent updates.