Protect Your Identity

Beware of official check scams and other common financial scams such as phishing and pharming. Never reply directly or click on a link in response to an email that asks for personal or financial information. Tioga State Bank and Federal Financial Agencies DO NOT communicate with consumers by email requesting important personal information such as name, account numbers, date of birth or Social Security numbers.

More information can be found at the FDIC Consumer News website.**

For practical tips to prevent Internet fraud and protect personal information online, go to www.onguardonline.gov.**

To view and print Tioga State Bank’s “Protecting yourself from online banking fraud and theft!” information, click here.

Protecting yourself from Online Banking Fraud

The online banking industry has seen an increase in fraudulent activity over the last several months. With key loggers, virus attacks and phishing scams becoming more prevalent, are you doing all you can to protect yourself from becoming a victim of fraud?

For the past several years, there has been a lot of focus on identity theft. While very serious and very damaging, there are many other ways that the “bad guys” can wreak havoc on your life and your finances. Services like the ones available from the three major credit reporting agencies and many other companies offer protection against other people establishing credit or identities using your Social Security number. These services are very valuable and worthwhile, but true identity theft is not the only threat out there in these digital times.

Many cyber criminals, also referred to as fraudsters, don’t want to steal your identity in the traditional sense. They don’t want to get a credit card or a mortgage or a checking account in your name and live their life off of your good credit history. They simply want to take your money and move on to the next victim. While most companies that do business on the Internet including financial institutions, are very diligent in providing online protection for their customers, the first line of defense is knowledge about what you, the end-user, can do to protect yourself – an electronic way of “Looking out for Number One.” The two most prevalent types of fraud, “Keylogging” and “Phishing”, occur from viruses on your computer. In both cases, the end result is the fraudster capturing your login credentials.

Keystroke Logging or Keylogging:

Keylogging is a method by which fraudsters record your actual keystrokes and mouse clicks. Keyloggers are “Trojan” software programs that target your computer’s operating system (Windows, Mac OS, etc.) and are “installed” via a virus. These can be particularly dangerous because the fraudster has captured your user ID and password, account number, Social Security number – and anything else you have typed. If you are like most other users and have the same ID and PIN/Password for many different online accounts, you’ve essentially granted the fraudster access to any company with whom you conduct business. After all, they’ve got your login credentials so they appear to be a valid user.

Here are some ways you can prevent yourself from being a victim of keystroke logging:

• Use Anti-Virus Software. This is the single most important thing you can do to protect your computer from viruses. There are many on the market today – some cost money while others are free. If you opt to use a free version, make sure it is being offered by a reputable company and do research on the company and its product before installing.
• Keep your Operating System up-to-date with the latest security patches.

Phishing

Phishing is a scam where Internet fraudsters request personal information from users online. These requests are most commonly in the form of an e-mail from an organization with which you may or may not do business. In many cases, the e-mail has been made to look exactly like a legitimate organization’s e-mail would appear complete with company logos and other convincing information. The e-mail usually states that the company needs you to update your personal information or that your account is about to become inactive, all in an effort to get you to click the link to a site that only looks like the real thing. If you click on the link to go to the phony website and enter all of your information, you’ve just been the victim of a phishing attack. The fraudsters have just captured all the necessary information to access your accounts online. No reputable business will ever e-mail you requesting that you update your personal information, including account numbers, system passwords or Social Security numbers via a link to their site.

Follow these guidelines to protect yourself from phishing scams:

• Never click on a link from a business requesting that you provide them with personal information.
• Pay close attention to the URL (Internet address) behind the link. Often in phishing attempts, if you hover the cursor over the link the fraudsters want you to click on, it has nothing to do with the actual company they claim to be.
• If your Financial Institution uses watermarks or personal images, do not log in unless you see the correct image on the screen.
• We encourage you to contact your financial institution or merchant if you suspect any of your accounts may have been involved in a phishing attempt.

If you are unsure that the request is valid, open a new Internet session and manually key in the business’ web address. If the business genuinely needs information from you, they will have you log in to your online account to see the request. In most cases, you’ll just be greeted with a message indicating that the business will never e-mail you requesting personal information. Following are some real-life examples of how fraud occurs and the damage it can cause. In each case, the fraudster had all the necessary credentials to gain access to the users’ accounts. There is no security system available that will stop fraud if the perpetrator has all of this information, so it is imperative to take the necessary steps to prevent them from getting the information in the first place.

Fraud Case 1:

A Florida business man sued his Financial Institution after hackers submitted a $90,000 fraudulent wire transfer out of his account to an account in Latvia. His claim was that the bank should reimburse the funds since they processed the wire transfer. Upon investigation, it was determined that his computer was infected with a malicious software program (malware) that enabled fraudsters to retrieve his online ID and Password via keylogging. He then claimed that the bank was negligent because they had not specifically informed him that this particular malware was a risk. The courts disagreed and ruled in favor of the Financial Institution, stating that the customer had neglected to take the necessary basic precautions to protect his information. At the time of the fraud, nearly all anti-virus software programs had made modifications to look for, and alert users of, the very malware that allowed his information to be compromised. At the time of his claim, those anti-virus updates had been available for nearly two years.

Key Factor for preventing fraud: Install and update anti-virus software

Fraud Case 2:

A business owner accessed the Internet via an unsecured wireless network and as a result left his device open for a keylogging program to be placed on his computer. Fraudsters captured the user’s ID and Password and created a new administrative user for the business account. During the next several days, fraudsters logged in as the new user and sent ACH batches in excess of $400,000.

Key Factors for preventing fraud: Install and update anti-virus software.
Beware of accessing account information when using an unsecured wireless network.

Fraud Case 3:

A virus on the users’ computer compromised the login page to the users’ business account. The altered/false login page displayed additional fields asking the user for credentials necessary to gain further access to the accounts, not just the usual ID and Password. Fraudsters were able to initiate two separate ACH transactions totaling more than $100,000.

Key factors for preventing fraud: Install and update anti-virus software.
Beware of changes to login pages and areas where you enter credentials. Financial Institutions will let you know in advance if they will be making changes to the information they collect from you. If you are unsure, do not log in. Contact your Financial Institution to verify that the changes are legitimate.

What should I do to protect myself from fraud?

Besides following the tips mentioned in the previous examples, there are other things you should do to safeguard your personal and financial information.

• Change your passwords often. Even if your financial institution doesn’t require it, it is a good practice to change your passwords at least every six months. An easy way to remember: change them when you change your clocks to adjust for Daylight Savings Time.
• Don’t use the same ID and PIN/password for every online account you have.
• Never disclose your login credentials to other people or companies.
• Do not store your ID and password information where others could gain access to it. It is best not to write the information down at all.
• Do business with a financial institution that offers two-factor authentication for accessing your information online.
• If offered by your financial institution, take advantage of hard- or soft-tokens, which provide a unique one-time-use password each time you access your account. This is especially important for business accounts with multiple users.
• If accessing information via a wireless network, ensure that the network is secure. Accessing sensitive information (or any website) over a non-secure network simply leaves the door open for criminals. Even if you aren’t visiting a site where you enter an ID and password, you are still leaving your computer exposed to possible threats.

While nothing is foolproof, and new viruses and scams are being developed every day, following these guidelines as well as having a general awareness of the threats that are out there enables you to bank online with more peace of mind and less risk of being a victim of fraud.

Other Helpful Tips

• Install a consumer firewall/router to protect your home network and never connect your computer directly to your cable modem. There are many qualified vendors who provide choices so check with your computer specialist for one that’s right for you.
• Do not use the default password or default settings for your firewall. if unsure how to configure and secure the firewall correctly, use the services of a professional.
• Make sure you have an anti-virus solution installed on each computer. Ideally, use a software package that includes anti-virus, software-based firewall, anti-spyware, anti-malware and anti-phishing.
• Always keep your desktop security services software up to date including the latest releases of the software itself as well as updated virus definition files.
• Be wary when opening email from people that you do not know.
• Do not click on random pop-ups when browsing the Internet.
• Change your passwords on a regular basis and do not use the same user id and password for every account.
• Choose “strong” passwords that include mixed-case letters, numbers, and valid symbols (e.g. underscore or dash).
• Run Windows (or Mac) update processes on a regular basis to keep up with the latest security fixes and patches.
• Be wary of any offer that seems too good to be true or one that asks you to provide any personal information. Most companies will not ask for personal information (e.g. credit card numbers, Social Security numbers, account numbers, etc.) through email.

Protecting Against Identity Theft

• Don’t give personal information, such as account numbers or Social Security numbers over the telephone, through the mail or over the Internet, unless you know with whom you are dealing.
• Store personal information in a safe place and tear up or shred old credit card receipts, ATM receipts, and unused credit card offers before discarding them.
• Guard your mail and trash from theft.
• Take your mail out of your curbside mailbox as soon as possible. If you’re traveling, have the U.S. Postal Service hold your mail or have someone you trust pick it up daily.
• Pay attention to billing cycles and statements. Contact the bank or company if you do not receive a regular monthly statement or bill. It may mean that the document has been diverted by identity theft.
• Check all account statements carefully to ensure all charges, checks or withdrawals were authorized.
• Don’t use PINs or other passwords that are easy to guess (such as family birth dates or your pet’s name).
• Cancel all unused credit accounts.
• Periodically contact the major credit reporting companies to review your file and make certain the information is correct. Each of the three credit reporting companies must provide you a free copy of your credit report, at your request, once every 12 months. Go to www.annualcreditreport.com or call 877-322-8228 for more information.

Steps to Take if You Are a Victim of Identity Theft

If you suspect theft and/or misuse of your personal information, take action immediately. Keep a record of all conversations and correspondence when you take the following suggested steps:

• Contact your financial institutions and credit card issuers immediately so that access to your accounts can be protected by stopping payment on missing checks, blocking use of ATM cards, debit cards and credit cards.
• To report lost or stolen Tioga State Bank ATM/Debit Cards, call
  • 1 (888) 303-4872
• To report lost or stolen Tioga State Bank/Elan Credit Cards, call:
  • 1 (800) 325-3678
• File a police report with your local police department. Obtain a police report number with the date, time, police department location and police officer taking the report. The police report may initiate an investigation into the loss with the goal of identifying, arresting and prosecuting the offender and possibly recovering your lost items. The police report will be helpful when clarifying to creditors that you are a victim of identity theft.
• Contact the fraud department of each of the three major credit bureaus to report the identity theft and request that the credit bureaus place a fraud alert and a victim’s statement in your file. The fraud departments of the three national credit bureaus can be contacted as follows: TransUnion 1 (800) 680-7289, Equifax 1 (800) 525-6285, Experian 1 (888) 397-3742.
• You may request a free copy of your credit report. Credit bureaus must provide a free copy of your report if you have reason to believe that you have been a victim of identity theft and you submit your request in writing.
• Maintain a written chronology of what happened. Make sure you record the date, time, phone numbers, agencies, financial institutions and firms you contacted, persons you talked to and any relevant information.
• Call the Federal Trade Commission’s Identity Theft Hotline toll-free at 1 (877) ID-THEFT (438-4338).

Safe Online Banking

When you travel the Internet to access the convenience of online banking, you want to be assured, first and foremost, that effective safeguards are in place to protect the privacy of your personal transactions and ensure that your account information is accessible by you and you alone.

To learn about the security measures in place for TSB Online Banking and TSB Online Bill Pay, go to our TSB Online Information & Security page and review the security information.

Verifying Customer Identity

To help the government in their efforts to fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify and record information that identifies each person who opens an account or creates a new customer relationship with Tioga State Bank.

What does this mean to you? When you open an account or complete an application either in person or online, we will ask for your name, address, date of birth, taxpayer identification number, and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents. We will use this information to protect you from unauthorized access to your personal and financial information.

Disclaimer: For informational purposes only. Tioga State Bank does not endorse the practices described in this information or claim responsibility for the safety and security of your personal or business computer.