Keeping your personal information secure is always our priority, and we want to ensure you are equipped with the knowledge and resources you need to protect yourself. Stay informed about potential threats and learn how to avoid them.
- The IRS uses your Social Security Number (SSN) to make sure your filing is accurate and complete, and that you get any refund you are due. Every tax season it's important to be reminded of the warning signs of tax ID theft: more than one tax return was filed for you; you owe additional tax, have refund offset or had collections actions against you; or the IRS indicates you received wages or other income from an employer for whom you did not work.
- If tax ID theft is suspected the IRS has outlined steps you can take: https://www.irs.gov/newsroom/taxpayer-guide-to-identity-theft
- Fake checks drive many types of scams and are very active in our community. There are many variations to be aware of including those involving phony prize wins, fake jobs, mystery shoppers, online classified ad sales, and others. In a fake check scam, someone asks you to deposit a check, and when the funds seem to be available, wire the money to another bank. Unfortunately, when the bad check is returned to the bank, the scammer already has the money, and you’re stuck paying the money back to the bank.
- There are ways to protect yourself from these scams and education on these scams is a great start. Learn more from the FTC: https://www.consumer.ftc.gov/articles/0159-fake-checks
- There has been an increase in cash advance scams, where the victim receives phone calls coming from a scammer pretending to be from a legitimate cash advance company. The scammer attempts to gain access to your account by asking you to give remote access to your computer and log into Online Banking. They claim to need this information to credit the proceeds from the loan to your account.
- If you get an unexpected call from a cash advance company, don't follow their instructions to get control of your computer and don't send any money.
- Phone calls claiming to be computer techs associated with well-known companies like Microsoft or Apple, or pop-up messages that warn about computer problems are signs of a tech support scam. They create a sense of urgency by saying viruses or other problems with your computer have been reported. These scams can also claim to offer a refund for tech services or software. Under the guise of "tech support", they will ask you to give them remote access to your computer and may even ask you to log into Online Banking. Eventually, they’ll diagnose a non-existent problem and ask you to pay for unnecessary – or even harmful – services.
- If you get an unexpected pop-up, call, spam email or other urgent message about problems with your computer, stop. Don’t click on any links, don’t give control of your computer and don’t send any money. You can report it to https://www.ftccomplaintassistant.gov.
- It was reported that Equifax, one of the three major credit reporting agencies, had a cybersecurity incident that impacted approximately 143 million people. Please visit www.equifaxsecurity2017.com for more information.
- The Federal Trade Commission has provided additional guidance on what to do regarding this incident: www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do?utm_source=govdelivery
- Additionally, the Consumer Financial Protection Bureau has published a guide titled "The Top 10 ways to protect yourself in the wake of the Equifax data breach: https://www.consumerfinance.gov/about-us/blog/top-10-ways-protect-yourself-wake-equifax-data-breach
- At Peoples Bank, your security is our top priority. We encourage you to monitor your accounts through Online and Mobile Banking. Additionally, we offer account alerts that allow you to receive emails or text messages regarding activity on your account. Click here to enroll https://www.ibankpeoples.com/products/personal/ebanking/online_banking/ or contact your local Banking Center for more information.
How To Report Identity Theft or Fraud
Identity Theft occurs when a fraudster obtains your personal or banking information and attempts to act as you by withdrawing funds from your account, opening new bank accounts, credit card accounts or even applying for loans. If you believe you are the victim of identity theft, click on the link below from the Federal Trade Commission regarding Identity Theft. This website provides valuable information about warning signs of identity theft, what to do if your information is lost or stolen, and helpful contact information. https://www.identitytheft.gov/
Report the criminal activity to the Federal Trade Commission (FTC), call the toll-free hotline at 1-877-ID THEFT (1-877-438-4338) to speak with a trained identity theft counselor, or enter information about your complaint into a secure FTC online database at www.identitytheft.gov. Your information may be shared with other law enforcement agencies investigating identity theft.
If you feel your personal or financial information has been compromised, contact your local Banking Center immediately.
Criminals have become more sophisticated in using the Internet to obtain valid personal information for illegal purposes. Social media, email, message boards, surveys, and fake websites have been used as a means to obtain money, bank account numbers or personal information. Be aware of potential scams to avoid becoming a victim.
- The Federal Trade Commission (FTC) has the most up to date information on scams and you can subscribe to their mailing list for updates: https://www.consumer.ftc.gov/scam-alerts
- The FDIC has an article on some of the top consumer scams: https://www.fdic.gov/consumers/consumer/news/cnsum17/scams.html
- Phishing refers to fake emails pretending to come from someone you trust or a subject you're interested in, all with the goal of luring you into opening the message and taking action - like clicking on a link, opening an attachment, or making a fraudulent purchase. This same attack is not limited to email, it can be performed through a text message or instant message from various apps. The criminals sending these messages are trying to steal information, commit fraud, or spy on your computer or mobile device.
- If you receive an email, pop-up message, or any type of electronic request soliciting personal account or password information, NEVER follow the link or reply to the text message and provide the requested information.
- Peoples Bank would never contact a customer online to ask for confidential information or confirm information we already have on file. If you receive a suspicious email from Peoples Bank, please inform us immediately at (219) 836-4400 or contact your local Banking Center. You should also report suspicious activity or email communications to the Federal Trade Commission (FTC). Send the actual email you received to spam at uce dot gov. If you believe your information has been compromised, learn how to report the fraud in order to fully resolve the issue.
- Do not open or respond to online solicitations for personal information. Peoples Bank will never send email containing attachments, or require customers to send personal information via email or pop-up windows.
- Do not be intimidated by emails requesting information immediately in order to prevent account closure. Any communications requesting immediate response should be treated as suspect.
- Review your credit report annually. A free copy of your credit report is available at www.annualcreditreport.com or by calling 1-877-322-8228.
- Shred financial or personal documents before discarding.
- Utilize Online Banking regularly to monitor your account activity and quickly detect any fraudulent transactions.
- Safeguard Online Banking User ID and password. Do not share with anyone.
- Pay bills online with Free Online Bill Payment. The fewer personal documents sent through the mail and less sites you’re sharing your information with, the less chance there is for possible fraud.
- Always put outgoing mail in a U.S. Postal Service mailbox, which is more secure than your home mailbox and collect your mail promptly each day.
- If you feel your personal or financial information has been compromised, contact your local Banking Center immediately.
- Data breaches are more common now than ever before. After these unfortunate events happen, most folks want to know what to do and the first step is understanding if you have been impacted and what information has been compromised. Depending on the impact, there are a variety of steps you can take to protect yourself after the data breach.
- Check your bank account activity frequently. At Peoples Bank, your security is our top priority. We encourage you to monitor your accounts through Online and Mobile Banking. Additionally, we offer account alerts that allow you to receive emails or text messages regarding activity on your account. Click here to enroll or contact your local Banking Center for more information.
- This article and video from the FTC offers additional steps to take depending on the kind of information compromised in a data breach: https://www.consumer.ftc.gov/blog/2016/09/data-breaches-and-you-new-video
We rely on our computer and mobile devices now more than ever, and with that growing integration into our daily lives, they often contain personal information. If you suspect that your computer or mobile device has been hacked, the sooner you respond the better. Indicators that something is wrong could be as simple as the battery on your mobile device draining quickly to your computer freezing up and crashing applications.
- If you use our Online or Mobile Banking services, contact us right away.
- Additional information regarding steps you can take to handle your personal devices are listed in this article: https://www.sans.org/security-awareness-training/ouch-newsletter/2016/im-hacked-now-what
If you believe an account like a social media or email account has been compromised, take the following steps:
- Notify all of your contacts that they may receive spam messages appearing to come from your account. Tell your contacts they shouldn’t open messages or click on any links from your account and warn them about the potential for malware.
- Change passwords to all accounts that have been compromised and other key accounts as soon as possible. A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country mu$ic.”). On many sites, you can even use spaces!
- If you cannot access your account because a password has been changed, contact the service provider immediately and follow any steps the provider offers for recovering an account.
Keep a clean machine
- Keep security software current: Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats.
- Automate software and system updates: Many software programs and operating systems will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
- Protect all devices that connect to the Internet: Along with computers, smartphones, gaming systems and other web-enabled devices also need protection from viruses and malware.
- Plug & scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.
Connect with care
- When in doubt, throw it out: Links in emails, social media posts and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
- Get savvy about Wi-Fi hotspots: Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services.
- Protect your $: When banking and shopping, check to be sure the site is security enabled. Look for web addresses with “https://” which means the site takes extra measures to help secure your information. “Http://” is not secure.
- Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information.
Securing Key Accounts and Information
Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available
- Make your password a sentence: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country mu$ic.”). On many sites, you can even use spaces!
- Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.
- Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer. You can alternatively use a service like a password manager to keep track of your passwords.
Back it up
- Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely.
Keep a Clean Machine
- Keep security software current on all devices that connect to the internet: Having the most up-to-date mobile security software, web browser, operating system and apps is the best defense against viruses, malware and other online threats.
- Delete when done: Many of us download apps for specific purposes, such as planning vacations, and no longer need them afterwards, or we may have previously downloaded apps that are longer useful or interesting to us. It’s a good security practice to delete all apps you no longer use.
Protect Your Personal Information
- Secure your devices: Use strong passwords, passcodes or other features such as touch identification to lock your devices. Securing your device can help protect your information if your device is lost or stolen and keep prying eyes out.
- Personal information is like money – Value it. Protect it.: Information about you, such as the games you like to play, what you search for online and where you shop and live, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites.
- Own your online presence: Use security and privacy settings on websites and apps to manage what is shared about you and who sees it.
- Now you see me, now you don’t: Some stores and other locations look for devices with WiFi or Bluetooth turned on to track your movements while you are within range. Disable WiFi and Bluetooth when not in use.
Connect with Care
- Get savvy about WiFi hotspots: Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.
- When in doubt, don’t respond: Fraudulent text messages, calls and voicemails are on the rise. Just as with email, mobile requests for personal data or immediate action are almost always scams.
We encourage you to use our convenient ATM and Debit Cards to make your cash withdrawals or purchases, but we also want you to protect yourself when using these devices. Just follow these helpful tips for your security.
- Enroll in ATM/Debit Card Alerts through online banking. The Bank has software to monitor and detect suspicious activity. During monitoring of your transactions, the Bank may flag a potentially suspicious transaction and contact you via text message (if we have your cell phone number) to verify the transaction activity.
- Immediately report your lost, stolen or compromised card to the Bank 1-800-236-2442.
- Memorize your PIN. If you must write your PIN down, do not carry it with your card. NEVER reveal your PIN to anyone, not even family members, bank employees, or the police.
- Use familiar ATM locations in well-lit areas and scan the area around the ATM before you approach it. If suspicious-looking individuals or vehicles are near the ATM, do not use the ATM.
- Be especially cautious if a stranger approaches you at an ATM, or offers to help you. Other customers should remain a safe distance away from you; be on the lookout for individuals who may be watching you enter your PIN.
- When you approach the ATM, have your ATM or debit card ready to use in your hand so you don’t have to open your purse or wallet while in line.
- Avoid ATMs where posted messages indicate that screen directions have changed, especially if the message is posted over the card slot.
- Use your body or hand to shield the keypad from other customers.
- If you feel the ATM is not working normally, press CANCEL, remove your card, and go to another ATM. Report the problem to the bank.
- Carefully secure your card and cash in your purse, wallet or pocket before leaving the ATM.
- Don’t reply to text messages or phone calls that prompt you to give card information.
- Never give out or share your card number, expiration date, or 3 digit code on the back of the card to anyone unless you are initiating a purchase.
Card Skimmers are devices that a fraudster will affix to ATM machines, gas pumps, and even point-of-sale terminals at stores. They are designed to secretly take the information from your debit or ATM card when the card is swiped at one of the locations.
- OnGuard Online: The FTC’s free online security tips and resources, and share with your friends, family, coworkers, and community. https://www.onguardonline.gov
- FTC Identify Theft Recovery site: https://www.identitytheft.gov/
- Stop.Think.Connect.: Lead by the Department of Homeland Security, this is the global online safety awareness campaign to help all digital citizens stay safer and more secure online. https://www.stopthinkconnect.org/
Resources for Businesses
Corporate Account Takeover
- Criminals in this scam attempt to gain access to a business' finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable.
- This unauthorized access is typically gained through the theft of online credentials or by hijacking an online session to commit other crimes. For more information, read this article from the ABA: https://www.aba.com/Tools/Function/fraud/pages/corporateaccounttakeoversmallbusiness.aspx)
Business Email Compromise
- This scam targets businesses working with suppliers or businesses that perform wire transfer payments on a regular basis. The attacker compromises legitimate business email accounts or impersonates the email accounts of individuals within the organization that regularly approve or handle wires. The goal of the scam is to convince the business or bank employee to conduct a fraudulent funds transfer to a fictitious supplier or business.
- In addition to funds transfer, the scammer may also attempt to obtain other confidential information such as employee W-2 forms.
- The FBI has issued a Public Service Announcement for both of these threats and can be read in detail here: https://www.ic3.gov/media/2017/170504.aspx
- This form of cyber threat encrypts information on a computer or network of computers rendering the information stored on impacted systems unreadable. Successful attacks are often the result of a phishing email with a malicious link or attachment that is clicked or opened by the email recipient. Victims of ransomware are usually given the opportunity to pay a ransom in order to render the information readable again, but there is no guarantee the criminal will hold up that end of the deal. The other option is to restore data from a good backup.
- While this threat exists for business and personal computers, business attacks have been increasing due to the likelihood for higher and quicker ransom payments.
- The FBI has issued more information on this subject in this document https://pdf.ic3.gov/Ransomware_Trifold_e-version.pdf
Fraud Prevention Services
Check Positive Pay - This allows your company to submit a check issue file or manually enter information regarding the checks you have written. When checks clear your account, they are matched to the check issue information and you are provided with a list of exceptions on which you can make a decision to pay or return. Exceptions will be presented for the following conditions: duplicate check, amount mismatch, stale date, check not found, and check presented against voided items. This will assist in reconciling your account and preventing fraud.
Check Positive Pay with Payee Name Matching - This includes all features of Check Positive Pay and will match the payee name from your check issue file to the payee name on checks clearing your account. Payee name on checks must be typed to use this service.
Reverse Check Positive Pay - Designed as an alternative to Check Positive Pay if you cannot submit a check issue file. All items clearing your account above the minimum exception threshold will be presented for you to review and make a decision to pay or return.
ACH Positive Pay - Allows your company to reduce the risk of ACH fraud by creating payment rules that limit the ACH transactions being debited from your accounts. When ACH debit transactions clear your account, they are matched to your predefined payment rules and you are provided with a list of exceptions on which you can make a decision to pay or return the items.
ACH Debit Block - Allows your company to reduce risks associated with ACH transactions. It is ideal for accounts in which you do not allow any ACH debit activity. Every incoming ACH debit transaction will be returned to the sending bank.
The National Cyber Security Alliance (NCSA) has translated the NIST Cybersecurity framework to provide a common language for understanding, managing and expressing cybersecurity to help businesses identify and prioritize their cybersecurity actions and manage cyber risk. The framework has the following steps:
- Visit https://staysafeonline.org/cybersecure-business/ to learn more.
- FTC Business Center: For more tips and resources for businesses, including small business, please visit https://www.ftc.gov/tips-advice/business-center
- SBA cybersecurity best practice resources: https://www.sba.gov/managing-business/cybersecurity
Take the next step:Contact Us
Are you interested in: