Information Security & Fraud Prevention
Fraud Prevention Information
Every day, thousands of people fall victim to fraudulent calls, emails and texts from scammers pretending to be from their bank. We want to change that. Bank Five Nine and the American Bankers Association (ABA) have teamed up to provide the information you need to put scammers in their place and protect your information.
Think that call, text or email might be a trick?
Review these red flags, because #BanksNeverAskThat:
- High-pressure language
- Scare tactics
- A sense of urgency
- Ask for sensitive account info
- Ask for passwords or your Social Security number
- Ask for your PIN or a login code that’s texted to you
- Ask you to visit an unfamiliar website
- Ask you to call a number different than the one listed on your card
- Incorrect grammar
- Unprofessional language
- Multiple typos
- Email attachments
- Suspicious links
The best offense is a good defense. Lock down your accounts before scammers strike.
- Set up multi-factor authentication on your bank and email login
- Use random or complex passwords
- Call your bank directly, or log in to your account, to verify messages or emails received
- Keep your browser up-to-date with the latest defenses, like virus protection and malware alerts
Your identity is one of the most valuable things you own. It’s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft occurs when someone uses your name, address, Social Security Number, credit card or financial account numbers, passwords, and other personal information without your knowledge to commit fraud or other crimes. While the words may sound like a foreign language — Phishing, Pharming, Vishing, Spyware, Dumpster Diving — they are actually techniques used by thieves to put your identity and finances at risk, and their attacks grow more frequent and sophisticated every year. Identity theft is the fastest growing crime in the United States. According to US Department of Justice statistics, it’s now passing drug trafficking as the number one crime in America.
The simple fact is you can protect yourself against most forms of identity theft. The first step is education. To make it easier to understand, we’ve divided identity theft into the five “Danger Zones.” Take a few moments to learn about each of the Danger Zones and the steps you can take to avoid being a victim. Watch the Video
If your identity has been stolen, you need to take immediate action to limit the damage and protect your good name.
- Download our free Identity Theft Emergency Repair Kit (PDF). It provides step-by-step instructions and the necessary forms to help restore your identity. You will need Adobe® Acrobat® Reader® to open this PDF document.
- Contact Bank Five Nine and other related vendors immediately. Close any accounts that may have been tampered with or opened fraudulently.
- Place a fraud alert on your credit report with one of the three major credit bureaus. Also request to review your credit report for suspicious activity. A copy of your credit report is available free each year from Annual Credit Report.
- Equifax®: (888) 766-0008
- Experian®: (888) 397-3742
- TransUnion®: (800) 680-7289
- File a complaint with the Federal Trade Commission
- File a report with local police.
Phishing is an email scam used to steal your personal information. Email similar to the one pictured may appear in your inbox, claiming to be from your financial institution, credit card company, or another source. It may appear authentic, but be careful – any email requesting personal information or to “verify” account information is usually a scam. Do not respond to this and do not click on any link from this email. Watch the Video
How To Spot Phishing And Other Email Scams
- Any email requesting personal information, or asking you to verify an account, is usually a scam… even if it looks authentic.
- The email may instruct you to click on a link, or call a phone number to update your account or even claim a prize.
- The message will often threaten a dire consequence if you don’t respond immediately, such as closing your account.
These are all are clear signs that someone is “Phishing” for your information.
- Never respond to any email asking for confidential information, even if it appears urgent. Chances are it is a fraudulent email.
- Never click on a link from an email. Instead, type the known Website address into your Internet browser.
- Do not call any phone number provided in a suspicious email. It could be a fake phone number.
- Always use anti-virus and anti-spyware software on your computer, and keep them up-to-date.
There are several types of malware (malicious software), that can infect your computer as you surf the web, including:
- Trojan Horses
- Keystroke Loggers
These programs are becoming more sophisticated and ingenious in their ability to infect your computer. Many are designed to steal your personal information. Watch the Video
Follow these steps to protect your computer from the majority of Internet crime:
- Make sure you have anti-virus and anti-spyware software installed on your computer, keep them updated, and run a full system scan at least weekly.
- Keep your computer operating system up to date, and your firewall turned on.
- Use strong passwords for secure sites. These should include eight or more characters with random numbers, and change your passwords every six months.
- If you download anything from the Internet such as music, movies, or pictures, make sure you do so only from trusted websites. Downloads can be infected with spyware attached to the file.
- Watch for signs of spyware—frequent pop up ads, unexpected icons on your desktop, random error messages or sluggish computer performance are all signs of infection. Run a full system anti-virus and anti-spyware scan to safely remove.
- Be careful when using public computers to perform any type of personal transactions. Just logging into a website may give away passwords and other private information if spyware has been installed on that computer.
The telephone is one of the most often used sources for criminal activity. Here’s how it works. Your phone rings. The caller claims to be from your financial institution, or any other source. They begin asking questions about you and your account. This could be a telephone scam called Vishing. Someone is attempting to steal your identity. And it happens to millions of Americans every year. Watch the Video
Protect Yourself from Vishing Scams
Follow these steps to protect yourself from most types of identity theft telephone scams:
- Never offer personal or account information over the phone without verifying the caller’s identity.
- If you are uncertain of the identity of a caller, hang up and initiate the call yourself using a known phone number.
- Do not call any phone number received in a voice message or email asking for personal information. It could lead you to a phony answering system.
As a general guideline, be highly suspicious anytime you are requested to provide personal information over the phone.
A form of phishing, Smishing is when someone tries to trick you into giving them your private information via a text or SMS message. Smishing is becoming an emerging and growing threat in the world of online security.
Protect Yourself from Smishing Scams
In general, you don’t want to reply to text messages from people you don’t know. That’s the best way to remain safe. This is especially true when the SMS comes from a phone number that doesn’t look like a phone number, such as “5000” phone number. This is a sign that the text message is actually just an email sent to a phone.
Don’t click on links you get on your phone unless you know the person they’re coming from. Even if you get a text message with a link from a friend, consider verifying they meant to send the link before clicking on it.
Never install apps from text messages. Any apps you install on your device should come straight from the official app store. These programs have vigorous testing procedures to go through before they’re allowed in the marketplace.
Be cautious. If you have any doubt about the safety of a text message, don’t even open it.
Almost all of the text messages you get are going to be totally fine. But it only takes one bad one to compromise your security.
Payment fraud happens when someone uses information from your checks, credit and debit cards, or any other form of payment, without your knowledge, to commit fraud or other crimes. But this, and other forms of identity theft, can be avoided if you know how to protect yourself.
- Balance your checkbook, and verify all account and credit card statements as soon as they arrive.
- Pay attention to the date of your statement.
- Keep all checks, credit and debit cards in a safe place.
- Don’t leave outgoing checks or paid bills in your mailbox, and report lost or stolen items immediately.
- Don’t write PIN numbers on your credit or debit cards, or leave them in your wallet for a thief to find.
- Use a paper shredder to securely dispose of any documents containing personal information.
- Make online purchases only from trusted websites. If you have questions about a company, you can check them out with the Better Business Bureau.
- NOTE – Consider paying all your bills electronically with online bill pay. This method is considered more secure than mailing paper checks.
- Keep security software current: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
- Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
- Protect all devices that connect to the Internet: Along with computers, your smartphones, gaming systems and other web-enabled devices also need protection from viruses and malware.
- Plug & scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.
Due to an increase in breaches at popular merchants such as The Home Depot and Wendy’s, cardholder diligence and account monitoring is becoming more important as the first line of defense in fraud mitigation. Here are some best practices:
- Monitor activity on your accounts regularly. Fraudsters are becoming savvier at avoiding detection of fraud monitoring programs by following transaction spending patterns that are similar to cardholders, as well as by using less popular merchants that may not be monitored as heavily.
- When shopping online, do not store your login credentials or your debit/credit card information on websites.
- Ensure your login credentials (specifically passwords) for your computer, online banking, smart phones, websites, or any system where you log in, has secure, complex, passwords that are difficult to guess (ex: minimum of 9 characters long using a combination of upper & lower case letters, number and characters).
- Update passwords for websites regularly to ensure continued protection.
- Be cautious of accessing personal information and of purchasing online if on an unsecured or public WiFi network.
- Ensure that personal computer and smart phone protections are kept current (ex: firewalls, anti-virus software, etc.)
- Be aware of current fraud trends related to social engineering (ex: phishing) and social networking sites (ex: Facebook).
Consumers are protected in a number of ways against unauthorized electronic transactions, but it’s very important to do your part. These protections do not apply to business accounts:
Report lost or stolen debit/ATM cards within two business days.
If you lose your debit/ATM card (or other access device) report it immediately.
By contacting your financial institution within two business days of discovering the loss, you limit your liability to $50. Waiting more than two business days to report the loss increases your liability up to $500.
Important! Review your statement every month.
If you find an unauthorized electronic transaction, you have 60 days to report it to your financial institution in order to limit the amount for which you are liable. If you wait more than 60 days you become liable for the unauthorized transactions. So review your statements every month and report any suspicious activity immediately.
The security of your money and identity is as important to us as it is to you. Let’s work together to protect it.
The most important step in Mobile Banking security is treating your mobile device like a portable computer. A few common-sense precautions will help protect you from fraud and I.D. Theft:
- Set the phone to require a password to power on the handset or awake it from sleep mode. If it’s lost or stolen any personal information stored on the device will be more difficult to access.
- Whether you’re using the mobile Web or a mobile client, don’t let it automatically log you in to your bank account. Otherwise, if your phone is lost or stolen, someone will have free access to your money.
- Don’t save your password, account number, PIN, answers to secret questions or other such information on the mobile device.
- Immediately tell your bank or mobile operator if you lose your phone. The sooner you report the loss, the better protected you are from fraudulent transactions.
- Download and install antivirus software for your mobile device, according to the manufacturer’s recommendations.
- Be careful when downloading Apps. Downloads should always be from a trusted and approved source and endorsed by your mobile device provider.
- Avoid “free offers” and “free ringtones.” An email or instant message that offers free software downloads, such as ringtones, may contain viruses or malware.
- Be cautious of e-mails or text messages from unknown sources asking you to update, validate or confirm your personal details including password and account information. Don’t reply to text messages from people or places that you do not know.
- Treat your mobile device as carefully you would your wallet, cash or credit cards.
- Keep track of account transactions. Review your bank statements as regularly as possible to rule out the chances of fraudulent transactions. If you notice discrepancies, contact your bank immediately.
- Only use Wi-Fi on your device when connected to password protected hotspots. Turn-off any auto-connect features. They might cause your phone to log into unsecure wireless networks without your knowledge.
- Make sure you log out of social networking sites and online banking when you’ve finished using them.
- Install operating system updates for your device as they become available – they often include security updates.
- Before you upgrade or recycle your device, delete all personal/business details.
Mobile Banking is a useful tool that can simplify your life and make managing your money incredibly convenient.
The simple act of sending and receiving mail, and putting your trash out at night can put your personal information at risk. Financial information, checks, bank account and credit card statements, and monthly bills can be stolen from your home, mailbox or even from your trash, and used to access your accounts and steal your identity. Watch the Video
Follow These Steps To Protect Against Identity Theft In Your Home
- Invest in a personal shredder. This is your first line of defense. Shred checking and credit card statements, cancelled checks, pre-approved credit card offers, or anything with your personal information on it before disposal.
- Place your garbage out on the morning of pickup rather than the night before. This gives dumpster divers less opportunity to go through your trash.
- Install a mailbox with a locking mechanism, or pick up your mail immediately after it is delivered each day.
- Change that old habit of placing mail in your mailbox for the carrier to pick up. If you are putting up the flag on your mailbox, you are telling anyone who walks by your mailbox that there is something in it. Always place out-going mail in an official, secure mailbox.
- It’s good practice to store your mail, bank statements, and other papers where they are out of sight and out of reach of anyone who might be in your home.
- When in doubt, throw it out: Links in email, tweets, posts and online advertising are often the ways cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it is best to delete or, if appropriate, mark as junk email.
- Get savvy about Wi-Fi hotspots: For many, open, public Wi-Fi hotspots are just too convenient to ignore. But that’s risky behavior, especially because it’s not that hard to make sure you’re secure. Some of the following tips can be set up before you even leave the house or office. Make sure the next hotspot you connect to—be it in the café or in the sky—isn’t a security nightmare waiting to happen.
- Pick the correct Network: Beware of names that are similar but not the same. This may be a man-in-the-middle attack by hackers dubbed Wi-Phishing. It is an attempt to try to trick you into logging into the wrong network to get your info. Be sure to pick a legitimate network.
- Pick a secure Network: It’s best to stick to hotspots where the provider, be it a conference, hotel, or coffee shop, provides you with a clear network to choose, plus a password to grant access. Then you know at least you’re on the network you’re meant to be using.
- Be your own Hotspot: Almost all laptops and phones make it easy to become your own hotspot.
- Use a Virtual Private Network (VPN): A VPN creates a private tunnel between your laptop or smartphone and the VPN server on the other end, encrypting your traffic from snoops—even your Internet Service Provider or the operator of the hotspot itself.
- Keep your Operating System and Apps Updated: Operating System updates are annoying but necessary. They often fix serious security holes. For example, the iOS 10.3.3 release in the summer of 2017 didn’t look like a big deal but it fixed a vulnerability that let hackers remotely control phones with Broadcom Wi-Fi chips inside which is most phones.
- Protect your money: When banking and shopping, check to be sure the sites are security-enabled. Look for web addresses with “https://,” which means the site takes extra measures to help secure your information. “http://” is not secure.
Corporate Account Takeover is a form of identity theft in which criminals steal your valid online banking credentials. The attacks are usually stealthy and quiet. Malware introduced into your systems may be undetected for weeks or months. Account-draining transfers using stolen credentials may happen at a time when they are not noticed for a day or two. The good news is, if you follow sound business practices, you can protect your company.
- Safer for me, more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community.
- Post only about others as you have them post about you.
- Help the authorities fight cybercrime: Report stolen finances, identities and cybercrime to the Internet Crime Complaint Center and the FTC.
- Multifactor Authentication Security Challenges – The online banking service evaluates your device and usage patterns during the sign-in procedure. If the system cannot establish your authenticity, for your protection during the sign-in process the system may prompt you for further authentication. You may be able to authenticate your identity by choosing between answering a challenge question or entering a onetime passcode.
- Username and Password – For your protection, you must sign in using a username and password to move money.
- System Timeouts – When using our Online or Mobile banking we provide automatic session timeouts just in case you forget to log out.
- Green Bar SSL – The green bar, exclusive to EV SSL certificates, means you are transacting business on a highly secured, trustworthy domain.
- Alerts – We provide you with free low balance notifications to help monitor your accounts.
- Failed Login Attempts – After 3 failed password attempts, all services are locked.
This scam has been around for a number of years, but has just recently resurfaced. The caller targets an elderly individual to let them know their grandson or granddaughter was on vacation and either had a car accident or was arrested for an illegal offense. The caller will tell the victim they must send money immediately to bail the grandson or granddaughter out of jail or to pay a ticket for the recent accident. They are told to use Western Union as bank wires do not always come direct, and there is a Western Union outlet nearby. The amount is usually either $2,500.00 or $5,000.00. Please be aware this is a scam. If you think you have been a victim, or if you have been contacted in this manner, please contact Bank Five Nine’s Security Officer, Sharon Manke, at (262) 560-2010, or email.
Fraudulent telemarketers have found yet another way to steal your money, this time from your checking account. Consumers across the country are complaining about unauthorized debits (withdrawals) from their checking accounts.
Automatic debiting of your checking account can be a legitimate payment method; many people pay mortgages or make car payments this way. But the system is being abused by fraudulent telemarketers. Therefore, if a caller asks for your checking account number or other information printed on your check, you should follow the same warning that applies to your credit card number – do not give out checking account information over the phone unless you are familiar with the company and agree to pay for something. Remember, if you give your checking account number over the phone to a stranger for “verification” or “computer purposes,” that person could use it to improperly take money from your checking account.
The content of our Website is designed or intended to provide convenient access to general information only. For specific financial, accounting, investment, or other professional advice, please Contact a Personal Banker.