Identity theft is a insidious form of online fraud wherein a person steals your personal and/or financial information, including your name, social security number or bank account number, and then uses this information to:
- Open credit accounts in your name, or run existing accounts.
- Obtain loans in your name, which will not be repaid.
- Open bank accounts in your name in order to write bad checks.
- Commit crimes, which results in arrest warrants being issued in your name.
E-mail and Website Fraud (Phishing)
One of the most common types of e-mail fraud is sending a phony e-mail message that directs the recipient to a fraudulent website. These e-mail’s can look very convincing. There are some common features among many of these types of e-mail.
- Urgent appeal. The message may threaten some consequence if you do not respond.
- Request for Information. There may be a request to update or validate certain personal information.
- Typos and errors. Often the message is poorly written or has spelling errors within the message.
How to Prevent Being Phished
- Don’t reply to any suspect or suspicious e-mail, even if it seems urgent.
- Don’t click on links inside of e-mail.
- Don’t call telephone numbers from e-mail. Instead call the number on the company website, phone book, statement, or back of a Credit/Debit card.
Protecting Your Personal Information
- Carry only necessary identification. Do not carry your social security card with you.
- Take steps to reduce the amount of mail you receive that displays personal information.
- Be cautious when providing your Social Security Number. It’s okay to ask whether it is needed for the application or transaction.
- Check your credit report annually at a minimum.
- Never provide personal information over the phone or internet unless you have initiated the contact and have confirmed the business or person’s identity.
- Avoid leaving any personal information in your car.
- Shred unnecessary documents and eliminate as many paper documents containing your personal information as possible.
- Take your outgoing mail to the post office rather than using street-side mailboxes.
Other Ways to Protect Your Information
- Never give out personal information, such as checking account numbers, credit card numbers and especially your Social Security number. Never give out any of this information over the phone or on the Internet unless you can be certain who you are dealing with, you are the one initiating contact or know that your connection is secure.
- Never carry any of your personal information with you, including Social Security cards or bank account cards.
- Do not preprint your Social Security number, driver’s license number or phone numbers on your checks.
- Only purchase checks and deposit slips from an approved check vendor.
- Do not throw away any mail that contains personal information unless you tear or shred it first.
- Contact major credit reporting companies periodically. Check all credit card statements and inspect them for any improprieties.
- Cancel all unused credit cards, and cut them up before disposing of them.
- Be wary at ATMs. Someone looking over your shoulder can obtain your PIN number and gain access to your account.
- If any financial information is stored on a laptop, be sure to protect it with a password system, with a password that could not easily be guessed.
- Be cautious of any promotions you choose to participate in on the phone or in the mail. Always be on guard and never take any unnecessary risks with your private and personal information.
- Don’t leave outgoing mail in your mailbox. Drop it off at the Post Office or in a secured official Postal Service collection box.
- Review your Credit Report annually. By law you can receive a free credit report each year. Look through the report carefully to see if there is any suspicious activity. If so, contact your credit card company immediately. This report can be requested online at www.annualcreditreport.com, via telephone at 877.322.8228, and via mail at:
Annual Credit Report Request Service
P.O. Box 105281
Atlanta, GA 30348.5281.
Protecting Yourself at the ATM
- Limit time spent at the machine.
- Protect your PIN and passwords — don't keep them in your wallet.
- Keep receipts and compare to monthly statement.
- Treat your ATM card like cash by always protecting it.
- Be aware of strangers when you enter or exit an ATM site. If you notice anything suspicious or unsafe, report it.
- Shield the ATM keypad with your hand or body while entering your PIN (Personal Identification Number).
- Put away your card and cash immediately after completing your transaction.
- Do not let strangers assist you with a malfunctioning ATM, exit to another ATM for use.
- Be extra cautious when using an ATM at night.
What to do if You Become a Victim of Identity Theft
If you believe that you have been the victim of identity theft. The following actions will help minimize your exposure.
GN Bank customers should contact us immediately at 773.624.2000. We will secure your GN Bank accounts and help with an identity theft toolkit for other financial relationships.
- File a police report with local authorities.
- Contact the fraud departments of the 3 credit bureaus below. Place a fraud alert and request a copy of your credit report.
Trans Union: 800.680.7289
- File a complaint with the Federal Tract Commission. Either at www.consumer.gov/idtheft or via telephone at 877.438.4338
For more information on Identity Theft and other account fraud you can visit the following websites.
- National Fraud Information Center: www.fraud.org
- Federal Deposit Insurance Corporation: www.fdic.gov
- Federal Trade Commission: www.consumer.gov/idtheft
- Anti-Phishing Working Group: www.antiphishing.org
- Microsoft: www.microsoft.com/athome/security
Warning about Phishing Attacks!
Please be warned that fraudulent e-mails are being circulated asking for personal account information. These e-mails appear to come from the Bank or other Regulatory Entities with the subject of Important Message and they ask for you to update your account with a security enhancement. These e-mails are part of a large scam to acquire confidential account information, and no email from GN Bank or other Regulatory Entities will ask you for that information. PLEASE DO NOT CLICK ON ANY LINK!
GN Bank will NEVER send you an email, or call you, asking you to provide any confidential account information through an email link, or phone number.
If you receive any emails that appear to be from GN Bank or any Regulatory Entity asking for confidential information you should:
- Treat the email with suspicion. Do not reply to the email or respond by clicking on a link within the email message. Do not dial any phone numbers contained in the email.
- Do not open any attachments contained in the e-mail, they may contain malicious code that will infect your computer.
- Contact your local banking center to report the suspicious email as soon as possible. If the email claims to be from GN Bank you may report by phone or by emailing us through our website by visiting our Contact Us page.
Please be aware that GN Bank takes every precaution to protect your account information. If you have any questions about how GN Bank handles your confidential information, please read our Privacy Notice.
Common Password Practices
- Don't reuse passwords. One ultra-secure one won't be any good if someone finds it.
- Good advice is to make a long but memorable "passphrase". String a few words together that you can remember with a visual.
- Never give out your password to anyone.
- Don’t use dictionary words. If it’s in the dictionary, there is a chance someone will guess it. There’s even software that criminals use that can guess words used in dictionaries.
- Don’t post it in plain sight. This might seem obvious but studies have found that a lot of people post their password on their monitor with a sticky note. Bad idea. If you must write it down, hide the note somewhere where no one can find it.
- Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.
- Don’t fall for “phishing” attacks. Be very careful before clicking on a link (even if it appears to be from a legitimate site) asking you to log in, change your password or provide any other personal information. It might be legit or it might be a “phishing” scam where the information you enter goes to a hacker. When in doubt, log on manually by typing what you know to be the site’s URL into your browser window.
Covid - 19 Scams (Info from FTC)
Keep your guard up against these seven B2B scams that try to exploit companies’ concerns about COVID-19. In addition to sharing this information with your employees and social networks, read on for how you can report Coronavirus scams to the FTC.
“PUBLIC HEALTH” SCAMS
Fraudsters are sending messages that claim to be from the Centers for Disease Control and Prevention (CDC), World Health Organization (WHO), or other public health offices. They may ask for Social Security numbers, tax IDs, etc. Other variations direct you to click on a link or download a document. Remind your staff not to respond to messages like this – and definitely don’t download anything or click on links in unsolicited email. It’s the latest form of phishing aimed at stealing confidential data or installing malware on your network.
GOVERNMENT CHECK SCAMS
You’ve seen news stories about whether financial help for businesses might be available in the future. But remember that criminals read those headlines, too, and use them to make their phony pitches sound more credible. If someone calls or emails you out of the blue claiming there’s money available from a government agency if you just make an up-front payment or provide some personal information, it’s a phony. Our Checks from the government blog post offers tips on spotting those scams.
BUSINESS EMAIL SCAMS
We’ve warned companies about frauds perpetrated via business email. For example, in a CEO scam, an employee gets a message that appears to come from a company higher-up directing the person to wire money, transfer funds, send gift card codes, etc. In reality, a con artist has spoofed the boss’ email address or phone number. Why are we renewing the call for vigilance? The economic upheaval caused by the Coronavirus has led to a flurry of unusual financial transactions – expedited orders, cancelled deals, refunds, etc. That’s why an emergency request that would have raised eyebrows in the past might not set off the same alarms now. Compounding the problem is that teleworking employees can’t walk down the hall to investigate a questionable directive. Warn your staff about these scams and give them a central in-house contact where they can verify requests they may receive.
It works like a CEO scam, but this time the call or message claims to come from a member of your technology staff asking for a password or directing the recipient to download software. These scams pose a particular problem now due to what cybercrime experts call social engineering: the dark art of manipulating human behavior to facilitate fraud. Your employees already may be distracted by changes to their routine and your tech support team is swamped. Taking advantage of this temporary “upside down-ness,” con artists may do a quick online search to glean a tidbit to really sell their story – for example, “I spoke with Fred, who said you were having a computer problem” or “The meeting has been shifted to our new teleconferencing platform. Here’s the link.” Your best defense is a workforce warned against this form of fraud. Again, an in-house source for accurate information can help protect your company.
With many businesses scrambling for supplies, it’s wise to heed warnings about websites that mimic the look of well-known online retailers. They claim to have the essentials you need, but in reality, they’re fakes that take your “order,” grab your credit card number, and run. The safer strategy is to type in URLs you know to be genuine. And before taking a chance on an unfamiliar supplier, check them out with trusted industry colleagues.
While working from home, your employees are hearing a new crop of annoying – and illegal – robocalls. It’s no surprise that fraudsters who already flout the law would try to exploit people’s COVID concerns to make a buck. Some of these tele-phonies pitch bogus test kits and sanitation supplies. Others have businesses in their sights. Curious what these calls sound like? This recording targets “small business who may be affected by the Coronavirus,” warning them to “ensure your Google listing is correctly displaying. Otherwise customers may not find you online during this time.” We’ve seen scams like this before and the call definitely isn’t from Google. Remind your staff that the only right response to an illegal robocall trying to sell something is to hang up.
The rest of us may be adjusting to new ways of working, but it’s business as usual for hackers. With more people telecommuting, hackers are hoping companies will drop their online defenses, making it easier to infiltrate data-rich networks. We have tips to help your staff maintain security when working from home. Also, the National Institute of Standards and Technology (NIST) has resources on making a safer transition to a remote workplace. A good place to start: NIST’s updated Telework Cybersecurity page. Check out NIST’s infographic, Telework Security Overview & Tip Guide. Read their recent bulletin on Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions. And review their advice on Navigating the Conference Call Security Highway.
There’s a special link where you can report possible COVID-19 frauds.