Previous Cyber Security Articles
Bank Account Safety Tips for Preventing Fraud - January 2019
Avoiding Social Engineering and Phishing Attacks - July 2018
Taxpayer Guide to Identity Theft - April 2018
Debit Card Fraud & the Holidays - December 2017
Cyber Security: What you should know - October 2017
With millions of identity fraud victims in the United States annually, anyone with a bank account must take the proper precautions. Fortunately, guarding yourself from fraudsters requires a minimal time investment and a little common sense. Here are some easy ways to protect your bank accounts and avoid identity theft.
Check your account activity regularly.
This may be the single most effective strategy you can employ to secure your finances. Balancing a checkbook is advised, though the technique is becoming outdated with the advent of online banking. At the very least, you should login to Online Banking or use the Mobile Banking app and view your account activity multiple times every week to make sure there are no unexpected transactions. Report any discrepancies to Unity Bank immediately. You can enroll in Online & Mobile Banking here.
Use a strong password for online banking.
Do not use your birthday, your spouse’s name, your kid’s name, your social security number, your address or anything that’s too obvious. Always use a capital letter or two along with a few numbers. An example of a bad password would be “sarah.” An example of a good password would be “Minne50ta#$.” And never set the word “password” as your password.
Change passwords periodically.
Get a new password every few months or so. Unity Bank’s Online Banking requires you to change your password every 6 months.
Do not give out account info over the phone or email.
Your bank will not call or email requesting your account numbers, PINs or passwords. They already have this information. You should be automatically suspicious of unexpected calls or emails.
Use anti-virus protection software, firewalls and spyware blockers.
By acquiring these basic computer protection tools, you significantly reduce your vulnerability to cyber attacks and fraud attempts. Make sure to also keep your computer updated with the most recent security patches.
Don’t use public computers for online banking.
This is never a good idea. Even if you’re careful to make sure no one sees your screen and you remember to log out completely, an expert scam artist can find ways to record your activity. You should also avoid conducting transactions using public Wi-Fi.
What is a social engineering attack?
In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.
What is a phishing attack?
Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.
Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as
- natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
- epidemics and health scares (e.g., H1N1)
- economic concerns (e.g., IRS scams)
- major political elections
How do you avoid being a victim?
- Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
- Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
- Don't send sensitive information over the Internet before checking a website's security. (See Protecting Your Privacy for more information.)
- Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group.
- Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic. (See Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information.)
- Take advantage of any anti-phishing features offered by your email client and web browser.
What do you do if you think you are a victim?
- If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
- Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
- Watch for other signs of identity theft. (See Preventing and Responding to Identity Theft for more information.)
- Consider reporting the attack to the police, and file a report with the Federal Trade Commission.
(2018, June 4). Security Tip(ST04-014) Avoiding Social Engineering and Phishing Attacks. Retrieved from https://www.us-cert.gov/ncas/tips/ST04-014
For 2018, the IRS, the states and the tax industry joined together to enact new safeguards and take additional actions to combat tax-related identity theft. Many of these safeguards will be invisible to you, but invaluable to our fight against these criminal syndicates. If you prepare your own return with tax software, you will see new log-on standards. Some states also have taken additional steps. See your state revenue agency’s web site for additional details.
WHAT IS TAX-RELATED IDENTITY THEFT?
Tax-related identity theft occurs when someone uses your stolen Social Security number to file a tax return claiming a fraudulent refund.You may be unaware that this has happened until you efile your return and discover that a return already has been filed using your SSN. Or, the IRS may send you a letter saying we have identified a suspicious return using your SSN.
KNOW THE WARNING SIGNS
Be alert to possible tax-related identity theft if you are contacted by the IRS or your tax professional/provider about:
- More than one tax return was filed using your SSN.
- You owe additional tax, refund offset or have had collection actions taken against you for a year you did not file a tax return.
- IRS records indicate you received wages or other income from an employer for whom you did not work.
If you suspect you are a victim of identity theft, continue to pay your taxes and file your tax return, even if you must do so by paper.
STEPS TO TAKE IF YOU BECOME A VICTIM
If you are a victim of identity theft, the Federal Trade Commission recommends these steps:
- File a complaint with the FTC at identitytheft.gov.
- Contact one of the three major credit bureaus to place a ‘fraud alert’ on your credit records:
- Equifax, www.Equifax.com, 800-525-6285
- Experian, www.Experian.com, 888-397-3742
- TransUnion, www.TransUnion.com, 800-680-7289
- Contact your financial institutions, and close any financial or credit accounts opened without your permission or tampered with by identity thieves.
If your SSN is compromised and you know or suspect you are a victim of tax-related identity theft, the IRS recommends these additional steps:
- Respond immediately to any IRS notice; call the number provided.
- Complete IRS Form 14039, Identity Theft Affidavit, if your efiled return rejects because of a duplicate filing under your SSN or you are instructed to do so. Use a fillable form at IRS.gov, print, then attach the form to your return and mail according to instructions.
If you previously contacted the IRS and did not have a resolution, contact us for specialized assistance at 1-800-908-4490. We have teams available to assist.
ABOUT DATA BREACHES AND YOUR TAXES
Not all data breaches or computer hacks result in tax-related identity theft. It’s important to know what type of personal information was stolen. If you’ve been a victim of a data breach, keep in touch with the company to learn what it is doing to protect you and follow the “Steps for victims of identity theft.” Data breach victims should submit a Form 14039, Identity Theft Affidavit, only if your Social Security number has been compromised and your efile return was rejected as a duplicate or IRS has informed you that you may be a victim of tax-related identity theft.
HOW TO REDUCE YOUR RISK
Join efforts by the IRS, states and tax industry to protect your data.
Taxes. Security. Together. We all have a role to play. Here's how you can help:\
- Always use security software with firewall and anti-virus protections. Use strong passwords.
- Learn to recognize and avoid phishing emails, threatening calls and texts from thieves posing as legitimate organizations such as your bank, credit card companies and even the IRS.
- Do not click on links or download attachments from unknown or suspicious emails.
- Protect your personal data. Don’t routinely carry your Social Security card, and make sure your tax records are secure.
See Publication 4524, Security Awareness for Taxpayers, to learn more.
The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.
Report suspicious online or emailed phishing scams to:email@example.com. For phishing scams by phone, fax or mail, call 1-800-366-4484. Report IRS impersonation scams to the Treasury Inspector General for Tax Administration’s IRS Impersonation Scams Reporting.
(2018, March 6). Taxpayer Guide to Identity Theft. Retrieved from www.irs.gov/newsroom/taxpayer-guide-to-identity-theft
Credit card fraud takes place every day in a variety of ways. You can’t always prevent it from happening, but you can create some obstacles and make it tougher for someone to get hold of your cards and card numbers. Treating your credit cards and account numbers like cash — that is, very carefully — is one way to head off potential misuse.
HOW DOES CREDIT CARD FRAUD HAPPEN?
Theft, the most obvious form of credit card fraud, can happen in a variety of ways, from low tech dumpster diving to high tech hacking. A thief might go through the trash to find discarded billing statements and then use your account information to buy things. A retail or bank website might get hacked, and your card number could be stolen and shared. Perhaps a dishonest clerk or waiter takes a photo of your credit card and uses your account to buy items or create another account. Or maybe you get a call offering a free trip or discounted travel package. But to be eligible, you have to join a club and give your account number, say, to guarantee your place. The next thing you know, charges you didn’t make are on your bill, and the trip promoters who called you are nowhere to be found.
WHAT CAN YOU DO?
Incorporating a few practices into your daily routine can help keep your cards and account numbers safe. For example, keep a record of your account numbers, their expiration dates and the phone number to report fraud for each company in a secure place. Don’t lend your card to anyone — even your kids or roommates — and don’t leave your cards, receipts, or statements around your home or office. When you no longer need them, shred them before throwing them away. Check your account with online banking or our Mobile Banking app frequently for any unusual charges.
Other fraud protection practices include:
- Don’t give your account number to anyone on the phone unless you’ve made the call to a company you know to be reputable. If you’ve never done business with them before, do an online search first for reviews or complaints.
- Carry your cards separately from your wallet. It can minimize your losses if someone steals your wallet or purse. And carry only the card you need for that outing.
- During a transaction, keep your eye on your card. Make sure you get it back before you walk away.
- Never sign a blank receipt. Draw a line through any blank spaces above the total.
- Save your receipts to compare with your statement.
- Open your bills promptly — or check them online often — and reconcile them with the purchases you’ve made.
- Report any questionable charges to Unity Bank.
- Notify Unity Bank if your address changes or if you will be traveling.
- Don’t write your account number on the outside of an envelope.
REPORT LOSSES AND FRAUD
Call Unity Bank at 877-212-2423 during normal business hours or call 800-472-3272 after normal business hours and weekends. Call us as soon as you realize your card has been lost or stolen. If you suspect that the card was used fraudulently, you may have to sign a statement under oath that you didn’t make the purchases in question.
WHAT YOU SHOULD KNOW
“Being online exposes us to cyber criminals and others who commit identity theft, fraud, and harassment. Every time we connect to the Internet—at home, at school, at work, or on our mobile devices—we make decisions that affect our cyber security. Emerging cyber threats require engagement from the entire American community to create a safer cyber environment—from government and law enforcement to the private sector and, most importantly, members of the public.” www.dhs.gov
Unity Bank wants to help educate our customers and communities about the threat of cyber related crimes and what you can do to protect yourself. Computer-related crimes are affecting our business and consumer customers. As a bank we are required to have information security programs in place to safeguard our customer information but you also need to know how to protect yourself.
Protect Your Computer
Malicious software, known as malware, is used to access your computer and steal information like passwords and account numbers. To protect yourself against malware you would install anti-malware software on your computers. A firewall may also be used to prevent unauthorized access to your computer. Ensure that the protection options you put into place are set to allow for automatic updates.
Use Strong Logon Methods for Financial Accounts
When accessing your financial accounts online it is recommended that you use the strongest authentication offered. This is especially important if you conduct high risk transactions like ACH or Wire Transfers through online banking systems. Passwords should be difficult to guess and should not be shared. Create “strong” user IDs and passwords for your computers, mobile devices, and online accounts by using combinations of upper and lower case letters, number and symbols that are hard to guess. They should be changed regularly. Using the same password or PIN for several accounts may be tempting but it also means if a criminal obtains one password or PIN they can access multiple accounts.
If a web address starts with “https://.” you can be more confident that the website is authentic and that is encrypts (scrambles) your information during transmission. Always make sure to log out of financial accounts once you have completed your transaction before you walk away from the computer.
Beware of Unsolicited Emails
Be very cautious if you receive an unsolicited email asking you to click on a link, download an attachment or provide account information It is a common strategy for cyber criminals to copy the logo of a reputable company into an email to entice the recipient. By following the request in the email you may be installing malware on your computer. The safest strategy is to ignore these requests even if they seem legitimate.
Use Caution Connecting to the Internet
When conducting your banking online you should only connect to known, trusted secure connections using a known device such as your personal computer or mobile device. Public computers in libraries or hotels and free Wi-Fi networks are not necessarily secure. Using them can be easy for cyber criminals to intercept the Internet traffic at these public locations.
Be Careful using Social Media
Cyber criminals gather details like place or date of birth and mother’s maiden name on people from social media sites that can assist them in figuring out passwords or even reset them. Don’t share your social media pages with anyone you don’t know or trust. Cyber criminals may pretend to be your friend to convince you to divulge personal information.
Tablets and Smartphones
Choosing to allow your devices and apps for automatic updates when they are available will help to reduce your vulnerability to problems. Never leave your devices unattended. Require a password or other security feature to restrict access in case it is lost or stolen. Enabling features like “time-out” or“auto-lock” secures your device when unused for a certain period of time. Before downloading apps research them to ensure they are legitimate.