Learn to Protect Yourself From Identity Theft

Have you been a recent or current victim of identity theft?  Report it to the Federal Trade Commission at www.identitytheft.gov  (external link)

Protecting your identity--The Bank of The West can help.

Your identity is one of the most valuable things you own. It’s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft occurs when someone uses your name, address, Social Security Number, credit card or financial account numbers, passwords, and other personal information without your knowledge to commit fraud or other crimes. While the words may sound like a foreign language -- Phishing, Pharming, Vishing, Spyware, Dumpster Diving — they are actually techniques used by thieves to put your identity and finances at risk. And their attacks grow more frequent and sophisticated every year. Identity theft is the fastest growing crime in the United States.

 How to help protect your identity

The simple fact is you can help protect yourself against most forms of identity theft. The first step is education. To make it easier to understand, we’ve divided identity theft into the “Danger Zones.” Take a few moments to learn about each of the Danger Zones and the steps you can take to avoid being a victim.

Danger Zone: Email

Phishing is an email scam used to steal your personal information. Emails similar to the one pictured may appear in your inbox, claiming to be from your financial institution, credit card company, or another source. It may appear authentic, but be careful - any email requesting personal information or to “verify” account information is usually a scam. Do not respond to this and do not click on any link from this email.

How to spot Phishing and other email scams

1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.
2. The email may instruct you to click on a link, or call a phone number to update your account or even claim a prize.
3. The message will often threaten a dire consequence if you don’t respond immediately, such as closing your account.

These are clear signs that someone is “Phishing” for your information.

Follow these steps to avoid email scams

1. Never respond to any email asking for confidential information, even if it appears urgent. Chances are it is a fraudulent email.
2. Never click on a link from an email. Instead, type the known Website address into your Internet browser.
3. Do not call any phone number provided in a suspicious email. It could be a fake phone number.
4. Always use anti-virus and anti-spyware software on your computer, and keep them up-to-date.

Remember, email is not a secure form of communication. So feel free to use your email, but don’t use it to send or receive confidential information. If you need to communicate sensitive information, please call the party directly using a contact number that you obtain from a trusted source, such as a periodic statement or billing invoice.  By following the four basic steps listed, you can help protect yourself from most phishing and other email scams.

Danger Zone: The Internet

The Internet is a great place to browse and do business.  The information contained on the internet is almost limitless.  But, unfortunately, so is the potential for information compromise through scams, cybercrime, and malware.  The internet is a Danger Zone for identity theft, but there are ways to help protect yourself.

There are several types of viruses or malware – which means malicious software – that can infect your computer as you surf the web including:

• Viruses
• Spyware
• Adware
• Trojan Horses
• Keystroke Loggers
• Ransomware

These programs and processes are becoming more sophisticated and ingenious in their ability to infect your computer. Many are designed to steal your personal information or lock it down to prevent you from accessing it.

Learn how to practice safe surfing

Follow these steps to protect your computer from the majority of Internet crime:

• Make sure you have a firewall, anti-virus and anti-spyware software installed and activated on each computer device you own, keep them updated, and run a full system scan at least weekly.
• Keep your devices fully patched with the operating system and applications up to date.
• If your network has WIFI, keep it secured and password protected.  Do not give out the password to strangers.  Remember, anyone who can access your network can intercept your information.
• Use strong passwords for sites. These should include eight or more characters with a mixture of capital and lowercase letters, random numbers, and symbols.  Change your passwords frequently, and don’t use the same password for multiple sites.  Also, don’t reuse passwords.
• Use multi-factor authentication when possible.  Many sites today use multi-factor authentication to further verify your identity.  Forms of multi-factor authentication include email or text message confirmations or verification codes, device registration, and challenge questions.  If you use challenge questions, try to choose questions that cannot be easily guessed or found on the internet (such as on genealogy or social media sites), or you may want to use fictional answers that you can remember but no one else will know.
• If you download anything from the Internet such as music, movies, or pictures, make sure you do so only from trusted and authentic websites. Downloads can be infected with spyware attached to the file.
• Watch for signs of spyware—frequent pop up ads, unexpected icons on your desktop, random error messages or sluggish computer performance are all signs of infection. Run a full system anti-virus and anti-spyware scan to safely remove.
• Never access your online banking or other websites that contain your personal information on a public computer, or unsecured public WIFI.  You never know who may be snooping on the network and recording what you do, including account logon information.  If you do utilize public WIFI, consider using VPN software to protect your information.

Following these steps will help protect you from the most common forms of identity theft while surfing the Internet.

Danger Zone: Telephone

The telephone is one of the most often used sources for criminal activity. Here’s how it works. Your phone rings. The caller claims to be from your financial institution, or any other normally trusted source. They begin asking questions about you and your account. This could be a telephone scam called Vishing. Someone is attempting to steal your identity. And it happens to millions of Americans every year.

Protect yourself from telephone scams

Follow these steps to protect yourself from most types of identity theft telephone scams:

• Never offer personal or account information over the phone without verifying the caller’s identity.
• If you are uncertain of the identity of a caller, hang up and initiate the call yourself using a known phone number.
• Do not call any phone number received in a voice message or email asking for personal information. It could lead you to a phony answering system.
• Do not panic.  Many telephone scams will try to play on your emotions to get you to give information or make payment immediately.  They will demand an immediate response, trying to get you to panic and give information or payment.  Always verify information directly with your loved ones before you give out information or make payment.

As a general guideline, be highly suspicious anytime you receive a call that requests you to provide personal information over the phone.

Danger Zone: Payments

Payment fraud happens when someone uses information from your checks, credit and debit cards, or any other form of payment without your knowledge to commit fraud or other crimes. But this, and other forms of identity theft, can be quickly stopped if you know how to protect yourself.

Avoid being a victim of payment fraud

Don’t make it easy for criminals to steal your personal information. Here are some common sense tips to protect your identity:

• Balance your checkbook, and verify all account and credit card statements as soon as they arrive.
• Keep all checks, credit and debit cards in a safe place.
• Don't leave outgoing checks or paid bills in your mailbox, and report lost or stolen items immediately.
• Don’t write PIN numbers on your credit or debit cards, or leave them in your wallet for a thief to find.
• Use a paper shredder to securely dispose of any documents containing personal information.
• Make online purchases only from trusted Web sites. If you have questions about a company, you can check them out with the Better Business Bureau.
• Consider paying all your monthly bills electronically by enrolling in auto pay with the company, or make payments with online bill pay. These methods are considered more secure than mailing paper checks.

Reducing your risk of identity theft starts with protecting your personal information. Keep it from getting into the wrong hands. Always be diligent about protecting your identity.

Danger Zone: Home

The simple act of sending and receiving mail, and putting your trash out at night, can put your personal information at risk. Financial information, checks, account and credit card statements, and monthly bills can be stolen from your home, mailbox or even from your trash, and used to access your accounts and steal your identity.

Follow these steps to protect against identity theft in your home

• Invest in a personal shredder. This is your first line of defense. Shred checking and credit card statements, cancelled checks, pre-approved credit card offers, or anything with your personal information on it before disposal.
• Place your garbage out on the morning of pickup rather than the night before. This gives dumpster divers less opportunity to go through your trash.
  Install a mailbox with a locking mechanism, or pick up your mail immediately after it is delivered each day.
• Change that old habit of placing mail in your mailbox for the carrier to pick up. Always place out-going mail in an official, secure mailbox to prevent outgoing mail from being intercepted.
• It’s good practice to store your mail, account statements, and other papers where they are out of sight and out of reach of anyone who might be in your home.

By following these steps you are on the right track to protecting your identity. Learning about all the identity theft danger zones and the simple steps you can take to help avoid being a victim is the best way to protect your good name. 

Danger Zone: Mobile Devices

The most important step in keeping mobile devices such as phones and tablets secure is realizing that mobile devices are portable computers and treating them as such.  A few common-sense precautions will help protect you from fraud and I.D. Theft:

• Set the device to require a strong password to power on or awake it from sleep mode. If it's lost or stolen any personal information stored on the device will be more difficult to access. Whether you're using the mobile Web or a mobile app, don't let it automatically log you in to your bank account or other financial or sensitive apps or websites. Otherwise, if your phone is lost or stolen, someone will have free access to your money.
• Don't save your password, account number, PIN, answers to secret questions or other such information on the mobile device.
  Immediately tell your bank or mobile operator if you lose your mobile device. The sooner you report the loss, the better protected you are from fraudulent transactions.
• When possible, download and install antivirus software for your mobile device, according to the manufacturer's recommendations.
  Be careful when downloading apps. Downloads should always be from a trusted and approved source and endorsed by your mobile device provider.
  Avoid "free offers" and "free ringtones." An email or instant message that offers free software downloads, such as ringtones, may contain viruses or malware.
• Be cautious of e-mails or text messages from unknown sources asking you to update, validate or confirm your personal details including password and account information. Don't reply to text messages from people or places that you do not know.
• Treat your mobile device as carefully you would your wallet, cash or credit cards.
• Keep track of account transactions. Review your bank statements as regularly as possible to rule out the chances of fraudulent transactions. If you notice discrepancies, contact your bank immediately.
• Only use WIFI on your device when connected to password protected hotspots. Turn-off any auto-connect features. They might cause your phone to log into insecure wireless networks without your knowledge  Consider using a reliable Virtual Private Network (VPN) to increase security when using public WIFI .
• Make sure you log out of social networking sites and online banking when you’ve finished using them.
• Install operating system updates for your device as they become available - they often include security updates.  Discontinue using devices for sensitive transactions when they have reached their “end-of-life,” meaning that operating systems are no longer being updated and patched.
• Do not bypass your devices security or operating protocols, often referred to as “jailbreaking.”  Bypassing these controls opens up the device to many forms of attack or compromise.
• Keep your apps updated to the latest versions to reduce security flaws and performance issues.
• Before you upgrade or recycle your device, delete all personal/business details.  Perform a “factory reset” if possible.

Mobile Devices are useful tools that can simplify your life and make staying connected very easy.  By using common sense, it can also be a safe and secure part of your daily life.

Danger Zone:  Social Engineering

“Social Engineering” is any method of theft that manipulates your human nature in order to gain access to your personal, nonpublic information. Here are a few ways you can protect yourself from thieves that use Social Engineering techniques:

• Don't respond to ANY email or social network post or message that asks for money or confidential information. Thieves can hack email and social network accounts, and then pose as a friend or family member in order to gain your trust.
• Don't assume that an unsolicited phone call or email is actually from a trusted source. Thieves can research your purchases or donations, then pose as a business or charity you trust. Or, they may pose as law enforcement, a bank officer or another trusted authority figure. Just because they have bits of information about you or your past activities doesn't mean they are legitimate.
• Verify, verify, verify.  Social Engineering often tries to instill panic in you to get you to release information or perform a transaction in the heat of the moment.  If someone on the phone, or a message in your inbox, is telling you there is a problem with your online banking account, online auction account, credit card account, tax return, or even a family member, don't give them additional information to “fix” the problem. Instead, hang up the phone or delete the email and check those accounts directly by logging in normally or calling a published customer service number, or calling or texting your relative directly.
• Be conscious what can be learned about you. Many kinds of online accounts, including online banking, use challenge questions as part of their security.  Make sure you don't choose responses that can be found online. For example, don't use your mother's maiden name if it is mentioned on a social network profile or genealogical website, and don't use any information that is shared on your social media profile. Thieves are very good at digging out those details from online searches.  The best challenge questions are answers that you make up--ones that you can remember but that no one else knows.
• Remember, even the most innocent email attachments can be infected with computer malware. Common and popular files like PDFs, JPGs and spreadsheets can provide a platform for installing viruses or keystroke-logging malware on your computer. If you aren't certain the file came from a legitimate business, charity or person, don't open it without verifying. Call them and ask if they sent an email with an attachment.

Those executing Social Engineering attacks are smart and very good at exploiting your honesty and natural cooperation. They can send email that looks like it came from a family member, or hijack your best friend's social network account.  They can call you and make any number or person show up on your caller ID.  Don't let your good nature become your downfall.  It’s OK to be suspicious—in fact, we encourage it!  The best way to avoid Social Engineering schemes is to be cautious and suspicious of ANY request for money, passwords, account numbers, or other confidential information – no matter from where it seems to be coming.

Danger Zone: Social Media

 Social media sites like Facebook, Instagram, and Twitter, among others, are the new gathering place for people.  With just a few clicks, you can update you status, post photos, find new friends, and do many other things as well.  Social media can allow you to reconnect with long-lost friends as well as make new ones.  But not everyone you find on social media sites really wants to be your friend.  Identity Thieves and fraudsters are lurking out there, looking for ways to get information about you they can use for their own personal gain.  Here are some things you can do to help reduce your social media risk of identity theft:

• Keep your account secure.  Use a complex password for your profile, and log out when you aren’t actively using the service.  Change your password frequently, and do not reuse old passwords or passwords that you use on other sites.
• Know who your friends are.  Don’t accept random friend or linking requests until you research the request.  Is this a brand new profile with few other friends?  It could be a phony profile made with the specific intent of wanting to steal information about you or those close to you.
• Know who can see what you post.  Review your privacy settings for each social media platform you use.  Limit what personal information can be viewed, and who can view it.  Keep your posts private and not viewable by those who are not in your friends list.
• Limit what personal information you post on social media.  In today’s world, you can find a lot out about a person from their social media sites.  Limiting what personal information is posted to those sites and who is allowed to see it will make it harder for criminals to steal your identity.  Before you share information, think of how it could be used to steal your identity.
• Think before you post.  There is such a thing as sharing too much information, especially on social media.  Many things that seem innocuous can reveal information about you.  For example, before you fill out that “just for fun” survey and post it to your profile, stop and think about what kind of questions are used as multi-factor authentication on other website logins.  And, once you post information, it can be very difficult if not impossible to remove.
• Beware of scams.  Social media sites can be a playground for thieves.  Beware of advertisements for products that seem too good to be true, because more than likely they are.  Clicking on links may expose you to malware, or to sites outside of the social media platform.  Be very careful when purchasing products through social media posts.  Do your research on the retailer before you complete the purchase to try to see if there are many complaints or warnings.  Also, some social media sites have “marketplaces” where you can buy, sell, or trade goods or services.  Always be very careful on these places as scams run rampant.
• Report abuse.  If  you find offensive or inappropriate content, or discover fraudulent or deceptive pages or profiles, report them to the site administrator.  You may help prevent someone else from being a victim.

We hope that these “Danger Zone” tips will help you to be more aware of the ways your personal information is at risk, and will help to prevent you from becoming a victim of identity theft.  However, though you can mitigate the risk, it can’t be eliminated entirely.  We all make mistakes, and sometimes in spite of our best efforts, or through circumstances that can’t be controlled, identity theft or data compromise will still occur.  Here are some things to do to monitor for possible identity theft:

How to Spot Identity Theft

• Review your account statements.  Whether it’s a bank account or a bill, you should review your periodic statements as soon as you get them, and report any unauthorized or suspicious activity or transactions.  Companies have error resolution procedures in place, but if you don’t identify and report fraudulent activity in a timely manner they won’t be able to help you.
• Set up account alerts.  Set up your account to receive alerts when transactions occur that are out of pattern with your normal activity to help you identify and report unauthorized transactions more quickly.
• Monitor your credit reports.  You should periodically monitor your credit reports to watch for any inquires or new accounts that you didn’t authorize.  There are several services that will show you your credit report and help to monitor it for a fee, but you don’t have to pay to receive your credit report.  Once every 12 months, you can obtain your credit report for free from each of the three major credit reporting bureaus by going to https://annualcreditreport.com.

Oops. Now What?

If you find yourself a victim of identity theft, here’s what you should do as soon as possible:

• Act fast:  The sooner you take action, the better chance you have to stop the activity.
• Report fraudulent accounts or transactions to your bank and/or the company where they occurred to begin the error resolution process.
• Obtain your credit report to check for other fraudulent activity. 
• Contact the three major credit bureaus and place a fraud alert on your file.  Here are their numbers:
  Equifax  800-766-0008
  Experian  888-397-3742
  TransUnion  800-680-7289
• Contact your local law enforcement department and file an ID theft report.
• Close any affected accounts and reopen them with different account numbers.

  
More Information About Unauthorized Transactions

Consumers are protected in a number of ways against unauthorized electronic transactions, but it’s very important to do your part.  Here are some protections afforded to consumer accounts if you report fraudulent transactions in a timely manner:

• Report lost or stolen debit/ATM cards within two business days.  If you lose your debit/ATM card (or other access device) report it immediately.  By contacting your financial institution within two business days of discovering the loss, you limit your liability to $50, or even $0 for non-PIN’d transactions conducted with Visa branded cards, (unless you have been grossly negligent or have engaged in fraud).  Waiting more than two business days to report the loss can increase your liability up to $500. 
• Important! Review your account statements every month. If you find an unauthorized check or electronic transaction, you have 60 days to report it to your financial institution in order to limit the amount for which you are liable. If you wait more than 60 days you become liable for the unauthorized transactions. So review your statements every month and report any suspicious activity immediately.

The best way to report unauthorized activity to us is to contact your local branch or the main bank at: 580-661-3541.

The security of your money and identity is as important to us as it is to you. Let's work together to protect it. 

If you have any questions, or would like more information on information, please call us at (580) 661-3541 and we will be happy to assist you.