What is Identity Theft?
Identity Theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes. This includes personal identifying information such as your name, address, Social Security number, date of birth, user ID/passwords, PIN numbers or account numbers. Identity Theft is a federal crime.
What happens if you are a victim of Identity Theft?
Consumers victimized by Identity Theft can spend hundreds of dollars and hours cleaning up the damages thieves have made of their good name and credit record. They may also lose out on job opportunities, or be denied loans for education, housing, or car loans because of negative information on their credit reports. They could even be arrested for crimes they did not commit. The potential for damages, losses and emotional stress is quite considerable.
How do I prevent Identity Theft?
What is Phishing?
- Always keep your personal information private and secure. If you are asked to provide your personal information, make sure that you know the party asking for it. Do not give out personal information on the phone, through the mail or on the Internet, unless you initiate the contact or you are sure who you are dealing with.
- Always shred documents containing personal information prior to disposing of them. Examples of these documents are bank or utility statements, checks, and other forms containing personal information. This will deter identity thieves from going through your trash to obtain personal information.
- When creating passwords for bank account access, ATM, or credit cards, avoid using information such as your birth date, Social Security Number, phone number, street address number, mother’s maiden name, which can be easily associated with you.
- Carry only the identification information and credit cards or ATM/debits cards that you actually need when leaving your home or office. Always have the phone numbers of all your credit card companies or banks handy in the event you need to contact them for lost or stolen cards.
- Do not leave outgoing mail inside your home mailbox for pickup by the postman. Instead, drop off your mail at the Post Office, or at designated mail boxes. If you plan to be away for some time, call the US Postal Services to request a vacation hold of your mail.
The term “Phishing” is likened to “fishing” for confidential information. It is a form of criminal activity designed to steal your valuable personal or financial information electronically through emails, fraudulent websites, social networking websites, instant message programs, cell phone or other mobile devices.
Oftentimes, Phishing scams rely on placing links in email messages, on web sites, or in instant messages that seem to come from a service that you trust, such as your bank. Phishing mail often includes official-looking logos and other identifying information directly from legitimate web sites, or it may include convincing details about your personal information found on a social networking site. The scam artist may place a link or pop-up window in the email that appears to go to the legitimate web site, but actually takes you to a phony scam site.
How can you tell if an Email Message involves Phishing?
Typically, fraudulent emails appear to be coming from legitimate companies. They could warn you of an urgent problem with your account and trick you into clicking on a link that subsequently opens up your computer to hackers. The following are some phrases that are telltale signs of Phishing:
How can I protect myself and my company from Fraud?
- “Verify your account” – companies should not ask you to send passwords, login names, Social Security Numbers, or other personal information through email. If you receive an email from a company asking you to update your credit card information, do not respond.
- “If you don’t respond within 48 hours, your account will be closed” – these seem like urgent messages so that you will respond immediately without thinking. Phishing email might even claim that your response is required because your account might have been compromised.
- “Click the link below to access your account” – once you click on the link, it may take you to a phony site that asks you to complete forms and provide personal information to update your account. You may not be aware of this since the link may include a similar logo or appearance of the legitimate site.
What can I do to enhance my company’s security?
- Look out for Email Fraud – learn how to identify a Phishing email which may have the following features:
- Generic greetings such as “Dear user” or general information within the email.
- Company logo or other identifying image may be slightly distorted or different from the original company image.
- The links embedded on the email does not match the URL of the legitimate site.
- Email may be threatening, harsh, demanding and scary, forcing the user to comply immediately with the instructions in it.
- An attachment comes with the email asking users to click on it, which will launch a virus or spyware on your computer.
- Spot Website Fraud – emails may direct you to a bogus website that is often very convincing. Beware of these telltale features:
- The site threatens to shut down your account unless you verify your personal information.
- The site returns an error message and asks you to log in.
- The URL in not quite right, does not match the bank’s website, or contains transposed letters and/or unrelated symbols such as @ % $.
- The website logo or identifying image is distorted or stretched, indicating that it has been copied and tampered.
- There are spelling and grammatical errors in the website.
- Telephone numbers on the website differs from the published phone numbers of Bank of the Orient.
- Tools for Security
- Use antivirus software on all servers, desktops and laptops. Check for new virus definitions daily and scan your system weekly.
- Stay up to date with software and security patches to protect against intrusions and infections that can lead to the compromise of your computer files or passwords.
- Use a firewall program on every computer and, install a network firewall if possible. The firewall program will allow you to stop uninvited access to your computer. Not having it will make it easier for hackers to take over your computer, access the personal information stored on it, or use it to commit other crimes.
- Use a secured private network (VPN) over a wireless network to prevent hackers from intercepting your data.
- Look for website privacy policies. They should answer questions about maintaining accuracy, access, security and control of personal information collected by the site. They must also state how your information will be used and if accessed by third parties.
- Delete all personal information from your computers prior to discarding them.
Who can I call if I suspect Fraud involving my account?
- Employee Security – include your employees in creating or modifying your security plan. This will make them feel involved in the process and they are more likely to observe your policies.
- List all the ways your business collects, uses and stores customer and business information.
- List who has access to customer and business information.
- Train everyone on your list to protect sensitive information. Give incentives to employees who alert you of vulnerabilities.
- Keep employees updated on new risks and threats. Conduct periodic training or workshops on security awareness.
- Newly hired employees must undergo background checks, particularly those who will have access to sensitive information within the company.
- Get expert technical help from reputable vendors. Networking is a good way of reaching out to your industry peers for updated information regarding information security.
- Workplace Security – always keep your business confidential. This can be achieved by following these simple steps:
- Handle documents with care. Place them out of sight when you are away from your desk. Follow the “clean desk” policy.
- Lock your laptop or desktop PC when away from your desk. Don’t give thieves an open invitation to copy your files or steal your laptop. Store it in a locked cabinet, if necessary.
- Shred all documents that contain confidential and personal information. Do not let dumpster divers turn your trash to cash. If needed, have a destruction company pick up your documents which are kept in locked shred bins for disposal.
- Pick up mail promptly. Do not leave them in overnight pick-up bins for thieves to steal sensitive information.
- Keep your voicemail short. Avoid leaving detailed messages involving sensitive information which may be overheard by a third party at the other end.
- Computer Security – the following basic tips to keep your computer experience secure:
- Protect your personal information. Do not give them to anyone you don’t trust, especially if the request is urgent or threatening.
- Know who you are dealing with. Don’t open unsolicited emails. Do not open attachments from people you do not know. Do not click on pop-ups or other links.
- Always install anti-virus and anti-spyware software. These softwares are the best way to protect your computer against viruses, worms, Trojan horses. Keep it updated and scan regularly.
- Use a firewall. You should install a personal firewall on every computer and remote device to block internet intruders.
- Use strong passwords. Use a combination of upper and lower case letters, numbers and symbols. It is recommended that you use a minimum of eight characters.
- To safeguard against fire, flood or other disaster, backup important files. Copy them onto a disk or flash drive and store them in a secure place in a different building. For larger operations, you can contract a vendor to save and store your network files for you.
- Put an action plan in place in the event that a security breach occurs. Scan for a virus, report fraud to the appropriate authorities. Follow your security policy.
If you come across a suspicious website or email that claims it’s from Bank of the Orient, do not respond to it. Instead, forward these suspicious emails and websites immediately to email@example.com
If you suspect a fraudulent activity involving your Bank of the Orient account, you should immediately contact our Customer Service Center at 1-800-881-2686.
To efficiently assist you, please have your account information ready, including identifiers relating to your accounts. Please provide specific details concerning the suspected fraud.
Where can I get additional information about Consumer Protection and Online Banking Security?
- www.FTC.gov – The Federal Trade Commission
The FTC deals with issues that touch the economic life of every American. It is the only federal agency with both consumer protection and competition jurisdiction in broad sectors of the economy. The FTC pursues vigorous and effective law enforcement; advances consumers’ interests by sharing its expertise with federal and state legislatures and U.S. and international government agencies; develops policy and research tools through hearings, workshops, and conferences; and creates practical and plain-language educational programs for consumers and businesses in a global marketplace with constantly changing technologies.
- www.FDIC.gov – The Federal Deposit Insurance Corporation
The Federal Deposit Insurance Corporation (FDIC) preserves and promotes public confidence in the U.S. financial system by insuring deposits in banks and thrift institutions for at least $250,000 for interest bearing accounts, and unlimited insurance for non-interest bearing checking accounts thru the year 2012; by identifying, monitoring and addressing risks to the deposit insurance funds; and by limiting the effect on the economy and the financial system when a bank or thrift institution fails.
The FDIC also examines banks for compliance with consumer protection laws, including the Fair Credit Billing Act, the Fair Credit Reporting Act, the Truth-In-Lending Act, and the Fair Debt Collection Practices Act, to name a few. Finally, the FDIC examines banks for compliance with the Community Reinvestment Act (CRA) which requires banks to help meet the credit needs of the communities they were chartered to serve.
- www.OnlineOnGuard.gov – On Guard Online
OnGuardOnline.gov is the federal government’s website to help you be safe, secure and responsible online.
The Federal Trade Commission manages OnGuardOnline.gov, in partnership with the federal agencies listed below. OnGuardOnline.gov is a partner in the Stop Think Connect campaign, led by the Department of Homeland Security, and part of the National Initiative for Cybersecurity Education, led by the National Institute of Standards and Technology.