Mountain View Bank of Commerce takes great care to ensure your identity remains safe and have included this information if you want to learn more about some of the types of fraud and what you can do to minimize your risk.
Identity Theft and Phishing
One way thieves can steal your identity is through phishing. It is pronounced "fishing," and that is exactly what these thieves are doing: "fishing" for your personal financial information like account numbers, passwords, Social Security numbers, and other confidential information that they can use to loot your checking account or run up bills on your credit cards
With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even driver's licenses in your name. They can do damage to your financial history and personal reputation that can take years to unravel. But if you understand how phishing works and how to protect yourself, you can help stop it from happening to you.
Phishers often send an email that claims to be from a business or organization that you deal with--your Internet Service Provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to "update" or "validate" your account information. It might threaten some dire consequence if you don't respond. The message directs you to a Web site that looks just like a legitimate organization's site, but it isn't. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.
Tips to Help Avoid Identity Theft
- Never provide your personal information in response to an unsolicited request.
- If you are unsure if a contact is legitimate, contact your financial institution yourself from verified, genuine contact information like a bank statement or browsing session from a new browser window.
- Never provide your password over the phone or in response to an unsolicited Internet request.
- Never click on the links provided in an email.
- Protect your Social Security Number (SSN), credit card and debit card numbers, PINs (personal identification numbers), passwords and other personal information.
- Protect your incoming and outgoing mail.
- Keep your financial trash "clean” by shredding sensitive information.
- Keep a close watch on your bank account statements and credit card bills.
- Review your credit record regularly. You can sign up for free credit record access through a third party service like Credit Karma, or directly from the credit bureaus: Experian, Equifax, or Transunion.
- Never access bank, brokerage or other financial services information over public wifi. Unauthorized software may be installed to trap an account number and login information, leaving you vulnerable to possible fraud.
Contact your bank representative immediately. If you need to speak to our team, call us at 303.243.5400.
If you have disclosed sensitive information in a phishing attack, you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name. Here is the contact information for each bureau’s fraud division:
- Equifax or by phone at 1-866-349-5191
- Experian or by phone at 1-888-397-3742
- TransUnion or by phone at 1-800-916-8800
- Retrieve your mail promptly after delivery.
- Always deposit your mail in a mail slot at your local post office or hand it to your letter carrier.
- Sign up for verified online services from your financial providers:
- Online Bill Pay – eliminates the need to send your checks through the mail.
- Online Bill Presentment – your bills are sent electronically and not through the mail.
- eStatements – eliminates paper statements that travel through the mail.
Also called "fake antivirus" and "rogue antivirus," scareware is an attempt by cyber thieves to sell computer users useless, and potentially dangerous, antivirus software, registry cleaner or other software which allegedly repairs problems or enhances a computer’s performance.
Scareware is normally recognized by pop-up messages, which resemble Windows system messages, indicating that a large number of problems have been found on the computer. The messages prompt users to purchase software to fix the alleged computer problems and either takes users to the attacker's website or initiates a malware download if the user clicks "Cancel" or the "X" to close the window. Malware installed on computers allows thieves to view users’ passwords and other personal information.
Some of the most aggressive scareware products make critical changes to victims' computers, thus preventing them from restoring their computers to an earlier, secure status. You can protect yourself by understanding this form of cyber crime and avoiding clicking on suspicious pop-up windows.
File a Claim with the Internet Crime Complaint Center (IC3) a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA) designed to serve as a vehicle to receive, develop, and refer criminal complaints regarding cyber crime.
OnGuard Online provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information.
Corporate Account Takeover
Corporate account takeover is a method by which cyber-thieves gain control of a business’ bank account by stealing the business’ valid online banking credentials. Although there are several methods being employed to steal credentials, the most prevalent involves malware that infects a business’ computer workstations and laptops.
A business can become infected with malware via infected documents attached to an email or a link contained within an email that connects to an infected website. In addition, malware can be downloaded to users’ workstations and laptops when the users visit legitimate websites - especially social networking sites - and click on the documents, videos or photos posted there. This malware can also spread across a business’ internal network.
In common attacks, cyber-thieves send emails purporting to come from reputable, national organizations. This is a common tactic to gain credibility and lure unsuspecting individuals into taking some action. A recipient who clicks on the links within the email may be taken to a fake website, which prompts the recipient to unknowingly download malware to the computer.
The malware installs keylogging software on the computer, which allows the perpetrator to capture a user’s credentials as they are entered at the financial institution’s website. Sophisticated versions of this malware can even capture token-generated passwords, alter the display of the financial institution’s website to the user and/or display a fake Web page indicating that the financial institution’s website is down. In this last case, the perpetrator can access the business’ account online without the possibility that the real user will log in to the website.
The cyber-thieves use the sessions to initiate funds transfers, by ACH or wire transfer, to the bank accounts of associates within the U.S. These accounts may be newly opened by accomplices or unwitting “money mules” for the express purpose of receiving and laundering these funds. The accomplices or mules withdraw the entire balances shortly after receiving the money, and then send the funds overseas via over-the-counter wire transfer or other common money transfer services.
The cyber-thieves appear to be targeting small- to medium-sized businesses, as well as smaller government agencies and non-profits, for several reasons:
- Many small businesses and organizations have the capability to initiate funds transfers via ACH or wire. This funds transfer capability is often related to a small business’ origination of payroll payments.
- Many businesses maintain a type of organization chart online, making spear phishing (targeting a specific employee) for an employee with online banking authorities easier.
- Small businesses often do not have the same level of resources as larger companies to defend their information technology systems.
- Many small businesses do not utilize additional banking services, such as password-generating tokens, and do not monitor and reconcile their accounts on a frequent or daily basis.
- Ask about multi-factor authentication
- Ask about dual control features for initiation of payments via Online Banking, with distinct responsibility for transaction origination and authorization.
- Ask about establishing reasonable exposure limits that are related to transaction origination.
- Do not respond to or open attachments or click on links in unsolicited emails.
- If you receive an email from an apparent legitimate source requesting account information or action, contact the sender directly by other means: We will not send customers emails asking for passwords, credit card numbers or other sensitive information.
- Contact us immediately if you encounter a message stating that the system is unavailable while trying to log in to your account.
- Conduct Online Banking and payments activity from a dedicated computer that is not used for other online activity, such as general Web browsing and social networking and/or is not connected to an internal network.
- Ensure that all anti-virus and security software for all computer workstations and laptops is robust and up-to-date.
- Log/turn off and lock up computers when not in use.
- Change the default passwords on all network devices.
- Educate your employees on this type of fraud scheme.
- Monitor and reconcile accounts frequently; many small business clients do not reconcile their bank accounts on a daily basis, and therefore may not recognize fraudulent activity until it is too late to take action.
- Note changes in the performance of your computer such as: loss of speed, changes in appearance, computer locking up, unexpected rebooting or restarting of your computer, unusual pop-up messages, new toolbars and icons or an inability to shutdown or restart.
- Look out for rogue emails; if someone says they received an email from you that you did not send, you may have malware on your computer.
- Run regular virus and malware scans of your computer’s hard drive.
- If you detect suspicious activity, immediately cease all online activity and remove any computer systems that may be compromised from the network.
- Immediately contact us so that the following actions may be taken: disable online access to accounts, change online banking passwords, open new accounts as appropriate, request a review all recent transactions and electronic authorizations on the account and ensure that no one has added any new payees or made any other critical changes to account information.
- File a police report; having a police report on file will often help facilitate the filing of claims with insurance companies, financial institutions and other establishments that may be the recipient of fraudulent activity.
- In addition, you may choose to file a complaint online at www.ic3.gov(Opens in a new Window)(Opens in a new Window). For substantial losses, contact your local FBI field office. (http://www.fbi.gov/(Opens in a new Window)(Opens in a new Window)).
- Have a contingency plan to recover systems suspected of compromise.
- Consider whether other company or personal data may have been compromised.
The Federal Trade Commission’s (FTC) Bureau of Fraud Protection Business Centercontains information about how to protect your business from fraud.