How to Avoid Identity Theft
First National Bank & Trust wants to help protect you from identity theft but we can only help you. It is your responsibility to become informed about fraud and identity theft. Fraudulent email (also called phishing, spoofing or imposter email) and fake Web sites are being used to trick people into providing personal information that can then be used for identity theft. Identity Theft Brochure
What is identity theft?
Identity thieves want your personal information so they can:
Open a new credit card account, using your name, date of birth, and Social Security Number.
Call your credit card issuer, pretending to be you, change the mailing address on your account, and then run charges up on your account.
Open a bank account in your name and write bad checks on that account.
How to recognize fraudulent email
Be wary of any seemingly legitimate email request for account information, often under the guise of asking you to verify or reconfirm confidential personal information such as account number, Social Security Numbers, passwords or other sensitive information.
It’s often hard to detect a fraudulent email. That’s because the email address of the sender often seems genuine (such as firstname.lastname@example.org), as do the design and graphics. But there are clear signs to be aware of. For example, fraudulent emails often try to extract personal information from you in one of two ways:
1. By luring you into providing it on the spot (e.g., by replying to the email), or
2. Including links to a Web site that tries to get you to disclose personal data
Like the email, a fraudulent Web site is designed to trick you into believing it belongs to a company you know by using its brands as domain names and/or its graphics. The ultimate goal of this fraud is to use your information to gain unauthorized access to your bank or financial accounts or to engage in other illegal acts.
Do not reply to any email requesting your personal information, or one that sends you personal information and asks you to update or confirm it. If you receive an email you are suspicious of, contact the company through an address or telephone number you know to be genuine. First National Bank & Trust will never send you any email that requests your account information or asks you to verify a statement.
If you suspect you have provided confidential account or personal information to a fraudulent Web site, change your password immediately, monitor your account activity frequently and report any suspicious activity to the company.
What you can do about phishing schemes
The Department of Justice recommends following three simple rules when you see emails or Web sites that may be part of a phishing scheme: Stop, Look, and Call.
1. Stop. Phishers typically include upsetting or exciting (but false) statements in their emails with one purpose in mind. They want people to react immediately to that false information, by clicking on the link and inputting the requested data before they take time to think through what they are doing. Resist that impulse to click immediately. No matter how upsetting or exciting the statements in the email may be, there is always enough time to check out the information more closely.
2. Look. Look more closely at the claims made in the email, think about whether those claims make sense, and be highly suspicious if the email asks for numerous items of your personal information such as account numbers, usernames, or passwords. For example:
If the email indicates that it comes from a bank or other financial institution where you have a bank or credit card account, but tells you that you have to enter your account information again, that makes no sense. Legitimate banks and financial institutions already have their customers’ account numbers in their records. Even if the email says a customer’s account is being terminated, the real bank or financial institution will still have that customer’s account number and identifying information.
If the email says that you have won a prize or are entitled to receive some special “deal,” but asks for financial or personal data, there is good reason to be highly suspicious. Legitimate companies that want to give you a real prize don’t ask you for extensive amounts of personal and financial information before you’re entitled to receive it.
3. Call. If the email or Web site purports to be from a legitimate company or financial institution, call or email that company directly and ask whether the email or Web site is really from that company. To be sure that you are contacting the real company or institution where you have accounts, credit card accountholders can call the toll-free customer numbers on the backs of your cards, and bank customers can call the telephone numbers on your bank statements.
How to avoid viruses and other malicious programs
If you receive a suspicious email, don’t open it. Immediately delete both the email and the attachment, as it may contain a virus or malicious program. Do not open the attachment. If you do open an attachment containing a virus or other malicious program, clean your system using anti-virus software and change your Internet and system passwords. We encourage you to use and maintain the most updated anti-virus software, and never to open emails or attachments that come from an unrecognized source.
Some recent examples of email and Internet fraud
Closed account hoaxes: An email is sent purporting to be from a financial institution or the FDIC, saying that the recipient’s account has been closed or frozen, and requesting that they click on a link provided in the email. The link takes them to an imposter Web site, which requests that they provide information about their account. The fake FDIC emails attempted to frighten the recipient by saying falsely that the Director of the Department of Homeland Security has advised the FDIC to suspend all deposit insurance on the email recipient’s bank account due to violations of the USA Patriot Act.
“Accounting department” hoax: Email has been sent to individuals at various companies, purportedly from that company’s accounting department. The message asks the recipient to open an attachment to read an Internet Billing Notice. The attachment contains a virus, which then sends itself to everyone in the recipient’s email contact list.
Internet auction hoaxes: People selling items on eBay and other Internet auction sites have been given counterfeit checks in payment for an item. The buyer sends the seller a counterfeit check for more than the item’s selling price and requests that the seller send the difference back to the buyer through Western Union or some other means. When selling an item on the Internet, only accept payment for the actual amount of the item that you are selling. If you suspect the payment item might not be good, call the bank from which it is drawn to verify the form of payment before shipping the item.
Tips for accessing your accounts safely online
You can help protect your security online by taking the following steps:
Be alert for fraudulent emails. These may appear to come from a trusted business or friend, but are actually designed to trick you into downloading a virus or jumping to a fraudulent Web site and disclosing sensitive information.
Carefully review Web sites and online advertisements before taking any action or submitting any personal information online. If you suspect that a Web site is not what it claims to be, leave the site immediately.
Keep your operating system up to date and use a current browser.
Use virus protection software, and keep it updated. Anti-virus software needs frequent updates to guard against new viruses. Make sure you download the anti-virus updates as soon as you are notified that a download is available.
Install a personal firewall to help prevent unauthorized access to your home computer. This is especially important if you connect to the Internet using a cable modem or a digital subscriber line (DSL).
Protect your password. Choose passwords that are difficult for others to guess, and use a different password for each of your online accounts. Use both letters and numbers and a combination of lower case and capital letters if the passwords are case sensitive.
Monitor your transactions. Review your order confirmations, credit card and bank statements as soon as you receive them to make sure you’re being charged only for transactions you made. Immediately report any irregularities in your accounts by calling 1-800-876-3237.
How to protect your identity offline
Dispose of printed account statements, ATM receipts, store and restaurant receipts and other documents containing your account information in a secure location. Shred or tear up papers with account or other personal information. Many identity thieves have obtained the information they needed by going through the victim’s trash.
Do not leave statements or other documents with your personal information lying around where others can see them.
Minimize the amount of personal information a criminal can steal. Don’t carry extra credit cards, your Social Security card, birth certificate or passport.
Sign your credit cards as soon as you receive them.
Keep a list of all your credit cards, loans, account numbers and expiration dates in a safe place so you can notify creditors in case of theft or loss.
Never give a credit card number or loan account information over the phone unless you initiated the call.
Check your credit report for accuracy at least once a year.
Take care when using ATM machines to shield the keyboard from view when you enter your PIN. Someone could look over your shoulder, memorize your PIN, and use it to gain access to your information later.
Be aware of who is listening when you give personal information over the phone, whether at your desk at work, or in public on a pay phone or cell phone.
Some things you can do if you are a victim of identity theft
Following are some options that may be helpful if you are a victim of identity theft.
1. Contact one of the major credit reporting companies:
If you call one of these companies, they will pass on your information to the other two companies, saving you time. Each company will follow a standardized three-step process to post a security alert on the credit file, opt you out of pre-approved offers of credit or insurance and mail you a copy of your file.
Here is what the process will look like in more detail once you make the call:
The company receiving the initial call will notify you of the ID fraud initiative and will electronically notify the other two credit reporting companies of the crime.
A fraud alert will be put on your credit report at all three nationwide credit reporting companies within 24 hours.
You will be opted out of all pre-approved offers of credit and insurance for two years.
Your request for a copy of your credit report will be handled in no more than three business days. Each of the three national credit-reporting companies will work with you to verify the information in their respective reports and to delete any fraudulent data. If you file a police report, the process is even quicker. The Consumer Data Industry Association’s national credit reporting company members will voluntarily expedite services for you by immediately deleting fraudulent data without the usual reinvestigation procedure.
The fraud alert will be displayed by each national credit reporting agency to all lenders or other users that access the reports in the future.
2. Report the crime to your local police and sheriff’s departments. Even if the police can’t catch the identity thief, having a police report can help you in clearing up your credit records later on. Get a copy of your police report. You may need to provide a copy of the police report to the creditors.
3. File a complaint with the Federal Trade Commission (FTC) at www.consumer.gov/idtheft or call their toll-free hotline 1-877-IDTHEFT (438-4338).
4. If required, fill out an identity theft affidavit. Banks, credit reporting agencies and other credit grantors may require you to complete an identity theft affidavit or other forms. Ask each bank or agency for its specific requirements.
5. Notify your local Postal Inspector of a fraudulent change of address. Notify your local Postal Inspector if you suspect an identity thief has filed a change of your address with the post office or has used the mail to commit credit or bank fraud. (Call your local Postmaster to obtain the phone number). Find out where fraudulent credit cards were sent. Notify the local Postmaster for that address to forward all mail in your name to your own address.
For more information about identity theft, consult the following resources:
Federal Trade Commission (FTC)
Toll-free hotline 1-877-IDTHEFT (438-4338).