Security & Identity Theft
Identity theft occurs when someone illegally obtains your personal identification information, such as your Social Security Number, Credit Card Number, Bank Account Number, or other identification, without your permission, and uses it to open accounts or initiate transactions in your name.
Types of Fraud
Malware
“Malware” is short for “malicious software” – computer programs designed to infiltrate and damage computers without the user’s consent. “Malware” is the general term covering all the different types of threats to your computer safety such as viruses, spyware, worms, trojans, rootkits and so on.
• A computer virus is a type of malicious software that, when executed, replicates itself by modifying other computer programs and inserting its own code. When this replication succeeds, the affected areas are then said to be “infected” with a computer virus.
• Spyware is software that aims to gather information about a person or organization, sometimes without their knowledge, that may send such information to another entity without the consumer’s consent, that asserts control over a device without the consumer’s knowledge, or it may send such information to another entity with the consumer’s consent, through cookies.
• A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program.
• A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users’ systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems.
• A rootkit is a software program designed to provide a user with administrator access to a computer without being detected. Rootkits are considered one of the most serious types of malware since they may be used to gain unauthorized access to remote systems and perform malicious operations. … The name “rootkit” includes the word “root,” because the goal of a rootkit is to gain root access to a computer.
ATM Skimming Devices
ATM skimming is like identity theft for debit cards: Thieves use hidden electronics to steal the personal information stored on your card and record your PIN number to access all that hard-earned cash in your account.
Fraudulent, or Scam Website
It’s good to be cautious, and it’s absolutely vital to check that a website is safe before sharing any personal information (e.g., credit card numbers, passwords, addresses, etc.).
• Ensure that the contact information is valid.
• Look out for spelling or grammatical mistakes.
• Double-check the web address to make sure it is the original.
• Ensure that the website is secure.
Pharming
Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent. Pharming has been called “phishing without a lure.”
Phishing
Phishing is the act of fooling a computer user into submitting personal information by creating a counterfeit website that looks like a real (and trusted) site. It is a hacker technique of “fishing” for passwords and other secret financial info.
Vishing
Vishing is the telephone equivalent of phishing. It is described as the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be a legitimate business, and fools the victim into thinking he or she will profit.
SMiShing
Smishing is a combination of the terms “SMS” and “phishing.” It is similar to phishing, but refers to fraudulent messages sent over SMS (text messaging) rather than email. The goal of smishing is to capture people’s personal information. Much like a phishing, a smishing message appears to be from a legitimate source, asking for personal or financial information by requesting you visit a website or call a phone number.
Spoofing
Spoofing is, generally, the act of one person pretending to be someone else, usually in an effort to scam someone or otherwise commit either fraudulent or fairly malicious acts.
• URL spoofing is when scammers set up a fraudulent website to obtain information from victims or to install viruses on their computers. For instance, targets might be directed to a site that looks like it’s from their credit card company and be asked to log in.
• Man In The Middle. Man In The Middle Definition: The term “Man In The Middle” (MiTM) refers to a network layer attack vector used to capture credentials, session tokens and other sensitive information that an attacker could leverage to gain unauthorized access to systems and data. The underlying concept of a man in the middle attack is quite simple.
Fraud Prevention Tips
Debit/Credit Card Prevention Tips
• Sign all new debit / credit cards immediately.
• Don’t write your PIN (Personal Identification Number) down and keep it in the same area where you keep your card.
• Don’t tell anyone your PIN.
• Check the activity on your account and report any unusual immediately.
• When entering your PIN at an ATM or for a point of sale transaction, cover the key pad with your hand to prevention anyone from obtaining your PIN number.
Phone Prevention Tips
• Don’t believe your caller ID. Technology makes it easy for scammers to fake caller ID information, so the name and number you see aren’t always real. If someone calls asking for money or personal information, hang up. If you think the caller might be telling the truth, call back to a number you know is genuine.
• Hang up on robocalls. If you answer the phone and hear a recorded sales pitch, hang up and report it to the FTC. These calls are illegal, and often the products are bogus. Don’t press 1 to speak to a person or to be taken off the list. That could lead to more calls.
• Scammers often pretend to be someone you trust, like a government official, a family member, a charity, or a company you do business with. Don’t send money or give out personal information in response to an unexpected request.
Internet Prevention Tips
• When asked if you want to store passwords, access credentials, debit/credit card numbers or other sensitive information on your computer, just click “Do not allow” or “Never”.
• Always log out of websites in which you access with a user ID and password.
• Log off or shut down your computer when it is not in use.
• Enable the “lock” feature to prevent unauthorized users accessing your computer.
• Use strong passwords or password phrases and change your passwords regularly.
• Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
• Be cautious accessing public WIFI’s.
• Do not access your personal financial information using public computers.
Email Prevention Tips
• Never click on links in an email. It’s safer to go to the internet and type the website you want to access.
• Do not cut and paste a link from an e-mail or pop-up message that asks you for personal information into your web browser; Links can look like they go one place, but they can actually send you to a different site.
• Don’t open attachments that you are not expecting, even when it looks like it was sent from someone you know. These files can contain viruses or other software that can weaken your computer’s security.
• Be aware of emails that contain misspelled words and/or poor grammar – Just delete them.
• Do not reply to an e-mail or pop-up message that asks you for personal financial information.
• Be aware of Phishing e-mail fraud in which the perpetrator sends out legitimate-looking e-mails in an attempt to gather personal and financial information from recipients or to direct recipients to a fraudulent website. These e-mails can look very convincing.
• Some scam e-mails appear to be from a legitimate business and ask you to call a phone number to update your account or access a “refund.” Call the number on your financial statement, company website, phone book, or on the back of your debit / credit card if you need to reach an organization you do business with.
• Do not e-mail personal or financial information.
Reporting Scams or Identity Theft
If you think you’ve been a victim of identity theft, Washington Savings Bank customers should contact us immediately at 800-836-7173. We will secure your Washington Savings Bank accounts and help with an identity theft toolkit for other financial relationships.
To report fraud to the Credit Bureau, call:
- Equifax Credit Bureau: 800-685-1111 – www.equifax.com/home/en_us
- Experian Credit Bureau: 888-397-3742 – www.experian.com
- Trans Union Credit Bureau: 800-916-8800 – www.transunion.com
Additional Information
For more information on Identify Theft and other account fraud, visit the following websites:
Washington Savings Bank Notice
Washington Savings Bank uses a third party Fraud Detection Service to help safeguard your account. You may receive a call from this service asking you to confirm certain transactions on your account that appear to be out of your normal activity. They will never request any confidential information such as account number, social security number or PIN number. If you have any questions about this service please call our office at 217-347-7173.
Never give out and any personal information unless you have originated a voice or in-person conversation and we are requesting this information for identification reasons. Never give out your PIN number or password to anyone, including Washington Savings Bank staff. Emails from legitimate sources such as a bank or the FDIC can be faked!
When entering our website only enter directly through your browser at www.washingtonsavings.net. Never allow another website such as a search engine or other website or bookmark to transfer you to our website. Websites can be faked if not entered directly!