Security

Caller ID Spoofing Creates Appearance that Your Bank is Calling


It is important to remember that La Porte Savings Bank will never call and ask you for your personal banking information, account numbers, or password or personal identification number (PIN) information. If someone calls asking for this information, immediately hang up and call the La Porte Savings Bank main number at (219) 362-7511 or (866) 362-7511. Ask for the Operations Department to report this fraud.


At times it can even appear, due to caller ID spoofing, that the call is from someone other than the scam artist. Caller ID Spoofing involves technology that allows someone to alter the name and phone information that appears on others' Caller ID boxes. Originally the technology was invented to allow employees to make calls from home while displaying their company phone number. However, scam artists have found the technology to be a great tool to trick consumers by masking their real number so that when they successfully scam someone out of their money or personal information, it will be much more difficult for law enforcement to track them.


Never provide personal information via the phone unless you initiated the call due to being in need of service from your financial institution.


Can You Spot A Government Imposter?


Your caller ID says "FTC" or "IRS," and the phone number has the "202" Washington, DC area code. You might even look the number up and see that it's a real government phone number.


But the person calling isn't really from the FTC, IRS, or any other agency. It's a government imposter whose goal is to convince you to send money before you figure out it's a scam. The big giveaway? The caller wants you to send money.


What imposters might tell you

A lot of imposters pretend they're with the government to scare you into sending money. They say you owe taxes or some other unpaid debt, and, hoping you'll panic, warn that you're about to be arrested if you don't pay up. Before you can investigate, you're told to put the money on a prepaid debit card and tell them the number -- something no government agency would ask you to do.


Other scammers promise you money -- a big prize you need to claim. They say the FTC or some other agency is supervising the sweepstakes, and that the money will be released as soon as you pay for the shipping, taxes, or some other expense. But it's all a fake. There is no prize and no money.


What you should know

  • Federal government agencies and employees don't ask people to send money for prizes or unpaid loans. The FTC doesn't supervise sweepstakes, and when the IRS contacts people about unpaid taxes, they usually do it by postal mail, not by phone.
  • Federal government agencies and employees also don't ask people to wire money or use a prepaid debit card to pay for anything. Prepaid cards and money transfers are like sending cash -- once it's gone, you can't get it back.
  • You can't rely on caller ID. Scammers know how to rig it to show you the wrong information (aka "spoofing"). Scammers might have personal information about you before they call, so don't take that as a sign they're the real thing. If you're not sure whether you're dealing with the government, look up the official number of the agency. That way you know who you're talking to.

Who you can tell

  • You can file a complaint with the FTC at ftc.gov/complaint under "Other" and then "Imposter Scams." If it involves the IRS, add "IRS Telephone Scam" in the notes.
  • IRS imposter scams also can be reported to the Treasury Inspector General for Tax Administration (TIGTA) online or at 800-366- 4484. If you think you owe federal taxes, call the IRS at 800-829-1040 or go to irs.gov.

Amy Hebert, Consumer Education Specialist


Federal Trade Commission (FTC)


August 27, 2014


Online Security Precautions

Federal financial regulators are reporting that Internet threats have changed significantly over the past several years. Sophisticated hacking techniques and growing organized cyber-criminal groups are increasingly targeting financial institutions, compromising security controls, and engaging in online account takeovers and fraudulent electronic funds transfers.

In order to help ensure the security of your online transactions, we want you to know that:

  • We will never email, call or otherwise ask you for your user name, password or other electronic banking credentials
  • You can help protect yourself by implementing alternative risk control processes like:
  • Making sure you choose an adequate user name and password that, at a minimum, mixes in small case letters, upper case letters and numbers
  • Periodically changing your password (e.g., at least every 90 days)
  • Safeguarding your user name and password information
  • Making sure you have a firewall in place when conducting your financial transactions
  • Logging off the system when you're done conducting business (don't just close the page or "X" out of the system)
  • Monitoring your account activity on a regular basis

In addition, we may require owners of commercial accounts to perform their own risk assessments and controls evaluations. For example:

  • Make a list of the risks related to online transactions that your business faces including Conducting Your Transactions Online
  • Passwords being written down and left out in the open
  • The use of old or inadequate passwords
  • The possibility of internal fraud or theft
  • Delays in terminating the rights of former employees
  • The lack of dual control or other checks and balances over individual
  • Access to online transaction capabilities
  • An evaluation of controls your business uses may include
  • Using password protected software to house passwords in
  • Conducting employee background checks
  • Initiating a policy and process to terminate access for former employees
  • Segregating duties among two or more people so no one person has too much access or control
  • Conducting internal or third party audits of controls
  • Using firewalls to protect from outside intrusion or hackers

Federal regulations provide consumers with some protections for electronic fund transfers. These regulations generally apply to accounts with Internet access. For example, these federal laws establish limits on a consumer's liability for unauthorized electronic fund transfers. They also provide specific steps you need to take to help resolve an error with your account. Note, however, that in order to take advantage of these protections, you must act in a timely manner. Make sure you notify us immediately if you believe your access information has been stolen or compromised. Also, review your account activity and periodic statements and promptly report any errors or unauthorized transactions. See the Electronic Fund Transfer disclosures that were provided at account opening for more information on these types of protections. These disclosures are also available online (or ask us and we will gladly provide you with a copy).

If you become aware of suspicious account activity, you should immediately contact our fraud department at (866) 362-7511.

If this involves suspicious debit card activity, please visit our Lost and Stolen Card page.


Consumer Tips


Protecting Against Data Breaches

The possibility of the average consumer becoming a victim of a data breach grows with each new advancement in electronics. A data breach occurs when sensitive or confidential information--driver's license numbers, medical records, Social Security numbers, bank or credit card account numbers--is stolen, copied or used by an unauthorized person.

In 2004, only one state required businesses to alert consumers if their personal data had been stolen. Since then, legislation has passed in 45 additional states, including Indiana, to ensure that affected consumers are contacted should their personal information be lost or stolen.

While news spreads quickly when there is a major breach affecting millions of accounts, large companies are not the only ones that suffer from such thefts. Smaller companies can be compromised by an employee, a partner or an external computer hacker.

Prevention

Consumers can take the following steps to protect against a personal data breach:

  • Review credit card and bank statements for fraudulent charges at least once a month. If there is a suspicious charge, contact your financial institution.
  • Request that your financial institution close any accounts that you suspect were compromised, and ask for replacement cards with new account numbers and PINs.
  • Determine if there have been unusual requests, such as change-of-address or attempts to secure additional or replacement credit cards.
  • Instruct the card issuer not to honor any requests regarding your card without your written authorization.
  • Credit card issuers offer a variety of e-mail and/or text notices. You can ask for a notice when charges over a certain amount are made, or when your balance reaches a certain level.

Follow Up

If you have been the victim of identity theft, contact the three credit reporting agencies--Equifax, Experian and TransUnion--to place a security freeze on your account:

Report the identity theft to the police, as you may need to provide a copy of the police report to your bank, creditors and credit reporting agencies. If the local police are not familiar with investigating information compromises, contact the local office of the FBI or the U.S. Secret Service.

To ensure that an identity thief has not opened a new account in your name, you should review your credit report. To obtain a free copy of the report, go to AnnualCreditReport.com. If there are any accounts on your report that you did not open, contact the credit bureau to report the fraud and dispute the charges.

This information is provided with the understanding that the Association is not engaged in rendering specific legal, accounting or other professional services. If specific expert assistance is required, the services of a professional should be sought. Provided as a public service by the Indiana Bankers Association.

Security Tips for Online Bill Payment

When it comes to paying your monthly bills, you have three main options. You can (1) pay in person with cash or a check; (2) mail in a check using traditional mail; or (3) pay your bills online using some form of electronic bill payment and presentment through a low-cost credit card processing provider. When considering these choices, it is important to understand the risks associated with each, and the ways to reduce those risks.

For most people, the first option of paying bills in person is unrealistic, due to the time and effort involved. That leaves two remaining options-paying either by check or online.

Paying through traditional mail may seem attractive, but this option carries a higher risk of identity theft. Identity thieves can access mail to collect information from account statements or bills. Worse yet, mailed checks can be stolen or altered. To reduce this risk, do not leave outgoing mail with checks in an unsecured location.

Paying bills online also involves risks, but many are preventable. Generally speaking, there are two ways to pay your bills online: through a Web bill pay function that is included with an Internet banking product provided by your bank, or by logging in to a biller's website and using a credit or debit card. Regardless, the following six tips can help protect personal information while using online technology:

  • Do not use a public computer. If you are using a computer that others have access to, thieves can easily install a key (logger software) that can collect your user ID, PIN numbers or credit/debit card information.
  • Do not use a public Wi-Fi network. All it takes is a moderately tech-savvy criminal and a low-cost scanner, and your information can be plucked out of thin air. Note to travelers: Be aware that hotel Wi-Fi networks are not secure.
  • Keep your browser up-to-date. No matter what browser you are using, make sure you keep it updated. If you are not updating your browser, your security could be compromised. When those pesky boxes pop up telling you to update your browser, take the time to do it. Also look for a secure connection, as evidenced by a secure padlock located in the address bar or in the bottom right-hand corner of your browser - this symbol indicates that your information is encrypted. Last, make sure that any page you use to pay bills online has "http" in the URL (address), signifying a secure connection.
  • Use anti-virus/anti-malware. If you use your own personal computer to access the Internet, you need to have anti-virus and anti-malware software running and current.
  • Passwords, passwords, passwords! Don't even think about using "1234" or "abcd" as your password. Take the responsibility to secure your information with a strong password. It is very important to change your password on a regular basis. A strong password should contain uppercase and lowercase alpha characters (but no words or names) and numeric characters, and be at least eight characters long. Use a special character as well, if the site allows one. If you are having problems managing your passwords, consider using password management tools, such as KeePass Password Safe.
  • Don't click on links. Either bookmark the website in your browser, or type in the website address. Do not click on a link provided by your bank or a biller in an email. These links can lead you to fake websites that attempt to capture your information when you log in using your ID and password.

By following these six security tips, online bill payment is not only cost-effective and convenient, but also reliable and secure.

This article is not intended as legal advice with the understanding that the Association is not engaged in rendering specific legal, accounting or other professional services. If specific expert assistance is required, the services of a professional should be sought. Provided as a public service by the Indiana Bankers Association.