Staying up to date on banking security is challenging. You need to know about the latest scams and security threats. Below you’ll find tips on how to avoid identity theft and fraud, as well as user-friendly information, helpful resources, and links. You can depend on us to keep you informed.
Information about the Equifax Data Breach
Concerned about the Equifax breach? See our FAQ to learn more about the breach and how to protect yourself.
Frequently Asked Questions
I’ve been hearing about the Equifax breach in the news. What happened?
Equifax, one of the three major credit bureaus, experienced a massive data breach. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people.
Was my information stolen?
If you have a credit report, there’s a good chance it was. Go to a special website set up by Equifax to find out: https://www.equifaxsecurity2017.com/. Scroll to the bottom of the page and click on “Potential Impact,” enter some personal information and the site will tell you if you’ve been affected. Be sure you’re on a secure network (not public wi-fi) when you submit sensitive data over the internet.
How can I protect myself?
• Enroll in Equifax’s services. Equifax is offering one year of free credit monitoring and other services, whether or not your information was exposed. You can sign up at https://www.equifaxsecurity2017.com/.
• Monitor your credit reports. In addition, you can order a free copy of your credit report from all three of the credit reporting agencies at annualcreditreport.com. You are entitled to one free report from each of the credit bureaus once per year.
• Monitor your bank accounts. We also encourage you to monitor your financial accounts regularly for fraudulent transactions. Use online and mobile banking to keep a close eye on your accounts.
• Watch out for scams related to the breach. Do not trust e-mails that appear to come from Equifax regarding the breach. Attackers are likely to take advantage of the situation and craft sophisticated phishing e-mails.
Should I place a credit freeze on my files?
Before deciding to place a credit freeze on your accounts, consider your personal situation. If you might be applying for credit soon or think you might need quick credit in an emergency, it might be better to simply place a fraud alert on your files with the three major credit bureaus. A fraud alert puts a red flag on your credit report which requires businesses to take additional steps, such as contacting you by phone before opening a new account.
How do I contact the three major credit bureaus to place a freeze on my files?
Equifax: Call 800-349-9960 or visit its website.
Experian: Call 888-397-3742 or visit its website.
TransUnion: Call 888-909-8872 or visit its website.
Where can I get more information about the Equifax breach?
You can learn more directly from Equifax at https://www.equifaxsecurity2017.com/. You can also learn more by visiting the Federal Trade Commission’s web page on the breach at https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do. To learn more about how to protect yourself after a breach, visit https://www.identitytheft.gov/Info-Lost-or-Stolen.
OCC Reports Fictitious Text Messages and Telephone Calls
Consumers have reported fictitious text messages and telephone calls, allegedly initiated by the Office of the Comptroller of the Currency (OCC) or other government entities, regarding funds purportedly under the control of the OCC. Any communication claiming that the OCC is involved in holding any funds for the benefit of any individual or entity is fraudulent. The OCC does not participate in the transfer of funds for, or on behalf of, individuals, business enterprises, or governmental entities. Consumers have reported receiving communications that the OCC is holding $11,000 on their behalf as a refund for illegal fees charged by their financial institutions. The callers have been identified as both males and females with heavy accents who are using various names, including Alex, Miley, and Deborah Howells. The callers have the personal information of the potential victim including address, date of birth, and Social Security number. The potential victim is asked to confirm this information and to provide his or her bank routing number and account number so that a transfer may be made. The telephone numbers involved in this scam include, but are not limited to, (218) 585-9128, (202) 649-6700, and (202) 649-8580, which are all Google Voice telephone numbers. When dialing these numbers, the potential victims are greeted by the Google Voice recording and required to speak their names. The service then attempts to forward the call to the telephone number associated with the established Google Voice account, where the call will be answered by the scammer. Before responding in any manner to any proposal supposedly issued by the OCC that requests personal account information, or that requires the payment of any fee in connection with the proposal, the OCC recommends that consumers take the following steps:
- Contact the OCC directly to verify the legitimacy of the proposal (1) via e-mail at email@example.com; (2) by mail to the OCC’s Special Supervision Division, 400 7th St. SW, Suite 3E-218, MS 8E-12, Washington, DC 20219; (3) via fax to (571) 293-4925; or (4) by calling the Special Supervision Division at (202) 649-6450.
- Contact state or local law enforcement.
- File a complaint with the Internet Crime Complaint Center if the proposal appears to be fraudulent and was received via e-mail or the Internet.
- File a complaint with the U.S. Postal Inspection Service by telephone at (888) 877-7644; by mail at U.S. Postal Inspection Service, Office of Inspector General, Operations Support Group, 222 S. Riverside Plaza, Suite 1250, Chicago, IL 60606-6100; or via the online complaint form at https://postalinspectors.uspis.gov/forms/MailFraudComplaint.aspx, if the proposal appears to be fraudulent and was delivered through the U.S. Postal Service.
Consumers who have provided bank account information should contact their financial institutions immediately to report the issue and to discuss options to protect their account assets. Consumers who have had their personal information compromised should visit the Federal Trade Commission’s website at www.ftc.gov and follow the guidance for identify theft.
Are you affected by the recent Target hack?
Target has announced that any credit or debit card used in a Target store in the U.S. between November 27 and December 15 may have been compromised. According to the announcement, the stolen information includes the customer’s name, credit or debit card number, and the card’s expiration date and three-digit security code (CVV). In light of this announcement, the Federal Trade Commission has this advice:
- If you recently used your credit or debit card in a Target store, check your account. If you see charges that you don’t recognize, immediately report them to the fraud department of your bank or credit card provider.
- Going forward, continue to monitor your accounts and check that the information on your credit report is accurate. Your credit report includes information about your credit card accounts and other bills you pay. The law requires the three nationwide consumer reporting companies — Equifax, Experian, and TransUnion — to give you a free copy of your credit report every 12 months if you ask for it. To get your report, visit AnnualCreditReport.com or call 1-877-322-8228. You’ll have to provide some personal and financial information to get your report.
For information about identity theft, visit ftc.gov/idtheft.
Reports of Fraudulent Text Messages
We have recently received reports of customers receiving text messages stating their debit card has been locked. The message then instructs the recipient to reply with their card number to have their card unlocked.
This is a scam.
These messages are not from Community National Bank. We do not contact our customers by text message. We will never ask you for your full card number. We have record of your card number and there would be no reason for us to ask. If we detect suspicious activity on your card, we will attempt to contact you to confirm recent transactions by describing the recent transactions to you by date, amount and merchant and asking if you are aware of the transactions. We will also ask questions to confirm who we are talking to, such as the last four digits of your social security number or your date of birth. Never give out your card number to anyone who calls or texts you. If you feel your card number has been compromised, contact the bank immediately. For contact information, click here.
Tips on Protecting your Personal Information on Mobile Devices
Convenience is the driving factor in the rise of mobile banking. It opens the doors to consumer choice and access to banking options. But as mobile devices, like smartphones and tablets, become more popular, hackers are finding savvy ways to steal information. We urge you to be cautious when using mobile devices to do your banking. It’s important to take a common sense approach to mobile banking. Use caution on your phone just like you would a computer. If you’re careful, you can really enjoy mobile banking’s benefits safely and securely. Following are a few tips to protect your information:
Avoid storing sensitive information like passwords and social security numbers on your mobile device.
Password protect your mobile device and lock it when you’re not using it.
Be aware of your surroundings. Don’t type any sensitive information if others around you can see.
Log out completely when you complete a mobile banking session.
Protect your phone from viruses and malware just like you do for your computer by installing mobile security software.
Download the updates for your phone and mobile apps.
Use discretion when downloading apps.
If you change your phone number or lose you mobile device, let your financial institution know right away.
Monitor your accounts regularly and report suspicious activity to your financial institution immediately.
Fraudulent E-mails Claiming to be from the FDIC
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC. The e-mails appear to be sent from various “@fdic.gov” e-mail addresses, such as “firstname.lastname@example.org,” “email@example.com,” or “firstname.lastname@example.org.” They have various subject lines such as “Update for your banking account,” “ACH and Wire transfers disabled,” and “Banking security update.”
The fraudulent messages state:
These e-mails and links are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT install any related files or software updates.
Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact bank customers, nor does the FDIC request bank customers to install software upgrades.
Fraudulent E-mails Claiming to be from the FDIC
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC. The e-mails appear to be sent from various “@fdic.gov” e-mail addresses, such as “email@example.com,” “firstname.lastname@example.org,” or “email@example.com.” They have subject lines that read: “FDIC: Your business account” or “FDIC: About Your Business Account.” The e-mails are addressed to “Business Customer” or “Business Owner” and state “We have important information about your bank” or “…financial institution.” They then ask recipients to “Please click here to find details.” They conclude with, “This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership.”
These e-mails and the link included are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT, under any circumstances, provide any personal financial information through this media.
Financial institutions and consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.
Fraudulent E-mails Claiming to be from NACHA
NACHA – The Electronic Payments Association has received reports that individuals and/or companies are receiving fraudulent emails that have the appearance of having been sent from NACHA. These emails vary in content and appear to be transmitted from email addresses associated with the NACHA domain (@nacha.org). Some bear the name of fictitious NACHA employees and/or departments.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive. Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. Please forward fraudulent emails claiming to be form NACHA to firstname.lastname@example.org. If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software application security patches are installed and current.
Fraudulent E-mails Claiming to be from the FDIC
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that “in cooperation with the Department of Homeland Security, federal, state and local governments” the FDIC has withdrawn deposit insurance from the recipient’s account “due to account activity that violates the Patriot Act.” It further states deposit insurance will remain suspended until identity and account information can be verified using a system called “IDVerify.” If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient’s computer.This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to email@example.com.
Phishing Alert for Internet Banking
In the past few days, there has been an increased number of reported phishing attempts targeting Internet Banking. The phishing has had these tendencies:
- The login process is modified by adding a Web page stating that computer cannot be identified, and that the user is required to enter credit or debit card information to continue.
- The page that requests the user data does appear to originate from our Internet Banking site with the correct URL and certificate information. However, this page is generated by malware installed on the local computer and not from the Internet Banking site. Internet Banking servers remain secure.
- This malware was most likely installed from an opened e-mail attachment or a compromised website viewed on the infected computer of the user that is using Internet Banking.
Community National Bank will not ask you to enter personal or account information during the login process or for any Internet Banking pages where the information requested is not relevant to the transaction. Customers should not enter sensitive data if they are prompted to do so. Also, any system accessing Internet Banking should have anti-virus and anti-malware software installed and the software definitions kept up-to-date. If you should have any questions, please feel free to contact us at (423) 570-0280 or come into any of our locations.
Phishing Alert: Emails claiming to be from EFTPS on the Rise
Security researchers warn that a ZeuS distribution campaign producing emails about failed electronic tax payments has significantly increased. The “from” field in these emails is spoofed to appear as if it is originating from “EFTPS Tax Payment,” and the email tells users that their tax payment submitted through the Electronic Federal Tax Payment System (EFTPS) has failed. The message claims the payment failed with an R21 return reason code, and provides a link to obtain additional information. The malware installed as a result of clicking on the link is commonly used by fraudsters to steal online banking credentials, credit card details, and other sensitive information. If you receive one of these phishing emails, DO NOT CLICK ON THE LINK! The safest rule is to never follow web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software applications security patches are installed and current. Be alert for different variations of fraudulent e-mails.
Fraudulent E-Mails Claiming to be from Community National Bank
We have received notification of an e-mail that gives the appearance of being sent from Community National Bank. The “from” line of the email displays the name “cnb-usa.com support” and the subject line includes “cnb-usa.com account notification”. There is a link in the e-mail that should not be clicked on.
This is a fraudulent e-mail and it was not sent from Community National Bank.
Online Banking, Bill Paying and Shopping:
10 Ways to Protect Your Money
Online banking, bill paying and shopping are conveniences that most people want to enjoy. And most of the time, high-tech transactions are completed quickly and without a glitch. However, just as with other transactions, in a small percentage of cases something goes wrong. That’s why you need to take precautions against theft and errors.In particular, even as banks and merchants tighten up security, Internet thieves devise new, sophisticated ways to trick consumers into sending money or into revealing information that can be used to commit fraud. “Today’s Internet threats wear many different disguises, from fake Web sites to fraudulent text messages on cell phones,” warned Michael Benardo, Chief of the FDIC’s Cyber-Fraud and Financial Crimes Section. “That’s why online consumers need to be aware that they may be targeted and they should always be on guard.”David Nelson, an FDIC fraud specialist, added: “Online fraud is an ongoing game of cat and mouse. Crooks continuously hunt for security holes, banks and merchants plug those holes, and then the criminals find new ones to slink through. But consumers play an important role in keeping crooks at bay by being aware of the potential risks, taking precautions and remaining vigilant.”FDIC Consumer News, which periodically issues guidance to consumers regarding online precautions they can take, offers our latest collection of top tips. Note: Not all financial institutions offer each product or service described here.
1. If you bank online, frequently check your deposit accounts and lines of credit to spot and report errors or fraudulent transactions, just as you should with traditional banking. “Your ability to monitor your accounts online has gotten easier, faster and more convenient now that banking by cell phone is starting to mature alongside banking online,” said Michael Jackson, Associate Director of the FDIC’s Technology Supervision Branch. “This is important, because the sooner you can detect a problem with a transaction, the easier it should be to fix.”Nelson suggested checking your accounts online about once or twice a week, but he also noted that “more and more banks are making it easier for their customers to keep an eye on their accounts electronically. For example, many banks offer e-mail or text message alerts when your balance falls below a certain level or when there is a transaction over a certain amount.”Federal laws generally limit your liability for unauthorized electronic funds transfers, especially if you report the problem to your financial institution within specified time periods, which will vary depending on the circumstances. A good rule of thumb is to check your statements promptly and report unauthorized transactions to your bank as soon as possible.
2. Never give your Social Security number, credit or debit card numbers, personal identification numbers (PINs) or any other confidential information in response to an unsolicited e-mail, text message or phone call, no matter who the source supposedly is. Chances are an “urgent” e-mail or phone call appearing to be from a government agency (such as the IRS or the FDIC), a bank, merchant or other well-known organization may be a scam attempting to trick consumers into divulging personal and account information. It’s called “phishing,” a high-tech variation of the concept of “fishing” for personal information.Also watch out for phishing scams that involve bogus text messages sent to cell phones claiming that a bank account has been “blocked” and the recipient must call a certain number to fix the problem. If you make that call, you likely will be asked to enter your account number and PIN. The criminals can use this information to make counterfeit debit cards and drain your account.”Real bankers and government officials don’t contact people asking for this kind of information,” said Benardo. “Your bank will already have your account numbers and only you should know your log-in credentials, and a government agency won’t have a need for this information.”
3. Don’t open attachments or click on links in unsolicited e-mails from anyone you don’t know or you otherwise aren’t sure about. Sometimes these attachments or links can infect your computer with “spyware” that can change your security settings and record your keystrokes. “Spyware can secretly steal your passwords, bank or credit card numbers, and your answers to security questions like your mother’s maiden name or your high school,” Benardo advised. “Online thieves can use this information to log into your account, make changes and transfer money, leaving your bank account empty.”In one recent example, criminals sent out fake IRS e-mails warning recipients that they were being investigated for unreported income and asking them to click on an attachment for more information. The file launched a program that allowed hackers to install spyware and other unwanted programs on personal computers (PCs) to access bank accounts.
4. Watch out for sudden pop-up windows asking for personal information or warning of a virus. This is called “scareware” because it frightens people into providing information, downloading malicious software or paying for removal. If you get an e-mail or pop-up window saying your computer has a virus and it offers a program to clean your PC and the warning window won’t go away, your first step is to use the computer’s “task manager” function and click “end task” or “force quit” to shut down the pop-up window. Scareware can be a nuisance to clean off your computer, so call your anti-virus software company if you need help.
5. Use a mix of security tools and procedures. “Staying safe online is like protecting your home with lighting, locks, alarms and fire extinguishers,” explained Nelson. “You can’t rely on just one layer of defense to protect you from all online threats.”
At the top of the list of security tools to use, and keep updated, are anti-virus software to detect and block spyware and other malicious attacks, and a “firewall” to stop hackers from accessing your computer. Even if your computer seems fine, Nelson said, schedule an automatic anti-virus scan to run at least once a week but preferably every day. Call or e-mail your anti-virus vendor right away if you get a warning message and you don’t know what to do next.
Also consider these extra precautions as you use the Internet:
Don’t log into your bank account while using public computers, such as at a library, or free wireless connections at coffee shops and similar places. Criminals often try to intercept Internet traffic, including passwords, from these locations.
Pay attention to the toolbars at the top of your screen. Current versions of the most popular Internet browsers and search engines often will indicate if you are visiting a suspicious Web site.
Choose “strong” user IDs and passwords that will be easy for you to remember but hard for hackers to guess. The strongest ones have a combination of letters, numbers and other characters, and are at least 10 characters long. For your online banking, choose IDs and passwords that are not the same as those you use for e-mails or social networking sites, just in case they get into the wrong hands. Also change your online banking password about every 90 days. And if you remove a computer virus from your PC, immediately change your password.
Have each person in your household bank and shop online and send e-mail through his or her own “standard user account.” Not conducting these online activities through the computer’s “administrator account” (the one that makes changes affecting all users) reduces the likelihood that a hacker can install unwanted programs on your PC. Limit the use of the administrator account to special tasks needed for your computer, such as adding or removing software and installing updates to your operating system.
Consider using a separate computer solely for online banking or shopping. A growing number of people are purchasing basic PCs and using them only for banking online and not Web browsing, e-mailing, social networking, playing games or other activities that increase the chances of downloading malicious software. You can also consider using an old PC for this limited purpose, but you should uninstall any software you no longer need and follow up with a scan of the entire PC to check for malicious software.
Only use security products from reputable companies. Nelson said one way to check out these products is by reading reviews from computer and consumer publications. “Look for a product that has high ratings for detecting problems and for providing tech support if your computer becomes infected,” he said.
Kathryn Weatherby, a fraud specialist at the FDIC, also cautioned that banks normally don’t ask their customers to download software updates. “If you get an unsolicited request to update your banking software,” she said, “independently verify it by calling your bank using a phone number from your bank statement, not the phone number that appears in the request, which could connect you to a scam operation instead of your bank.”
6. Beware of check scams. With unemployment high, con artists are preying on people who need cash. One common check scam involves attractive offers, usually originating in e-mails or online job postings, involving part-time work from home. As the new “employee,” you will be sent a check to deposit (which will be counterfeit) and told to forward cash from your own account (to the crooks). Another scam involves “mystery shopper” programs where the new hire is given fake money orders or checks and asked to wire funds to the criminals. And unlike electronic transfers that are covered by consumer protection laws, fraudulent check scams often leave consumers suffering the loss.
7. When shopping online, deal with reputable merchants and be wary of unbelievably low prices. “There is no guaranteed way to ensure that an online merchant you’re unfamiliar with is reputable, but there are ways to avoid doing business with an unreliable one,” cautioned Jeff Kopchik, an FDIC Senior Policy Analyst specializing in technology matters.First, he said, ask your friends and family if they’ve had good experiences with a merchant you’re considering using. “If people you know have used and can recommend an online merchant, that’s a strong indicator,” he added. Second, you may already know and like some online merchants from their retail outlets, mail order catalogues or other services. They are likely to be a safer bet than an unfamiliar merchant that doesn’t list a physical address or a phone number on its Web site.If you are uncertain about an online merchant, check with the Better Business Bureau Online at the following website www.bbbonline.com. You can also search online for complaints about the business. Similarly, if you have a problem with an online merchant, file a report with the Better Business Bureau. The Bureau will notify the merchant about your concern and ask you if the issue was resolved. A legitimate merchant will attempt to fix the problem, while a crooked company may have many unresolved issues.
8. Using a credit card generally offers more purchase protection than a debit card or other electronic forms of online payment. “Unlike paying with a debit card and the money being immediately transferred out of your account, with a credit card you generally have weeks to pay your bill,” Kopchik said. “So if the merchant does not deliver as promised, you have time to dispute the transaction and even enlist the help of your credit card company.” He also noted that federal law gives you certain rights, in areas such as dispute resolution, when buying with a credit card.However, watch your budget when using your credit card to shop online. Kopchik said studies have shown that people spend more when they use a credit card instead of cash, a gift card or a debit card.
9. Be on guard against scams hiding behind online coupon offers. Web sites for legitimate coupons will only ask consumers to provide an e-mail address in order to use their service to search for online specials and discounts. Beware of any coupon site that asks for personal, financial or payment information, which can be misused by criminals.
10. Be careful if you download banking software onto a cell phone. Many cell phones called “smart phones” allow consumers to add computer-like features ranging from video games to “mobile” banking. But cell phone users need to be aware of an emerging threat from criminals selling malicious software for mobile banking, some even falsely displaying bank logos. “These applications may contain spyware, and downloading them could be giving a hacker access to your bank account or payment card information,” reported Nelson.His advice? “Only download mobile banking applications from a safe site, such as your wireless provider, phone manufacturer or your bank.” When in doubt, he added, “contact your bank before downloading any banking applications to your cell phone.”