Online Security Tips

Getting Your Credit Report

The Fair Credit Reporting Act (FCRA) requires each of the major nationwide consumer reporting companies – Equifax, Experian, and TransUnion-to provide you with a free copy of your credit report, at your request, once every 12 months.  The three nationwide consumer reporting companies have established a central website and a toll-free telephone number through which you can order your free annual report. They have requested you do not contact them directly as they will not be able to process your request.

Website: www.annualcreditreport.com

Toll-free number: 1-877-322-8228

What Is Identity Theft?

Identity theft occurs when someone steals your personal information, without your permission to commit fraud or other crimes. A few examples of why identity thieves want your personal information include:

• To open a bank account in your name and write bad checks on that account.
• To open a new credit card account, using your name, date of birth, and Social Security number. The imposter then runs up charges on your account and doesn’t pay the bills, the delinquent account is reported on your credit report and creditors hold you liable for payment.
• To call your financial institution pretending to be you and change the mailing address on your account. Statements are diverted and the thief orders new checks.
• To give your name to the police during an arrest. If they don’t show up for their court date, a warrant for arrest is issued in your name.

Identity theft is a serious crime. People whose identities have been stolen can spend lots of time and money cleaning up the mess the thieves have made of their good name and credit record.

WHAT YOU CAN DO ABOUT PHISHING SCHEMES

Phishing uses spam (unsolicited email) to bait consumers into disclosing personal information usually through creating a web site that imitates the look of a legitimate web site. The consumer then submits their personal information to the imposter, who then uses the information to commit identity theft. The Department of Justice recommends following three simple rules when you see emails or web sites that may be part of a phishing scheme: Stop, Look, and Call.

1. Stop. Phishers typically include upsetting or exciting (but false) statements in their emails with one purpose in mind. They want people to react immediately to that false information, by clicking on the link and inputting the requested data before they take time to think through what they are doing. Resist that impulse to click immediately. No matter how upsetting or exciting the statements in the email may be, there is always enough time to check out the information more closely.
2. Look. Look more closely at the claims made in the email, think about whether those claims make sense, and be highly suspicious if the email asks for numerous items of your personal information such as account numbers, usernames, or passwords. For example: If the email indicates that it comes from a bank or other financial institution where you have a bank or credit card account, but tells you that you have to enter your account information again, that makes no sense. Legitimate banks and financial institutions already have their customers’ account numbers in their records. Even if the email says a customer’s account is being terminated, the real bank or financial institution will still have that customer’s account number and identifying information. If the email says that you have won a prize or are entitled to receive some special “deal,” but asks for financial or personal data, there is good reason to be highly suspicious. Legitimate companies that want to give you a real prize don’t ask you for extensive amounts of personal and financial information before you’re entitled to receive it.
3. Call. If the email or Web site purports to be from a legitimate company or financial institution, call or e-mail that company directly and ask whether the email or web site is really from that company. To be sure that you are contacting the real company or institution where you have accounts, credit card account holders can call the toll-free customer numbers on the backs of your cards, and bank customers can call the telephone numbers on your bank statements.

Following are several web sites that provide more information about Internet security:

• Federal Trade Commission
• Microsoft
• Federal Deposit Insurance Corporation
• Anti-phishing.org

HOW TO RECOGNIZE FRAUDULENT EMAIL

Be wary of any seemingly legitimate email request for account information, such as asking you to verify or reconfirm confidential personal information: your account number, Social Security number, passwords, or other sensitive information.

It’s hard to detect a fraudulent email, because the email address of the sender often seems genuine (such as support@yourbank.com), as do the design and graphics. But there are clear signs to be aware of. For example, fraudulent emails try to extract personal information from you in one of two ways:

• By luring you into providing it on the spot (e.g., by replying to the email), or
• Including links to a web site that tries to get you to disclose personal data

Like the e-mail, a fraudulent web site is designed to trick you into believing it belongs to a company you know by using its brands as domain names and/or its graphics. The ultimate goal of this fraud is to use your information to gain unauthorized access to your bank or financial accounts or to engage in other illegal acts.

Do not reply to any email requesting your personal information, or one that sends you personal information and asks you to update or confirm it. If you receive an email you are suspicious of, contact the company through an address or telephone number you know to be genuine. First Community Bank of Hillsboro will never send you an email that requests your account information or asks you to verify a statement.

If you suspect you have provided confidential account or personal information to a fraudulent web site, change your password immediately, monitor your account activity frequently and report any suspicious activity to the company.

Below are links to government websites and resources concerning online identity theft and steps you can take to protect yourself online.

• FDIC
• Federal Trade Commission – Identity Theft Resources
• IRS Identity Theft Resources
• OnGuardOnline.gov
• US Department of Justice

OCC CONSUMER ADVISORY ON AVOIDING CASHIER’S CHECK FRAUD

Many consumers have become victims of scams involving a fraudulent cashier’s check. A cashier’s check is a check that is issued by a bank, and sold to its customer or another purchaser, that is a direct obligation of the bank. Cashier’s checks are viewed as relatively risk-free instruments and, therefore, are often used as a trusted form of payment to consumers for goods and services.

However, cashier’s checks lately have become an attractive vehicle for fraud when used for payments to consumers. Although the amount of a cashier’s check quickly becomes “available” for withdrawal by the consumer after the consumer deposits the check, these funds do not belong to the consumer if the check proves to be fraudulent. It may take weeks to discover that a cashier’s check is fraudulent. In the meantime, the consumer may have irrevocably wired the funds to a scam artist or otherwise used the funds – only to find out later, when the fraud is detected – that the consumer owes the bank the full amount of the cashier’s check that had been deposited.

COMMON SCAMS

Each scam involving a fraudulent cashier’s check may be different, but some of the more common scenarios are:

• Selling goods – You sell goods in the marketplace – for example, over the Internet. A buyer sends you a cashier’s check for the price that you have agreed on, and you ship the goods to the buyer. The cashier’s check turns out to be fraudulent.
• Excess of purchase price –This scenario is similar to the one described above. However, the buyer sends you a cashier’s check for more than the purchase price and asks you to wire some or all of the excess to a third party, often in a foreign country. The buyer may explain that this procedure allows the buyer to satisfy its obligations to you and the third party with a single check. The cashier’s check turns out to be fraudulent.
• Unexpected windfall – You receive a letter informing you that you have the right to receive a substantial sum of money. For example, the letter may state that you have won a foreign lottery or are the beneficiary of someone’s estate. The letter will state that you have to pay a processing/transfer tax or fee before you receive the money, but a cashier’s check will be enclosed to cover that fee. The letter will ask you to deposit the cashier’s check into your account and wire the fee to a third party, often in a foreign country. The cashier’s check turns out to be fraudulent.
• Mystery shopping – You receive a letter informing you that you have been chosen to act as a mystery shopper. The letter includes a cashier’s check, and you are told to deposit the check into your account. You are told to use a portion of the funds to purchase merchandise at designated stores, transfer a portion of the funds to a third party using a designated wire service company, and keep the remainder. The cashier’s check turns out to be fraudulent.

Scams also may involve other types of checks. For example, the fraudulent check may appear to be written on the account of a real person or company or be written on an account that contains insufficient funds to cover the check. Other scams involve fraudulent postal service money orders or fraudulent money orders that appear to have been issued by a bank.

The result of these scams is that the fraudulent check will be returned unpaid. The bank will then deduct the amount of the check from your account or otherwise seek repayment from you, and you will lose either the goods that you sold, the money that you sent to the third party, or both.

What is a fraudulent cashier’s check?
A cashier’s check is a check issued by a bank and payable to a specific person. Because a cashier’s check is issued by a bank, itself, the cashier’s check is paid by funds of the bank and not the depositor. Therefore, if an item is genuine, there is very little risk that the instrument will be returned.

Sometimes, however, a cashier’s check is not genuine, and, if you unknowingly accept a fraudulent cashier’s check in exchange for goods or services, you will likely be the one who suffers the financial loss.

How can you tell if a cashier’s check is fraudulent?
It can be very difficult for either you or your bank to tell. When you deposit a check into your account, your bank generally is required by law to make the funds available within a specific period of time (usually, one business day for a cashier’s check or other official instrument).This is true even if the check has not yet cleared through the banking system. Therefore, even if the funds have been made available in your account, you cannot be certain that the check has cleared or is “good.”

Your bank also may not be able to determine that the check is fraudulent when you deposit it. Rather, your bank may learn of the problem only when the check is returned unpaid by the other bank – which may take a couple weeks or more. Scammers try to make the item look genuine, which will delay discovery of the fraud. Once the item has been returned unpaid, your bank, generally, will be able to reverse the deposit to your account and collect the amount of the deposit from you.

What are your rights?
If you find yourself in this situation, you ordinarily would have a remedy against the person who wrote the check. However, you will have great difficulty pursuing any remedy against these scammers, especially if they reside in a foreign country or have disguised their identities.

Tips for Avoiding Cashier’s Check Fraud

• Try to know the people with whom you do business. When possible, verify information about the buyer from an independent third party such as a telephone directory. Be cautious about accepting checks – even a cashier’s check – from people that you do not know, especially since it may be difficult to pursue a remedy if the transaction goes wrong.
• When you use the Internet to sell goods or services, consider other options such as escrow services or online payment systems rather than payment by a cashier’s check.
• If you do accept a cashier’s check for payment, never accept a check for more than your selling price if you are expected to pay the excess to someone else. Ask yourself why the buyer would be willing to trust you, who may be a perfect stranger, with funds that properly belong to a third party.
• A cashier’s check is less risky than other types of checks only if  the item is genuine. If you can, ask for a cashier’s check drawn on a bank with a branch in your area.
• If you want to find out whether a check is genuine, call or visit the bank on which the check is written. That bank will be in a better position to tell you whether the check is one they issued and is genuine.
• Know the difference between funds being available for withdrawal from your account and a check having finally cleared. Your bank may be required by law to make funds available to you even if the check has not yet cleared. However, it could take several weeks to know if the check will clear or not.

If you have become victimized by a fraudulent check scam, please follow these guidelines:

Anytime a scam involves a cashier’s check, official check, or money order from a bank, and you believe that it could be counterfeit; you should contact the issuing bank directly to report receipt of the check and to verify authenticity. When contacting the bank, do not use the telephone number provided on the instrument, as this number is probably not associated with the bank, but rather with the scam artist.

To locate a bank’s mailing address, you can check the FDIC’s Web site at:
http://research.fdic.gov/bankfind/

In addition to contacting the appropriate banks, there are others whom you also should notify if you receive a counterfeit item. They include:

• Scams, generally – Federal Trade Commission (FTC): by telephone at 1-877-FTC-HELP or file an electronic complaint via their Internet site at www.ftc.gov.
• Internet-based scams – Federal Bureau of Investigation (FBI) Internet Fraud Complaint Center: www.ic3.gov.
• Mail-based scams – U.S. Postal Inspector Service: by telephone at 1-888-877-7644, by mail at U.S. Postal Inspection Service, Office of Inspector General, Operations Support Group, 222 S. Riverside Plaza, Suite 1250, Chicago, IL 60606-6100 or via e-mail at https://postalinspectors.uspis.gov/contactUs/filecomplaint.aspx.

Ensuring your devices are updated and patched is extremely important and is a simple step to help you stay safe online.

Software updates not only improve how your device runs – they also fix or remove bugs, patch security vulnerabilities that are exploitable by hackers, and add new and improved features.

By regularly updating and patching your devices, you can help keep your personal information safe and out of the wrong hands.

Personally Identifiable Information (PII) refers to any information that can be used to identify, locate, or contact an individual. This includes, but is not limited to – your name, Social Security number, date of birth, address and phone number.

It is important to be mindful of where you might use, or share, your PII. Be careful not to include any identifying information in your passwords, PIN numbers or passcodes.

We also recommend considering what you post online as social media is a huge source for cybercriminals to gain your private information. Look over the privacy settings of your social media accounts and enable multi-factor authentication when possible.