RECOGNIZING FRAUD & TAKING STEPS TO SAFEGUARD YOUR INFORMATION
CUSTOMER RESPONSIBILITIES AND BANK RECOMMENDATIONS
You agree to immediately change your passcode if you suspect that your Passcode has been compromised. This can be done at any time from the “User Services” menu after you log on to the Internet Banking Service.
Neither this Institution nor its Service Providers will contact you by telephone, email or text messaging requesting personal information, such as your Access ID, Passcode, credit card number, ATM Card Number or ATM PIN. If you are contacted by anyone requesting this type of information, do not provide any information and contact our internet banking department immediately.
While it is your responsibility to safeguard your own data, including information that can be used to access or transact against your accounts at Guaranty Bank & Trust we recommend that you consider implementing the following data security-related rules or controls for your company along with a periodic Risk Assessment and controls evaluation:
- Use strong, complex passwords that contain:
- Alpha/numeric characters and symbols
- Upper and lower case characters
- No real words or names of family/friends/pets
- Use entire keyboard; avoid strings of identical characters
- Change your passwords regularly and use a different password for each Web site you access.
- Never reveal your confidential login ID, password, PIN or answers to security questions to anyone.
- Never reveal your confidential login ID, password, PIN or answers to security questions by e-mail.
- Never share your security token.
- Report lost or stolen tokens immediately.
- Never bank online using computers at kiosks, cafes, unsecured computers or unsecured wireless networks.
- Prohibit the use of shared user names and passwords for your online banking accounts
TIPS TO AVOID PHISHING, SPYWARE AND MALWARE
- Don’t open e-mail from unknown sources.
- Never respond to a suspicious e-mail or click on any hyperlink embedded in a suspicious e-mail:
- Call the purported sourced if you are unsure who sent an email.
- If an email claims to be from your bank, call a client services representative.
- Educate your staff about current scams and loss-prevention steps.
- Make sure all of the computers your staff members use for work-related business — at the office and at home — have the latest versions and patches of both anti-virus and anti-spyware software.
- Maintain updated and patched systems and software.
- Install a firewall between your computers and the Internet.
- Restrict administrative rights to install programs to IT staff.
- Check your settings and select at least a medium level of security for your browsers.
- Clear the browser cache before starting an online banking session to eliminate copies of Web pages that have been stored on the hard drive.
TIPS TO PROTECT ONLINE PAYMENTS & ACCOUNT DATA
- Dedicate restrict one computer to online banking transactions; allow no Internet browsing or e-mail exchange and ensure this computer is equipped with latest versions and patches of both anti-virus and anti-spyware software.
- Segregate responsibilities among different employees by maintenance, entry and approval.
- Delete online user IDs as part of the exit procedure when employees leave your company.
- Assign dual system administrators for online cash management services.
- Periodically evaluate employee job functions and remove online services.
- Establish transaction limits for employees who initiate and approve online payments.
- Set up alerts to notify manager of payments initiated above a threshold amount that warrant management’s attention.
- Use dual controls; require multiple users to release an online payment because it is less likely a fraudster would control the workstation of both initiating employees.
- Reconcile by carefully monitoring account activity and reviewing all transactions initiated by your company on a daily basis.
- Use separate accounts for electronic and paper transactions to simplify monitoring and tracking any discrepancies.
If you suspect your online banking has been compromised, please contact us immediately at 1-888-572-9881 and ask to speak with the Internet Banking department.
Consumer account holders receive protections from errors relative to electronic funds transfers under Regulation E; however we want to make you aware that Regulation E does not cover Business accounts.
There is no substitute for the advice of experts with intimate knowledge of your operations. We at Guaranty Bank & Trust recommend that you obtain data security and anti-fraud advice from such experts. While we may provide you with some recommendations regarding controls or best practices from time to time, these recommendations cannot replace the services of dedicated data security and anti-fraud experts with a true understanding of your business.
TYPES OF FRAUD
Phishing (pronounced “fishing”) is the most common type of online fraud that uses email messages to lure victims into disclosing credit card, bank account and Social Security Numbers as well as passwords and other sensitive information. Fraudsters send out emails pretending to be from businesses that customers deal with on a regular basis, such as banks and credit card companies. The emails often instruct the recipient to “update” or “validate” information to keep accounts active by directing them to a fraudulent Web site that looks similar to (or exactly like) the legitimate business. Also, the emails may threaten to close or suspend an account if no action is taken. Unknowingly, victims could submit financial information to phishers, who could use the victim’s information to order goods and services and to obtain credit. To protect yourself from phishing, avoid responding to these requests.
Spyware and Viruses are malicious programs loaded onto your computer without your knowledge. They can capture or destroy information, damage the performance of your computer, flood your Web browser with advertisements. Spyware can also spread through pop-up advertisements. When clicked on, some of these pop-ups will download spyware or adware onto your computer. These are serious threats to your computer, so install a firewall and use regularly updated security software.
Smishing, a crime similar to phishing, sends text messages through SMS (Short Message Service) to get personal and financial information by asking the victim to register for an online service or by threatening to charge for a service unless the order is cancelled. Smishing often directs victims to fraudulent Web sites or places a virus on the victim’s device. Again, the best policy to protect yourself is to avoid responding to these kinds of messages.
Nigerian 419 Scam — This is the original scam from which all the others have developed, involving the victim receiving a letter, fax, or e-mail from someone claiming to be a high level government official from a foreign country, commonly Nigeria. Sometimes the scammer claims to be the wife of a high-ranking government official who has died or has been killed. The individual tells the victim that he or she has a large sum of money to invest in the United States. The scammer seeks the assistance of someone with a U.S. bank account to get the money into the country in exchange for a percentage of the money. After agreeing to help, the victim will be asked to wire money to pay expenses or to bribe officials to release the money. If the victim does not have the money, he or she will often be sent a check with instructions to cash or deposit it and then wire the money (usually via Western Union or Money Gram). Of course, the check is counterfeit and comes back after the money has been wired. This scam can escalate to huge sums of money, if the victim wires the “bribe money” from personal funds, which signals that the customer has money and can likely deposit a larger check without raising suspicion.
The Advance Fee Fraud cons victims into paying an “advance fee” in order to claim a fake winning, inheritance or other large sum of money. A phishing email or a letter may be sent, stating the recipient has won a lottery in a foreign country. To claim the prize, the recipient is instructed to pay taxes and transfer fees in advance as required by that country’s laws. The victim pays the fees but never receives the award. You should never feel required to pay advance fees to process an application, guarantee a loan or claim a prize; these advance fees are illegal.
Check Fraud poses a challenge to financial institutions because technology aids criminals in creating increasingly realistic counterfeit checks and fake proofs of identification. Criminals can reproduce unauthorized checks or other negotiable instruments, forge endorsements or alter the names or amounts on checks. To reduce your risk of becoming a check fraud victim, never accept suspicious checks, report lost or stolen checks and avoid putting unnecessary personal information on your checks. Also, remember that it’s safer to mail bills and other checks directly from the post office — and even safer to pay bills online.
In an Overpayment Scam, a seller on the Internet could be victimized by a buyer who sends a realistic-looking counterfeit check for more than the price of the purchase. The buyer asks that seller to send back the difference in a cashier’s check or wire transfer, knowing that the original check is a fake. To protect yourself, wait until a check clears before sending back overpayment. Generally, a check can take anywhere from a few days to more than a week to clear.
Lottery Scams are often carried out through U.S. mail, with letters appearing to be from legitimate companies. Victims are often convinced by official-looking checks and may be asked to send money to cover fees or taxes. Remember that you cannot win a prize in a lottery you haven’t entered and that it is illegal for anyone to request an advance fee to secure a prize.
There are many other types of fraud with new ones popping up everyday. You should be cautious when something seems too good to be true. It normally is!
RESPONDING TO FRAUD
No matter the kind of fraud, following a few general tips can help prevent you from becoming a victim:
- Never respond to an unsolicited request to provide personal or financial information no matter how official and authentic it seems. Do not give sensitive information out unless you are sure you know the recipient. Most companies will not ask customers to confirm personal information via email.
- Report suspicious emails or Web sites to the legitimate company or agency using a telephone number, Web address or email address you know is authentic.
- Confirm that you are in a secure Web session before entering personal information online (In the browser address bar, look for https://).
- Don’t reply to spam. This will confirm that your email address is “live,” which will only generate even more spam. Just hit the delete button or use email software to remove spam automatically.
- Resist keeping check or credit card information saved on purchasing Web sites, even if you always shop online.
- Use regularly updated anti-virus software and install a firewall.
- Change your online passwords frequently.
- Avoid providing your Social Security Number, credit card or bank account numbers, check routing codes or other personal information over the phone to anyone who has called you or via any email you have received, without first confirming whom you are communicating with, why they need the information, and that they are who they claim to be.
- Get all promises of extravagant claims, gifts, or prizes in writing and review them carefully.
- Check out the company with your local consumer protection office or Better Business Bureau.
- Ignore and report as spam any unsolicited email that promises you a commission for assisting in the transfer of funds into an overseas bank account or tells you that you’ve won a sweepstakes or lottery you never entered.
- Never pay "advance fees" or "advance service charges" since it is illegal for anyone to charge any fees or taxes in advance for processing your application, guaranteeing your loan, or claiming a prize.
Don’t be afraid to hang up the phone or delete the email if you are not interested or feel pressured.