Fraud Prevention Tips
When someone poses as a legitimate company to obtain personal data and fraudulently conducts transactions on your existing accounts is ONLINE FRAUD. This is often called “phishing” or “pharming”. “Phishing” is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). “Pharming” is an attack in which a user can be misled into entering sensitive data such as a password or credit card number into a malicious web site that impersonates a legitimate web site. It is different than phishing in that the attacker does not have to rely on having the user click a link in an email to deceive the user-- even if the user correctly enters a URL (web address) into a browser’s address bar, the attacker can still redirect the user to a malicious web site.
How to Prevent being a Victim of Pharming
The address bar of Internet browser won’t tell anything useful. The address (URL) looks just the same. If the criminals are good, the spoofed site may look just like the real web site. At present only a certificate (such as those issued by Verisign) will ensure that you are on the right website. When you visit a website that uses a certificate, you will see a box asking you if you want to trust the certificate. If you do online banking, you’ve probably already seen these. Compare the names: if the name on the certificate doesn’t match the site you’re trying to reach, you know that something is wrong! Close the window and contact the company by telephone. If the certificate is OK, save the certificate so that on your next return, your browser will know it’s reached the right address. You would then log in to the site safely.
Suspicious emails
Suspicious emails. Be cautious of suspicious emails and review any email requesting your account information and/or password, particularly if the email states that the information is needed to “award a prize” or “verify a statement.” Avoid opening any suspicious emails. If you have opened any suspicious email, do not open any attachments or links it may contain, and delete it.
Business Email Compromise (BEC) Fraud Awareness Guide
What is Business Email Compromise (BEC)?
A business email compromise attack - also known as a BEC attack - is a type of phishing attack in which a cybercriminal impersonates a high-level executive or other trusted contact and uses social engineering techniques to trick an email recipient into transferring funds into a fraudulent account.
Who is Targeted in a BEC Attack?
Cybercriminals seek out situation in which fund transfers happen on a regular basis, and they have been known to attack organizations of all sizes across all sectors, as well as individuals. Anyone who is authorized to complete financial transactions as part of a normal course of business could be a target. Frequent victims include company controllers, accountants, and parties involved with real estate transactions (including agents, buyers, and sellers).
How Does a BEC Attack Happen?
- Email Spoofing: This involves the manipulation of an email address to make the sender's email address appear to be sent from someone or somewhere other than the actual source.
- Compromised Email Account: Cyber criminals send a spoofed email issuing an urgent payment instruction to a staff member. Junior staff members may be targeted and are often instructed not to discuss the email with their colleagues.
- Company Research: The criminals use services like LinkedIn to gather information on business relationships, employee names and positions, and even a CEO or other executive's written communication styles.
How to Prevent and Protect from BEC Attack?
- Be careful about your social media posts and connections. Consider all information shared to be public and permanent.
- Be on guard with all unsolicited emails and phone calls. Even seemingly, small pieces of information - like vendor names and vacation schedules - are useful to cybercriminals.
- Do not rush. Criminals tends to plan their attacks during the busiest periods of the day. Rushing through request may end up overlooking the details of the request and process.
- Verify originating email addresses and phone numbers when sensitive requests are made. These details can be spoofed by attackers to make them look legitimate.
- Implement a form of two-factor authentication before initiating wire transfers or providing sensitive data. Call a known, verified phone number and have a voice-to-voice conversation to confirm the request is legitimate.
Ask you for personal information
Ask you for personal information. Fraudulent emails often claim that your information or account has been compromised and ask you to confirm the authenticity of your transactions. Never provide your Social Security Number (SSN) unless you determine it is necessary. If you asked to provide your SSN for any service, confirm that it is really needed or ask if you can provide another piece of identifying information. Never respond to e-mails, open attachments, or click on links from suspicious or unknown senders. Below identity theft prevention tips are provided by Los Angeles Police Department.
Credit Reporting Bureaus
Contact credit reporting bureaus for names and telephone numbers of credit grantors with whom fraudulent accounts have been opened in your name. Ask the credit reporting bureaus to remove inquiries that have been generated due to the fraudulent access. You may also ask the credit reporting bureaus to notify those who have received your credit report in the last six months in order to alert them to the disputed and erroneous information (two years for employers). The nearest office of the Consumer Credit Counselling Service of Los Angeles might be able to give you advice on removing fraudulent claims from your credit report. Call 800-750-2227. In addition, immediately call the fraud unit of one of the three credit reporting bureaus, i.e., Equifax, Experian (formerly TRW) and Trans Union. These organizations currently share fraud information eliminating the need to contact all three. Report the theft of your credit cards or numbers. Ask that your accounts be flagged. Also, add a victim’s statement to your report, up to 100 words. (“My Identification has been used to apply for credit fraudulently. Contact me at (telephone number) to verify all applications.”) Be sure to ask how long the fraud alert is posted on your account, and how you can extend it if necessary. Be aware that these measures may not entirely stop new fraudulent accounts from being opened by an imposter. Ask the credit bureaus in writing to provide you with free copies every few months so you can monitor your credit report.
EQUIFAX
| To report fraud call | 800-525-6285 or 800-685-1111 |
|---|---|
| To order a copy of credit report write | P.O. Box 740241 Atlanta, GA 30374-0241 |
| To dispute information in credit report write | P.O. Box 740256 Atlanta, GA 30374-0256 |
| To opt out of pre-approved offers of credit write | P.O. Box 740123 Atlanta, GA 30374-0123 |
EXPERIAN (formerly TRW)
| To report fraud call | 888-397-3742 or fax 800-301-7196 |
|---|---|
| To contact Experian Consumer Fraud Assistance write | P.O. Box 1017 Allen, TX 75013 |
| To order a copy of credit report write | P.O. Box 2104 Allen, TX 75013-2104 or call 888-EXPERIAN (888-397-3742) |
| To dispute information in credit report contact | Experian at the address and telephone number provided on your credit report |
| To opt out of pre-approved offers of credit and marketing list call 800-353-0809 | |
TRANS UNION
| To report fraud call | 800-680-7289 |
|---|---|
| To report fraud write | Fraud Victim Assistance Division P.O. Box 6790 Fullerton, CA 92634 |
| To order a copy of credit report write | P.O. Box 390 Springfield, PA 19064 or call 800-916-8800 |
To dispute information in credit report call: 800-888-4213 or call the telephone number provided on your credit report or use “investigation request form” provided by Trans Union when you order your report. To opt out of pre-approved offers of credit and marketing lists call: 888-5OPTOUT (888-567-8688) Remember, if you have been denied credit you are entitled to a free credit report. If you are the victim of fraud, be sure to ask the credit reporting bureau for a free copy of your credit report. In 1997, a law became effective requiring credit reporting bureaus to provide credit reports free of charge to victims of Identity Theft.
Social Security Administration
If your Social Security number has been used fraudulently, report the problem to the Social Security Administration (SSA) at 800-269-0271. You may also order your Earnings and Benefits Statement by calling the SSA at 800-772-1213. For extreme cases of Identity Theft, they may be willing to change your Social Security number.
Reporting Theft or Fraudulent Use of Checks
To report theft or fraudulent use of your checks call your branch:
| Equifax | 800-437-5120 |
|---|---|
| Telecheck | 800-710-9898 |
| ChexSystems (Regarding closed checking accounts only) | 800-328-5121 or 800-428-9623 |
| SCAN | 800-262-7771 |
