Online Security Information

Credential stuffing where stolen account credentials, usually username/password pairs, and email addresses, are processed through an automated injection to fraudulently gain access to user accounts. Large numbers of stolen credentials are automatically entered into websites until they are potentially matched to an existing account, which the attacker can then hijack for their own purposes.

How do I protect myself from a Credential Stuffing Attack?

People often use the same username and password for multiple sites. Attackers can use this one piece of credential information to unlock multiple accounts.

The best way to protect yourself from such an attack, is to use unique usernames and passwords for each of your digital accounts.

What does Victory Bank do to protect my credentials?

The Bank’s core processor, Jack Henry & Associates, Inc., has put into place certain methods to help prevent these types of attacks. These methods may require you to respond to Multi-factor authentication questions.

When you bank or shop on public Wi-Fi networks, hackers can use keylogging software to capture everything you type, including your name, debit card account number, and PIN.

Phishing

Be wary of messages soliciting your account information. Emails can look like they're from legitimate sources but actually be from scammers. If you click on an embedded link and enter your personal information, that data can go straight to criminals.

Skimming

Identity thieves can retrieve account data from your card's magnetic strip using a device called a skimmer, which they can stash in ATMs and store card readers. They can then use that data to produce counterfeit cards. EMV chip cards, which are replacing magnetic strip cards, are expected to eliminate this risk.

Spying

Plain old spying is still going strong. Criminals can plant cameras near ATMs or simply look over your shoulder as you take out your card and enter your PIN. They can also pretend to be good Samaritans, offering to help you remove a stuck card from an ATM slot.

Smart ways to protect yourself

Adopt these simple habits to greatly reduce your odds of falling victim to debit card fraud:

• Be careful online: Shop and bank on secure websites with private Wi-Fi. If you must shop or bank in public, download a virtual private network to protect your privacy.

• Monitor your accounts: Review your statements and sign up for text or email alerts so you can catch debit card fraud attempts early.

• Don't ignore data breach notifications: The majority of identity theft victims received warnings that their accounts might have been breached but did nothing. If you get one of these messages, change your PIN and ask your provider to change your debit card number. You can also ask one of the major credit card bureaus to place a fraud alert on your file.

• Inspect card readers and ATMs: Don't use card slots that look dirty or show evidence of tampering, such as scratches, glue, or debris. And steer clear of machines with strange instructions, such as “Enter PIN twice.”

• Cover your card: When using your debit card or typing your PIN at an ATM, block the view with your other hand. Go to a different location entirely if suspicious people are hanging around the ATM, and if your card gets stuck, notify the bank directly rather than accepting “help” from strangers.

Even if you've taken precautions, debit card fraud can still happen. If your card gets hacked, don't panic. Tell your bank or credit union right away so you won't be held responsible for unauthorized charges, and file a complaint with the Federal Trade Commission.

Roberta Pescow, NerdWallet 

© Copyright 2016 NerdWallet, Inc. All Rights Reserved

If you’re getting threatening phone calls about a debt, even if it’s one you recognize, you might be the target of a debt collection scam.

Below are key ways to identify and defend yourself from illegitimate debt collectors.

Red flags of debt collection scams:

You might be getting a call from a fake debt collector if you don’t recognize the debt you supposedly owe or if the caller -

• Can’t or won’t provide detailed information about the debt and original creditor.
• Won’t give you information about the agency he or she claims to represent, including name, address, and phone number.
• Uses aggressive tactics to pressure you into immediate payment.
• Requests payment over the phone.
• Asks for sensitive information, such as details of your bank account, your Social Security number, or your credit or debit card number.

Common scams

It’s easy to detect a scam in which someone tries to collect on a debt that you don’t recognize or know you don’t owe. Fake debt collectors have many ways of getting your information, and they hope to pressure you into quick payment through a cold call.

Others can be trickier to detect, such as a scammer who tries to collect on a debt that you do owe. Scammers might tap into your credit report to see whom you owe money to, for example, and then call pretending to represent those creditors.

Threats of police action and abusive language are telltale signs of a scammer, according to the Federal Trade Commission. You can’t be arrested for a debt, and it’s against the Fair Debt Collection Practices Act to mislead consumers about the consequences of not paying a debt. Legitimate debt collectors tend to tread very carefully in this area.

Another red flag - Someone claiming to represent the Internal Revenue Service and seeking immediate payment. The government’s tax collection agency will never demand that you pay immediately over the phone or ask for a credit or debit card number. Both of those are signs of phishing scams. Be aware, however, that the IRS will start using private debt collection companies in 2017.

As with any debt, ask for a validation letter — a document that outlines the details of the debt — before you do anything.

What to do
Think before you act when handling any debt collector. But take these particular steps if you think a caller is trying to scam you.

Get information

Start by gathering information on the debt collector and the debt. Ask for a validation letter. Legitimate debt collectors should send you this information immediately without question. Any hesitation might be a sign of a scammer.

Ask the caller for his or her name and employer, and its phone number and street address. If the caller won’t give you this information, that’s a red flag.

Protect your personal information

No matter how aggressively a potential debt collector asks, don’t give away or confirm details of your bank account, credit or debit card numbers, or Social Security number. Doing so could put you at risk for identity theft or let a scammer pull money from your accounts.

Contact the original creditor

If you think a scam debt collector has contacted you for payment on a debt you do owe, ask the original creditor if it sold your debt and for the contact information of the collection agency that owns it.

Ignore the calls Ignoring repeated phone calls is one of the best ways to get a scammer off your back. Don’t hesitate to hang up in the face of harassment or threats, and don’t answer callbacks. Since scammers are looking to make a quick buck off an easy target, they’re not likely to pursue you for long before moving on.

If you’re in contact with a legitimate debt collector, however, you’ll want to make a plan to resolve the debt.

File a complaint

Don’t hesitate to file a complaint with the Consumer Financial Protection Bureau or your state attorney general’s office if you think a scam debt collector has contacted you. Gather all information you can and include it in your formal complaint.

Sean Pyles is a staff writer at NerdWallet, a personal finance website. Email: spyles@nerdwallet.com.

US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. E-cards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed e-mail messages and fraudulent posts on social networking sites may request support for phony causes.

To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, US-CERT encourages users to take the following actions:

• Avoid following unsolicited links or downloading attachments from unknown sources.
• Refer to our security Tips to learn more about Shopping Safely Online and Avoiding Social Engineering and Phishing Attacks.
• Visit the Federal Trade Commission's Consumer Information page on Charity Scams.

If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:

• File a complaint with the FBI's Internet Crime Complaint Center (IC3).
• Report the attack to the police and file a report with the Federal Trade Commission.
• Contact your financial institution immediately and close any accounts that may have been compromised.
• Watch for any unexplainable charges to your account.
• Immediately notify the bank if any account activity doesn't look familiar.

Card cracking, which originates online on social media platforms and targets young consumers, is estimated to have cost banks $11.6 million in stolen funds. 

Card cracking happens when a fraudster reaches out to a banks’ customer promising quick cash. The customer provides account credentials to the scammer, who then deposits a fake check in the customer’s account. The fraudster then makes an immediate ATM withdrawal, sharing some of the funds with the customer. Meanwhile, the customer is instructed to report the card or credentials lost or stolen so that the bank will reimburse the stolen money -- making the customer a criminal accomplice. 

To avoid card cracking scams, you should avoid online solicitations for easy money, never to share an account number or PIN, never to file a false fraud claim with a bank, and to report suspicious social media posts connected to scams.

View this information sheet on how it works.

Identity theft happens when someone steals your personal information to commit fraud or other crimes, costing you time, money, and potentially damaging your credit and reputation. Although no foolproof prevention exists, taking specific precautions can reduce your risk and mitigate the impact if you encounter a problem, making it harder for identity thieves to succeed.

It’s about following the “3 D’s” of identity theft protection - Deter, Detect, and Defend.

DETER

Deter identity thieves by safeguarding your information. 

• Shred financial documents before discarding them.
• Keep your Social Security number private; avoid carrying it or writing it on checks unless necessary.
• Only share personal information if you've initiated contact and verified the recipient.
• Avoid clicking on links in unsolicited emails; manually enter known web addresses.
• Use firewalls, anti-spyware, and antivirus software on your home computer, keeping them updated.
• Choose strong, unique passwords instead of easily guessable ones like birth dates or Social Security numbers.
• Secure personal information at home, especially if you share living space or employ outside help.

DETECT 

Detect suspicious activity by Stay vigilant - Monitor financial accounts and bills regularly for unusual activity. Look out for:

• Missing mail or bills.
• Unexpected credit statements or cards.
• Unexplained credit denials.
• Notices regarding unrecognized purchases.

Inspect:

Check your credit report annually. It details your accounts and payment history. By law, Equifax, Experian, and TransUnion provide a free copy each year. Visit AnnualCreditReport.com or call 1-877-322-8228 to request yours. Also, review your financial statements regularly for unauthorized charges.

DEFEND

Act promptly if you suspect identity theft:

• Place a "Fraud Alert" on your credit reports; one call to any of the three major consumer reporting companies is enough.
   
  1. Equifax: 1-888-298-0045 - https://www.equifax.com/personal/credit-report-services/credit-freeze/
  2. Experian: 1-888-397-3742 - https://www.experian.com/freeze/center.html
  3. TransUnion: 1-800-916-8800 - https://www.transunion.com/credit-freeze
• Monitor your reports for suspicious activity, like unrequested inquiries or unfamiliar accounts.
• Close compromised accounts and contact companies involved, both by phone and in writing, including supporting documents.
• Use the ID Theft Affidavit available at https://consumer.ftc.gov/features/identity-theft.
• Request written confirmation of account closure and debt discharge.
• Keep detailed records of all correspondence and actions taken.
• File a police report to assist with creditor requests for proof.
• Report the incident to the Federal Trade Commission to aid in nationwide investigations.
  1. Online: https://consumer.ftc.gov/features/identity-theft
  2. By phone: 1-877-ID-THEFT (438-4338) or TTY, 1-866-653-4261
  3. By mail: Identity Theft Clearinghouse, Federal Trade Commission, Washington, DC 20580

For more resources visit: https://www.fdic.gov/resources/consumers/consumer-assistance-topics/cybersecurity.html 

Consumers and businesses should be diligent in protecting themselves against cyber and other mass marketing fraud such as telephone and mail. Mass-marketing fraud schemes usually fall into the following categories:

• Advance-Fee Fraud: A victim will be promised a substantial benefit - such as a million-dollar prize, lottery winnings, or some other item of value and must pay in advance some type of fee before the victim can receive the benefit.
• Credit-Card Interest Reduction Schemes: Victims are contacted and the company promises to help them lower their credit-card interest rates, but charge fees without effecting actual reductions in the cardholder's interest rate.
• Bank and Financial Account Schemes: Victims are tricked into providing their bank or financial account data, so the criminal can gain unauthorized access to those accounts and siphon off funds or charge goods to the victim's card.
• Phishing is where the criminal uses emails and websites that claim to be falsely associated with legitimate banks, financial institutions, or companies to get the Internet user to disclose personal and financial data. Vishing is the telephone equivalent using the same methods.

Safeguard your financial information with these tips:

• Monitor your bank and credit card transactions daily and read your statements regularly.
• Be cautious of urgent emails to "verify your account" or "If you don't respond within 48 hours, your account will be closed".
• Don't click on a link in an email or web page if you suspect the message is not from the actual company. Instead, verify by logging on to the website page directly by typing in the web address in your browser.
• Create strong, complex passwords with at least 10 characters using upper and lower case letters, numbers, and special characters.
• Use multi-factor authentication whenever possible.
• Don't send money to someone you don't know.
• Always use a payment option that provides protection, like a credit card. Don't send cash or use a wire transfer service for online purchases.
• Protect your computer by installing and keeping up-to-date spam filters, anti-virus, and anti-spyware software.
• In the wake of a natural disaster or crisis, give to established charities rather than one that seems to have sprung up overnight.

To learn more, visit www.fdic.gov/consumers/theft.

View The Victory Bank's Privacy Policy.

When the Federal tax filing deadlines approach, tax-related scams increase.

In one popular scheme, people impersonating IRS agents call taxpayers, claim they owe taxes and demand immediate payment using a prepaid debit card or a wire transfer. Those who refuse are threatened with arrest, deportation, or loss of a business or driver's license. The callers can manipulate caller ID to make it look like they are calling from an IRS phone number; in some cases, they know the last four digits of the taxpayer's Social Security number.

"We have seen scams based on unsolicited text messages and aggressive phone calls," said David Pollino, senior vice president and enterprise fraud prevention officer at Bank of the West in a recent interview. "We've seen scams in which people call claiming to be with the IRS, saying, 'We'll arrest you if you don't wire money to us immediately.'"

The Scam

IRS fraud happens every year in March and April. Last year, more than 20,000 taxpayers fell victim to the scam and lost millions.

The volume of fake IRS calls is increasing. Some of the calls are very sophisticated, and the fraudsters cite the right regulations and government bodies and might mention the local police department or district attorney.

On any given day, there may be as many as 9,000 phone calls associated with the IRS scam!

"We saw a spike back in 2011 when we first started aggressively tracking it, right around this time when you expect tax season to be," said Jonathan Nelson, product manager, and digital reputation manager for Whitepages. "It's been fairly constant up until early 2014, since then it's been on a rise. Right now it averages about 2.5% of all the fraud we see."

Having compared the Federal Trade Commission's complaint records of fake calls to activity in Pindrop's honeypot, Dewey estimates that only 20% of the people getting hit by this scam are reporting it to the FTC. "They're either going along with it or silently ignoring it," he said.

Who is being targeted?

Pindrop's analysis of the geographic coverage of these calls shows an even distribution across the country.

"Based on the dialing patterns we've seen from the fraudsters, they'll try their scam on anyone and everyone they can get on the phone," Dewey said. "Our intuition behind why they (the fraudsters) are using such a broad blanket technique is that there's a high rate of folks that would believe the IRS is calling, that they are in some kind of trouble."

Some might still owe the IRS money from last year. Others might feel vulnerable because of a related legal issue, such as a shaky immigration status.

What a Bank Can Do?

The first step in preventing IRS fraud is educating consumers, although that appears to seldom work. Some consumers report such scams, but they can't be counted on to recognize the signs of fraud.

Banks can ask customers a few questions before executing wire transfers. For instance, the IRS has stated that it will never call to demand immediate payment, call about taxes owed without first having mailed a bill, demand that a consumer pay taxes without giving the opportunity to question or appeal the amount owed, require the use of a specific payment method such as a prepaid debit card, or threaten to bring in local police or other law-enforcement groups to have the consumer arrested for not paying. By questioning customers about why they're sending the money, call center reps could uncover telltale signs of foul play.

Bank Customers should openly discuss with their banker anytime they’re requested to send someone they personally don’t know – if they did, fraud could be substantially reduced!

Visit the IRS website for more information.