Concerned about identity theft? So are we! This short video explains what we're doing to protect our valued customers.
Find tips on protecting your identity on GCFBank.com
Links to additional resources:
National Foundation for Credit Counseling and Better Business Bureaus have initiated this week-long campaign to prevent identity theft through consumer education. Find their resources online.
The Office of Comptroller of the Currency (OCC) of the U.S. Treasury Dept. offers several tools in the battle against identity theft. Among them:
- Avoiding Card Skimming at ATMs and Other Money Machines
- Fighting Identity Theft
- If You Become a Victim of Identity Theft
- Help With My Bank
Glossary of Common Terms
Most electronic fraud falls into one of these categories:
BOTNET: A group of compromised computers infected with malicious software and controlled as a group without the owner's knowledge. Used to distribute spam or malware.
Distributed Denial of Service (DDoS): Form of electronic attack involving multiple computers, which send repeated HTTP requests or pings to a server to load it down and render it inaccessible for a period of time.
MALWARE: Software designed to infiltrate or damage a computer system without the owner's knowledge or consent. It is a blend of the words "malicious" and "software." It includes computer viruses, worms, trojan horses, spyware, adware and other malicious and unwanted software.
PHARMING: Or "domain spoofing" is an attack in which a user can be redirected from a legitimate site to a fraudulent site and then fooled into entering sensitive data such as a password or credit card number. The fraudulent site often looks like the legitimate site e.g. your bank). It is different from phishing in that the attacker does not have to rely on having the user click a link in an e-mail to deceive the user. Even if the user correctly enters a Web address into a browser's address bar, the attacker can still redirect the user to a malicious Web site.
PHISHING: Fraudulent e-mails, appearing to be from a trusted source such as your bank or credit card carrier, direct you to Web sites. Once there, you are asked to verify personal information such as name, account and credit card numbers, passwords and the like. These sites are often designed to look exactly like the site they are imitating. The information you provide is used to hijack your accounts and your identity. E-mails that warn you, with little or no notice, that your account will be shut down unless you reconfirm certain information, are very likely to be phishing. A newer tactic is to "confirm" personal credentials they supposedly have in their file, displaying false information. You call to correct the erroneous data and unwittingly provide them with the tools they need to steal your identity. Use a phone number or Web site address you know to be legitimate to check the source.
SCAREWARE: Software with malicious payloads sold to consumers. Victims are lured by fake ads warning of an infected computer, etc.
SMISHING: Phishing attacks conducted via text messaging
SPEAR PHISHING: Phishing attacks targeting targets specific entities holding whatever valuable information they seek. Typically, the crooks are looking for inside access to an organization's internal network.
SPYWARE: Software that captures information from your computer such as browsing habits, usernames and passwords or credit card information.
TROJAN: Software programs that masquerade as regular games or utilities but harm your computer.
VIRUS: Small programs or scripts that harm your computer, causing it to cease functioning properly.
VISHING: Phishing attacks conducted over the telephone
WORMS: Type of virus that replicates itself. Does not destroy files but can take up all available memory or had disk space by multiplying itself. It can cause your computer to run slowly or crash.
ZERO-DAY ATTACK: An attack or threat that exploits a security hole before or immediately after the vulnerability is known.
Tips on Protecting Your Identity
- Shred financial documents and any paperwork that contains personal information
- Don't carry your Social Security card in your wallet. If asked for it, provide only if it's absolutely necessary such as applying for credit.
- Never disclose personal information on the phone, through the mail or over the Internet.
- Never click on links sent in unsolicited emails.
- Create a password that is hard to crack using a combination of numbers, upper and lower case text and special characters where permitted. Your birth date, mother's maiden name or pet's name are too easy to guess.
- Examine your monthly statements for unauthorized charges.
- Question any lender who sent you a denial of credit letter for which you never applied.
- Monitor your credit report regularly to promptly detect and correct any inaccurate information.
|ID Theft and Fraud|
|Regardless of how diligent one may be, anybody can become a victim of Identity Theft. Your prompt response will minimize the damage. And our Identity Theft Repair Kit can help guide you through the process. Complete it online or print out to jot down notes as they arise. Some may want to fill out contact information ahead of time to have that information at hand should you need it. Find it here.|
|Identity theft is the fastest growing crime in America. If you even suspect your personal information may have been compromised, the major credit bureaus will place an alert on your file for 90 days. Should you become a victim of fraud, they'll extend the alert for seven years. You only need to contact one of the major credit bureaus, they'll register you with the other two. Register online or call:
|Identity theft of a child is a growing crime. It can go undetected for years until the child is old enough to apply for a driver's license or credit when they provide their Social Security Number. Much harm can be done in that time. Learn more about this crime, how to detect it and resolve it.|
|The Federal Trade Commission (FTC) offers valuable advice and resources for victims of identity theft as well as prevention tools on their Web site. Download their guide entitled Taking Charge: What to Do If Your Identity is Stolen here.|
|Before investing, check out the validity of that offer. Quatloos.com is a public educational website maintained by Financial and Tax Fraud Education Associates, Inc. Visit their Cyber-Museum of Scams and Frauds.|
|The Internet Fraud Complaint Center (IFCC) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). Their mission is to address fraud committed over the Internet. Visit their Web site to file a complaint.|
|Don't be fooled by ads for a fake antivirus product. Much of what you see online is malware in disguise. Microsoft has compiled a list of legitimate antivirus vendors. Find it here|
|Know what the latest virus threats are and if they can affect you. McAfee alerts or Symantec alerts.|
|Concerned about a file you see running on your computer? Find out what it is at fileresearchcenter.com/|
|Microsoft usually issues a patch for vulnerabilities BEFORE threats surface. Preventative measures are your best defense. Keep your operating system protected. If you do not have automatic updates enabled, you can download them from Microsoft's Web site.|
|Are you barraged with pop up ads? Is your computer running sluggish? Spyware may be the culprit. Spyware Doctor offers this free detection and removal tool.|
|We've all gotten the sick e-mail hoax about the missing little girl or little boy. And no matter who claims differently, neither AOL nor Microsoft, nor anyone else for that matter, can track how many people you forward an e-mail message to and reward you. Before you send that message to everyone on your address list, research its validity. Feed keywords into your favorite search engine and check out the results. Or visit one of the several Web sites dedicated to stopping hoaxes and scams. Two that have stood the test of time are snopes.com and urbanlegends.about.com.|
- Keep your screen locked with a PIN code or password. This adds an extra layer of difficulty for an unauthorized user.
- All major mobile operating systems offer remote services. Install and enable whatever your phone supports. Options differ by system, but can include the ability to delete your files, lock your phone remotely or find it using GPS location.
- If your phone allows for data encryption, use it. This protects data stored on external memory cards as well as SD cards installed in the device.
- Mobile malware is on the rise. It isn't enough to protect your PC against threats. Your smartphone needs antivirus software, too.
- Take the time to download software updates. Like their PC counterparts, they often include patches for security flaws recently detected.
- Don't provide personal information when using public WiFi or personal Bluetooth. You can browse online shopping sites, but wait until you're in a secure setting before sending your credit card number. Save your online banking chores or visiting any sites requiring a login/password for a time when you can do it securely.
- Exploring all of those neat apps can turn your phone into an entertainment experience. But unless you're using a Blackberry, those apps can be distributed by some unscrupulous folks. Only download apps from sites you trust. Check its rating and read reviews first.
- Read the small print to learn what information the app will access. Stay clear of any app that wants access to any personal information, text messages or location that doesn't seem important to its function.
- As you've learned with traditional email, don't click on links sent by users you don't know or appear suspicious. Smishing, a combination of SMS texting and phishing, has become quite common.
- Like your PC, create a backup plan. Backup your data often. All important data should be saved at least twice, in separate locations. If your remote service utility includes a weekly backup, choose a mid-cycle day to backup to your computer as well.
- Turn WiFi, Bluetooth and other connections off when you're not using them. Turn them on only when you need them.
- Connect through only known access points. Avoid networks with a generic name like "linksys."
Public Wi-Fi Hotspot Safety
Public wireless hotspots are everywhere these days. Whether you're sitting at a gate waiting for your connecting flight or downing a Big Mac at McDonald's, you can fire up your laptop and make your downtime productive. But public Wi-Fi hotspots seldom provide a secure connection. Here are some things you can do to surf safely:
- Some hotspots do offer some form of encryption. In Windows Vista and XP, a lock will display when you open the wireless connections dialog box. In Windows 7, left-click the wireless network connections icon and hover your mouse over each SSID displayed. Choose the connection with the strongest security. WPA2 offers the highest level, then WPA. WEP should be your last resort. A secure connection will require a password. Hotels often provide them to guests, other establishments may do the same.
- Set your Network Connection to Public in Windows 7. In earlier versions, turn off file sharing. This makes your data less visible to snoopers.
- Avoid doing your online banking, logging into your credit card accounts or any site requiring login credentials from a public Wi-Fi. Save these tasks for when you're home on your secure connection.
- Don't allow your browser or a website you visit to remember your password. These are saved in a file that can be intercepted.
- If you travel with your laptop, remove sensitive data like spreadsheets, bank files or documents with your social security number first. Save them on your home machine or a removable device you can leave somewhere safe.
- Make sure your firewall is active. Take a minute to double check. You may have turned it off for a software install and forgot to turn it back on.