Protecting Your Privacy
Heritage Oaks Bank takes the security of your financial information very seriously. We have developed a robust Information Security Program that includes investing in technology to ensure that your confidential information is shielded from outside attack, insuring that all bank records are maintained in secured facilities, and providing regularly training to all employees on the Bank’s security policies as well as proper methods to communicate with you, our clients, in a secure and confidential manner.
Over the past several years, as banks have become more secure, criminals have started targeting you, the client, in an attemtp to gain access to your funds. Identity theft, check fraud, corporate account takeover, and other financial fraud schemes are in the news every day. Every year thousands of people are victimized through the passing of forged checks accompanied by lost, stolen or fictitious identification. To help combat these crimes, we have put together tips you can use to minimize your risk by managing your personal and corporate account information wisely, and are describing some of themore common schemes used to defraud individuals and businesses alike. If you are a business, please share this information with employees that interact with your finances.
Heritage Oaks Bank's staff will never initiate a request for sensitive information from you (i.e. social security number, personal login ID, password, PIN or account number) through an unsolicited e-mail message or phone call.
TEN THINGS YOU CAN DO TO PROTECT YOURSELF
- Passwords: Use a complex password and change it regularly. Do not use names, birthdays, or other personal details that might be easily determined.
- If you need to write down your usernames and/or passwords, be sure they are maintained in a secure place.
- Keep your computer and/or network software patches and virus protection software up to date.
- Setup a firewall to detect and prevent intrusions into your environment.
- Take advantage of all security options provided to you by your bank.
- Review your banking transactions on a daily basis and credit report on at least an annual basis.
- Store extra checks, credit cards, documents that list your Social Security number, and similar items in a safe place. Shred all credit card receipts and solicitations, ATM receipts, bank account and credit card statements, canceled checks, and other financial documents before you throw them away.
- Use the latest versions of Internet browsers, such as Explorer, Firefox or Google Chrome with "pop-up" blockers.
- Do not batch approve transactions; be sure to review and approve each one individually.
- Turn off your computer when not in use.
Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes. Identity theft can cost you time and money. It can destroy your credit and ruin your reputation. Below are recommendations from the Federal Trade Commission to help combat the threat of identity theft.
FAKE CHECK SCAMS
- Deter identity thieves by safeguarding your information.
- Shred financial documents and paperwork with personal information before you discard them. Protect your Social Security number. Don’t carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary or ask to use another identifier.
- Don't give out personal information on the phone, through the mail or over the Internet unless you know the entity you are dealing with. Avoid disclosing personal financial informaiton when using public wireless connections.
- Never click on links sent in unsolicited emails. Instead, type in the source page of the website using a separate tab or window. Use firewalls, anti-spyware and anti-virus software to protect your home computer. Keep this software current. If you use peer file sharing, check the setting to make sure you are not sharing other sensitive private files.
- Don't use an obvious password. Avoid using passwords like birth date, address, mother’s maiden name, children’s name, or last four digits of your Social Security number.
- Keep your personal information in a secure place at home, especially if you have roommates, employ outside help or are having work done in your house.
- Detect suspicious activity by routinely monitoring your financial accounts and billing statements.
Be alert to the following signs that require immediate attention:
- Bills do not arrive as expected
- Unexpected credit cards or account statements
- Denials of credit for no apparent reason
- Calls or letters about purchases you did not make
- Charges on your financial statements that you don't recognize Inspect your credit report. Credit reports contain information about you, including what accounts you have and your bill paying history.
- The law requires the major nationwide credit reporting companies-Equifax, Experian, and TransUnion-to give you a free copy of your credit report every 12 months if you request it.
- Visit www.AnnualCreditReport.com or call 1-877-322-8228, a service created by these three companies, to order your free annual credit report. You can also write to : Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.
- If you see accounts or addresses you don’t recogize or information that is inaccurate, contact the credit reporting company and the information provider. To find out how to correct errors on your credit report, visit ftc.gov/idtheft.
- Defend against ID theft as soonas you suspect it.
Place a "Fraud Alert" on your credit reports, and review the reports carefully. The alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing account. The three nationwide consumer reporting companies have toll-free numbers for placing an initial 90-day fraud alert; a call to one company is sufficient:
- Experian: 1-888-EXPERIAN (397-3742)
- TransUnion: 1-800-680-7289
- Equifax: 1-800-525-6285
Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven’t contacted, accounts you didn't open and debts on your accounts that you can’t explain.
Contact the security or fraud departments of each company where an account was opened or charged without your okay.
- Follow up in writing, with copies of supporting documents.
- Use the ID Theft Affidavit at ftc.gov/idtheft to support your written statement.
- Ask for verification that the disputed account has been dealt with and the fraudulent debts discharged.
- Keep copies of documents and records of your conversations about the theft.
File a police report. File a report with law enforcement officials to help expedite the correction of your credit report and deal with creditors who may want proof of the crime.
Report the theft to the Federal Trade Commission. Your report helps law enforcement officials across the country in their investigations.
- Online: ftc.gov/idtheft
- By phone: 1-877-ID-THEFT (438-4338) or TTY, 1-866-653-4261
- By mail: Identity Theft Clearinghouse, Federal Trade Commission, Washington, DC 20580
- If someone gives you a check or money order and asks you to send money somewhere in return, it’s a scam. That is not how legitimate sweepstakes operators or other companies operate. If you have really won, you will pay taxes directly to the government. Legitimate mystery shopper or account manager jobs do not involve using money transfer services to send money.
- A familiar company name doesn’t guarantee that it is legitimate. Crooks often pretend to be from well-known companies to gain people’s trust. Find the company's contact information independently, online or through directory assistance, and contact it yourself to verify the information.
- The check or money order may be fake even if your bank lets you have the cash. You have the right to get the cash quickly, usually within 1-2 days, but your bank cannot tell if there is a problem with the check or money order until it has gone through the processing system to the person or company that supposedly issued it. Sometimes that can take weeks. By the time the fraud is discovered, the crook has pocketed the cash and left you responsible for covering the charge.
- When the check or money order is returned unpaid, you will have to pay the money back to your bank. You are responsible because you are in the best position to know if the person who gave it to you is trustworthy. If you don’t pay the money back, your account could be frozen or closed, and your credit may be affected. Some victims are even charged with fraud.
- Sending money using a money transfer service is like sending cash – once the crook picks it up you can’t get it back from the service. It's not like a check that you can stop after you’ve given it to someone or a credit card charge that you can dispute. But if the money has not been picked up yet, you may be able to stop the transaction. Contact the money transfer service immediately if you think you’ve been scammed.
EMAIL & TELEPHONE SCAMS
- Be suspicious of any offer made by telephone, on a web site or in an e-mail that seems too good to be true.
- Before responding to a telephone or Internet offer, determine if the person or business making the offer is legitimate.
- Do not respond to an unsolicited e-mail that promises some benefit but requests personal identifying information.
- Beware of 'work from home' schemes that are offered on career websites. If they are asking you to open accounts or move money for the company, this is most likely a scam.
Phishing is a new twist on an old telemarketing scam, but uses e-mail. These criminals send e-mails to millions of people hoping that even a few will give away valuable information such as your username, password, or credit card number. The criminal then uses this information to steal the victim’s identity. To avoid becoming the victim of a phishing scam, Heritage Oaks Bank offers the following tips:
- Do not click on links within an email unless you are sure of the sender. Many phishing emails include company logos or appear to come from government agencies, and appear legitimate. However, the links take you to a fraudulent website that has been set up to look like and feel just like the legitimate site. Check the URL carefully for differences in spelling, or go directly to a known website without the link. You may often find an alert on the legitimate site warning that a phishing email has been circulated by fraudsters.
- Never give out your personal or financial information in response to an unsolicited phone call, fax or e-mail, no matter how official it may seem.
- Do not respond to e-mail that may warn of dire consequences unless you validate your information immediately. Contact the company to confirm the e-mail's validity using a telephone number or web address you know to be genuine.
- Check your credit card and bank account statements regularly and look for unauthorized transactions, even small ones. Some thieves use small transactions in hopes that they will go unnoticed. These small transactions are also used to test the bank account and routing numbers for future use. Report discrepancies immediately.
- When submitting financial information online, look for the padlock or key icon at the bottom of your Internet browser. Also, most secure Internet addresses, though not all, use "https" in the URL.
- Report suspicious activity to the Internet Crime Complaint Center referenced at the bottom of this page. This organization is a partnership between the FBI and the National White Collar Crime Center.
- If you have responded to an e-mail, contact Heritage Oaks Bank immediately so we can protect your account and your identity.
Malware, short for malicious software, is software designed by criminals to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. It is a general term used to describe any kind of software or code specifically designed to exploit a computer, or the data it contains, without consent.
Examples of malware includes computer viruses, worms, trojan horses, and other malicious programs. Malware works to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user.
Heritage Oaks Bank offers the following tips to reduce the potential release of malware into your computer or network:
- Keep security patches and anti-virus signatures up to date
- Only open e-mail or Instant Message attachments that are expected and come from a trusted source
- Have e-mail attachments scanned by anti-virus programs prior to opening
- Delete all unwanted messages without opening
- Do not click on web links sent by an unknown party
- If a person on your ‘Friends List’ is sending strange messages, files, or web site links, terminate your Instant Message session immediately
- Scan all files with an Internet Security solution before transferring them to your system
- Only transfer files from a well known source
Social engineering attacks use human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions of several people or over a period of days, they may be able to piece together enough information to infiltrate an organization’s network. These questions may include user identification, passwords, full names, PC numbers, IP numbers. If an attacker is not able to gather enough information from one source, they may contact another source within the same organization and rely on the information from the first source to add to their credibility.
CORPORATE ACCOUNT TAKEOVER
Corporate Account Takeover is the business equivalent of personal identity theft. Hackers, backed by professional criminal organizations, are targeting small and medium businesses to obtain access to their online banking credentials or remote control of their computers. These hackers will then drain the deposit and credit lines of the compromised bank accounts, funneling the funds through mules that quickly redirect the monies overseas into hackers’ accounts.
The steps of a typical Corporate Account Takeover include:
As a business owner, it is your responsibility to understand how to take proactive steps to avoid, or at least minimize threats.
- If possible, use a dedicated computer for financial transactional activity. The purpose of having a separate computer is to avoid general web browsing and email on this machine.
- Install host-based firewall software on all computers.
- Ensure that anti-virus/spyware software is installed, functional, and is updated with the most current version.
- Use the latest versions of internet browsers, such as Internet Explorer, Firefox, or Google Chrome with 'pop up' blockers.
- Apply operating system and application updates (patches) regularly.
- Turn off your computer when you are away from your desk, or at least block access to your network by using the Control + Alt + Delete function.
- Review your banking transactions daily and credit report atleast annually.
- Do not batch approve transactions; be sure to review and approve each item individually.
Contact your Information Technology provider to determine the best way to safeguard the security of your computers and networks.
OnGuardOnline.gov provides tips to avoid scams, secure your computer, and protect kids online. The site also has a blog that is updated with recent fraud trends.
IDtheftinfo.org provides the latest news from Consumer Federation of America and other sources. It also provides an ID theft library with education materials for consumers and businesses, a Privacy Information Website, and a victim resources guide.
Consumer Federation of America
The Consumer Federation of America provides information to consumers through research, advocacy, and education. CFA also partners with financial institutions to help educate clients through advertising, readings, and other publications.
The FDIC provides a consumer protection site to help educate consumers about the risks of identity theft, and also provides tips on how to guard themselves against it. Topics include online and electronic banking scams, identity theft, phishing scams, and safe internet banking.
U.S. Computer Emergency Readiness Team
The United States Computer Emergency Readiness Team provides a National Cyber Alert System for technical and non-technical users, Vulnerability Resources, Announcements, and Current Activity updates in the internet provider sector.
Internet Crime Complaint Center
The Internet Crime Complaint Center is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center. This site provides a place to file claims of victims of identity theft. It also houses sources of internet crime prevention and current schemes.