Security

Questions that may mean scam

If your answer is YES, you may be involved in a scam and should notify Banking Center personnel immediately.

• Has anyone asked you to provide them with your online banking log-in credentials?
• Did you respond to a request asking you to confirm, update, or provide your bank account information?
• Have you been instructed to purchase gift cards at a big box or chain store?
• Have you been instructed to submit a payment via a money movement app to a person or business that you do not know?
• Have you received money via a check or electronic transfer for more than expected and been asked to send the excess back?
• Have you met someone online who is requesting financial assistance or asking you to deposit a check for them into your account?
• Have you responded to a pop-up on your computer or a phone call claiming that your computer has been compromised?
• Have you responded to a job offer that you replied to online and been instructed to send money for start-up costs such as advertising or secret shopping?
• Have you been instructed not to inform anyone, including your bank, about doing a transaction on your bank account?
• Have you received an emergency phone call regarding a family member being in big trouble and needed money sent immediately?

Tech support scams

• Phone calls claiming to be computer techs associated with well-known companies like Microsoft or Apple, or pop-up messages that warn about computer problems are signs of a tech support scam. They create a sense of urgency by saying viruses or other problems with your computer have been reported. These scams can also claim to offer a refund for tech services or software. Under the guise of "tech support", they will ask you to give them remote access to your computer and may even ask you to log into Online Banking. Eventually, they’ll diagnose a non-existent problem and ask you to pay for unnecessary – or even harmful – services.
• If you get an unexpected pop-up, call, spam email or other urgent message about problems with your computer, stop. Don’t click on any links, don’t give control of your computer and don’t send any money. You can report it to https://reportfraud.ftc.gov/#/
• For victims of these scams, take your computer to a professional to have it evaluated and cleaned of malicious software. Change your Online Banking User ID and password, and any other passwords entered from that computer. You can find more information about Tech Support Scams on the FTC website at https://www.consumer.ftc.gov/articles/0346-tech-support-scams

Tax-related identify theft

• The IRS uses your Social Security Number (SSN) to make sure your filing is accurate and complete, and that you get any refund you are due. Every tax season it's important to be reminded of the warning signs of tax ID theft: more than one tax return was filed for you; you owe additional tax, have refund offset or had collections actions against you; or the IRS indicates you received wages or other income from an employer for whom you did not work.
• If tax ID theft is suspected the IRS has outlined steps you can take: https://www.irs.gov/newsroom/taxpayer-guide-to-identity-theft

Fake check scams

• Fake checks drive many types of scams and are very active in our community. There are many variations to be aware of including those involving phony prize wins, fake jobs, mystery shoppers, online classified ad sales, and others. In a fake check scam, someone asks you to deposit a check, and when the funds seem to be available, wire the money to another bank. Unfortunately, when the bad check is returned to the bank, the scammer already has the money, and you’re stuck paying the money back to the bank.
• There are ways to protect yourself from these scams and education on these scams is a great start. Learn more from the FTC: https://www.consumer.ftc.gov/articles/0159-fake-checks

Cash advance scams

• There has been an increase in cash advance scams, where the victim receives phone calls coming from a scammer pretending to be from a legitimate cash advance company. The scammer attempts to gain access to your account by asking you to give remote access to your computer and log into Online Banking. They claim to need this information to credit the proceeds from the loan to your account.
• If you get an unexpected call from a cash advance company, don't follow their instructions to get control of your computer and don't send any money

How to Report Identity Theft or Fraud

Identity Theft occurs when a fraudster obtains your personal or banking information and attempts to act as you by withdrawing funds from your account, opening new bank accounts, credit card accounts or even applying for loans.

If you believe you are the victim of identity theft, report the criminal activity to the Federal Trade Commission (FTC), call the toll-free hotline at 1-877-ID THEFT (1-877-438-4338) to speak with a trained identity theft counselor, or enter information about your complaint into a secure FTC online database. Your information may be shared with other law enforcement agencies investigating identity theft.

If you feel your personal or financial information has been compromised, contact your local Banking Center immediately.

Scams and fraud

Criminals have become more sophisticated in using the internet to obtain valid personal information for illegal purposes. Social media, email, message boards, surveys, and fake websites have been used as a means to obtain money, bank account numbers or personal information. Be aware of potential scams to avoid becoming a victim.

• The Federal Trade Commission (FTC) has the most up to date information on scams and you can subscribe to their mailing list for updates: https://www.consumer.ftc.gov/scam-alerts
• The FDIC has an article on some of the top consumer scams: https://www.fdic.gov/consumers/consumer/news/cnsum17/scams.html

PHishing

• Phishing refers to fake emails pretending to come from someone you trust or a subject you're interested in, all with the goal of luring you into opening the message and taking action - like clicking on a link, opening an attachment, or making a fraudulent purchase. This same attack is not limited to email, it can be performed through a text message or instant message from various apps. The criminals sending these messages are trying to steal information, commit fraud, or spy on your computer or mobile device.
• If you receive an email, pop-up message, or any type of electronic request soliciting personal account or password information, NEVER follow the link or reply to the text message and provide the requested information.
• Peoples Bank would never contact a customer online to ask for confidential information or confirm information we already have on file. If you receive a suspicious email from Peoples Bank, please inform us immediately at 866-301-8660 or contact your local Banking Center. You should also report suspicious activity or email communications to the Federal Trade Commission (FTC). Send the actual email you received to spam@uce.gov. If you believe your information has been compromised, learn how to report the fraud in order to fully resolve the issue.
• Phishing (P2P Payment Apps): Beware of text messages from someone claiming to be Peoples Bank saying your Zelle® or mobile payment app account has been hacked. The scammer may ask you to send money to a new account they've created for you, but that's a scam! Also, Peoples Bank will never ask you to send money to your own email or mobile number, or even to Peoples Bank. Be sure to only pay recipients you trust, especially if you just added them to your app. Remember that scammers use urgency to get you to send money, so be wary anytime someone wants you to act now.

Account Fraud

• Do not open or respond to online solicitations for personal information. Peoples Bank will never send email containing attachments, or require customers to send personal information via email or pop-up windows.
• Do not be intimidated by emails requesting information immediately in order to prevent account closure. Any communications requesting immediate response should be treated as suspect.
• Review your credit report annually. A free copy of your credit report is available at www.annualcreditreport.com or by calling 1-877-322-8228.
• Shred financial or personal documents before discarding.
• Utilize Online Banking regularly to monitor your account activity and quickly detect any fraudulent transactions.
• Safeguard Online Banking User ID and password. Do not share with anyone.
• Pay bills online with Free Online Bill Payment. The fewer personal documents sent through the mail and less sites you’re sharing your information with, the less chance there is for possible fraud.
• Always put outgoing mail in a U.S. Postal Service mailbox, which is more secure than your home mailbox and collect your mail promptly each day.
• If you feel your personal or financial information has been compromised, contact your local Banking Center immediately.

Data Breaches

• Data breaches are more common now than ever before. After these unfortunate events happen, most folks want to know what to do and the first step is understanding if you have been impacted and what information has been compromised. Depending on the impact, there are a variety of steps you can take to protect yourself after the data breach.
• Check your bank account activity frequently. At Peoples Bank, your security is our top priority. We encourage you to monitor your accounts through Online and Mobile Banking. Additionally, we offer account alerts that allow you to receive emails or text messages regarding activity on your account. Click here to enroll or contact your local Banking Center for more information.

I've been hacked, what do I do?

We rely on our computer and mobile devices now more than ever, and with that growing integration into our daily lives, they often contain personal information. If you suspect that your computer or mobile device has been hacked, the sooner you respond the better. Indicators that something is wrong could be as simple as the battery on your mobile device draining quickly to your computer freezing up and crashing applications.

• If you use our Online or Mobile Banking services, contact us right away.
• Additional information regarding steps you can take to handle your personal devices are listed in this article: https://www.sans.org/security-awareness-training/ouch-newsletter/2016/im-hacked-now-what

If you believe an account like a social media or email account has been compromised, take the following steps:

• Notify all of your contacts that they may receive spam messages appearing to come from your account. Tell your contacts they shouldn’t open messages or click on any links from your account and warn them about the potential for malware.
• Change passwords to all accounts that have been compromised and other key accounts as soon as possible. A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country mu$ic.”). On many sites, you can even use spaces!
• If you cannot access your account because a password has been changed, contact the service provider immediately and follow any steps the provider offers for recovering an account.

General Computer Guidance

Keep a clean machine

• Keep security software current: Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats.
• Automate software and system updates: Many software programs and operating systems will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
• Protect all devices that connect to the Internet: Along with computers, smartphones, gaming systems and other web-enabled devices also need protection from viruses and malware.
• Plug & scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.

Connect with care

• When in doubt, throw it out: Links in emails, social media posts and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
• Get savvy about Wi-Fi hotspots: Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services.
• Protect your $: When banking and shopping, check to be sure the site is security enabled. Look for web addresses with “https://” which means the site takes extra measures to help secure your information. “Http://” is not secure.
• Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information.

Securing Key Accounts and Information

Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available

• Make your password a sentence: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country mu$ic.”). On many sites, you can even use spaces!
• Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.
• Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer. You can alternatively use a service like a password manager to keep track of your passwords.

Back it up

• Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely.

Mobile Devices

Keep a Clean Machine

• Keep security software current on all devices that connect to the internet: Having the most up-to-date mobile security software, web browser, operating system and apps is the best defense against viruses, malware and other online threats.
• Delete when done: Many of us download apps for specific purposes, such as planning vacations, and no longer need them afterwards, or we may have previously downloaded apps that are longer useful or interesting to us. It’s a good security practice to delete all apps you no longer use.

Protect Your Personal Information

• Secure your devices: Use strong passwords, passcodes or other features such as touch identification to lock your devices. Securing your device can help protect your information if your device is lost or stolen and keep prying eyes out.
• Personal information is like money – Value it. Protect it.: Information about you, such as the games you like to play, what you search for online and where you shop and live, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites.
• Own your online presence: Use security and privacy settings on websites and apps to manage what is shared about you and who sees it.
• Now you see me, now you don’t: Some stores and other locations look for devices with WiFi or Bluetooth turned on to track your movements while you are within range. Disable WiFi and Bluetooth when not in use.

Connect with Care

• Get savvy about WiFi hotspots: Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.
• When in doubt, don’t respond: Fraudulent text messages, calls and voicemails are on the rise. Just as with email, mobile requests for personal data or immediate action are almost always scams.

ATM and Debit Card Security

We encourage you to use our convenient ATM and Debit Cards to make your cash withdrawals or purchases, but we also want you to protect yourself when using these devices. Just follow these helpful tips for your security.

• Enroll in ATM/Debit Card Alerts through online banking. The Bank has software to monitor and detect suspicious activity. During monitoring of your transactions, the Bank may flag a potentially suspicious transaction and contact you via text message (if we have your cell phone number) to verify the transaction activity.
• Immediately report your lost, stolen or compromised card to the Bank 1-800-236-2442.
• Memorize your PIN. If you must write your PIN down, do not carry it with your card. NEVER reveal your PIN to anyone, not even family members, bank employees, or the police.
• Use familiar ATM locations in well-lit areas and scan the area around the ATM before you approach it. If suspicious-looking individuals or vehicles are near the ATM, do not use the ATM.
• Be especially cautious if a stranger approaches you at an ATM, or offers to help you. Other customers should remain a safe distance away from you; be on the lookout for individuals who may be watching you enter your PIN.
• When you approach the ATM, have your ATM or debit card ready to use in your hand so you don’t have to open your purse or wallet while in line.
• Avoid ATMs where posted messages indicate that screen directions have changed, especially if the message is posted over the card slot.
• Use your body or hand to shield the keypad from other customers.
• If you feel the ATM is not working normally, press CANCEL, remove your card, and go to another ATM. Report the problem to the bank.
• Carefully secure your card and cash in your purse, wallet or pocket before leaving the ATM.
• Don’t reply to text messages or phone calls that prompt you to give card information.
• Never give out or share your card number, expiration date, or 3 digit code on the back of the card to anyone unless you are initiating a purchase.

Card Skimmers

Card Skimmers are devices that a fraudster will affix to ATM machines, gas pumps, and even point-of-sale terminals at stores. They are designed to secretly take the information from your debit or ATM card when the card is swiped at one of the locations.

Additional Resources

• OnGuard Online: The FTC’s free online security tips and resources, and share with your friends, family, coworkers, and community. https://www.onguardonline.gov
• FTC Identify Theft Recovery site: https://www.identitytheft.gov/
• Stop.Think.Connect.: Lead by the Department of Homeland Security, this is the global online safety awareness campaign to help all digital citizens stay safer and more secure online. https://www.stopthinkconnect.org/

Threats to Business

Corporate Account Takeover

• Criminals in this scam attempt to gain access to a business' finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable.

Business Email Compromise

• This scam targets businesses working with suppliers or businesses that perform wire transfer payments on a regular basis. The attacker compromises legitimate business email accounts or impersonates the email accounts of individuals within the organization that regularly approve or handle wires. The goal of the scam is to convince the business or bank employee to conduct a fraudulent funds transfer to a fictitious supplier or business.
• In addition to funds transfer, the scammer may also attempt to obtain other confidential information such as employee W-2 forms.
• The FBI has issued a Public Service Announcement for both of these threats and can be read in detail here: https://www.ic3.gov/media/2017/170504.aspx

Ransomware

• This form of cyber threat encrypts information on a computer or network of computers rendering the information stored on impacted systems unreadable. Successful attacks are often the result of a phishing email with a malicious link or attachment that is clicked or opened by the email recipient. Victims of ransomware are usually given the opportunity to pay a ransom in order to render the information readable again, but there is no guarantee the criminal will hold up that end of the deal. The other option is to restore data from a good backup.
• While this threat exists for business and personal computers, business attacks have been increasing due to the likelihood for higher and quicker ransom payments.
• The FBI has issued more information on this subject in this document https://pdf.ic3.gov/Ransomware_Trifold_e-version.pdf

Business Fraud Services

Fraud Prevention Services

Check Positive Pay - This allows your company to submit a check issue file or manually enter information regarding the checks you have written. When checks clear your account, they are matched to the check issue information and you are provided with a list of exceptions on which you can make a decision to pay or return. Exceptions will be presented for the following conditions: duplicate check, amount mismatch, stale date, check not found, and check presented against voided items. This will assist in reconciling your account and preventing fraud.

Check Positive Pay with Payee Name Matching - This includes all features of Check Positive Pay and will match the payee name from your check issue file to the payee name on checks clearing your account. Payee name on checks must be typed to use this service.

Reverse Check Positive Pay - Designed as an alternative to Check Positive Pay if you cannot submit a check issue file. All items clearing your account above the minimum exception threshold will be presented for you to review and make a decision to pay or return.

ACH Positive Pay - Allows your company to reduce the risk of ACH fraud by creating payment rules that limit the ACH transactions being debited from your accounts. When ACH debit transactions clear your account, they are matched to your predefined payment rules and you are provided with a list of exceptions on which you can make a decision to pay or return the items.

ACH Debit Block - Allows your company to reduce risks associated with ACH transactions. It is ideal for accounts in which you do not allow any ACH debit activity. Every incoming ACH debit transaction will be returned to the sending bank.

Have a Plan

The National Cyber Security Alliance (NCSA) has translated the NIST Cybersecurity framework to provide a common language for understanding, managing and expressing cybersecurity to help businesses identify and prioritize their cybersecurity actions and manage cyber risk. The framework has the following steps:

• Identify
• Protect
• Detect
• Respond
• Recover
• Visit https://staysafeonline.org/cybersecure-business/ to learn more.

Additional Resources

• FTC Business Center: For more tips and resources for businesses, including small business, please visit https://www.ftc.gov/tips-advice/business-center
• SBA cybersecurity best practice resources: https://www.sba.gov/managing-business/cybersecurity