More Info Princeville State Bank

Security is a very important issue for all of us here at Princeville State Bank and customer education is also important. Today’s security issues can be both challenging and frightening at times. We have included the following information for you to get a better understanding of some of the security issues that we all face from day to day.

LOST OR STOLEN DEBIT CARDS

Report immediately!!! Please call 309-385-4375 Princeville State Bank (during normal business hours)

IDENTITY THEFT RESOURCE

http://www.illinoisattorneygeneral.gov/consumers/Identity_Theft_Resource_Guide.pdf

 Latest Security News and Updates

Princeville State Bank is aware of several malware threats to financial institutions.  To avoid any issues, PSB would like to remind customers to always type in our complete web address when accessing your online banking accounts, or to access directly through our PSB app.  Some types of malware have targeted the Google Search engine.  Some malware infects Google Search results which will push false bank-related results to the top of the search.  The fake results will even show a high rating and positive reviews.  Once clicking on the link, you will receive a pop up asking you to enable editing, content and/or macros.  Enabling these changes will then infect your system.  Our customers safety and security of their information is our top priority at PSB.  If you ever see something questionable when accessing your online accounts, please notify us immediately at 309-385-4375.

Compromised Debit Cards

At Princeville State Bank, the safety and security of our customer’s financial information is our first priority.

What is a compromised card?

A compromised card is a card that is at risk of being used fraudulently.

How long does PSB react to compromise notifications?

PSB acts immediately. We take every compromise seriously and require issuance of new cards for affected cardholders. Those cardholders will receive phone and/or written notification if their card data has been compromised and new cards will be re-ordered.

Does this mean that I have fraud on my account?

Not necessarily. In fact, among the list of card numbers we periodically receive, rarely has anyone been affected by fraud. Take the opportunity to review your monthly statements.

What do I need to do if I discover fraud on my account?

Call PSB immediately. The number that you can reach our fraud department is 309-385-4375 extension 209 and 210.

How long does it take to receive my new debit card?

Most cards are received 10-14 days from the date of order. The new PIN number will be shipped out separately.

Is there a charge for the new card?

As a courtesy to our customers, under these circumstances, we do not charge the normal $5.00 replacement card fee.

What can I do to keep this from recurring?

Unfortunately, we have no way of stopping criminals from hacking into databases of merchants. While the possibility of a card being used fraudulently is low, we recognize the aggravation customers face in acquiring a replacement card or to have fraudulent activity removed from their account. In all situations, PSB reminds customers to always have a back-up method of payment and to check their activity on their accounts, often.

What do I need to do once my card is compromised?

Contact any company/merchant that has recurring debits taken from your debit card account (example; Mediacom, Frontier, Verizon) and inform them that you have a new debit card number. Most importantly, check your account activity.

Any other questions or concerns, please call PSB at (309)-385-4375.

Spoofing

Peer-to-Peer (P2P) digital payment services are making national news for the new fraud technique being used on their sites. Like similar scams, fraudsters use a new and evolved form of social engineering to trick users into giving them the information they need to steal their money.

How the scam works:

The scammer will reach out to the victim by text alert asking if they have made a large purchase on a digital payment app. The text will appear to be from a trusted bank or credit union.

- To those who reply “no” to the text, will soon receive a call from what seems to be their financial institution’s fraud department. The fraudsters will use a method called spoofing, to make it seem like the caller ID is in fact coming from the bank or credit union.
- The victim will then receive instructions on how they can retrieve the ‘stolen’ funds themselves. This includes disabling this mobile number from the app, transferring money to themselves, and giving the scammer their Two-Factor Authentication (2FA) passcode.
- Digital payments sent by the victim end up going to the scammer’s account.

How to Avoid the Scam:

Know your digital payment app policies. Many of them will decline refunds since transactions done by you are viewed as authorized. This is even true when you accidently pay someone else.

- Contact your bank or credit union. It’s never a bad thing to double check! Call the number found on the website and ask to be routed to the fraud department from there to verify the caller is in fact from the financial institution.
- Calm your sense of urgency. When you find out you could potently lose money, it’s natural to try to be as time effective as possible. Verify everything, ask yourself “does this process make sense”, and take a moment to think about what is happening.

Phishing

When internet fraudsters impersonate a business to trick you into giving out your personal information, it’s called phishing. Don’t reply to email, text, or pop-up messages that ask for your personal or financial information. Don’t click on links within them either – even if the message seems to be from an organization you trust. It isn’t. Legitimate businesses don’t ask you to send sensitive information through insecure channels.

Examples of Phishing Messages

You open an email or text, and see a message like this:

“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
“Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

The senders are phishing for your information so they can use it to commit fraud.

How to Deal with Phishing Scams

Delete email and text messages that ask you to confirm or provide personal information (credit card and bank account numbers, Social Security numbers, passwords, etc.). Legitimate companies don’t ask for this information via email or text.
The messages may appear to be from organizations you do business with – banks, for example. They might threaten to close your account or take other action if you don’t respond.
Don’t reply, and don’t click on links or call phone numbers provided in the message, either. These messages direct you to spoof sites – sites that look real but whose purpose is to steal your information so a scammer can run up bills or commit crimes in your name.
Area codes can mislead, too. Some scammers ask you to call a phone number to update your account or access a “refund.” But a local area code doesn’t guarantee that the caller is local.
If you’re concerned about your account or need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.

Action Steps

You can take steps to avoid a phishing attack:

Use trusted security software and set it to update automatically. In addition, use these computer security practices.
- Don’t email personal or financial information. Email is not a secure method of transmitting personal information.
- Only provide personal or financial information through an organization’s website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the “s” stands for secure). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
- Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances.
- Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer’s security.

Report Phishing Emails

Forward phishing emails to  spam@uce.gov – and to the company, bank, or organization impersonated in the email. You also may report phishing email to reportphishing@antiphishing.org. The Anti-Phishing Working Group, a group of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.

If you might have been tricked by a phishing email:

File a report with the Federal Trade Commission at www.ftc.gov/complaint.
Visit the FTC’s Identity Theft website. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.

http://www.consumer.ftc.gov/articles/0003-phishing

Social Engineering

What is Social Engineering?

Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer.

Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software.  For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password (unless the password is really weak).

Security is all about knowing who and what to trust. Knowing when, and when not to, to take a person at their word; when to trust that the person you are communicating with is indeed the person you think you are communicating with; when to trust that a website is or isn’t legitimate; when to trust that the person on the phone is or isn’t legitimate; when providing your information is or isn’t a good idea.

Ask any security professional and they will tell you that the weakest link in the security chain is the human who accepts a person or scenario at face value. It doesn’t matter how many locks and deadbolts are on your doors and windows, or if have guard dogs, alarm systems, floodlights, fences with barbed wire, and armed security personnel; if you trust the person at the gate who says he is the pizza delivery guy and you let him in without first checking to see if he is legitimate you are completely exposed to whatever risk he represents.

Common social engineering attacks

Email from a friend. If a criminal manages to hack or socially engineer one person’s email password they have access to that person’s contact list–and because most people use one password everywhere, they probably have access to that person’s social networking contacts as well.

Once the criminal has that email account under their control, they send emails to all the person’s contacts or leave messages on all their friend’s social pages, and possibly on the pages of the person’s friend’s friends.

These messages may use your trust and curiosity:

Contain a link that you just have to check out–and because the link comes from a friend and you’re curious, you’ll trust the link and click–and be infected with malware so the criminal can take over your machine and collect your contacts info and deceive them just like you were deceived.
Contain a download – pictures, music, movie, document, etc., that has malicious software embedded. If you download–which you are likely to do since you think it is from your friend–you become infected. Now, the criminal has access to your machine, email account, social network accounts and contacts, and the attack spreads to everyone you know. And on, and on.

These messages may create a compelling story or pretext:

Urgently ask for your help – your ’friend’ is stuck in country X, has been robbed, beaten, and is in the hospital. They need you to send money so they can get home and they tell you how to send the money to the criminal.
Asks you to donate to their charitable fundraiser, or some other cause – with instructions on how to send the money to the criminal.

Phishing attempts. Typically, a phisher sends an e-mail, IM, comment, or text message that appears to come from a legitimate, popular company, bank, school, or institution.

These messages usually have a scenario or story:

The message may explain there is a problem that requires you to “verify” of information by clicking on the displayed link and providing information in their form. The link location may look very legitimate with all the right logos, and content (in fact, the criminals may have copied the exact format and content of the legitimate site). Because everything looks legitimate, you trust the email and the phony site and provide whatever information the crook is asking for. These types of phishing scams often include a warning of what will happen if you fail to act soon, because criminals know that if they can get you to act before you think, you’re more likely to fall for their phish.
The message may notify you that you’re a ’winner’. Maybe the email claims to be from a lottery, or a dead relative, or the millionth person to click on their site, etc. In order to give you your ’winnings’ you have to provide information about your bank routing so they know how to send it to you, or give your address and phone number so they can send the prize, and you may also be asked to prove who you are often including your Social Security Number. These are the ’greed phishes’ where even if the story pretext is thin, people want what is offered and fall for it by giving away their information, then having their bank account emptied, and identity stolen.
The message may ask for help.  Preying on kindness and generosity, these phishes ask for aid or support for whatever disaster, political campaign, or charity is hot at the moment.

Baiting scenarios. These socially engineering schemes know that if you dangle something people want, many people will take the bait. These schemes are often found on Peer-to-Peer sites offering a download of something like a hot new movie, or music. But the schemes are also found on social networking sites, malicious websites you find through search results, and so on.

Or, the scheme may show up as an amazingly great deal on classified sites, auction sites, etc.. To allay your suspicion, you can see the seller has a good rating (all planned and crafted ahead of time).

People who take the bait may be infected with malicious software that can generate any number of new exploits against themselves and their contacts, may lose their money without receiving their purchased item, and, if they were foolish enough to pay with a check, may find their bank account empty.

Response to a question you never had. Criminals may pretend to be responding to your request for help from a company while also offering more help. They pick companies that millions of people use like a software company or bank.  If you don’t use the product or service, you will ignore the email, phone call, or message, but if you do happen to use the service, there is a good chance you will respond because you probably do want help with a problem.

For example, even though you know you didn’t originally ask a question you probably a problem with your computer’s operating system and you seize on this opportunity to get it fixed. For free! The moment you respond you have bought the crook’s story, given them your trust and opened yourself up for exploitation.

The representative, who is actually a criminal, will need to ’authenticate you’, have you log into ’their system’ or, have you log into your computer and either give them remote access to your computer so they can ’fix’ it for you, or tell you the commands so you can fix it yourself with their help–where some of the commands they tell you to enter will open a way for the criminal to get back into your computer later.

Creating distrust. Some social engineering, is all about creating distrust, or starting conflicts; these are often carried out by people you know and who are angry with you, but it is also done by nasty people just trying to wreak havoc, people who want to first create distrust in your mind about others so they can then step in as a hero and gain your trust, or by extortionists who want to manipulate information and then threaten you with disclosure.

This form of social engineering often begins by gaining access to an email account or other communication account on an IM client, social network, chat, forum, etc. They accomplish this either by hacking, social engineering, or simply guessing really weak passwords.

The malicious person may then alter sensitive or private communications (including images and audio) using basic editing techniques and forwards these to other people to create drama, distrust, embarrassment, etc.  They may make it look like it was accidentally sent, or appear like they are letting you know what is ’really’ going on.
Alternatively, they may use the altered material to extort money either from the person they hacked, or from the supposed recipient.

There are literally thousands of variations to social engineering attacks. The only limit to the number of ways they can socially engineer users through this kind of exploit is the criminal’s imagination.  And you may experience multiple forms of exploits in a single attack.  Then the criminal is likely to sell your information to others so they too can run their exploits against you, your friends, your friends’ friends, and so on as criminals leverage people’s misplaced trust.

Don’t become a victim

Slow down. Spammers want you to act first and think later. If the message conveys a sense of urgency, or uses high-pressure sales tactics be skeptical; never let their urgency influence your careful review.
Research the facts. Be suspicious of any unsolicited messages. If the email looks like it is from a company you use, do your own research. Use a search engine to go to the real company’s site, or a phone directory to find their phone number.
Delete any request for financial information or passwords. If you get asked to reply to a message with personal information, it’s a scam.
Reject requests for help or offers of help. Legitimate companies and organizations do not contact you to provide help. If you did not specifically request assistance from the sender, consider any offer to ’help’ restore credit scores, refinance a home, answer your question, etc., a scam. Similarly, if you receive a request for help from a charity or organization that you do not have a relationship with, delete it. To give, seek out reputable charitable organizations on your own to avoid falling for a scam.
Don’t let a link in control of where you land. Stay in control by finding the website yourself using a search engine to be sure you land where you intend to land. Hovering over links in email will show the actual URL at the bottom, but a good fake can still steer you wrong.

Curiosity leads to careless clicking–if you don’t know what the email is about, clicking links is a poor choice. Similarly, never use phone numbers from the email; it is easy for a scammer to pretend you’re talking to a bank teller.

Email hijacking is rampant. Hackers, spammers, and social engineers taking over control of people’s email accounts (and other communication accounts) has become rampant. Once they control someone’s email account they prey on the trust of all the person’s contacts. Even when the sender appears to be someone you know, if you aren’t expecting an email with a link or attachment check with your friend before opening links or downloading.
Beware of any download. If you don’t know the sender personally AND expect a file from them, downloading anything is a mistake.
Foreign offers are fake. If you receive email from a foreign lottery or sweepstakes, money from an unknown relative, or requests to transfer funds from a foreign country for a share of the money it is guaranteed to be a scam.
Set your spam filters to high. Every email program has spam filters. To find yours, look under your settings options, and set these high–just remember to check your spam folder periodically to see if legitimate email has been accidentally trapped there. You can also search for a step-by-step guide to setting your spam filters by searching on the name of your email provider plus the phrase ’spam filters’.
Secure your computing devices. Install anti-virus software, firewalls, email filters and keep these up-to-date. Set your operating system to automatically update, and if your smartphone doesn’t automatically update, manually update it whenever you receive a notice to do so.  Use an anti-phishing tool offered by your web browser or third party to alert you to risks.

http://www.webroot.com/us/en/home/resources/tips/online-shopping-banking/secure-what-is-social-engineering

Financial Information Protection

Help protect your financial information in five easy steps.

Double-check monthly statements to ensure they match your records.

Shred personal and financial information before discarding it.

Don’t give out account numbers or other personal information, unless you initiated the call.

Review your credit report annually. You’re entitled to a free credit report every year. Simply contact one of the three main credit reporting bureaus.

Equifax

800-525-6285

http://www.equifax.com

Experian

888-397-3742

http://www.experian.com

Trans Union

800-680-7289

http://www.transunion.com

Identity Theft

How to Protect Yourself From Identity Theft

The Independent Community Bankers of America (ICBA) offers the following tips to help consumers guard against identity theft.

“Community banks are careful guardians of our customers’ personal data and information, but our customers must also play a role and practice caution in stores, online and as they go about their business every day,” said Jim MacPhee, ICBA chairman and CEO of Kalamazoo County State Bank in Kalamazoo, Mich.

The following tips can help lower your risk of becoming a victim of identity theft:

Protect your Social Security number. Don’t carry your Social Security card or other cards that show your SSN. Read, “Identity Theft and Your Social Security Number,”
Don’t give out personal information over the phone, through the mail or on the Internet unless you know who you’re dealing with and preferably only if you’ve initiated the contact. Make sure you are dealing with a legitimate organization. As a general rule, never give out your Social Security or driver’s license numbers.
Don’t put personal information such as your birth year, mother’s maiden name or other information on public social media sites. Fraudsters can use that information to decipher your passwords. Also, if you use a smart phone, be careful not to list personal information, account numbers and passwords. If you lose or misplace your phone, a potential fraudster could easily access your information.
Ask questions whenever you are asked for personal information that seems inappropriate for the transaction. Ask how the information will be used and if it will be shared. Ask how it will be protected. If you’re not satisfied with the answers, don’t give your personal information.
Remember: Banks will not ask you to verify your personal account information over the phone or via e-mail if they initiated the call. They already have that on file. If you receive a phone call or e-mail asking you to verify such information, don’t respond. Instead, contact the bank directly.
Don’t leave sensitive documents containing personal information where people can see it. Shred or destroy papers containing your personal information, including credit card offers and convenience checks that you don’t use.
Retrieve your postal mail promptly, and discontinue delivery while you’re out of town. Whenever possible, mail bills from your post office, not your mail box. Stop or reduce junk mail or unsolicited credit card offers by visiting the National Credit Bureau’s opt out website or call them at (888) 567-8688.
Open your bills and bank statements right away. Check carefully for any unauthorized charges or withdrawals and report them immediately. Call if bills don’t arrive on time—it may mean that someone has changed contact information to hide fraudulent charges.
Check your credit reports. Review your credit report at least once a year. Check for changed addresses and fraudulent charges. To find out more about credit reports, your rights as a consumer, access the Fair Credit Reporting Act and the FACT Act at www.ftc.gov/credit.
Protect your computer by following good security practices. Use strong passwords that are hard to guess. Use firewall, anti-virus and anti-spyware software that you update regularly. Download software only from sites you know and trust and only after reading all the terms and conditions. Don’t click on links in pop-up windows or in spam e-mail.
Before you get rid of an old computer, make sure you destroy the information on the hard drive. Often that means destroying the drive itself because erasing data doesn’t completely eliminate it. Otherwise look for software tools that will completely wipe data from the hard drive.
Use caution when shopping online, check out a website before entering your credit card number or other personal information. Read the privacy policy and take opportunities to opt out of information sharing. Only enter personal information on secure web pages that encrypt your data in transit. You can often tell if a page is secure if “https” is in the URL or if there is a padlock icon on the browser window. Consumer protections under the federal Fair Credit Billing Act apply to Internet credit card purchases. Keep records of the purchase.

“No method is foolproof,” said MacPhee. “Identity thieves are devising new schemes all the time. But when you see how long it takes for someone to restore their good credit after being victimized, then you know that any steps you can take to prevent identity theft are definitely worth the extra time.”
For more information, visit the Identify Theft Web page at www.icba.org.

Preventing Elder Financial Abuse

Tips for Preventing Elder Financial Abuse

June 15 is World Elder Abuse Awareness Day and the Independent Community Bankers of America® (ICBA), the Senior Housing Crime Prevention Foundation (SHCPF) and Princeville State Bank are providing tips for preventing the disturbing trend of elder financial abuse.

“Community bankers nationwide serve a vital role in protecting members of our communities, including the elderly who are all too often targets of financial abuse,” said ICBA Chairman John H. Buhrmaster, president and CEO of 1st National Bank of Scotia, N.Y. “It’s important for all Americans to be aware of this very real issue and learn about ways to help prevent elder financial abuse from happening to themselves or their loved ones. If you have questions or concerns about the safety and security of your finances, you should speak to your local community banker right away.”

ICBA, SHCPF and Princeville State Bank offer the following suggestions on ways to prevent elder financial abuse:

Secure all of your valuables in a bank safety deposit box. These valuables can include your Social Security card, passports, credit card account numbers, will and other legal documents, financial statements and medical records.
Do not give financial information to callers that contact you and claim to be from established organizations such as your bank or credit card companies, especially if they ask you to wire funds or send them private information. If you are concerned about your bank account, contact Princeville State Bank directly.
Check your bank accounts and bill statements carefully. You can check them online so you can zoom in easily in case you need to make the statement larger for easier reading. If you notice unauthorized charges, alert Princeville State Bank immediately.
Do not give your personal information, such as bank account numbers or PINs, to anyone in a phone call, letter, email, fax or in a text message.
Have enough money set aside to support yourself and your immediate family for at least six months in case of an emergency. Your local community banker can help create a financial road map for you and your family

Fake Check Scams

It’s your lucky day! You just won a foreign lottery! The letter says so. And the cashier’s check to cover the taxes and fees is included. All you have to do to get your winnings is deposit the check and wire the money to the sender to pay the taxes and fees. You’re guaranteed that when they get your payment, you’ll get your prize.

There’s just one catch: this is a scam. The check is no good, even though it appears to be a legitimate cashier’s check. The lottery angle is a trick to get you to wire money to someone you don’t know. If you were to deposit the check and wire the money, your bank would soon learn that the check was a fake. And you’re out the money because the money you wired can’t be retrieved, and you’re responsible for the checks you deposit — even though you don’t know they’re fake. This is just one example of a counterfeit check scam that could leave you scratching your head.

The Federal Trade Commission, the nation’s consumer protection agency, wants you to know that counterfeit check scams are on the rise. Some fake checks look so real that bank tellers are reporting being fooled. The scammers use high quality printers and scanners to make the checks look real. Some of the checks contain authentic-looking watermarks. These counterfeit checks are printed with the names and addresses of legitimate financial institutions. And even though the bank and account and routing numbers listed on a counterfeit check may be real, the check still can be a fake. These fakes come in many forms, from cashier’s checks and money orders to corporate and personal checks. Could you be a victim? Not if you know how to recognize and report them.

Fake Checks: Variations on a Scheme

Counterfeit or fake checks are being used in a growing number of fraudulent schemes, including foreign lottery scams, check over payment scams, Internet auction scams, and secret shopper scams.

Check over payment scams target consumers selling cars or other valuable items through classified ads or online auction sites. Unsuspecting sellers get stuck when scammers pass off bogus cashier’s checks, corporate checks, or personal checks. Here’s how it happens:

A scam artist replies to a classified ad or auction posting, offers to pay for the item with a check, and then comes up with a reason for writing the check for more than the purchase price. The scammer asks the seller to wire back the difference after depositing the check. The seller does it, and later, when the scammer’s check bounces, the seller is left liable for the entire amount.

In secret shopper scams, the consumer, hired to be a secret shopper, is asked to evaluate the effectiveness of a money transfer service. The consumer is given a check, told to deposit it in their bank account, and withdraw the amount in cash. Then, the consumer is told to take the cash to the money transfer service specified, and typically, send the transfer to a person in a Canadian city. Then, the consumer is supposed to evaluate their experience — but no one collects the evaluation. The secret shopper scenario is just a scam to get the consumer’s money.

Con artists who use these schemes can easily avoid detection. When funds are sent through wire transfer services, the recipients can pick up the money at other locations within the same country; it is nearly impossible for the sender to identify or locate the recipient.

You and Your Bank — Who is Responsible for What?

Under federal law, banks generally must make funds available to you from U.S. Treasury checks, most other governmental checks, and official bank checks (cashier’s checks, certified checks, and teller’s checks), a business day after you deposit the check. For other checks, banks must make the first $200 available the day after you deposit the check, and the remaining funds must be made available on the second business day after the deposit.

However, just because funds are available on a check you’ve deposited doesn’t mean the check is good. It’s best not to rely on money from any type of check (cashier, business or personal check, or money order) unless you know and trust the person you’re dealing with or, better yet — until the bank confirms that the check has cleared. Forgeries can take weeks to be discovered and untangled. The bottom line is that until the bank confirms that the funds from the check have been deposited into your account, you are responsible for any funds you withdraw against that check.

Protecting Yourself

Here’s how to avoid a counterfeit check scam:

Throw away any offer that asks you to pay for a prize or a gift. If it’s free or a gift, you shouldn’t have to pay for it. Free is free.
Resist the urge to enter foreign lotteries. It’s illegal to play a foreign lottery through the mail or the telephone, and most foreign lottery solicitations are phony.
Know who you’re dealing with, and never wire money to strangers.
If you’re selling something, don’t accept a check for more than the selling price, no matter how tempting the offer or how convincing the story. Ask the buyer to write the check for the correct amount. If the buyer refuses to send the correct amount, return the check. Don’t send the merchandise.
As a seller, you can suggest an alternative way for the buyer to pay, like an escrow service or online payment service. There may be a charge for an escrow service. If the buyer insists on using a particular escrow or online payment service you’ve never heard of, check it out. Visit its website, and read its terms of agreement and privacy policy. Call the customer service line. If there isn’t one — or if you call and can’t get answers about the service’s reliability — don’t use the service.
If you accept payment by check, ask for a check drawn on a local bank, or a bank with a local branch. That way, you can make a personal visit to make sure the check is valid. If that’s not possible, call the bank where the check was purchased, and ask if it is valid. Get the bank’s phone number from directory assistance or an Internet site that you know and trust, not from the check or from the person who gave you the check.
If the buyer insists that you wire back funds, end the transaction immediately. Legitimate buyers don’t pressure you to send money by wire transfer services. In addition, you have little recourse if there’s a problem with a wire transaction.
Resist any pressure to “act now.” If the buyer’s offer is good now, it should be good after the check clears.

If You Think You’re a Victim

If you think you’ve been targeted by a counterfeit check scam, report it to the following agencies:

The Federal Trade Commission
The U.S. Postal Inspection Service
Your state or local consumer protection agencies. Visit www.naag.org for a list of state Attorneys General, or check the Blue Pages of your local telephone directory for appropriate phone numbers.

This article was previously available as Giving the Bounce to Counterfeit Check Scams
http://www.consumer.ftc.gov/articles/0159-fake-checks

Bank Account Scams

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.

The e-mails appear to be sent from various “@fdic.gov” e-mail addresses, such as “subscriptions@fdic.gov,” “alert@fdic.gov,” or “accounts@fdic.gov.”

They have subject lines that read: “FDIC: Your business account” or “FDIC: About Your Business Account.”

The e-mails are addressed to “Business Customer” or “Business Owner” and state “We have important information about your bank” or “…financial institution.” They then ask recipients to “Please click here to find details.”

They conclude with, “This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership.”

These e-mails and the link included are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT, under any circumstances, provide any personal financial information through this media.

Financial institutions and consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.

For your reference, FDIC Special Alerts may be accessed from the FDIC’s website. To learn how to automatically receive FDIC Special Alerts through email, please visit the subscription page of the FDIC website.

Sandra L. Thompson
Director
Division of Supervision and Consumer Protection

Distribution: FDIC-Supervised Banks (Commercial and Savings)
Paper copies of FDIC Special Alerts may be obtained through the FDIC’s Public Information Center, 1-877-275-3342 or 703-562-2200).

Cell Phone Text Scam

Don’t believe a cell phone text message saying there’s a problem with your bank account, said the Delaware Attorney General’s office in a consumer alert.

The state’s Consumer Protection Unit issued the alert recently on what it calls a new scam — actually a new twist on the more common e-mail “phishing” scam. Here’s how it works: A text message, also called an SMS (for short message service), arrives on your cell phone with the news there’s a problem with a bank account. The text message also includes a toll-free number to call or a 4 digit reply text number.

The message looks legitimate, but the phone number will connect you with a scammer who tries to get your personal information. The scam is known as “SMiShing.”

The agency recommended consumers contact the customer service number of the company that sent the message to verify if it’s legitimate, instead of trusting that the number is real. The Consumer Protection Unit urged Delaware residents to file a complaint with the state if they fall for the scam.

Here is another example of a Cell Phone Scam

You receive a text message or an automated phone call on your cell phone saying there’s a problem with your bank account. You’re given a phone number to call or a website to log into and asked to provide personal identifiable information—like a bank account number, PIN, or credit card number—to fix the problem.

But beware: It could be a “smishing”or “vishing” scam…and criminals on the other end of the phone or website could be attempting to collect your personal information in order to help themselves to your money. While most cyber scams target your computer, smishing and vishing scams target your mobile phone, and they’re becoming a growing threat as a growing number of Americans own mobile phones. (Vishing scams also target land-line phones.)

“Smishing”—a combination of SMS texting and phishing—and “Vishing”—voice and phishing—are two of the scams the FBI’s Internet Crime Complaint Center (IC3) is warning consumers about as we head into the holiday shopping season. These scams are also a reminder that cyber crimes aren’t just for computers anymore.

Here’s how smishing and vishing scams work: criminals set up an automated dialing system to text or call people in a particular region or area code (or sometimes they use stolen customer phone numbers from banks or credit unions). The victims receive messages like: “There’s a problem with your account,” or “Your ATM card needs to be reactivated,” and are directed to a phone number or website asking for personal information. Armed with that information, criminals can steal from victims’ bank accounts, charge purchases on their charge cards, create a phony ATM card, etc.

Sometimes, if a victim logs onto one of the phony websites with a smartphone, they could also end up downloading malicious software that could give criminals access to anything on the phone. With the growth of mobile banking and the ability to conduct financial transactions online, smishing and vishing attacks may become even more attractive and lucrative for cyber criminals.
Here are a couple of recent smishing case examples:

Account holders at one particular credit union, after receiving a text about an account problem, called the phone number in the text, gave out their personal information, and had money withdrawn from their bank accounts within 10 minutes of their calls.
Customers at a bank received a text saying they needed to reactivate their ATM card. Some called the phone number in the text and were prompted to provide their ATM card number, PIN, and expiration date. Thousands of fraudulent withdrawals followed.

Online Banking Customer Awareness and Education

Princeville State Bank is committed to protecting our customers’ information. Fraudsters have continued to develop and deploy more sophisticated, effective, and malicious methods to compromise authentication mechanisms and gain unauthorized access to customers’ online accounts. Every day, cyber criminals are working relentlessly to install malicious software like viruses and spyware on your computers in an effort to damage your computer/software, use your email to spread malware, monitor online activities in an attempt to steal sensitive personal information and money or steal your identity. Don’t be an easy target for them. Princeville State Bank will NEVER request personal information by phone, email or text messaging including account numbers, personal identification information, passwords or any other confidential customer information. Princeville State Bank is providing the below information for your use and action to help protect your online account and transaction information. Online Banking Security Online Banking is accessed through a Secure Socket Layer (or SSL), meaning all data transmitted to or from the bank’s computer systems is encrypted and your money and privacy are protected. Several firewalls exist to prevent unauthorized access to the system and ensure your information is accessible only with an Internet Banking Access ID and PIN. In addition to the security features put in place by Princeville State Bank., you can help protect yourself by taking the following actions to stay safe and secure your information:

Be aware of suspicious emails asking for your personal information.
Never provide any personal information such as Social Security number, Account number, Usernames or Passwords over the phone or the Internet if you did not initiate the contact.
Do not use personal information as your Username or Passwords.
Create hard-to-guess passwords that include upper and lower case letters, number and special characters.
Change your passwords frequently and don’t re-use the same passwords.
Always sign out or logoff of your online banking sessions.
Avoid using public computers and Wi-Fi to access your online banking accounts.
Ensure your computer has the most recent Anti-Virus software and is being updated daily.
Ensure your computer or mobile device have the latest software version.

Commercial Banking Online Security

In addition to the information provided regarding “Online Banking Security”, Commercial and Small Business account holders should institute additional measures in order to further protect their online banking information.

Perform your own annual internal risk assessment and evaluation on all online accounts.
Establish internal policies regarding employee internet usage.
Educate your employees on the risks.
Establish proper user account controls.
Review all transactions.
Ensure all company computers are equipped with up-to-date antivirus protection software and virus definitions are being updated daily.

Identity Theft

Identity theft occurs when someone uses your personal information such as your Social Security number, Account number or Credit Card number, without your consent, to commit fraud or other crimes. The following are tips to protect you against identity theft:

Report lost or stolen checks or credit/debit cards immediately.
Never give out your personal information.
Review statements promptly and carefully.
Shred all documents that contain confidential information (i.e. bank and credit card statements, bills and invoices that contain personal information, expired credit cards and pay-stubs.
Check your credit report periodically.

Check Your Credit

Consumers can request one free copy of his or her credit report every year. Reviewing your credit report can help you find out if someone has opened unauthorized financial accounts, or taken out unauthorized loans, in your name.

Equifax – 1-800-685-1111
Experian – 1-888-397-3742
Transunion – 1-877-322-8228

Electronic Funds Transfer Act (Regulation E)

Regulation E is a consumer protection law for accounts established primarily for personal, family, or household purposes. Regulation E gives consumers a way to notify their financial institution that an EFT has been made on their account without their permission.

Non-consumer accounts, such as Corporations, Partnerships, Trusts, etc. are excluded from coverage. A non-consumer (business account) customer using internet banking and/or bill pay is not protected under Regulation E. As such, special consideration should be made by the business customer to ensure adequate internal security controls are in place that commensurate with the risk level that the customer is willing to accept.

As a non-consumer customer you should perform periodic assessments to evaluate the security and risk controls you have in place. The risk assessment should be used to determine the risk level associated with any internet activities you perform and any controls you have in place to mitigate these risks.

Definition of EFT

An EFT is the electronic exchange or transfer of money from one account to another, either within a single financial institution or across multiple institutions initiated through electronic-based systems. The term includes, but is not limited to:

Point-of-sale transfers
Automated Teller Machine transfers (ATM)
Direct deposits or withdrawal of funds
Transfers initiated by telephone
Transfers resulting from debit card transactions,whether or not initiated through an electronic terminal
Transfer initiated through internet banking/bill pay

Protections provided under Regulation E for consumers who use internet banking/bill pay

If you believe an unauthorized EFT has been made on your account, contact us immediately. If you notify us within 2 business days after you learn of the loss or theft of your ATM/debit card or Personal Identification Number (PIN), the most you can lose is $50. Failure to notify the bank within 2 business days may result in additional losses.

Unlimited Liability

Unlimited loss to a consumer account can occur if:

The periodic statement reflects an unauthorized transfer of money from your account, and you fail to report the unauthorized transfer to us within 60 days after we mailed your first statement on which the problem or error appeared.

Exclusions from Protection

The term EFT does not include:

Checks – Any transfer of funds originated by check, draft or similar paper instrument or any payment made by check, draft or similar paper instrument at an electronic terminal
Check Guarantee or Authorization – Any transfer of funds that guarantees payment or authorizes acceptance of a check, draft or similar paper instrument but does not directly result in a debit or credit to a consumer’s account
Wire or other similar transfers – Any transfer of funds through a wire transfer system that is used primarily for transfers between financial institutions or between businesses
Securities and Commodities Transfers – Any transfer of funds for the primary purpose of the purchase or sale of a security or commodity, if the security or commodity is:

o Regulated by the Securities and Exchange Commission or the Commodity Futures Trading

o Purchased or sold through a broker-dealer regulated by the Securities and Exchange Commission or through a futures commission merchant regulated by the Commodity Futures Trading Commission

o Held in Book-entry form by a Federal Reserve Bank or federal agency

Automatic transfers by account-holding institution – Any transfer of funds under an agreement between a consumer and a financial institution which provides that the institution will initiate individual transfers without a specific request from the consumer:

o Between a consumer’s accounts within the financial institution

o From a consumer’s account to an account of a member of the consumer’s family held in the same financial institution

o Between a consumer’s account and an account of the financial institution, except that these transfers remain subject to § 205.10(e) regarding compulsory use and sections 915 and 916 of the act regarding civil and criminal liability. (Refer to “Coverage in Detail” section below.)

Telephone-initiated transfers – Any transfer of funds that:

o Is initiated by a telephone communication between a consumer and financial institution making the transfer; and

o Does not take place under a telephone bill payment or other written plan in which periodic or recurring transfers are contemplated.

Regulation E – Coverage in Detail

For a complete detailed explanation of protections provided under Regulation E, please visit the Consumer Financial Protection Bureau’s (CFPB’s) website:

CFPB – Electronic Funds Transfers Act (Regulations E) http://www.consumerfinance.gov/eregulations/1005

Mobile Banking Safety Tips

Managing your finances using a smartphone or tablet can be very convenient. However, you should consider these safety tips to protect your account information:

Be proactive in protecting your smartphone and/or tablet by installing anti-malware software on the device.
Research any application (app) before you download it. Fraudulent apps are often designed with names that look like real apps. It’s best if you access an app using a link from the provider’s website.
Create a strong password or PIN for your mobile app and your device.

o Use at least eight characters

o Do not use your username, real name or company name

o Do not use a complete word

o Make it significantly different from previous passwords

o Use a character from each of the following categories (some apps may limit symbols)

Uppercase letters

Lowercase letters

Numbers

Use an auto-lock or time-out feature so your device will lock when it is left unused for a certain period of time.
Upgrade your device to the latest operating system version.
Do not jailbreak or root your mobile device. Doing so exposes the security controls and makes your device vulnerable to cyber-attacks.
Check your account history periodically to make sure there are no fraudulent transactions.
Take precautions in case your device is lost or stolen, before your device is lost or stolen. Avoid leaving your device unattended in public places.
Consult your wireless provider to see if they provide a service to remotely erase your device or turn off access to your device and/or account in the event your device is lost or stolen.
Always conduct your transactions in a safe environment. Use your cellular service or your own internet provider rather than unsecured/public Wi-Fi networks like those offered at coffee shops.
Don’t send account numbers or PIN in emails or text messages, because those methods are not necessarily secure

Contacting the Bank

Please contact Princeville State Bank at our toll free number 1-888-385-4375 or directly by email at customerservice@p-s-b.com with any questions or concerns you may have. If you believe your online banking account has been compromised or you receive suspicious or fraudulent mail, email or websites related to Princeville State Bank, please contact us immediately.

Other References to Assist You:

FDIC Consumer Protection http://www.fdic.gov/consumers/

Consumer Action: Complaints https://www.usa.gov/consumer-complaints#item-212527

Protecting Your Business: Start With Security https://www.ftc.gov/news-events/audio-video/business

NACHA Fraud Resources https://www.nacha.org/current-fraud-threats

Federal Communication Commission – Business Cyber-planner: http://www.fcc.gov/cyberplanner

Consumer Information: Identity Theft https://www.consumer.ftc.gov/features/feature-0014-identity-theft

Federal Trade Commission: Tips for Using Public WiFi Networks https://consumer.ftc.gov/articles/how-safely-use-public-wi-fi-networks