Your security is very important to us.
The Victory Bank will never ask you to send your personal or financial information through email or a link within an email. If you suspect you've received a fraudulent email, do not respond to the email. Please contact us immediately at 610-948-9000.
Unfortunately, criminals may try to steal your personal information to gain access to your identity or financial information. The Federal Trade Commission (FTC) estimates that as many as 10 million Americans have their identities stolen each year. In fact, you or someone you know may have experienced some sort of identity theft or fraud.
Online Security Information
Credential stuffing where stolen account credentials, usually username/password pairs, and email addresses, are processed through an automated injection to fraudulently gain access to user accounts. Large numbers of stolen credentials are automatically entered into websites until they are potentially matched to an existing account, which the attacker can then hijack for their own purposes.
How do I protect myself from a Credential Stuffing Attack?
People often use the same username and password for multiple sites. Attackers can use this one piece of credential information to unlock multiple accounts.
The best way to protect yourself from such an attack, is to use unique usernames and passwords for each of your digital accounts.
What does Victory Bank do to protect my credentials?
The Bank’s core processor, Jack Henry & Associates, Inc., has put into place certain methods to help prevent these types of attacks. These methods may require you to respond to Multi-factor authentication questions.
When you bank or shop on public Wi-Fi networks, hackers can use keylogging software to capture everything you type, including your name, debit card account number, and PIN.
Be wary of messages soliciting your account information. Emails can look like they're from legitimate sources but actually be from scammers. If you click on an embedded link and enter your personal information, that data can go straight to criminals.
Identity thieves can retrieve account data from your card's magnetic strip using a device called a skimmer, which they can stash in ATMs and store card readers. They can then use that data to produce counterfeit cards. EMV chip cards, which are replacing magnetic strip cards, are expected to eliminate this risk.
Plain old spying is still going strong. Criminals can plant cameras near ATMs or simply look over your shoulder as you take out your card and enter your PIN. They can also pretend to be good Samaritans, offering to help you remove a stuck card from an ATM slot.
Smart ways to protect yourself
Adopt these simple habits to greatly reduce your odds of falling victim to debit card fraud:
• Be careful online: Shop and bank on secure websites with private Wi-Fi. If you must shop or bank in public, download a virtual private network to protect your privacy.
• Monitor your accounts: Review your statements and sign up for text or email alerts so you can catch debit card fraud attempts early.
• Don't ignore data breach notifications: The majority of identity theft victims received warnings that their accounts might have been breached but did nothing. If you get one of these messages, change your PIN and ask your provider to change your debit card number. You can also ask one of the major credit card bureaus to place a fraud alert on your file.
• Inspect card readers and ATMs: Don't use card slots that look dirty or show evidence of tampering, such as scratches, glue, or debris. And steer clear of machines with strange instructions, such as “Enter PIN twice.”
• Cover your card: When using your debit card or typing your PIN at an ATM, block the view with your other hand. Go to a different location entirely if suspicious people are hanging around the ATM, and if your card gets stuck, notify the bank directly rather than accepting “help” from strangers.
Even if you've taken precautions, debit card fraud can still happen. If your card gets hacked, don't panic. Tell your bank or credit union right away so you won't be held responsible for unauthorized charges, and file a complaint with the Federal Trade Commission.
Roberta Pescow, NerdWallet
© Copyright 2016 NerdWallet, Inc. All Rights Reserved
If you’re getting threatening phone calls about a debt, even if it’s one you recognize, you might be the target of a debt collection scam.
Below are key ways to identify and defend yourself from illegitimate debt collectors.
Red flags of debt collection scams:
You might be getting a call from a fake debt collector if you don’t recognize the debt you supposedly owe or if the caller -
- Can’t or won’t provide detailed information about the debt and original creditor.
- Won’t give you information about the agency he or she claims to represent, including name, address, and phone number.
- Uses aggressive tactics to pressure you into immediate payment.
- Requests payment over the phone.
- Asks for sensitive information, such as details of your bank account, your Social Security number, or your credit or debit card number.
It’s easy to detect a scam in which someone tries to collect on a debt that you don’t recognize or know you don’t owe. Fake debt collectors have many ways of getting your information, and they hope to pressure you into quick payment through a cold call.
Others can be trickier to detect, such as a scammer who tries to collect on a debt that you do owe. Scammers might tap into your credit report to see whom you owe money to, for example, and then call pretending to represent those creditors.
Threats of police action and abusive language are telltale signs of a scammer, according to the Federal Trade Commission. You can’t be arrested for a debt, and it’s against the Fair Debt Collection Practices Act to mislead consumers about the consequences of not paying a debt. Legitimate debt collectors tend to tread very carefully in this area.
Another red flag - Someone claiming to represent the Internal Revenue Service and seeking immediate payment. The government’s tax collection agency will never demand that you pay immediately over the phone or ask for a credit or debit card number. Both of those are signs of phishing scams. Be aware, however, that the IRS will start using private debt collection companies in 2017.
As with any debt, ask for a validation letter — a document that outlines the details of the debt — before you do anything.
What to do
Think before you act when handling any debt collector. But take these particular steps if you think a caller is trying to scam you.
Start by gathering information on the debt collector and the debt. Ask for a validation letter. Legitimate debt collectors should send you this information immediately without question. Any hesitation might be a sign of a scammer.
Ask the caller for his or her name and employer, and its phone number and street address. If the caller won’t give you this information, that’s a red flag.
Protect your personal information
No matter how aggressively a potential debt collector asks, don’t give away or confirm details of your bank account, credit or debit card numbers, or Social Security number. Doing so could put you at risk for identity theft or let a scammer pull money from your accounts.
Contact the original creditor
If you think a scam debt collector has contacted you for payment on a debt you do owe, ask the original creditor if it sold your debt and for the contact information of the collection agency that owns it.
Ignore the calls
Ignoring repeated phone calls is one of the best ways to get a scammer off your back. Don’t hesitate to hang up in the face of harassment or threats, and don’t answer callbacks. Since scammers are looking to make a quick buck off an easy target, they’re not likely to pursue you for long before moving on.
If you’re in contact with a legitimate debt collector, however, you’ll want to make a plan to resolve the debt.
File a complaint
Don’t hesitate to file a complaint with the Consumer Financial Protection Bureau or your state attorney general’s office if you think a scam debt collector has contacted you. Gather all information you can and include it in your formal complaint.
Sean Pyles is a staff writer at NerdWallet, a personal finance website. Email: firstname.lastname@example.org.
US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. E-cards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed e-mail messages and fraudulent posts on social networking sites may request support for phony causes.
To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, US-CERT encourages users to take the following actions:
- Avoid following unsolicited links or downloading attachments from unknown sources.
- Refer to our security Tips to learn more about Shopping Safely Online and Avoiding Social Engineering and Phishing Attacks.
- Read the Federal Trade Commission's blog on Cyber Monday shopping.
- Visit the Federal Trade Commission's Consumer Information page on Charity Scams.
If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:
- File a complaint with the FBI's Internet Crime Complaint Center (IC3).
- Report the attack to the police and file a report with the Federal Trade Commission.
- Contact your financial institution immediately and close any accounts that may have been compromised.
- Watch for any unexplainable charges to your account.
- Immediately notify the bank if any account activity doesn't look familiar.
Card cracking, which originates online on social media platforms and targets young consumers, is estimated to have cost banks $11.6 million in stolen funds.
Card cracking happens when a fraudster reaches out to a banks’ customer promising quick cash. The customer provides account credentials to the scammer, who then deposits a fake check in the customer’s account. The fraudster then makes an immediate ATM withdrawal, sharing some of the funds with the customer. Meanwhile, the customer is instructed to report the card or credentials lost or stolen so that the bank will reimburse the stolen money -- making the customer a criminal accomplice.
To avoid card cracking scams, you should avoid online solicitations for easy money, never to share an account number or PIN, never to file a false fraud claim with a bank, and to report suspicious social media posts connected to scams.
Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes. Identity theft can cost you time and money. It can destroy your credit and ruin your good name.
While nothing can guarantee that you won’t become a victim of identity theft, you can take specific steps to minimize your risk, and minimize the damage if a problem develops. These steps make it more difficult for identity thieves to steal your identity.
It’s about following the “3 D’s” of identity theft protection - Deter, Detect, and Defend.
Deter identity thieves by safeguarding your information.
Shred financial documents and paperwork with personal information before you discard them.
Protect your Social Security number. Don’t carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary or ask to use another identifier.
Don’t give out personal information on the phone, through the mail, or over the Internet unless you have initiated the contact and know who you are dealing with.
Never click on links sent in unsolicited emails; instead, type in a Web address you know. Use firewalls, anti-spyware, and anti-virus software to protect your home computer; keep them up-to-date. Visit OnGuardOnline.gov for more information.
Don’t use an obvious password like your birth date, your mother’s maiden name, or the last four digits of your Social Security number.
Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house.
Detect suspicious activity by routinely monitoring your financial accounts and billing statements
Be alert to signs that require immediate attention:
Mail or bills that do not arrive as expected.
Unexpected credit cards or account statements.
Denials of credit for no apparent reason
Calls or letters about purchases you did not make
Your credit report. Credit reports have information about you, including what accounts you have and your bill-paying history.
The law requires the major nationwide consumer reporting companies - Equifax, Experian, and TransUnion-to give you a free copy of your credit report each year if you ask for it.
Visit www.AnnualCreditReport.com or call 1-877-322-8228, a service created by these three companies, to order your free credit reports each year. You also can write Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.
Your financial statements. Review financial accounts and billing statements regularly, looking for charges you did not make.
Defend against identity theft as soon as you suspect a problem.
Place a “Fraud Alert” on your credit reports, and review the reports carefully. The alert tells creditors to follow certain procedures before they open new accounts in your name or make certain changes to your existing accounts. The three nationwide consumer reporting companies have toll-free numbers for placing an initial 90-day fraud alert; a call to one company is sufficient:
Experian: 1-888-EXPERIAN (397-3742)
Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven’t contacted, accounts you didn’t open, and debts on your accounts that you can’t explain.
Close accounts. Close any accounts that have been tampered with or established fraudulently.
Call the security or fraud departments of each company where an account was opened or changed without your okay. Follow up in writing, with copies of supporting documents.
Use the ID Theft Affidavit at www.ftc.gov/idtheft to support your written statement.
Ask for written verification that the disputed account has been closed and the fraudulent debts discharged.
Keep copies of documents and records of your conversations about the theft.
File a police report. File a report with law enforcement officials to help you with creditors who may want proof of the crime.
Report your complaint to the Federal Trade Commission. Your report helps law enforcement officials across the country in their investigations.
By phone: 1-877-ID-THEFT (438-4338) or TTY, 1-866-653-4261
By mail: Identity Theft Clearinghouse, Federal Trade Commission, Washington, DC 20580
For more resources visit: www.fdic.gov/consumers/theft/
Consumers and businesses should be diligent in protecting themselves against cyber and other mass marketing fraud such as telephone and mail. Mass-marketing fraud schemes usually fall into the following categories:
- Advance-Fee Fraud: A victim will be promised a substantial benefit - such as a million-dollar prize, lottery winnings, or some other item of value and must pay in advance some type of fee before the victim can receive the benefit.
- Credit-Card Interest Reduction Schemes: Victims are contacted and the company promises to help them lower their credit-card interest rates, but charge fees without effecting actual reductions in the cardholder's interest rate.
- Bank and Financial Account Schemes: Victims are tricked into providing their bank or financial account data, so the criminal can gain unauthorized access to those accounts and siphon off funds or charge goods to the victim's card.
- Phishing is where the criminal uses emails and websites that claim to be falsely associated with legitimate banks, financial institutions, or companies to get the Internet user to disclose personal and financial data. Vishing is the telephone equivalent using the same methods.
Safeguard your financial information with these tips:
- Monitor your bank and credit card transactions daily and read your statements regularly.
- Be cautious of urgent emails to "verify your account" or "If you don't respond within 48 hours, your account will be closed".
- Don't click on a link in an email or web page if you suspect the message is not from the actual company. Instead, verify by logging on to the website page directly by typing in the web address in your browser.
- Create strong, complex passwords with at least 10 characters using upper and lower case letters, numbers, and special characters.
- Use multi-factor authentication whenever possible.
- Don't send money to someone you don't know.
- Always use a payment option that provides protection, like a credit card. Don't send cash or use a wire transfer service for online purchases.
- Protect your computer by installing and keeping up-to-date spam filters, anti-virus, and anti-spyware software.
- In the wake of a natural disaster or crisis, give to established charities rather than one that seems to have sprung up overnight.
To learn more, visit www.fdic.gov/consumers/theft.
When the Federal tax filing deadlines approach, tax-related scams increase.
In one popular scheme, people impersonating IRS agents call taxpayers, claim they owe taxes and demand immediate payment using a prepaid debit card or a wire transfer. Those who refuse are threatened with arrest, deportation, or loss of a business or driver's license. The callers can manipulate caller ID to make it look like they are calling from an IRS phone number; in some cases, they know the last four digits of the taxpayer's Social Security number.
"We have seen scams based on unsolicited text messages and aggressive phone calls," said David Pollino, senior vice president and enterprise fraud prevention officer at Bank of the West in a recent interview. "We've seen scams in which people call claiming to be with the IRS, saying, 'We'll arrest you if you don't wire money to us immediately.'"
IRS fraud happens every year in March and April. Last year, more than 20,000 taxpayers fell victim to the scam and lost millions.
The volume of fake IRS calls is increasing. Some of the calls are very sophisticated, and the fraudsters cite the right regulations and government bodies and might mention the local police department or district attorney.
On any given day, there may be as many as 9,000 phone calls associated with the IRS scam!
"We saw a spike back in 2011 when we first started aggressively tracking it, right around this time when you expect tax season to be," said Jonathan Nelson, product manager, and digital reputation manager for Whitepages. "It's been fairly constant up until early 2014, since then it's been on a rise. Right now it averages about 2.5% of all the fraud we see."
Having compared the Federal Trade Commission's complaint records of fake calls to activity in Pindrop's honeypot, Dewey estimates that only 20% of the people getting hit by this scam are reporting it to the FTC. "They're either going along with it or silently ignoring it," he said.
Who is being targeted?
Pindrop's analysis of the geographic coverage of these calls shows an even distribution across the country.
"Based on the dialing patterns we've seen from the fraudsters, they'll try their scam on anyone and everyone they can get on the phone," Dewey said. "Our intuition behind why they (the fraudsters) are using such a broad blanket technique is that there's a high rate of folks that would believe the IRS is calling, that they are in some kind of trouble."
Some might still owe the IRS money from last year. Others might feel vulnerable because of a related legal issue, such as a shaky immigration status.
What a Bank Can Do?
The first step in preventing IRS fraud is educating consumers, although that appears to seldom work. Some consumers report such scams, but they can't be counted on to recognize the signs of fraud.
Banks can ask customers a few questions before executing wire transfers. For instance, the IRS has stated that it will never call to demand immediate payment, call about taxes owed without first having mailed a bill, demand that a consumer pay taxes without giving the opportunity to question or appeal the amount owed, require the use of a specific payment method such as a prepaid debit card, or threaten to bring in local police or other law-enforcement groups to have the consumer arrested for not paying. By questioning customers about why they're sending the money, call center reps could uncover telltale signs of foul play.
Bank Customers should openly discuss with their banker anytime they’re requested to send someone they personally don’t know – if they did, fraud could be substantially reduced!