Are you taking steps to protect your business and personal information online?
Identity theft continues to be one of the fastest growing crimes in the United States. Please take a few minutes to review the business and personal fraud prevention guidelines below to learn how you can be proactive in the fight against online fraud.
{beginAccordion}
General Guidelines
At TriStar Bank, we make protecting your personal identifiable information one of our highest priorities. Here are a few steps we would like to share to help you.
- Verify the last login date and time located on the top right of the website's home page each time you log in to our system on the top right-hand side;
- Review your account transactions, balance information, and other transactions and immediately report any suspicious activity to the bank;
- TriStar Bank utilizes the Out-of-Band system to verify your identity on your computer. If you do not recognize any of the challenge questions, please verify your user name is correct. If you continue to have issues logging in to the system, contact us;
- Sign up for account alerts within our online system and by using our SecurLOCK application for real-time alerts each time a transaction processes on your account;
- Never leave your computer unattended while using our online banking system;
- Do not conduct banking transactions while multiple browsers are open on your computer;
- Never provide Personal Financial Information including your Social Security number, account number or passwords, over the phone or the internet if you did not initiate the contact
- Do not use public or other unsecured computers (such as a public library).
User ID and Password Guidelines
Use the following information to protect your user names and password.
- Change your password frequently;
- Create a strong password with at least ten (10) characters; a mix of upper and lower case letters, numbers and special characters;
- Never share your user name and password with third-party providers or family members;
- Avoid using an automatic login feature that saves user names and password on your computer;
- Avoid using your social security number other personally recognizable information in your passwords
Customer Awareness / Phishing
Phishing is a form of social engineering used by fraudsters masquerading as a trustworthy person or business such as a bank to acquire your sensitive information using emails or other types of electronic communications. The term phishing comes from the use of increasingly sophisticated lures to "fish" for users' financial information and passwords. Here is how to protect your information from phishing attempts;
- Verify the email is legitimate by calling the party sending the email. Phishing emails may ask you to go to a website to "verify" personal information such as your account number, credit card number, password, PIN, etc.;
- Requests may contain a sense of urgency or warning to get you to respond. This is another attempt to get your information fraudulently;
- Be cautious of emails addressed to "Dear Valued Customer". Typically, the heading should be addressed to you personally;
- "Click Here" is another way fraudsters will obtain access to your computer and personal information. If you do not see a web address, it may be another attempt to obtain your personal information;
- Never clink in a link provided in an email you believe is fraudulent. It may contain some type of malicious software that can contaminate your computer;
- Report suspicious emails or calls to the Federal Trade Commission through the Internet at http://www.consumer.gov/idtheft or by calling 1-877-ID-THEFT.
Useful Links
Below are other links to information to help prevent identity theft:
Annual Credit Report The only source for your free credit report authorized by Federal law.
FTC Identity Theft.gov Report identity theft and get a recovery plan.
Information for Business Clients
Business and Commercial online clients should be diligent in performing risk assessments and controls to evaluate the strength of your controls and identify any potential threats.
- Spoofed emails very closely mimic a legitimate e-mail request;
- Hacked emails often occur with a personal email account;
- Fraudulent email requests for wire transfer are well-worded, specific to the business being victimized, and do not raise suspicious to the legitimacy of the request;
- The phrases "code to admin expenses" or "urgent wire transfer" were reported by victims in some of the fraudulent email requests;
- The amount of the fraudulent wire transfer request is business-specific; therefore, dollar amounts are similar to normal business transaction amounts so as to not raise doubt;
- Fraudulent emails received have coincided with the business travel dates for executives whose emails were spoofed;
- Victims report that IP addresses frequently trace back to free domain registrars.
One example of a treat to businesses is a Business Email Compromise (BEC). This is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. Formerly known as the Man-in-the-Email Scam, the BEC was renamed to focus on the "business angle" of this scam and to avoid confusion with another unrelated scam. Suggestions to help protect you and your business from becoming victims of the BEC scam are below:
- Avoid free web-based email. Establish a company web site domain and use it to establish company email accounts in lieu of free, web-based accounts;
- Be careful what is posted to social media and company websites, especially job duties/descriptions, hierarchal information, and out of office details;
- Be suspicious of requests for secrecy or pressure to take action quickly;
- Consider additional IT and financial security procedures and 2-step verification processes;
- Beware of sudden changes in business practices. Always verify via other channels that you are still communicating with your legitimate business partner.
{endAccordion}