Fraud & Identity Protection
Useful TipsAt the Bank of Washington, we are constantly looking for ways to help our customers keep their financial information safe. Below are some basic safety tips to help you keep your information safe.
- Top 25 Stolen Passwords
- Protect Yourself from Telephone Scams
- Mobile Device Protection Suggestions
- Beware of Mortgage Scams
- Protect Your Teens Online
- How to Travel Safely in a Foreign Country
- Using Your Debit Card Wisely
- Tips for Protecting Your Checking Account
- Protect Your Password…Protect Your Reputation
- Reporting Identity Theft in Four Simple Steps
- Security Tips for Computers and Online Banking, Bill Pay and Shopping Online
- Tips about Statements, Bills and Receipts
- Protecting Yourself Online, within Apps, and Other Delivery Channels
In addition, below are a few helpful websites with more information:
Helpful tips regarding identity theft:
Credit Scores and Identity Checks:
Stay Safe Online Website:
Your passwords provide you with access to convenience and ease. But, if someone else obtains these passwords, you may experience financial and identity theft issues. Let’s take a look at the 25 most common passwords. Users of any of these passwords are most likely to be victims of future breaches, so if your password is listed below, we advise to change it:
This list is composed annually by SplashData and is compiled from files containing millions of stolen passwords posted online by hackers. Here are some tips to making your passwords more secure:
- Change if you have a commonly used password. If you use any of the passwords listed, change them immediately! You do not want to be a victim of any type of fraudulent act.
- Use passwords with eight characters or more with mixed types of characters. One way to create a more secure password is to use short words that are easy to remember, separating them with either spaces or characters. For example, 8_lunch@2 or 8 lunch @ 2.
- Avoid using the same password for multiple websites. The issue here is that if you use the same password and you are hacked, all of your personal information is then at risk. You are especially at risk if you use the same password for a social media site and a site used to access your financial information.
- Don’t write down your passwords. While it may be difficult to remember all your passwords, you should avoid writing them down. If you have to, you may want to consider locking them in a safe or using some sort of coded language to remember them.
The telephone is one of the most often used sources for criminal activity. Here’s how it works. Your phone rings. The caller claims to be from your financial institution, or any other source. They begin asking questions about you and your account. This could be a telephone scam called Vishing or Phishing. Someone is attempting to steal your identity. And it happens to millions of Americans every year. Follow these steps to protect yourself from most types of identity theft telephone scams:
- Never offer personal or account information over the phone without verifying the caller’s identity.
- If you are uncertain of the identity of a caller, hang up and initiate the call yourself using a known phone number.
- Do not call any phone number received in a voice message or email asking for personal information. It could lead you to a phony answering system.
As a general guideline, be highly suspicious any time you are requested to provide personal information over the phone.
Additionally, please know it's not just telephone scams. Personal financial information and passwords for financial services should not be provided in response to unfamiliar or suspicious websites, emails, text messages, telephone calls, mobile phone applications or social media messages.
If you provide financial information and passwords for financial services in response to unfamiliar or suspicious websites, emails, test messages, telephone calls, mobile phone applications or social media messages, you should change your passwords as quickly as possible.
- Enable an automatic screen-lock with a password to lock your device when it’s not in use.
- Create a unique password that is only used for Online and Mobile Banking. We recommend changing this password frequently.
- Consider setting up a remote wipe program, which would allow you to send a command to your device that will delete any data.
- Only download apps from trusted and approved app stores endorsed by your particular technology provider (iPhone, Droid, etc.) and service carrier. Certain smart phones can even be configured to block apps installed outside of trusted and approved app stores.
- Keep a record of the device’s make, model and serial number. After writing down your mobile device's make, model, and serial number, never store it in a public area. It is important to have this information if your phone is stolen, as you will have the information readily available for the police, but you do not want others to gain access to this private information. Lost or stolen phones should be reported to your carrier promptly.
- Be cautious before using a non-secure wireless network. We recommend using Online Banking and Mobile Banking in a more safe and controlled environment.
- Try not to set your phone settings to auto-fill User IDs and password information. While this may be convenient, it may not necessarily be safe with a mobile device that can be lost or stolen.
- Mobile phone applications, text messages, instant messages and calls from unfamiliar or suspicious sources that request personal financial information and passwords should be declined and, when appropriate, promptly deleted, and not replied to or forwarded. Any links they contain should not be opened.
Scam artists are stealing millions of dollars from distressed homeowners in the United States. They promise immediate relief from foreclosure in exchange for certain pieces of information or money. The reality is they are just trying to steal your money or your identity, which will actually make things worse for you in the long-run. Here are some tips and warning signs to avoid being a victim of a mortgage scam:
- Help is available for free. If someone says that you must pay upfront to receive advice, do not take that advice. HUD-approved housing agencies can help you negotiate with your lender or loan servicer, and that help is free. While some may be legitimate, it is best for you to call 1-888-995-HOPE (4673) for free housing counseling.
- Do not transfer the deed to your home. Beware of anyone who claims to be able to “save” your home if you sign or transfer over the deed to your home. Do not do it! Your mortgage company is the only one to sign over the deed to your home if necessary.
- Be cautious of someone claiming to pay off your mortgage. Do not sign papers in exchange for a promise that someone will pay off your mortgage. You must read and understand all paperwork before signing to make sure you are not unknowingly giving someone else ownership of your home.
- Submit mortgage payments only to your lender. Do not submit your mortgage payments to anyone other than your mortgage lender without your lender’s approval. Some scam artists ask you to make payments to them, and they will in turn make your payments to the lender; however, they keep your money.
- Do not listen to anyone who says you don’t need a real estate professional or title company when selling your home. You should always have a real estate professional, attorney or a title company help you with any transaction involving your home.
The best piece of advice, however, is to recognize that if something sounds too good to be true, it probably is. If you are struggling to make payments on your mortgage loan, contact us immediately and we will work with you to try and help you meet your obligation and lessen the stress you may feel in your situation. Call 636-239-7831 and speak with one of our mortgage lenders and keep your home and your credit reputation in tact.
Social networking sites, chat rooms, virtual worlds, and blogs are how teens socialize online. With that said, it is critical to help your child learn how to navigate those spaces safely. Let’s take a look at what some of the experts are saying across the nation in an effort to protect your children from predators, damage to their reputation or other harmful issues:
- Make sure you let your teens know that the words they write and the images they post have consequences offline. While they may be able to hide online as they write or post something that may be harmful to others (or to themselves), at some point, they will see other people face-to-face and have to deal with what was written or posted. Be courteous online just as you would to others in person.
- Encourage teens to only post things they are comfortable with others seeing. Some of your child's profile may be seen by a broader audience than they (or you) are comfortable with, even if privacy settings are high. Encourage your child to think about the language they use online, as well as any pictures or videos they may post. Let them know that grandparents, employers, college admissions officers, coaches, teachers, and the police may view their posts. Make sure they understand that they need to think before they post.
- Explain to your teens that they should never impersonate someone else online. Let your kids know that it's wrong to create sites, pages, or posts that seem to come from someone else, like a teacher, a classmate, or someone they made up. In some instances, they may attract individuals that they really do not want to attract or deal with in the future.
- Discuss the importance of limiting what they share online. Talk with your teens about what information should stay private, such as personal information like a phone number, address, Social Security number, financial information, among other things. If that information gets into the wrong hands, that may be a problem for more than just your teens.
- Limit the access to your teens’ profiles. Be sure that you use privacy settings on all of the social networking sites your teens may use. Additionally, make sure that you are aware of what chat rooms they enter and adjust the privacy settings accordingly. It is important that you talk to your teens about the importance of these settings and your expectations for who should be allowed to view their profile.
- Review your child's friends list. While your teens may think you are overprotective, it is better to know who they have as “friends” than to have something happen to them. Make sure they actually know all of the “friends” they have online. And, if you feel someone seems odd to be on the “friend” list, question your child about it.
There are so many ways you can try to protect your teens when they are online. The most important thing you can do, though, is to simply talk about what they are doing online. Make sure you encourage them to trust their instincts and talk to you if they feel like something is wrong.
Let's say you have always dreamed of visiting Rome. You finally save the money to buy your tickets and have prepared for the trip of a lifetime. You have just received your passport and have made a copy of it to keep with a friend or family member while you are gone. You have also contacted your credit and debit card providers to let them know the dates you will be traveling overseas. And, you have made a copy of your debit and credit cards to keep in a safe place with you as well as in a safe place that is accessible upon need at home. Finally, you have contacted your cell phone company to let them know when you are traveling.
Now, the big day has arrived and you are ready to see Rome. What can you do while traveling to make sure you have the trip you have dreamed about instead of it turning into a nightmare? The following are some steps to consider to stay safe and enjoy your vacation to a foreign country:
- Only carry a small amount of cash on you (e.g., tipping cash). Your credit card, debit card, and traveler's checks will pay for most things. Keep your money and valuables either with you or in the hotel safe in your room. Do not keep all of your money in the same place. Use the hotel safe to store extra cash. Always make sure to lock your luggage and label all of your belongings. Additionally, lock your hotel room when you are in it, as well as when you leave. Make sure any sliding glass and/or adjacent doors are locked as well.
- Make sure you call your credit and debit card providers before you leave for your trip and advise them that you will be traveling to a foreign country. Do the same with your cell phone provider. And importantly, give a copy of your passport, credit cards, and itinerary to someone you trust at home.
- When you are visiting various sites, wear your money in a money belt, or you can safety pin it to your belt or undergarments. You can also keep it in a pocket that zips or buttons (preferably in a front pocket), or in a purse that is secured to your body in some way. Keep in mind that many tourist sites will not let you in with a backpack and they will not store it for you. Also, do not carry your passport with you unless it is required in that particular country.
- When using public transportation, always be aware of possible theft. Make sure your pockets are buttoned and keep your backpack visible in front of you. Do not accept gifts of food or drink from strangers while on public transportation.
- Be aware of and follow all local laws regarding alcohol consumption, smoking and operating a vehicle, among others. Abide by the laws; expect no special treatment due to unfamiliarity.
- Travel in a group when possible. If you are not on the "tourist track," try to travel with a trusted companion.
While these tips do not form a complete list for you to consider while traveling, they will help you be prepared so that you can have an enjoyable time at your destination, wherever you may be.
Debit cards are convenient and safer to use than cash. And, you can use them for any type of purchase where MasterCard is accepted – whether shopping at the grocery store or eating at a restaurant with your family.
A debit card works like a check, without all the hassles. You present the card as though it was a credit card and the transaction is handled exactly the same way, except the money is deducted directly from your checking account. You can also use it as an ATM card; in fact, the Bank of Washington combines the debit and ATM card into one card for your convenience. That way, you can access thousands of ATMs and point-of-sale machines (e.g., grocery store checkout) each day.
It is important for you to understand everything you can about debit cards, their fees and uses. Take a look at some important tips to consider when using a debit card:
- Be sure to keep your debit card secure; try to avoid carrying it loosely in your pocket or jacket.
- Keep your debit card in the same place in your wallet so you will know if it is missing immediately.
- Make sure to record all of your debit card transactions (including ATM transactions) immediately in your check register.
- Memorize your PIN for your debit card; never write it down. Additionally, choose a PIN that is not traceable to you or easy to decipher.
- You should always be aware of how much money is in your checking account so you don’t spend more than you have available; this may result in an NSF charge to your account.
- Be sure to have your identification ready when using your debt card. In many instances, merchants will check your ID, as they would a credit card, to verify that you are indeed who the debit card says you are. You should also sign the back of your card as you would a credit card primarily for verification purposes.
- Never give out your debit card number over the phone unless you initiated the call and are sure the recipient of the information is legitimate.
- Be sure to review your checking statement on a monthly basis and report any unauthorized transactions to your financial institution immediately.
- Time is essential when it comes to reporting a lost or stolen debit card; be sure to call us immediately. If you report a lost or stolen debit card within two days, you will literally save yourself a lot of money.
- Cards that are unused, have been canceled or have been replaced by a new card should be securely eliminated, for example by cutting them into small pieces so they cannot be read.
For more information about debit cards available at the Bank of Washington, you may call 636-239-7831, or visit one of our branch offices to speak with a representative about your options.
Check fraud is a serious problem in the United States. You should do all you can to protect unauthorized access to the funds in your checking account. Here are some important tips to follow in this effort:
- Store checks, deposit slips, monthly and quarterly statements, and cancelled checks in a secure and locked location.
- Never leave your checkbook in your vehicle (whether locked or not).
- Reconcile your checking account within 30 days of receiving your checking statement to detect any irregularities.
- Never give your checking account number (or any other account number for that matter) to someone you don’t know, especially over the telephone. Be particularly aware of unsolicited phone calls.
- Unless needed for tax purposes, securely destroy all old cancelled checks, account statements, deposit tickets and ATM receipts.
- Examine new check packages carefully for evidence of tampering.
- Limit the amount of personal information provided on your check. DO NOT include your Social Security Number or driver’s license number on your check.
- Do not mail bills from an unlocked mailbox.
- Never endorse a check until you are ready to cash or deposit it.
- Don’t write your credit card number on your check.
- Use dark ink on your checks that can’t be easily erased or covered over.
- Avoid leaving large blank spaces in the check boxes or amount line of the check. Start written dollar amounts as far to the left as possible and put a slash between the cents and the 100. Also, draw a line between the cents value and the right side of the dollar line.
- Check the number sequence for each pad of checks and make sure each number matches the check register or duplicate slip as it is used.
- Always verify your check numbers after each shopping trip, paying close attention to the back of the pad of checks.
It is also extremely important to order checks from the Bank of Washington if you have a checking account with us. We take many precautions to provide you with safe and secure checks in an effort to combat any type of counterfeiting and alteration. You may find checks that are less expensive over the Internet or with other check printing companies, but you will be grateful for the security measures we provide with our checks in the long-run.
Taking precautionary steps like these will help prevent you from being the victim of a crime that can be devastating. To learn more about the different checking options available through the Bank of Washington, click here . Or, if you prefer, you can talk to one of our representatives at 636-239-7831 or visit one of our branch offices .
Think for a minute about all of the data stored on the Internet, whether person or public information. You can literally find information about almost anything you desire using the Internet. Unfortunately, there are criminals referred to as “hackers” that spend their time trying to obtain data through illegal means. Most Internet security programs ensure that data stored in a computer cannot be read or stolen by anyone without authorization. These programs usually involve passwords and data encryption.
A password is a secret word or phrase that provides you with access to a particular system or program. For example, most people have a password that allows them to access their personal financial information on the Internet. As simple as it may sound, your best line of defense in protecting your information is to create an appropriate password.
How do you create an appropriate password? Create a simple sentence or phrase. Be sure you have approximately eight to 10 words in the phrase and that some sort of number is incorporated into that phrase; this phrase is the basis for your password. Then, you can take first letters or numbers within the phrase to make it work effectively. Keep in mind that you want the phrase to be something fictitious that you can still remember. Let’s take a look at how this may work:
- KEY PHRASE: I Like To Drink Hot Chocolate When It Rains May 11
- PASSWORD: iltdhcwirm11
The key is to make sure the phrase is familiar to you. In fact, you can write down the phrase in its entirety and put it in a locked file cabinet to help you remember your password. Whatever the case may be, the idea is to create something that others will not figure out.
To protect your password, change it regularly (every three to four months). Try to memorize your passwords as quickly as possible; do not write them down. You may write something down to help you remember the password and lock it up in a safe place, but do not write down your password. Again, you are trying to make sure others will not be able to break your “code.”
Additionally, you should avoid using the same password for everything you do. Unfortunately, if you do use the same password for everything you do, once a thief gets it, all of your information is in serious jeopardy.
When you enter your password in a public area, make sure no one is looking over your shoulder, or that you are blocking your password from any other viewpoint but yours. For example, when you enter your code in an ATM, use one hand to enter the code and the other to guard the keys. Stand firmly in front of the ATM and make sure the person behind you is far enough back that he/she cannot see what you are entering. If you don’t feel comfortable entering your PIN in a public setting, do not do it. Try again later or at another location.
In today’s technologically advanced society, we enter passwords online for many different things (e.g., banking services, membership for clubs, etc.). Most e-commerce websites have a special data encryption method within them called a “Secure Socket Layer (SSL),” which is a standard in the industry to protect the security of information across the Internet. Data encryption is the process of converting data into what appears to be random and meaningless information, which cannot be decoded without a “secret key” of some sort. Encryption is used to provide secure communications or financial transactions. Using this method, once you input information within a site and press “submit,” that information is scrambled (or encrypted) while being exchanged. Be sure to check on each website you enter for SSL technology as a protection for you and your information. Personal financial information (such as names in combination with Social Security Numbers, account number, and credit or debit card numbers) and passwords for financial services (such as online and mobile banking/payments, and person-to-person payments) should only be used in secure transactions.
Please note, if you provide financial information and passwords for financial services in response to unfamiliar or suspicious websites, emails, test messages, telephone calls, mobile phone applications or social media messages, you should change your passwords as quickly as possible.
At the Bank of Washington, we are committed to keeping your personal financial information as secure as possible, whether visiting our website, using ATMs, or any other business you conduct with us. To learn more about the steps we take at the Bank of Washington to guard your personal financial information, click here .
If you are a victim of identity theft, the law is on your side. In fact, many different laws have been enacted or amended specifically to combat identity theft. If you find that you are the victim of identity theft, there are four steps you should take immediately. Make sure to document all conversations so you know whom you spoke to and when:
Step #1: Contact the Federal Trade Commission
If you believe you are a victim of identity theft, you should immediately file a complaint with the Federal Trade Commission (FTC). Click here for a link to the FTC website. The FTC is the “clearinghouse” for all identity theft claims. Although the FTC cannot actually bring charges against a thief, it can help to put you in contact with those who can prosecute such a crime. Also, when you share your identity theft complaint with the FTC, you will provide important information that can help law enforcement officials across the nation track down identity thieves and stop them.
Additionally, you can provide a printed copy of your online ID Theft Complaint form to the police to incorporate into their police report. The printed FTC ID Theft Complaint, in conjunction with the police report, can constitute an Identity Theft Report and entitle you to certain protections. According to the FTC, the Identity Theft Report can be used to:
- permanently block fraudulent information from appearing on your credit report;
- ensure that debts do not reappear on your credit report;
- prevent a company from continuing to collect debts that result from identity theft; and
- place an extended fraud alert on your credit report.
Step #2: Contact Law Enforcement
You should immediately file a police report about your identity theft; this can be done in person, over the telephone, or even online. When you file your police report, be sure to bring your FTC ID Theft Complaint form, and any other supporting documentation. Explain to the officer that you need a copy of the Identity Theft Report (the police report with your ID Theft Complaint attached) to dispute any fraudulent accounts, purchases or debits created by the identity thief. It is important to note that in some jurisdictions the officer will not be able to give you a copy of the official police report; however, you should be able to sign your FTC ID Theft Complaint and write the police report number in the “Law Enforcement Report” section of the document.
Step #3: Contact Your Financial Institution or Other Creditors
Next, you should close the accounts you believe have been affected. You may want to use the ID Theft Report to help you dispute unauthorized accounts or transactions. Most financial institutions or other creditors will ask you to fill out their own forms as well in the case of identity theft, and they will begin their own investigation to assist you in this area.
Step #4: Contact the Credit Bureaus
In the past, you would have had to contact the credit bureaus on your own to place a fraud alert on your accounts in question; however, the law now states that your financial institution or other creditor may assist you with this effort. You may still wish to do this on your own to make sure it is done as you have requested. It is important that a fraud alert is placed on your accounts because it will request creditors to contact you before any new accounts are opened or changes are made to your existing accounts. As soon as one of the credit bureaus confirms your fraud alert, the other two credit bureaus will be contacted and you will be sent three copies of your credit report at no cost.
Remember, the law is on your side in the case of identity theft. Taking action as quickly as possible is the key to recovering from the theft with as little damage as possible.
- Antivirus protection and scanning software that has been reviewed and rated as satisfactory by independent analysts should be installed, updated and utilized as recommended. In addition:
- If the security software can update automatically, set it to do so.
- If the security software cannot update automatically, update it after each login.
- If viruses (also referred to as “malicious software” or “malware”) are detected, the recommendations provided by the antivirus program should be followed promptly.
- Operating system software updates (also referred to as “patches”) should be accepted, downloaded, installed and run promptly, and as recommended.
- Personal financial information should never be sent by email in an unencrypted state. An email solution that encrypts messages between financial institutions and their customers should be utilized.
- Financial transactions that are conducted on websites should be conducted on secure websites only. An indicator of a secure website is a URL that begins with “https” in the address, the “s” standing for “secure.” The “https” prefix should be on every page of websites used to conduct transactions, in addition to the sign-in page.
- Most WI-FI networks do not encrypt information and are not secure. Some use encryption and are more secure, WPA being common and WPA2 the strongest. However, if any Wi-Fi network is to be used, a virtual private network (VPN) should be established and used to encrypt communications. VPN encryption applies all the way from the user’s PC to the host computer, regardless of the type of network used. The encryption methods used by VPN are stronger than WEP and WPA.
- Unfamiliar or suspicious emails, test messages, instant messages, phone calls, websites and social media solicitations that request personal financial information should be deleted immediately. They should not be replied to or forwarded, and any links that they contain should not be opened.
- Options to “Remember me” on websites where transactions are conducted should not be used.
- Computer workstations and laptops should be logged off, and preferably not left on, when the user steps away.
- Computer workstations and laptops should be set to logoff automatically after no more than two minutes of non –use, with a password required to log back in.
- Computer workstations, laptops and external storage devices such as USB drives and storage discs should be physically secured with locks (such as with a cable lock or in a locked drawer) when not in use.
- Computers that are no longer in use should have hard drives removed and shredded, or a software program that wipes and eliminates all data from their hard drives should be used, following DOD5220 standards for data sanitization.
- Approach all applications and links on all devices (such as personal computers, tablets and cell phones) and delivery channels (such as email, text messages and social media sites) with caution, as cybercriminals often use applications and links as the first step in installing malicious software on devices with which fraudulent acts can be enabled.
- Statements, e-statements, bills and e-bills should be reviewed promptly upon receipt to verify that all transactions were made by authorized parties: any transactions made by unauthorized parties: any transactions made by unauthorized parties should be reported to the appropriate financial institution, card issuer or biller.
- Transactions receipts should be saved and compared to statements to ensure that unauthorized charges have not been added. Any transactions made by unauthorized parties should be reported to the appropriate financial institution, card issuer or biller.
- Incorrect transaction receipts should be voided.
- Blank transaction receipts should not be signed. Draw a line through any blank spaces above the total on any transaction receipt that is to be signed.
- Statements, bills and transaction receipts that are to be discarded should be eliminated securely, for example by shredding, and should not be discarded in readable form.
- Financial institutions, card issuers and billers should be notified in advance of a change of address.
- Take steps to verify that applications and links posted on social media sites correspond to legitimate websites, and that they have been posted by individuals who are known and trusted.
- Options to “Remember my card number” on websites where transactions are conducted should not be used.
- The highest available level of privacy and security settings should be selected and activated on any social media site.
- No information that can be used to compromise information security should be viewable on any social media site. Such information includes the names of financial institutions, card companies, commerce websites, Internet service providers, utilities and wireless carriers with which you have accounts. This also includes personal financial information, passwords, phone numbers, email addresses, addresses and dates of significance (for example, birth dates and anniversaries).
- Accept only known and trusted individuals into your social network.
- Do not allow social media sites to scan your address book.
For even more information on Identity Theft Protection, please click here .