An Ounce of Prevention

Fraud Awareness

Are you taking steps to protect personal information? Safeguarding sensitive data in your files and on your computers is critical. After all, if that information falls into the wrong hands, it can lead to fraud or identity theft. The security of your money and identity is as important to us as it is to you. Let’s work together to protect it.

From Industry Experts

Insights on Fraud Awareness

Note: The embedded videos above are hosted by an independent third-party not governed by HBC’s information security standards, therefore proper diligence should be exercised when accessing content.

From Across the Industry

Fraud Awareness Tips and Tools

Online Security
FDIC’s – Money Smart for Adults
FBI – Scams and Crimes
FDIC – Consumer Financial Awareness

Be Alert

Protecting Your Business

Digital Padlock Image

Know what personal information you have in your files and on your computers.

  • Inventory all file storage and electronic equipment. Where does your company store sensitive data?
  • Talk with your employees and outside service providers to determine who sends personal information to your business, and how it is sent.
  • Consider all the ways you collect personal information from customers, and what kind of information you collect.
  • Review where you keep the information you collect, and who has access to it.

Keep only what you need for your business.

  • Use Social Security numbers only for required and lawful purposes. Don’t use SSNs as employee identifiers or customer locators.
  • Keep customer credit card information only if you have a business need for it, and ensure stored information is in accordance with Payment Card Industry Data Security Standards (PCI-DSS).
  • Review the forms you use to gather data – like credit applications and fill-in-the-blank web screens for potential customers – and revise them to eliminate requests for information you don’t need.
  • Change the default settings on your software that reads customers’ credit cards. Don’t keep information you don’t need.
  • Truncate the account information on electronically printed credit and debit card receipts you give your customers. You may include no more than the last five digits of the card number, and you must delete the card’s expiration date.
  • Develop a written records retention policy, especially if you must keep information for business reasons or to comply with the law.

Protect the information that you keep.

  • Put documents and other materials containing personally identifiable information in a locked room or file cabinet.
  • Remind employees to put files away, log off their computers, and lock their file cabinets and office doors at the end of the day.
  • Implement appropriate access controls for your building.
  • Encrypt sensitive information if you must send it over public networks.
  • Regularly run up-to-date anti-virus and anti-spyware programs on individual computers.
  • Require employees to use strong passwords.
  • Caution employees against transmitting personal information via e-mail.
  • Create security policies for laptops used both within your office, and while traveling.
  • Use a firewall to protect your computers and your network.
  • Set “access controls” to allow only trusted employees with a legitimate business need to access the network.
  • Monitor incoming Internet traffic for signs of security breaches.
  • Check references and do background checks before hiring employees who will have access to sensitive data.
  • Create procedures to ensure workers who leave your organization no longer have access to sensitive information.
  • Educate employees about how to avoid phishing and phone pretexting scams.

Properly dispose of what you no longer need.

  • Create and implement information disposal practices.
  • Dispose of paper records by shredding, burning, or pulverizing them.
  • Defeat dumpster divers by encouraging your staff to separate the items that are safe for trash from sensitive data that needs to be discarded with care.
  • Make shredders available throughout the workplace, including next to the photocopier.
  • Use wipe utility programs when disposing of old computers and portable storage devices.
  • Give business travelers and employees who work from home a list of procedures for disposing of sensitive documents, old computers, and portable devices.

Create a plan for responding to security incidents.

  • Create a plan to respond to security incidents, and designate a response team led by a senior staff person.
  • Draft contingency plans for how your business will respond to different kinds of security incidents. Some threats may come out of left field; others – a lost laptop or a hack attack, to name just two – are unfortunate, but foreseeable.
  • Investigate security incidents immediately.
  • Create a list of who to notify – inside or outside your organization – in the event of a security breach.
  • Immediately disconnect a compromised computer from the Internet.

Be wary. Protect yourself against email fraud.

“Phishing” is an email scam used to steal your personal information. Email may appear in your inbox, claiming to be from your financial institution, credit card company, or another source. It may appear authentic, but be careful – any email requesting personal information or to “verify” account information is usually a scam. Do not respond to this and do not click on any link contained in this type of email.

Be careful when accessing the internet.

If you’re not sure about the safety of a site, you’re better off to avoid it. The Internet is a great place to browse and do business, but it can also be a Danger Zone for identity theft if you don’t know what to watch for or how to protect yourself. There are several types of malware – short for malicious software – that can infect your computer as you surf the web. These programs are becoming more sophisticated and ingenious in their ability to infect your computer. Many are designed to steal your personal information, including:

  • Viruses
  • Spyware
  • Trojan Horses
  • Keystroke Loggers

If you receive an incoming call requesting personal information, hang up.

The telephone is one of the most often used sources for criminal activity. Here’s how it works: Your phone rings. The caller claims to be from your financial institution, or any other trusted source. They begin asking questions about you and your account. This could be a telephone scam called “Vishing” (voice phishing). Someone is attempting to steal your identity, and it happens to millions of Americans every year.

Don’t make it easy for criminals to steal your payment information.

Payment fraud happens when someone uses information from your checks, credit and debit cards, or any other form of payment without your knowledge, to commit fraud or other crimes. This, and other forms of identity theft, can be avoided if you know how to protect yourself.

Dispose of your personal records by shredding, burning, or pulverizing them.

The simple act of sending and receiving mail, and putting your trash out at night, can put your personal information at risk. Financial information, checks, bank account and credit card statements, and monthly bills can be stolen from your home, your mailbox, or even from your trash; then they can be used to access your accounts and steal your identity.

“Social Engineering” is any method of theft that manipulates your human nature in order to gain access to your online financial accounts. Here are a few ways you can protect yourself from thieves using Social Engineering techniques:

  • Don’t respond to ANY email or social network post or message that asks for money or confidential information. Thieves can hack email and social network accounts, and then pose as a friend or family member in order to gain your trust.
  • Don’t assume that an unsolicited phone call or email is actually from a trusted source. Thieves can research your purchases or donations, then pose as a business or charity you trust. Or, they may pose as law enforcement, a bank officer or another trusted authority figure. Just because they have bits of information about you or your past activities doesn’t mean they are legitimate.
  • Verify, verify, verify. If someone is on the phone, or you receive a message in your inbox, telling you there is a problem with your online banking account, online auction account or credit card account, don’t give them additional information to “fix” the problem. Instead, hang up the phone or delete the email and check those accounts directly by logging in normally or calling a published customer service number.
  • Be conscious of what can be learned about you. Many kinds of online accounts, including online banking, use challenge questions as part of their security. Make sure you don’t choose responses that can be found online. For example, don’t use your mother’s maiden name if it is mentioned on a social network profile; or the model of your first car, if you discussed it on a forum. Thieves are very good at digging out those details from online searches.
  • Remember, even the most innocent email attachments can be infected with computer malware. Common and popular files like PDFs, JPGs and spreadsheets can provide a platform for installing viruses or keystroke-logging malware on your computer. If you aren’t certain the file came from a legitimate business, charity, or person, don’t open it without verifying. Call them and ask if they sent an email with an attachment.

Be Cautious

Protecting Yourself

Digital Padlock Image