Identity Theft / Phishing

Identity Theft Protection

More than 27 million Americans have experienced identity theft, and the incidence rate increases every year. Substantial measures are in place at your bank to protect your identity and your accounts against theft and fraud. For example, stringent bank privacy policies protect your personal and financial information. Password protection for online transactions helps ensure online security. When using our online services, you develop a secret password only you know. Encryption of online transactions with your bank converts your information into secure code, protecting you against hackers.

Maximum security is possible only with your help. Here’s what you can do to stop these crimes before they happen.

  • Do not give out financial information such as checking and credit card numbers or your Social Security number unless you know the person or organization.
  • Report lost or stolen checks immediately. Your bank will block payment on them.
  • Notify your bank of suspicious phone inquiries such as those asking for account information to “verify a statement” or “award a prize.”
  • Closely guard your ATM PIN and receipts.
  • Shred any financial solicitations and bank statements before disposing of them.
  • Put outgoing mail into a secure, official Postal Service collection box.
  • If regular bills fail to reach you, call the company to find out why.
  • If your bills include questionable items, don’t ignore them. Instead, investigate immediately to head off any possible fraud.
  • Periodically contact the major credit reporting companies to review your file and make certain the information is correct. (See related article on the FACT Act to learn about obtaining free reports.)

The Fair and Accurate Credit Transactions Act (FACT Act) will also help reduce identity theft according to Congress and the Federal Trade Commission. For example, one provision requires the three major credit-reporting agencies to provide consumers with a free copy of their own credit report. Another provision to help prevent identity theft is the National Fraud Alert System. Consumers who reasonably suspect they have been or may be victimized by identity theft, or who are military personnel on active duty away from home, can place an alert on their credit files. The alert will put potential creditors on notice that they must proceed with caution when granting credit.

Other measures to help consumers recover their credit reputation after they have been victimized include:

  • Credit reporting agencies must stop reporting allegedly fraudulent account information when a consumer establishes that he or she has been the victim of identity theft.
  • Creditors or businesses must provide copies of business records or fraudulent accounts or transactions related to them. This information can assist victims in proving that they are, in fact, victims.
  • Consumers will be allowed to report accounts affected by identity theft directly to creditors— in addition to credit reporting agencies— to prevent the spread of erroneous information.

Phishing and Internet Piracy

There’s a new type of Internet piracy called “phishing.” It’s pronounced “fishing,” and that’s exactly what these thieves are doing: “fishing” for your personal financial information. What they want are account numbers, passwords, Social Security numbers, and other confidential information they can use to steal money from your checking account or run up bills on your credit cards. In the worst case, you could find yourself a victim of identity theft.

With the sensitive information obtained from a successful phishing scam, thieves can take out loans or obtain credit cards and even driver’s licenses in your name. They can do damage to your financial history and personal reputation that can take years to unravel. But if you understand how phishing works and how to protect yourself, you can help stop this crime.

How Phishing Works

In a typical case, you’ll receive an email that appears to come from a reputable company you recognize and do business with, such as your financial institution. In some cases, the e-mail may appear to come from a government agency, including one of the federal financial institution regulatory agencies. The email will probably warn you of a serious problem that requires your immediate attention. It may use phrases, such as “immediate attention required” or “please contact us immediately about your account.” The email will then encourage you to click on a button to go to the institution’s website. In a phishing scam, you could be redirected to a phony website that may look exactly like the real thing. Sometimes, in fact, it may be the company’s actual website. In those cases, a pop-up window will quickly appear for the purpose of harvesting your financial information. In either case, you may be asked to update your account information or to provide information - such as your Social Security number, account number, password, mother's maiden name or place of birth - for verification purposes. If you provide the requested information, you may find yourself the victim of identity theft.

How to Protect Yourself

  • Never provide your personal information in response to an unsolicited request, whether it is over the phone or over the Internet. Emails and Internet pages created by phishers may look exactly like the real thing. They may even use a fake padlock icon that ordinarily is used to denote a secure site. If you did not initiate the communication, you should not provide any information.
  • If you believe the contact may be legitimate, contact the financial institution yourself. You can find phone numbers and website addresses on the monthly statements you receive from your financial institution. You can also look the company up in a phone book or on the Internet. The key is you should be the one to initiate the contact, using contact information you have verified yourself.
  • Never provide your password over the phone or in response to an unsolicited Internet request. A financial institution would never ask you to verify your account information online. Thieves armed with this information and your account number can help themselves to your savings.
  • Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving, call your financial institution to find out why. If your financial institution offers electronic account access, periodically review activity online to catch suspicious activity.

What to Do if You Fall Victim

  • Contact your financial institution immediately and alert it to the situation.
  • If you have disclosed sensitive information in a phishing attack, you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file. This can help prevent thieves from opening a new account in your name.

Here is the contact information for each bureau’s fraud division:

Equifax
800-525-6285
P.O. Box 740250
Atlanta, GA 30374

Experian
888-397-3742
P.O. Box 1017
Allen, TX 75013

TransUnion
800-680-7289
P.O. Box 6790
Fullerton, CA 92634

Report all suspicious contacts to the Federal Trade Commission at www.consumer.gov/idtheft or by calling 1-877-IDTHEFT.

How You Can Fight Identity Theft

  • Never provide personal financial information, including your Social Security number, account numbers or passwords, over the phone or the Internet if you did not initiate the contact.
  • Never click on the link provided in an email you believe is fraudulent. It may contain a virus that can contaminate your computer.
  • Do not be intimidated by an email or caller who suggests dire consequences if you do not immediately provide or verify financial information.
  • If you believe the contact is legitimate, go to the company’s website by typing in the site address into your browser directly or using a page you have previously bookmarked, instead of a link provided in the email.
  • If you fall victim to an attack, act immediately to protect yourself. Alert your financial institution. Place fraud alerts on your credit files. Monitor your credit files and account statements closely.
  • Report suspicious emails or calls to the Federal Trade Commission at www.consumer.gov/idtheft or by calling 1-877-IDTHEFT.

A message from the federal bank, thrift and credit union regulatory agencies:

Board of Governors of Federal Reserve System
Federal Deposit Insurance Corporation
National Credit Union Administration
Office of the Comptroller of the Currency
Office of Thrift Supervision

Internet Crime Schemes

Learn more