What Is "Identity Theft"
Identity theft is the use of an individual's personal information such as a social security number, mother's maiden name, date of birth, or an account number to fraudulently open new credit card accounts, charge existing credit card accounts, write checks, open bank accounts or obtain new loans. Identity thieves may obtain this information through a number of means, including:
- Stealing wallets that contain personal identification information and credit cards;
- Stealing financial institution statements from the mail;
- Diverting mail from its intended recipients by submitting a change of address form;
- Rummaging through trash for personal data;
- Stealing personal identification information from workplace records;
- Intercepting or otherwise obtaining information transmitted electronically.
There is now a new form of Identity Theft called Phishing. We urge you read our web page about Phishing and how you can protect yourself.
How Do I Prevent "Identity Theft"
- Do not give personal information, such as account numbers or social security numbers, over the telephone, through the mail, or over the Internet unless you initiated the contact or know with whom you are dealing.
- Store personal information in a safe place and tear up old credit card receipts, ATM receipts, old account statements, and unused credit card offers before throwing them away.
- Protect your PINs and other passwords. Avoid using easily available information like your mother's maiden name, your birth date, the last four digits of your social security number, your phone number, etc.
- Carry only the minimum amount of identifying information and the number of credit cards you need.
- Pay attention to billing cycles and statements. Inquire to the bank if you do not receive a monthly bill; it may mean the bill has been diverted by an identity thief.
- Check account statements carefully to ensure all charges, checks, or withdrawals were authorized.
- Guard your mail from theft. If you have the type of mailbox with a flag to signal the box contains mail, do not leave bill payment envelopes in your mailbox with the flag up. Instead, deposit them in a post office collection box or at the local post office. Promptly remove incoming mail.
- Order copies of your credit report from each of the three major credit bureaus once a year to ensure they are accurate. The law permits the credit bureaus to charge $8.50 for a copy of the report (unless you live in a state that requires the credit bureaus to provide you with one free copy of your report annually).
If you prefer not to receive pre-approved offers of credit, you can opt out of such offers by calling 1-888-5-OPT OUT 1.888.567.8688.
If you want to remove your name from many national direct mail lists, send your name and address to:
DMA Mail Preference Service
P.O. Box 9008
Farmingdale, NY 11735-9008
If you want to reduce the number of telephone solicitations from many national marketers, send your name address and telephone number to:
DMA Telephone Preference Service
P.O. Box 9014
Farmington, NY 11735-9014
If You Are a Victim of "Identity Theft"
Contact the fraud departments of the three major credit bureaus and request they place a fraud alert and a victim's statement in your file. The fraud alert puts creditors on notice that you have been the victim of fraud and the victim's statement asks them not to open additional accounts without first contacting you.
Telephone numbers for the fraud departments of these credit bureaus are: Trans Union: 1.800.680.7289; Equifax: 1.800.525.6285; Experian: 1.888.397.3742. Credit bureaus must provide a free copy of your credit report if you have reason to believe the report is inaccurate because of fraud and you submit a request in writing.
Review your report to make sure no additional fraudulent accounts have been opened, or unauthorized changes made to your existing accounts. Also, check the section of your report that lists inquiries and request that inquiries from companies that opened the fraudulent accounts be removed.
Contact financial institutions or other creditors where you think your account(s) may be the subject of identity theft. Request that they restrict access to your account, change your account password, or close your account if there is evidence your account has been the target of criminal activity.
Also, file a report with your local police department. Contact the FTC's Identity Theft Hotline at 1.877.ID.THEFT 877.438.4338. Your information goes into a secure consumer fraud database and is shared with local, state, and federal law enforcement agencies.
Internet Banking Authentication Security
First Federal Bank & Trust is committed to doing everything possible to secure customer information such that unauthorized parties cannot access it. A number of measures have been taken to secure customer information over the Internet, one of which is the Login Name and Password used to authenticate (login) to Internet Banking.
The Login Name and Password are entered through a basic HTML object called a form. The form sends the entered information to a web server for processing through a process called "submit". Part of executing a "submit" involves telling the form where the data is to be transmitted. In the case of the Login Name and Password customers enter from the Bank Homepage, the form is instructed to submit the data to a web server that is protected by SSL. This is what makes the form post secure.
Prior to any exchange of information with a web server protected by SSL, the web browser is required to negotiate an SSL session through a process called an SSL handshake. Once the SSL session is negotiated between the web browser and the web server, the data being sent to the web server is encrypted by the web browser in such a way that only the client and the server involved in the SSL session can read it. Thus, the Login Name and Password entered from the website are secure as they are transmitted via the Internet.
Password Best Practices
• Use a long passphrase. According to NIST guidance, you should consider using the longest password or passphrase permissible. For example, you can use a passphrase such as a news headline or even the title of the last book you read. Then add in some punctuation and capitalization.
• Don’t make passwords easy to guess. Do not include personal information in your password such as your name or pets’ names. This information is often easy to find on social media, making it easier for cybercriminals to hack your accounts.
• Avoid using common words in your passwords. Substitute letters with numbers and punctuation marks or symbols. For example, @ can replace the letter “A” and an exclamation point (!) can replace the letters “I” or “L.”
• Get creative. Use phonetic replacements, such as “PH” instead of “F”. Or make deliberate, but obvious misspellings, such as “enjin” instead of “engine.”
• Keep your passwords on the down-low. Don’t tell anyone your passwords and watch for attackers trying to trick you into revealing your passwords through email or calls. Every time you share or reuse a password, it chips away at your security by opening up more avenues in which it could be misused or stolen.
• Unique account, unique password. Having different passwords for various accounts helps prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. It’s important to mix things up— find easy-to remember ways to customize your standard password for different sites.
• Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.
• Utilize a password manager to remember all your long passwords. The most secure way to store all of your unique passwords is by using a password manager. With just one master password, a computer can generate and retrieve passwords for every account that you have – protecting your online information, including credit card numbers and their three-digit Card Verification Value (CVV) codes, answers to security questions, and more.
• Only provide your password to the device or system that you intend to login to – double-check to be sure that any site you are logging into is the legitimate site. Look for changes in the site name, domain (.net, .com, .co, .gov, etc.). Also look for misspellings or substitute characters (such as l’s replaced with 1’s)
• Protect your devices by keeping the software up-to-date. These include items like mobile phones, computers, and tablets, but also appliances, electronics, and children’s toys.
• Once you’ve purchased an internet connected device, change the default password and use different and complex passwords for each one. Consider using a password manager to help.
• Check the devices’ privacy and security settings to make sure you understand how your information will be used and stored. Also make sure you’re not sharing more information than you want or need to provide.
• Enable automatic software updates where applicable, as running the latest version of software helps ensure the manufacturers are still supporting it and providing the latest patches for vulnerabilities.
• Set your security software to run automatic updates and scans
• Secure your devices: Use strong passwords or touch ID features to lock your devices. These security measures can help protect your information if your devices are lost or stolen and keep prying eyes out.
• Think before you app: Information about you, such as the games you like to play, your contacts list, where you shop and your location, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps.
• Only download apps from trusted sources. Most vendor app stores vet their apps for malicious behavior, this provides a level of protection that is not provided outside of these stores.
• Now you see me, now you don’t: Some stores and other locations look for devices with WiFi or Bluetooth turned on to track your movements while you are within range. Disable WiFi and Bluetooth when not in use.
• Get savvy about WiFi hotspots: Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your mobile device while you are connected. Limit what you do on public WiFi and avoid logging in to key accounts like email and financial services on these networks. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection on the go.
• Keep your mobile devices and apps up to date: Your mobile devices are just as vulnerable as your PC or laptop. Having the most up-to-date security software, web browser, operating system and apps is the best defense against viruses, malware and other online threats.
• Review privacy and location settings regularly to be sure that they are set as you intend them to be. When in doubt, disable it – you can always re-enable if you find that you need them.
• Delete when done: Many of us download apps for specific purposes, such as planning a vacation, and no longer need them afterwards, or we may have previously downloaded apps that are no longer useful or interesting to us. It’s a good security practice to delete all apps you no longer use