A good way to prevent identity theft is to check your credit report. The official website,
annualcreditreport.com, is the ONLY authorized online source for you to get a free credit report under federal law. You can get a free report from each of the three national credit reporting companies every 12 months. Some other sites claim to offer 'free' credit reports, but may charge you for another product if you accept a 'free' report.
St. John National Bank will never ask for your personal information by email.
If you have questions about any SJNB email messages you receive, please do not hesitate to contact us
at 1-620-549-3225 or 1-888-549-2265. With new threats to computer security and the increasing
amount of identity theft, online consumers must learn to detect possible intrusions and protect
their personal information. SJNB online banking customers should be aware of internet related scams,
such as the use of fraudulent e-mails and bogus websites used in phishing and pharming attacks.
Corporate account takeover is a type of fraud where thieves gain access to a business' finances to make unauthorized transactions,
including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer
information that may not be recoverable. St. John National Bank recommends following these tips to keep your small business safe.
- Educate your employees. You and your employees are the first line of defense against
corporate account takeover. A strong security program paired with employee education about the warning signs,
safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
- Protect your online environment. It is important to protect your cyber environment just as you would your cash
and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on
your computer. Use complex passwords and change them periodically.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you
from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes
and batch limits help protect you from fraud.
- Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails.
If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
- Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially
reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in
the agreement. If you don't, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions
about your responsibilities.
For additional information, you can visit the following websites to learn more about how to protect your small business:
"URLZone" is a Trojan specifically designed to withdraw money from your bank account.† After visiting a compromised site, the Trojan infects your computer, accesses your Internet Banking account, and transfers the money out of your account.† The scary thing is, the Trojan rewrites your transaction history so that you canít see whatís taken place.
"Scareware" is bogus software that acts as if it is a legitimate security program.† An official-looking pop-up claims that malware was detected and that you must download security software.† Once downloaded, the software contains malware designed to steal personal information.† Only download software from a known source; NEVER download software from a pop-up message.
"Vishing" is phone-based phishing.† Fraudsters send text or voice messages to card holders, claiming that your debit cards have been deactivated and to call a phone number to reactivate.† Once you call the phone number, you are asked to give out your debit card numbers and PIN numbers.† SJNB will NEVER contact you via text messaging, and we will NEVER ask for your PIN numbers.
"Phishing" is a tactic used by identity thieves to steal your personal information. "Phishers" will send emails that look like they came from legitimate companies to lure you to enter passwords, social security numbers or other information. They may even add links within the emails that will take you to a bogus look-alike website to get you to submit this information. Most phishing emails have a sense of urgency to get you to act before thinking. For example:
Legitimate companies will never ask for passwords, social security numbers or other sensitive information through email.
- "Hurry or your account will be suspended."
- "We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
- "During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."
"Pharming" is similar to phishing except instead of sending you an email, pharmers will trick your computer to go to a bogus website instead of the legitimate site. Before submitting any personal information on a website, always make sure you are at a secure website. After accessing the Bank's online banking log-in page, check that the address contains "https:" and an icon of a closed padlock appears on the taskbar at the bottom of the page. If these elements are missing, the site is not secure. Authenticity of the website may also be verified by the "VeriSign" icon which identifies the website you are visiting.
"Smishing" is another variation of phishing.† A fraudster uses cell phone text messages to lure you to a website
or perhaps to use a phone number that connects to an automated voice response system.
Helpful hints for guarding your financial data:
Visit the Federal Trade Commission government website -
www.ftc.gov/spam - for additional information on phishing, pharming, spyware, and guarding against identity theft.
- Always use a unique password for your Internet Banking account.
- If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or website address you know to be genuine.
- Avoid emailing personal and financial information. Before submitting financial information through a website, look for the "lock" icon on the browser's status bar; it signals that your information is secure during transmission.
- Review bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your bank to confirm your billing address and account balances. Online banking provides access to your statement on a daily basis.
- Report a lost or stolen debit card immediately; to report a lost debit/ATM card outside regular business hours, call (620) 694-6767. Sign the back of your card and memorize your PIN; never reveal your PIN to anyone.
- Spyware software, installed on your computer without your consent, monitors or controls your computer use. It may be used to send you pop-up ads, redirect your computer to bogus websites, monitor your Internet surfing, or record your keystrokes, which, in turn, could lead to identity theft. If you think your computer might have spyware on it, experts advise that you take three steps: Get an anti-spyware program from a vendor you know and trust. Set it to scan on a regular basis - at least once a week - and every time you start your computer, if possible. And, delete any software programs the anti-spyware program detects that you don't want on your computer. The clues that spyware hides on your computer are identified on the below-named website.
- Keep smart phone operating systems up-to-date; use passwords to gain access to your phone; install apps that will enable remote deletion of phone data if it is lost or stolen.
Additional resources include those listed below:
Internet Crime Complaint Center - www.ic3.gov
Consumer Fraud (Department of Justice Homepage) - www.usdoj.gov
Consumer Guides and Protection - www.usa.gov
Financial Fraud Enforcement Task Force - www.stopfraud.gov
On Guard Online - www.onguardonline.gov