- What is Identity Theft
- ID Theft Protection
- Online Banking Security
- Business E-Mail Compromise (BEC) scam
Identity theft is a serious crime and it is on the rise. The Federal Trade Commission reports that 9 million people were victims of identity theft last year, a 13% increase from the prior year. Identity theft is often thought of as an Internet crime but, you can be victimized by ID theft in many other ways.
What Is Identity Theft and How Does it Occur?
Identity theft is when a person wrongfully obtains your personal information and uses it to commit fraud or steal money. Identity thieves use a variety of methods to steal personal information. These methods can range from robbery of personal items (such as a wallet, pocket book or personal computer) to very sophisticated high tech assaults and attacks. Some of the techniques used today include:
Phishing: spam or pop-up messages that appear to be from a trusted company or financial institution, when in fact they are not, and aim to get people to reveal personal information.
Spear Phishing: a fraudulent email that targets a specific organization, seeking unauthorized access to confidential data.
Pharming: redirecting people to a fake website.
Skimming: credit and debit card numbers are stolen using a special storage device when processing a card.
Pretexting: using false pretenses to obtain personal information.
Address Change: billing statements are diverted to another location by completing a change of address form.
Dumpster Diving: refers to rummaging through trash looking for items that may contain personal information such as bills or other documents.
Businesses and Individuals Working Together
Although financial institutions and credit card companies have numerous security standards and protocols in place to detect and defend against identity theft, there are numerous steps individuals can take to minimize risk, as well. Make it a habit to monitor your checking and credit card accounts and check monthly bills and online accounts for suspicious transactions. Check your credit report information annually. The Fair Credit Reporting Act guarantees you access to your credit report for free from each of the three nationwide credit reporting companies — Experian, Equifax, and TransUnion. AnnualCreditReport.com is the only authorized source for the free annual credit report that's yours by law. Other precautionary steps to prevent ID theft include:
- Do not carry all of your credit cards and IDs with you; leave some in a separate and safe location.
- Never give your credit card number or personal information over the phone, unless you have initiated the call and trust that business or person.
- Protect your computer with Firewalls and Antivirus programs.
- Do not click links in unsolicited e-mails or purchase anything online from unknown sources.
- Do not use passwords that anyone can guess and never write them down or email them.
- Shred documents that contain any personal information before you throw them away.
What to Do If Identity Theft Happens to You
In many cases, a victim of ID theft will not realize they have become a target until after the theft has occurred. If you have reason to believe that you have been a victim of identity theft, there are a number of steps to take to report the crime and restore your credit. File a police report and begin keeping a record with the details of your conversations and copies of all correspondence. Notify creditors and close accounts you know have been tampered with or opened fraudulently. Contact your bank and one of the three major consumer credit reporting companies (Experian, Equifax and TransUnion) to issue a Fraud Alert. This Alert will inform creditors that you must be contacted and your identity verified before credit is extended or changes made to your accounts. The Federal Trade Commission has a toll-free number,
1-877-IDTHEFT where you can file a report.
Cases of Identity theft are increasing in frequency but there are steps you can take to minimize your chances of becoming a victim. Be aware of the tactics used by identity thieves and what you can do to protect yourself. If you should fall victim, act swiftly in contacting authorities, creditors, and government agencies. For more information and additional resources, visit www.ftc.gov/idtheft.
Identity theft is on the rise across the United States. It is increasingly important that you take steps to reduce the risk of becoming an identity theft victim.
There are a number of useful online resources for consumers. One great one is www.ftc.gov/idtheft, a one-stop national reference tool providing detailed information to help you deter, detect, and defend against identity theft. It will also help you address questions like:
- What are the steps I should take if I'm a victim of identity theft?
- What is a fraud alert?
- What is a credit freeze?
- What is an identity theft report?
- What do I do if the police only take reports about identity theft over the Internet or telephone?
- What do I do if the local police won't take a report?
- How do I prove that I'm an identity theft victim?
- Should I apply for a new Social Security number?
To speak to a professional identity theft counselor call 1-877-FTC-HELP (382-4357).
If you suspect you have been affected by Internet fraud or identity theft related to Bank of Nevada credit card purchases, contact Partners First Customer Service Center at 1-866-450-1402 for Concierge Cards.
If you believe you have been a victim of Internet fraud or identity theft regarding your debit card or bank accounts, contact your local Bank of Nevada office.
If you notice suspicious or unusual activity on your online banking accounts, or if you need to report fraud immediately, please call 702-248-4200.
If you suspect you might be a victim of identity theft, alert a credit bureau with your concerns and questions immediately.
You can contact one of the three major credit bureaus listed below to place a fraud alert on your credit file. You also can order a credit report to identify any unauthorized activity.
Equifax: 1 (800) 525- 6285
Experian: 1 (888) 397-3742
Trans Union: 1 (800) 680-7289
With proper safety measures in place, your online banking transactions remain confidential and safe.
The following measures have been taken to ensure your privacy:
Secure Access and Verifying User Authenticity:
Access ID and password - In order to access Bank of Nevada's online banking, you must enter an access ID and password.
Bank of Nevada allows you to choose a "Nickname" for each of your accounts. For example, Checking, Payroll, Money Market, etc.
If you are logged on to online banking but do not use it for 15 minutes, you will not be able to proceed until you "re-log" onto the system.
Password "Lockout" System:
To keep unauthorized individuals from accessing your account by guessing your password, we have instituted a password lockout system. If your password is entered incorrectly three consecutive times, the user is "locked out" of the system. You must contact the bank for your account to be reset and the system to become "unlocked".
Secure Data Transfer:
Encryption - The latest encryption technology ensures that your confidential account information cannot be accessed by another party.
Encryption is a way to rewrite something in a code, which can be decoded later with the right "key." When you request information about your accounts, the information is sent across the web in an encrypted format to Bank of Nevada. We decode your request and send the requested information back to you in an encrypted format. When the information reaches you, it is decoded so that you, and no one else, can read it.
Router and Firewall:
Other Security Measures - In addition to the above safeguards, sophisticated firewalls and an authentication process ensure that only authorized individuals are allowed to enter our system.
While online banking works to protect your banking privacy, you will also play an important role in protecting your accounts.
Here are some important ways to ensure that you can help to keep your sensitive information protected:
Go paperless. Try to reduce the amount of mail you receive containing personal information. Continually utilize all security updates offered by your software providers. Make sure that your computer always has up-to-date versions of both anti-spy ware and anti-virus software. Implement steps to prevent and detect spyware and understand the risks associated with spy ware. Be aware of potential phishing attempts by making sure requests for sensitive personal, financial, or account information are legitimate, particularly if they are made in an urgent or threatening tone. Utilize strong passwords, change them often and do not share IDs or passwords with anyone. Do not use personalized information, such as names or birthdays. Log out of online banking prior to visiting other Internet sites.
The Secret Service is currently observing a significant increase in the frequency, sophistication, and fraud losses associated with Business E-mail Compromise (BEC) scams, which are a form of Automated Clearing House (ACH) wire fraud. Organizations are encouraged to immediately implement additional authentication steps before performing wire transfer payments to non-U.S. financial institutions, and to report suspected criminal activity associated with these scams to their local Secret Service Electronic Crimes Task Force (ECTF) or field office.
About Business E-mail Compromise (BEC) Scams
BEC is a sophisticated scam commonly targeting businesses working with foreign suppliers or companies that regularly perform wire transfer payments. This scam uses social engineering techniques, often coupled with unauthorized access to corporate networks, to use business emails to initiate fraudulent wire transfer payments to non-U.S. financial institutions. These payments are often transferred several times before being quickly dispersed and “cashed-out” in a foreign jurisdiction. Banks located within Asia are the most commonly reported destinations for these fraudulent transfers. However, recent reports indicate banks in Eastern European countries are increasingly used as the ending destination for dispersal. Although the scam is not new, it has recently grown in popularity and increasingly sophisticated versions of the scheme are being employed.
In one version, the victim company’s Chief Financial Officer (CFO) or business’s accounts payable department are receiving spoofed e-mails from their Chief Executive Officer (CEO) requesting a wire transfer or from a regular vendor purportedly updating their bank account information with the target business. The fraudulent e-mails are highly deceptive and are usually not detected as fraudulent. The request is typically then forwarded to specific individuals responsible for initiating and completing wire transfers and contains specific language and wire amounts that are customary for the victim company. Victims report this version of the scam is usually not discovered until business executives contact each other during casual conversation, face to face, through e-mail, or by phone calls to verify or confirm the wire transfer request.
In another version, company’s or employees’ e-mail systems are being compromised through malware. Investigations indicate the malware was uploaded through “spear phishing” e-mails when employees opened email attachments verifying shipping documents or other normal business functions. Once the illicit actors have access to the systems, they initiate requests for payments from the compromised email accounts to multiple vendors identified from the compromised contact list that include fraudulent payment instructions. The emails are highly deceptive and avoid detection because the messages are specific to the business in the type and amount of the request. The victim business usually does not become aware of the multiple fraudulent requests until they are contacted by their vendors due to overdue invoices.
The illicit actors in both versions appear to have conducted extensive research, both open source and through access to private business records, to identify responsible parties as well as normal operating procedures used by the specific businesses and employees. In some cases, it appears the suspects have maintained illegal access to the business’s computer systems or networks for extended periods of time. In all cases, the fraudulent wire transfer payments are sent to non-U.S. banks and are usually transferred several times before being quickly dispersed.
Losses associated with this scheme since October 2013, reported by U.S. businesses and international law enforcement, totaled over $1 billion. This scheme is currently growing in popularity amongst organized cybercrime groups and techniques are rapidly evolving. Implementing stronger authentication measures before initiating wire transfers to non-U.S. financial institutions is strongly encouraged.
Those who have been victims of this fraud scheme, or detect suspicious activity related to this scheme, should report this activity to their local U.S. Secret Service Electronic Crimes Task Force or field office. Early reporting of such incidents leads to the potential recovery of compromised funds.
A list of Secret Service field offices is available at: http://www.secretservice.gov/field_offices.shtml