Equifax Data Breach
As most of you have probably heard on the news, yet another large company has had a data breach. This time it is Equifax, which is one of the three large Credit Reporting Bureaus. The system hackers at Equifax got access to personal identifying information including social security numbers, names, dates of birth and addresses. In some cases they also got access to driver’s license numbers and approximately 209,000 credit card numbers.
What can you do to monitor your identity and credit information? First of all Equifax would like you to go to www.equifaxsecurity2017.com . At this site they will ask for your last name and the last 6 digits of your social security number. This will let you know if your information was breached. Follow the instructions on the site. You may also call Equifax at 866-447-7559. If your credit card account was compromised due to this breach, Equifax will be mailing you a letter.
Don’t click on links or attachments within e-mails that claim to be coming from Equifax or any other e-mail asking for or wanting to verify personal information. This can be a way for the hackers to get more information from you. If you aren’t sure about something call the company or e-mail them using a phone number or address that you know. Not something attached to an e-mail.
Make sure your online accounts, including your e-mail have secure passwords. Consider changing your passwords and any security questions you may use with these accounts.
We all must monitor our own personal information and records. Be cautious and vigilant in our world of technology.
More Phone Call Scams
One of the latest scams using the telephone is for someone impersonating an employee from the US Department of Health and Human Services to call you. They say that they need to verify personal information such as date of birth, social security number, credit card or bank account information, mother’s maiden name or driver’s license number. You should never give this information to anyone who calls you. Don’t verify your name or any other personal information. They can use this information to take money from your bank accounts or maybe even open accounts in your name. The callers of this latest scam have even altered the appearance of the caller ID to make it look like the call is actually coming from US Department of Health and Human Services. The call will say it is from HHS OIG Hotline on your caller ID. The phone number is 1-800-447-8477. You can still call this number for service but the US Department of Health and Human Services will never call you from this number.
Another type of fraud is someone calling you and saying that you will be receiving government grant funds or money because you paid your taxes on time. The caller will then ask you for personal and banking information so that they can process and deposit the grant money. They may also ask you to send a check/money order or do a wire transfer to cover processing fees. Everyone likes “free money” but this is a scam and don’t give the caller any information.
You should also tell everyone living in your house including children, spouse, parents… not to ever give out personal information to anyone calling or knocking on your door. You could also receive an e-mail from what appears to be a legitimate company or government office. Don’t click on or reply to these unless you are 100 % sure, and never send back personal information in an e-mail.
If you become a victim of a phone scam please contact your local law enforcement and file a complaint with the Federal Trade Commission at https://www.ftccomplaintassistant.gov . You should also contact us here at Peoples Savings Bank if you have accounts here to make us aware that you may be a possible victim of fraud.
Keep your information safe. Remember if it doesn’t feel right or seem right don’t. If it is a legitimate request they will contact you again in another way.
If You Suddenly are “Entitled“ to a Large Amount of Money or…
If you receive a letter, phone call or e-mail telling you that you are the lucky recipient of an unexpected amount of money (it is usually a very large sum but not always), please proceed with caution. They may tell you that you have won this money, inherited it from a long lost or very distant relative or from a forgotten bank account somewhere. They will often want you to send them some personal information including your bank account information and maybe a Cashier’s Check or Western Union Wire to cover the cost of processing your claim to the money.
Some scammers have even gone as far as to say that they have information on helping you locate a child, friend or other relative that you haven’t seen for years. There was even a case of one parent being told that the child they gave up for adoption was in a foreign country and needed money to cover emergency medical expenses. The parent had actually given a child up for adoption over 30 years prior to this. The scammers really did their homework, hoping to play on the person’s emotions.
An example of another scam is being contacted and they tell you that you had cosigned or guaranteed someone’s loan or account. The account/ loan is in default now and you need to Western Union funds immediately or face having law enforcement come and arrest you for failure to do so. Again they are playing on your fear to react immediately and do what they say.
The number of ways they try to get you to send them money or give them your banking information is endless. From winning a contest to having a relative or friend in legal trouble or needing immediate medical attention.
Don’t make it easy for the scammers to find out personal information. Be very careful what you post on social media. This is one of the areas they look to, to find out about you. If you aren’t a social media user maybe it is what your child, grandchild or sibling posts. Sometimes the information can be obtained when a business has a data breach also.
The most important thing you need to do when faced with a situation like these is stop and think it through. Don’t react to the request immediately. Talk it over with other people including the local authorities. The scammers/criminals are counting on you reacting immediately. They will play on your fear and emotions.
Stay safe and if ever in doubt please feel free to contact us.
Pokémon Go Phenomena
Whether you have downloaded the application and are a player yourself or you have family or friends that have done so everyone seems to be talking about Pokémon Go. It has been talked about on the news, in the papers, on social media and over coffee or drinks with friends.
It has also become a threat to office and student productivity and security. The security issue is for both personal security and that of the business.
On the personal security side of things anyone playing Pokémon Go should be alert of where they are walking and who and what is around them. Being distracted could cause the person to trip, fall, walk into traffic or become a victim of crime. When talking selfies while playing this game you may also be alerting potential home burglars that you are not home. Think about it.
As for the security of the smart phone, tablet or other mobile device there are a few suggestions that may help keep you safe if you are going to play Pokémon Go.
- Download only the official Pokémon Go app. Yes there are harmful versions pretending to be the official app. When you download the official Pokémon app. review the permissions you are giving the app. and turn off any that aren’t necessary. The app. likes to use Google accounts for tracking and authentication. Think about opening a Goggle account just for Pokémon Go.
- Make sure you have anti-malware installed on your smart phone. Is you phone’s operating system up to date? Do you have a strong password?
- If you are a business does your information technology or personal policy state that employees should never use the business’s or their business accounts to download applications for personal use including playing games?
- Never drive and play Pokémon Go. We all know texting and driving is a big no.
- Be alert to your surroundings at all times. You don’t want to become a victim of a crime.
On the positive side of this latest craze, Pokémon Go is getting people out walking.
Stay safe and have fun!
Protecting Yourself from Identity Theft
Identity Theft is a growing problem in our society. If you become a victim of Identity Theft it can cause major problems for you and cost you money, in some cases a lot of money. There are many forms of identity theft. You can have someone steal your identity and file your income taxes and take any refund you may have coming. They can use your identity to open up new loans, accounts and credit cards. This can quickly damage your credit rating. Thieves can steal your identity and sell it to others. This can include your name, social security number, address and credit card numbers. They then make a new card with your information on it. They can steal your medical information and use it or sell it for others to receive medical treatments. Thieves can get access to your personal information so many ways. Our job as a consumer is to try to prevent it from happening or at least make it much more difficult for the thieves to get our information.
Here are a few ways to help protect your identity. Don’t leave your account statements laying around or throw them in the garbage. You should invest in a paper shredder and shred all sensitive documents like bank statements, credit card statements or applications, any account statements, checks… that you don’t need to keep for record or tax purposes. You should never carry your social security card in your purse or wallet. Keep it in a safe secure place. Don’t leave personal checks laying around where anyone can see them or take them. (I know you are thinking- but this information is out there when I write a check.) The thieves can initiate automatic debits to make payments on their accounts/bills using your bank account information. Which brings up the next thing you can do to protect your identity, review your credit report at least annually. You may get an annual free credit report at annualcreditreport.com or call 1-877-322-8228. Make sure all the information on the report is accurate and that you have opened these accounts and are receiving periodic statements on them. Do the names, ages, addresses… match your personal information?
You need to be vigilant about reviewing all your account statements including insurance company statements and medical bills. Don’t be afraid to ask a trusted person to help you with this. Identity thieves tend to prey on the senior citizen population. There are a number of reasons they do this including but not limited to; many have a lot of money and the thieves can persuade them or take advantage of them easier than other segments of the population.
Do you access your bank information online or through your smart phone? These can be great tools to use if you have safe guards set on your devices including anti-virus and secure passwords. At Peoples Savings Bank we have a number of safety features with our Internet and Mobile Banking. Your entire account number is not shown and you can only transfer funds between accounts that you have at Peoples Savings Bank. We also have multi factor authentication, which means you need a password and you need to answer a security question. We also have geo recognition, which recognizes if you are trying to log on from a different area than normal. Don’t share passwords with others.
When checking your e-mail account don’t click on or open any e-mails that you don’t know the sender or the topic makes no sense to you. This includes links and attachments. Never send personal information in an e-mail or give it to someone who has called you. Peoples Savings Bank will never ask you to send us personal information in an e-mail or call and ask for it over the phone.
If you use social media like Facebook don’t over share things with others. When you are on vacation or going to be away from your home for any length of time don’t put that out there for people including thieves to see. This can be an open invitation to your home for uninvited thieves. Does your profile have your birthday, home address and other personal information on it? You may want to remove that to help protect your identity.
Do you use a credit card and, or debit card to conduct most of your business and pay bills? They are a great convenience and safer than carrying large amounts of cash, but make sure you are using secure websites and check the point of sale machines to make sure they look ok. Be aware of your surroundings. Is someone watching you very closely? Try to keep the key pad out of the site of others when entering your PIN (Personal Identification Number). Always review your statements for these accounts to make sure you have initiated all of the activity.
Do you set up secure passwords and change them often? Don’t make them too simple or use the same password for multiple accounts. Never give your password to anyone else.
We as consumers have the responsibility of protecting our personal and financial information. If you have a debit card with Peoples Savings Bank you may sign up for Shazam Bolt that will notify you when your debit card is used. You set the dollar amount to be notified on. Contact us at 641-393-2301 or go to our website at www.psbiowa.com. We also use a system with Shazam for your debit cards that monitors the activity and if it seems suspicious or out of the norm for you they will try to contact you to make sure it was you who initiated the debit card activity. It is important that you talk to them on this as your debit card will be blocked until it is confirmed legitimate or not. This just prevents someone from conducting transactions on our account if they have stolen your information or card. If you ever have any questions on this please feel free to contact us at Peoples Savings Bank.
Some of the Latest Scams to Watch Out For.
Your e-mails can be full of good news but they can also be full of fraud, scams and schemes. A recent e-mail the some people are getting claims to be from the Social Security Administration. The subject line says “Get Protected”. The e-mail says the Social Security Administration can help you monitor your credit report and let you know of any unauthorized use of your social security number. It evens goes as far as to site an IRS code and number making it sound even more official. There is a link within the e-mail that they ask you to click on. Don’t do it! It is a phising scam. If you do click on it you are exposing your computer to viruses and spyware.
Some scammers also will set up what is called a spoofing website. A spoofing website is a look alike web- site that is setup by the scammer. They may than ask you put in personal information. Account numbers, passwords… Again be careful of the websites you visit on the internet.
A good rule to follow is, if you don’t recognize the sender of the e-mail don’t click on it (open it). Delete it or check with someone else. If it is important they will reach out to you again. Make sure you have a good anti-virus on your computer and keep it up to date.
Microsoft Impersonation Scam
This is how the scam usually works:
You receive an e-mail or phone call from someone claiming to be from Microsoft or a related company. They may even say that they are a relative (through e-mail). The caller tells you that your Windows based computer has a virus or some other type of problem that is causing all sorts of error messages on the internet and if you don’t fix it immediately bad things will happen to you and your computer. The may say that your internet provider has contacted them. The caller or person sending the e-mail will then say that they can fix the problem or put you in touch with somebody that can. Of course there will be a fee involved. They will ask for your bank account information or a credit or debit card number.
First of all Microsoft will never contact you personally to tell you that something is wrong with your computer. There are many forms of this scam. Some scammers are trying to sell you over priced anti- virus software. Others want your bank account information so that they can make large withdrawals, still others want to gain remote access to your computer to retrieve personal information including bank account information, credit account numbers and identifying information.
If you receive a call or e-mail from someone claiming to be from Microsoft or another company saying that you have computer problems and that they can fix them- hang up or delete the e-mail. Let your bank or credit card company know if you did give out any personal information relating to your accounts. If you did click on a link or give them remote access to your computer it would be wise to take your computer to a reputable computer repair shop to be looked at.
When in doubt error on the side of caution and don’t. You can then do research or check with someone else and make a decision later. Technology can make our lives easier but we need to be aware that everything isn’t always what it seems to be.
If you receive the following text or an e-mail saying that your debit card has been blocked do not click on the link. The message looks like this:
Click_here to continue->
This is a scam and an attempt to get your card information.
Contact an employee of Peoples Savings Bank at once. Don’t click on the link or give them any information.
Keep your card and personal information safe. Always contact a Peoples Savings Bank employee if something doesn’t seem right. Call us at 641-393-2301.
Are You Watching Your Accounts?
How often do you check your accounts and the activity on them? Daily, weekly, monthly or not until it is time to do your taxes. At a minimum you should be checking your account balances and activity monthly. With Telephone Banking, Online (internet) Banking and Mobile Banking you have the opportunity to not have to wait for a bank statement to check what transactions have taken place on your account. Once you have received your monthly bank statement please take the time to look it over.
The accountholder has 60 days from the date the statement was made available to them to inspect the statement and report errors to the bank. Failure to do so may and most likely will result in you not being able to recover the fraudulent activity on your account.
Do you have anti-virus on your computer, tablet, laptop and smart phone? Is the antivirus up to date? This is very important in protecting your personal and financial information when using these items. If you don’t have your end protected it may not help that the website that you are accessing is secure. It takes both sides to make a safe and secure search or transaction. Do not share or leave passwords or cards laying around where someone can have access to them. Don’t leave them in your vehicle unattended.
I would hope that you wouldn’t leave cash laying around for someone to help themselves. Your Debit Card or Credit Card is just like a stack of cash to a criminal. Keep them secure.
Are you aware of your surroundings when you are using your debit or credit card? Are the websites that you are accessing to pay a bill or shop on secure websites?
Think twice about using public Wi-Fi. Many of these public Wi-Fi accounts can be accessed by cyber criminals or may be actually set up by the criminal.
Peoples Savings Bank also has a great free service available called Shazam Bolt. You sign up for this and set the dollar limits that you would like to be notified of when your Peoples Savings Bank Debit Card is used. Or you can be notified of every Peoples Savings Bank Debit Card transaction on your account .You are then sent an e-mail or notification to your smart phone whenever your PSB Debit Card is used for your set dollar amount. If there is fraud you would be made aware of it right away. Stop in or call us about this free service. I encourage you to take advantage of this free service.
Technology is wonderful and can make our lives easier but we must do our part to protect our information when using it. We all must be responsible users of technology.
How Can an iPhone Case Steal Your ATM/Debit Card PIN?
For as little as $200.00 you can purchase what looks like an iPhone Case for your phone that is an infrared scanner. This infrared scanner detects the temperature of objects. The thief waits for an unsuspecting consumer to finish using the ATM machine or point of sale keypad at a store. They then step up to the keypad or ATM machine and let their phone hover over it. The infrared device that is attached to their phone then picks up the heat from the keys the unsuspecting consumer has touched thus giving the thief their PIN. The last number touched will have the darkest infrared color. You might wonder what good your PIN will be without the actual card but trust me, if the thief goes to the work of getting your PIN, he or she also knows how to get the rest of the information off your ATM/Debit Card. Also note that metal key pads don’t leave a thermal image.
An easy way to stop the PIN thief is to rest your fingers on other keys on the key pad (without pushing on the keys) thus making many keys have a thermal signature. The PIN thief then has no way of knowing which keys are your PIN.
Another area to be aware of is the Keyless Door locks that have a key pad. Thieves using an infrared scanner could gain access to your home or business using this technology. Again, resting your fingers on other keys on the key pad would make it much harder if not impossible to get your access code.
It comes down to being aware of who is around you and not giving them a chance to gain access to our accounts or property.
Be aware and stay safe.
It has been brought to our attention that some customers have had someone knock on their door saying
that they are from REC or Alliant Energy and stating that they must pay a certain dollar amount immediately
to avoid having their power turned off. This is a scam. Do not let them into your home. Neither REC or
Alliant Energy will come to your house or place of business asking for a payment. If this happens to you
do not give the person any money. Tell the so called payment collector that you need to call REC or
Alliant Energy’s office to check on the payments received on your account. Call REC or Alliant Energy to
report it immediately.
“Heartbleed” the Latest Bug to Hit the Tech World
A critical vulnerability has been discovered that puts millions of websites, networks and servers at risk. The Bug is labelled “Heartbleed”. This bug can allow hackers to have access to personal data including login credentials from the affected websites as well as other information that websites use to encrypt and decrypt sensitive and private data. This has affected OpenSSL sites. This is behind many of the HTTPS sites- primarily those sites that collect personal, financial and health care information.
In order to protect their users’ information, websites must upgrade to the patched version of OpenSSL and revoke the compromised SSL certificates and get new certificates issued. Unfortunately most websites don’t publicize if that they are using an OpenSSL. This makes it very difficult for the average consumer to know which websites may have been affected.
“Heartbleed” has affected websites of all sizes including small online stores. We have been told that Amazon, Google, Facebook, and Yahoo have already taken steps to correct and secure their websites. The IRS has said that they were not affected by the “Heartbleed Bug” and that they aren’t aware of any security issues.
What can you do as a consumer and user of the Web? First and foremost be vigilant on monitoring all your accounts including statements from your health insurance. Change your passwords on your accounts (make sure if the website has been affected that they have patched and repaired their OpenSSL or your new password will be compromised also), don’t use the same passwords for multiple sites, make the passwords complicated, use more than six characters. A six character password can be cracked in less than 90 seconds if your computer or account is hacked into. There is a website that you can go to and enter a web address to see if it has been affected. It runs a test on the site and gives the site a grade with a “F” being failing. The website is Qualys® SSL Labs SSL Server Test. It is a free service.
We have been told that our Internet Banking Website has not been compromised but we are strongly recommending that all Internet/Mobile Banking users change their passwords.
As always make sure that you keep your computers and other devices such as smart phones and tablets protected. Have up to date anti- virus protection and password protect your devices. This would not have stopped this latest bug but will help protect you from other viruses that are out there.
Beware of Imposters Wanting to Take Control
Several customers have recently contacted us regarding phone calls from Microsoft or Windows asking to update or fix a problem with their Microsoft or Windows account or other computer problems. You should never give out information to an unsolicited phone call. The caller may direct you to go to a Website that they give you. This will give them access to your computer. They are most likely phising for information such as credit card numbers or trying to obtain control of your computer to find out passwords and account numbers. Microsoft and Windows will never make unsolicited phone calls and then want to charge you for safety or software repairs.
Below are some links that you may go to, to find out more about these scams and how to protect yourself.
If you are a Facebook user beware of this threat to your computer and personal information.
A Private messages delivers what seems to be an image. It is spreading quickly on Facebook, as the file downloads a Trojan then compromises the user’s computer and Facebook account to spread the malware further.
The Trojan infection chain starts like this: the Facebook user sees a message from a friend that simply states "LOL" and includes the "image to click on. The image contains the Zip file.The ZIP file in in the message downloads the actual malware from a remote Dropbox account.
Facebook users are advised not to automatically open similar files received from Facebook friends, but to ask the friend (sender) if they were the ones who sent it .If your Facebook friend doesn’t respond or they say I didn’t send that’ then go ahead and suggest your friend run an Anti Virus scan and change their Facebook passwords, in that order.
Use caution and protect your computer and personal information.