Are you taking steps to protect your business and personal information online?
Identity theft remains one of the fastest-growing crimes in the United States. Please take a few minutes to review the business and personal fraud prevention guidelines below to learn how you can be proactive in the fight against online fraud.
{beginAccordion}
General Guidelines
At TriStar Bank, we make protecting your personal identifiable information a top priority. Here are a few steps we would like to share to help you.
-
Your account is automatically enrolled in fraud text notifications. Should something look out of the ordinary, we’ll send you a text so you can take action fast. If you ever have questions, we’re just a call away. It’s one more way we’re looking out for you and helping you stay financially protected.
-
Verify the last login date and time at the top right of the website's home page each time you log in to our system.
- Review your account transactions, balance information, and other transactions, and immediately report any suspicious activity to the bank;
- TriStar Bank utilizes the Out-of-Band system to verify your identity on your computer. If you do not recognize any of the challenge questions, please verify your user name is correct. If you continue to have issues logging in to the system, contact us.
- Sign up for account alerts within our online system and by using our Card Controls application for real-time alerts each time a transaction processes on your account.
- Never leave your computer unattended while using our online banking system.
- Do not conduct banking transactions while multiple browsers are open on your computer.
- Never provide Personal Financial Information, including your Social Security number, account number, or passwords, over the phone or the internet if you did not initiate the contact
- Do not use public or other unsecured computers (such as a public library).
User ID and Password Guidelines
Use the following information to protect your usernames and passwords.
- Change your password frequently.
- Create a strong password with at least ten (10) characters; a mix of upper and lower case letters, numbers, and special characters;
- Never share your user name and password with third-party providers or family members.
- Avoid using an automatic login feature that saves usernames and passwords on your computer.
- Avoid using your social security number or other personally recognizable information in your passwords
Customer Awareness / Phishing
Phishing is a form of social engineering used by fraudsters masquerading as a trustworthy person or business, such as a bank, to acquire your sensitive information using emails or other types of electronic communications. The term phishing comes from the use of increasingly sophisticated lures to "fish" for users' financial information and passwords. Here is how to protect your information from phishing attempts;
- Verify the email is legitimate by calling the sender. Phishing emails may ask you to go to a website to "verify" personal information such as your account number, credit card number, password, PIN, etc.;
- Requests may contain a sense of urgency or a warning to get you to respond. This is another attempt to get your information fraudulently.
- Be cautious of emails addressed to "Dear Valued Customer". Typically, the heading should be addressed to you personally.
- "Click Here" is another way fraudsters will obtain access to your computer and personal information. If you do not see a web address, it may be another attempt to obtain your personal information.
- Never click on a link provided in an email you believe is fraudulent. It may contain malicious software that could contaminate your computer.
- Report suspicious emails or calls to the Federal Trade Commission through the Internet at http://www.consumer.gov/idtheft or by calling 1-877-ID-THEFT.
Useful Links
Below are other links to information to help prevent identity theft:
Annual Credit Report The only source for your free credit report authorized by Federal law.
FTC Identity Theft.gov Report identity theft and get a recovery plan.
Information for Business Clients
Business and Commercial online clients should be diligent in performing risk assessments and controls to evaluate the strength of your controls and identify any potential threats.
- Spoofed emails closely mimic legitimate e-mail requests.
- Hacked emails often originate from personal email accounts.
- Fraudulent wire transfer requests are well-worded, specific to the business being targeted, and do not raise suspicion about their legitimacy.
- The phrases "code to admin expenses" or "urgent wire transfer" were reported by victims in some of the fraudulent email requests.
- The amount of the fraudulent wire transfer request is business-specific; therefore, dollar amounts are similar to normal business transaction amounts so as not to raise doubt.
- Fraudulent emails received have coincided with the business travel dates for executives whose emails were spoofed;
- Victims report that IP addresses frequently trace back to free domain registrars.
One example of a treat to businesses is a Business Email Compromise (BEC). This is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly make wire transfers. Formerly known as the Man-in-the-Email Scam, the BEC was renamed to focus on the "business angle" of this scam and to avoid confusion with another unrelated scam. Suggestions to help protect you and your business from becoming victims of the BEC scam are below:
- Avoid free web-based email. Establish a company website domain and use it to establish company email accounts in lieu of free, web-based accounts;
- Be careful what is posted to social media and company websites, especially job duties/descriptions, hierarchical information, and out-of-office details.
- Be suspicious of requests for secrecy or pressure to take action quickly;
- Consider additional IT and financial security procedures and 2-step verification processes;
- Beware of sudden changes in business practices. Always verify via other channels that you are still communicating with your legitimate business partner.
{endAccordion}