Tips:

• Add your phone numbers to the national Do Not Call Registry at donotcall.gov or by calling 1-888-382-1222. Since February 2008, these registered telephone numbers will no longer expire off the list.
• Examine your financial institution statements immediately upon receipt to determine whether there were any unauthorized transactions. Report any unauthorized transactions that you find immediately to South Ottumwa Savings Bank.

Annually

• Each year, you are entitled to one free credit report through annualcreditreport.com or by calling 1-877-322-8228.
• Request a copy of your Social Security statements at ssa.gov/mystatementto be sure that no one else is using your social security number for employment.

Every 5 Years

• Opt out of pre-screened credit offers by calling 1-888-567-8688 or at optoutprescreen.com.

Please read the other sections below to learn about the different types of fraud and how to prevent them, from spyware and other computer fraud to mail and phone fraud to email phishing and web spoofing. Our Fraud Summary page provides more tips on how to protect yourself.

Fraud Summary

Identity Theft is the most popular and profitable form of consumer fraud. It occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes.

Common ways identity theft can happen:

“Old Fashioned” Stealing

• Thieves typically steal wallets and purses. They also steal mail such as credit card and bank statements, pre-approved credit card offers, check orders and other financial mail.

Dumpster Diving

• Thieves dig through trash looking for bills, financial or other personal information.

Change of Address

• Thieves modify or redirect your billing statements to another address by completing a “change of address” form.

Phishing

• Thieves may send unsolicited Emails, pretending to be a financial institution or a company, asking you to click a link to update or confirm your personal or login information. The link is directed to a “spoof” website designed to look like a legitimate site.

Skimming

• Thieves may use a card reader device to copy the card’s magnetic strip to duplicate without the card owner’s knowledge.

Monitor your accounts

Keep track of transactions on your accounts by logging in to South Ottumwa Savings Bank‘s Online Banking, where you can view your activity as it is posted.

Protect your personal information

• Do not carry your Social Security card in your wallet.
• Do not have personal information such as your Social Security number and driver’s license number printed on your checks.
• Keep your new and cancelled checks in a safe place.
• Do not leave your purse, wallet, checkbook, or any other forms of identification in your car
• Shred or tear up any documents containing banking or credit information, especially pre-approved credit offers, before you throw them away. To opt out of pre-approved credit card offers, call 1-888-567-8688.
• Keep your PINs and passwords a secret. Do not write them down or share them with anyone.

Computer Security

South Ottumwa Savings Bank continually makes investments in state-of-the-art online banking security to ensure we protect the confidentiality of every customer’s online information and to provide the utmost security of every user.

Computer protection tips:

• Update your computer operating system on a regular basis.
• Keep your browser current with the latest security updates.
• Use updated anti-virus software.
• Use updated anti-spyware software and consider using more than one, to ensure the most thorough scan.
• Change your passwords on a regular basis, as a good practice to help prevent unauthorized access.
• Download free software only from websites you know and trust.
• Do not install software without knowing exactly what it is or what it will do (read the end-user license agreement).
• Close pop-up ads by clicking on the “X” instead of clicking within the advertisement itself.
• Review your browser security settings and set them to a high enough level to help detect unauthorized downloads. (Click your browser’s “Help” menu for steps).
• Do not click link inside of spam email. Especially emails claiming to offer anti-spyware software.
• Install a personal firewall on your computer. A firewall works like a filter that prevents access to information on your computer.
• Don’t give any of your personal information to any web sites that do not use encryption or other secure methods to protect it.

Mail & Phone Security

We recommend you learn ways to protect yourself from common fraud schemes.

Vishing

Vishing scams target consumers by “spoofing” text or voicemail messages that ask you to call a phone number and give your personal information. Here’s how it works:

• You receive a “spoof” email, text message, or voicemail about suspicious account activity.
• The email, text message, or voicemail message will ask you to call a “customer service” number.
• When you call the customer service number, a recording will ask you to provide personal information such as account numbers, passwords, a social security number, or other critical information.
• The recording may not mention the company’s name and could potentially be an indication the call is being used for fraud.
• In a variation of this scam, you may receive a phone call.
• The call could be a “live” person or a recorded message.
• The caller may already have your personal information, which may seem as if the call is legitimate.

Smishing

Smishing is when consumers’ cell phones and other mobile devices are targeted with mobile spam. The spam, or text messages, attempt to trick consumers into providing personal information. Here’s how it works:

• You receive a fake text message, which may include a fraudulent link, asking you to register for an online service.
• The scammer attempts to load a virus onto your cell phone or mobile device.
• The scammer may also send a message ‘warning’ you that your account will be charged unless you cancel your supposed online order.
• When you attempt to log on to the website, the scammer extracts your credit card number and other personal information.
• In turn, your information is used to duplicate credit, debit and ATM cards.
• Scammers may also send you a text message again ‘warning’ you that your bank account has been closed due to suspicious activity.
• The text message will ask you to call a ‘customer service’ number to reactivate your account.
• When you call the number, you are taken to an automated voice mail box that prompts you to key in your credit card, debit card or ATM card number, expiration date and PIN to verify your information.
• Again, your information is used to duplicate credit, debit and ATM cards.

Lottery/Sweepstakes Scams

Lottery/Sweepstakes scams target consumers by a notification, which arrives through the mail, by email, or by an unsolicited telephone call. Here’s how it works:

• The notification advises you have won a prize, but you did not enter in any type of lottery or sweepstake by the promoter contacting you.
• The promoter will ask you to send payment to cover the cost of redeeming the prize when the prize does not exist.
• In this type of scam, you may rarely if ever receive any winnings in return.

Check Overpayment Scams

Check Overpayment scams target consumers who sell items through an online auction site or a classified ad. Here’s how it works:

• The seller takes a big loss when the ‘buyer’ passes a counterfeit cashier’s check, money order, corporate or personal check as payment.
• The counterfeit check is written for more than the agreed price.
• The ‘buyer’ will ask the consumer to wire back the difference after the check has been deposited.
• The check will more than likely bounce and the consumer becomes liable for the entire amount.

Tips for the mailbox

• Deposit outgoing mail at the Post Office.
• Remove incoming mail from your personal mailbox as soon as possible, or use a P.O. Box or locked, secure mailbox.
• Request a mail hold from the United States Postal Service or call them at 1-800-275-8777 if you plan to be away from home for an extended period.
• Know your billing cycles. If bills are late or missing, contact your creditors.
• Watch for your new or replacement debit card from South Ottumwa Savings Bank. You should receive it within five business days.
• Switch to a more secure way of receiving your account statement. When you sign up for South Ottumwa Savings Bank Online E-Statements, your statement will no longer sit in your mailbox. Instead, we will send you an email when your statement is available through your secure Online Banking account.

Tips for the phone

• Do not give out personal information, such as your account numbers, card numbers, Social Security, tax identification numbers, passwords, or PINs, unless you have initiated the call.
• We will not make an unsolicited call requesting your personal information.
• If you ever believe you are not talking to a representative of a legitimate company, hang up and call the phone number listed in the telephone book.

Phishing & Spoofing

While South Ottumwa Savings Bank works to protect your banking privacy, you also play an important role in protecting your information. Here are a few steps you can take to protect your identity:

Phishing scams target consumers by “spoofing” emails and websites. Here’s how it works:

• You receive an email message, asking you to click on a link in order to update some sensitive personal information.
• The link will redirect you to a “spoofed” website, which is designed to look like a legitimate website.
• The website will ask you to input personal information such as your account numbers, PINs, or a social security number.

Email protection tips

• Do not click links in Emails to log in, or to update or confirm your sensitive information
• Do not fill out forms in Emails
• Be cautious about opening attachments or downloading files, regardless of who sent them
• ‘Spam’, or mass email messages, often contain links to phishing websites and other unsavory websites.
• Many phishing scams originate outside of the United States. Be wary of emails from people or sources you don’t know or trust.
• Poor grammar and misspelled words from unknown sources asking you for personal information are clear warning signs of a phishing scam being operated outside of the United States.
• Legitimate companies or organizations will never ask you to divulge any personal information over email.
• Phishing emails may also be fake contests or offerings, asking you to input personal information.
• If an offer or email you receive is too good to be true, it most likely is.

Bank Error Messages

One of the newest schemes by fraudsters involves spoofing bank error messages. Here’s how it works:

• Fraudsters will send you an email message about a data or site maintenance error at South Ottumwa Savings Bank or any of your banks.
• The email will ask you to click on a link, which will redirect you to a site and will install malware on your computer.
• This malware allows scammers to intercept your password and bypass the dual authentication system many financial institutions use.
• The next time you attempt to log in to your online banking service, scammers attempt to steal your password and may quickly drain your account.

Emails from South Ottumwa Savings Bank

For your protection, we will not send you an email to update or confirm your sensitive information by clicking a link or replying.

Emails to South Ottumwa Savings Bank

Please do not send personal information in un-secure email. Secure email may be sent from the Secure Feedback form from within our Online Banking’s Support Tab.

Equifax® is a registered trademark of Equifax, Inc. All rights reserved.

Experian® is a registered trademark of Experian Information Solutions, Inc. All rights reserved.

TransUnion® is a registered trademark of TransUnion LLC. All rights reserved.

We continually make investments in state-of-the-art online banking security to ensure we protect the confidentiality of every customer’s online information and to provide the utmost security of every user.
 

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that “in cooperation with the Department of Homeland Security, federal, state and local governments…” the FDIC has withdrawn deposit insurance from the recipient’s account “due to account activity that violates the Patriot Act.” It further states deposit insurance will remain suspended until identity and account information can be verified using a system called “IDVerify.” If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient’s computer.

This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.

The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

For your reference, FDIC Special Alerts may be accessed from the FDIC’s website. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit the FDIC’s website.

Sandra L. Thompson, Director
FDIC: Division of Supervision and Consumer Protection

A fast growing electronic crime where thieves typically use some form of malware to obtain login credentials to Corporate Online Banking accounts and fraudulently transfer funds from the accounts.

What is Corporate Account Takeover, how does it work?

• Criminals target victims by scams
• Victim unknowingly installs software by clicking on a link or visiting an infected internet site.
• Fraudsters begin monitoring the accounts
• Victim logs on to their Online Banking
• Fraudsters collect Login Credentials
• Fraudsters wait for the right time and then depending on your controls – they login after hours or if you are utilizing a token they wait until you enter your code and then hijack the session and send you a message that Online Banking is temporarily unavailable.

Types of Security Threats

• Malware – Short for malicious software, is software designed to infiltrate a computer system without the owner’s informed consent. Malware include computer viruses, worms, Trojan horses, spyware, dishonest adware, crimeware, most rootkits, and other malicious and unwanted software.
• Viruses – A computer program that can copy itself and infect a computer. Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them.
• Spyware– Type of malware that is installed on computers and collects little bits of information at a time about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. It can install additional software, redirecting Web browser, change computer settings, different home pages, and/or loss of internet.
• Rogue Software / Scareware– Mainly relies on social engineering in order to defeat security software. It has become a growing serious security threat in desktop computing. Most form of malware that deliver or misleads user into paying for the fake or stimulated removal of malware.
• Phishing – Criminally fraudulent process of attempting to acquire sensitive information (usernames, passwords, credit card details) by masquerading as a trustworthy entity or electronic communication. Commonly used means are: social websites, auction sites, online payment processors, and IT administrators.
• E-mail Usage– Some experts feel e-mail is the biggest security threat of all. The fastest, most-effective method of spreading malicious code to the largest number of users. It is also a large source of wasted technology resources. Some examples of corporate e-mail waste: electronic greeting cards, chain letters, jokes and graphics, and spam and junk e-mail.
• Hoaxes– Hoaxes attempt to trick or defraud users. A hoax could be malicious, instructing users to delete a file necessary to the operating system by claiming it is a virus. It could also be a scam that convinces users to send money or personal information. Phishing attacks fall into this category.

What can you do to protect your business?

• Train your employees
• Secure your computer and networks
• Limit administrative rights
• Install and maintain spam filters
• Use multi-layer security
• Surf the internet carefully
• Install and maintain real time anti-virus and anti-spyware desktop firewall and malware detection and removal software
• Install routers and firewall to prevent unauthorized access to your computer or network
• Install security updates to operating systems and all applications as they become available.
• Block pop-ups
• Do not open attachments from e-mails you don’t know
• Reconcile accounts daily.

Contact the Bank if you:

• Suspect a fraudulent transaction
• If you are trying to process an online wire or ACH batch and receive a maintenance page
• If you receive an email claiming to be form the Bank and it is requesting personal/company information

The Bank will never ask for sensitive information, such as account numbers, access IDs, or passwords via e-mail.

Incident Response Plans

Since each business is unique, customers should write their own Incident Response Plan. A general template would include:

1. The direct contact numbers of key bank employees (including after-hours numbers)
2. Steps the accountholder should consider to limit further unauthorized transactions, such as:
   1. Changing passwords
   2. Disconnecting computers used for Internet Banking
   3. Requesting a temporary hold on all other transaction until our-of-band confirmations can be made
   4. Noting information the accountholder will provide to assist the bank in recovering the accountholders money
   5. Contacting their insurance carrier and
   6. Working with computer forensic specialists and law enforcement to review appropriate equipment.

How to recognize a phishing, mishing or vishing scam

• Genuine banks and organizations will NOT contact you by email to request confidential and personal information.
• If a bank or organization sends you a genuine request for some information, they should address you by name and not refer to you as ‘account holder’ or ‘customer’.
• A genuine bank or organization should take good care to ensure that any email or message they send to you does not contain typing errors and grammatical mistakes—many scammers make silly mistakes.

How to respond to a phishing, mishing or vishing scam

• There are things you can do if you receive a suspicious message. If you receive an email, phone call or other message supposedly from your bank or another organization requesting your personal details, delete the message or hang up your phone.
• Even if the email or message urges you to act quickly, do not panic—this is just a trick to make you respond immediately without giving you a chance to talk to others or to check if it is a scam.
• If you receive a suspicious call or message that you think might be genuine, do not divulge your details until you have made some extra checks to satisfy yourself that it is not a scam.
• Ring your bank or the company yourself to find out if it is a genuine message but never use the number provided in the email or message—a scammer will not give you the correct number!

How to reduce the damage if you think you have fallen for a scam

• Report the scam– You should telephone your bank or financial institution if you are suspicious of an email, letter or phone call that claims to be from them, or if you think someone may have access to your accounts. They can advise you on what to do next. Make sure the telephone number you use is from the phone book or your account statement, ATM card or credit card.
• Protect your computer– If you were using your computer when you got scammed, it is possible that a virus of other malicious software may have infected your computer. Run a full system check using reliable security software. If you do not have security software (such as virus scanners and a firewall) installed on your computer, a computer professional can help you choose what you need.
• Change your passwords– Scammers may have also gained access to your online passwords. Change your passwords using a secure computer.

When you think about cybersecurity, remember that electronics such as smartphones and other internet-enabled devices may also be vulnerable to attack. Take appropriate precautions to limit your risk.

Why does cybersecurity extend beyond computers?

Actually, the issue is not that cybersecurity extends beyond computers; it is that computers extend beyond traditional laptops and desktops. Many electronic devices are computers—from cell phones and tablets to video games and car navigation systems. While computers provide increased features and functionality, they also introduce new risks. Attackers may be able to take advantage of these technological advancements to target devices previously considered “safe.” For example, an attacker may be able to infect your cell phone with a virus, steal your phone or wireless service, or access the data on your device. Not only do these activities have implications for your personal information, but they could also have serious consequences if you store corporate information on the device.

What types of electronics are vulnerable?

Any piece of electronic equipment that uses some kind of computerized component is vulnerable to software imperfections and vulnerabilities. The risks increase if the device is connected to the internet or a network that an attacker may be able to access. Remember that a wireless connection also introduces these risks (see Securing Wireless Networks for more information). The outside connection provides a way for an attacker to send information to or extract information from your device.

How can you protect yourself?

• Remember physical security– Having physical access to a device makes it easier for an attacker to extract or corrupt information. Do not leave your device unattended in public or easily accessible areas (see Protecting Portable Devices: Physical Security for more information).
• Keep software up to date – If the vendor releases updates for the software operating your device, install them as soon as possible. Installing them will prevent attackers from being able to take advantage of known problems or vulnerabilities (see Understanding Patches for more information).
• Use good passwords– Choose devices that allow you to protect your information with passwords. Select passwords that will be difficult for thieves to guess, and use different passwords for different programs and devices (see Choosing and Protecting Passwords for more information). Do not choose options that allow your computer to remember your passwords.
• Disable remote connectivity  – Some mobile devices are equipped with wireless technologies, such as Bluetooth, that can be used to connect to other devices or computers. You should disable these features when they are not in use.
• Encrypt files– If you are storing personal or corporate information, see if your device offers the option to encrypt the files. By encrypting files, you ensure that unauthorized people can’t view data even if they can physically access it. When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data.
• Be cautious of public Wi-Fi networks – Before you connect to any public wireless hotspot – like on an airplane or in an airport, hotel, train/bus station or café:
  • Be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate.
  • Do not conduct sensitive activities, such as online shopping, banking, or sensitive work, using a public wireless network.
  • Only use sites that begin with “https://” when online shopping or banking. Using your mobile network connection is generally more secure than using a public wireless network.

  For more information on how to protect yourself go to Cybersecurity Awareness Program