Citizens Bank is committed to ensuring the security of your personal and financial information. If we need to communicate notices or alerts to our customers, this is where we will publish the details online. Citizens Bank will monitor and provide information concerning data breaches as they occur. As always, please regularly check your statement and online banking for suspicious activity and alert us immediately if you notice anything unusual.
While there are an endless number of ways thieves may try to get your information almost all scams involve some type social engineering. Social engineering is when thieves use something you are comfortable with or trust in order to get you to act without thinking your actions through. Common scams include:
Phishing - Thieves will send out bogus messages that appear to be from a company or government agency you may or may not do business with. These messages will attempt to convince you to either click on a link or call a number in order to get you to reveal information that can be used to steal your identity and/or access your accounts. Phishing messages may come through email, instant messages, and even text messages. The best thing to do if you believe a message may be legitimate is to contact the company using contact information that you know is valid such as a number from the phone book or by typing the company’s web address into your browsers address bar.
Vishing - is the use of social engineering tactics over the telephone system in an attempt to gain personal information for fraudulent uses. Vishing is successful because it is hard for law enforcement to track and because the phone system is very trusted by the general public. Features like caller ID can now be forged and faked using modern tools to make the calls more believable. Customers should be very suspicious when receiving calls asking for personal information and should call the bank directly using a number they know is good if they question the validity of a request.
Spoofing - A “spoofed” site is one that appears to belong to a legitimate company. The site may even look like the legitimate company’s site utilizing their colors and, perhaps, their logo. Typically a bogus email is received that asks you to supply, confirm or update sensitive personal information by clicking on a link in the email. The goal of the criminal is to get you to enter the requested information so that they can steal it for their purposes.
We use Secure Access Codes as an additional layer of security in our Online Banking. A Secure Access Codes is a one-time use code that allows you to securely login to online banking system and is delivered to you via phone call or SMS text. Choosing “register my computer for later use” authorizes us to store a security certificate on your computer which will speed up the verification process in the future, and eliminate the need to use a Secure Access Code on each login.
The following sites offer valuable information related to fraud and identity theft:
- Practical tips from the federal government and the technology industry to help you be on guard against internet fraud, secure your computer, and protect your personal information.
- Information and tools from the National Cyber Security Alliance to help home users and small businesses stay safe
- Resource to learn about identity theft with detailed information to help you deter, detect, and defend against identity theft.
- Resource for small businesses to learn more about securing their sensitive data.
- Information and tools to help business owners, managers, and employees understand and adopt basic internet security practices.
- A great resource for business customers to learn how to enhance their payment card data security. The Payment Card Industry (PCI) Security Standards Council manages security standards related to card processing.
Tips to Protect Yourself
Being proactive and taking a few simple steps can help you protect yourself from becoming a victim.
- Never provide your password, credit or debit card information or pin number over the phone or in response to an unsolicited Internet request unless you initiated the contact.
- Urgent appeals to act now should be resisted. Thieves often try to get you to act quickly before you have a chance to think about what you may be doing.
- Review your statements when you get them. You can also always review your accounts in real time using internet banking. If you see a transaction you cannot explain contact us immediately.
- Contact the bank and ask to receive your statements electronically. Not only are you helping the environment, but you are keeping the paper statements out of your mailbox where they could be stolen and used to steal your identity.
- Don’t agree to deposit money from someone you don’t know into your account and then wire the money back or to someone else you don’t know. Wires are like sending cash, once they have been sent you can’t get your money back.
- If something sounds too good to be true, it probably is.
- Follow our Safe Computing Tips below.
- Business customers should consider performing their own risk assessment and controls evaluation periodically to determine if additional controls are necessary to address the risks of online banking. Additional information to assist you in completing this process can be found on our Helpful Resources Page - above.
Remember: Citizens Bank will never contact you via unsolicited phone calls, emails, text messages, or over any other mediums to request your online banking credentials or personal information. As your bank we already have that information on file and will therefore never request such information. If you ever question the legitimacy of a request for your information you should contact the bank on your own to verify the request.
Safe Computing Tips
Install or Update Your Antivirus and Antispyware Software:
Antivirus and Antispyware software are designed to prevent and detect malicious software programs on your computer. In order to keep your computer and your identity safe all computers connected to the internet for any length of time should have both of these products installed at all times.
Run a Full Scan With Both Your Antivirus and Antispyware Software:
Full scans with your Antivirus and Antispyware software can help to catch the most recent viruses and spyware that may have been installed on your computer without your knowledge. Full scans of your entire PC should be run at least daily.
Ensure Your Operating System is Up to Date:
Computer operating systems need to be updated to stay current with any security patches released by the maker of your operating system. In most cases people are running a Microsoft operating system that can be checked by visiting http://update.microsoft.com. Microsoft usually releases new updates once a month, but may do so more often when an update is extremely critical.
Keep Your Software Up to Date:
In addition to keeping your operating system up to date you should also look for updates for the software installed on your PC. This includes software such as Adobe products, Java, Firefox, and Apple iTunes. Software such as this can be vulnerable to hacker attacks and may lead to the compromise of your system if it isn’t updated. A good rule of thumb is that if you don’t need a piece of software don’t install it or remove it when it is no longer needed.
Keep Your Firewall Turned On:
A firewall helps protect your computer from hackers who may try to gain access to your computer and the information it contains. Software firewalls are available to protect single computers and are even included with many updated copies of Microsoft Windows.
Review Accounts Regularly:
Everyone should regularly monitor their accounts for suspicious transfers and withdrawals. Businesses should monitor their accounts daily for suspicious transactions. Customers should notify us immediately of any unexpected activity.
Change Your Passwords to Banking, Email, and Ecommerce Sites Regularly:
Passwords are the keys to your internet kingdom. Changing your passwords regularly will help ensure the security of all your online accounts as well as the information and the money they give you access to. When changing your password be sure to use strong passwords. Strong passwords use eight or more characters with random letters, numbers, and symbols. In addition, you should never use the same password on multiple sites. If one site is compromised your other accounts could possibly be accessed as well.
Be Careful What You Download:
You should never open email attachments or click on links in emails from people you don’t know. You should also be wary of forwarded attachments and links from people you do know. Email attachments and links can circumvent even the best Antivirus software. Additionally, you should be wary of downloads from trusted and un-trusted sites that seem new or suspicious. If the site has been poisoned or compromised by hackers you could unknowingly be installing a virus or spyware. If you question whether a download is necessary to access a site you can always contact the company for further information.
If Possible Have a PC Dedicated Only to Online Banking Activities:
Fraudsters and scam artists have learned that many small and medium sized businesses use online banking products due to their convenience. What they have also learned is that these same businesses often do not take the time to adequately protect their PCs as outlined in these tips, nor do they regularly review their accounts for fraudulent activity. Using this knowledge fraudsters and scam artists are now actively targeting small and medium sized businesses using phishing attacks, email attachments, and web sites designed to take advantage of OS and software flaws. One of the most effective controls is to use a second PC or “live disk” for your banking. This PC should not be used for regular web surfing, checking email, or other projects. These activities can increase a business’s risk of unknowingly coming into contact with malicious sites and software. You should never use the computer your kids use for your online banking.
Victim? What to do
If you believe that you have become the victim of identity theft or fraud contact your financial institution immediately. If you have disclosed sensitive information about your identity, accounts or credit cards you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file. The following is contact information for each of the bureau’s fraud division:
- Equifax (888) 766-0008
- Experian (888) 397-3742
- TransUnion (800) 680-7289
The FTC has helpful resources online: https://www.identitytheft.gov/
Citizens Bank is here to help if you ever notice any suspicious activity on one of your accounts. Please contact us immediately at 859.572.2660.
If you suspect that you have received a fraudulent email, phone call or text message targeting Citizens Bank customers, DO NOT RESPOND TO THE MESSAGE! Contact us at 859.572.2660.