Child hand inserting coin in piggy bank
Sign up to receive the PSB “Forward Thinker”, a monthly newsletter to keep you up to date with relevant news about PSB and our community, along with our best tips for managing money. We promise to not clutter your inbox and you can always opt-out at any time.
Village of Princeville
Princeville School District
Lillie M Evans Library District
Princeville Food Pantry
Village of Brimfield
Brimfield School District
US Small Business Association
Greater Peoria Economic Development Council
The Turner Center for Entrepreneurship
Security is a very important issue for all of us here at Princeville State Bank and customer education is also important. Today’s security issues can be both challenging and frightening at times. We have included the following information for you to get a better understanding of some of the security issues that we all face from day to day.
LOST OR STOLEN DEBIT CARDS
Report immediately!!! Please call 309-385-4375 Princeville State Bank (during normal business hours)
IDENTITY THEFT RESOURCE GUIDE
Princeville State Bank is aware of several malware threats to financial institutions. To avoid any issues, PSB would like to remind customers to always type in our complete web address when accessing your online banking accounts, or to access directly through our PSB app. Some types of malware have targeted the Google Search engine. Some malware infects Google Search results which will push false bank-related results to the top of the search. The fake results will even show a high rating and positive reviews. Once clicking on the link, you will receive a pop up asking you to enable editing, content and/or macros. Enabling these changes will then infect your system. Our customers safety and security of their information is our top priority at PSB. If you ever see something questionable when accessing your online accounts, please notify us immediately at 309-385-4375.
At Princeville State Bank, the safety and security of our customer’s financial information is our first priority.
What is a compromised card?
A compromised card is a card that is at risk of being used fraudulently.
How long does PSB react to compromise notifications?
PSB acts immediately. We take every compromise seriously and require issuance of new cards for affected cardholders. Those cardholders will receive phone and/or written notification if their card data has been compromised and new cards will be re-ordered.
Does this mean that I have fraud on my account?
Not necessarily. In fact, among the list of card numbers we periodically receive, rarely has anyone been affected by fraud. Take the opportunity to review your monthly statements.
What do I need to do if I discover fraud on my account?
Call PSB immediately. The number that you can reach our fraud department is 309-385-4375 extension 209 and 210.
How long does it take to receive my new debit card?
Most cards are received 10-14 days from the date of order. The new PIN number will be shipped out separately.
Is there a charge for the new card?
As a courtesy to our customers, under these circumstances, we do not charge the normal $5.00 replacement card fee.
What can I do to keep this from recurring?
Unfortunately, we have no way of stopping criminals from hacking into databases of merchants. While the possibility of a card being used fraudulently is low, we recognize the aggravation customers face in acquiring a replacement card or to have fraudulent activity removed from their account. In all situations, PSB reminds customers to always have a back-up method of payment and to check their activity on their accounts, often.
What do I need to do once my card is compromised?
Contact any company/merchant that has recurring debits taken from your debit card account (example; Mediacom, Frontier, Verizon) and inform them that you have a new debit card number. Most importantly, check your account activity.
Any other questions or concerns, please call PSB at (309)-385-4375.
When internet fraudsters impersonate a business to trick you into giving out your personal information, it’s called phishing. Don’t reply to email, text, or pop-up messages that ask for your personal or financial information. Don’t click on links within them either – even if the message seems to be from an organization you trust. It isn’t. Legitimate businesses don’t ask you to send sensitive information through insecure channels.
Examples of Phishing Messages
You open an email or text, and see a message like this:
The senders are phishing for your information so they can use it to commit fraud.
How to Deal with Phishing Scams
You can take steps to avoid a phishing attack:
Report Phishing Emails
Forward phishing emails to email@example.com – and to the company, bank, or organization impersonated in the email. You also may report phishing email to firstname.lastname@example.org. The Anti-Phishing Working Group, a group of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
If you might have been tricked by a phishing email:
What is Social Engineering?
Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer.
Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software. For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password (unless the password is really weak).
Security is all about knowing who and what to trust. Knowing when, and when not to, to take a person at their word; when to trust that the person you are communicating with is indeed the person you think you are communicating with; when to trust that a website is or isn’t legitimate; when to trust that the person on the phone is or isn’t legitimate; when providing your information is or isn’t a good idea.
Ask any security professional and they will tell you that the weakest link in the security chain is the human who accepts a person or scenario at face value. It doesn’t matter how many locks and deadbolts are on your doors and windows, or if have guard dogs, alarm systems, floodlights, fences with barbed wire, and armed security personnel; if you trust the person at the gate who says he is the pizza delivery guy and you let him in without first checking to see if he is legitimate you are completely exposed to whatever risk he represents.
Common social engineering attacks
Email from a friend. If a criminal manages to hack or socially engineer one person’s email password they have access to that person’s contact list–and because most people use one password everywhere, they probably have access to that person’s social networking contacts as well.
Once the criminal has that email account under their control, they send emails to all the person’s contacts or leave messages on all their friend’s social pages, and possibly on the pages of the person’s friend’s friends.
These messages may use your trust and curiosity:
These messages may create a compelling story or pretext:
Phishing attempts. Typically, a phisher sends an e-mail, IM, comment, or text message that appears to come from a legitimate, popular company, bank, school, or institution.
These messages usually have a scenario or story:
Baiting scenarios. These socially engineering schemes know that if you dangle something people want, many people will take the bait. These schemes are often found on Peer-to-Peer sites offering a download of something like a hot new movie, or music. But the schemes are also found on social networking sites, malicious websites you find through search results, and so on.
Or, the scheme may show up as an amazingly great deal on classified sites, auction sites, etc.. To allay your suspicion, you can see the seller has a good rating (all planned and crafted ahead of time).
People who take the bait may be infected with malicious software that can generate any number of new exploits against themselves and their contacts, may lose their money without receiving their purchased item, and, if they were foolish enough to pay with a check, may find their bank account empty.
Response to a question you never had. Criminals may pretend to be responding to your request for help from a company while also offering more help. They pick companies that millions of people use like a software company or bank. If you don’t use the product or service, you will ignore the email, phone call, or message, but if you do happen to use the service, there is a good chance you will respond because you probably do want help with a problem.
For example, even though you know you didn’t originally ask a question you probably a problem with your computer’s operating system and you seize on this opportunity to get it fixed. For free! The moment you respond you have bought the crook’s story, given them your trust and opened yourself up for exploitation.
The representative, who is actually a criminal, will need to ’authenticate you’, have you log into ’their system’ or, have you log into your computer and either give them remote access to your computer so they can ’fix’ it for you, or tell you the commands so you can fix it yourself with their help–where some of the commands they tell you to enter will open a way for the criminal to get back into your computer later.
Creating distrust. Some social engineering, is all about creating distrust, or starting conflicts; these are often carried out by people you know and who are angry with you, but it is also done by nasty people just trying to wreak havoc, people who want to first create distrust in your mind about others so they can then step in as a hero and gain your trust, or by extortionists who want to manipulate information and then threaten you with disclosure.
This form of social engineering often begins by gaining access to an email account or other communication account on an IM client, social network, chat, forum, etc. They accomplish this either by hacking, social engineering, or simply guessing really weak passwords.
There are literally thousands of variations to social engineering attacks. The only limit to the number of ways they can socially engineer users through this kind of exploit is the criminal’s imagination. And you may experience multiple forms of exploits in a single attack. Then the criminal is likely to sell your information to others so they too can run their exploits against you, your friends, your friends’ friends, and so on as criminals leverage people’s misplaced trust.
Don’t become a victim
Curiosity leads to careless clicking–if you don’t know what the email is about, clicking links is a poor choice. Similarly, never use phone numbers from the email; it is easy for a scammer to pretend you’re talking to a bank teller.
Help protect your financial information in five easy steps.
Double-check monthly statements to ensure they match your records.
Shred personal and financial information before discarding it.
Don’t give out account numbers or other personal information, unless you initiated the call.
Review your credit report annually. You’re entitled to a free credit report every year. Simply contact one of the three main credit reporting bureaus.
How to Protect Yourself From Identity Theft
The Independent Community Bankers of America (ICBA) offers the following tips to help consumers guard against identity theft.
“Community banks are careful guardians of our customers’ personal data and information, but our customers must also play a role and practice caution in stores, online and as they go about their business every day,” said Jim MacPhee, ICBA chairman and CEO of Kalamazoo County State Bank in Kalamazoo, Mich.
The following tips can help lower your risk of becoming a victim of identity theft:
“No method is foolproof,” said MacPhee. “Identity thieves are devising new schemes all the time. But when you see how long it takes for someone to restore their good credit after being victimized, then you know that any steps you can take to prevent identity theft are definitely worth the extra time.”
For more information, visit the Identify Theft Web page at www.icba.org.
Tips for Preventing Elder Financial Abuse
June 15 is World Elder Abuse Awareness Day and the Independent Community Bankers of America® (ICBA), the Senior Housing Crime Prevention Foundation (SHCPF) and Princeville State Bank are providing tips for preventing the disturbing trend of elder financial abuse.
“Community bankers nationwide serve a vital role in protecting members of our communities, including the elderly who are all too often targets of financial abuse,” said ICBA Chairman John H. Buhrmaster, president and CEO of 1st National Bank of Scotia, N.Y. “It’s important for all Americans to be aware of this very real issue and learn about ways to help prevent elder financial abuse from happening to themselves or their loved ones. If you have questions or concerns about the safety and security of your finances, you should speak to your local community banker right away.”
ICBA, SHCPF and Princeville State Bank offer the following suggestions on ways to prevent elder financial abuse:
It’s your lucky day! You just won a foreign lottery! The letter says so. And the cashier’s check to cover the taxes and fees is included. All you have to do to get your winnings is deposit the check and wire the money to the sender to pay the taxes and fees. You’re guaranteed that when they get your payment, you’ll get your prize.
There’s just one catch: this is a scam. The check is no good, even though it appears to be a legitimate cashier’s check. The lottery angle is a trick to get you to wire money to someone you don’t know. If you were to deposit the check and wire the money, your bank would soon learn that the check was a fake. And you’re out the money because the money you wired can’t be retrieved, and you’re responsible for the checks you deposit — even though you don’t know they’re fake. This is just one example of a counterfeit check scam that could leave you scratching your head.
The Federal Trade Commission, the nation’s consumer protection agency, wants you to know that counterfeit check scams are on the rise. Some fake checks look so real that bank tellers are reporting being fooled. The scammers use high quality printers and scanners to make the checks look real. Some of the checks contain authentic-looking watermarks. These counterfeit checks are printed with the names and addresses of legitimate financial institutions. And even though the bank and account and routing numbers listed on a counterfeit check may be real, the check still can be a fake. These fakes come in many forms, from cashier’s checks and money orders to corporate and personal checks. Could you be a victim? Not if you know how to recognize and report them.
Fake Checks: Variations on a Scheme
Counterfeit or fake checks are being used in a growing number of fraudulent schemes, including foreign lottery scams, check over payment scams, Internet auction scams, and secret shopper scams.
Check over payment scams target consumers selling cars or other valuable items through classified ads or online auction sites. Unsuspecting sellers get stuck when scammers pass off bogus cashier’s checks, corporate checks, or personal checks. Here’s how it happens:
A scam artist replies to a classified ad or auction posting, offers to pay for the item with a check, and then comes up with a reason for writing the check for more than the purchase price. The scammer asks the seller to wire back the difference after depositing the check. The seller does it, and later, when the scammer’s check bounces, the seller is left liable for the entire amount.
In secret shopper scams, the consumer, hired to be a secret shopper, is asked to evaluate the effectiveness of a money transfer service. The consumer is given a check, told to deposit it in their bank account, and withdraw the amount in cash. Then, the consumer is told to take the cash to the money transfer service specified, and typically, send the transfer to a person in a Canadian city. Then, the consumer is supposed to evaluate their experience — but no one collects the evaluation. The secret shopper scenario is just a scam to get the consumer’s money.
Con artists who use these schemes can easily avoid detection. When funds are sent through wire transfer services, the recipients can pick up the money at other locations within the same country; it is nearly impossible for the sender to identify or locate the recipient.
You and Your Bank — Who is Responsible for What?
Under federal law, banks generally must make funds available to you from U.S. Treasury checks, most other governmental checks, and official bank checks (cashier’s checks, certified checks, and teller’s checks), a business day after you deposit the check. For other checks, banks must make the first $200 available the day after you deposit the check, and the remaining funds must be made available on the second business day after the deposit.
However, just because funds are available on a check you’ve deposited doesn’t mean the check is good. It’s best not to rely on money from any type of check (cashier, business or personal check, or money order) unless you know and trust the person you’re dealing with or, better yet — until the bank confirms that the check has cleared. Forgeries can take weeks to be discovered and untangled. The bottom line is that until the bank confirms that the funds from the check have been deposited into your account, you are responsible for any funds you withdraw against that check.
Here’s how to avoid a counterfeit check scam:
If You Think You’re a Victim
If you think you’ve been targeted by a counterfeit check scam, report it to the following agencies:
This article was previously available as Giving the Bounce to Counterfeit Check Scams
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.
The e-mails appear to be sent from various “@fdic.gov” e-mail addresses, such as “email@example.com,” “firstname.lastname@example.org,” or “email@example.com.”
They have subject lines that read: “FDIC: Your business account” or “FDIC: About Your Business Account.”
The e-mails are addressed to “Business Customer” or “Business Owner” and state “We have important information about your bank” or “…financial institution.” They then ask recipients to “Please click here to find details.”
They conclude with, “This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership.”
These e-mails and the link included are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT, under any circumstances, provide any personal financial information through this media.
Financial institutions and consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.
For your reference, FDIC Special Alerts may be accessed from the FDIC’s website. To learn how to automatically receive FDIC Special Alerts through email, please visit the subscription page of the FDIC website.
Sandra L. Thompson
Division of Supervision and Consumer Protection
Distribution: FDIC-Supervised Banks (Commercial and Savings)
Paper copies of FDIC Special Alerts may be obtained through the FDIC’s Public Information Center, 1-877-275-3342 or 703-562-2200).
Cell Phone Text Scam
Don’t believe a cell phone text message saying there’s a problem with your bank account, said the Delaware Attorney General’s office in a consumer alert.
The state’s Consumer Protection Unit issued the alert recently on what it calls a new scam — actually a new twist on the more common e-mail “phishing” scam. Here’s how it works: A text message, also called an SMS (for short message service), arrives on your cell phone with the news there’s a problem with a bank account. The text message also includes a toll-free number to call or a 4 digit reply text number.
The message looks legitimate, but the phone number will connect you with a scammer who tries to get your personal information. The scam is known as “SMiShing.”
The agency recommended consumers contact the customer service number of the company that sent the message to verify if it’s legitimate, instead of trusting that the number is real. The Consumer Protection Unit urged Delaware residents to file a complaint with the state if they fall for the scam.
Here is another example of a Cell Phone Scam
You receive a text message or an automated phone call on your cell phone saying there’s a problem with your bank account. You’re given a phone number to call or a website to log into and asked to provide personal identifiable information—like a bank account number, PIN, or credit card number—to fix the problem.
But beware: It could be a “smishing”or “vishing” scam…and criminals on the other end of the phone or website could be attempting to collect your personal information in order to help themselves to your money. While most cyber scams target your computer, smishing and vishing scams target your mobile phone, and they’re becoming a growing threat as a growing number of Americans own mobile phones. (Vishing scams also target land-line phones.)
“Smishing”—a combination of SMS texting and phishing—and “Vishing”—voice and phishing—are two of the scams the FBI’s Internet Crime Complaint Center (IC3) is warning consumers about as we head into the holiday shopping season. These scams are also a reminder that cyber crimes aren’t just for computers anymore.
Here’s how smishing and vishing scams work: criminals set up an automated dialing system to text or call people in a particular region or area code (or sometimes they use stolen customer phone numbers from banks or credit unions). The victims receive messages like: “There’s a problem with your account,” or “Your ATM card needs to be reactivated,” and are directed to a phone number or website asking for personal information. Armed with that information, criminals can steal from victims’ bank accounts, charge purchases on their charge cards, create a phony ATM card, etc.
Sometimes, if a victim logs onto one of the phony websites with a smartphone, they could also end up downloading malicious software that could give criminals access to anything on the phone. With the growth of mobile banking and the ability to conduct financial transactions online, smishing and vishing attacks may become even more attractive and lucrative for cyber criminals.
Here are a couple of recent smishing case examples:
Princeville State Bank is committed to protecting our customers’ information. Fraudsters have continued to develop and deploy more sophisticated, effective, and malicious methods to compromise authentication mechanisms and gain unauthorized access to customers’ online accounts. Every day, cyber criminals are working relentlessly to install malicious software like viruses and spyware on your computers in an effort to damage your computer/software, use your email to spread malware, monitor online activities in an attempt to steal sensitive personal information and money or steal your identity. Don’t be an easy target for them. Princeville State Bank will NEVER request personal information by phone, email or text messaging including account numbers, personal identification information, passwords or any other confidential customer information. Princeville State Bank is providing the below information for your use and action to help protect your online account and transaction information. Online Banking Security Online Banking is accessed through a Secure Socket Layer (or SSL), meaning all data transmitted to or from the bank’s computer systems is encrypted and your money and privacy are protected. Several firewalls exist to prevent unauthorized access to the system and ensure your information is accessible only with an Internet Banking Access ID and PIN. In addition to the security features put in place by Princeville State Bank., you can help protect yourself by taking the following actions to stay safe and secure your information:
Commercial Banking Online Security
In addition to the information provided regarding “Online Banking Security”, Commercial and Small Business account holders should institute additional measures in order to further protect their online banking information.
Identity theft occurs when someone uses your personal information such as your Social Security number, Account number or Credit Card number, without your consent, to commit fraud or other crimes. The following are tips to protect you against identity theft:
Check Your Credit
Consumers can request one free copy of his or her credit report every year. Reviewing your credit report can help you find out if someone has opened unauthorized financial accounts, or taken out unauthorized loans, in your name.
Electronic Funds Transfer Act (Regulation E)
Regulation E is a consumer protection law for accounts established primarily for personal, family, or household purposes. Regulation E gives consumers a way to notify their financial institution that an EFT has been made on their account without their permission.
Non-consumer accounts, such as Corporations, Partnerships, Trusts, etc. are excluded from coverage. A non-consumer (business account) customer using internet banking and/or bill pay is not protected under Regulation E. As such, special consideration should be made by the business customer to ensure adequate internal security controls are in place that commensurate with the risk level that the customer is willing to accept.
As a non-consumer customer you should perform periodic assessments to evaluate the security and risk controls you have in place. The risk assessment should be used to determine the risk level associated with any internet activities you perform and any controls you have in place to mitigate these risks.
Definition of EFT
An EFT is the electronic exchange or transfer of money from one account to another, either within a single financial institution or across multiple institutions initiated through electronic-based systems. The term includes, but is not limited to:
Protections provided under Regulation E for consumers who use internet banking/bill pay
If you believe an unauthorized EFT has been made on your account, contact us immediately. If you notify us within 2 business days after you learn of the loss or theft of your ATM/debit card or Personal Identification Number (PIN), the most you can lose is $50. Failure to notify the bank within 2 business days may result in additional losses.
Unlimited loss to a consumer account can occur if:
Exclusions from Protection
The term EFT does not include:
o Regulated by the Securities and Exchange Commission or the Commodity Futures Trading
o Purchased or sold through a broker-dealer regulated by the Securities and Exchange Commission or through a futures commission merchant regulated by the Commodity Futures Trading Commission
o Held in Book-entry form by a Federal Reserve Bank or federal agency
o Between a consumer’s accounts within the financial institution
o From a consumer’s account to an account of a member of the consumer’s family held in the same financial institution
o Between a consumer’s account and an account of the financial institution, except that these transfers remain subject to § 205.10(e) regarding compulsory use and sections 915 and 916 of the act regarding civil and criminal liability. (Refer to “Coverage in Detail” section below.)
o Is initiated by a telephone communication between a consumer and financial institution making the transfer; and
o Does not take place under a telephone bill payment or other written plan in which periodic or recurring transfers are contemplated.
Regulation E – Coverage in Detail
For a complete detailed explanation of protections provided under Regulation E, please visit the Consumer Financial Protection Bureau’s (CFPB’s) website:
Mobile Banking Safety Tips
Managing your finances using a smartphone or tablet can be very convenient. However, you should consider these safety tips to protect your account information:
o Use at least eight characters
o Do not use your username, real name or company name
o Do not use a complete word
o Make it significantly different from previous passwords
o Use a character from each of the following categories (some apps may limit symbols)
Contacting the Bank
Please contact Princeville State Bank at our toll free number 1-888-385-4375 or directly by email at firstname.lastname@example.org with any questions or concerns you may have. If you believe your online banking account has been compromised or you receive suspicious or fraudulent mail, email or websites related to Princeville State Bank, please contact us immediately.
Other References to Assist You:
FDIC Consumer Protection http://www.fdic.gov/consumers/
Consumer Action: Complaints https://www.usa.gov/consumer-complaints#item-212527
US Department of Homeland Security http://www.us-cert.gov/home-and-business/
Protecting Your Business: Start With Security https://www.ftc.gov/news-events/audio-video/business
NACHA Fraud Resources https://www.nacha.org/current-fraud-threats
Consumer Information: Wiring Money https://www.consumer.ftc.gov/search/site/wiring%20money
Federal Communication Commission – Business Cyber-planner: http://www.fcc.gov/cyberplanner
Consumer Information: Identity Theft https://www.consumer.ftc.gov/features/feature-0014-identity-theft
Federal Trade Commission: Identity Theft by Mobile Phone https://www.consumer.ftc.gov/blog/identity-theft-mobile-phone
Federal Trade Commission: Tips for Using Public WiFi Networks https://consumer.ftc.gov/articles/how-safely-use-public-wi-fi-networks