What Is Identity Theft?
Identity theft occurs when someone steals your personal information, without your permission to commit fraud or other crimes. A few examples of why identity thieves want your personal information include:
- To open a bank account in your name and write bad checks on that account.
- To open a new credit card account, using your name, date of birth, and Social Security number. The imposter then runs up charges on your account and doesn’t pay the bills, the delinquent account is reported on your credit report and creditors hold you liable for payment.
- To call your financial institution pretending to be you and change the mailing address on your account. Statements are diverted and the thief orders new checks.
- To give your name to the police during an arrest. If they don’t show up for their court date, a warrant for arrest is issued in your name.
Identity theft is a serious crime. People whose identities have been stolen can spend lots of time and money cleaning up the mess the thieves have made of their good name and credit record.
Learn more about steps that you can take to protect yourself from identity theft at http://www.aba.com/ABAEF/CNC_contips_idtheft.htm
WHAT YOU CAN DO ABOUT PHISHING SCHEMES
Phishing uses spam (unsolicited email) to bait consumers into disclosing personal information usually through creating a web site that imitates the look of a legitimate web site. The consumer then submits their personal information to the imposter, who then uses the information to commit identity theft. The Department of Justice recommends following three simple rules when you see emails or web sites that may be part of a phishing scheme: Stop, Look, and Call.
- Stop. Phishers typically include upsetting or exciting (but false) statements in their emails with one purpose in mind. They want people to react immediately to that false information, by clicking on the link and inputting the requested data before they take time to think through what they are doing. Resist that impulse to click immediately. No matter how upsetting or exciting the statements in the email may be, there is always enough time to check out the information more closely.
- Look. Look more closely at the claims made in the email, think about whether those claims make sense, and be highly suspicious if the email asks for numerous items of your personal information such as account numbers, usernames, or passwords. For example:
If the email indicates that it comes from a bank or other financial institution where you have a bank or credit card account, but tells you that you have to enter your account information again, that makes no sense. Legitimate banks and financial institutions already have their customers' account numbers in their records. Even if the email says a customer's account is being terminated, the real bank or financial institution will still have that customer's account number and identifying information.
If the email says that you have won a prize or are entitled to receive some special "deal," but asks for financial or personal data, there is good reason to be highly suspicious. Legitimate companies that want to give you a real prize don't ask you for extensive amounts of personal and financial information before you're entitled to receive it.
- Call. If the email or Web site purports to be from a legitimate company or financial institution, call or e-mail that company directly and ask whether the email or web site is really from that company. To be sure that you are contacting the real company or institution where you have accounts, credit card account holders can call the toll-free customer numbers on the backs of your cards, and bank customers can call the telephone numbers on your bank statements.
Following are several web sites that provide more information about Internet security:
- Federal Trade Commission - http://www.ftc.gov/idtheft
- Microsoft - http://www.microsoft.com/security
- Federal Deposit Insurance Corporation - http://www.fdic.gov/bank/individual/online/safe.html
- Anti-phishing.org - http://www.antiphishing.org
HOW TO RECOGNIZE FRAUDULENT EMAIL
Be wary of any seemingly legitimate email request for account information, such as asking you to verify or reconfirm confidential personal information: your account number, Social Security number, passwords, or other sensitive information.
It's hard to detect a fraudulent email, because the email address of the sender often seems genuine (such as email@example.com), as do the design and graphics. But there are clear signs to be aware of. For example, fraudulent emails try to extract personal information from you in one of two ways:
- By luring you into providing it on the spot (e.g., by replying to the email), or
- Including links to a web site that tries to get you to disclose personal data
Like the e-mail, a fraudulent web site is designed to trick you into believing it belongs to a company you know by using its brands as domain names and/or its graphics. The ultimate goal of this fraud is to use your information to gain unauthorized access to your bank or financial accounts or to engage in other illegal acts.
Do not reply to any email requesting your personal information, or one that sends you personal information and asks you to update or confirm it. If you receive an email you are suspicious of, contact the company through an address or telephone number you know to be genuine. Exchange Bank will never send you an email that requests your account information or asks you to verify a statement.
If you suspect you have provided confidential account or personal information to a fraudulent web site, change your password immediately, monitor your account activity frequently and report any suspicious activity to the company.