What is Identity Theft?
Identity theft happens when someone steals your identity and impersonates you in order to open credit or bank accounts, rent apartments, or engage in criminal acts. The victim may not know the fraud has occurred until they are unexpectedly turned down for a loan, they get a call from a collection agency about an account they never opened or, worse yet, get a call from the police about a crime they didn’t commit.
On average, identity theft is discovered 14 months after the thief has wreaked havoc on the victim’s credit standing. Identity thieves use a variety of ways to gain access to this personal information including:
- Stealing mail
- Looking through your garbage
- Stealing your wallet or purse
- Posing as your employer, bank or utility company needing to “update their records”
- Collecting information from Internet sites that are not secure
- Completing a “change of address” form at the post office
- Stealing the information that you may have provided (i.e. taking information from checks you have written or credit cards you have used for purchases)
No Mariner’s Bank representative will ever ask you for personal information such as PINS, bank account numbers or social security numbers via the phone.
Fraudulent Phone Calls
Some scammers attempt to commit fraud through fraudulent telephone calls posing as legitimate financial institutions and ask for your personal and account information.
Be wary of telephone scammers. If you receive a call from someone asking for personal and account information, call the company back using a phone number you know is legitimate. Here are some examples of recent fraudulent telephone activities:
- Account Protection offer: Customer receives a phone call from someone offering account protection and requests account information.
- Verify Possible Fraudulent Card Information: Clients receive a voice mail and are asked to verify possible fraudulent activities on their cards. The voice mail includes bogus phone numbers for clients to call.
- Gift of $10,000 Cash: The caller tells clients that they’ve won a gift of $10,000. Clients are asked to confirm their account and routing numbers so that the money can be transferred to their accounts by wire.
No bank or legitimate business will request a customer to verify personal information such as PINs, bank account numbers or Social Security numbers over the phone.
Personal information that you should never release in a conversation not initiated by you includes:
- Bank Account Numbers
- Bank Card Numbers – Credit or Debit
- Personal Identification Numbers (PINs)
- Social Security Numbers
If you should receive a phone call that you believe is fraudulent – note the name of the caller, the institution represented and contact information. The consumer should then contact said institution, using contact information gleaned from a different source like a bank statement, to verify the request. If the request was not legitimate, the incident should be reported to the police, the misrepresented institution and the consumer’s financial agencies.
If a consumer is ever in doubt about a request, they should immediately contact the police or their financial institution. Both agencies are well equipped to determine the legitimacy of the request and will be happy to offer assistance.
Phishing Attacks via Phony Popup Messages
Phishing is by far the easiest way to steal login credentials for accessing secure online accounts. Various types of phishing allow fraudsters to copy the login page of any bank and set up a fraudulent website, in addition to creating malicious email messages and sending to customers with links that lead to these fraudulent websites.
There is a new variation of phishing attacks called ‘in-session phishing,’ which targets online banking sessions through a popup window posing as a legitimate message from the Bank.
A typical scenario would be as follows:
A user logs into their online banking account.
They might leave the browser open and navigate in another window to other websites.
A short time later a popup appears, allegedly from the bank, asking the user to retype their username and password because the session has expired, or to complete a satisfaction survey.
Since the user had already logged into the website, they don’t suspect this popup is fraudulent and provide the requested details.
In order for ‘in-session- attacks to work the following is required:
- A base website must be compromised from which the attack can be launched.
- The malware, which injected the compromised website, must be able to identify which website the user is logged into.
The first requirement is easier to achieve, since so many websites are compromised by criminals. Once a website is compromised, code is injected into website, showing no difference in appearance on the website making it very hard to detect. The second is harder to achieve, but not impossible. Once compromised website identifies a website to which the user is logged on, it can inject a popup message in the browser pretending to be from the legitimate website and ask for credentials and private information. If the user enters their credentials in the phony popup, the phisher then steals the login information.
Since this is a browser based attack, the best way to defend against this is to be aware and practice browser security including:
- Users should be suspicious of unprompted pop up windows that appear without clicking on a hyperlink.
- Deploy browser security tools and set security settings to disallow popups and certain scripts from running.
- Users should always log out of online banking and other sensitive online applications and accounts before going to other websites, so that the sessions do not remain active.
Ways to Protect Yourself from Identity Theft:
- Be suspicious and extremely cautious about unsolicited e-mail requests for financial information or other personal data. When in doubt about an e-mail, delete it.
- Promptly notify the business that supposedly sent the e-mail and ask them to verify that the message was indeed sent to consumers.
- If entering personal information into a website, look for the “lock” icon on your browser’s status bar. It means your information is secure during transmission.
- Carry only the cards that you need to have with you; file others in a safe place at home
- Sign your credit cards and bank cards immediately
- Do not carry your social security card with you, keep it in a secure place
- Do not attach a password or social security number to any cards you carry with you (including your driver’s license)
- Do not attach or write a password or social security number on anything you are going to discard
- Shred any documents that contain credit card numbers, account numbers or other important information before you discard them
- Review your financial accounts regularly and notify your financial institution immediately if you notice any erroneous or suspicious transactions.
- Alert companies with whom you have accounts if you do not receive statements
- Check receipts to insure you have received your own
- Do not give personal information or account numbers to anyone until you have confirmed the identity of the person requesting the information and verified that you need to provide them with the information
- Frequently check your credit reports and social security statements
To learn more about identity theft and ways to protect yourself:
Important Information about Fraudulent Email
There have recently been an increasing number of attempts on the Internet to trick people into revealing sensitive and private information about themselves to con artists who use that information to defraud them. The latest scam, popularly called ‘phishing’, uses replicas of existing web pages to deceive users. These replicated pages prompt the user to enter personal, financial or password data. We encourage you to review this documentation which includes tips to protect your accounts.
They include a link to a website that appears to be a legitimate Mariner’s Bank webpage, asking for personal information such as your ATM/Debit Card number and PIN. If you have received one of these unsolicited emails and provided confidential information through the linked website, you could be a victim of identity theft. If you believe this has happened to you, please call us at 1-201-224-9110.
As a customer of Mariner’s Bank, the security of your personal and account information is extremely important to us. By practicing good security habits, you can help us ensure that your private information is protected.
- Never disclose ANY personally identifying information if requested via an unsolicited email or phone call. This includes:Mariner’s Bank account numbers or credit card numbers
Personal Identification Numbers (PIN) or passwords
Social Security Number
Mother’s maiden name
Or other private information
- Never reveal your PIN to anyone, including Mariner’s Bank employees
- Change your PIN frequently
- Store your card number and PIN separately, and never write your PIN on your card
- If you use Personal or Business Internet Banking, log out when finished and close your browser before leaving your computer
- Never leave your computer unattended during a Personal or Business Internet Banking session
- Be wary of any emails asking you to log into Personal or Business Internet Banking if it does not link to the official Mariner’s Bank website at http://www.marinersbk.com/. Also, be suspicious if you are asked to enter any personally identifying information into an unexpected pop-up window even if it looks official.
If you have any questions regarding emails or phone calls soliciting information about your Mariner’s Bank accounts, call 1-201-224-9110.
If you receive an email claiming to be from Mariner’s Bank, but which you suspect is aimed at defrauding you, contact your financial institution and the FBI’s Internet Fraud Complaint Center at http://www.ic3.gov/.
What is ‘Phishing?’
Phishing is a term coined by Internet hackers who use email lures to ‘fish’ passwords and financial data from the world of Internet users. Email messages designed to look like they came from a merchant or financial institution are mailed to Internet users. The emails direct the recipient to update or provide information back to the company’s web site by instructing the user to click on a URL embedded within the email. The embedded URL links the user to a counterfeit web site designed to look like the company’s official website. Passwords and other personal information are then solicited and collected by the web site and used by the hacker to defraud the user.
To date, large financial institutions have been primary targets of these phishing scams. It is reasonable to expect that smaller financial institutions may also be targeted.
If you receive an email claiming to be from Mariner’s Bank, but which you suspect is aimed at defrauding you, or suspect that you have already been ‘hooked’ into a phishing scheme and have divulged personal data in response to an e-mail solicitation, contact your financial institution and the FBI’s Internet Fraud Complaint Center at http://www.ic3.gov/
If you think you’ve been a victim of identity theft, here’s what to do now:
a. Contact Mariner’s Bank at 1-201-224-9110.
b. Report a fraud alert on your credit report with the three major credit bureaus. Also request to review your credit reports for suspicious activity at that time.
P.O. Box 740241
Atlanta, GA 30374
National Consumer Assistance Center
P.O. Box 2002,
Alien, TX 75013
Consumer Disclosure Center
P.O. Box 1000
Chester, PA 19022
c. File a complaint with the Federal Trade Commission at http://www.ftc.gov/
You are now eligible to receive a free credit report each year from the three major credit bureaus.
Due to the increasing number of identity theft occurrences, it is important to review your credit report to make sure there are no accounts linked to your name that you did not authorize. With the new laws put into effect under the Fair and Accurate Credit Transactions Act (FACT Act), you now have the ability to obtain a credit report, annually, from each of the three nationwide consumer credit reporting companies: Experian, Equifax, and Trans Union.
The website, http://www.annualcreditreport.com/, provides a streamlined process for obtaining your credit report from each of the three credit bureaus. By visiting this website, you will find instructions for requesting your credit reports online, by telephone or by mail.