In today’s technological world, it is important to protect your identity and safeguard your account from fraudulent activity.
Protecting your personal and financial information is important to us. BTC Bank provides tips for you to consider in maintaining safe practices with your paper documents as well as your electronic and online transactions.
BTC Bank's Contact Policy
BTC will never ask for personal or account information by e-mail or solicit account information by phone. If you receive a suspicious phone call, text, or email, do NOT give out any personal or account information. If you are unsure if the contact was coming from BTC Bank, please call us at 660-425-7285 and we will assist you. If you have replied to a suspicious email, text, or disclosed information via telephone, please call us immediately at the number above.
If you have recently noticed unusual or suspicious activity on your account, you should immediately report each transaction. We will work with you right away to review your accounts and identify suspicious activity.
Social Engineering Attack Methods
Business Email Compromise (BEC)
Disposing of Sensitive Information
Have You Been a Victim of Identity Theft? Steps to Take
If you are a customer of BTC Bank and believe you are a victim of identity theft, follow these steps and a BTC employee will assist you.
- Notify your Financial Institution by calling us at 660-425-7285 or toll free 1-877-BTC-BANK to speak with one of our employees about placing an alert on your account.
- Notify the company or companies where you believe the fraud occurred, and let them know you believe your identity may have been compromised.
- File a Police Report immediately in the jurisdiction where it was stolen to prove to credit providers that you are diligent.
- Notify the Social Security Administration, if your social security number has been compromised by calling their fraud line at 1-800-269-0271.
- File a complaint with the Federal Trade Commission’s (FTC) Identity Theft Hotline by the following methods:
- Website: identitytheft.gov
- Call: 1-877-ID-THEFT
- Report the identity theft or compromise to each of the three national credit reporting organizations and order a free credit report if your identity or account has been compromised.
Signs of Identity Theft
- You see withdrawals from your bank account that you can’t explain.
- You don’t get your bills or other mail.
- Merchants refuse your checks.
- Debt collectors call you about debts that aren’t yours.
- You find unfamiliar accounts or charges on your credit report.
- Medical providers bill you for services you didn’t use.
- Your health plan rejects your legitimate medical claim because the records show you’ve reached your benefits limit.
- A health plan won’t cover you because your medical records show a condition you don’t have.
- The IRS notifies you that more than one tax return was filed in your name, or that you have income from an employer you don’t work for.
- You get notice that your information was compromised by a data breach at a company where you do business or have an account.
How to Prevent Identity Theft; Keeping Information Secure
- Lock your financial information and records in a safe place at home, and lock your wallet or purse in a safe place at work.
- Shred any documents that contain sensitive information that you no longer need. These can include; receipts, expired credit cards, bank statements, checks, insurance forms, etc.
- Destroy labels on prescription bottles before you throw them out.
- Limit what you carry. Take only the identification and credit/debit cards you need. Leave your social security card at home. If your purse or wallet happens to be misplaced or stolen the information lost will be limited. It is also best practice to have written down at home what information you carry with you and a good contact number. If your information was lost you’ll have an inventory of the items you lost and a contact number for the company.
- Do not overshare on social networking sites. If you post too much information about yourself, identity thieves can find answers to your challenge questions on your accounts and gain access.
- Secure Social Security Number: Be wary of businesses asking for your social security number. Some will need it to check your credit, apply for loan, rent an apartment, etc. Before you give out your SSN, ask them why they need it, how it will be used, how will they protect it, and what happens if you do not share the number. The decision to share is yours, but it is best practice to confirm how that business handles your personal information.
- Visit https://www.consumer.ftc.gov/topics/identity-theft for more information
Social Engineering Attack Methods
Social Engineering is the art of manipulating people so they will divulge confidential information such as passwords, account numbers, or gain access to your computer. Hacking a human is much easier than hacking a business or computer. These attackers prey on an individual’s emotions and weaknesses.
- Phishing is the practice of sending emails pretending to be from a reputable company or someone you may know in order to induce the individual to reveal personal information such as passwords or account numbers. Scammers will use email or text messages to try and trick you into giving them your personal information. Phishing emails or text messages will look like they came from a company or individual you know and trust. Scammers use a sense of urgency, claim there is a problem with an account, entice you with a reward or prize, etc. to urge you to click on their malicious link or provide personal information.
- Pretexting involves a scam where the criminal lies and pretends they need information in order to confirm your identity. They will often fabricate a scenario and try to steal your personal information. The scammer often will build a credible story that leaves room for little doubt. They use this type of tactic to steal information and use it to commit identity theft or conduct a secondary attack. Pretexting is used to create a false sense of trust, whereas phishing may use fear or a sense of urgency.
- Friendly Emails can be used when a criminal sends you an email either from a friend’s hacked email account or creates a similar account that uses your friend’s name. They will often direct you to click on a hyperlink or open an attachment that contains malware.
In Person Tactics
- Tailgating is used as an attack method when someone who lacks proper authentication follows an employee into a restricted area. The criminal could be posing as a service technician or could slip through a door that was opened at your place of business and gain access to a restricted area. This is most common in small to mid-size companies where criminals work to gain familiarity with employees in order to earn their trust.
- Device Left Behind is a tactic used by criminals when they leave a device and hope an employee plugs it into their computer. The rogue device contains malicious content and is downloaded when the employee plugs it into their computer. This can often gain the criminal access to the network or the individual’s computer. Do not plug in any device to your computer if you are unsure of where it came from or what it contains.
- Open Access is used when the criminal asks to use an employee’s computer and they are often left unmonitored, which in turn allows them to download malicious content or view confidential information.
- Panic can be used by a scammer when they call and pretend to be IT Support for example. They will often explain a frantic situation that compromises your safety and ask you to reset your password or allow them remote access.
- Anger can often be used when someone calls and acts like they are in a position of authority and uses the anger to intimidate you into divulging sensitive information.
- Donations are often a way where criminals get you on the phone and act like they are from a well-known organization and are needing your support. They want you to provide your bank account information.
Don’t be a Victim
- Protect your Computer by Using Security Software. Have your software update automatically and ensure it is up to date on the latest security software. Back up your files often.
- Install multi-factor authentication (MFA) as a second layer of security. This verifies who you are and will often send a code to your phone that is used in addition to your password. Most commonly used email providers offer MFA.
- Do your Research. Before you click on the link make sure the URL is going where it says it is going. Look at the email for bad grammar and spelling. Is this company or individual asking for personal information? Were you expecting them to ask this type of question? Do not open any emails if they look like they are coming from an untrusted source.
- Lock your computer. Do not leave your computer or cell phone unattended without it being locked first. It does not take long for a bad actor to gain access.
- For more information on common scams and crimes visit https://www.fbi.gov/scams-and-safety/common-scams-and-crimes
U.S. Consumer Financial Protection Bureau
Business Email Compromise (BEC)
What is a Business Email Compromise?
In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate request such as:
- A vendor your company regularly uses sends an invoice with an updated mailing address
- A company CEO asks her assistant to purchase dozens of gift cards to send out to employees as rewards. She asks for the serial numbers so she can email them right away.
- A homebuyer receives a message from his title company with instructions on how to wire his down payment.
Versions of these scenarios have happened. Some of these examples can have hundreds of thousands of dollars sent to criminals.
Reporting a BEC Scam
If you believe you have fallen victim to a BEC scam it is important to contact your financial institution immediately and request they contact the financial institution where the transfer was sent. Next contact your local FBI field office to report the crime.
How do you Protect Yourself?
- Be wary of information you share online. Sharing information such as pet names, schools, family members, you are giving the scammer all of the information needed to guess your security questions.
- Don’t click on any unsolicited links or attachments. If you are unsure of an email you received call up that business and verify the email is legitimate.
- Look closely at the URL address and make sure there aren’t any misspellings. Scammers are often trying to trick your eye.
- Set up multi-factor authentication on any account that will allow it.
- Verify payment and purchase requests in person or calling the requestor. Create procedures for verifying any changes in account number or payment procedures with the person making the request using their contact information you have on file.
- Be concerned if the requestor is pressing you to make the request.
A strong password is your first line of defense against intruders and imposters.
Click here for our Quick-Guide to Secure Passwords
Protecting Yourself Online
Below are tips on how to keep yourself safe and your identity safe while you are online or using your mobile device.
- Keep your computers and mobile devices updated – Regularly updating your operating systems, web browser, and security software is often the best defense against viruses and vulnerabilities.
- Password protect your internet connection – Always change your password to your home wireless network. Change the manufacturer’s password to a more complex password that is known only to your household. Avoid connecting to public Wi-Fi that is unsecured and be cautious of what information you are accessing while connected to an unsecured network.
- Utilize the passcode or biometric lock on your mobile device - Using a passcode, fingerprint, or facial scan makes it more difficult for bad actors to access your information. Do not use common combinations such as 1234 or 1111. Set the device to auto-lock and enable the “find your device’ feature if available.
- Think Before You Click - If you receive an email or social media post that seems suspicious it is best to throw it out! It is often more difficult to detect a malicious link or attachment when viewing on a mobile device so confirm with the sender that it is legitimate if the post or email seems odd or suspicious.
- Only Download Apps from Reliable Sources - Only download known apps through the official app stores. Try to avoid downloading apps from third-party sites. They often have a higher risk of vulnerabilities.
- Incorporate Multi-Factor Authentication - Anytime multi-factor authentication is offered it should be configured. This offers an additional layer of protection by exchanging the username and password with a code that only you have access to. Most applications and online accounts have MFA, but it is most beneficial to utilize it with your email accounts, online & mobile banking, and payment applications.
For more information on how to keep yourself protected online visit https://www.consumer.ftc.gov/topics/online-security
Disposing of Sensitive Information
Your personal computer contains a lot of sensitive information. Before you get rid of your computer, your information must be deleted so it doesn’t end up in the wrong hands.
- Back up your information that you want saved - Back up any information that you consider important. This could include files, photos, videos, and important documents. Transfer your files to your new computer or store them on an external devices such as a USB flash drive. You can also save your files to an online data storage platform, also known as the “cloud.” This could include Google Drive, iCloud, Dropbox, etc. Just remember when you are storing information on the cloud, you are trusting another company with your information. Make sure you review your security settings on those platforms.
- Sign out of Accounts, Disconnect Devices, and Erase your Hard Drive - After you save your personal information, however you save it, sign out of all your online accounts from the computer you’re getting rid of. Un-pair your computer from Bluetooth devices like a mouse, keyboard, or wireless display.
Then, erase your computer’s hard drive. Look for a program or function on your computer that will let you erase all your files from the hard drive and reset it to factory settings. If it doesn’t have one, look for expert reviews online to see what programs are out there and which ones are compatible with the type of computer and hard drive you have.
- Safely Dispose of Your Computer or Mobile Device - It is not recommended to throw your computer or mobile device in the trash. They often contain hazardous material that doesn’t belong in a landfill. It is best to find a company where you can donate or that will recycle your old computers.
Computer manufacturers, electronics stores, and other organizations have computer recycling or donation programs. Check out the Environmental Protection Agency's Electronics Donation and Recycling page to learn about recycling or donating your computer.
Protecting Your Mobile Device
Your cell phone holds some of your most sensitive, personal information. Things like your passwords and account numbers, emails, text messages, photos, and videos. If your phone ends up in the wrong hands, someone could steal your identity, buy stuff with your money, or hack into your email or social media accounts. Find out what you can do to protect the data on your phone and how to remove that information before you get rid of your phone.