Keeping our customers informed and protected is a top priority for us. Fraud is a growing problem that we see more of every day. We take security measures within the bank such as daily spending limits on debit cards and requiring password changes for your online banking login. While we protect the information you have entrusted to us there are measures you can take at home to keep your personal information secure.
Do not ever give your personal information to someone over the phone. Some callers can be very persuasive and will commonly use scare tactics to make you tell them what they want to know. The following entities will NEVER call you to threaten your benefits, tell you to wire money, send cash or put money on gift cards: Social Security Administration (SSA), Internal Revenue Service (IRS), your bank. In fact, the SSA and IRS only correspond through the US Postal Service.
Anyone who tells you to do these things is a scammer. Never give any part of your social security number, bank account or credit card number to anyone over the phone. When in doubt, ask them for a number to call them back or call your bank. Scammers have the ability to make it appear they are calling from any number (even the below bank and SSA numbers). If you are questioning the call, hang up and call them back or call your bank.
Each year you are entitled to a free credit report from each of the 3 credit bureaus. Visit www.annualcreditreport.com to request yours. It is important that you are regularly monitoring your credit report. If there is anything unusual immediately call to place a freeze on your credit.
Important Numbers To Know
Libertyville Savings Bank (641) 472-9839
Social Security Administration 1 (800) 772-1213
Transunion 1 (888) 909-8872
Equifax 1 (800) 685-1111
Experian 1 (888) 397-3742
For more information on how to protect yourself from identity theft visit the US Department of Homeland Security’s Cyber Security Awareness site.
KnowBe4 Security Tips - Malvertising
Visit any website these days and it’s very likely that you will be viewing ads as well. Sometimes these ads can be tempting, with many offering sales, promotions, or freebies to attract more clicks. Ads on certain websites can even be targeted specifically to you based on past browsing history, making you even more likely to click!
Remember this: just because you are on a reputable, well-known website, it does not mean that the ads on the website are safe to click as well.
How adspace can become infected: Advertisers do not sell their ads to websites one at a time. Websites that want to make money sell their advertising space to an ad network. Advertisers sign contracts with that ad network which then displays the ads on the participating websites. The ad network sits in the middle between the advertisers and the websites and manages the traffic and the payments.
Cybercriminals can take advantage of this system by fooling the ad networks into thinking they are a legit advertiser, but the ads which are displayed on major websites can be poisoned. If you browse to a page with a poisoned ad on it, that is enough to run the risk your PC will be encrypted with ransomware, which can hold your computer or your entire network hostage until you pay the cybercriminal a ransom.
Tips to prevent the effect of harmful ads:
- Disable Adobe Flash on your computer - or at least set the Adobe Flash plug-in to "click-to-play" mode - which can block the automatic infections.
- Keep up-to-date with all the security patches and install them as soon as they come out.
- Download and install a reputable ad blocker plug-in for your browser. These prevent the ads from being displayed in your browser to start with. These ad blockers are getting very popular with hundreds of millions of people using them.
The KnowBe4 Security Team
Beware of Fraud
Fraud is everywhere. In 2021 the FTC reported 2.8 million fraud reports. We are here to help, but fraud protection starts with you by being diligent, stopping to think before you click and remembering to never ever give out personal information.
Your bank, your credit card, the social security administration, the IRS or anywhere else that you do business with should already have your personal information. We will never call you and request full numbers for verification. When you provide your personal information, the fraudster can then create a fake online login and access your accounts. If you should receive a call like this immediately hang up. If you have questions call us back using the phone number you know, or the one that is listed for the company. Never hit redial even if it looks like the legitimate number. Fraudsters are good and they can spoof any phone number into looking real.
When creating social media accounts be aware of the privacy settings. If your account is not private or you are not cautious of who you add your information is available for the world to see. Another thing to consider is being cautious of how much personal information you are sharing on these sites. Data scrapping is a process fraudsters use to extract data from a website or social media platform using automated tools. It is cataloged and then sold to cybercriminals who use it to trick you into giving them personal information.
Fraudsters will monitor your email and gather information from valid e-mail addresses and other public sources so that they can then send fake e-mails making requests on your behalf. Don’t click on links. Open a browser and type in the address instead. Look at the sender’s e-mail. Does it look correct? Check the time. Most reputable companies will not be sending you an e-mail at 2 am. And if you think your e-mail has been compromised notify us right away.
Additional valuable advice:
- Check your accounts frequently. You can monitor them online weekly or even daily for unusual activity. If you see something that looks unusual CALL!
- Confirm privacy settings on all personal devices and online services.
- Never use public wifi to access personal accounts. It is very easy for them to be hacked and your logins to get into the wrong hands.
- Keep all security features and software up to date and use two-factor authentication whenever possible.
- Do not cash or deposit checks and then send money on or wire it back. This is a scam we see a lot of. The fraudster is going to give you a certain dollar amount, say $1000, but in return you must send them $100 back. What happens is you get the $1000 in your account, send them the $100 and then the $1000 amount gets returned because it wasn’t valid. If you have already spent the money, you are now out $1100. Do not accept or send payments from anyone you don’t know or haven’t met. If it is too good to be true it is!
- Another tactic we have seen is fraudsters wanting you to send them gift cards. This should always be a red flag. No legitimate company wants payment in gift cards.
Most of these fraudsters work off scare tactics. When they call there is always urgency. They want you to do it right now. Send the money, give the information, or click on the link. They need you to feel pressure so you will make a rash decision. The IRS is not coming to get you. Nor are the police or the federal government. Our best advice as mentioned before is to hang up as quickly as possible.
Always remember we are here for you…If you have questions, concerns or in the unfortunate event that your information has gotten into the wrong hands never hesitate to call.
Recent Fraud Attempts
Recently we have seen an increase in fraudulent calls that claim to be from Amazon. Below is an email that was sent from Amazon in regards to what you should watch for. As always if you have questions you can call us.
KnowBe4 Security Tips - How Secure is Your Mobile Device?
Most of us have a smartphone, but how many of us really think about the security threats faced by these mobile devices? Mobile devices are vulnerable to many different types of threats. The bad guys are increasing attacks on mobile devices and targeting your phone using malicious applications. Using these methods, they can steal personal and business information without you having any idea what’s going on.
Even if you’ve downloaded a security or antivirus application, securing your smartphone goes beyond these services. Improving your mobile security practices is your best defense against the privacy and security issues associated with your mobile device.
How can I improve my mobile security practices?
Always remember these best practices to minimize the risk of exploits to your mobile devices:
- Ensure your phone’s operating system is always up to date. Operating systems are often updated in order to fix security flaws. Many malicious threats are caused by security flaws that remain unfixed due to an out of date operating system.
- Watch out for malicious apps in your app store. Official app stores regularly remove applications containing malware, but sometimes these dangerous apps slip past and can be downloaded by unsuspecting users. Do your research, read reviews and pay attention to the number of downloads it has. Never download applications from sources other than official app stores.
- Ensure applications are not asking for access to things on your phone that are irrelevant to their function. Applications usually ask for a list of permissions to files, folders, other applications, and data before they’re downloaded. Don’t blindly approve these permissions. If the permission requests seem unnecessary, look for an alternative application in your app store.
- No password or weak password protection. Many people still don’t use a password to lock their phone. If your device is lost or stolen, thieves will have easy access to all of the information stored on your phone.
- Be careful with public WiFi. The bad guys use technology that lets them see what you’re doing. Avoid logging in to your online services or performing any sensitive transactions (such as banking) over public WiFi.
Stop Look Think - Don't be fooled
The KnowBe4 Security Team
- Delete email, text, and social media messages that ask you to confirm or provide sensitive information.
Legitimate companies don’t ask for sensitive information this way.
- Beware of visiting website addresses sent to you in an unsolicited message. Even if you feel the message
is legitimate, type web addresses into your browser instead of clicking links.
- Try to independently verify any details given in a message directly with the company.
- Utilize anti-phishing features available in your email client and/or web browser. Also, utilize an email
SPAM filtering solution to help prevent phishing emails from being delivered.
- Do not open attachments from unknown senders or unexpected attachments from known senders.
- Be cautious of the amount of personal data you make publicly available through social media and other
Information provided by Tandem
Cyber Security During COVID-19
The Cybersecurity and Infrastructure Security Agency (CISA) warns individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.
CISA encourages individuals to remain vigilant and take the following precautions.
- Avoid clicking on links in unsolicited emails and be wary of email attachments.
- Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
- Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
- Review CISA Insights on Risk Management for COVID-19 for more information.
KnowBe4 Security Tips - The Shock Factor: Don’t Take the Bait!
One of the most common and successful tricks cyber criminals use to trigger you into falling for their scams is fake “stressor events”. In this context, “stressor events”, are shocking or compromising situations that inflict fear or provoke other emotions, for the purpose of causing an impulsive reaction.
How it works:
When the bad guys present a shocking claim to an unknowing victim, they often add a sense of urgency to drive home the “importance” of the scenario. In reality, this sense of urgency is another factor increasing the chances that you’ll react impulsively and click on their malicious links or download their dangerous attachments. Attackers explain their fake scenarios in the body of their phishing emails, but they’re also known for using shocking subject lines such as, “Act Now: Fraudulent activity on your checking account”. Though these tactics certainly aren’t limited to phishing emails, scammers also use these techniques in Smishing (SMS, or text phishing) and Vishing (voice phishing) attempts.
How to avoid falling victim to pressure:
The reason these attackers are often successful is because they‘re convincing the target to either avoid a negative consequence or gain something of value. Stop and think about the likelihood of the scenario before making the wrong move.
- Never open an attachment you weren’t expecting. Even if it appears to be from someone you know, pick up the phone to verify it’s legitimate.
- If the sender of the email is difficult to get in touch with or unwilling to speak on the phone, it’s likely a scam.
- If the sender requests that you send or receive money in unusual ways it’s probably a scam. For example, if they’re requesting a payment in the form of gift cards, don’t fall for it!
Stop Look Think - Don't be fooled
The KnowBe4 Security Team