Protect Your Identity

The Internet has greatly enhanced various aspects of our personal lives and the way we do business. It has changed the way people learn, communicate and conduct business. Because of its availability and convenience, the Internet has also made it easier to obtain information, learn about a recent event or a new place or to simply manage your household finances at any hour of the day or night.

Unfortunately, there are always people who will take advantage of new opportunities like the Internet to commit fraud. As an internet user you need to be extremely careful of such things as unsolicited emails (spam) from unknown senders who want you to send them your personal information.

Email is not a secure form of communication and you should never include any of your confidential information in an email. Remember, just because an email looks like it is legitimate does not mean it is -- perpetrators are experts at using legitimate company's logos and website addresses to create fakes that look and sound like the real thing.

What is identity theft and how does it occur?

Identity theft is the unlawful use of another person's personal information such as social security number, credit card number, date of birth, and mother's maiden name to make illegal purchases, withdrawals, or open new accounts in their name.

Some of the most common methods of identity theft include credit card or other financial institution fraud, phone or utility service theft, and the taking of government documents or benefits. One way in which you can help stop these activities and make our financial institutions safer is to protect your account information from thieves and unauthorized users.

Identity thieves will steal your personal information using the following tactics:

  • They will rummage through your trash or discarded mail looking for bank and credit card statements, credit card offers, new checks, or tax information
  • They will steal your wallet or purse
  • They will steal personal information from your home
  • They will steal your credit or debit card numbers by capturing your information with the use of a data storage device. This device is typically attached to an ATM machine
  • They may complete a fraudulent "Change of Address Form" to divert your mail to another location
  • They will deceive or trick you into disclosing personal information through phone scams, via the mail, or on the Internet

Identity theft differs from check fraud (forged signature or forged endorsement) or an unauthorized ATM or Debit Card transaction in that it involves more than an isolated single act of fraud.

Some examples of Identity Theft include:

Account Take Over

Account take over is one of the more prevalent forms of Identity Theft. It occurs when a fraudster obtains an individual's personal information (i.e. account number or social security number), and changes the official mailing address with that individual's bank.

Once accomplished, the fraudster has established a window of opportunity in which several transactions are conducted without the victim's knowledge using the victim's personal information. This involves the intent to take over the victim's identity, performing more than one isolated fraudulent transaction.

It can also occur when the fraudster pays employees of companies or banks to furnish account information from the checks that are remitted for payment. The employees will provide the name, address, bank routing number and bank account number. The fraudster will then order checks from a third party check vendor, and begin writing checks on the victims account.

Credit Take Over

Credit take over is another form of Identity Theft that occurs when a fraudster obtains an individual's personal information (i.e. account number or social security number) and establishes credit using that social security number. This may include opening credit card accounts or taking out loans without the victim's knowledge. Again, this involves the intent to take over the victim's identity, performing more than an isolated fraudulent transaction.

What are "Phishing" and "Pharming"?

"Phishing" is a scam that uses spam, unsolicited email, to lure consumers into disclosing sensitive personal information, such as social security numbers, account and routing numbers, credit card numbers, personal identification numbers, passwords, and other private data. The unsolicited emails will appear to be from a legitimate business and in most cases hackers will choose a business that you are familiar with, such as a financial institution, credit card company, or insurance company. The email will often ask you to "update" or "validate" your billing information to keep your account active. To further entice you, hackers will even direct you to a web site that looks identical to the legitimate web site -- with the same logos, colors, and designs. All of which is simply an attempt to get consumers to submit their personal information to the impostors, who then uses that personal data to commit identity theft.

"Pharming" is when criminal hackers redirect Internet traffic from one Web site to a different, identical-looking site in order to trick you into entering your user name and password into the database on their fake site. With this information, hackers will then be able to gain access to your bank accounts, steal your identity, or commit other kinds of fraud in your name. Pharming scams are considered more dangerous than email phishing, since you can be redirected to a false site without any participation or knowledge on your part. The false Web sites used in pharming scams usually "spoof" their links so that they look exactly like the ones you expect to see, even in the code that appears when you mouse over them.

Signs of a potential pharming site include:

  • The login process or page looks different from the legitimate site
  • You are asked for information, such as your social security number or date of birth, which is not normally requested
  • The web site URL does not contain the prefix https://
  • Legitimate web sites that request confidential information such as usernames, password and credit card information will always encrypt the session with Secure Sockets Layer (SSL). Pharmed sites do not typically have SSL certificates. Look for the "padlock icon" in your browser and double click on the padlock to verify the SSL certificate.

What can you do to protect yourself from internet fraud?

  • Never provide any personal information, including you Social Security number, account numbers or passwords in response to an unsolicited internet request or phone call.
  • Do not open any emails from senders you do not recognize.
  • Never access a website from a link provided in an email.
  • Never reply to an email that asks for personal information or is marked "urgent" or "time sensitive".
  • Change your password every 60 days.
  • Do not use the same user name and password for multiple accounts.
  • Review your account statements regularly and watch for any unusual activity.
  • Keep your computer updated with the latest version of anti-virus software.
  • Increase the security setting on your browser to prompt you whenever a web site attempts to install a new program.
  • Avoid downloading software from unknown sources.
  • Maintain all patches to your operating system and browser.
  • Be aware that fraudulent emails are often badly written and include misspellings and poor grammar.
  • Shred all documents that contain your Social Security number or bank account number.
  • Use a U.S. Postal Service drop box rather than your curb side mailbox when mailing bill payments or other personal information.
  • Contact your creditors if you are not receiving your billing statements in a timely fashion.

Obtain your credit report annually from each of the three major credit bureaus.

Please remember employees of Mutual Bank will never request or confirm any personal information via email. We strongly encourage you not to respond to any emails from anyone seeking your personal information. If you are ever suspicious that you were contacted by someone disguising themselves as a Mutual employee please contact us immediately at (866) 986-9226 / (866) 98MYBANK.