FDIC Publishes a Bank Customer's Guide to Cybersecurity
Special edition of consumer newsletter feature tips for preventing online fraud and theft
FOR IMMEDIATE RELEASE
Consumers increasingly rely on computers and the Internet for everything from shopping and communicating to banking and bill paying. While the benefits of faster and more convenient "cyber" services are clear, the strategies for preventing online fraud and theft may not be as well-known by many bank customers. That is why the FDIC has produced a special edition of the agency's quarterly FDIC Consumer News (Winter 2016) entitled "A Bank Customer's Guide to Cybersecurity." Here is a brief overview of the articles and other features in this special issue.
Safety precautions to take before connecting to the Internet with a personal computer, laptop, smartphone or tablet: The lead article discusses ways to protect log-in information for bank accounts and other financial accounts, including the use of "strong" user IDs and passwords that will be hard for a hacker to guess, basic security measures such as security software updates, and the need to be careful where and how to connect to the Internet. Other articles focus on security measures when using a smartphone or tablet (including "auto lock" features and the ability to remotely remove data if a mobile device is lost or stolen), how to protect computers from malicious software ("malware") that can steal valuable personal financial information, and ideas to help small businesses protect against losses from cyberattacks.
Tips on how to avoid identity theft online: One article advises on identifying and avoiding "phishing" and "pharming" scams that start with fake emails and websites and end with consumers providing Social Security numbers, bank account numbers and other valuable details. A second article offers assistance on preventing identity thieves from using social networking sites to learn enough information about individuals to figure out passwords, access financial accounts or commit identity theft. And a third provides guidance to help parents and caregivers protect young people from cyber-related identity theft and financial fraud, including the need to secure all electronics connected to the Web, even video games, because the equipment may link to information such as credit or debit card numbers.
What to know about the roles that banks and the government play in protecting customers: As explained in one article, federal law and regulations require financial institutions to have programs to ensure the security and confidentiality of customer information. The article also notes that banking regulators expect the institutions they supervise to have a framework for learning about emerging threats and provide guidance about the steps institutions can take to be prepared. Another article describes how federal consumer laws and financial industry practices protect cybertheft victims from losses under certain circumstances. And, our "Dear FDIC" feature answers questions about deposit insurance coverage and online banking.
Additional resources from the FDIC that can help educate consumers: The back of the guide features an eight-question quiz to test a consumer's knowledge of key information in this issue and a checklist with reminders about 10 simple things bank customers can do to help protect themselves from online criminals.
The goal of FDIC Consumer News is to deliver timely, reliable and innovative tips and information about financial matters, free of charge. The Winter 2016 special edition on cybersecurity can be read or printed at www.fdic.gov/consumers/consumer/news/cnwin16. Check back there for coming versions of this issue for e-readers and portable audio (MP3) players. To find current and past issues, visit www.fdic.gov/consumernews, or request paper copies by contacting the FDIC's Public Information Center in writing at 3501 North Fairfax Drive, Room E-1002, Arlington, VA 22226, by emailing email@example.com, or toll-free at 1-877-275-3342.To receive an email about each new issue of the quarterly FDIC Consumer News with links to stories, go to www.fdic.gov/about/subscriptions/index.html.
National Cyber Awareness System:
The Internal Revenue Service urges all tax return preparers to get off to a clean start this January and perform a security deep scan of their computer drives and devices.
Already in 2016, the IRS is seeing multiple email phishing scams – some posing as the IRS – targeting tax preparers. These scams are designed to steal sensitive information – either the preparers’ passwords for IRS accounts or sensitive taxpayer data stored on computers.
Because of improved protections in recent years, the Internal Revenue Service stops the vast majority of fraudulent tax returns using stolen identities. But identity thieves and criminal syndicates continue to persist and evolve.
As the threat has changed, so has the IRS. In a new era of cooperation, the IRS, the states and the entire tax industry came together to identify what additional steps could be taken to better fight identity theft and better protect the taxpayers.
Starting in January 2016, this renewed effort will make for a safer, more secure filing season for taxpayers.
Many changes will be invisible, but they are critical to making sure the IRS can verify the taxpayer and the legitimacy of the tax return before it ever enters into the tax processing system. More than 20 shared data elements will help the software industry and the IRS stop fraudulent returns at the door.
For example, the IRS will receive information from software providers about the duration of time it took to create the return. This will help identify the computer-generated tax returns that are fraudulent and filed in bulk.
The IRS, states and tax industry will share details of any fraudulent schemes they see on a frequent basis so everyone will have the same information and adjust accordingly to provide increased protection to taxpayers.
The most publicly visible aspect of these partnership efforts will be for those taxpayers who prepare their own tax returns using tax software or online products. There will be new procedures that will help prevent fraudsters from taking over the accounts of taxpayers. These include:
- New password standards to access tax software will require a minimum of 8 characters with upper case, lower case, alpha, numerical and special characters.
- A new timed lockout feature and limited unsuccessful log-in attempts.
- The addition of three security questions.
- Out-of-band verification for email addresses, which is sending an email or text to the customer with a PIN – a common practice used throughout the financial sector.
Tips to Keep Your Tax Records Secure; Protect Yourself from Identity Theft
If you’re still keeping old tax returns and receipts stuffed in a shoe box stuck in the back of the closet, you might want to rethink that approach.
Tips to Protect Your Personal Information While Online
The IRS, the states and the tax industry urge you to be safe online and remind you to take important steps to help protect your tax and financial information and guard against identity theft. Treat your personal information like cash – don’t hand it out to just anyone.
Your Social Security number, credit card numbers, and bank and utility account numbers can be used to steal your money or open new accounts in your name. Every time you are asked for your personal information think about whether you can really trust the request. In an effort to steal your information, scammers will do everything they can to appear trustworthy.
Tips for Using Credit Bureaus to Help Protect Your Financial Accounts
If you believe you are a victim of identity theft, you should contact one of the three major credit bureaus to place a “fraud alert” on your credit account.
This critically important step makes it harder for identity thieves to obtain a credit card or loan in your name.
Talk to Your Family about Security Online and at Home
For families with children and aging parents, it’s important to make sure everyone guards their personal information online and at home.
It may be time for “the conversation.”
What You Need to Know to Protect Your Passwords
It’s time to have a word about your password.
Many of us use the same sign-on and password over and over for our online accounts.
That’s why phishing scams, which often seek password information, are so successful. Once a criminal has your password for one account, it’s highly likely you’ve used the same sign-on information for other accounts.
Seven Steps for Making Identity Protection Part of Your Routine
The theft of your identity, especially personal information such as your name, Social Security number, address and children’s names, can be traumatic and frustrating. In this online era, it’s important to always be on guard.
Don’t Take the Bait; Avoid Phishing and Malware to Protect Your Personal Data
“Update your account now.” “You just won a cruise!” “The IRS has a refund waiting for you.”In the cyber world of phishing, the sentences are “bait” – lures from emails, telephone calls and texts all designed to separate you from your cash, your passwords, your social security number or your very identity.
11/27/2015 04:08 PM EST
Original release date: November 27, 2015
The Internal Revenue Service (IRS) has released the first in a series of tips intended to increase public awareness of how to protect personal and financial data online and at home. A new tip will be available each Monday through the start of the tax season in January, and will continue through the April tax deadline.
The first tip focuses on seven simple steps to secure your computer when conducting business online. US-CERT encourages users and administrators to review IRS Security Awareness Tax Tip Number 1 for additional information.
Your on-line safety is important to TSB! Please visit this link from the Department of Revenue to learn about a potential fraudulent e-mail scam. Please visit the IC3 website for more informtion. #BankingAtItsBest #TSBCares
Home Depot Data Breach - September 2014
We are aware of the Home Depot data breach that has been reported in the news recently. According to news reports the breach occurred from April through September of 2014. We are working with information provided to us by industry sources to determine cards compromised in the breach. We are going to reissue cards reported used at affected Home Depot stores during the reported period. You should receive a new card in the next few weeks if your card number was indicated. If you would like your card blocked prior to receiving your new card, please contact Card Services at (865) 429-2273. Blocking your card would mean your card would not be available for purchases or use at an ATM. You would not be able to access your account for POS and ATM transactions until your new card is received.
Tennessee State Bank utilizes fraud monitoring systems to assist in detecting possible fraud on a 24/7 basis and your Visa Debit or Credit card has zero liability for unauthorized transactions, you should refer to your card agreement for information on what would be considered an unauthorized transaction.
Federal Trade Commission
FTC Advises Consumers on Preventing, Identifying, and Dealing With Hacked Email or Social Networking Accounts
The Federal Trade Commission has new tips to help people deal with email and social networking hacks, whether it’s lessening the chances of a hack in the first place, or recovering from a hack once it happens.
Hacked Email, new guidance from the FTC, identifies signs an account may have been hacked such as friends and family members receiving messages the user didn’t send, a sent folder emptied, social media posts the user didn’t create, or email or other accounts the user can’t open.
If consumers think they have been hacked, the FTC encourages them to take the following actions:
- Make sure security software is up-to-date and delete malware;
- Change passwords;
- Check with their email provider or social networking site for information about restoring the account;
- Check account settings; and
- Tell your friends
Using unique passwords for important sites like banking and email and safeguarding user names and passwords can help users protect themselves from hackers. The FTC recommends users turn on two-factor authentication if a service provider offers it; not click on links or open attachments from unknown users; and only download free software from sites a user knows and trusts. When using a public computer, do not let web browsers remember passwords, and log out of all accounts when finished.
The FTC also provides more tips for using public wi-fi networks.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics.
- MEDIA CONTACT:
Office of Public Affairs