fishermen newburyport dunes

Security

Keeping your money safe is our top priority.


fraud alert imageIn the last few days we have seen an increase in fraudulent text messages and phone calls from individuals claiming to be from the INSTITUTION FOR SAVINGS FRAUD DEPARTMENT. Customers receive a text, followed by a phone call from individuals claiming to work for the Institution for Savings. The fraudsters then claim they need you to login to online banking and change your password, provide security codes and or provide account numbers. These
fraudsters are very insistent on the telephone.

If you have received a text message or call and have given any personal banking information out, please call Deposit Services immediately at 978-462-3106. The Institution for Savings does have a fraud department and if it is a legitimate text message or call from us you will simply be asked to confirm activity or tell us if the transaction(s) indicated is fraud. Important: as part of a fraud claim we do not need you to change or provide security credentials or account numbers to proceed. Remember we are the Bank and we have the information we need.

As always, we urge you to never give out your account information or security credentials, even if you think you know who is asking for it. Banks will never call and ask you to provide personal information over the telephone. (If you call us, you may be asked to provide information, however, to verify your identity.) We encourage you to review your account(s) regularly for any suspicious or unauthorized charges. If you have online banking, it is easy to do! If you do not use online banking, please contact us to set it up.

We want to ensure that you are doing everything you can to protect your funds and personal information. Please call Deposit Services at 978-462-3106 if you have any questions or encounter any of these scams.



















With the recent uptick in the number and sophistication of financial scams that we are seeing, we want to take this opportunity to remind you to be diligent about protecting your funds and personal information. Check out these six important tips to protect your
funds AND your identity:

  1. BE WARY WHEN SOMEONE INSTRUCTS YOU TO DOWNLOAD
    AN APP ON YOUR PHONE. A new scam has recently been unveiled where scammers create fake apps and trick you into downloading them to gain access to your device and information. Make sure any app you download is legitimate. When in doubt, do some research: visit the app website, check its ratings. Be aware that even legitimate apps can be used fraudulently so be cautious!
  2. NEVER GIVE OUT YOUR ACCOUNT INFORMATION OR SECURITY CREDENTIALS, EVEN IF YOU THINK YOU KNOW WHO IS ASKING FOR IT. We cannot say this enough times! The Bank will never contact you by telephone, text or email requesting you provide personal information such as your account number, debit card number, online banking login information, social security number or personal identification number (PIN). If you call us, however, you will be asked to verify confidential information.
  3. BE CAUTIOUS ABOUT CLICKING ON LINKS IN TEXTS, EMAILS, POP-UPS OR ADS, ESPECIALLY FROM SOMEONE PRETENDING TO BE YOUR BANK AND LINKS TITLED "URGENT" OR
    "WARNING. Scammers will attempt to lure you into clicking on fraudulent links that may allow them access to everything on your computer.
  4. MAKE SURE YOUR DEVICES ARE UP TO DATE. For your financial security, it is important to keep your computers, tablets and phones updated with the latest operating system and security software available.
  5. REVIEW YOUR ACCOUNTS REGULARLY FOR ANY UNAUTHORIZED OR SUSPICIOUS CHARGES. If you have online banking, it is easy to do! If you do not use online banking, please contact us to set it up.
  6. PROPERLY DISPOSE OF BANK STATEMENTS AND OTHER PERSONAL INFORMATION. Senior centers and libraries often have shredders and the Bank's annual free Shred-it event is scheduled for June 4th from 9 am - 12 Noon at our Storey Avenue Newburyport, County Road Ipswich and Paradise Road Salem offices.

We want to ensure that you are doing everything you can to protect your funds and personal information. Please call Deposit Services at 978-462-3106 if you have any questions.

We continue to hear about sophisticated scams that ask you to disclose your personal and/or account information. We would like to review some basic safety and security measures with you.

  • We will never contact you by telephone, text or email requesting that you provide personal information such as your account number, debit card number, Online Banking login information, Social Security Number or Personal Identification Number (PIN). However, if you call us you will be asked to verify confidential information.
  • When the Institution for Savings suspects fraud, a transaction alert will be sent via telephone, text, or email; however, we will never ask you to provide confidential information in your response.
  • If you receive a telephone call, text or email and have any suspicion, do NOT respond. Instead, contact Deposit Services at 978-462-3106.
Things we will NEVER ask you for:
 
banks never ask that chart

Use caution when using any payment app!  Please beware that we do not cover fraud or errors related to any payment app transactions. Payment apps such as Venmo, Zelle, Cash App, Google Pay and PayPal are intended to be used to pay people you know and trust.  These apps are NOT intended to be used to pay people you don’t know,  and should not be used for online purchases. 

Once you send a transaction using a payment app, the money is immediately withdrawn from your account and you have no means to recover the funds.  Any transactions you initiate using a payment app are considered authorized and you are unable to make a fraud claim. Additionally, the Bank cannot assist you in tracking funds that may have been sent to the incorrect recipient in error. 

Our best advice: pay only your friends and family using these apps. To maximize payment protection we recommend using your credit card to make purchases.    

We have recently encountered a SIGNIFICANT increase in the number and sophistication of financial scams. We want to take this opportunity to share some information about the scams we are seeing and to remind you to be diligent about protecting your funds and personal information.

  • NEVER GIVE OUT YOUR ACCOUNT INFORMATION OR SECURITY CREDENTIALS, even if you think you know who is asking for it. Banks will never call and ask you to provide personal information over the telephone. (If you call us , you may be asked to provide information, however, to verify your identity.)
  • BE CAUTIOUS ABOUT CLICKING ON LINKS in texts, emails, pop-ups or ads, especially from someone pretending to be your bank and links titled "Urgent" or "Warning."
  • DO NOT EVER SEND MONEY if someone asks you to pay to "recover funds" as a result of fraud.
  • DO NOT TAKE FUNDS OUT OF THE BANK TO PAY FOR ANYTHING IN VIRTUAL CURRENCY (i.e.. Crypto, Bitcoin).
  • NEVER PURCHASE GIFT CARDS TO USE AS PAYMENT if someone asks.
  • DO NOT SEND MONEY TO "FRIENDS" YOU MEET ONLINE.
  • DO NOT SEND MONEY TO HELP A "RELATIVE IN TROUBLE" BASED ON A PHONE CALL.
  • DO NOT SEND MONEY TO THE FBI, IRS OR ANY GOVERNMENT AGENCY BASED ON A THREATENING PHONE CALL. Government agencies will NOT call and threaten people for "immediate payment" of a debt.
  • IF YOU GET A CALL FROM AMAZON, MICROSOFT OR APPLE CUSTOMER SERVICE ABOUT "FRAUDULENT CHARGES" ON YOUR ACCOUNT, HANG UP. These companies do not call customers about bank or debit card fraud. 

We encourage you to review your accounts regularly for any suspicious or unauthorized charges. If you have online banking, it is easy to do! If you do not use online banking, please contact us to set it up.

There are many ways to protect yourself, your personal information and your money. We’ve provided information and tools below to serve as a resource for our customers. We are committed to safeguarding your funds and identity. Please contact us immediately at 978-462-3106 if you believe you have been compromised.
Financial exploitation of Seniors is more common than you think and it's happening right here in your own community!

If you think you or someone you know may be a victim of financial exploitation call the Executive Office of Elder Affairs Elder Abuse Hotline at 1-800-922-2275.

Could someone you know be
  • Taking your money or belongings without your knowledge?
  • Signing your name without permission?
Protect yourself from exploitation
  • Never sign anything you don’t understand.
  • Never give away property in exchange for care.
  • Know your banker, attorney, or financial advisor.
  • Document financial arrangements in writing.
  • Check the references and credentials of anyone who wants to work in your home, including utility workers and town employees.
  • Beware of door-to-door sales people and telephone sales pitches.
  • Don’t give out your bank account number, credit card number, or other personal information over the phone or Internet.
  • Stay socially active.
If it doesn’t make sense, ask for help.
 
SAFETY TIPS:
  • Never sign anything you don’t understand.
  • Plan ahead. Consider a trust or power of attorney.
  • Don’t isolate yourself, keep up with friends.
  • Get to know your bank personnel.
  • Use Direct Deposit.
  • Ask for help.
As always, please contact us with any questions or concerns.

The loss or theft of personal data such as credit card, Social Security and/or checking account numbers soared to unprecedented levels in recent years, according to financial experts...and the trend isn't expected to turn around any time soon. But you can reduce your risk of fraud by following these and other tips to guard your personal information!

If you have given out your credit, debit or ATM card information
 
  • Report the incident to the card issuer immediately
  • Cancel your account and open a new one
  • Review billing statements carefully after the incident
  • If the statements show unauthorized charges, send a letter to the card issuer via regular mail (keep a copy) describing each questionable charge
  • Schedule recurring transfers between accounts

Credit Card Loss or Fraudulent Charges

Your maximum liability under federal law for unauthorized use of your credit card is $50 (policies vary). If the loss involves your credit card number, but not the card itself, you have no liability for unauthorized use; in general, you may only be liable for a very small amount but always check with your individual card company for their exact policy.
Your liability depends on how quickly the loss is reported. You risk unlimited loss by failing to report an unauthorized transfer within 60 days after your bank statement containing unauthorized use is mailed to you.

If you have given out your bank account information:
 
  • Report the theft to the bank as quickly as possible
  • Cancel your account and open a new one

If you have downloaded a virus or 'Trojan Horse'
 
  • Some phishing attacks use viruses and/or a 'Trojan Horse' to install programs called "key loggers" on your computer. These programs capture and distribute any information you type to the phisher, including credit card numbers, usernames and passwords, Social Security Numbers, etc.
  • If this occurs, you likely may not be aware.
  • To minimize this risk, you should:
    • Install and/or update anti-virus and personal firewall software
    • Update all virus definitions and run a full scan
    • If your system still appears compromised, fix it and then change your password again.
Check your other accounts - suspects may have accessed different accounts: eBay account, PayPal, your email ISP, online bank accounts, and other e-commerce accounts.

If you have given out your personal identification information

Identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes. If you have given this information to a phisher, you should do the following:
  • Report the theft to the three major credit reporting agencies, Experian, Equifax and TransUnion Corporation, and do the following:
    • Request that they place a fraud alert and a victim's statement in your file
    • Request a FREE copy of your credit report to check whether any accounts were opened without your consent
    • Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft
Major Credit Bureaus:
Equifax
Experian
TransUnion


Notify your bank(s) and ask them to flag your account and contact you regarding any unusual activity: If bank accounts were set up without your consent, close them; If your ATM card was stolen, get a new card, account number and PIN; Contact your local police department to file a criminal report; Contact the Social Security Administration's Fraud Hotline to report the unauthorized use of your personal identification information; Notify the Department of Motor Vehicles of your identity theft; Check to see whether an unauthorized license number has been issued in your name; Notify the passport office to watch for anyone ordering a passport in your name; File a complaint with the Federal Trade Commission; Ask for a free copy of "ID Theft: When Bad Things Happen in Your Good Name"; File a complaint with the FBI's Internet Crime Complaint Center.

For victims of Internet fraud, IFCC provides a convenient and easy reporting mechanism that alerts authorities of suspected criminal or civil violations.

Document the names and phone numbers of everyone you speak with regarding the incident. Follow-up your phone calls with letters. Keep copies of all correspondence.

If you see a suspicious-looking email message claiming to be from the Institution for Savings, please let us know. We continually monitor such reports and act on them promptly. Additionally, also consider contacting the FBI's Internet Crime Complaint Center.

As always, please contact us with any questions or concerns.
Corporate Account Takeover & Information Security Awareness:
An Overview for Customers courtesy of Conference of State Bank Services (CSBS)

What is Corporate Account Takeover?
A fast growing electronic crime where thieves typically use some form of malware to obtain login credentials to Corporate Internet Banking accounts and fraudulently transfer funds from the account(s). Domestic and International Wire Transfers, Business-to-Business ACH payments, Internet Bill Pay and electronic payroll payments have all been used to commit this crime.

How does it work?
  • Criminals target victims by scams.
  • Victim unknowingly installs software by clicking on a link or visiting an infected Internet site.
  • Fraudsters began monitoring the accounts.
  • Victim logs on to their Internet Banking.
  • Fraudsters collect login credentials.
  • Fraudsters wait for the right time and then -- depending on your controls -- they login after hours or if you are utilizing a token they wait until you enter your code and then they hijack
    the session and send you a message that Internet Banking is temporarily unavailable. 
Where does it come from?
  • Malicious websites (including Social Networking sites)
  • Email
  • P2P Downloads (e.g. LimeWire)
  • Ads from popular web sites
  • Web-borne infections: According to researchers in the first quarter of 2011, 76% of web resources used to spread malicious programs were found in 5 countries worldwide: United States, Russian Federation, Netherlands, China, & Ukraine.
What is Rogue Software/Scareware?
  • Form of malware that deceives or misleads users into paying for the fake or simulated removal of malware.
  • Has become a growing and serious security threat in desktop computing.
  • Mainly relies on social engineering in order to defeat the security software.
  • Most have a Trojan Horse component, which users are misled into installing.
    • Browser plug-in (typically toolbar).
    • Image, screensaver or ZIP file attached to an e-mail. 
    • Multimedia codec required to play a video clip.
    • Software shared on peer-to-peer networks 
    • A free online malware scanning service
E-mail Usage
CAUTION !
  • What may be relied upon today as an indication that an email is authentic may become unreliable as electronic crimes evolve.
  • This is why it is important to stay abreast of changing security trends.
  • Some experts feel e-mail is the biggest security threat of all. 
  • The fastest, most-effective method of spreading malicious code to the largest number of users.
  • Also a large source of wasted technology resources
  • Examples of corporate e-mail waste:
    • Electronic Greeting Cards
    • Chain Letters
    • Jokes and graphics
    • Spam and junk e-mail
What we can do to PROTECT
  • Provide Security Awareness Training for Our Employees & Customers
  • Review our Contracts
  • Make sure that both parties understand their roles & responsibilities
  • Make sure our Customers are Aware of Basic Online Security Standards
  • Stay Informed
  • Attend webinars/seminars & other user group meetings
  • Develop a layered security approach
Layered Security approach
  • Multi-factor Authentication
  • Watermark image
  • Monitoring of IP Addresses on login
  • Challenge questions/phone verification on login and ACH/Wire generation
  • User Authority Limits to control account entitlements
  • Calendar File – Frequencies and Limits
  • Dual Control Processing of files on separate devices –recommended
  • Out of Band Confirmation on every wire transfer
  • Monitoring of every ACH batch that is originated
  • Secure Browser Key
  • Secure Token requirement for Cash Management customers
What can Businesses do to Protect?
  • Education is Key. Train your employees! 
  • Secure your computer and networks.
  • Limit Administrative Rights. Do not allow employees to install any software without receiving prior approval.
  • Install and Maintain Spam Filters.
  • Verify system users are currently employees and their access privileges align with their job responsibilities.
  • Work with IT consultants or dedicated IT staff to implement and maintain Network Segmentation.
  • Review and update network security including patch management and access privileges frequently.
  • Purchase Cyber Insurance to protect you against Cyber Crime Incidents.
  • Surf the Internet carefully.
  • Install & maintain real-time anti-virus & anti-spyware desktop firewall & malware detection & removal software. Use these tools regularly to scan your computer. Allow for automatic updates and scheduled scans.
  • Install routers and firewalls to prevent unauthorized access to your computer or network. Change the default passwords on all network devices.
  • Install security updates to operating systems and all applications as they become available.
  • Block Pop-Ups.
  • Do not open attachments from e-mail. Be on the alert for suspicious emails
  • Do not use public Internet access points.
  • Reconcile accounts daily.
  • Note any changes in the performance of your computer.
  • Dramatic loss of speed, computer locks up, unexpected rebooting, unusual popups, etc.
  • Make sure that your employees know how and to whom to report suspicious activity to at your Company and the Bank.
  • Contact the Bank if you:
    • Suspect a Fraudulent Transaction
    • If you are trying to process an Online Wire or ACH Batch & you receive a maintenance page.
    • If you receive an email claiming to be from the Bank and it is requesting personal/company information.
As always, please contact us with any questions or concerns.
The vast majority of cyber thefts begin with the thieves compromising your computer(s). Perpetrators often monitor the customer’s email messages and other activities for days or weeks prior to committing the crime. You should be vigilant in monitoring account activity. You have the ability to detect anomalies or potential fraud prior to or early into an electronic robbery.

Warning signs visible to a customer that their system/network may be compromised include:
  1. Inability to log into online banking (thieves could be blocking customer access so the customer won’t see the theft until the criminals have control of the money);
  2. Dramatic loss of computer speed;
  3. Changes in the way things appear on the screen;
  4. Computer locks up so the user is unable to perform any functions;
  5. Unexpected rebooting or restarting of the computer; 
  6. Unexpected request for a one time password (or token) in the middle of an online session;
  7. Unusual pop-up messages, especially a message in the middle of a session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc.);
  8. New or unexpected toolbars and/or icons; and
  9. Inability to shut down or restart the computer.
Examples of Deceptive Ways Criminals Contact Account Holders:
  1. The FDIC does not directly contact bank customers (especially related to ACH and Wire transactions, account suspension, or security alerts), nor does the FDIC request bank customers
    to install software upgrades. Such messages should be treated as fraudulent and the account holder should permanently delete them and not click on any links.
  2. Messages or inquiries from the Internal Revenue Service, Better Business Bureau, NACHA, and almost any other organization asking the customer to install software, provide account
    information or access credentials is probably fraudulent and should be verified before any files are opened, software is installed, or information is provided.
  3. Phone calls and text messages requesting sensitive information are likely fraudulent. If in doubt, account holders should contact the organization at the phone number the customer obtained from a different source (such as the number they have on file, that is on their most recent statement, or that is from the organization’s website). Account holders should not call phone numbers (even with local prefixes) that are listed in the suspicious email or text message.
If you know or have any reason to suspect your computer may be compromised contact the Bank immediately to have your Internet Banking login disabled to avoid theft.

As always, please contact us with any questions or concerns.
Online Security for Your Cash Management Account

The vast majority of cyber thefts begin with the thieves compromising the computer(s) of the business account holders. Perpetrators often monitor the customer’s email messages and other activities for days or weeks prior to committing the crime. The corporate customer is most vulnerable just before a holiday when key employees are on vacation. Another risk period is on a day the business office is relocating or installing new computer equipment. Employees may be distracted and think a problem conducting online banking is due to a new network or equipment. Therefore it is important and necessary for the corporate customer’s employees to follow established security practices. Basic practices to implement include:
  1. Provide continuous communication and education to employees using online banking systems. Providing enhanced security awareness training will help ensure employees understand the security risks related to their duties;
  2. Verify system users are currently employees and their access privileges align with their job responsibilities;
  3. Work with IT consultants or dedicated IT staff to implement and maintain Network Segmentation;
  4. Review and update network security including patch management and access privileges frequently;
  5. Update anti-virus and anti-malware programs frequently;
  6. Update, on a regular basis, all computer software to protect against new security vulnerabilities (patch management practices);
  7. Communicate to employees that passwords should be strong and should not be stored on the device used to access online banking;
  8. Adhere to dual control procedures;
  9. Use separate devices to originate and transmit wire/ACH instructions;
  10. Transmit wire transfer and ACH instructions via a dedicated and isolated device;
  11. Practice ongoing account monitoring and reconciliation, especially near the end of the day;
  12. Purchase Cyber Insurance to protect you against Cyber Crime Incidents;
  13. Adopt advanced security measures by working with consultants or dedicated IT staff; and
  14. Utilize resources provided by trade organizations and agencies that specialize in helping small businesses.
Red Flags of a Possible Takeover of a Business Account Include:
  1. Configuration changes to cash management/online banking profiles:
    • New user accounts added;
    • New ACH batches or wire templates with new payees;
    • Changes to personal information;
    • Disabling or changing notifications; and
    • Changes to the online account access profile;

  2. Compromised internal systems used by employees resulting in:
    • Inability to log into online banking system (thieves could be blocking the bank’s access while they are making modifications to account settings);
    • Dramatic loss of computer speed;
    • Changes in the way web pages, graphics, text or icons appear;
    • Computer lock up so the user is unable to perform any functions;
    • Unexpected rebooting or restarting of computer;
    • Unexpected request for a one time password (or token) in the middle of an online session;
    • Unusual pop-up messages, such as “try back later” or “system is undergoing maintenance”;
    • New or unexpected toolbars and/or icons; and Inability to shut down or restart.
Examples of Deceptive Ways Criminals Contact Account Holders
  1. The FDIC does not directly contact bank customers (especially related to ACH and Wire transactions, account suspension, or security alerts), nor does the FDIC request bank customers to install software upgrades. Such messages should be treated as fraudulent and the account holder should permanently delete them and not click on any links.
  2. Messages or inquiries from the Internal Revenue Service, Better Business Bureau, NACHA, and almost any other organization asking the customer to install software, provide account information or access credentials is probably fraudulent and should be verified before any files are opened, software is installed, or information is provided.
  3. Phone calls and text messages requesting sensitive information are likely fraudulent. If in doubt, account holders should contact the organization at the phone number the customer obtained from a different source (such as the number they have on file, that is on their most recent statement, or that is from the organization’s website). Account holders should not call phone numbers (even with local prefixes) that are listed in the suspicious email or text message.
An Incident Response Plan for your Business
Since each business is unique, customers should write their own incident response plan. A general template would include:
  1. Contact information for the bank;
  2. Steps the account holder should consider to limit further unauthorized transactions, such as: 
    • Changing passwords;
    • Disconnecting computers used for Internet banking; and
    • Requesting a temporary hold on all other transactions until out-of-band confirmations can be made;
  3. Information the account holder will provide to assist the bank in recovering their money;
  4. Contacting their insurance carrier; and
  5. Working with computer forensic specialists and law enforcement to review appropriate equipment.
As always, please contact us with any questions or concerns.