Tips to Protect Your Identity

Identity theft continues to be one of the fastest growing crimes in the United States.  Jersey State Bank recommends following these tips to keep your information – and your money – safe.

1. Don’t share your secrets.
   Don’t provide your Social Security number or account information to anyone who contacts you online or over the phone. Protect your PINs and passwords and do not share them with anyone. Use a combination of letters and numbers for your passwords and change them periodically. Do not reveal sensitive or personal information on social networking sites.  Never share your banking information or login credentials with someone by phone, text, or email (even if you are told it is someone from a trusted institution). This includes your Username, Password, Security Question Answers, and Out of Band Authentication Codes.
2. Shred sensitive papers.
   Shred receipts, banks statements and unused credit card offers before throwing them away.
3. Keep an eye out for missing mail.
   Fraudsters look for monthly bank or credit card statements or other mail containing your financial information. Consider enrolling in online banking to reduce the likelihood of paper statements being stolen. Also, don’t mail bills from your own mailbox with the flag up.
4. Use online banking to protect yourself.
   Monitor your accounts by keeping track of transactions on your accounts and logging in to Jersey State Bank’s Online Banking, where you can view your activity as it is posted. Examine your credit card and financial institution statements immediately upon receipt to determine whether there were any unauthorized transactions.  Report any that you find immediately.
5. Monitor your credit report.
   Order a free copy of your credit report every four months from one of the three credit reporting agencies at annualcreditreport.com.
6. Protect your computer.
   Make sure the virus protection software on your computer is active and up to date. When conducting business online, make sure your browser’s padlock or key icon is active. Also look for an “s” after the “http” to be sure the website is secure.  Never allow someone to remotely login to your computer.  Scammers try to trick people into clicking on links that will download viruses, spyware, and other unwanted software — often by bundling it with free downloads.
7. Don’t click on pop-ups or ads about your computer’s performance. Scammers insert unwanted software into pop-up messages or ads that warn that your computer’s security or performance is Avoid clicking on these ads if you don’t know the source.
8. Protect your mobile device.
   Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen. Before you donate, sell or trade your mobile device, be sure to wipe it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen. Use caution when downloading apps, as they may contain malware and avoid opening links and attachments – especially for senders you don’t know.
9. Report any suspected fraud on your account to Jersey State Bank immediately.  Also, report fraud directly to the Federal Trade Commission.

For more information visit the Federal Trade Commission at https://consumer.ftc.gov/

Consumer Tips

• Examine your bank statements immediately upon receipt to determine whether there were any unauthorized transactions. Report any unauthorized transactions that you find immediately to Jersey State Bank.
• Never respond to Out of Band Authentication phone calls or texts that you did not initiate.
• Do not carry your Social Security card in your wallet.
• Shred or tear up any documents containing banking or credit information, especially pre-approved credit offers, before you throw them away.
• Keep your PIN’s and passwords a secret. Do not write them down or share them with anyone.
• Use your debit/credit card chip instead of swiping whenever possible. This helps protect your card through creating a unique transaction code each time you use it, as opposed to swiping where the data never changes from transaction to transaction.
• Do not have personal information such as your Social Security number and driver’s license number printed on your checks.
• Keep your new and cancelled checks in a safe place.
• Do not leave your purse, wallet, checkbook, or any other forms of identification in your car or any place susceptible to theft.

Resources

• Each year, you are entitled to one free credit report through https://www.annualcreditreport.com/index.action or by calling 1-877-322-8228.
• Request a copy of your Social Security statements at ssa.gov/myaccount to be sure that no one else is using your social security number for employment
• Opt out of pre-screened credit offers by calling 1-888-567-8688 or at https://www.optoutprescreen.com/.
• Add your phone numbers to the national Do Not Call Registry at https://www.donotcall.gov/ or by calling 1-888-382-1222.

Emails from Jersey State Bank

For your protection, we will not send you an email to update or confirm your sensitive information by clicking a link or replying.

Emails to Jersey State Bank

Please do not send personal information in un-secure email. Secure email may be sent from within our Online Banking system from an internet browser.  Simply login to your secure online banking account then click “Bank Mail.”

More information about the different types of fraud, malware and cybersecurity trends is located on our Security page and provides more tips on how to protect yourself online. Stop.Think.Connect. (stopthinkconnect.org)

Identity Theft

Identity Theft is the most popular and profitable form of consumer fraud. It occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes.

Common ways identity theft can happen:

“Old Fashioned” Stealing

• Thieves typically steal wallets and purses. They also steal mail such as credit card and bank statements, pre-approved credit card offers, check orders and other financial mail.

Dumpster Diving

• Thieves dig through trash looking for bills, financial or other personal information.

Change of Address

• Thieves modify or redirect your billing statements to another address by completing a “change of address” form.

Phishing

• Thieves may send unsolicited Emails, pretending to be a financial institution or a company, asking you to click a link to update or confirm your personal or login information. The link is directed to a “spoof” website designed to look like a legitimate site.

Skimming

• Thieves may use a card reader device to copy the card’s magnetic strip to duplicate without the card owner’s knowledge.

Monitor your accounts

Keep track of transactions on your accounts by logging in to Jersey State Bank‘s Online Banking or Mobile Banking, where you can view your activity as it is posted.

Protect your personal information

• Do not carry your Social Security card in your wallet.
• Do not have personal information such as your Social Security number and driver’s license number printed on your checks.
• Keep your new and cancelled checks in a safe place.
• Do not leave your purse, wallet, checkbook, or any other forms of identification in your car
• Shred or tear up any documents containing banking or credit information, especially pre-approved credit offers, before you throw them away. To opt out of pre-approved credit card offers, call 1-888-567-8688.
• Keep your PINs and passwords a secret. Do not write them down or share them with anyone.

Computer Security

Jersey State Bank continually makes investments in state-of-the-art online banking security to ensure we protect the confidentiality of every customer’s online information and to provide the utmost security for every user.

Computer Protection Tips:

• Update your computer operating system on a regular basis.
• Keep your browser current with the latest security updates.
• Make sure the virus protection and anti-malware software on your computer is active and up to date.
• Change your passwords on a regular basis, as a good practice to help prevent unauthorized access.
  • Make sure your password is long and strong. That means at least 12 characters.
  • Don’t reuse passwords you’ve used on other accounts.
  • Use multi-factor authentication when it’s an option. Like a passcode you get via an authentication app or a security key or scan of your fingerprint or your face.
  • Pick security questions only you know the answer to.
• When conducting business online, make sure your browser’s padlock or key icon is active. Also look for an “s” after the “http” to be sure the website is secure.
• Never allow someone to remotely login to your computer.  Scammers try to trick people into clicking on links that will download viruses, spyware, and other unwanted software — often by bundling it with free downloads.
• Don’t click on pop-ups or ads about your computer’s performance. Scammers insert unwanted software into pop-up messages or ads that warn that your computer’s security or performance is Avoid clicking on these ads if you don’t know the source.
• Do not install software without knowing exactly what it is or what it will do (read the end-user license agreement).
• Get well-known software directly from the source
• Close pop-up ads by clicking on the “X” instead of clicking within the advertisement itself.
• Pay attention to your browser’s security warnings. Many browsers come with built-in security scanners that warn you before you visit an infected webpage or download a malicious file
• Don’t click on pop-ups or ads about your computer’s performance.
• Instead of clicking on a link in an email or text message, type the URL of a trusted site directly into your browser
• Install a personal firewall on your computer. A firewall works like a filter that prevents access to information on your computer.
• Don’t give any of your personal information to any web sites that do not use encryption or other secure methods to protect it.

12 Ways to Protect Your Mobile Device

Your mobile device provides convenient access to your email, bank and social media accounts. Unfortunately, it can potentially provide the same convenient access for criminals. Jersey State Bank recommends following these tips to keep your information – and your money – safe.

1. Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.
2. Log out completely when you finish a mobile banking session.
3. Download the updates for your phone and mobile apps. Update your operating system and apps regularly.  You can even turn this on to do it automatically.
4. Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.
5. Use caution when downloading apps. Apps can contain malicious software, worms, and viruses. Beware of apps that ask for unnecessary “permissions.”
6. Avoid storing sensitive information like passwords or a social security number on your mobile device.
7. Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you’re punching in sensitive information.
8. Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
9. Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don’t know. And be wary of ads (not from your security provider) claiming that your device is infected.
10. Watch out for public Wi-Fi. Public connections aren’t very secure, so don’t perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network.
11. Tell your Jersey State Bank immediately if you change your phone number or lose your mobile device.
12. Report any suspected fraud to Jersey State Bank immediately.

6 Ways to Protect your Business from Email Compromise Scams

Companies of all sizes are being targeted by criminals through Business Email Compromise scams. In these scams, cybercriminals gain access to an employee’s legitimate business email through social engineering or computer intrusion. The criminal then impersonates the employee – often a senior executive or someone who can authorize payments – and instructs others to transfer funds on their behalf. Jersey State Bank recommends the following tips to help businesses and employees avoid business email compromise attacks:

• Educate your employees. You and your employees are the first line of defense against business email compromise. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
• Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
• Use alternative communication channels to verify significant requests. Have multiple methods outside of email – such as phone numbers, alternate email addresses – established in advance through which you can contact the person making the request to ensure it is valid.
• Be wary of sudden changes in business practices or contacts. If an employee, customer or vendor suddenly asks to be contacted via their personal e-mail address, verify the request through known, official and previously used correspondence as the request could be fraudulent.
• Be wary of requests marked “urgent” or “confidential. Fraudsters will often instill a sense of urgency, fear or secrecy to compel the employee to facilitate the request without consulting others. Use an alternative communication channel outside of email to confirm the request.
• Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions such as call backs, device authentication and multi-person approval processes.

If you fall victim to a business email compromise scam:

• Contact your financial institution immediately to notify them about the fraudulent transfer and request that they contact the institution where the fraudulent transfer was sent.
• Contact your local Federal Bureau of Investigation office as they might be able to freeze or return the funds, if notified quickly.
• File a complaint with FBI’s Internet Crime Complaint Center, regardless of dollar loss, at IC3.gov.

Scams Alerts

We recommend you learn ways to protect yourself from common fraud schemes.

Lottery/Sweepstakes Scams

Lottery/Sweepstakes scams target consumers by a notification, which arrives through the mail, by email, or by an unsolicited telephone call. Here’s how it works:

• The notification advises you have won a prize, but you did not enter in any type of lottery or sweepstake by the promoter contacting you.
• The promoter will ask you to send payment to cover the cost of redeeming the prize when the prize does not exist.
• In this type of scam, you may rarely if ever receive any winnings in return.

Check Overpayment Scams

Check Overpayment scams target consumers who sell items through an online auction site or a classified ad. Here’s how it works:

• The seller takes a big loss when the ‘buyer’ passes a counterfeit cashier’s check, money order, corporate or personal check as payment.
• The counterfeit check is written for more than the agreed price.
• The ‘buyer’ will ask the consumer to wire back the difference after the check has been deposited.
• The checks will more than likely bounce and the consumer becomes liable for the entire amount.

Tips for the mailbox

Deposit outgoing mail at the Post Office.

• Remove incoming mail from your personal mailbox as soon as possible, or use a P.O. Box or locked, secure mailbox.
• Request a mail hold from the United States Postal Service or call them at 1-800-275-8777 if you plan to be away from home for an extended period.
• Know your billing cycles. If bills are late or missing, contact your creditors.
• Watch for your new or replacement debit card from Jersey State Bank.
• Switch to a more secure way of receiving your account statement. When you sign up for Jersey State Bank eStatements, your statement will no longer sit in your mailbox. Instead, we will send you an email when your statement is available through our secure system.

Tips for the phone

• Do not give out personal information, such as your account numbers, card numbers, Social Security, tax identification numbers, passwords, or PINs, unless you have initiated the call.
•  Never share your banking information or login credentials with someone by phone, text, or email (even if you are told it is someone from a trusted institution). This includes your Username, Password, Security Question Answers, and Out of Band Authentication Codes.
• We will not make an unsolicited call requesting your personal information.

If you ever believe you are not talking to a representative of a legitimate company, hang up and call the phone number listed in the telephone book.

Vishing

Vishing scams target consumers by “spoofing” text or voicemail messages that ask you to call a phone number and give your personal information. Here’s how it works:

• You receive a “spoof” email, text message, or voicemail about suspicious account activity.
• The email, text message, or voicemail message will ask you to call a “customer service” number.
• When you call the customer service number, a recording will ask you to provide personal information such as account numbers, passwords, a social security number, or other critical information.
• The recording may not mention the company’s name and could potentially be an indication the call is being used for fraud.
• In a variation of this scam, you may receive a phone call.
• The call could be a “live” person or a recorded message.
• The caller may already have your personal information, which may seem as if the call is legitimate.

Smishing

Smishing is when consumers’ cell phones and other mobile devices are targeted with mobile spam. The spam, or text messages, attempt to trick consumers into providing personal information. Here’s how it works:

• You receive a fake text message, which may include a fraudulent link, asking you to register for an online service.
• The scammer attempts to load a virus onto your cell phone or mobile device.
• The scammer may also send a message ‘warning’ you that your account will be charged unless you cancel your supposed online order.
• When you attempt to log on to the website, the scammer extracts your credit card number and other personal information.
• In turn, your information is used to duplicate credit, debit and ATM cards.
• Scammers may also send you a text message again ‘warning’ you that your bank account has been closed due to suspicious activity.
• The text message will ask you to call a ‘customer service’ number to reactivate your account.
• When you call the number, you are taken to an automated voice mail box that prompts you to key in your credit card, debit card or ATM card number, expiration date and PIN to verify your information.
• Again, your information is used to duplicate credit, debit and ATM cards.

Phishing & Spoofing

While Jersey State Bank works to protect your banking privacy, you also play an important role in protecting your information. Here are a few steps you can take to protect your identity:

Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.

Phishing scams target consumers by “spoofing” emails and websites. Here’s how it works:

• You receive an email message, asking you to click on a link in order to update some sensitive personal information.
• The link will redirect you to a “spoofed” website, which is designed to look like a legitimate website.
• The website will ask you to input personal information such as your account numbers, PINs, or a social security number.
• Never allow someone to remotely login to your computer.  Scammers try to trick people into clicking on links that will download viruses, spyware, and other unwanted software — often by bundling it with free downloads.
• Don’t click on pop-ups or ads about your computer’s performance. Scammers insert unwanted software into pop-up messages or ads that warn that your computer’s security or performance is Avoid clicking on these ads if you don’t know the source.

Email protection tips

• Do not click links in Emails to log in, or to update or confirm your sensitive information
• Do not fill out forms in Emails
• Be cautious about opening attachments or downloading files, regardless of who sent them
• ‘Spam’, or mass email messages, often contain links to phishing websites and other unsavory websites.
• Many phishing scams originate outside of the United States. Be wary of emails from people or sources you don’t know or trust.
• Poor grammar and misspelled words from unknown sources asking you for personal information are clear warning signs of a phishing scam being operated outside of the United States.
• Legitimate companies or organizations will never ask you to divulge any personal information over email.
• Phishing emails may also be fake contests or offerings, asking you to input personal information.
• If an offer or email you receive is too good to be true, it most likely is.

Bank Error Messages

One of the newest schemes by fraudsters involves spoofing bank error messages. Here’s how it works:

• Fraudsters will send you an email message about a data or site maintenance error at Jersey State Bank or any of your banks.
• The email will ask you to click on a link, which will redirect you to a site and will install malware on your computer.
• This malware allows scammers to intercept your password and bypass the dual authentication system many financial institutions use.
• The next time you attempt to log in to your online banking service, scammers attempt to steal your password and may quickly drain your account.

Emails from Jersey State Bank

For your protection, we will not send you an email to update or confirm your sensitive information by clicking a link or replying.

Emails to Jersey State Bank

Please do not send personal information in un-secure email. Secure email may be sent from within our Online Banking system from an internet browser.  Simply login to your secure online banking account then click “Bank Mail.”