HELP PROTECT YOURSELF

Scammers often try to target you through emails, text messages, and voice calls impersonating your bank. They may claim to be from the fraud department and even name-drop employee names. If you unexpectedly receive an email, text or call claiming to be Citizens Bank of West Virginia requesting personal information, it is likely fraud if the request asks for:

• Social Security Number
• Date of Birth
• Current Password
• A Code Received via Text Message
• Clicking a Link Sent Via Text or Email

Citizens Bank of West Virginia will never email, text or call you asking for personal or account information.

Never click a link or download an attachment from someone you don’t know.

If you get one of these emails, texts or phone calls, hang up and call the bank immediately.

304.636.4095 | 800.797.5790

• We are always on guard to anticipate, address and help prevent security threats.
• 24/7 surveillance and security systems strictly control access to all of our offices.
• Citizens Bank will automatically log you out of our online banking after 20 minutes of inactivity. This timed log off reduces the risk of unauthorized access to your account from an unattended computer.
• Citizens Bank’s mobile applications (for smartphones, iPads and other mobile devices) will automatically log you out after 20 minutes of inactivity. This helps reduce risk from unauthorized access to your account if your mobile device is lost or stolen.
• We encrypt your confidential banking data to protect it on route to and from our servers.
• We monitor payment channels for suspicious transactions to detect fraud.

While identity theft can happen to anyone, there are some things you can do to reduce your risk. The Federal Trade Commission’s site provides the most up-to-date information on how to deter, detect, and defend against identity theft.

If you think someone is using your personal information to open accounts, file taxes, or make purchases, visit IdentityTheft.gov to report and recover from identity theft.

Take action immediately by following these three steps…

1. Contact the fraud department of one of the three major credit bureaus to place a fraud alert on your credit report. The company you call is required to notify the other two credit bureaus to place an alert on their versions of your report. The fraud alert tells creditors to contact you before opening any new accounts or making changes to existing accounts. Also, ask for a free copy of your credit report and request that only the last four digits of your Social Security number appear on your report.

Equifax

P.O. Box 740241
Atlanta, GA 30374-0241
800.525.6285

Experian
P.O. Box 2002
Allen, TX 75013
888.EXPERIAN (397.3742)

TransUnion 
Fraud Victim Assistance Division
P.O. Box 6790
Fullerton, CA 92834-6790
800.680.7289

2. Contact your creditors to close any accounts that have been tampered with or opened fraudulently. If you believe your Citizens Bank accounts or debit cards were used fraudulently, call: 800.797.5790

3. File a police report with your local police department or the police in the community where the identity theft took place. Request a copy of the report to submit as proof to your creditors.

• Do not reply to the unsolicited e-mail or respond by clicking on a link within the unsolicited e-mail message.
• Contact the actual business that supposedly sent the e-mail through a secure Web site or a phone number that you know to be legitimate.
• Enter personal data only on Web sites known to be legitimate and secure—look for a “locked padlock” in the browser or “https” at the beginning of the Web site address for proof of security.
• Update anti-virus software and security patches to system software regularly.
• Check statements regularly, verify all transactions and notify financial institutions immediately of suspicious transactions.
• Forward suspicious e-mails to the Federal Trade Commission at uce@ftc.gov  or file a complaint with the FTC at www.ftc.gov or by callintg 877-ID-THEFT.

Install anti-virus, anti-malware, and anti-spam software

• Computer viruses can install malicious software (“malware”) programs on your computer without you knowing it.
• Anti-virus and anti-malware software helps detect and remove viruses and other types of malware from your computer.
• Anti-spam software helps prevent spam and junk email from entering your inbox.
• Use reputable software.
• Don’t install software offered through pop-up windows warning you that your computer is infected. These may actually install malware!
• To securely close a pop-up window, do not click the “X” in the upper-right corner of the window. Instead, right-click on the task bar button (at the bottom of your computer screen), and click Close, or use the Task Manager. If you cannot close the window using these methods, exit and restart your Internet browser.

Install a firewall and keep it turned on

• Your computer should have a firewall.
• Firewalls help protect your computer against criminals who want to crash your computer or delete or steal confidential information.
• Firewalls come prepackaged on some operating systems or may be purchased for individual computers.

Need help with Anti-virus or Firewall software?

• Microsoft Windows :
  • A firewall (included in recent versions of Windows
  • Anti-virus software (included in recent versions of Windows)
  • Go to Microsoft Safety & Security Center
• Apple Mac OS X :
  • Make sure “software update” is enabled from the Apple Menu
  • Schedule weekly checks for new software updates in “system preferences”
  • Go to Mac OS X: Updating Your Software

Use strong passwords and change them frequently

• A strong password should combine no fewer than 8 letters, numbers, and symbols.
• Never share your password with anyone.
• Create a unique user ID and password for online banking that you never use anywhere else (for example, webmail, social networking or any other online accounts).
• Don’t carry passwords around in your wallet—especially if they are listed along with usernames and websites.
• Never use a password you’ve seen used as an example or in a list of good passwords.
• Make your password easy to remember and hard to guess. Consider changing letters for numbers or symbols.

Erase or destroy your hard drive before discarding your old computer

Private information stored on your computer’s hard drive should be erased or destroyed before you get rid of your computer. First, make a backup copy of any important data you want to save. Then, to erase information permanently, you must either wipe (or “scrub”) your hard drive with special software or physically destroy it. These steps are necessary because your files may be easily recoverable even after you have deleted them or put them in the recycle/empty bins. Learn more about how to safely dispose of old computers and hard drives.

Keep your system current

• Keep your computer operating system, Internet browser, and other software up-to-date for additional protection against fraud and theft.
• Most current operating systems have the ability to automatically update critical system files to better protect your computer.
• Regularly update Adobe Flash.
• Regularly update Acrobat Reader for Windows or Macintosh.

Change default passwords and network names

• When you buy a wireless router or cable modem, it comes with a default password set up by the manufacturer. Be sure to change the default password to your own unique password.
• Routers come from the manufacturer with a default name or SSID – the name that shows up when you search for a wireless network to get on the Internet. Change the default SSID.
• Following the manufacturer’s instructions, make sure the encryption (for example, WPA2 or WEP) on your wireless router is turned on.

Protect Yourself from Social Engineering

Social engineering is the act of tricking someone into disclosing a piece of valuable information such as a username, password, credit card number, or social security number. These attacks take advantage of human vulnerabilities such as emotions, trust, or habits in order to convince individuals to take action such as clicking a fraudulent link, visiting a malicious website, or sending unrecoverable funds to someone (often outside of the country).

Hallmarks of Social Engineering Attacks:

• Contact arrives unexpectedly and/or suddenly
• Usually has either very little detail, or an overly complex backstory
• Has a sense of urgency, sometimes extreme
• Has penalties associated with not acting quickly, and can escalate into threats, or has the promise of great reward if instructions are followed
• Requires you to perform an action like clicking a link and entering a username, password, or sending a money order

What You Can Do To Protect Yourself:

• Never give your Online Banking username or password to anyone
• Add an extra layer of account protection and quickly identify potentially fraudulent transactions with DCCU’s Automated Fraud Alerts. Verify or add your mobile number within Online Banking to ensure you are enrolled.
• Turn on Multi-Factor authentication on email and other accounts

Red flags:

• When selling something online and you receive a money order or check for more than the sales price of the item
• A job, email, or phone call that requires you to give your online or mobile banking username and password in order to receive funds or for any other reason
• A person requests that you receive one form of money and then send it somewhere else as another form
• You receive an email that indicates you need to do something immediately in order to avoid something bad happening
• You receive an email notifying you of a package delivery you aren’t expecting, containing a link that prompts you for some type of username and password, or requires you to pay funds in order to receive it

Social Engineering is on the rise. Tactics will continue to evolve and become more sophisticated. When faced with urgent situations described above, use it as a trigger to stop and think; and when in doubt, ask someone knowledgeable.

Elder Financial Abuse

Elder Financial Abuse is the improper use of an older person’s funds or property. This abuse can be perpetrated by people they know, or people they don’t know and it can happen in many different ways.

Here are some warning signs:

• Depleted bank accounts
• Increase in bank fees
• Unpaid bills
• New acquaintances
• Missing possessions
• Loans being moved to collections
• Out of the ordinary cash withdrawals and transfers
• Sharp increase in spending habits
• Sudden liquidation of assets

Exploiting the Coronavirus: Smishing Violation!

Governments across the globe have created restrictions to help reduce the spread of Coronavirus. These regulations change often and vary by country, region, and city. So knowing exactly what is expected of you can be a challenge. It’s no surprise that the bad guys are taking advantage of this confusion!

Cybercriminals are using text messaging, or short message service (SMS), to pose as a government agency. The message says you have been seen leaving your home multiple times and as a result you are being fined. They urge you to click on their official-looking link to pay this “fine” online. If you click the link, you’ll be taken to a payment page where you can give your credit card details directly to the bad guys!

This tactic is known as “Smishing” (SMS Phishing). Smishing can be even more convincing than email phishing because criminals know how to spoof their phone number to appear as though they’re calling from an official source. Be careful!

Here’s how to stay safe from this smishing attack:

• Think before you click. The bad guys want to get under your skin. Not only does this message accuse you of ignoring regulations, but it also claims you have to pay a fine! Don’t give in to this tactic.
• Never trust a link in an email or text message that you were not expecting. Instead of clicking the unexpected link, open your browser and type in the official URL of the website you wish to visit.
• Stay informed during this confusing time by following local news, government websites, and other trusted sources.

Exploiting the Coronavirus: “PANDEMIC IS WITHIN, BEWARE!”

During this storm of COVID-19 phishing scams, the bad guys love posing as your trusted Human Resources department. One recent HR scam started with an overdramatic subject line: “COVID-19 PANDEMIC IS WITHIN, BEWARE! WARNING!!!” In a mess of run-on sentences, the email claims that some of your co-workers have tested positive for Coronavirus. Keeping with the HR theme, they ask that you do not discriminate against these people and they suggest that “everyone should rather cease panic”.

The email does not identify anyone by name, but asks you to download an attached photo of the infected employees. This attack targets your natural curiosity. Who could it be? Wasn’t Bill coughing last week? I just have to know! If you were to download the attachment, you would find that it is actually a piece of malicious software designed to quietly steal data through your organization’s network. Don’t be fooled!

Remember these tips:

• Watch for sensational words like “BEWARE” and “WARNING!!!” The bad guys want you to panic.
• Be wary of emails with spelling or grammatical errors, especially when it supposedly came from a reputable source.
• When questioning the legitimacy of an email sent from someone in your company, give them a call! One quick call could save your organization from a potential data breach.

Exploiting the Coronavirus: Is the CDC Closing Your Facility?

As the COVID-19 pandemic rages on, the bad guys find increasingly creative ways to weaken your defenses. The newest phishing trend is an email that appears to be from the CDC (Centers for Disease Control and Prevention). The email has an intense subject line: “NOTICE OF CLOSING YOUR FACILITY AND DISINFECT NG THE AREA – BY NCDC WH 20982 COV-19 Due To Recent Corona Virus COVID-19 Pandemic.”

You’re instructed to download an attachment which is supposedly a letter from the CDC claiming that they will close your facility. If you download the file, you’d find that it is actually a malicious program designed to gain access to your company’s sensitive information. Don’t be tricked!

How to beat the bad guys:

• Think before you click. These malicious actors are playing with your emotions and this threat relies on panicked clicking.
• Never click a link or download an attachment from an email you weren’t expecting. Remember, even if the sender appears to be a legitimate organization, the email address could be spoofed.
• If you receive a suspicious email that claims to be from an official organization such as the CDC or WHO (World Health Organization), report the email to the official organization through their website.

Exploiting the Coronavirus: Fear of Infection

The newest Coronavirus-themed phishing attack may be the most ruthless yet. The cybercriminals are sending emails that appear to be from a hospital and warn that you have been exposed to the virus through contact with a colleague, friend, or family member. Attached to the email is a “pre-filled” form to download and take with you to the hospital. Don’t be fooled. The attachment is actually a sophisticated piece of malware. This threat relies on panic and fear to bypass rational thinking. Don’t give in!

Remember to stay vigilant:

• Think before you click. The bad guys rely on impulsive clicking.
• Never download an attachment from an email you weren’t expecting.

Even if the sender appears to be from a familiar organization, the email address could be spoofed.

Working From Home? Don’t Fall for This “Phony” Call

The Coronavirus Disease 2019 (COVID-19) pandemic has caused a massive shift in the number of employees who are working remotely. From a cybercriminal’s perspective, this is a perfect opportunity for their social engineering scams.

One scam involves cybercriminals calling you and posing as support personnel from the companies or services that your organization may be using to allow you to work remotely. Typically, the caller will try to gain your trust by stating your job title, email address, and any other information that they may have found online (or on your LinkedIn profile). Then, the caller claims that they will send you an email that includes a link that you need to click for important information. Don’t fall for this scam!

Remember the following to help protect yourself from these types of scams:

• Never provide your personal information or work information over the phone unless you’re the one who initiated the call.
• Scammers can spoof any number they’d like. Therefore, even if a call looks like it’s coming from a legitimate source, it could be a scam.
• If you receive this type of call, hang up the phone immediately and notify the appropriate team in your organization.

Safeguard Your Personal Data During the 2020 Census Season

It’s that time again. Every 10 years, United States residents are required to respond to the Census survey. The primary purpose of the census is to provide a count of every member of the U.S. population.

By law, each household is required to complete the census survey. From a cybercriminal’s perspective, this is a perfect opportunity for their social engineering scams. Scammers might send emails or other messages that appear to come from the U.S. Census Bureau, or they might even pose as official Census Bureau workers and show up at your door!

This census season, keep the following tips in mind so you can safeguard your household’s sensitive information:

• If you receive an email to complete the 2020 Census survey, delete it! The U.S. Census Bureau will only send the official survey notification by mail, or if your survey response is late, an official Census Bureau worker may come to your home to ensure you have received the census.
• If a Census Bureau worker visits your home, verify that they are who they claim to be. A valid ID badge should have the worker’s photograph, a U.S. Department of Commerce watermark, and an expiration date. If you’re still unsure, call your Regional Census Center and speak with a Census Bureau representative.
• Remember, the Census Bureau will never ask for the following: your Social Security number, your bank account or credit card numbers, anything on behalf of a political party, donations, or money.