September 2009:

SMiShing Attacks (also known as text phishing)

There have been recent reports of SMiShing attacks (also known as text phishing), which have impacted cardholders of financial institutions located primarily in the eastern region of the U.S.

As you may know, SmiShing is a type of social engineering that uses cell phone text messages to persuade victims to provide personal information such as card number, CVV2, and PINs. The text message may contain either a website address or more commonly, a phone number that connects to an automated voice response system, which then asks for personal information.

The following are examples of SMiShing messages recently sent to cardholders:

• Text message originating from either notice@jpecu or message@cccu:
• ABC CU- has- deactivated-your-Debit_card. 
  To-reactivate-contact:210957XXXX
• This is an automated message from ABC Bank. Your ATM card has been suspended. To reactivate call urgent at 1-866-215-XXXX
• Text message originating from sms.alert@visa.com:
• sms.alert@visa.com/VISA. (Card Blocked) Alert. For more information please call 1-877-269-XXXX.

Remember, NEVER give out any personal or account information unless you are certain the communication is legitimate.

Jan. 2009:

Check/ATM Cardholder
Telephone Scam ALERT

We wanted to alert you to a recent fraud scam that has been reported by other banks!

Financial institutions are reporting that their Cardholders have received computer-generated calls claiming to be from their financial institution. The calls claim their accounts have been frozen and then direct the cardholder to call a toll free number to leave their check card information in order to reactivate the card(s). The toll free number includes a recorded message that asks the customer to key in their account number, card expiration date and PIN. This is a SCAM!

Remember: Putnam Bank does NOT request account information by phone, email or initiate computer generated calls to verify personal information!

Here are some tips to protect yourself:

• Verify that a call is legitimate by calling your bank or visit its website, using phone numbers or internet addresses from your bank statement or account documentation. Do not call back a number provided over the phone or click on a link in an email.
• Be altered that most fraud communications will include something designed to concern or excite you.
• If you have been the victim of a scam, file a complaint with local law enforcement and notify your financial institution.
• Notify us immediately at 1-800-377-4424 if you receive any suspicious phone calls or emails pertaining to your bank account(s), Check or ATM Card(s).

Remember, NEVER give out any personal or account information if you did not initiate the call.

____________________________________________________________________

REPORTING FRAUD:

To report a lost or stolen Putnam Bank VISA® check card please call 1-800-472-3272.  In addition, please call Putnam Bank to notify us of your incident during business hours.

Think your identity has been stolen; here is what to do now:

1. Contact the fraud departments of any one of the three major credit bureaus to place a fraud alert on your credit file. The fraud alert requests creditors to contact you before opening any new accounts or making any changes to your existing accounts. As soon as the credit bureau confirms your fraud alert, the other two credit bureaus will be automatically notified, and all three credit reports will be sent to you free of charge.

• TransUnion: 800-916-8800 or www.transunion.com
• Equifax:  800-685-1111 or www.equifax.com 
• Experian:  888-397-3742 or www.experian.com

2. Close accounts that you know or believe have been tampered with or opened fraudulently. Use the ID Theft Affidavit (PDF) when disputing new unauthorized accounts.

3. File a police report. Get a copy of the report to submit to your creditors and others that may require proof of the crime.

4. File your complaint with the Federal Trade Commission (FTC). The FTC maintains a database of identity theft cases used by law enforcement agencies for investigations. Filing a complaint also helps the FTC gather more information about identity theft and the problems victims are having. For more information, go to: http://www.consumer.gov/idtheft/.

MORE RESOURCES:

FBI Site:  http://www.ic3.gov

Federal Trade Commission Laws:  http://www.ftc.gov

The National Fraud Information Center:  http://www.fraud.org

Better Business Bureau Quiz:  http://www.javelinstrategy.com/IDSAFETYQUIZ.htm

CERT:  http://www.cert.org

____________________________________________________________________

HOW WE PROTECT YOU:

How Putnam Bank safeguards you:

• Secure Login
• Login Attempts
• 128- Bit SSL Encryption
• Internal Systems Encryption
• Digital Certificates
• Browser Requirements
• Automated Time Out
• Use of Firewalls
• Third Part Verification
• Secure Sessions
  • Authentication
  • Encryption
  • Data Integrity
• Enhanced Login Security

TYPES OF ONLINE FRAUD:

• Email and fraudulent websites
• Spyware and Viruses
• Pop-up Advertisements

Phishing:  is the act of seeking information is a sly or indirect way.  Often a spoofed email is used as bait to lure someone to an imitation of a legitimate site.  If they fall for the bait and believe the fake Web page to be authentic then the phishing expedition has been a success.

Spoofing:  A spoof refers to a hoax or imitation, as a verb it means to deceive.  A spoofed email is a deception, as it appears to have come from a trusted source.  The individual performing the spoof will use an email address similar to that of a trusted source, or they will change the header information of the email so that it appears as though the trusted source is the sender.  A spoofed website is an imitation site that uses the exact graphics, colors and layouts from the trusted site it is trying to replicate.

____________________________________________________________________

HOW TO PROTECT YOURSELF:

You play a crucial role in preventing others from logging on to your account. Never use easy-to-guess passwords. Examples:

• Birth dates
• First names
• Pet names
• Addresses
• Phone numbers
• Social Security numbers

Never reveal your password to another person. You should periodically change your password in the User Option screen of online banking.

PREVENT IDENTITY FRAUD:

• Protect Your Accounts
• Report lost or stolen checks and / or ATM/Debit cards immediately
• Store new and cancelled checks safely
• Question suspicious emails or phone inquires
• Guard your ATM and Online Banking information
• Prevent Identity Theft
• Don’t’ give out financial information online or over the phone
• Shred unnecessary financial documents
• Promptly retrieve incoming mail
• If regular bills or statements stop reaching you, take action
• Don’t ignore suspicious charges
• Don’t write personal information on checks
• Don’t carry your Social Security card in your wallet

SAFE COMPUTING PRACTICES:

• Anti-Virus Software
• Firewall
• Encryption
• Passwords
• Software Updates
• Log-Off

Tips to preventing Identity Theft as provided by the Office of Thrift Supervision.  Click here to view.
More tips for protecting yourself offered by the Attorney General's Office. Click here to view