Consumer Alerts

Fraud Alerts

If you believe that you are receiving fraudulent or phishing e-mails or something similar by someone claiming to be from Flagship Bank Minnesota, please notify us at 952-944-6050.

Protecting yourself from Online Banking Fraud

The online banking industry has seen an increase in fraudulent activity over the last several months. With key loggers, virus attacks and phishing scams becoming more prevalent, are you doing all you can to protect yourself from becoming a victim of fraud? For the past several years, there has been a lot of focus on identity theft. While very serious and very damaging, there are many other ways that the “bad guys” can wreak havoc on your life and your finances.  Services like the ones available from the three major credit reporting agencies and many other companies offer protection against other people establishing credit or identities using your Social Security number.  These services are very valuable and worthwhile, but true identity theft is not the only threat out there in these digital times.

Many cyber criminals, also referred to as fraudsters, don’t want to steal your identity in the traditional sense.  They don’t want to get a credit card or a mortgage or a checking account in your name and live their life off of your good credit history. They simply want to take your money and move on to the next victim.  While most companies that do business on the Internet, including financial institutions, are very diligent in providing online protection for their customers, the first line of defense is knowledge about what you, the end-user, can do to protect yourself – an electronic way of “Looking out for Number One.”  The two most prevalent types of fraud, “Keylogging” and “Phishing”, occur from viruses on your computer. In both cases, the end result is the fraudster capturing your login credentials.

Keystroke Logging or Keylogging:

Keylogging is a method by which fraudsters record your actual keystrokes and mouse clicks.  Keyloggers are “Trojan” software programs that target your computer’s operating system (Windows, Mac OS, etc.) and are “installed” via a virus.  These can be particularly dangerous because the fraudster has captured your user ID and password, account number, Social Security number – and anything else you have typed.  If you are like most other users and have the same ID and PIN/Password for many different online accounts, you’ve essentially granted the fraudster access to any company with whom you conduct business.  After all, they’ve got your login credentials so they appear to be a valid user.

Here are some ways you can prevent yourself from being a victim of keystroke logging:

  • Use Anti-Virus Software. This is the single most important thing you can do to protect your computer from viruses. There are many on the market today – some cost money while others are free.  If you opt to use a free version, make sure it is being offered by a reputable company and do research on the company and its product before installing.
  • Keep your Operating System up-to-date with the latest security patches.

Phishing

Phishing is a scam where Internet fraudsters request personal information from users online.  These requests are most commonly in the form of an e-mail from an organization with which you may or may not do business.  In many cases, the e-mail has been made to look exactly like a legitimate organization’s e-mail would appear complete with company logos and other convincing information.  The e-mail usually states that the company needs you to update your personal information or that your account is about to become inactive, all in an effort to get you to click the link to a site that only looks like the real thing.  If you click on the link to go to the phony website and enter all of your information, you’ve just been the victim of a phishing attack.  The fraudsters have just captured all the necessary information to access your accounts online.  No reputable business will ever e-mail you requesting that you update your personal information, including account numbers, system passwords or Social Security numbers via a link to their site.

Follow these guidelines to protect yourself from phishing scams:

  • Never click on a link from a business requesting that you provide them with personal information.
  • Pay close attention to the URL (Internet address) behind the link. Often in phishing attempts, if you hover the cursor over the link the fraudsters want you to click on, it has nothing to do with the actual company they claim to be.
  • If your Financial Institution uses watermarks or personal images, do not log in unless you see the correct image on the screen.
  • We encourage you to contact your financial institution or merchant if you suspect any of your accounts may have been involved in a phishing attempt.

If you are unsure that the request is valid, open a new Internet session and manually key in the business’ web address. If the business genuinely needs information from you, they will have you log in to your online account to see the request.  In most cases, you’ll just be greeted with a message indicating that the business will never e-mail you requesting personal information. 

What should I do to protect myself from fraud?

  • Change your passwords often. Even if your financial institution doesn’t require it, it is a good practice to change your passwords at least every six months. An easy way to remember: change them when you change your clocks to adjust for Daylight Savings Time.
  • Don’t use the same ID and PIN/Password for every online account you have.
  • Never disclose your login credentials to other people or companies.
  • Do not store your ID and Password information where others could gain access to it.   It is best not to write the information down at all.
  • Do business with a financial institution that offers two-factor authentication for accessing your information online.
  • If offered by your financial institution, take advantage of hard- or soft-tokens, which provide a unique one-time-use password each time you access your account.  This is especially important for business accounts with multiple users.
  • If accessing information via a wireless network, ensure that the network is secure.  Accessing sensitive information (or any website) over a non-secure network simply leaves the door open for criminals. Even if you aren’t visiting a site where you enter an ID and password, you are still leaving your computer exposed to possible threats.

While nothing is foolproof, and new viruses and scams are being developed every day, following these guidelines as well as having a general awareness of the threats that are out there enables you to bank online with more peace of mind and less risk of being a victim of fraud.

Other Helpful Tips

  • Install a consumer firewall/router to protect your home network and never connect your computer directly to your cable modem.  There are many qualified vendors who provide choices so check with your computer specialist for one that’s right for you.
  • Do not use the default password or default settings for your firewall.  If unsure how to configure and secure the firewall correctly, use the services of a professional.
  • Make sure you have an anti-virus solution installed on each computer.  Ideally, use a software package that includes anti-virus, software-based firewall, anti-spyware, anti-malware and anti-phishing.
  • Always keep your desktop security services software up to date including the latest releases of the software itself as well as updated virus definition files.
  • Be wary when opening email from people that you do not know.
  • Do not click on random pop-ups when browsing the Internet.
  • Change your passwords on a regular basis and do not use the same user id and password for every account.
  • Choose “strong” passwords that include mixed-case letters, numbers, and valid symbols (e.g. underscore or dash).
  • Run Windows (or Mac) update processes on a regular basis to keep up with the latest security fixes and patches.
  • Be wary of any offer that seems too good to be true or one that asks you to provide any personal information.  Most companies will not ask for personal information (e.g. credit card numbers, Social Security numbers, account numbers, etc.) through email.

FDIC Consumer Alerts
FDIC Consumer News and Information
FDIC Consumer Protection
Health Insurance Marketplace Fraud
IRS Tax Scams/Consumer Alerts
Federal Trade Commission Scam Alerts
Minnesota State Department of Financial Institutions

Join us on FacebookIcon for: Facebook Widget

Subscribe To Our Mailing ListIcon For: Online Banking