Protecting you and your identity
What to do if you suspect fraud
Take the following steps immediately if you think your personal information has been compromised.
- Call your bank and credit card issuers immediately so that the necessary steps can be taken to protect your accounts.
- File a police report and call the fraud unit of the three credit-reporting companies.
- Consider placing a victim statement in your credit report and a fraud alert on your account.
- Keep a log of all the contacts you make with authorities regarding the matter. Write down names, titles, and phone numbers in case you need to re-contact them or refer to them in future correspondence.
- Contact the FTC’s ID Theft Consumer Response Center at 1-877-ID THEFT (1-877-438-4338) or gov/idtheft.
Take an active role in safeguarding
It is our top priority to protect your information and we encourage you to help us. By following these 6 steps, you can take an active role in safeguarding your information.
- Create complicated passwords
Avoid using birthdays, social security numbers, pet names, other personal information, and simple passwords like ‘12345’. Use capital letters, numbers, and symbols to make your password strong. For example, take the word ‘complicated’. Rather than using that word exactly how it appears, incorporate our tips to create ‘c0mPlic@t3d’.
- Change your passwords
It is recommended that you change your passwords regularly. Set a reminder to notify you to create new passwords at least three times a year.
- Keep your confidential information confidential
Friendly theft—theft by someone the victim knows—is the most common type of identity theft or fraud. Do not share your passwords with family members, friends, or colleagues. Be mindful of who has access to your personal information. Additionally, you should avoid using automatic sign-in features that remember your login credentials. That way, no one can access your information if your device is stolen or lost.
- Review your accounts
Check your account activity and online statements often instead of waiting for the monthly statement. You’re the best person to detect fraudulent transactions because you’ll be able to recognize a charge you didn’t make. If you notice unusual or unauthorized activity, notify your bank right away. When a customer reports an unauthorized transaction in a timely manner, the bank will cover the loss and take measures to protect the account. Take advantage of account alert features that notify you of changes and/or transactions.
- Stay alert online
Be sure your computers and mobile devices are equipped with up-to-date anti-virus and malware protection. Never give out your personal financial information in response to an unsolicited email no matter how official it may seem. We will never ask for your passwords, PIN, or account information via email. Only open links and attachments from trusted sources. When submitting financial information on a website, look for the padlock or key icon at the top or bottom of your browser. Before submitting information make sure the Internet address begins with “https.” This signals that your information is secure during transmission. If making changes or transactions online, close unnecessary browser windows. Also, do not use public or other unsecured computers and devices to access your personal information. Never leave a computer or device unattended while accessing your data. Check your web browser security and privacy settings to select and confirm the appropriate level of safety. Clear your cached web history before logging in to your accounts.
- Mobilize your defenses.
Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen. Before you donate, sell, or trade your mobile device; be sure to clear or wipe the data from the device by using specialized software or using the manufacturer’s recommended technique. Purchase software and/or apps that allow you to wipe your device remotely if it is lost or stolen. Use caution when downloading data. Never download data from a source you do not recognize as secure.
Online Fraud prevention best practices & controls
- Whenever possible, use Bill Pay instead of checks to limit account number dissemination exposure and to obtain better electronic record keeping.
- Whenever possible, register your computer to avoid having to re-enter challenge questions and other authentication information with each login.
- An FBI recommended best practice is to suggest that users dedicate a PC solely for financial transactions (e.g., no web browsing, emails, or social media).
Tips to Avoid Phishing, Spyware and Malware
- Ensure computers are patched regularly, particularly operating system and key applications.
- Install a dedicated, actively managed firewall, especially if using a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to your network and computers.
- Be advised that you will never be presented with a maintenance page after entering login credentials. Legitimate maintenance pages are displayed when first reaching the URL and before entering login credentials.
- Online Banking does not use pop-up windows to display login messages or errors. They are displayed directly on the login screen.
- Online Banking never displays pop-up messages indicating that you cannot use your current browser.
- Online Banking error messages never include an amount of time to wait before trying to login again.
- Be advised that repeatedly being asked to enter your user ID or password are signs of potentially harmful activity.
- Being asked challenge questions if your computer was previously registered is a sign of potentially harmful activity.
Setting Account Alerts
Customizing your alerts specifically to your preferences can be accomplished quickly. Start by logging in to your online banking account and selecting ‘Customer Service’ from the dashboard menu. Under this menu, you can manage a variety of options and review your account information. To change your alert notifications, select ‘Manage Alerts’ under ‘Contact Options’.
Following is a list of the types of alerts that you can set.
|Change password||Manage Contact Information|
|Change User ID||Manage Mobile Banking Settings|
|Change Address||Change Statement Delivery Method|
|Customize Accounts||Change ATM/Debit Card Overdraft|
|Stop a Check||View Stopped Checks|
|View Messages||Contact Us|
|Service Agreement||Privacy Statement|
Currently, your default alert settings are set to notify you when the following actions take place:
User ID Change
External Account Added
New Payee Added
Phone Number Change
Email best practices
Most security breaches result from malware introduced into a computer or network, or by using personal, confidential information (e.g., passwords, tax identification numbers, bank account information) gleaned using social engineering techniques. Since fraud perpetrators frequently use email for these purposes, email best practices represent a critical first line of defense. Following are best practices all email users should follow:
- Do not assume an email is legitimate based on the sender information. This information is easily copied and embedded in documents.
- Be careful of email addresses received from public email addresses (e.g., gmail.com, yahoo.com). Most large organizations do not use public email addresses.
- Corporate logos can also be easily copied and embedded in documents. Do not assume an email is legitimate just because you recognize a logo.
- If you question the validity of an email, contact the sender through another channel, such as a phone number, that is from another source. Never verify a sender with other contact information contained within the same email.
- Offers that appear in the subject line or body of the email that appear to be too good to be true are likely fraudulent.
- Offers that are time sensitive, asking for you to respond immediately or suggest penalties for not doing so, are likely fraudulent.
- Consider twice before clicking on embedded links in emails. These are sometimes used to download malware onto your computer. See “Understanding internet addresses” below for details on identifying potentially dangerous links.
- Attachments are another way that malware can be downloaded onto your computer. Do not open attachments in emails that you are not expecting.
- Spelling and grammatical errors are usually another indication that an email may not be legitimate.
- Never respond to an email requesting confidential information, or through a phone number provided within the email. Reputable companies will never ask for this type of information through email.
- Forms embedded in an email are never secure. Do not fill out a form embedded in an email.
Understanding Internet addresses (URLs)
Internet addresses, or URLs, identify the website where you will be taken when you click on it. Before clicking on any link embedded in an email it’s a best practice to hover or long press over the link to view the address behind the link. You should not click on the link if the address cannot be viewed. Also be careful to make sure the address is correct even if you think you recognize it. Perpetrators often create a slight misspelling in the URL that misleads you to believe it is legitimate.
Here’s how Internet addresses are formatted:
- The part of the URL between the “https://” and the next “/” is known as the domain.
This controls where the link takes you.
- A domain can consist of multiple sections:
The area immediately proceeding the first “/” (fakelogin.net), represents the actual domain name. The area appearing before this section (rbankchicago.), is referred to as the sub-domain. If you click on the link you would be taken to fakelogin.net, not rbankchicago. Therefore you must make sure the URL is accurate and that it is located properly in the URL.
- Sometimes recognizable information will appear to the right of the first “/”, however, as always, the domain is indicated by the information preceding the first “/”.
If you are ever in doubt about the validity of a URL, enter the domain name associated with the site you wish to validate into an Internet search engine, such as Google or Yahoo. When you view the search results, the first result should precisely match the domain name you entered. If this is not the case, you should not click on the link. Also consider the following:
- If the domain consists of a series of numbers, then it is not easily identifiable. Avoid these domains.
- If you doubt the legitimacy of a domain name, contact the sender through another channel, not listed within the email.
- Utilize information system professionals to help you safeguard your computer and network.