Security Tips

Bank Security

It is the policy of HomeTown Bank of Alabama to protect your information to the best of our ability. Thieves will stop at nothing to get your personal information and card data. Their scams can be clever, but not clever enough, if you know how they work and how to avoid them. We’ve highlighted a few of the ways fraudsters and identity thieves try to get your information.

Cybersecurity is Key

When cybersecurity is inadequate, it can lead to stolen identity and financial loss. Most scams and scammers have two main goals–to steal your money and your identity. You should know what to look for, how they work, and what to do, so you can protect yourself and your finances.

Maintaining cybersecurity is very important, even for consumers. It is not simply something that concerns large corporations and other businesses. Here are some steps you can take:

• Do not open emails from people you don’t know. If you are unsure whether an email you received is legitimate, try contacting the sender directly via other means. Do not click on any links in an email unless you are sure it is safe.
• Be careful with links and new website addresses. Malicious website addresses may appear almost identical to legitimate sites. Scammers often use a slight variation in spelling or logo to lure you. Malicious links can also come from friends whose email has unknowingly been compromised, so be careful.
• Secure your personal information. Before providing any personal information, such as your date of birth, Social Security number, account numbers, and passwords, be sure the website is secure.
• Stay informed on the latest cyber threats. Keep yourself up to date on current scams.
• Use Strong Passwords. Strong passwords are critical to online security.
• Keep your software up to date and maintain preventative software programs. Keep all your software applications up to date on your computers and mobile devices. Install software that provides antivirus, firewall, and email filter services.
• Update the operating systems on your electronic devices. Make sure your operating systems (OSs) and applications are up to date on all your electronic devices. Older and unpatched versions of OSs and software are the target of many hacks.

Thieves are always looking for the latest and greatest way to obtain your information. Here are a couple of scams that are trending now:

Money Mules

Scammers use people as “money mules” to receive or move money obtained from victims of fraudulent activities. Scammers proactively recruit people to be part of fraudulent activity without their knowing it. If a stranger asks you to open a bank account, or asks for access to your bank account or debit card, be extremely guarded. A scammer may ask you to move money and direct you to deposit funds into your bank account, or ask you to purchase virtual currency or gift cards for someone else’s benefit. In these scenarios, you may be unknowingly hiding someone else’s money for them. Be very cautious if a stranger asks you to receive or forward packages containing money or goods, which may also be part of a similar fraudulent scheme.

Online Dating

Romance scammers, as they are often called, create fake profiles and try to develop relationships with their targeted victims through online dating apps or social networking websites. Once the relationship develops and they have earned your trust, the scammer makes up a story and asks for your money. Be aware that scammers are lurking in these areas, so you can keep yourself and your money safe.

Impostors

Impostor scams are when a scammer pretends to be someone you know or trust to convince you to send them money.  These scams are communicated through emails, phone calls, letters, text messages, faxes, and social media. The messages might ask you to “confirm” or “update” confidential personal financial information, such as bank account numbers. In other cases, the communication might be an offer to help victims of current or previous frauds with an investigation or to recover losses. Some scams request that you file official looking forms, such as insurance claims, or pay taxes on prize winnings. They might claim that you have an unpaid debt and threaten you with a lawsuit or arrest if you don’t pay. Other recent examples include check endorsements, bankruptcy claimant verification forms, stock confirmations, and investment purchases.

Mortgage and Foreclosure Scams

Watch out for scammers who falsely claim to be lenders, loan servicers, financial counselors, or representatives of government agencies who can help with your mortgage. These criminals prey on vulnerable, desperate homeowners.

Foreclosure scams usually come from multiple advertisements stating that a company wants to save you from foreclosure. This scam allows fraudsters to take the equity out of your home. They may even try to evict you from your home and sell it.

Ransomware

One cyber threat often discussed in the news is ransomware. Typically, this scam targets businesses, not individuals. Ransomware is a type of malware created to lock or encrypt files on an electronic device like a smart phone or computer. The sender of the ransomware then demands a ransom in exchange for unlocking or decrypting the information on your electronic device. The scammer typically threatens to publicly disclose or sell the compromised information, if the ransom is not paid.

Check Fraud

Although the use of checks is decreasing as a payment method, check fraud has grown exponentially in recent years.  Below are some measures to take to help prevent you from falling victim to check fraud.

• Protect Your Checks
  • Secure your checkbook: Store checks in a locked, safe place and shred any unused checks when closing accounts.
  • Mail securely: Promptly remove mail from your mailbox and use secure drop boxes for outgoing payments.
  • Review statements: Check account statements regularly for unauthorized transactions. 
• Spot & Verify Fake Checks
  • Be skeptical: Be wary of unexpected checks, especially if the request comes via email or text.
  • Verify the bank: Use the FDIC BankFind tool to confirm the bank’s legitimacy.
  • Call the bank directly: Look up the bank’s official phone number (not from the check) and ask them to verify the check’s authenticity.
  • Look for red flags: Watch for poor grammar/spelling, unusual check designs, or if the check is for a new account with a high amount. 
• Strengthen Digital Security
  • Use strong passwords & alerts: Create complex passwords and enable mobile banking alerts.
  • Secure devices: Keep antivirus/firewall software updated and avoid unsecured Wi-Fi for banking.
  • Be careful with links: Don’t click links or scan QR codes from unknown sources. 
• Consider Safer Alternatives
  • Use electronic payments: Opt for direct deposit, pre-authorized payments, or bank bill pay services over mailing checks. 
• What to Do If Scammed
  • Report it: Notify your bank immediately and report the scam to relevant authorities. 

Fake Check Scam

Fake check scams always involve someone giving you a genuine‐looking check or money order and asking you to wire money somewhere in return. After you deposit or cash the check or money order and send the money, you learn that it was phony. Now the crook has the money and you owe it back to your bank.

Elder Abuse

Financial fraud is the fastest growing form of elder abuse. Broadly defined, financial elder abuse is when someone illegally or improperly uses a vulnerable senior’s money or other property. Most states now have laws that make elder financial abuse a crime and provide ways to help the senior and punish the scammer. Elder financial abuse is tough to combat, in part because it often goes unreported. You can protect yourself or your loved ones from financial elder abuse by becoming familiar with the most common scams and learning what to do if you suspect foul play. Common scams are:

• Telemarketing or mail fraud. Scammers also use the phone to sell seniors goods that either never arrive or are worthless junk.
• Getting unauthorized access to funds. In “Romance Scams,” alleged suitors woo older people, convincing them that love and care are their motivations for being included on bank accounts or property deeds; the suitors usually disappear along with the property.
• Charging excessive amounts of money. Smooth‐talking scammers first convince seniors that they need some goods or services, and then seriously overcharge them, often hiding the high cost in extravagant schemes involving interest and installment payments. This tactic is often used for products that many older people might find essential to their quality of life, such as hearing aids and safety alert devices.

Phishing

Phishing is when fraudsters pretending to be from well‐known companies, organizations, or government agencies contact consumers and try to trick them into revealing their personal information. That information is then used to commit fraud like opening new accounts in your name or taking over existing accounts like online banking. It can happen over the phone, on email or even through text messages. Protect yourself with these quick tips:

• Be on your toes. Only open emails, attachments, and links from people you know.
• Don’t believe what you see. It’s easy to steal the colors, logos and the header of an established organization and make emails appear legitimate.
• Avoid sharing. Don’t reveal personal or financial information in an email, text or over the phone.
• Pay attention to a website’s URL. Hover over any links to see where they lead.

Email

HomeTown Bank of Alabama does not contact customers via email requiring you to install software or requesting you provide personal information such as a PIN or passwords.

• Consider all email requests for personal information to be suspicious
• Do not respond to such emails or enter information on questionable websites
• Report suspicious emails or websites to HomeTown Bank of Alabama at 205‐625‐4434

Business Email Compromise

Business email compromise (BEC) is a type of phishing scheme in which an attacker impersonates a high‐level executive and attempts to trick an employee or customer into transferring money or sensitive data. This crime is particularly stealthy because it employs social engineering techniques to manipulate users.

The scenario often plays out like this: An email arrives that appears to be from a high‐level executive within the company — or even a business partner or company attorney. Since the email address has been spoofed, it appears to be legitimate. A request for a wire transfer is included in the email, which urges the recipient to take immediate action.

To keep these threats at bay, it is important to train all employees how to recognize potentially malicious emails.

Corporate Account Takeover (CATO)

Corporate Account Takeover occurs when a criminal obtains electronic access to your bank account and conducts unauthorized transactions. The criminal obtains electronic access by stealing the confidential security credentials of your employees who are authorized to conduct electronic transactions (wire transfers, Automated Clearing House‐ACH, and others) on your corporate bank account.

There are several methods being employed to steal confidential security credentials. Phishing mimics the look and feel of a legitimate financial institution’s website, e‐mail, or other communication. Users provide their credentials without knowing that a perpetrator is stealing their security credentials through a fictitious representation which appears to be their financial institution. A second method is Malware that infects computer
workstations and laptops via infected e‐mails with links or document attachments. In addition, malware can be downloaded to a user’s workstation or laptop from legitimate websites, especially social networking sites. Clicking on the documents, videos, or photos posted there can activate the download of the malware. The malware installs key‐logging software on the computer, which allows the perpetrator to capture the user’s ID and password as they are entered at the financial institution’s website.

What can business customers do to protect themselves (best practices)?

• Education is Key – Train your employees
• Implement dual controls for high‐risk online functions
• Secure your computer and networks

The Bank will NEVER ask for sensitive information, such as Account Numbers, Access IDs, or Passwords via e‐mail.

Incident Response Plans
Since each business is unique, customers should write their own Incident Response Plan. A general template would include:

• The direct contact numbers of key bank employees (including after‐hours numbers);
• Steps the accountholder should consider to limit further unauthorized transactions, such as:
  • Changing passwords;
  • Disconnecting computers used for Internet Banking;
  • Requesting a temporary hold on all other transactions until out‐of‐band confirmations can be made;
  • Noting information the accountholder will provide to assist the bank in recovering the accountholder’s money;
  • Contacting their insurance carrier; and
  • Working with computer forensic specialists and law enforcement to review appropriate equipment.

Retail/ATM

Accepted across the world, more convenient and safer than cash, payment cards have transformed how we shop and bank. But thieves may try to steal your card information and use it for unauthorized charges. Make sure you make these transactions in ways that reduce your risk of fraud. To help stop retail/ATM fraud, remember:

• Review receipts before you sign
• Monitor your statements
• Keep copies of ATM and sales receipts for your records
• Be aware of your surroundings
• Guard your PIN from “shoulder surfing”
• Report missing cards immediately

ATM Skimming

Automated Teller Machine or ATM skimming is a fraud scheme to steal personal information from ATM users. A skimmer is a piece of equipment which is installed by scammers on the ATM or wherever cards are swiped like gas stations to read a cardholder’s electronic account information stored on the magnetic stripe on the back of the card when the card is inserted into the skimming device.

Below are a few precautions you can take to help prevent you from falling victim to ATM Skimming:

• Familiarize yourself with the look & feel of your bank’s ATM
• Inspect the ATM for unusual or non‐standard appearance
• Is there anything unusual (card reader, area above the screen)?
• Report any unusual appearance immediately to HomeTown Bank of Alabama at 205‐625‐4434
• Always use your hand to shield your PIN when entering it

Mail and Phone

Fraudsters can send official‐looking letters or pose as representatives from HomeTown Bank of Alabama, other financial institutions/credit accounts or even charities. If asked to provide your account number or other personal information in the mail or by phone, be wary of fraud. HomeTown Bank of Alabama never calls or writes account holders for personal account information.

At Home

Did you know that half of all identity theft is committed by individuals with legitimate access to your home such as live‐in caregivers, relatives or renovation crews? Home is a safe place, and here are a few tips to help keep it that way:

• Monitor your accounts often
• Check your credit report to make sure it’s correct
• Store important documents securely

Identity Theft

If thieves obtain your driver’s license or Social Security number, they can pretend to be you and potentially open bank accounts, order credit cards, write bad checks and obtain loans. They can also ruin your credit score and make it hard to obtain credit in the future. Identity thieves use a variety of tactics, even “dumpster diving” through your trash for personal information. To help stop identity theft:

• Monitor card and account statements frequently
• Report missing cards immediately
• Install anti‐virus and anti‐spyware software
• Change passwords regularly

Reporting identity theft/fraud
At HomeTown Bank of Alabama we are committed to helping you protect yourself from fraud. If you suspect that you have been a victim of fraud or identity theft it is important to take immediate action. Contact HomeTown Bank of Alabama immediately at 205‐625‐4434. Contact the Federal Trade Commission’s Consumer Response Center at 1‐877‐FTC‐HELP (1‐877‐382‐4357).

Notifying credit bureaus
It is highly recommended that you contact the three national consumer reporting agencies if you believe you have been a victim of identity theft. Ask each agency to place a “fraud alert” on your credit report and to send you a copy of your credit file.

• Equifax – 1‐800‐465‐7166 – www.equifax.com
• Experian – 1‐888‐397‐3742 – www.experian.com
• TransUnion – 1‐800‐680‐7289 – www.transunion.com