Understanding fraud and identity theft
Understanding the different ways in which fraudsters attempt to victimize people via cyber threats will help you avoid becoming a victim.
Identity theft
Identity theft occurs when someone uses your personal information such as your name, Social Security number (SSN) or credit card number without your permission to commit fraud or other crimes. If you suspect that someone has used your information to open accounts with or conduct business at Northrim Bank without your knowledge or authorization, please contact our Call Center.
Phishing
Phishing is a cyber threat by which fraudsters attempt to obtain personal or financial information (account or credit card numbers, SSNs, passwords or other sensitive information) through fraudulent emails, fake websites, text messages or direct phone calls claiming to be a financial institution or another company. Northrim Bank will never contact you via phone or email to request your Online Banking login credentials. If you receive a suspicious message asking you to provide your login credentials or other personal information, you should decline and call our Call Center immediately.
Malware
Malicious software, or “Malware”, includes viruses and spyware that can be installed on your computer, phone or mobile device without your consent. Malware can be used to commit fraud, send spam or even steal personal information. It can download itself during your Online Banking session in an attempt to steal your sensitive data. Be sure to have an up-to-date anti-virus and anti-malware software. As mobile devices have become more frequent targets of malware, there are now anti-malware programs available specifically for cell phones and other mobile devices.
Social media and internet fraud
Be careful about what you post personally and professionally – too much information can help scammers reach their goals. Phishing attempts and unsolicited requests don’t just happen via email. They can also arrive via social media.
As internet fraud is on the rise, be sure you always practice safe web browsing techniques and be cautious about offers received online and through email. If you believe you are a victim of fraud or the recipient of suspicious communication, please contact our Call Center immediately and review our fraud reporting information below.
Take action to protect yourself
Your safety and security are our number one priority. Below are best practices to help guard against unauthorized use of your account and protect your identity.
Physical security
- Shred all statements. One way identity thieves acquire information is through trash-picking. Instead of throwing out bills and credit card statements, ATM receipts, medical statements, or junk mail solicitations for credit cards and mortgages, you should shred all papers with personal information.
- Unless it is legally required, do not give out your SSN. Do not carry your Social Security card in your wallet.
- Limit the information on your checks. Have only your initials printed on them rather than your first and last name. If someone takes your checkbook, they will not know if you sign your checks with just your initials or your first name, but your bank will be aware of how you typically sign your name. Also, if a phone number is printed on your checks, use your work phone number instead of your home phone. If you have a P.O. box, use that instead of your home address. When paying bills, write only the last four digits of your account number in the memo line so that anyone handling the check during processing cannot access your whole account number.
- Make photocopies of both sides of your license, credit cards and other important information in your wallet so you have all your account numbers and phone numbers to call if a problem arises. Keep the photocopies in a safe place.
- Do not sign your credit cards. Instead, write “PHOTO ID REQUIRED” on the back of them.
Computers, mobile devices and email
- Never leave your computer or mobile device logged on or unattended in public.
- Always password protect and lock your computer or mobile device when not in use.
- Do not store financial or personal information on your computer or mobile device.
- Keep the operating system for your computer or mobile device up-to-date.
- Install and set your anti-virus and anti-malware software to update automatically.
- Do not click on links or attachments in an email that seems suspicious.
- Never give out personal information to an unknown source via phone, email, online or text.
- Do not include personal or sensitive data in, or in response to, an email or other online communication.
- Destroy digital data. When you sell, trade or dispose of a computer system, you should take extra steps to ensure the data is destroyed. Deleting the data or reformatting the hard drive may not be enough for tech-savvy thieves who can undelete files or recover data. Use a digital shredding product to ensure that data on the hard drive is destroyed. Before you dispose of a mobile device, check its owner’s manual, the service provider’s website or the device manufacturer’s website for information on how to permanently delete information and save or transfer information to a new device. Remove the memory or SIM card from the device. Also, remove the phone book, lists of calls made and received, voicemails, messages sent and received, organizer folders, web search history and photos.
Passwords & PINs
- Always use secure passwords. A secure password consists of upper and lower case letters and numbers, and should not contain dictionary words, names or birthdates. Do not use your Social Security number (SSN), in full or in part, your birthdate or general number sequence such as 1234 for a password or PIN.
- Do not use the same username or password on any other website or software.
- Never share your password or PIN with anyone.
- Temporary passwords or PINS should be changed immediately.
Web browsing
- Make sure to keep your web browser software up-to-date by installing the most recent version.
- Only allow pop-ups from sites that you authorize.
- Do not give out personal information to blogs, forums and other social networking sites.
- Only make online purchases using secure sites that encrypt your information. To determine if a site encrypts your information look for the locked padlock icon in the browser and "https:" in the address line.
- Never access a website from a link in a suspicious email.
- Access online banking sites by typing the address directly into the browser’s address bar.
- Use caution when logging in to Online Banking from a public computer. Do not enroll additional security on public computers.
- Sign off and close your browser when you finish an online or mobile banking session.
Credit monitoring
- Consider signing up for a credit monitoring service that notifies you when changes are posted to your credit report. This is one of the fastest ways to find out if someone has opened new accounts in your name.
- The federal Fair and Accurate Credit Transactions Act enables you to receive one free credit report per year from each of the three credit bureaus — Equifax, Experian and TransUnion. You do not need to contact the three credit bureaus individually, you can order your free credit reports by phone, (877) 322-8228, online, www.annualcreditreport.com, or by completing the Annual Credit Report Request Form available at ftc.gov/credit and mailing that to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. While reviewing your reports, you should ensure that old accounts are closed and check for any new accounts, aliases and suspicious mailing addresses.
Warning signs of compromised identity information:
- Withdrawals from your bank account that you cannot explain
- Not receiving your bills or other mail
- Merchants refusing your checks
- Debt collectors calling you about debts that are not yours
- Unfamiliar accounts or charges on your credit report
- Medical providers billing you for services you did not use
- Rejection by your health plan of legitimate medical claims because their records show you have reached your benefits limit
- Refusal of coverage under your health plan because your records show a condition you do not have
- IRS notification that more than one tax return was filed in your name or that you have income from an employer you do not work for
- Receipt of notification that your information was compromised by a data breach at a company where you do business or have an account
Actions to take if your identity is stolen
- Contact law enforcement. Report the crime to your local police department (you might also need to report it to the police department(s) where the crime occurred if it’s somewhere other than where you live). Keep the phone number of your investigator handy and give it to creditors and others who require verification of the crime. Credit card companies and banks may require you to show the police report to verify the crime.
- Notify credit bureaus and establish fraud alerts. Immediately report the situation to the fraud department at one of the three credit bureaus — Experian, Equifax or TransUnion. The company you call must tell the other two companies about your alert. Placing the fraud alert means your file will be flagged, and creditors must call you before extending credit. You can place an initial fraud alert for one year and renew it after that year. The credit bureaus can be reached at the following phone numbers:
- File a complaint with the Federal Trade Commission (FTC) for an extended fraud alert. Consumer complaints help the FTC detect patterns of fraud and abuse and can be filed at www.identitytheft.gov. If you have created an Identity Theft Report, you can get an extended fraud alert on your credit file. With an extended fraud alert, you can get two free credit reports within 12 months from each credit reporting company. The credit reporting agencies must take your name off marketing lists for prescreened credit offers for five years unless you ask them to put your name back on the list. The extended alert lasts for seven years.
- You may put a credit freeze on your file to restrict access to your credit report stopping you and others from opening a new credit account in your name; however, this may not stop misuse of your existing accounts or other types of identity theft. You can submit your request online, by phone or by mail and can still get a copy of your free annual credit report if your credit is frozen. To let lenders and other companies access your credit files after the credit freeze, you will need to temporarily lift it. There is no cost to place or lift a freeze. A freeze remains in place until you remove it altogether. A credit bureau must lift a freeze within one hour for online and phone requests and no later than three business days after getting your request by mail. You may contact the credit bureau regarding a credit freeze at the following phone numbers:
- If your credit report shows that new accounts have been opened in your name, contact those creditors immediately by telephone and in writing. Creditors will likely ask you to fill out a fraud affidavit. Most businesses accept the Federal Trade Commission affidavit.
To learn more about online security visit:
FDIC Consumer Protection
Consumer Financial Protection Bureau
OnGuard Online