Please view our Cybersecurity Safety Guide here.
Phishing is a type of social engineering in which fraudsters try to trick a person into sharing sensitive information such as usernames, passwords, social security numbers, credit card numbers, etc. by means of emails that appear to be from trusted sources. This may take the form of an email that appears to be from your bank, credit card company, credit reporting bureau, or any number of sources. You should always be wary of any links or attachments emailed to you, especially those that come unexpectedly. When in doubt, don't click! If you think you may be the victim of a phishing attack, please alert the bank at 325-247-5701.
Account Takeover occurs when fraudsters gain access to a person or entity's online banking credentials and attempt to initiate fraudulent ACH transactions through Bill Pay or the Bank's ACH origination product. Llano National Bank has controls in place to help monitor and prevent this type of fraud, but there are steps customers can take as well by following security best practices. These measures include educating yourself and/or employees about cybersecurity, maintaining anti-virus software, using dual control procedures where available, monitoring your account frequently and reviewing account statements, and using a separate device to originate ACH transactions when possible. If you suspect fraud or unexpectedly lose access to online banking, please alert the bank at 325-247-5701.
Business Email Compromise
Business Email Compromise or BEC occurs when a fraudster impersonates an employee, often an executive, and attempts to trick an employee, customers, or financial institution into transferring money or sensitive data via a compromised or spoofed email account. These requests are generally communicated as urgent in order to rush the recipient into acting before thinking clearly about what they are about to do. Organizations can take several steps to prevent losses from BEC including: carefully reviewing emails and confirming information via another method (phone, in-person, etc.) before acting on emails requesting fund transfers, setting up two factor or out-of-band authentication with your bank, training employees to recognize the signs of BEC, and maintaining up to date anti-virus software. If you suspect you are a victim of BEC, please contact the bank at 325-247-5701.
Tips for Safeguarding Your Information
Identity Theft occurs when a criminal uses another person's personal information to take on that person's identity. Criminals then use key pieces of information such as Social Security and driver's license numbers to obtain credit, merchandise and services in the name of the victim. The victim is left with a ruined credit history and the time-consuming and complicated task of regaining financial health.
While you probably can't prevent identity theft entirely, you can minimize your risk. By managing your personal information wisely, cautiously and with an awareness of the issue, you can help guard against Identity Theft.
- Don't give your Social Security number or other personal information over the phone, through the mail, or over the Internet unless you've initiated the contact or are sure you know who you're dealing with.
- Guard your trash from theft. Tear or shred receipts, copies of credit applications, insurance forms, physician statements, checks and bank statements, expired charge cards, and credit offers you get in the mail.
- Secure personal information in your home.
- Don't carry your Social Security Number card; leave it in a secure place. Don't put your Social Security Number or drivers license number on your checks.
- Give your Social Security Number only when necessary. Ask to use other types of identifiers when possible.
- Ask about information security procedures in your workplace. Find out who has access to your personal information.
- Guard your mail from theft. Deposit outgoing mail in secured mailboxes. Promptly remove your mail from your mailbox.
- Notify your credit-card company if your card has expired and you have not yet received a replacement.
- Carry only the identification information and the number of credit and debit cards that you'll actually need.
- Pay attention to your billing cycles. Follow up with creditors if your bills don't arrive on time.
- Scrutinize monthly billing statements. Open bills promptly and check your accounts monthly. Look for charges you don't recognize and report them immediately. Save receipts to compare with your billing statements.
- Keep your eyes on your credit card during all transactions and get it back as soon as possible.
- Keep a record of all your credit card account numbers, expiration dates and the telephone numbers and addresses of each creditor. Store in a safe place.
- Be wary of promotional scams. Identity thieves may use phony offers to get you to give them your personal information.
- Keep your purse or wallet in a safe place at work.
- Try not to divulge personal information over a cell phone; they are not as secure as you may think.
- Review your monthly accounts regularly for any unauthorized charges.
- Place passwords or PIN numbers for your credit cards, bank debit/ATM card and phone accounts in a safe place. DO NOT write them on the cards. Protect your PINs and passwords (don't carry them in your wallet!) Use a combination of letters and numbers for your passwords and change them periodically.
- Limit the amount of information you place on your Internet homepage and websites detailing family genealogy.
- Choose to do business with companies you know are reputable, particularly online.
- Use a secure browser – software for your computer that encrypts or scrambles information you send over the Internet – to guard the security of your online transactions. When conducting business online, make sure your browser's padlock or key icon is active.
- Don't open e-mail from unknown sources, and use virus detection software. Update this software regularly, or when a new virus alert is announced.
- Use a firewall program on your computer, especially if you use a high-speed Internet connection like cable, DSL or T-1, which leaves your computer connected to the Internet 24 hours a day.
- Try not to store personal/financial information on your laptop computer unless absolutely necessary. If you do, use a strong password – a combination of letters (upper and lower case), numbers and symbols.
- Before you dispose of any computer, delete personal information. Deleting files using the keyboard or mouse commands may not be enough. Use a "wipe" utility program to overwrite the entire hard drive.
- Report any suspected fraud to your bank and the fraud units of the three credit reporting agencies immediately. The fraud unit numbers are:
Trans Union (800) 680-7289
Experian (888) 397-3742
Equifax (800) 525-6285
You may also contact the FTC's ID Theft Consumer Response Center at (877) IDTHEFT (438-4338) or visit their Identity Theft Website at www.consumer.gov/idtheft.
Tips for Safeguarding Your Business' Information
Identity theft is not something that just happens to consumers. Businesses are victims as well. According the U. S. Postal Inspection Service, corporations lose millions of dollars every year from computer crime and credit card fraud that link to identity theft. The main thrust of identity thieves is to obtain key pieces of victims' identity - name, address, date of birth, social security number, and mother's maiden name - in order to impersonate them. Businesses need to protect this key information not only for their customers, but for their employees as well. The Better Business Bureau suggests that businesses take the following proactive steps to avoid identity theft:
- Develop a process to screen employees who have access to personal information, even if they are part-time.
- Screen the cleaning service and temporary firms you use.
- Keep all personal information in locked files, and establish secure procedures for data services.
- Limit use of personal identifiers. Use an alternative number and means of identification instead of social security number.
- Encrypt all personal and confidential information on computers. Make sure your systems administrator checks on a regular basis that your system is hacker-proof.
- Consider placing photos on your business cards, employee identification cards and badges. This avoids the problem of an imposter "borrowing" business cards and using them to pose as the victim.
- Adopt secure methods for disposing of personal information, such as using shredders.
- Instruct staff on security procedures when sending personal information by fax, including using a confidential cover and double-checking the fax number.
- Do not leave personal or confidential information on voice mail, pagers, cellular phones or email. These are not reliable ways to transmit sensitive messages.
- Use designated and secure printers and copiers for personal information. Keep shredders nearby.
- Adopt a written protection policy and display it in your company literature and web site.
- Rethink what type of information you really need from customers and employees versus the information you currently gather. In this case, less is better. Limit data collection to information necessary to the purpose, not information you might use later. For more information on identity theft go to http://www.newyork.bbb.org/identitytheft/index.html.