Astoria Bank is Looking Out for You
At Astoria Bank, protecting your personal and financial information is a top priority, which is why we take steps to protect the sensitive/personal information you may provide to us. We follow strict guidelines to guard against unauthorized access to your sensitive information. But it’s also important that you learn what you can do to protect yourself against Identity Theft, both online and offline. Please take a few moments to read about some important safety tips that will help protect the security of your personal information:
|Small Business Email Scams||IRS Identifies Five Easy Ways to Spot Suspicious Calls|
|Unsolicited Emails||FDIC Warns of Fraudulent Emails|
|FBI Warns of Rise in Business Email Scams|
Steps You May Take to Protect Yourself Against Identity Theft
- Never give your personal information over the phone, through the mail or over the Internet unless you have initiated the contact or are confident you know who you’re dealing with.
- If you are not sure that a contact is legitimate, contact the company yourself, either by phone, in person, or by visiting the company’s Web site by typing in the site’s address or using a page you have previously bookmarked.
- Don’t carry your Personal Identification Numbers (PINs) with you––memorize them and keep them in a safe, secure location.
- Review account statements regularly to ensure that all charges are correct. If your statement is late in arriving, call your financial institution to find out why. Take advantage of Online Banking to periodically review activity online and identify suspicious activity.
- Tear or shred personal financial documents such as charge receipts, credit applications, insurance forms, or any other important material.
- Keep your Social Security Card in a safe place and only give out the number when absolutely necessary.
- Laptop and Personal Digital Assistant (PDA) Users: –
- Never leave your laptop/PDA unattended
- Make sure your laptop/PDA requires a password when starting up
- Encrypt sensitive date on your laptop/PDA to help prevent data theft if the device is lost or stolen
The Phishing Lure
Phishing isn’t really new — it’s a type of scam that has been around for years and in fact predates computers. Malicious crooks did it over the phone for years. What is new is its contemporary delivery vehicle — spam and counterfeit Web pages.
Phishing uses email messages that claim to come from legitimate businesses that one might have dealings with – banks, online organizations, Internet service providers, online retailers, and insurance agencies. The messages may look quite authentic, featuring corporate logos and formats similar to the ones used for legitimate messages. Typically, they ask for verification of certain information, such as account numbers and passwords, allegedly for auditing purposes. And, because these emails look so official, up to 20% of unsuspecting recipients may respond to them — resulting in financial losses, identity theft and other fraudulent activity against them.
Please note that Astoria Bank will never ask you for your password in an email or over the phone and will never include a link for you to click on within any email we send to you.
Cutting the Line
Even before Phishing became so prevalent, legitimate businesses and financial institutions would hardly ever ask for personal information via email. If you receive such a request, call the organization and ask if it’s legitimate or check its legitimate Web site (use a search engine to find it).
Look for misspellings and bad grammar. While an occasional typo can slip by any organization, more than one is a tip-off to beware.
If the email refers you to a Web site, look carefully at the URL. It’s easy to disguise a link to a site. The longer the URL, the easier it is to conceal the true destination address. Other ways to disguise URLs include substituting similar-looking characters, so that paypal.com could be (and has been) spoofed as paypaI.com or paypa1.com. Similarly, a zero can be substituted for the letter O within a URL. Don’t click on links contained in the email if you’re unsure whether the contact is legitimate. Instead, contact the organization directly or visit its legitimate Web site (use a search engine to find it).
Pharming for Your Information
Pharming is a technique used to redirect as many users as possible from the legitimate Web sites they’d intended to visit and lead them to malicious ones. Pharming involves Trojans, worms, or other technology that attack the browser address bar so that when users type in a “valid” URL they are redirected to the criminals’ Web sites. The bogus sites, to which victims are redirected without their knowledge or consent, will likely look the same as a genuine site. Unaware of anything out of the ordinary, you therefore reveal your password and user name to criminals.
Don’t Get Hooked
To help our customers avoid this type of attack, Astoria Bank introduced Secure Sign On, an added layer of online banking security. Secure Sign On further safeguards your financial information by displaying a picture and phrase that you select to let you know that you are at our legitimate website and that it is safe to enter your log-in information. If you enter your User ID and the next screen does not show your picture and phrase, do not enter any personal information. Instead, re-enter your User ID or contact us at 1-800-ASTORIA (1-800-278-6742) and press “3” for online banking support. As an additional identity check, we require that customers answer “challenge questions” when logging-in from a computer that our system does not recognize.
Mobile Banking Security Tips
At Astoria Bank, we take safeguarding your personal and financial information very seriously. Here are a few simple tips to help protect your information as you track your finances on-the-go:
- Add the text banking short code (Astoria Bank’s is 79680) and customer service phone number (Astoria Bank’s is 1-800-ASTORIA (1-800-278-6742)) to your contacts and only initiate SMS and phone calls from your contact list.
- Set a strong account password that has at least one number and capitalized letter. Do not use your name, birth date or other easily identifiable personal information in your password to avoid hacking. Try to change your password frequently, usually every 30 days.
- Treat your phone like a computer by downloading security patch updates and antivirus software on your phone.
- Always secure your phone and SIM card (subscriber identity module) with a password. If your phone is ever lost or stolen, it will protect your private and secure information. Use the keypad lock or phone lock function on your mobile device when it is not in use. Also be sure to store your device in a secure location.
- Only download applications from trusted sources. Make sure to download updates regularly, as often times these include fixes to security flaws.
- Take note of pop-up notices and other alerts that may be warning you about security issues or leaving trusted sites.
- Delete text messages from your bank once you’ve read them.
- Always log off completely after using a mobile banking site or application.
- Make sure to clear out all information on your phone before discarding it.
- Send your personal information or online banking credentials via e-mail or text, as both are easy to intercept, or reply to SMS messages that you do not recognize.
- Enter personal information unless there’s an “s” after http, which indicates that the site is secure. Also, look for security symbols such as an icon of a lock.
- Bank or shop online while on a smartphone when using unsecured, public Wi-Fi access.
- Set your phone settings to auto-fill User ID’s or Password information.
- Click on any links in emails that claim to be from your bank. Instead go to your bank’s website directly to log in.
Additional Steps You May Take to Protect Yourself Online
- Before entering any sensitive information, verify that the Web site is secure by looking for:
- The Lock Symbol
Check the status bar at the bottom of your Web browser window for an unbroken lock symbol. This means your personal information is scrambled, and no one can read it but the e-business you’ve contacted. Double-click on the lock symbol to view the security certificate. Make sure the certificate is “Issued to” the Web site and the “Valid from” dates are current.
- “https” in the Web Site’s Address
Secure sites have “https://” at the beginning of the address, rather than “https://.” The “s” stands for “secure” and indicates the information you send is encrypted or scrambled, so it can’t be read during transmission.
- The Lock Symbol
- Update your anti-virus software regularly to guard against new viruses.
- Keep your browser and operating system up-to-date. Look for programs that offer automatic updates, including important security enhancements, and take advantage of free patches that manufacturers offer to fix newly discovered problems.
- Only open email attachments if you’re expecting them and know what they contain. Even if the messages look like they came from people you know, they could be from scammers and contain programs that will steal your personal information.
- Do not be intimidated by an email or caller who suggests serious consequences if you do not immediately provide or verify financial information.
- Use a personal firewall to limit uninvited access to your computer, especially if you have high-speed or an “always on” connection to the Internet, such as broadband cable or DSL.
- If you store financial information on your computer, use a password consisting of numbers and letters, both upper and lower case.
- Avoid using an automatic login feature that saves your user name and password and always log off when you’re finished.
- Use anti-spyware and ant-spam software
- Be cautious when using public computers, such as those in coffee houses; or public networks, such as those in hotels and airports, to access the internet . Check with the staff to verify that their network is secure.
- You should never use a password for your online banking account that you have used at other possibly less secure sites. If those sites are hacked then your password in both places has been compromised.
- Be sure to read Web site privacy policies to know your information will be secure, how it will be used, and if it will be shared with third parties.
For Business Customers
Use a dedicated computer for financial transactional activity. DO NOT use the same computer for both business transactions and for general web browsing and email.
Apply operating system and application updates (patches) regularly. You should be especially diligent in applying patches for your browser software and any plug-ins for your browser software such as adobe flash player.
Ensure that anti-virus/spyware software is installed, functional and is updated with the most current version. Make sure your anti-virus system is scanning your system regularly and is configured to automatically download updates as they become available.
Have host-based firewall software installed on computers or use a hardware based firewall that hides your computers from the publicly facing internet
Use latest versions of Internet browsers, such as Explorer, Firefox or Google Chrome with “pop-up” blockers and keep patches up to date
Turn off your computer when not in use.
Do not enable remote assistance tools such as Microsoft RDP and leave them open to incoming connections from unknown sources.
Always use complex passwords on all business computers.
Do not ignore warnings. If you receive a warning in your browser, when attempting to access your online business account with Astoria, that says the site you are attempting to access has an expired certificate or does not match the name of the site please call 1-800-ASTORIA (1-800-278-6742), immediately.
Do not batch approve transactions; be sure to review and approve each one individually
Review your banking transactions and your credit report regularly
Establish dual control over the setup and creation of new user accounts on the system
Establish dual control over the setup of new payees on the system
Run summary reports of all transactions to ensure they are accurate
Review your transactions the next business day to determine if fraudulent activity has occurred
Steps You Should Take If You Believe Your Identity Has Been Stolen
If you suspect your identity has been stolen, there are four steps you should take immediately.
1. Place a fraud alert on your credit reports.
Call any one of the three major credit bureaus to help prevent an identity thief from opening additional accounts
in your name.
bureaus, and all three reports will be sent to you free of charge. Once you receive these reports, review
them carefully for any incorrect information, particularly accounts you didn’t open or unexplained debts.
2. Close any accounts that have been tampered with or opened fraudulently
3. File a report with your local police or the police in the community where the identity theft took
place. Keep a copy of the report.
4. Contact the authorities that specialize in Identity Theft
|Federal Trade Commission Identity Theft Hot Line:||(877) IDTHEFT (438-4338)|
|Social Security Fraud Hot Line:||(800) 269-0271|
|US Postal Inspectors:||(800) 372-8347|
Do More to Protect Yourself
While there is no way to completely prevent identity theft, there are things you can do, including taking reasonable precautions to help protect yourself from the effects of identity theft before it happens.
Astoria Bank is dedicated to keeping you safe from identity theft. We’re taking steps to protect you, and hope you’ll take advantage of this valuable information to protect yourself as well. If you suspect that you have received a fraudulent email or phone call from someone claiming to be from Astoria Bank, please contact Telephone Banking immediately at 1-800-ASTORIA (278-6742), or forward the email to email@example.com, so we can investigate. If you have any questions about identity theft, please visit your neighborhood Astoria Bank branch—because protection of your sensitive/personal information is our concern.