Security and Education

Did you know?

We consider it our responsibility to keep you safe and well-informed. This education center is designed to provide helpful banking and safety information. If you have additional questions or concerns after watching these educational videos and reviewing this information, please contact us for more details.

Please Note: Some Ad Block extensions may block displaying the video thumbnails below. If you do not see the thumbnails please add https://fflorain.bank to your exceptions list.
Online Banking Video Interactive Video Player

Online Banking Video

Enhanced Security Video Interactive Video Player

Enhanced Security Video

Identity Theft Prevention Interactive Video Player

Identity Theft Prevention

Chip Cards Interactive Video Player

Chip Cards

Online Bill Pay Interactive Video Player

Online Bill Pay Video

FDIC Infomation Interactive Video Player

FDIC Video

 

Customer Education: How we keep you safe

First Federal Savings is invested in keeping your financial information secure. We have specific procedures in place for contacting customers to keep your information and identity safe. The document below outlines the ways we will contact you, it also warns against providing account or personal information to outside sources. Please review this material and trust your instincts. Whenever something seems suspicious refuse to provide your information and contact us immediately at 800-589-8850.

Learn More: About Combating Fraud

Overview of Security

The Internet Banking login process includes several layers of security. This security is intended to prevent unauthorized access to your account, validate your identity, protect your account information from fraudulent use, and prevent the theft of your identity.

Learn More: Overview of Security

Security Updates:
Check here for the latest security alerts and notifications. 

From the, MS-ISAC GROUP      

We all know it happens – our home computers crash, malware infects them, or somebody downloads that cool, new program that crashes everything! While there are many tips and tricks of great value for preventing your devices and data from being compromised, it is important to also have a backup of your information in case something goes wrong.

Backups are copies of key information or data that are stored separately from your device. By storing these separately, you can restore your data or device using these backups and get right back to full working order. With threats of Ransomware, which encrypts and renders your personal files inaccessible, this is a real concern. Below we will explore some key concepts on creating and will provide resources that assist you in making decisions on how to best create this essential type of redundancy in your life.

Choosing what to backup

When thinking about a backup system the first thing to decide is how much you want to backup. Are you okay storing key documents, pictures, and files or do you want your full system backed-up? If you’re concerned about rebuilding a full system, and having all the license information to make it functional, then you probably want a more complete backup option. If you just want to protect important files, then a system where you choose what to save would work well.

 How can you create a backup of just key files?

If you are looking to store copies of your important files, you can copy them to your preferred method of backup periodically. This is accomplished by selecting the folders or files you want to backup, and copying them to the storage device or media. This is made especially easy if you make a habit of organizing your important files into just a few folders. This is a very simple and easy approach, and guarantees that your tax documents, digital receipts, pictures, and other important records remain available.

How can you create a complete backup of your device’s data?

If you are looking to create a more comprehensive backup, your devices likely have utilities built in that allow for easy creation of backups. These may allow you to set a complete copy of your device’s data aside that would allow you to restore it to full working order following an infection or issue. Seek out guidance or tips from your device’s vendor to determine what utilities are available to you for creating backups. The Stay Safe Online guide linked below has links to top vendor’s backup guides that can assist you through the process.

 Choosing where to store your backed-up data

Regardless of what you want to save, one of the key ways to keep your backed-up data safe, is to disconnect the storage media after you make the backup. This is important in the event that you are infected with malware. You do not want copies of data to also be infected. (Ransomware does look for backups to infect.)

This also helps in case your device or where you store it is lost, stolen, or physically destroyed. Keeping a separate backup on a different physical storage device, or in the cloud, is a way to better secure your data from this type of problem.

Cloud services for storing backups can be a convenient solution, though they may come at a cost and some individuals may not like the fact that they will not have a copy in hand on physical storage media. Having the backup outside your immediate possession can be helpful if you are concerned about a physical problem, such as loss or damage. Some of these services save multiple versions of your backup, which better secures against infected files corrupting the cloud backup.

External hard drives or removable media (DVDs, USB drives, etc.) are the other most common option. You simply need to copy the data you want to save to the external hard drive or media chosen.

Consider keeping the external drive disconnected and in a separate location from your devices while not making backups, as this insures against malware getting on the backup copy.

 

How often should you back up files and systems?

The frequency with which you back up your data or systems is an important component of this process. Consider making your backups on a weekly basis, with a minimum frequency of monthly backups.  Your decision will be influenced by how often you update your data.

In conclusion, spend time considering how vital the data on each of your devices is. Then consider the best type of backup strategy for your needs and base a timeline of how frequently you make the copies off those needs as well. By adding this simple process to your safe computing habits, you can build in more reliability and recoverability. If you are ever the victim of a malware infection or cyber-attack, you will surely be glad you took the time to make backups!

Suggested resources:

https://staysafeonline.org/stay-safe-online/online-safety-basics/back-it-up/

https://www.us-cert.gov/sites/default/files/publications/data_backup_options.pdf

 

                                                                           

 

The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.


Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS

From the Information Security Office   

This month, in partnership with the National Cyber Security Alliance, we aim to provide some valuable tips on staying cyber safe while heading on a summer vacation. Whether you are out exploring or relaxing, it is important to strive to be as secure as possible with your digital devices and information. Unfortunately, travel can open you up to different points of vulnerability compared to normal everyday use at home, and we don’t just mean accidentally going swimming with your cell phone. You see, while traveling you are operating outside of your normal, safe routines. This means using your devices on different networks and putting them down in different locations, including under your beach towel while swimming. By following some smart practices, you can connect with greater confidence during a summer escape.

Getting Ready to Go:

Avoid mayhem and make magical family memories by taking a few simple cyber safety steps before you head out of town. The goal here is to prepare your devices for travel and to keep them from being used against you.

  • Keep a clean machine: Before you hit the road, make sure all security and critical software is up-to-date on your mobile devices and keep them updated during travel. These protections are your best line of defense against viruses and malware.
  • Lock down your login: Your usernames and passwords are not enough to protect key accounts like those you use for email, banking, and social media. Fortify your online security by turning on multi-factor authentication, commonly referred to as two-factor authentication, when available. This typically pairs your username and password (i.e. something you know) with a message sent to your phone (i.e. something you have) or your fingerprint (i.e. something you are).
  • Password protect: Use a passcode or security feature like a finger swipe pattern or fingerprint to lock your mobile device. Also set your screen to lock after a short period of time by default. If you do choose to use a finger swipe, make sure it has at least one turn (preferably two) and that a pin code has at least 6 numbers!
  • Think before you use that app: New apps are tempting! It is important to always download new apps from only trusted sources like the Apple App Store or the Google Play Store. Additionally, consider limiting your app’s access to services on your device, like location services.
  • Own your online presence: Set the privacy and security settings on social media accounts, web services, and devices. It is okay to limit how and with whom you share information – especially when you are away.  Do not post of your pending vacation destination on social media. That information is an open invitation for trouble.

 While on the Go:

Once you and your gang are at your destination, you are in new territory and are facing new potential cyber threats. Here are some ways you can keep up secure practices while out and about.

  • Get savvy about what you do on other peoples’ Wi-Fi and systems: Do not transmit personal info or make purchases on unsecure or public networks. Instead, use your phone carrier internet service for these needs. For laptops/tablets, it is easy to use your phone as a personal hotspot to surf more securely using carrier data. Also, never use a public computer or device to shop, log in to accounts, or do anything personal.
  • Turn off Wi-Fi and Bluetooth when idle: When Wi-Fi and Bluetooth are on, they may connect and track your whereabouts. Only enable Wi-Fi and Bluetooth when required, and disable your Wi-Fi auto-connect features.
  • Protect your $$$:Be sure to shop or bank only on secure sites. Web addresses with ‘https://’ and a lock icon indicate that the website takes extra security measures. However, an “http://” address indicates your connection is not secure (not encrypted) and you should not transmit payment or sensitive information over to such a site.
  • Share with care: Think twice before posting pictures that signal you are out of town. Knowing you are away from home is a great piece of information for a criminal to have and they may target your home for physical crime. Also consider limiting your social media apps’ access to location services on your device, and omit location information while making your posts and sharing your pictures.
  • Keep an eye on your devices: Laptops, smartphones, and tablets are all portable and convenient, making them perfect for a thief to carry away! Keep your devices close to you and hold onto them if strangers approach you to talk, as a common scam consists of a stranger distracting you and placing a map or newspaper over your device and walking away with it when finished talking.
  • Know your destination’s laws: If you are heading out of the country, check up on any specific laws on internet and device usage. Additionally, bring as few devices as possible and consider using a device specifically purchased for international travel.

Armed with these tips and practices, you should have a happy and cyber safe vacation ahead of you. To learn more about staying cyber safe and secure while travelling, head to the MS-ISAC’s Security Primer covering this topic. For more information on NCSA, including countless resources on staying cyber secure, please visit staysafeonline.org.  

 

                                

 

The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.


Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.

From the MS-ISAC Group                                                          

The Federal Trade Commission’s definition of phishing is “when a scammer uses fraudulent emails or texts, or copycat websites, to get you to share valuable personal information.”[1] When a user falls for a phishing message, the malicious actor achieves their purpose of getting the victim to hand over sensitive information such as login names and passwords. Though we count on technologies and controls to minimize threats, phishing exploits users through social engineering, which allows the malicious actors to side step these protections. This is why it is important that everyone learn to spot these fraudulent messages. Let’s take a look at some example emails of phishing messages.

 Message #1

Subject: Low Cost Dream Vacation loans!!!

Dear John,

     We understand that money can be tight and you may not be able to afford to go on vacation this year.   However, we have a solution. My company, World Bank and Trust is willing to offer low cost loans to get your through the vacation season. Interest rates are as low at 3% for 2 years. If you are interested in getting a loan, please fill out the attached contact form and send it back to us. We contact you within 2 days to arrange a deposit into your checking account.

Please email your completed form to VacationLoans@worldbankandtrust.com.

Your dream vacation is just a few clicks away!

Dr. Stephen Strange

World Bank and Trust

177a Bleecker Street, New York, NY10012

What did you notice in message #1? 

In this message, you can see that the phisher wants to give us a low cost loan with no credit check. They say we just need to send them our information and they will give us money, right? Not only does it seem too good to be true, but also when you hover the cursor over the email address to examine it further, you see that the link actually has a different destination. It is the email address of the attacker.

Message #2

Subject: Free Amazon Gift Card!!!

Dear Sally,

     You name has been randomly selected to win a $1000 Amazon gift card. In order to collect you prize, you need to log in with your Amazon account at the link below and update your contact information so we can put your prize in the mail. This is a limited time offer, so please respond to the request within 2 business days.  Failure to respond will forfeit your prize and we will select another winner. 

www.amozan.com/giftredemption2321

What did you notice in message #2? 

Aside from this seeming too good to be true, you can see that “Amazon” is misspelled as “Amozan” on the link provided. If you read this quickly, you may think you are responding to the real company to get your gift certificate. In reality, you are providing your information to the attacker. For the purposes of this example, the link actually navigates to the Center for Internet Security, which is a trustworthy site.

Message #3

Subject: Urgent – Take Action Before Your Email Account is Deactivated

Dear User,

                Following changes to our Microsoft email systems, each user must authenticate their account to prevent it from being deactivated. You can accomplish this by heading to the link below and entering your Microsoft Outlook email account credentials, and then we will know your account is active and should remain so.

http://www.microsoft.com/

Thank you,

Information Technology

Helpdesk Support Team

What did you notice in message #3?

This email is fairly well crafted without errors. Note that it establishes a sense of urgency that the malicious actor hopes will cloud your judgement and threatens the deactivation of your email account. Additionally the link at the bottom looks like a link to Microsoft, yet it is in fact heading somewhere else! Luckily, for the purposes of this example, that link simply leads to the Center for Internet Security, which is a legitimate site.

With these three examples considered, here are some basic recommendations to help protect you from becoming a phishing victim:

  • If it seems too good to be true, it probably is;
  • Hover your cursor over links in messages to find where the link is actually going;
  • Look for misspellings and poor grammar, which can be good signs a message is a fraud;
  • And, never respond to an email requesting sensitive personal information (birthday, Social Security Number, username/password, etc.).

Additional information and a phishing game can be found on the FTC’s website, https://www.ftc.gov/

1https://www.consumer.ftc.gov/articles/0003-phishing

                                                                                   

                  The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.


Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.

 

 

From the desk of Thomas F. Duffy, MS-ISAC Chair 

While spring cleaning your home and, if you’re like me, the top of your desk, consider also cleaning up your information footprint. Your information footprint is how much information about you is recorded and available in both digital and paper formats. Cleaning up your footprint can mean examining social media, online accounts, and even paper records containing sensitive information. While we may use a few key digital devices and services on a regular basis, they often contain more information about us than is necessary. It’s also likely that devices and services we don’t use anymore may still contain information. You might have that pile of paper you’ve been meaning to shred for a while, making this an opportune time to spring clean your information footprint. By spending a little bit of time and effort, you can better secure your information to safeguard against various forms of identity theft.

Disks, Hard Drives, and USB drives, Oh My!

Over the years, it’s easy to accumulate a mass of CD’s, DVD’s, hard drives, and USB drives that are no longer needed or with data that is no longer needed stored on them. If you have hard drives or USB drives with old data but want to continue to use them, consider following US-CERT’s guidance on how to securely clean the data off of these items before properly recycling them. Many shredders, including those rated for home use, can shred CDs and DVDs. If your shredder can’t handle them, check your local community for shredding days as many towns, schools, and office supply businesses will sponsor shredding events.

 Clean Up Your Paper Trail

Many of us have a large quantity of paper documents that may contain sensitive information about ourselves, financial accounts, government identification information, tax returns, and more. Take some time to go through these documents this spring and check whether it is something you truly need to hold onto. If the answer is no, be sure to securely dispose of it by shredding it and recycling the shredded pieces. Simply ripping up sensitive documents is not enough to guarantee your information is unreadable.

Not sure how long you should hold on to those old documents? The Federal Trade Commission (FTC) has a handy website – “A Pack Rat’s Guide to Shredding” with information on how long you should hold on to those documents!

Closing Old Online Accounts

It is common for people to use many different shopping sites, social media outlets, online storage, clubs, and other online outlets that require you to enter, store, and sometimes share information from or about you. If you are no longer using any of these accounts, consider removing information that may be sensitive and consider closing them out if you do not plan to use them again. Sometimes, it is easiest to check out as a guest when shopping online at a place that you rarely, if ever, patronize. Checking out as a guest should minimize the data retained about you.

Old Social Media Accounts

Remember MySpace? LiveJournal? Do you still have that old email account or an account on an old dating website? As we move from Myspace to Facebook to Twitter, Instagram, and the other latest and greatest social media platforms, our old accounts and information are left behind, filled with personal details. Consider closing out social media accounts that you no longer use, as it will reduce your digital footprint. Keep in mind that all social media platforms have different policies when deleting old accounts and content. Be sure to read the policy. And, don’t forget to remove the app from your smartphone, too!

Oversharing on Social Media That You Do Use

If you frequently use a social media or online account but it contains lots of personal details or information that you now think should be safeguarded more closely, consider removing it from your profile or deleting the posted content. Think about if the information you continue to share could be used against you or combined with other information to be used against you. Enough pieces of personal information combined together can be very useful to cybercriminals.

Being aware of any information that you share that could be used to respond to “Challenge” questions, which are frequently used to reset passwords. What does that mean? How could information be combined to be used against you? Think about your online bank account. If you forget your password what types of questions do they ask? Probably something about the color of your car, your mother’s maiden name, your birthday, or pets’ names. Did you post a picture of your new car? Friend your mother or her brother on social media? Answer a meme about your birth month and day? Share adorable pictures of Fluffy? If you did, you’ve helped someone find out the answers to your bank’s security questions!

This is the case for many of the pieces of information you may share online and many online accounts that use challenge questions to reset passwords. Information commonly used for challenge questions include the above examples and other details, such as your favorite sports team, vacation spot, fruit, ice cream, type of reading material, youngest sibling, elementary school name, and so on. As you clean up your data think about what information could be used to answer your security questions and try to remove that data from your social media accounts.

In closing, these short tips can make a world of difference in lowering your information’s exposure to others. By questioning if you need to share or provide certain information online as you move forward, you can save yourself from many of the unnecessary overexposures we discuss here. Additionally, by taking a look at both your digital and paper trails to do these activities on a routine basis, you can be sure to keep overexposure in check.

 

                                                                                                    

The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.

 

January 28th is National Data Privacy Day, an educational initiative focusing on raising awareness among businesses and individuals about the importance of protecting the privacy of personal information. With more and more information being collected by companies, websites, and social media, this is something everyone should consider.

To understand the importance of Data Privacy day, it is vital to understand Personally Identifiable Information (PII) and exactly what privacy is. PII is any combination of data points that can lead to the identification of a specific individual (you). This can mean things such as your name or email address, but most times PII refers to “sensitive PII” such as Social Security, driver’s license, state identification, or financial account numbers. Sensitive PII can also exist if PII is combined with another piece of information about you such as a birthdate, medical information, or even passwords. The more pieces of data combined about an individual, the more valuable and sensitive the body of information becomes.

Privacy is often considered to be the concept of confidentiality, which is keeping information secret from those that should not see it. While that is an aspect of privacy, often called “need to know,” privacy is much more. Privacy is a larger concept centering on you as the individual to whom the information refers. It is about your rights to access, correct, and control the information that another entity has about you.

Privacy Rights:

Organizations that honor your privacy will not only protect confidentiality, but should follow a set of principles related to how they manage your information, including:

  • Not collecting more information than they need to conduct their business with you;
  • Informing you of what they will do with the information that they collect and not doing more with it than they have promised;
  • Retaining the information for only as long as it is needed and then properly destroying the information;
  • Not sharing your information with others without your permission, except as required by law;
  • Allowing you to review and correct information if necessary.

To understand your privacy rights it is essential that you read the privacy policies of any organization to whom you provide information, especially PII. This includes websites, health care providers, insurance companies, and financial institutions. If you do not agree with how they intend to protect your privacy, consider not using their service.

Privacy is a Shared Responsibility:

While organizations and websites have a responsibility to protect your privacy, which most will outline in their privacy policy, this is also your responsibility. Social media users are especially susceptible to privacy concerns. Individuals voluntarily place enormous amounts of information about themselves, their friends, and associates, on social media. It is critical that everyone is aware of the information they post on social media services, such as Facebook, LinkedIn, Instagram, Snapchat, and Twitter. This awareness is not limited to what you post about yourself, but what you post about others as well!

Identity Theft Protection:

Despite many organizations best efforts in handling and using your private information properly, the countless breaches of PII by cyber criminals in the past few years have resulted in the exposure of information about millions of people. One reaction to such breaches can be to provide credit monitoring for one year. This is a very short amount of time to have such a protection. Those that have stolen the information, or those to whom they have passed it on, may hold it for much longer than a year before using it to steal your identity, commit credit card fraud, or worse in your name. If you have been a victim of a breach, check out some of the FTC’s resources on starting a credit freeze to protect yourself.

If you are considering Identity Theft protection services, research the firms that you are considering engaging and ensure you understand the services they will and will not provide. Also, read their privacy policies, because for them to deliver these services you must provide them with varying amounts of PII.

Protecting privacy is both your responsibility and that of those individuals and organizations that have information about you. Do everything in your power to be aware of how you personally can compromise your privacy and hold those organizations that you engage with accountable for their management, or mismanagement, of your personal information.

For More Information:

US-CERT Data Privacy Day Events

Online Trust Alliance Data Privacy & Protection website.

Stay Safe Online website.  

Forbes, Data Privacy Day: Easy Tips to Protect Your Privacy

 

 

                                                                                                    

The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.

 

Protect your identity and accounts

  • Do not click suspicious links or open unexpected attachments or texts. Be aware of Phishing emails and Smishing texts.
  • Do not provide account info to links in emails or texts.
  • Do not provide account information over the phone to live or automated systems other than FFSL Touch Tel Phone Banking at:

Toll Free: (888) 378-2067
Lorain: (440) 282-2961
Huron: (419) 433-9629
Sandusky: (419) 624-9663
Port Clinton: (419) 734-7477

  • Always verify the identity of the person on the phone by calling back a known number, which are listed under FFSL Methods of Contact.
  • Do not use unknown or unsafe devices to access your account. This includes cell phones, tablets or computers.
  • Use only phones, tablets and computer with the latest software and security patches.

Use auto-update for all programs to receive the latest security patches. See Securing Your Device.

Windows XP and Windows Vista (as of 4/11/2017) are no longer updated by Microsoft. Consider Upgrading to Windows 10.

Use anti-virus software and keep it updated. See Securing Your Device.

Keep your browser updated. See Securing Your Device.

We are providing these instructions as a courtesy only. We cannot and will not provide any support beyond providing these written instructions. Do not call for technical support.

 

Text Message bubble with a fishing hook through it

Phishing Email

Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information.

Envelop with a fishing hook through it

SMiShing Text

SmiShing is about sending false, fake text messages, claiming the mobile user that they have won a free product or need to enter information.

Blue smartphone icon and computer with padlock

Securing Devices

Choose your appropriate device below for instruction on how to increase security measure.
WindowsiOSAndroid

Blue laptop icon with a padlock

Online Banking Security

Online Banking security is intended to prevent unauthorized access to your account, validate your identity, protect your account information from fraudulent use, and prevent the theft of your identity.

 

7 Tips to Prevent Tax ID Fraud

SALEM, Ore., January 25, 2017 – As the 2017 tax season gets underway, the Oregon Bankers Association (OBA) is urging all Oregonians to take extra precaution when filing their return to prevent their exposure to tax fraud.

“Fraudsters are using very clever tactics to get a hold of your personal information and submit false tax claims,” said OBA President and CEO Linda Navarro. “Consumers must be suspicious of any communication from the IRS – through email, text or social media – that requests personal information, and should keep a watchful eye out for missing W-2s and mail containing sensitive financial information.”

Tax identity fraud takes place when a criminal files a false tax return using a stolen Social Security number in order to fraudulently claim the refund. Identity thieves generally file false claims early in the year and victims are unaware until they file a return and learn one has already been filed in their name.

To help consumers prevent tax ID fraud, the OBA is offering the following tips:

  • File early. File your tax return as soon as you’re able giving criminals less time to use your information to file a false return.
     
  • File on a protected Wi-Fi network. If you’re using an online service to file your return, be sure you’re connected to a password-protected personal network. Avoid using public networks like a Wi-Fi hotspot at a coffee shop.
     
  • Use a secure mailbox. If you’re filing by mail, drop your tax return at the post office or an official postal box instead of your mailbox at home. Some criminals look for completed tax return forms in home mailboxes during tax season.
     
  • Find a tax preparer you trust. If you’re planning to hire someone to do your taxes, get recommendations and research a tax preparer thoroughly before handing over all of your financial information.
     
  • Shred what you don’t need. Once you’ve completed your tax return, shred the sensitive documents that you no longer need and safely file away the ones you do.
     
  • Beware of phishing scams by email, text or phone. Scammers may try to solicit sensitive information by impersonating the IRS. Know that the IRS will not contact you by email, text or social media. If the IRS needs information, they will contact you by mail first.
     
  • Keep an eye out for missing mail. Fraudsters look for W-2s, tax refunds or other mail containing your financial information. If you don’t receive your W-2s, and your employer indicates they’ve been mailed, or it looks like it has been previously opened upon delivery, contact the IRS immediately.

If you believe you are a victim of tax identity theft or if the IRS denies your tax return because one has previously been filed under your name, alert the IRS Identity Protection Specialized Unit at 1-800-908-4490. In addition, you should:

  • Respond immediately to any IRS notice and complete IRS Form 14039, Identity Theft Affidavit.
     
  • Contact your bank immediately, and close any accounts opened without your permission or tampered with.
     
  • Contact the three major credit bureaus to place a fraud alert on your credit records:
  • Continue to pay your taxes and file your tax return, even if you must do so by paper.

More information about tax identity theft is available from the FTC at ftc.gov/taxidtheft and the IRS at irs.gov/identitytheft

There is a new scam you need to watch out for if you log into any of your accounts and have to wait for a text message sent to your phone to enter and only then log in. This more secure system is called "2-factor authentication". These two factors are:

  1. one thing you need to know-- your password
  2. one thing you have to have-- the text code on your phone

Now, criminal hackers are trying to get past this with a nasty trick you need to watch out for. Tens of millions of hacked user names and passwords have recently surfaced -- yours may be one of them -- and they are using these for this scam.

They send you a fake (spoofed) text that looks like it's from the company you have an account with, claiming that your account may be hacked or that there is suspicious activity happening.  

In the same text they say they will send you your verification code and that you need to send that right back to them or your account gets closed. But if you text that verification code back, you have given the hacker just the thing they needed to hack into your account!

TIP TO STAY SAFE

If your accounts are protected by 2-factor authentication of this sort,  the only time you will be sent the code is to verify an attempt to log into your account.  That means if you did not just try to log in and you suddenly receive a verification code through a text message to your smartphone, it is because a scammer who already has your user name and password is trying to hack into your account.

Never provide your verification code to anyone. Only use it to input the code into your smartphone or computer when you log into a 2-factor authentication protected account. And as a reminder, never give out personal information, such as your Social Security number or credit card numbers in response to a text message (or email) because you simply cannot know for sure who is really on the other end of that communication line. 

Remember, Think Before You Click!"

Customers have been receiving calls from individuals claiming to be from banking institutions. The callers are telling customers that their Debit Card has been compromised in an attempt to get information from them. From the information that we have received it appears that the call system is automated and usually appears as an "Unknown Number".

If you feel you have received one of these calls, please contact our Electronic Banking department (440) 282-6188 to report it.

Please remember that we will never contact you by phone, if your card is compromised. You will be notified by mail. Additionally, we will NEVER ask you for your full card number, account numbers, social security number or any other personal information over the phone.

Please Read Carefully:

Identity thieves are sending text messages to Ohio residents asking them to call their bank to reactivate debit/credit card accounts. The phone number used connects to a fraudulent group that steals card information. They try to make the phone number look local to your area. Often, the target of the text may not even have an account at the bank listed in the message. This is a nationwide scam. Notify your bank and the bank referenced in the message immediately, if you receive one of these text messages.

To notify First Federal Savings of Lorain, call our Electronic Banking Department at (440) 282-6197 or email customersupport@firstfedlorain.com

Online Phishing Attempt September 2, 2014

Sample Notice

Explore More

Services

Services

Tools for better banking. 

Touchtel

Touchtel

24 hour telephone banking.

Mobile Banking

Mobile Banking

Take us with you.