Several of our customers have called us to report that they have received phone calls from people using First Community Bank and Trust’s name asking for their account information.  They have been asked to confirm account numbers and other personal information that could potentially be used to access their accounts. This type of fraudulent activity is happening not only here, but at banks all across the country. The calls usually inform people that their credit card or ATM card has been "compromised," and ask the person to provide the card number and/or pin number so the card can be "reactivated." Please know that we will never call and ask for personal information over the phone. If you or someone you know gets a phone call supposedly from us asking for such information, hang up and call First Community Bank and Trust (708.946.2246 or 708.258.0530) to make sure you are speaking with an employee of the bank. Do not rely on Caller ID or use it to automatically redial the bank as it is possible for the caller to provide fake information in the Caller ID.

Be more informed about identity theft. Take this short quiz and see how knowledgable you are. Are you safe from identity theft?

www.onguardonline.gov/quiz/idtheft_quiz.html

This study, published on December 14, 2004, presents the FDIC's findings on unauthorized access to financial institution accounts and how the financial industry and its regulators can mitigate these risks.

Executive Summary And Findings

Background and Focus of Study
Identity theft is one of the fastest growing types of consumer fraud. The Federal Trade Commission (FTC) has estimated that, during 2003, almost ten million Americans discovered they were the victims of identity theft, with a total cost to businesses and consumers of over $50 billion. This study focuses on a subset of identity theft that is of particular concern to financial institutions insured by the FDIC and to the institutions' customers: unauthorized access to and misuse of existing asset accounts primarily through phishing and hacking, hereinafter referred to as “account hijacking.”

Prevalence and Impact of Account Hijacking
While precise statistics on the prevalence of account hijacking are difficult to obtain, recent studies indicate that unauthorized access to checking accounts is the fastest growing form of identity theft. Another recent study has estimated that almost 2 million U.S. adult Internet users experienced this fraud during the 12 months ending April 2004. Of those, 70 percent do their banking or pay their bills online and over half believed they received a phishing e-mail. Consumers are attributing risk to their use of the Internet to conduct financial transactions, and many experts believe that electronic fraud, especially account hijacking, will have the effect of slowing the growth of online banking and commerce.

Findings
Fraudsters are taking advantage of the reliance on single-factor authentication for remote access to online banking, and the lack of e-mail and Web site authentication, to perpetrate account hijacking. Financial institutions and government should consider a number of steps to reduce online fraud, including:

• Upgrading existing password-based single-factor customer authentication systems to two-factor authentication.
• Using scanning software to proactively identify and defend against phishing attacks. The further development and use of fraud detection software to identify account hijacking, similar to existing software that detects credit card fraud, could also help to reduce account hijacking.
• Strengthening educational programs to help consumers avoid online scams, such as phishing, that can lead to account hijacking and other forms of identity theft and take appropriate action to limit their liability.
• Placing a continuing emphasis on information sharing among the financial services industry, government, and technology providers.

The federal banking, thrift and credit union regulatory agencies have published an informational brochure to assist consumers in identifying and preventing a new type of fraud known as "phishing."

The term "phishing" – as in fishing for confidential information – is a scam that encompasses fraudulently obtaining and using an individual's personal or financial information. In a typical case, the consumer receives an e-mail requesting personal or financial information; the e-mail appears to originate from a financial institution, government agency or other entity. The e-mail often indicates that the consumer should provide immediate attention to the situation described by clicking on a link. The provided link appears to be the Web site of the financial institution, government agency or other entity. However, in "phishing" scams, the link is not to an official Web site, but rather to a phony Web site. Once inside that Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth. When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity.

The brochure explains the basics of "phishing," the steps consumers can take to protect themselves, and the actions that consumers can take if they become a victim of identity theft. The brochure is available in a downloadable form through the FDIC's Web site at http://www.fdic.gov/news/news/press/2004/pr9304b.pdf.

 

ATM Safety: Common Sense Tips for Combating Crooks

ATM manufacturers and financial institutions go to great lengths to prevent robberies and fraud at cash dispensing machines. They place ATMs in safe locations, light them well, and use a variety of security measures. Many banks also limit the amount of cash that can be withdrawn each day so that a thief can't quickly clean out an account. Even so, not all ATM crimes can be prevented.

We hope you'll never be the victim or the target of an ATM theft or fraud. However, we also know that one of the best ways to stack the odds in your favor is to learn some self-defense. That's why FDIC Consumer News offers these safety suggestions:

Protect your ATM card.
Know where it is at all times and keep it secure. Carry only the cards — debit or credit — you think you'll need. The fewer cards you carry, the less likely they'll be lost or stolen and used in a fraud attempt. Destroy old or expired ATM cards. Be sure to cut through the account number and magnetic strip before disposing of a card.

Safeguard your personal identification number (PIN).
Never write your PIN on your card or on a piece of paper you keep near your card. Memorize it instead. "If a thief finds or steals your ATM card and your PIN, it's like you've opened up your bank account and offered free samples," says Janet Kincaid, FDIC Senior Consumer Affairs Officer.

Don't share your PIN with anyone — not even a relative who isn't a co-owner of your account. Beware of deceptive calls or e-mails from crooks claiming to be from your bank or the police asking you to "verify" (divulge) your PIN. Make sure that no one can easily see your PIN as you enter it at the ATM keypad.

Choose an ATM carefully and use common sense.
Be aware of your surroundings, particularly at night. Avoid ATMs in dark or remote areas or where people seem to be loitering.

Walk away if you notice something suspicious. Michael Benardo, a manager in the FDIC's Technology Supervision Branch, gives these examples of fraudulent recording devices found at ATMs: unusual-looking devices attached over the card slots of machines for "skimming"or gathering information from the magnetic strip on the back of the card; transparent overlays on ATM keypads that can record PINs; and tiny cameras hidden behind innocent-looking brochure holders and focused on where ATM users enter their PINs. Also go elsewhere if you see a sign directing you to only one of multiple ATMs — it could be the machine that was tampered with by a crook.

There are even reports of crooks installing "card cleaners" at an ATM. "These are really just skimming devices that capture account information, and the only cleaning they're used for is to clean out someone's account," says Benardo.

Also protect your ATM card when you use it to make purchases at retail establishments. For example, if you give an employee your card and you notice that he or she swipes it through two devices instead of one, that second device could be recording your account information for use in making a fraudulent card. Report that situation to a manager and your card issuer.

Note: Some ATMs belong to non-banking companies or even individuals, not to banks or other depository institutions. While a privately owned ATM may be safe to use, "for the consumer, there's more uncertainty about who these companies are, whether they are legitimate or whether they're being audited or regulated by the government on an ongoing basis," Benardo says. He notes, for example, reports of dishonest ATM owners collecting card numbers for use in making duplicate cards and committing fraud. In general, your safest bet is to use an ATM owned by a federally insured banking institution. If you are considering using a private ATM, stick to one at a trusted merchant and make sure the ATM's owner is clearly identified.

Withdraw cash safely.
Have your ATM card in your hand as you approach the ATM. When you collect your cash, immediately put it into your pocket or purse and count it later in private. Take your receipt and keep moving. The idea is to give a would-be robber less time to target you and steal your cash, wallet or purse.

What if you drive to an ATM? It's a good idea to use a drive-up ATM at a bank office or branch. Keep the engine running, lock all doors and roll up the passenger-side windows. If it's night-time and a drive-up machine isn't available, park in a well-lit area close to the ATM and, if possible, take another person with you.

Promptly report anything suspicious.
Immediately notify your bank if your ATM card is lost or stolen; you notice a recording device or something else suspicious at a machine; or you receive an unsolicited call or e-mail asking for personal information, such as your account number and PIN. Also, immediately notify your card issuer about an unauthorized ATM or debit card transaction on your account. Remember that the faster you report a problem, the greater your federal protections are (see "Laws Protecting ATM Users"). Early notice also may be key in catching the crooks.