Financial Safety

Banks Never Ask That

To help combat the toll that phishing is taking on consumers, Security Savings Bank is joining the American Bankers Association and thousands of banks across the country to promote an industry-wide consumer awareness campaign called #BanksNeverAskThat. Using humorous and engaging videos, social media posts and other material, the #BanksNeverAskThat campaign seeks to turn the table on fraudsters by empowering consumers to spot bogus bank phishing scams.

PROTECTING YOURSELF FROM FRAUD

Our world is becoming more digital. It is important to be diligent to prevent fraud when using online services like our online or mobile banking, mobile app, and Zelle^®. Keep these tips in mind to protect yourself from scammers.

• Your financial institution will never call you to request information you received via text (SMS) or pressure you to reset your online banking password
• Don’t trust caller ID; Caller ID may be modified to show your financial institution’s name
• Don’t provide your online banking log in credentials, one-time password, account number or personal information by email or text or phone call. Using their published phone number, reach out to your financial institution to confirm that the request is legitimate
• Don’t give information over the phone if you receive a call stating that a transaction is canceled, even if the caller claims to be from your financial institution. Once again, contact your financial institution using a published phone number to inquire about the transaction
• Don’t click on links in unsolicited emails or texts 
• Don’t give an unsolicited caller remote access to your computer

What is Phishing?

Phishing is where scammers use email or text messages to trick you into giving them your personal and financial information. But there are several ways to protect yourself.

1. Protect your computer by using security software.
2. Protect your cell phone by setting software to update automatically.
3. Protect your accounts by using multi-factor authentication.
4. Protect your data by backing it up.

What To Do if You Suspect a Phishing Attack

If you get an email or a text message that asks you to click on a link or open an attachment, answer this question:

‘Do I have an account with the company or know the person who contacted me?’

If the answer is “No,” it could be a phishing scam. Report the message and then delete it.

If the answer is “Yes,” contact the company using a phone number or website you know is real — not the information in the email. Attachments and links might install harmful malware.

What To Do if You Responded to a Phishing Email

If you think a scammer has your information, like your Social Security, credit card, or bank account number, go to www.identitytheft.gov. There you’ll see the specific steps to take based on the information that you lost.

If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software. Then run a scan and remove anything it identifies as a problem.

How To Report Phishing

If you got a phishing email or text message, report it. The information you give helps fight scammers.

If you got a phishing email, forward it to the Anti-Phishing Working Group at [email protected]

If you got a phishing text message, forward it to SPAM (7726).

Report the phishing attempt to the FTC at www.ReportFraud.ftc.gov

Check Washing FAQ's

What is Check washing?

We are encouraging our customers to be aware of a trending bank fraud called ‘check washing’. Check washing involves changing the payee names and often the dollar amounts on checks and fraudulently depositing them. Occasionally, these checks are stolen from mailboxes and washed in chemicals to remove the ink. Some scammers will even use copiers or scanners to print fake copies of a check. 

How is it executed?

Criminals are targeting mailboxes to commit check fraud and are even selling copies of washed checks online. The mail theft puts not only personal checks at risk but also business checks, tax refunds, and government benefits. In the case of business checks, criminals create a fake business with a similar name, then use it to open bank accounts.

How to protect yourself from check washing:

• Use electronic payment methods such as ACH, or wires for transferring larger amounts securely.
• Monitor your bank account by logging into online or mobile banking regularly to review checks for the correct amount and cashed to the correct person.
• Place outgoing mail in the blue collection mailboxes before the last pickup or at the Post Office.
• Do not leave mail in your mailbox overnight.
• Have your mail held at the Post Office or have someone pick it up while you are out of town. 

Brute Force Attacks FAQ's

What is a brute force attack?

A brute-force attack is a trial-and-error method used by fraudsters to obtain payment card information such as an account number, card expiration date, PIN, or 3-digit security code on the back of the card (CVV).

How is it executed?

Once the fraudsters have gained access to the payment card information, they can use a merchant’s terminal or online payment system to perform computer-generated test transactions until a valid authorization is received. These authorization requests can accumulate into the thousands in seconds.

The fraudsters do not have the cardholder’s name, phone number, address, or PIN. They are simply trying to guess at card numbers and expiration dates to find a match.

Why am I getting a phone call about possible fraud?

Our fraud detection center monitors for suspicious attempts, blocks the fraudulent transaction, and calls the cardholder to verify the transaction. This means that our fraud detection center prevented fraudulent activity from occurring. It is not likely the fraudsters will try again on that card once the transaction has been blocked. They will move on to guess other card numbers looking for a successful match.  Your information has not been compromised but if you suspect your card has been restricted, please call us at 309-734-9333.

Do I need to file a fraud report?

No, not unless fraud was posted to your account.  If all the attempts of fraud were blocked, no action is needed.

Is a brute force attack a card compromise?

No. The card numbers in the attacks were not obtained from a compromise. The fraudsters are simply guessing card numbers and the card expiration dates. If your card has been restricted, please call us at 309-734-9333.

What happens when there is a successful fraud transaction hit?

When the fraudsters get a successful hit on a debit card, they try to use that card information to make large internet purchases before the bank and the account owner notice the activity.  Thankfully, the Security Savings Bank Fraud Detection Center has been able to block many of the “successful hits” from performing any big dollar fraud resulting from these brute force attacks.

THE TYPES OF INFORMATION WE COLLECT IN THE APP

Through your use of the Services, we may collect personal information from you in the following ways:

• We may collect personal information from you, such as your first and last name, address, email, telephone number, and social security number when you create an account.
• We will collect the financial and transaction information necessary to provide you with the Services, including account numbers, payment card expiration date, payment card identification, verification numbers, and transaction and payment history.
• If you provide feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, in order to send you a reply.

We also collect other types of personal information that you provide voluntarily, such as any information requested by us if you contact us via email regarding support for the Services.

• Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type, IP address, unique identifiers, language settings, mobile device carrier, radio/network information, and general location information such as city, state, or geographic area.
• Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
• Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, and helping us understand user activity and patterns.
• Local storage technologies, like HTML5 and Flash, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
• Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
• Location Information. If you have enabled location services on your phone and agree to the collection of your location when prompted by the Services, we will collect your location information when you use the Services; for example, to provide our fraud detection services. If you do not want us to collect this information, you may decline the collection of your location when prompted or adjust the location services settings on your device.

Online Banking, Data Security & You