Banc of California takes the security of your financial information very seriously.

We have developed a robust Information Security Program that includes investing in technology to help ensure that your confidential information is shielded from outside attack, ensuring that all bank records are maintained in secured facilities, and providing regular training to all employees on the Bank’s security policies as well as proper methods to communicate with you, our clients, in a secure and confidential manner.

View our Privacy Policy

Privacy

Security

Ten Things you can do to Help Protect Yourself

  • Passwords: Use a complex password and change it regularly. Do not use names, birthdays, or other personal details that might be easily determined.
  • If you need to write down your usernames and/or passwords, be sure they are maintained in a secure place.
  • Keep your computer and/or network software patches and virus protection software up to date.
  • Set up a firewall to detect and prevent intrusions into your environment.
  • Take advantage of all security options provided to you by your bank.
  • Review your banking transactions on a daily basis and credit report on at least an annual basis.
  • Store extra checks, credit cards, documents that list your Social Security number and similar items in a safe place. Shred all credit card receipts and solicitations, ATM receipts, bank account and credit card statements, canceled checks and other financial documents before you throw them away.
  • Use the latest versions of Internet browsers, such as Explorer, Firefox or Google Chrome with “pop-up” blockers.
  • Do not batch approve transactions; be sure to review and approve each one individually.
  • Turn off your computer when not in use.

Identity Theft

Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes. Identity theft can cost you time and money. It can destroy your credit and ruin your reputation. Below are recommendations from the Federal Trade Commission to help combat the threat of identity theft.

  1. Deter identity thieves by safeguarding your information.
    • Shred financial documents and paperwork with personal information before you discard them.
    • Protect your Social Security number. Don’t carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary or ask to use another identifier.
    • Don’t give out personal information on the phone, through the mail or over the Internet unless you know the entity you are dealing with. Avoid disclosing personal financial information when using public wireless connections.
    • Never click on links sent in unsolicited emails. Instead, type in the source page of the website using a separate tab or window. Use firewalls, anti-spyware and anti-virus software to help protect your home computer. Keep such software current. If you use peer file sharing, check the settings to make sure you are not sharing other sensitive private files.
    • Don’t use an obvious password. Avoid using passwords like birth date, address, mother’s maiden name, children’s name or the last four digits of your Social Security number.
    • Keep your personal information in a secure place at home, especially if you have roommates, employ outside help or are having work done in your house.
  2. Detect suspicious activity by routinely monitoring your financial accounts and billing statements.
    • Be alert to the following signs that require immediate attention:
      • Bills do not arrive as expected
      • Unexpected credit cards or account statements
      • Denials of credit for no apparent reason
      • Calls or letters about purchases you did not make
      • Charges on your financial statements that you don’t recognize
    • Inspect your credit report. Credit reports contain information about you, including what accounts you have and your bill paying history.
    • The law requires the major nationwide credit reporting companies Equifax, Experian and TransUnion to give you a free copy of your credit report every 12 months if you request it.
    • Visit www.AnnualCreditReport.com or call 1-877-322-8228, a service created by these three companies, to order your free annual credit report. You can also write to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, Georgia 30348-5281.
    • If you see accounts or addresses you don’t recognize or information that is inaccurate, contact the credit reporting company and the information provider. To find out how to correct errors on your credit report, visit ftc.gov/idtheft.
  3. Defend against ID theft as soon as you suspect it.
    • Place a “Fraud Alert” on your credit reports, and review the reports carefully. The alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing account. The three nationwide consumer reporting companies have toll-free numbers for placing an initial 90-day fraud alert; a call to one company is sufficient:
      • Experian: 1-888-EXPERIAN (397-3742)
      • TransUnion: 1-800-680-7289
      • Equifax: 1-800-525-6285
    • Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven’t contacted, accounts you didn’t open and debts on your accounts that you can’t explain.
    • Contact the security or fraud departments of each company where an account was opened or charged without your authorization.
    • Follow up in writing, with copies of supporting documents.
    • Use the ID Theft Affidavit at ftc.gov/idtheft to support your written statement.
    • Ask for verification that the disputed account has been dealt with and the fraudulent debts discharged.
    • Keep copies of documents and records of your conversations about the theft.
    • File a police report. File a report with law enforcement officials to help expedite the correction of your credit report and deal with creditors who may want proof of the crime.
    • Report the theft to the Federal Trade Commission. Your report helps law enforcement officials across the country in their investigations.
    • Online: ftc.gov/idtheft
    • By phone: 1-877-ID-THEFT (438-4338) or TTY, 1-866-653-4261
    • By mail: Identity Theft Clearinghouse, Federal Trade Commission, Washington, DC 20580

 

What You Can Do to Help Protect Yourself from Identity Theft

Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes. Identity theft can cost you time and money. It can destroy your credit and ruin your reputation. Below are recommendations to help combat the threat of identity theft.

  1. Examine all statements carefully for any unexplained charges, debits, credits or other activity
  2. Request copies of your credit report from all three main credit reporting bureaus: Equifax, Experian and Transunion and examine them for any unexplained accounts.
  3. Do not give your personal or financial information to anyone unless there is a legitimate need.
  4. Protect your social security number. Do not carry your social security card in your purse or wallet.
  5. Set your smartphone to lock during inactive periods. Require a password to unlock. This makes it more difficult for thieves to access your personal information.
  6. If you use banking or financial apps on your smartphone, do not use the “Remember User ID” or “Remember Password” options.
  7. Safeguard incoming and outgoing postal mail; thieves may try to steal credit card bills, offersand other sensitive mail. If regular bills fail to reach you, call the biller and find out why. Always put outgoing mail in a secure mailbox.
  8. Utilize secure online bill payment and enroll in paperless statements and billing. It deters mail theft and eliminates the need to shred statements, checks and invoices.
  9. Shred all unwanted mail that has identifying information, especially anything with a bar code or account number, such as subscription magazines.
  10. Secure financial record and information including driver’s license number, credit card numbers, account numbers, passwords, PINs and other personal information at home or in a safe deposit box at your local branch.
  11. Keep your computer’s virus protection software up to date and set up a firewall to detect and prevent intrusions. Use the latest versions of internet browsers.
  12. Turn off your computer when not in use.

If you have questions regarding identity theft, please contact our Client Services Center at 877-770-BANC (2262). Our representatives are available to assist you Monday through Friday from 7:00 a.m. to 6:00 p.m. (PST) and Saturday from 9:00 a.m. to 1:00 p.m. (PST).

 

Protecting your Privacy

Banc of California takes the security of your financial information very seriously. We have developed a robust Information Security program that includes investing in technology to help ensure that your confidential information is shielded from outside attack, ensuring that all bank records are maintained in secured facilities and providing regular training to all employees on the Bank’s security policies as well as proper methods to communicate with you, our clients, in a secure and confidential manner.

Over the past several years, as banks have become more secure, criminals have started targeting you, the client, in an attempt to gain access to your funds. Identity theft, check fraud, corporate account takeover and other financial fraud schemes are in the news every day. Each year thousands of people are victimized through the passing of forged checks accompanied by lost, stolen or fictitious identification. To help combat these crimes, we have put together tips you can use to minimize your risk by managing your personal and corporate account information wisely, and by describing some of the more common schemes used to defraud individuals and businesses alike. If you are a business, please share this information with employees that interact with your finances.

Banc of California will never initiate a request for sensitive information from you (i.e. social security number, personal login ID, password, PIN or account number) through an unsolicited e-mail message or phone call.

Social Security Number Policy

The Banc of California Social Security Number Policy (1) helps protect the confidentiality of Social Security numbers, (2) prohibits unlawful disclosure of Social Security numbers and (3) limits access to Social Security numbers. Our consumer customers can obtain more information by reviewing the Banc of California Consumer Privacy Notice.

Tips on protecting your Social Security number:

  • Carry only necessary identification with you. Don’t carry your Social Security card.
  • Never provide your Social Security number unless you have initiated the contact and have confirmed the business or person’s identity.
  • Do not use your full or partial Social Security number as a Personal Identification Number (PIN) or as a password.
  • If you must send your Social Security number in an email ensure that the email is encrypted.
  • Only enter your Social Security Number into internet websites when the site is secure and you know how the recipient will protect it.
  • Be cautious of your surroundings when disclosing your Social Security number. For example, if a retail store requests your Social Security number to look up your store credit card number.
  • Do not transmit your Social Security number over the Internet unless you know that the connection is secure or you have encrypted the Social Security number.
  • Be cautious when faxing your Social Security number, double check the fax number to ensure it is the correct number.
  • Do not record your Social Security number on a check, traveler’s check, gift certificate, money order or other negotiable instrument unless required by law.

Fraud Prevention

What the bank does to help protect you

Banc of California takes the security of your financial information very seriously. We have developed a robust Information Security program that includes investing in technology to help ensure your confidential information is shielded, as well as ensuring that all bank records are maintained in secured facilities. Our employees are provided with regular training related to the Bank’s security policies as well as proper methods to communicate with you, our clients, in a secure and confidential manner.

Over the past several years, as banks have become more secure, criminals have started targeting you, the client, in an attempt to gain access to your funds. Identity theft, check fraud, debit card fraud and other financial fraud schemes are on the rise and in the news every day as thousands of people are victimized through the passing of forged checks, fraudulent wires and counterfeited debit and credit cards. You can help minimize your risk of becoming a victim of fraud by managing your personal and business account information wisely and understanding the products provided and technology used by Banc of California.

Debit Card Fraud Monitoring

The security of your debit card and personal information is of the utmost importance to us at Banc of California. Through our partner, we continuously review activity on our customers debit cards and monitor spending patterns to help detect out-of-the-ordinary activity.

If a transaction is considered suspicious, a Fraud Specialist will contact you to verify the transaction(s). They may ask for the last 4 numbers of your debit card and will NEVER ask you for your Personal Identification Number (PIN) or the 3-digit number on the back of your card (CVV). The transaction information will be provided to verify if it is legitimate or not. If you confirm the activity as not valid, your card will be blocked immediately to prevent any additional unauthorized transactions. You will then be instructed to contact us directly for further instructions. Based on the activity, if a specialist is not able to reach you, it is possible a temporary block may be placed until you are able to return the call. A message will be left, including a case number, which you are able to reference when you call back.

We have Fraud Specialists available 24 hours a day 7 days a week and may contact you between 8:00 a.m. to 9:00 p.m. (PST). All contact numbers provided to us will be called in an attempt to reach you.

If you have questions regarding this service or need to update your contact information, please contact our Client Services Center. We are available to assist you Monday through Friday from 7:00 a.m. to 6:00 p.m. (PST) and Saturday from 9:00 a.m. to 1:00 p.m. (PST) at 877-770-BANC (2262).

Debit MasterCard™ Chip Card Technology

For your added protection we have rolled out our new Debit MasterCard that features chip card technology. Chip card technology improves global usability and security of your card as merchants in the United States switch to advanced chip card terminals. Chip cards make your debit card harder to counterfeit, and instead of sending all of your credit card information to a merchant when you make a purchase, a unique code is sent that a hacker can’t use.

Enhanced Online Security for Personal and Business Accounts 

As an added layer of protection, our Enhanced Online Security feature will prompt you to answer security questions if your account is being accessed from a different type of device or from a different geographical location.

Anti-Skimming Devices

At Banc of California our ATMs are equipped with the latest Anti-Skimming Device technology. Skimming is a technique used by criminals to copy personal data from the magnetic strip on an ATM card. The criminal attaches a skimming device to an ATM and is able to read the card details from the magnetic strip on the card and transmit it to a receiver. ATM card skimming is a constantly increasing and huge problem world-wide.

If you suspect a Banc of California ATM has a skimming device attached to it, please contact our Client Services Center. We are available to assist you Monday through Friday from 7:00 a.m. to 6:00 p.m. (PST) and Saturday from 9:00 a.m. to 1:00 p.m. (PST) at 877-770-BANC (2262).

Treasury Management Services

Banc of California offers our Analyzed Business clients several Treasury Management products to help expedite deposits, receive and manage payments, and automate many financial tasks safely and accurately. These products offered to our business clients include:

  • Positive Pay – Positive Pay is an automated fraud detection tool that Analyzed Business account holders utilize to match account number, check number and dollar amounts of each check presented for payment against a list of checks previously authorized and issued by the company.
  • Lockbox Service – With this service we will process checks, drafts and other payment instruments which you receive by mail from customers by establishing a post office box address where customers may mail checks to you; arranging for the pickup of such checks each business day; endorsing checks on your behalf; depositing the checks to your designated account; and providing related accounting and record keeping services.
  • Online Banking Wire Requests – Business customers may sign-up to send wire transfers through Business Online Banking.  This is a secure service and will require authorized users of the account to individually log-in, initiate, and approve any wire transfer requests. Completed wire request information will be provided through the Online Banking service.    

Fraud Awareness

ATM Fraud

Do not fall prey to ATM skimming scams. Scammers can quickly read a card’s information and use it to access your account fraudulently. With a small device, your card’s information gets stored so that criminals can easily use it at a later time.

Skimmers may be installed on ATM machines, resembling the machine itself. A small device goes over the normal card reading slot and reads your card’s magnetic stripe. Skimmers can also be handheld devices that a dishonest merchant can keep in his or her pocket. When charging your card while you are out at dinner, for example, a scammer can run your card through a skimmer as well.

ATM existing bank card slot

Equipment being installed on the front of an existing bank card slot.

ATM bank slot

The equipment as it appears installed over the normal ATM bank slot.

ATM leaflet enclosure

The PIN reading camera being installed on the ATM is housed in an innocent looking leaflet enclosure.

ATM keypad and PIN

The camera is installed and ready to capture PINs by looking down on the keypad as you enter your PIN.

Organized criminals are installing equipment on legitimate bank ATMs to steal both the ATM card number and the PIN. The equipment used to capture your ATM card number and PIN is cleverly disguised to look like normal ATM equipment. At the same time, a wireless camera is disguised to look like a leaflet holder and is mounted in a position to view ATM PIN entries. The criminals sit nearby in a car receiving the information transmitted wirelessly from the equipment they install (see photos). The thieves copy the cards and use the PIN numbers to withdraw thousands from many accounts in a very short time.

If you see an attachment like this, do not use the ATM and report it immediately to the bank using the phone number on the front of the ATM.

Phishing Scams

Phishing is a new twist on an old telemarketing scam, but uses e-mail. These criminals send e-mails to millions of people hoping that even a few will give away valuable information such as their usernames, passwords or credit card numbers. The criminal then uses this information to steal the victim’s identity. To avoid becoming the victim of a phishing scam, Banc of California offers the following tips:

  • Do not click on links within an email unless you are sure of the sender. Many phishing emails include company logos or appear to come from government agencies, and appear legitimate. However, the links take you to a fraudulent website that has been set up to look and feel just like the legitimate site. Check the URL carefully for differences in spelling, or go directly to a known website without the link. You may often find an alert on the legitimate site warning that a phishing email has been circulated by fraudsters.
  • Never give out your personal or financial information in response to an unsolicited phone call, fax or email, no matter how official it may seem.
  • Do not respond to emails that may warn of dire consequences unless you validate your information immediately. Contact the company to confirm the e-mail’s validity using a telephone number or web address you know to be genuine.
  • Check your credit card and bank account statements regularly and look for unauthorized transactions, even small ones. Some thieves use small transactions in hopes that they will go unnoticed. These small transactions are also used to test the bank account and routing numbers for future use. Report discrepancies immediately.
  • When submitting financial information online, look for the padlock or key icon at the bottom of your Internet browser. Also, most secure Internet addresses, though not all, use “https” in the URL.
  • If you are a victim of an online or email crime, immediately file a report with the Internet Crime Complaint Center referenced at the bottom of this page.
  • For attempted fraud that did not result in the loss of money, you should file a complaint with the Federal Trade Commission. The FTC cannot resolve individual complaints but will share your complaint with local, state, federal, and foreign law enforcement partners. Your complaint might be used to investigate cases or in a legal proceeding.
  • If you believe your banking information has been disclosed, contact Banc of California immediately so we can help protect your account and your identity. Forward phishing emails portraying to be Banc of California to InformationSecurity@bancofcal.com, then delete the email from your system. Click on the Phishing link below to take the OnGuard Online Phishing Quiz: https://www.consumer.ftc.gov/sites/default/files/games/off-site/ogol/phishing_quiz.html

When internet fraudsters impersonate a business to trick you into giving out your personal information, it is called phishing. Do not reply to the email, text or pop-up messages that ask for your personal or financial information. Do not click on any links within them either – even if the message seems to be from an organization you trust. Legitimate businesses do not ask for sensitive information through insecure channels.

Examples of Phishing Messages

Examples of phishing emails, texts, or pop-ups may have messages such as:

“We suspect an unauthorized transaction has occurred on your account. To help ensure that your account is not compromised, please click the link below and confirm your identity.”

“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”

“Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

When sending these types of messages, the senders are phishing for your information so they can use it to commit fraud.

How to Deal with Phishing Scams

Delete email and text messages that ask you to confirm or provide personal information (credit card and bank account numbers, Social Security numbers, passwords, etc.).

The messages may appear to be from organizations you do business with – banks, for example. They might threaten to close your account or take other action if you do not respond.

Do not reply or click on links or call phone numbers provided in the message, either. These messages direct you to spoof sites – sites that look real but whose purpose is to steal your information so a scammer can run up bills or commit crimes in your name.

Area codes can mislead, too. Some scammers ask you to call a phone number to update your account or access a “refund.” But a local area code does not guarantee that the caller is local.

If you are concerned about your account or need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.

Action Steps

You can take steps to avoid a phishing attack:

  • Do not email personal or financial information. Email is not a secure method of transmitting personal information.
  • Only provide personal or financial information through an organization’s website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the “s” stands for secure). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
  • Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances.
  • Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer’s security.

 

Tax Scams

Videos:  Tax Scams Warning I, Tax Scams Warning II

Tax Refund Scam Artists Posing as Taxpayer Advocacy Panel

A new email scam targeting taxpayers has emerged. According to the Taxpayer Advocacy Panel (TAP), taxpayers are receiving emails that appear to be from TAP about a tax refund. These emails are a phishing scam, where unsolicited emails which seem to come from legitimate organizations — but are really from scammers — try to trick unsuspecting victims into providing personal and financial information. Do not respond or click the links in them. If you receive an email that appears to be from TAP regarding your personal tax information, please forward it to phishing@irs.gov and note that it seems to be a scam email phishing for your information.

TAP is a volunteer board that advises the IRS on systemic issues affecting taxpayers. It never requests and does not have access to, any taxpayer’s personal and financial information such as Social Security and PIN numbers or passwords and similar information for credit cards, banks or other financial institutions.

IRS-Impersonation Telephone Scam

An aggressive and sophisticated phone scam targeting taxpayers, including recent immigrants, has been making the rounds throughout the country. Callers claim to be employees of the IRS, but are not. These con artists can sound convincing when they call. They use fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.

Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. If the victim refuses to cooperate, they are then threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting. Or victims may be told they have a refund due to try to trick them into sharing private information. If the phone isn’t answered, the scammers often leave an “urgent” callback request.

Note that the IRS will never: 1) call to demand immediate payment, nor will the agency call about taxes owed without first having mailed you a bill; 2) demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe; 3) require you to use a specific payment method for your taxes, such as a prepaid debit card; 4) ask for credit or debit card numbers over the phone; or 5) threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.

Aggressive and threatening phone calls by criminals impersonating IRS agents remain a major threat to taxpayers, but now the IRS is receiving new reports of scammers calling under the guise of verifying tax return information over the phone.

Scam artists call saying they have your tax return, and they just need to verify a few details to process your return. The scam tries to get you to give up personal information such as a Social Security number or personal financial information, such as bank numbers or credit cards.

E-mail, Phishing and Malware Schemes

The IRS saw an approximate 400 percent surge in phishing and malware incidents in the 2016 tax season.

The emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. The phishing schemes can ask taxpayers about a wide range of topics. E-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.

Variations of these scams can be seen via text messages, and the communications are being reported in every section of the country.

When people click on these email links, they are taken to sites designed to imitate an official-looking website, such as IRS.gov. The sites ask for Social Security numbers and other personal information, which could be used to help file false tax returns. The sites also may carry malware, which can infect people’s computers and allow criminals to access your files or track your keystrokes to gain information.

Mortgage Fraud

Mortgage fraud continues to be one of the fastest-growing crimes in the United States. Traditional mortgage fraud includes situations in which consumers, lenders, brokers or real estate agents falsify information to obtain a mortgage. Consumers should never sign mortgage documents that have incomplete or inaccurate information.

If you have any information regarding suspected mortgage fraud, please contact us at 877-770-BANC (2262).

Fraud Monitoring

If a transaction is considered suspicious, a Fraud Specialist will contact you to verify the transaction(s).  If you are enrolled in our Text Alert Service, you will receive a text message and if you have provided us with your email address, you will receive an email alert.

If a transaction is considered suspicious, a Fraud Specialist will contact you to verify the transaction(s) or if you are enrolled up for our Text Alert Service, you will receive a text message. They may ask for the last 4 numbers of your debit card and will NEVER ask you for your Personal Identification Number (PIN) or the 3-digit number on the back of your card (CVV). The transaction information will be provided to verify if it is legitimate or not. If you confirm the activity as not valid, your card will be blocked immediately to prevent any additional unauthorized transactions. You will then be instructed to contact us directly for further instructions. Based on the activity, if a specialist is not able to reach you, it is possible a temporary block may be placed until you are able to return the call. A message will be left, including a case number, which you are able to reference when you call back. If you receive a text message, you will receive details about the suspected transaction.  You will respond to the text to confirm the transaction.  If you reply “NO” you did not attempt the transaction, you’ll receive another message with a number to call for follow-up.  If you reply “YES”, there is nothing more you need to do.  The system will mark the transaction as verified.

We have Fraud Specialists available 24 hours a day 7 days a week and may contact you between 8:00 a.m. to 9:00 a.m. (PST). All contact numbers provided to us will be called in an attempt to reach you.

If you have questions regarding this service or need to update your contact information, please contact our Client Services Team. We are available to assist you Monday through Friday from 7:00 a.m. to 6:00 a.m. (PST) and Saturday from 9:00 a.m. to 1:00 p.m. (PST) at 877-770-BANC (2262).

Fake Check Scams

  • If someone gives you a check or money order and asks you to send money somewhere in return, it’s a scam. That is not how legitimate sweepstakes operators or other companies operate. If you have really won, you will pay taxes directly to the government. Legitimate mystery shopper or account manager jobs do not involve using money transfer services to send money.
  • A familiar company name doesn’t guarantee that it is legitimate. Criminals often pretend to be from well-known companies to gain people’s trust. Find the company’s contact information independently, online or through directory assistance, and contact them yourself to verify the information.
  • The check or money order may be fake even if your bank lets you have the cash. You have the right to get the cash quickly, usually within 1-2 days, but your bank cannot tell if there is a problem with the check or money order until it has gone through the processing system to the person or company that supposedly issued it. Sometimes that can take weeks. By the time the fraud is discovered, the perpetrator has pocketed the cash and left you responsible for covering the charge.
  • When the check or money order is returned unpaid, you will have to pay the money back to your bank. You are responsible because you are in the best position to know if the person who gave it to you is trustworthy. If you don’t pay the money back, your account could be frozen or closed, and your credit may be affected. Some victims are even charged with fraud.
  • Sending money using a money transfer service is like sending cash – once the perpetrator picks it up you can’t get it back from the service. It’s not like a check that you can stop after you’ve given it to someone or a credit card charge that you can dispute. However, if the money has not been picked up yet, you may be able to stop the transaction. Contact the money transfer service immediately if you think you have been scammed.

Email and Telephone Scams

  • Be suspicious of any offer made by telephone, on a website or in an email that seems too good to be true.
  • Before responding to a telephone or Internet offer, determine if the person or business making the offer is legitimate.
  • Do not respond to an unsolicited e-mail that promises some benefit but requests personal identifying information.
  • Beware of ‘work from home’ schemes that are offered on career websites. If they are asking you to open accounts or move money for the company, this is most likely a scam.

Malware

Malware, short for malicious software, is software designed by criminals to disrupt computer operation, gather sensitive information or gain unauthorized access to computer systems. It is a general term used to describe any kind of software or code specifically designed to exploit a computer, or the data it contains, without consent.

Examples of malware include computer viruses, worms, trojan horses and other malicious programs. Malware works to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user.

Banc of California offers the following tips to help reduce the potential release of malware into your computer or network:

  • Keep security patches and anti-virus signatures up to date
  • Only open email or instant message attachments that are expected and come from a trusted source
  • Have email attachments scanned by anti-virus programs prior to opening
  • Delete all unwanted messages without opening
  • Do not click on web links sent by an unknown party
  • If a person on your ‘Friends List’ is sending strange messages, files or website links, terminate your instant message session immediately
  • Scan all files with an Internet Security solution before transferring them to your system
  • Only transfer files from a well-known source

Social Engineering

Social engineering attacks use human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person or researcher and even offering credentials to support that identity. However, by asking questions of several people or over a period of days, they may be able to piece together enough information to infiltrate an organization’s network. These questions may include user identification, passwords, full names, PC numbers or IP numbers. If an attacker is not able to gather enough information from one source, they may contact another source within the same organization and rely on the information from the first source to add to their credibility.

Corporate Account Takeover

Corporate account takeover is the business equivalent of personal identity theft. Hackers, backed by professional criminal organizations, target small and medium sized businesses to obtain access to their online banking credentials or to seize remote control of their computers. These hackers will then drain the deposit and credit lines of the compromised bank accounts, funneling the funds through mules that quickly redirect the monies overseas into hackers’ accounts.

The steps of a typical Corporate Account Takeover include:

  • Target victims
  • Install malware
  • Monitor online banking
  • Collect and transmit data
  • Initiate funds transfer

As a business owner, it is your responsibility to understand how to take proactive steps to avoid, or at least minimize threats.

  • If possible, use a dedicated computer for financial transactional activity. The purpose of having a separate computer is to avoid general web browsing and email on this machine.
  • Install host-based firewall software on all computers.
  • Ensure that anti-virus/spyware software is installed, functional and updated with the most current version.
  • Use the latest versions of internet browsers, such as Internet Explorer, Firefox or Google Chrome with ‘pop-up’ blockers.
  • Apply operating system and application updates (patches) regularly.
  • Turn off your computer when you are away from your desk, or at least block access to your network by using the Control + Alt + Delete function.
  • Review your banking transactions daily and credit report at least annually.
  • Do not batch approve transactions; be sure to review and approve each item individually.

Contact your information technology provider to determine the best way to safeguard the security of your computers and networks.

Additional Resources

Onguardonline.gov(opens new window)
OnGuardOnline.gov provides tips to help avoid scams, secure your computer and protect kids online. The site also has a blog that is updated with recent fraud trends.

Idtheftinfo.org(opens new window)
IDtheftinfo.org provides the latest news from Consumer Federation of America and other sources. It also provides an ID theft library with educational materials for consumers and businesses, a privacy information website and a victim resources guide.

Consumer Federation of America(opens new window)
The Consumer Federation of America provides information to consumers through research, advocacy and education. CFA also partners with financial institutions to help educate clients through advertising, readings and other publications.

Office of the Comptroller of the Currency(opens new window)
The OCC provides a consumer protection site to help educate consumers about the risks of identity theft and also provides tips on how to guard themselves against it. Topics include online and electronic banking scams, identity theft, phishing scams and safe internet banking.

U.S. Computer Emergency Readiness Team(opens new window) The United States Computer Emergency Readiness Team provides the National Cyber Alert System for technical and non-technical users, vulnerability resources, announcements and current activity updates in the internet provider sector.

Internet Crime Complaint Center(opens new window)
The Internet Crime Complaint Center is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center. This site provides a place to file claims of victims of identity theft. It also houses sources of internet crime prevention and current schemes.