Data breaches seem to be common place these days. It’s an unfortunate side effect as technology continues to improve, particularly when it comes to banking. The added convenience to bank whenever and wherever you are day or night has given rise to cyber-attacks.
- Regularly review your account statements as soon as you receive them to verify transactions. Contact us immediately if you identify any discrepancies.
- If you have forgotten your PIN or would like to select a new one, please call us at 833-837-4839 or contact your nearest Veritex branch location for assistance.
- With Veritex Online Banking you can monitor your account online any time and as frequently as you like.
- Report any suspicious activity and all crimes immediately to local law enforcement.
- Put any cash away as soon as your transaction is completed. Wait to count your cash until you're in the safety of a locked enclosure, such as a car or home.
- Don't leave your ATM receipts at the ATM location, even in the trash!
- Limit the amount of information on checks. Don't print your driver's license number or Social Security number on your checks.
- Carry your checkbook with you only when necessary.
- Store new and cancelled checks in a safe and secure location.
- Use tamper-resistant checks. Veritex checks include many safety features such as tamper-resistant packaging and chemically sensitive paper to deter alterations.
- Report lost or stolen cards and checks immediately.
- Always keep your credit and debit cards in a safe and secure place. Treat it as you would cash or checks.
- Do not send your card number through email, as it is typically not secure.
- Do not give out your card number over the phone unless you initiated the call.
- If you receive a replacement card, destroy your old card.
- Cancel and cut up unused credit and debit cards.
- Safe-keep or securely dispose of your transaction receipts.
- Don't do business with people who you do not trust. It may sound like simple common sense, but shop with merchants you know and trust.
- Contact Veritex immediately if your card is lost or stolen, or if you suspect unauthorized use at (866) 302-3631 during business hours and after normal banking hours.
PROTECTING YOUR PERSONAL INFORMATION
- The simplest way to steal anyone's banking information is to steal their mail. Enroll in Veritex Online Banking and elect to receive your statements online to stop receiving paper statements in the mail. This helps to reduce the threat of having your statements stolen out of your mailbox.
- Email alerts allow you to monitor specific account activity. Bank-initiated alerts provide an added security by advising of any changes within your accounts related to your online security. You can set up your own custom alerts that monitor specific activity such as balance alerts. All alerts can be set up within Online Banking. Contact Veritex Community Bank immediately if you notice any questionable transactions.
- Never write your Personal Identification Number (PIN) on the back of your debit card or on a piece of paper that you keep in your purse or wallet.
- Keep your bank statements, checks, debit, and credit cards in a secure place. Do not leave them in the open or an obvious place like your desk drawer or glove compartment. Be sure to shred all financial documents before throwing them away.
- For personal computers, install and update anti-virus and Internet security software. Regularly scan your computer to make sure it's free from spyware and malware and help avoid performance issues and lost data. Virus threats change and evolve, you will want up to date anti-virus protection to help guard against these threats.
- Keep your system up-to-date. Download the latest authorized system and application updates, which may include security patches. Back up your files. In case your computer crashes, is stolen, or you have multiple users, save your important files on a backup CD or disk as well as on your hard drive.
- Make sure there is a firewall protecting you when you go online. A firewall is an important layer of protection when accessing the internet, especially when using high-speed Internet access. Always sign out and close your browser after using a secure website.
- Do not use the same passwords for your Veritex Online Banking and other websites. A weakness in online security that compromises one password may then expose your Veritex Online Banking account.
- Avoid using common passwords such as your name, business name, family member's names, birthdates, etc. Although we don't require you change your password, it's still good practice to change it on a regular basis.
- When you use Online Banking, type the entire www.veritexbank.com address directly into your browser. Avoid completing online forms in unsolicited email messages that ask for financial information. If your security software identifies malware on your computer, remove it and immediately change your Online Banking password.
- Check your account balance and history on a regular basis. It's easy with Veritex Online Banking! If you ever see anything unusual, contact us immediately.
- Veritex Security and Account Alerts are designed to help protect your accounts. While some Security and Account Alerts are established automatically for password changes, invalid password attempts and browser registration; we recommend that you review and establish additional alerts that help you monitor your account activity. Our flexible alert system allows you to receive alerts by email, SMS text, and voice. Best of all at no cost to you; Veritex Security and Account Alerts can help keep you well informed.
- Always Sign-Off when you finish your Online Banking session. If you don't, Online Banking will automatically sign you off after 20 minutes of inactivity. If you need additional time, select "yes" at the prompt to continue.
- When signing in to Veritex Online Banking, avoid registering your browser for later use. We recommend you always choose the option for "one-time access only". This means requesting a Secure Access Code each time you sign in to Online Banking, but it's just safer and more secure.
To learn more about information security, visit www.onguardonline.gov or www.staysafeonline.org.
TIPS FOR PROTECTING YOUR BUSINESS
Best Practices for Business to Detect the Business Email Compromise Scam
BEC is an acronym for “business email compromise.” and refers to social engineering attacks used to convince those in charge of finances at an organization to send large payments to scammers. These attacks are carried out over email conversations initiated by a scammer who spoofs the identity of an executive at the organization. For your protection, you should always carefully monitor your bank accounts for fraudulent activity. If you ever see anything unusual, immediately call Veritex Customer Service at 833-837-4839.
Check any email request to see if it is consistent with how earlier wire payments have been requested. Is this normal activity for the executive making the request?
- Be suspicious of requests for secrecy or urgency. Emails that request all correspondence stay within the same email thread, such as “Only use Reply, not Forward” should be confirmed with a phone call.
- If a payment request is from a vendor, check for changes to business practices. Is this type of communication and payment request typical for this vendor? Use an alternate mechanism to verify the identity of the person requesting the funds transfer. If the request is an email or fax, then call and speak to the person using a known phone number to get a verbal confirmation. If the request is via phone call, then confirm using a known email address. NEVER reply to the email or use the phone number in the email.
- Look carefully for small changes in email addresses that mimic legitimate email addresses. For example, .co vs. .com, or abc-company.com vs. abc_company.com. If you receive an email that looks suspicious, forward it to your IT department for review.
- Limit the number of employees who have the authority to submit or approve wire transfers.
- Implement dual approvals for financial transactions. Avoid having the two parties responsible for dual approvals in a supervisor/ subordinate relationship as it could undermine the effectiveness of the process. Once they’re in place, be sure to always follow established procedures.
- Use a purchase order model for wire transfers. This will help ensure that all payments have an order reference number that can be verified before approval.
- Establish a company domain for company email instead of using open source email services such as Gmail or Yahoo. Businesses that use open source email are most targeted by scammers.
- Consider who really needs access to email when they are not in the office. If you don’t need web access to email, turn webmail off as it provides another attack point for criminals. If you must provide web access to email, limit accessibility by implementing VPN or another security control.
- Spread the word. Coach your employees about Business E-Mail Compromises and the warning signs. Alert receptionists, admins, and others to not provide executive’s travel schedules over the phone to unknown callers. Encourage employees to ask questions.
- Be careful what is posted to social media and company websites. Do not post scheduling details for executives as criminals have been known to launch these attacks when they know an executive is traveling.
- Slow down and be suspicious of requests to take action quickly.
- Trust your financial institution. If they question a payment, it’s worth a couple minutes to cooperate with them to confirm it is legitimate.
- Executives need to be tolerant, indeed supportive, of employees double-checking requests.
WHAT TO DO IF YOU'RE HIT BY THE SCAM
Businesses that have been victimized by the BEC scam are encouraged to file a report with the FBI’s “Internet Criminal Complaint Center” (IC3) at www.IC3.gov or contact their local FBI office. Additionally they should contact their financial institution and report the attack with them as well.
If notified immediately, financial institutions and law enforcement have a better chance of recovering the stolen funds. Waiting even 24 hours to report an incident can greatly diminish law enforcement’s ability to recoup funds.
- When reporting the incident to law enforcement, identify the complaint as “Business Email Compromise” or “BEC” and provide:
- A general description of this crime, how and when it occurred
- Header information from the email message the executive sent internally to request the funds transfer
- The specific wiring instructions, including beneficiary and account details for where the transfer was to be sent
- Attempted and actual loss amounts
- Other relevant information you believe is necessary to support your complaint
You will not be able to add or upload attachments with your IC3 complaint if it’s filed online; however, retain all relevant information in the event you are contacted by law enforcement.
Businesses are encouraged to conduct an internal review to determine how the attack occurred and if changes are needed. Specifically:
- Was the email system hacked? If so, are additional protections in order?
- What actually happened, and who was involved? This may indicate where training is needed or if there might actually be an insider element to the attack, although this is rare.
- What allowed the attack to happen? Do processes and controls need to be revised to prevent such a loss again?
Knowledge is your best defense against Identity Theft. Avoid online fraud by protecting your personal information and learn tips to understand and avoid ID theft. Should your identity be compromised, Veritex Community Bank offers a list of steps that help you deal with ID theft if you become a victim.
- Never provide your personal information in response to an unsolicited request
- Do not have your driver's license number, telephone number, or Social Security number printed on your Veritex checks.
- If someone asks for your Social Security number, ask why it's needed and how it will be used.
- Never carry your Social Security card with you.
- Remove your Social Security number from your driver's license. (If permitted by state law.)
You are your own best defense against identity theft. One of the easiest steps to protecting your self is using a strong online password. To help you from becoming a victim of this crime, we recommend the following Password Tips:
- Make passwords as non-personal as possible. Don't use birthdays, addresses or phone numbers.
- Never use your name as your password.
- Create a strong password that includes numbers and special characters or symbols.
- Make sure your User ID and password are different.
- Never write your password down to share it with anyone.
- Change your password immediately if you think anyone knows it.
- Change or rotate your passwords regularly.
- Do not use the same password for every system you access.
- When you go out, take only the personal identification and credit cards you believe you will need. This is most important when you travel.
- Keep photocopies of all important information (driver's license, passport, credit cards, etc.) and store them in a secure place such as a safe deposit box.
- When shopping don't put receipts in the same bag as your purchases. Be very careful not to leave your receipts behind on counters or at gas pumps.
- Keep track of when your credit cards expire and notify the issuers promptly if they have not arrived.
- Be careful where you leave personal information in your home, especially if you have outside help or are having work done on your home.
- Store your canceled checks and new checks in a secure place.
- Report any lost or stolen checks, debit, or credit cards IMMEDIATELY.
- Review your credit report at least once a year to check for inaccuracies.
- Enroll in E-Statements and no longer receive paper statements in the mail. This helps to reduce the threat of having your statements stolen out of your mailbox. If you see a suspicious item, call the billing company immediately for further investigation.
- If you do not receive bills on time, call the companies to find out why. You want to be sure that no one has filed a false change of address notification on your behalf.
- Don't leave outgoing mail in your home mailbox. Drop it into a secure, official Postal Service collection box.
- Stop mail delivery while you are on vacation or ask a neighbor to pick it up for you daily.
- Always shred important documents such as bank statements and items received in the mail before throwing them away. Most fraud and identity theft happens as a result of mail and garbage theft.
- Consider opting out of unsolicited credit offers. Call 888-5-OPTOUT (888-567-8688)
Identity Theft is a serious matter to Veritex Community Bank. Identity Theft occurs when someone uses your personal identifying information, like your name, Social Security number, credit card number, or other personal information, without your permission, to commit fraud. If you believe you are a victim of identity theft:
- Immediately contact your Veritex Community Bank branch.
- Change all of your online banking passwords. Use strong passwords that include numbers and special characters such as @ and $. For added protection, change your passwords frequently.
- Notify the major credit reporting agencies (credit bureaus). Call the fraud departments of all three credit bureaus. Ask them to put a "fraud alert" on your file. This tells creditors to call you before they open any accounts in your name:
- Equifax: 800-525-6285
- Experian: 888-397-3742
- TransUnion: 800-680-7289
- Notify your local law enforcement agency to file an Identity Theft Report. Mail copies of the report to all of your creditors and financial institutions. You may be required to file an additional report in the location where the crime occurred.
If your identity is stolen, your financial records and credit rating are at risk. Immediately contact Veritex, your other financial institution and all creditors. Close any accounts that have been tampered with or opened. Recap the contact in writing, including the names of the representatives you've spoken with, and send the letters and any photocopies of supporting documents via certified mail to the companies you've contacted. Keep careful, written records of everything. File copies of all documents such as emails, messages, letters, and records of phone calls in a safe place.