Security

Online Security, Everyday, Everywhere

Your online security has always been a top priority. That's why Enhanced Login Security is so important. This new security service is free, easy, and most importantly, gives you extra protection from fraud and identity theft. Enhanced Login Security identifies you as the true "owner" of your accounts. Now, not only will your password be recognized, your computer will be recognized as well. For more information on how to protect your accounts against fraud with Enhanced Login Security, click here.

Enhanced Login Security

Overview

The Federal Financial Institutions Examination Council (FFIEC), the regulators overseeing banks and credit unions, communicated that passwords alone will no longer be the sole means of achieving online security. Enhanced Login Security is the recommended solution. ENHANCED LOGIN SECURITY requires online users to provide something additional beyond today's user ID and password. This enhanced security means that even if your password is stolen in a phishing attack or by malicious software, the fraudster cannot access your online accounts because they do not possess the additional factors needed, which are harder to steal. ENHANCED LOGIN SECURITY strengthens security at login while providing peace of mind for retail online banking.

Features:

Browser-based secure cookie with an additional individualized credential (ID) stored on your computer acts as a second factor in addition to your user ID and password.
You can enroll multiple computers
Prevents unauthorized access using stolen credentials on a non-enrolled computer
You can authenticate temporarily on a computer they do not wish to enroll using your individualized challenge questions.

Some terms to be familiar with:

Browser: A computer software program that is used to view and interact with Internet material on the World Wide Web. Examples are: Internet Explorer and Netscape.

Enhanced Login Security: Provided security at Login, no matter what computer you sign in from, using additional end user authentication that helps to protect against online fraud.

Points to Know:

Currently, Investors uses the Forgotten Password questions feature. With the launch of ENHANCED LOGIN SECURITY you will be prompted upon first Login to re-submit these questions and answers. If you do not remember the questions, please call the Internet Banking Department to have your Login reset.

You can enroll multiple computers. We do not recommend enrolling a public computer at the library, coffee shop, etc.

Risk Alert

Location: New York Metro Text Message Attack in Progress

A Card Alert Service member financial institution reported at 8:15 PM September 30, 2009 that phone number (845) 765-9464 is being used by criminals to actively collect debit card and PIN information from consumers in the New York area. Text messages are being delivered to random NY area consumers with the warning that their debit cards have been closed or somehow compromised. When the consumers call the telephone number they hear a recording that requests a 16-digit card number and PIN. Please do not call this number-it is still active. This number should be out of service by noon eastern October 01, 2009.

What you need to know

• The New York US Secret Service field office has been notified of this situation.

• The fraud investigations department for the telephone carrier has been notified via email and phone messages that this fraudulent number exists.

Mystery Shopper Scam – July 7, 2009

In this mystery shopper scam, consumers are mailed a counterfeit Investors Savings Bank cashier's check in an amount between $3,000 and $5,000 along with a letter containing instructions for participating in an Independent Shoppers Inc. "Mystery Shopping" program. The Mystery Shopping program asks recipients to participate in an e-mail or phone survey about their experiences shopping at Money Gram and Wal-Mart. Consumers are instructed to call Independent Shoppers before cashing the check. At that point, the consumer is told to wire most of the face value of the check to Independent Shoppers while "keeping a few hundred dollars for themselves as payment". Of course these checks will be returned as counterfeit and consumers will be defruaded of any monies they wired to Independent Shoppers.

What's really behind that tempting CD rate? Maybe you should ask. – June 19, 2009

The FDIC has received inquiries and complaints about certain companies advertising above-market interest rates for FDIC-insured Certificates of Deposit (CDs). Some of these ads display the FDIC logo or state "FDIC Insured." Many of these companies are not FDIC-insured banks. Rather, they are insurance or financial service companies that sell non-insured financial products. The small print in the ads may state that the company is not an FDIC-insured financial institution.

The advertised CDs generally offer above-market interest rates for only a short term, require a minimum amount, and insist that the customer visit a company office. The advertisement's goal is to attract consumers for the company's non-deposit products or services. If a customer asks to purchase the advertised CD, the company will direct the customer to a computer terminal in the company’s office to purchase a CD from an FDIC-insured financial institution that accepts Internet deposits. The CD will be offered at a rate lower than advertised. The company typically writes a separate check to the financial institution for the difference between the bank’s rate and the advertised rate for the term of the CD. Both checks are mailed to the bank, and the bank then issues the CD for the increased amount, but at the bank’s lower interest rate.

Things to consider:

Consumers should carefully consider whether non-insured products are appropriate for their personal financial situation.
Consumers should understand the terms of any CD they purchase.
Consumers can research deposit interest rates at Web sites, such as http://www.bankrate.com.
Consumers can verify whether identified financial institutions are FDIC-insured at http://www2.fdic.gov/idasp/main_bankfind.asp.
Consumers can find information about FDIC deposit insurance coverage at http://www.fdic.gov/deposit/deposits/index.html.

Credit Card Interest Rate Reduction Telephone Scam – May 19, 2009

The Federal Deposit Insurance Corporation (FDIC) is receiving reports of a new telephone scam from a company that refers to itself as "CreditCard Services." The company claims to be affiliated with the FDIC and offers to lower credit card interest rates.

To verify qualification of the lower interest rate, the caller asks for personal or confidential information. This scam is a variation of a telephone scam in which identity thieves try to persuade consumers to provide information such as, credit card numbers, bank account numbers, social security numbers, and PIN numbers, in the attempt to access accounts or to commit identity theft.

The Federal Trade Commission encourages consumers to report telemarketing fraud at FTC.gov or by calling 1-877-FTC-HELP. See the following link to the FTC's Web site for more information: http://www.ftc.gov/phonefraud.

Information about fraudulent activity involving the FDIC should also be transmitted electronically to the FDIC's Cyber-Fraud and Financial Crimes Section by e-mailing it to alert@fdic.gov.

E-mail Claiming to Be From the FDIC – March 25, 2009

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.

The subject line of the e-mail states: "Inquiry about your bank account." The e-mail tells recipients that, "due to many fraud and money laundering attempts made by non-US residents the past 2 months using fake information to open US bank accounts, and using them for illegal purposes, we require all FDIC member's banks customers to update some information on their bank accounts as soon as possible in order to confirm their identities."

The e-mail then asks recipients to follow a hyperlink and then to click on their bank’s logo. It then informs recipients that they will be redirected to their bank’s Web site "through a specialized link" and that, once logged in, they will need to "fill some information."

This e-mail is fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.

The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.

E-mail Claiming to Be From Federal Reserve Bank – January 7, 2009

Fraudulent e-mails claiming to be from the Federal Reserve Bank warning of a phishing attack on the Fedwire system are reportedly in circulation. The fraudulent e-mails claim that a phishing attack has affected the Fedwire system and that restrictions are in place. The e-mails further instruct recipients to click on links within the e-mail for additional information.

The fraudulent e-mails have included various spoofed names and addresses in the “From:” line of the messages, including “Bank System Administration,” “System Administration,” and “Federal Reserve Bank.” The e-mails contain the following message (including shown grammatical errors):

“FEDERAL RESERVE BANK

Important: You're getting this letter in connection with new directives issued by U.S. Treasury Department. The directives concern U.S. Federal Wire online payments.

On On January 1, 2009 a large-scaled phishing attack started and has been still lasting. A great number of banks and credit unions is affected by this attack and quantity of illegal wire transfers has reached an extremely high level.

U.S. Treasury Department, Federal Reserve and Federal Deposit Insurance Corporation (FDIC) in common worked out a complex of immediate actions for the highest possible reduction of fraudulent operations. We regret to inform you that definite restrictions will be applied to all Federal Wire transfers from January 6 till January 16.

Here you can get more detailed information regarding the affected banks and U.S. Treasury Department restrictions:”

The message contains links to two Web pages that attempt to load malicious Trojan horse programs onto end users’ computers.

Consumers, businesses, and financial institutions should be aware that Fedwire operations are not restricted and are operating as normal and should take the following precautions.

If an end user received the e-mail and clicked on any of the links, fully scan the computer using updated anti-virus software. If malicious code is detected on the computer, consult with a computer security or anti-virus specialist to remove the malicious code or re-install a clean image of the computer system.

Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited e-mails from apparent Federal banking agencies. Instead, bookmark or type the agency’s Web address.

Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software applications security patches are installed.

Do not open unsolicited or unexpected e-mail attachments because of the risk of malicious code or software in the attachments. Instead, call the agency using a known and appropriate telephone number to verify the legitimacy of the message and attached file.

Be alert for different variations of the fraudulent e-mails.

E-mail Claiming to Be From the FDIC – October 9, 2008

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.

The subject line of the e-mail states: "Funds wired into your account are stolen." The e-mail tells recipients that the proceeds of identity theft crimes have been wire-transferred into their bank account. The e-mail then directs recipients to open and review an attached copy of their bank account statement. The attached file is actually an unknown executable file.

Recipients should consider the intent of the executable file as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.

The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT open the executable file attached to the fraudulent e-mail.

Reminder from the FDIC - March 24, 2008

FDIC reminds consumers to be aware of advance fee loan scams that prey on individuals who desperately need money quickly. The scam involves false promises to arrange for a loan in return for fees paid upfront by the applicant. Scam artists may design Websites with online loan applications or fraudulently use logos and letterhead of legitimate companies to make the offer look legitimate.

Applicants are guaranteed approval as soon as the required fees are paid upfront usually by way of wire transfer money to an individual overseas.

Warning signs of advance fee loans include:

Loan approval is "guaranteed." Lenders don't guarantee loans before analyzing the application.
The loan applicant is required to pay upfront fees. Loan fees are normally paid after the loan is approved.
The lender or loan processor is located outside of the United States.
Payment of fees is requested to be sent by retail wire transfers.

Victims should report crimes to the Internet Crime Complaint Center at http://www.ic3.gov/.

E-mail Claiming to Be From the FDIC - March 14, 2008

The FDIC has received a number of reports of a phishing e-mail that has the appearance of being sent from the FDIC.

This e-mail asks "Who is FDIC?" and "What can FDIC do for you?" It warns against identity theft and states that the "FDIC is presenting a new card insurance which can restore you up to $500 if you are a victim of internet fraud." The e-mail directs recipients to click on a link to be redirected to "an online signup page for this program."

This e-mail is a fraudulent attempt to obtain personal information from consumers. Consumers should NOT access the link provided within the body of the e-mail and, under any circumstances, not provide any personal information through this media.

FBI Warning about Fraudulent Complaint e-mails

The Federal Bureau of Investigation (FBI) is warning consumers to be cautious of e-mails claiming that someone has filed a complaint against them or their company with a government agency or other organization against you or your company. The fraudulent e-mails state that a complaint has been filed with the Department of Justice or another organization such as the Internal Revenue Service, Social Security Administration, or the Better Business Bureau. The e-mails are likely an effort to collect personally identifiable information.

The e-mails address the recipients by name, and other personal information may be contained within the e-mail. Some of the fraudulent e-mails refer to a complaint that is in the form of an attachment. It is believed that the attachment actually contains virus software designed to steal passwords and other personal information from the recipient. Once downloaded, the virus is designed to monitor username and password logins and record the activity entered on the compromised machine.

Consumers and businesses should be wary of any e-mail received from an unknown sender. They should not open any unsolicited e-mail or click on any hyperlinks provided. If you receive a scam e-mail please notify the Internet Crime Complaint Center (IC3) by filing a complaint at www.ic3.gov.

E-Mails Claiming to Be From the FDIC

Con artists know that people trust the FDIC name. That's why they may use our name and seal in fraudulent e-mails trying to obtain valuable information from consumers and businesses. These types of scams are commonly referred to as "phishing." Con artists use fake Web sites and e-mails to obtain valuable personal information from consumers.

The FDIC does not send out unsolicited e-mails or ask for detailed personal information. Additionally, the FDIC does not ask people for the PIN numbers, passwords or similar secret access information for their credit card, bank or other financial accounts. If you get this sort of e-mail appearing to be from the FDIC, you should assume that it is fraudulent.

To report a fraud, send an e-mail to the FDIC financial crimes unit at alert@fdic.gov or call the FDIC toll-free at 1-877-ASK-FDIC (1-877-275-3342).