Protecting your personal information and your accounts.
- Identity theft includes establishing an account using another person's identity or accessing an existing account without authority of the account holder.
- Don't include your Social Security Number or driver's license number on sensitive documents.
- Don't respond to unsolicited requests for personal or account information.
- Don't leave mail lying around.
- Drop your mail in an official postal mailbox.
- Shred or destroy any junk mail before you throw it away.
- Use a safe deposit box to protect important documents.
- Review your credit report at least once a year.
Phishing is the use of fraudulent emails or pop-up Web pages that appear legitimate but are designed to deceive you into sharing personal or account information.
Pharming occurs when you type in a Web address and it redirects you to a fraudulent Web site, which looks similar to a legitimate site, in hopes of capturing your confidential information.
By using actual logos and images from legitimate companies, Scammers can make fraudulent e-mails or Web sites appear real. They often state that if you fail to provide personal or account information, your accounts will be suspended.
What you can do.
- Update your anti-virus and anti-spam software. Up to date anti-virus and anti-spam software makes it more difficult for scammers to access your personal information.
- Notify us of any suspicious e-mails regarding your accounts with us.
- Change your online passwords often. Don't use sensitive information or obvious passwords like birthdays or your zip code. Include symbols and/or upper and lower case letters (for example, ?qRp&Gh).
- Use your spam filter. Many e-mail services now have spam filters that minimize the amount of spam you receive and the number of fraudulent e-mails.
- If you do open a suspicious email, don't click on any links. By clicking on the links, you could download a virus or spyware onto your computer.
- Delete e-mails from unknown senders that has nonsense in the subject line.
Current Fraud alerts being attempted by criminals:
Confirm Email Address, Account Information or Identity
In many fraudulent email scams, you are requested to confirm your email address, account information or your identity for one of many reasons, including:
New account registration
Change in email address or password
Account information has been amended
Numerous login attempts–account restricted
Your account was accessed by one or more foreign IP addresses
The email provides a link to what appears to be a Central Federal site but is really a fraudulent Web site. This is an attempt to steal your personal information or download spyware. These emails are fraudulent. Central Federal will NEVER send you an email REQUESTING confidential account or personal information.
Service Deactivation Threat
Fraudulent emails often circulate claiming some account services will be deactivated or deleted. It asks you to sign in to a fraudulent Web site to renew these services in an attempt to steal your personal information.
Virus Alert–Install Software Update
Another fraudulent email claims "our" firewall has determined that emails containing worm copies are being sent from your computer. It asks that you install updates for worm elimination and "your computer restoring." A file is attached and may be named something like "Update-KB1218-w86exe". This email or any like it are NOT from Central Federal. This is a scam. Any action taken as a result of such an email could compromise your computer. Central Federal will NEVER send you an email requesting the download of software.
"Account Manager" Scam
One email and the Web scam offers to let you become an "Account Manager" or "Transfer Agent" for a third party, usually someone in an African or ex-Soviet bloc country.
Scammers try to solicit you through an email or an advertisement on the Web, offering to let you "work from home" and be an Account Manager or "Money Transfer Agent" for them, thus letting you "earn" commissions (usually 5%) for your trouble. They then transfer money OUT of an unsuspecting person's account and into yours. Once the money is in your account, they ask you to send it to them via Western Union.
Counterfeit Cashier's Check Scam
In response to a listing on an Internet auction or other site, a buyer (often from a foreign country) purchases the item and sends you a cashier’s check for a lot more than the agreed-upon selling price. The buyer then asks you to wire the excess funds back. Within a week, the bank is notified that the check is a worthless counterfeit and you are out thousands of dollars. In these scams, the cashier’s checks are excellent counterfeits and very difficult to spot.
In another twist to this scam, the buyer requests your bank account and routing numbers so that he or she may wire funds to your account. Do NOT give your account numbers to anyone.
Million Dollar Sweepstakes or Windfall Scam
In another widespread scheme, a person receives an unsolicited letter, email or fax from an "official" in a foreign government offering to share a multimillion dollar windfall in "over-invoiced contract funds."
The "official" claims to need your bank account number and other personal information to transfer the money out of his country. And he will also "need" up-front cash from you to bribe other officials. You could lose the entire contents of your checking account.
A recent variation on this scam is a letter that contains a fraudulent credit card (or a large denomination Visa or MasterCard gift card) that is supposed to serve as your windfall "winnings" in a drawing or other contest. But you must first provide the scammer with confirmation of your identification information, and the letter may also ask for you to provide money up front in order for you to "activate" the fake card and get your prize.
Remember - If it's too good to be true, IT IS!
Fraudulent E-Mails Claiming to Be From the FDIC
E-mails fraudulently claiming to be from the FDIC are attempting to trick recipients into installing unknown software on personal computers. These e-mails falsely indicate that recipients should download and open a "personal FDIC insurance file" to check their deposit insurance coverage. The "insurance file" may actually be a form of spyware or malicious code and may collect personal or confidential information.
The Federal Deposit Insurance Corporation (FDIC) has become aware of e-mails appearing to be sent from the FDIC that are asking recipients to download and open a "personal FDIC insurance file" to check their deposit insurance coverage. These e-mails are fraudulent and were not sent by the FDIC. The FDIC is attempting to identify the source of the e-mails and disrupt the transmission.
Currently, the subject line of the fraudulent e-mails includes the wording "check your Bank Deposit Insurance Coverage." The e-mails state: "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets."
The e-mails ask recipients to "visit the official FDIC website" by clicking on a hyperlink provided, which appears to be related to the FDIC and directs recipients to a fraudulent Web site. The Web site includes hyperlinks that appear to open forms. However, it is believed that clicking on the hyperlinks will cause an unknown executable file to be downloaded. While the FDIC is working with the United States Computer Emergency Readiness Team (US-CERT) to determine the exact effects of the executable file, recipients should consider the intent of the software as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to online banking services or to conduct identity theft. Financial institutions and consumers should NOT access the Web site or download the executable files provided on the Web site.
Visa®/MasterCard® Security Code Scam
In this scam, the caller claims to work for the fraud department at Visa or MasterCard and tells you his badge number. He then asks if you recently purchased an anti-telemarketing device for $500. When you say "no," he tells you that his fraud department has been watching that company. He offers to block the charge. Because he has secured your name, credit card number and expiration date from a charge receipt, he is convincing when he provides you with this information to verify.
What he does not know–and wants you to divulge–is the three-digit security code on the back of your card. Without it, he cannot use your credit card number to shop on many sites on the Internet. Don't give out your code. Hang up.
To begin with, credit card companies–such as Visa and MasterCard–are not the credit card issuer. Financial institutions–such as banks and credit unions–issue credit cards. And credit card companies DO NOT call cardholders asking to disclose any information about their cards.
If you ever get an email, phone call or letter supposedly from Central Federal asking for you to provide or verify your personal identification or bank account information, or asking you for up-front money to claim a windfall - it is a scam or an attempt at identity theft.
When in doubt, don't respond to the email address or phone number contained in the request – Instead, call us at 708-656-5000.
Call the 24x7 Fraud Hotline: 800-554-8969 to report a lost or stolen card.
Secure Online Banking
Tips on secure online banking
Type your internet banking URL
Always access our internet banking by typing the correct URL (https://www.centralfederalsavings.com) into your browser. Never click on a link in an email to take you to a website, or enter personal details either in the email or website.
You should always be wary if you receive unsolicited emails or calls asking you to disclose any personal details or card numbers. This information should be kept secret at all times. Be cautious about disclosing personal information to individuals you do not know.
Please remember that we will never contact you directly to ask you to disclose your password information.
If it sounds too good to be true...
It probably is. Don't be conned by convincing emails offering you the chance to make some easy money. As with most things, if it looks too good to be true, it probably is. Be cautious of unsolicited emails from overseas - it is much harder to prove legitimacy of the organizations behind the emails.
It is important to use up-to-date anti-virus software and a personal firewall. If your computer uses Microsoft Windows, it is important to keep it updated via the Windows Update feature, equally if you use another operating system you should check regularly for updates.
Ensure you also regularly patch Java and Adobe products. These items are frequently updated because of vulnerabilities and hacker use of those vulnerabilities to install malware on your computer.
Consider using a single computer for your online banking and restrict other uses on it.
Avoid Public Wireless Internet Access
You should be vigilant if you use internet cafes or a computer that is not your own and over which you have no control. Hackers and identity thieves often monitor these networks or install malware to capture your login credentials.
Keep your identity private
Your identity can be as easily stolen offline as it can online. It is important that you comply with instructions about destroying expired bank cards. Do not write down your Username and Password and leave it next to your computer.
Do not Cache your online banking passwords.
Do not use the same password for online banking that you use for any other website that may be compromised and thieves now have your internet banking password.
You should also consider using a crosscut shredder to destroy bank and other statements that may contain sensitive personal information.
It is advisable to store retained documents in a suitable locked and fireproof container.
Use a complex password that is not easily guessed. It should not contain full names or words and include special characters and be at least 8 characters long.
Check your statements
It is important to check your statements regularly; a quick check will help identify any erroneous or criminal transactions that might have been performed on your account without your knowledge.
Check your banking session is secure
When undertaking any banking on the internet, check that the session is secure. There are two simple indicators that will tell you if your session is secure. The first is the use of https:// in the URL. Some browsers such as Mozilla Firefox change the color of the url window when you are in a secure session. The other indicator is the presence of a digital certificate represented by a padlock or key in the bottom right hand corner. If you double click on this icon it should provide you with information about the organization with which you have entered in to a secure session.
Check for Spywares/Malware
In addition to being protected by using up-to-date antivirus software you should also regularly use software to remove spyware from your computer, as these programs record information about your internet use and transmit it without your permission. In some circumstances this can compromise your PC security. Remember current anti-virus software does not catch 100% of every virus. Consider utilizing multiple programs to regularly scan your computer.
Ensure you log off properly
It is important to completely log off from your internet banking session; simply closing the window you performed the transaction in may not close the banking session. If your computer is infected with a Trojan, your session may become hijacked by a criminal and financial transactions may be performed without your knowledge. It is also advisable to disconnect from the internet if you are not planning to use it.
What we do to make your online banking session
We use a combination of Secure Socket Layer (SSL) protocol and passwords to protect your information. In addition, stronger authentication is used as appropriate to particular markets.
If you suspect any suspicious activity please contact us immediately at 708-656-5000.
In Case of Errors or Questions About Your Electronic Transactions
Telephone or write us at the number or address shown on the front of your statement if you think your statement or receipt is wrong or if you need more information about a transfer on the statement or receipt. We must hear from you no later than 60 days after we sent you the FIRST statement on which the error or problem appeared.
(1) Tell us your name and account number.
(2) Describe the error or the transfer you are unsure about, and explain as clearly as you can why you believe there is an error or why you need more information.
(3) Tell us the date and the dollar amount of the suspected error.
If you tell us orally, we may require that you send us your complaint or question in writing within 10 business days.
We will determine whether an error occurred within 10 business days, (5 business days if involving a VISA transaction or 20 business days if the transfer involved a new account) after we hear from you and will correct any error promptly. If we need more time, however, we may take up to 45 days (90 days if the transfer involved a new account, a point-of-sale transaction, or a foreign-initiated transfer) to investigate your complaint or question. If we decide to do this, we will credit your account within 10 business days (5 business days if involving a VISA transaction or 20 business days if the transfer involved a new account) for the amount you think is in error, so that you will have the use of the money during the time it takes us to complete our investigation. If we ask you to put your complaint or question in writing and we do not receive it within 10 business days, we may not credit your account. An account is considered a new account for 30 days after the first deposit is made, if you are a new customer.
We will tell you the results within three business days after completing our investigation. If we decide that there was no error, we will send you a written explanation.
You may ask for copies of the documents that we used in our investigation.
More information on identity theft and safeguarding your computers and personal information is available at the FDIC's Web site, www.FDIC.gov.