Cybersecurity

What is MFA?

Six federal financial industry regulators teamed up recently to make your accounts more secure. New guidance from the government will help all banks strengthen vigilance and make sure that the person signing into your account is actually you. This guidance is designed to make online transactions of virtually all types safer and more secure. Read more about the important points of Multi-factor Authentication and how it affects you.

Phone & Email Policy

Citizens Bank & Trust Co. wants you to be protected. This includes educating all our customers to be cautious and mindful of cyber crimes and other forms of fraud. We want all of our customers to know that it is not our policy to call you on the telephone to verify any customer personal banking information (as we already have this information on file).

One exception to this is when a customer initiates a call to one of our Citizens Bank and Trust Co. offices first requesting that their Internet Banking Personal Identification Number (PIN) or any other online PIN’s be reset. As an extra security step, we will request your local home or work telephone number and call you back prior to resetting the PIN. During the follow up call, we will ask you to verify certain banking information to prove that you are the true owner of the account before we reset the PIN.

Any e-mails Citizens Bank and Trust Co. sends to our customers will always be “information only” and will not ask you to verify or input any banking information. BEWARE of any e-mail asking you to input or verify any banking or personal information (known as “phishing” described in detail below) as these e-mails were not sent by Citizens Bank & Trust Company.

Debit Card Fraud Protection

Around the world, there are just a few foreign countries that the majority of fraudulent debit card transactions are generated from. Please notify us if you plan to travel abroad and we can release the restrictions for your card for specific countries for the time you will be traveling. For more information contact us at any of our Branch Locations.

PLEASE CALL THE BANK PRIOR TO YOUR DEPARTURE TO ANY FOREIGN COUNTRY.

In a continued effort to protect you again fraud, your VISA™ debit card will not work in any foreign countries unless you notify us first. We would prefer you contact us 3 days in advance of your departure.

Funds Blocking

Some merchants place a "block" or a "freeze" on funds when you use your debit card to rent a car, pay for gas or check into a hotel. This "block" or "freeze" is usually higher than the actual amount you owe. For example, if you rent a car for a week, the total cost is $200, the car rental merchant may freeze $300 of your funds at their discretion. Unfortunately, this extra $100 remains unusable during the time you have the car. The blocked amount may remain unavailable for several days after you return the car. Please read the fine print when using your debit card to check into a hotel, rent a car, or when making other purchases. We highly suggest you use your credit card when traveling.

Citizens Bank and Trust Company offers VISA™ Prepaid Cards for your convenience.

• Due to daily VISA™ debit card limits, it is recommended that you use a major credit card when booking and paying for flights and hotels, instead of your VISA debit card.

Remember, don't forget to call the bank before you go...........so you can enjoy the convenience of your VISA™ debit card !

ATM Safety Tips

• Stay Alert.
• Keep your PIN confidential.
• Observe your surroundings before conducting a transaction. Choose well-lit, well-placed ATMs where you feel comfortable.
• Change your PIN periodically, and if you think it may have been compromised, change it immediately.
• Avoid opening your purse, bag or wallet while in the queue for the ATM.
• Block the view of others when using the ATM
• Look for possible fraudulent devices attached to an ATM.
• Only enter your PIN once for a transaction. If you are prompted to enter your PIN twice cancel the transaction and check your online statement or contact a representative at the bank to be sure the transaction does not charge you.
• Minimize time spent at the ATM when conducting a transaction after hours. Put your ATM card away and don’t count your money, immediately leave.
• Save your receipts.

Investment Fraud

Fraudulent investment schemes are often marketed by telephone salespersons armed with high pressure and sophisticated selling techniques. Some swindlers surround themselves with the trappings of legitimacy -- rented office space, a receptionist, investment counselors, and professionally designed color brochures describing the investment.

Seniors are a prime target for fraudulent investment schemes since many have saved a good amount of money for their retirement years. Fraudulent schemes require you to invest your money -- often lots of it. Most promise you either a large increase in the value of your investment or higher-than-market interest on your capital, or both.

These schemes are fraught with danger: in most cases, you will never again see the funds you invested. And you may not even receive the promised interest. If you do receive interest, you will often be paid late. Often, unbeknownst to you, your interest will be paid from the investments of others who are newly brought into the program in order to keep it alive. The swindler hopes these payments will allay any suspicions you might have as to the strength of your investment

Learn More about Investment Fraud

Charity Fraud

Throughout the year, and especially during the holiday season, you probably get appeals in the mail or by telephone urging you to contribute financially to a good cause. But the U.S. Postal Inspection Service warns those who want to give that there are plenty of fraud operators out there who are scheming for your money--and the last thing on their mind is charity. Not only do such come-ons bilk you of your money, but they also put money you intended for the needy into the hands of con artists.

What is Phishing?

Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security Number, passwords, or other sensitive information.

According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with – for example, your Internet service provider (ISP), your bank, online payment service, or even a government agency. The message usually says that you need to “update” or “validate” your account information. It might threaten some dire consequences if you don’t respond. The message directs you to a website that looks just like a legitimate organization’s site, but it isn’t. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal you identity and run up bills or commit crimes in your name.

The FTC, the nation’s consumer protection agency, suggests these tips to help you avoid getting hooked by a phishing scam:

• If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address. In any case, don’t cut and paste the link in the message.
• Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
• Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
• Use anti-virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.
• A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection. Finally, your operating system (like Windows or Linux) may offer free software “patches” to close holes in the system that hackers or phishers could exploit.
• Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.

Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to spam@uce.gov. If you believe you’ve been scammed, file your complaint at www.ftc.gov, and then visit the FTC’s Identity Theft Web site to learn how to minimize your risk of damage from ID theft. Visit www.ftc.gov/spam to learn other ways to avoid email scams and deal with deceptive spam.

The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit www.ftc.gov or call toll-free, 1 (877) FTC-HELP (1 (877) 382-4357); TTY: 1 (866) 653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

Are you Ready for Vishing?

In a new twist, identity thieves are sending spam that warns victims that their bank account or PayPal accounts were supposedly compromised. However, unlike typical phishing emails, there is no website address in these phishing messages. Instead, the victim is urged to call a phone number to verify account details.

The automated voice message says: "Welcome to account verification. Please type your 16-digit card number." The goal is to get the victim to enter their credit card number. In these reported scams, no mention of the bank or PayPal is made.

Security experts tracking this scam and other instances of "vishing", short for "voice phishing", say the frauds are particularly despicable because they imitate the legitimate ways people interact with financial institutions. In fact, some vishing attacks don't begin with an e-mail. Some come as calls out of the blue, in which the caller already knows the recipient's credit card number. This increases the perception of legitimacy, the caller asks for the valuable three-digit security code on the back of the card.

Vishing appears to be prospering with the help of Voice over Internet Protocol, or VoIP, the technology that enables cheap and anonymous Internet calling, as well as the ease with which caller ID boxes can be tricked into displaying erroneous information.

Be Aware of Fraudulent Email

• Never call a number you receive from a spam email, and certainly don't enter in any private information if you make a mistake and do call. If you want to call your bank, use the normal phone number you regularly use, not the phone number you get in an e-mail.
• Arrowhead e-mail messages will not directly link you to an online application.
• Never click on the link provided in an e-mail you believe is fraudulent.
• Do not open an attachment to an unsolicited e-mail unless you have verified the source.
• Do not be intimidated by an e-mail or caller who suggest dire consequences if you do not immediately provide or verify information.
• If you believe the contact is legitimate, go to the company’s website by typing in the site address directly or using a page you have previously book marked, instead of a link provided in the e-mail.
• Use the FTC (Federal Trade Commission) website, Consumers can take interactive quizzes designed to enlighten them about identity theft, phishing, spam and online-shopping scams. Elsewhere on the site, consumers can find detailed guidance on how to monitor their credit histories, use effective passwords and recover from identity theft.

Beware of Schemes that Sound Too Good to Be True

You’ve just won the Tanzania National Lottery! Even though you’ve never been there and Tanzania doesn’t actually have a national lottery. If you get an e-mail or a letter with a legitimate looking check, be careful. You may end up owing your bank a lot of money. Check scams have been around for a long time, but aren’t always as obvious as you may think. Visit FakeChecks.org and learn all about some of the most popular ones out there right now.