Be more informed about identity theft. Take this short quiz and see how knowledgable you are. Are you safe from identity theft?

http://onguardonline.gov/quiz/idtheft_quiz.html

This study, published on December 14, 2004, presents the FDIC's findings on unauthorized access to financial institution accounts and how the financial industry and its regulators can mitigate these risks.

Executive Summary And Findings

Background and Focus of Study
Identity theft is one of the fastest growing types of consumer fraud. The Federal Trade Commission (FTC) has estimated that, during 2003, almost ten million Americans discovered they were the victims of identity theft, with a total cost to businesses and consumers of over $50 billion. This study focuses on a subset of identity theft that is of particular concern to financial institutions insured by the FDIC and to the institutions' customers: unauthorized access to and misuse of existing asset accounts primarily through phishing and hacking, hereinafter referred to as “account hijacking.”

Prevalence and Impact of Account Hijacking
While precise statistics on the prevalence of account hijacking are difficult to obtain, recent studies indicate that unauthorized access to checking accounts is the fastest growing form of identity theft. Another recent study has estimated that almost 2 million U.S. adult Internet users experienced this fraud during the 12 months ending April 2004. Of those, 70 percent do their banking or pay their bills online and over half believed they received a phishing e-mail. Consumers are attributing risk to their use of the Internet to conduct financial transactions, and many experts believe that electronic fraud, especially account hijacking, will have the effect of slowing the growth of online banking and commerce.

Findings
Fraudsters are taking advantage of the reliance on single-factor authentication for remote access to online banking, and the lack of e-mail and Web site authentication, to perpetrate account hijacking. Financial institutions and government should consider a number of steps to reduce online fraud, including:

• Upgrading existing password-based single-factor customer authentication systems to two-factor authentication.
• Using scanning software to proactively identify and defend against phishing attacks. The further development and use of fraud detection software to identify account hijacking, similar to existing software that detects credit card fraud, could also help to reduce account hijacking.
• Strengthening educational programs to help consumers avoid online scams, such as phishing, that can lead to account hijacking and other forms of identity theft and take appropriate action to limit their liability.
• Placing a continuing emphasis on information sharing among the financial services industry, government, and technology providers.

The federal banking, thrift and credit union regulatory agencies have published an informational brochure to assist consumers in identifying and preventing a new type of fraud known as "phishing."

The term "phishing" – as in fishing for confidential information – is a scam that encompasses fraudulently obtaining and using an individual's personal or financial information. In a typical case, the consumer receives an e-mail requesting personal or financial information; the e-mail appears to originate from a financial institution, government agency or other entity. The e-mail often indicates that the consumer should provide immediate attention to the situation described by clicking on a link. The provided link appears to be the Web site of the financial institution, government agency or other entity. However, in "phishing" scams, the link is not to an official Web site, but rather to a phony Web site. Once inside that Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth. When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity.

The brochure explains the basics of "phishing," the steps consumers can take to protect themselves, and the actions that consumers can take if they become a victim of identity theft. The brochure is available in a downloadable form through the FDIC's Web site at http://www.fdic.gov/news/news/press/2004/pr9304b.pdf 3,268k (PDF Help) (large file format) or http://www.fdic.gov/news/news/press/2004/pr9304a.pdf 224k (PDF Help) (small file format).

For your reference, FDIC Financial Institution Letters may be accessed from the FDIC's Web site at http://www.fdic.gov/news/news/financial/2004/index.html . To learn how to automatically receive FDIC Financial Institution Letters through e-mail, please visit http://www.fdic.gov/about/subscriptions/index.html.

ATM Safety: Common Sense Tips for Combating Crooks

ATM manufacturers and financial institutions go to great lengths to prevent robberies and fraud at cash dispensing machines. They place ATMs in safe locations, light them well, and use a variety of security measures. Many banks also limit the amount of cash that can be withdrawn each day so that a thief can't quickly clean out an account. Even so, not all ATM crimes can be prevented.

We hope you'll never be the victim or the target of an ATM theft or fraud. However, we also know that one of the best ways to stack the odds in your favor is to learn some self-defense. That's why FDIC Consumer News offers these safety suggestions:

Protect your ATM card.
Know where it is at all times and keep it secure. Carry only the cards — debit or credit — you think you'll need. The fewer cards you carry, the less likely they'll be lost or stolen and used in a fraud attempt. Destroy old or expired ATM cards. Be sure to cut through the account number and magnetic strip before disposing of a card.

Safeguard your personal identification number (PIN).
Never write your PIN on your card or on a piece of paper you keep near your card. Memorize it instead. "If a thief finds or steals your ATM card and your PIN, it's like you've opened up your bank account and offered free samples," says Janet Kincaid, FDIC Senior Consumer Affairs Officer.

Don't share your PIN with anyone — not even a relative who isn't a co-owner of your account. Beware of deceptive calls or e-mails from crooks claiming to be from your bank or the police asking you to "verify" (divulge) your PIN. Make sure that no one can easily see your PIN as you enter it at the ATM keypad.

Choose an ATM carefully and use common sense.
Be aware of your surroundings, particularly at night. Avoid ATMs in dark or remote areas or where people seem to be loitering.

Walk away if you notice something suspicious. Michael Benardo, a manager in the FDIC's Technology Supervision Branch, gives these examples of fraudulent recording devices found at ATMs: unusual-looking devices attached over the card slots of machines for "skimming"or gathering information from the magnetic strip on the back of the card; transparent overlays on ATM keypads that can record PINs; and tiny cameras hidden behind innocent-looking brochure holders and focused on where ATM users enter their PINs. Also go elsewhere if you see a sign directing you to only one of multiple ATMs — it could be the machine that was tampered with by a crook.

There are even reports of crooks installing "card cleaners" at an ATM. "These are really just skimming devices that capture account information, and the only cleaning they're used for is to clean out someone's account," says Benardo.

Also protect your ATM card when you use it to make purchases at retail establishments. For example, if you give an employee your card and you notice that he or she swipes it through two devices instead of one, that second device could be recording your account information for use in making a fraudulent card. Report that situation to a manager and your card issuer.

Note: Some ATMs belong to non-banking companies or even individuals, not to banks or other depository institutions. While a privately owned ATM may be safe to use, "for the consumer, there's more uncertainty about who these companies are, whether they are legitimate or whether they're being audited or regulated by the government on an ongoing basis," Benardo says. He notes, for example, reports of dishonest ATM owners collecting card numbers for use in making duplicate cards and committing fraud. In general, your safest bet is to use an ATM owned by a federally insured banking institution. If you are considering using a private ATM, stick to one at a trusted merchant and make sure the ATM's owner is clearly identified.

Withdraw cash safely.
Have your ATM card in your hand as you approach the ATM. When you collect your cash, immediately put it into your pocket or purse and count it later in private. Take your receipt and keep moving. The idea is to give a would-be robber less time to target you and steal your cash, wallet or purse.

What if you drive to an ATM? It's a good idea to use a drive-up ATM at a bank office or branch. Keep the engine running, lock all doors and roll up the passenger-side windows. If it's night-time and a drive-up machine isn't available, park in a well-lit area close to the ATM and, if possible, take another person with you.

Promptly report anything suspicious.
Immediately notify your bank if your ATM card is lost or stolen; you notice a recording device or something else suspicious at a machine; or you receive an unsolicited call or e-mail asking for personal information, such as your account number and PIN. Also, immediately notify your card issuer about an unauthorized ATM or debit card transaction on your account. Remember that the faster you report a problem, the greater your federal protections are (see "Laws Protecting ATM Users"). Early notice also may be key in catching the crooks.

Spammers Pose as Federal Government Operation

A new Spam Scam Alert from the Federal Trade Commission could help consumers avoid becoming identity theft victims. The Alert, “Someone Is Phishing For Your Information,” warns that consumers may receive e-mails that claim to be from regulations.gov, a government Web site where consumers can comment on federal rule-making. The e-mails’ subject lines typically read, “Official information,” or “Urgent information to all credit card holders!” and claim that recent changes in the law require that Internet users identity themselves to the government to “create a secure and safer Internet community.” The e-mail includes a link to a Web site that mimics regulations.gov and asks readers to provide their personal financial information.

In fact, the alert warns, regulations.gov does not collect financial information or charge consumers a fee and there is no law requiring Internet users to register with the government. Consumers who provide their financial information in response to unsolicited e-mail could be at risk of identity theft.

The alert advises consumers who receive e-mail from a company or government agency asking for personal information to contact that organization using a phone number or Web address they have used in the past. They should not click on hyperlinks provided in the e-mail.
Consumers who recently have shared credit card or bank information in response to an unsolicited e-mail that claimed to be from regulations.gov should notify their credit card company or bank immediately and discuss whether they should cancel those accounts. Consumers who provided Social Security numbers should contact one of the three credit reporting agencies, ask to have a fraud alert placed on their accounts, and obtain copies of their credit reports to be sure new accounts have not been opened in their names. The alert says that consumers should visit the FTC’s Identity Theft Web Site at www.consumer.gov/idtheft to file a complaint and learn more about how to minimize the risk of damage from identity theft.

Copies of the consumer alert are available from the FTC’s Web site at http://www.ftc.gov and also from the FTC’s Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580. The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint, or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1 877-382-4357), or use the complaint form at http://www.ftc.gov. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

The Federal Trade Commission is urging consumers to beware of a foreign lottery scam that adopts the name of Spain’s largest lottery prize, “El Gordo,” to con consumers out of substantial sums of money. According to the Spanish government, consumers in the United States may receive phony letters, as well as forged materials purporting to be from Spanish banks, that claim that these consumers have been the “lucky winners” of a large cash prize. To claim the prize, the consumer is told he or she must pay a sum that goes toward the taxes, bank costs, and processing fees necessary to deliver the prize money.

The real drawing for the “El Gordo” prize takes place during the holiday season. The Spanish government indicates that the fraudsters who carry out the phony drawing use the actual addresses of official Spanish organizations to make their scam appear legitimate.

If you receive a letter this holiday season claiming you have won a big prize in a foreign lottery, do not pay any money – it is a scam. The FTC reminds U.S. consumers that participating in a foreign lottery is illegal. An FTC Consumer Alert, “International Lottery Scams,” available at http://www.ftc.gov/bcp/conline/pubs/alerts/intlalrt.htm, explains the dangers of foreign lottery fraud and provides these useful tips to prevent consumers from being duped.

If you play a foreign lottery – through the mail or over the telephone – you’re violating federal law.

There are no secret systems for winning foreign lotteries. Your chances of winning more than the cost of your tickets are slim to none.

If you purchase one foreign lottery ticket, expect many more bogus offers for lottery or investment “opportunities.” Your name will be placed on “sucker lists” that fraudulent telemarketers buy and sell.

Keep your credit card and bank account numbers to yourself. Scam artists often ask for them during an unsolicited sales pitch.

The FTC encourages consumers to give any suspicious “lottery” material from a foreign country to a local postmaster. You can also report it to the FTC at www.ftc.gov or 1-877-FTC-HELP, or contact your state Attorney General. For more information on foreign lottery scams and other types of international fraud, visit www.ftc.gov/crossborder.

The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint, or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1 877-382-4357), or use the complaint form at www.ftc.gov. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.