If you believe you have been a victim of fraud, please call Hanover Community Bank at 516-248-4868 or email us.
Identity theft can be devastating to your personal finances. There are, however, a number of effective ways you can protect your identity and personal information from thieves. At Hanover Community Bank, we will do everything we can to protect your security. By following the tips below, you can help us protect your account against fraudulent activity.
IMPORTANT TO NOTE: We will never ask for confidential information through the Internet, in an email, or by text message. Should you receive an e-mail or other electronic message requesting that you call a telephone number to update your personal information, do not call. Any request would be made in writing.
Hanover Community Bank - Provides Tips to Protect Your Identity
October is National Cybersecurity Awareness Month
In honor of National Cybersecurity Awareness Month, Hanover Community Bank offers the following tips to help consumers protect themselves from becoming a victim of identity theft:
Don’t share your secrets. Don’t provide your Social Security number or account information to anyone who contacts you online or over the phone. Protect your PINs and passwords and do not share them with anyone. Use a combination of letters and numbers for your passwords and change them periodically. Do not reveal sensitive or personal information on social networking sites.
Shred sensitive papers. Shred receipts, banks statements and unused credit card offers before throwing them away.
Keep an eye out for missing mail. Fraudsters look for monthly bank or credit card statements or other mail containing your financial information. Consider enrolling in online banking to reduce the likelihood of paper statements being stolen. Also, don’t mail bills from your own mailbox with the flag up.
Use online banking to protect yourself. Monitor your financial accounts regularly for fraudulent transactions. Sign up for text or email alerts from your bank for certain types of transactions, such as online purchases or transactions of more than $500.
Monitor your credit report. Order a free copy of your credit report every four months from one of the three credit reporting agencies at annualcreditreport.com.
Protect your computer. Make sure the virus protection software on your computer is active and up to date. When conducting business online, make sure your browser’s padlock or key icon is active. Also look for an “s” after the “http” to be sure the website is secure.
Protect your mobile device. Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen. Before you donate, sell or trade your mobile device, be sure to wipe it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen. Use caution when downloading apps, as they may contain malware and avoid opening links and attachments – especially for senders you don’t know.
Report any suspected fraud to the bank immediately.
Protect yourself from e-mail scams
Identity theft and Internet fraud are a common concern today. Chances are, at some point you will be subjected to some sort of a "phishing" scam. Phishing uses "spoofed" emails and fraudulent web sites designed to fool recipients into giving personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc...
We will never send e-mail which:
- Requires you to enter personal information directly into the e-mail
- Threatens to close your account if you do not take the immediate action of providing personal information
- Asks you to enter your User ID, password or account numbers into an email or non-secure web page
Report suspicious e-mails received to the Federal Trade Commission by calling 1 877 IDTHEFT (438-4338).
Protect yourself while using your Hanover Community Bank ATM/Debit Card
If your Debit Card has been Lost or Stolen, please call 1-800-554-8969.
- Using your Hanover Community Bank ATM/ Debit Card at the store
- NEVER leave receipts and carbons behind where someone could pick them up, especially ATM, supermarket, and a self service gasoline pump receipts
- Using your Hanover Community Bank ATM Debit Card over the phone
- NEVER give your account number to someone calling you on the phone, even if the caller says it will be used to claim a prize or award.
Protect yourself when conducting your transactions online
To ensure the security of your online transactions, we want you to know that we will never email, call or otherwise ask you for your user name, password or other electronic banking credentials.
Tips to protect you from fraud
- Never click on suspicious links in emails, tweets, posts, or online advertising. Links can take you to a different website than their labels indicate. Typing an address in your browser instead of clicking a link in an email is a safer alternative
- Only submit sensitive information to websites using encryption to ensure your information is protected as it travels across the Internet. Verify the web address begins with “https://” (the “s” is for secure) rather than just “http://”. Some browsers also display a closed padlock.
- Do not trust sites with certificate warnings or errors. These messages could be caused by your connection being intercepted or the web server misrepresenting its identity.
- Avoid using public computers or public wireless access points for online banking and other activities involving sensitive information when possible.
- Always “sign out” or “log off” of password protected websites when finished to prevent unauthorized access. Simply closing the browser window may not actually end your session.
- Be cautious of unsolicited phone calls, emails, or texts directing you to a website or requesting information.
General PC Security
- Maintain active and up-to-date antivirus protection provided by a reputable vendor. Schedule regular scans of your computer in addition to real-time scanning.
- Update your software frequently to ensure you have the latest security patches. This includes your computer’s operating system and other installed software (e.g. web browsers, Adobe Flash Player, Adobe Reader, Java, Microsoft Office, etc.).
- Automate software updates, when the software supports it, to ensure it’s not overlooked.
- If you suspect your computer is infected with malware, discontinue using it for banking, shopping, or other activities involving sensitive information. Use security software and/or professional help to find and remove malware.
- Use firewalls on your local network to add another layer of protection for all the devices that connect through the firewall (e.g. PCs, smart phones, and tablets).
- Require a password to gain access. Log off or lock your computer when not in use.
- Use a cable lock to physically secure laptops when the device is stored in an untrusted location.
- Create a unique password for all the different systems/websites you use. Otherwise, one breach leaves all your accounts vulnerable.
- Never share your password over the phone, in texts, by email, or in person. If you are asked for your password it’s probably a scam.
- Use unpredictable passwords with a combination of lowercase letters, capital letters, numbers, and special characters.
- The longer the password, the tougher it is to crack. Use a password with at least 8 characters. Every additional character exponentially strengthens a password. Passphrases are most effective. A passphrase is a short sentence and generally easier to remember.
- Avoid using obvious passwords such as:
- Names (your name, family member names, business name, user name, etc.)
- Dates (birthdays, anniversaries, etc.
- Dictionary words
- Choose a password you can remember without writing it down. If you do choose to write it down, store it in a secure location.
Avoiding Social Engineering Attacks
In a social engineering attack, an attacker uses human interaction to manipulate a person into providing them information. People have a natural tendency to trust. Social engineering attacks attempt to exploit this tendency in order to steal your information. Once the information has been stolen it can be used to commit fraud or identity theft.
Criminals use a variety of social engineering attacks to attempt to steal information, including:
The following sections explain the meaning of these common attacks and provide tips you can use to avoid being a victim.
- Website Spoofing
Website spoofing is the act of creating a fake website to mislead individuals into sharing sensitive information. Spoofed websites are typically created to look exactly like a legitimate website published by a trusted organization.
- Pay attention to the web address (URL) of websites. A website may look legitimate, but the URL may have a variation in spelling or use a different domain.
- If you are suspicious of a website, close it and contact the company directly.
- Do not click links on social media sites, pop-up windows, or non-trusted websites. Links can take you to a different website than their labels indicate. Typing an address in your browser is a safer alternative.
- Only give sensitive information to websites using a secure connection. Verify the web address begins with “https://” (the “s” is for secure) rather than just “http://”.
- Avoid using websites when your browser displays certificate errors or warnings.
Phishing is when an attacker attempts to acquire information by masquerading as a trustworthy entity in an electronic communication. Phishing messages often direct the recipient to a spoof website. Phishing attacks are typically carried out through email, instant messaging, telephone calls, social media, and text messages (SMS).
- Delete email and text messages that ask you to confirm or provide sensitive information. Legitimate companies don’t ask for sensitive information through email or text messages.
- Beware of messages sent through social media. Legitimate companies don’t ask for sensitive information through social media. Beware of visiting website addresses sent to you in an unsolicited message.
- Even if you feel the message is legitimate, type web addresses into your browser or use bookmarks instead of clicking links contained in messages.
- Try to independently verify any details given in the message directly with the company.
- Utilize anti-phishing features available in your email client and/or web browser.
- Utilize an email SPAM filtering solution to help prevent phishing emails from being delivered.
Report Fraudulent or Suspicious Activity
Contact us immediately if you suspect you have fallen victim to a social engineering attack and have disclosed information concerning your Hanover Community Bank accounts.
Call us at 1-877-HCB-2131 or visit your local Hanover Community Bank branch location.
Regularly monitoring your account activity is a good way to detect fraudulent activity. If you notice unauthorized transactions in your account, notify Hanover Community Bank immediately.
Commerical Account Owners:
We advise owners of commercial accounts to perform their own risk assessments and control evaluations, considering the risks related to online transactions that businesses face. To aid you in determining the online cybersecurity risks your business may be exposed to, we will provide you with a Commercial E-Banking Risk Assessment and Controls Evaluation to complete. To get a copy of this self-assessment, please email us at firstname.lastname@example.org and provide us with your email address, name of business and name of requestor.
To begin your self-assessment, it is recommended that you do the following:
Make a list of the risks related to online transactions for your business including passwords being left in the open.
- The use of old or inadequate passwords.
- The possibility of internal fraud or theft.
- Delays in terminating the rights of former employees
- The lack of dual control or other checks and balances over individual access to online transaction capabilities.
An evaluation of controls your uses may include:
- Using password protected software to house passwords in
- Conducting employee background checks
- Initiating a policy and process to terminate access for former employees
- Segregating duties among two or more people so no one person has too much access or control
- Conducting internal or third party audits of controls
- Using firewalls to protected from outside intrusion or hackers.
You can also visit the following websites to learn more about how to protect your