Helping you protect yourself.
Safety and security for our clients is a partnership, and maintaining the security of your personal information as well as protecting your financial assets are among our highest priorities. It will come as no surprise that fraudsters use complex and sophisticated schemes in hopes of illegally gaining access to your personal data and financial assets.
We hope that sharing this type of information, as well as the corresponding tips, will help you to identify scams if and when you see them, and to take simple steps to protect yourself.
We’ll keep you updated as we learn more and as scamming techniques evolve. We're looking out for your financial safety every day.
If you have any questions, please feel free to call our Customer Care Team at (888) 746-4562.
A Credential stuffing attack occurs when hackers take stolen login data from the Dark Web. This could be your usernames and passwords stolen from a previous attack, and they use it to try and gain access to your other online accounts. Here’s the process:
- A criminal steals, buys or finds usernames and passwords online
- The criminal attempts to access an account on a popular site using the stolen usernames and passwords
- Credentials that work, get marked as “working” or valid
- The criminal creates a new database of working credentials and sells it on the dark web or hacker forums
If you are the target of a credentials stuffing attack, a hacker now knows TWO things about you. You use the same credentials on multiple sites, and you don’t update your passwords often
So, what can you do?
- Enable two-factor authentication – our personal favorite, and the strongest measure you can take against credential stuffing. Even if they do get your login information, they will not be able to get your one time-time code needed to complete the login. Have these texted directly to your cell phone.
- Sign up for account access notifications. – this is becoming more popular to do on sites. It will send you an alert if your account is accessed from a new device. Always enable this when offered. If you receive the alert, and it appears to be a hacker, immediately change your credentials.
- Close and delete accounts for services you’re not using any more. Some sites and service providers keep your accounts open hoping that you will return in the future. Old accounts are a significant vulnerability.
- Never use the same password or usernames across multiple accounts – Avoid small variations as well. Hackers can easily crack codes with a set of usernames and passwords. As a rule, it should take a hacker more than 5 tries to guess a password.
The change to ledyard.bank provides you an even more secure banking experience, learn more about it here.
Internet (or Cyber) Fraud is a growing concern in the financial services industry. Cyber fraud occurs when perpetrators of a scam entice internet users to give them critical information such as usernames, passwords, credit card information, bank account information, or other types of account information.
Guidelines for Safer Online Banking
With more and more people filing their taxes online, there are greater security risks for your personal financial data. Read the latest information on Tax Identity Theft Awareness from the Federal Trade Commission to heighten awareness of this growing concern.
To learn more about how to protect yourself from Cyber Fraud, please read the list below that offers safety tips to minimize exposure to such crimes. Please be aware that this list offers suggestions that may or may not be right for each circumstance. Further, it is not intended to be a complete and all-inclusive solutions manual.
- Always use current and supported computer operating system and application software, being sure to routinely and continuously install security patches and other critical updates from the vendor.
- Always maintain a current anti-malware Internet suite from a reputable vendor, being sure to routinely and continuously update associated pattern files. Some of the more well-known vendors and products are Kaspersky (Kaspersky Internet Security), McAfee (McAfee Internet Security, McAfee Total Protection for Secure Business), Symantec (Norton Internet Security), and Trend Micro (Trend Micro Titanium, Trend Micro Worry Free, Trend Micro Enterprise Security Suite).
- Use strong passwords, change them often (we suggest at least every 90 days), and don’t share them or write them down.
- Be suspicious of all e-mail, even if it appears to come from someone you know.
- Never click on a link within an e-mail unless you verify with the sender first.
- To reduce your exposure to Internet threats, choose Internet browser settings which restrict dangerous programs and features you don’t need. How to do this varies by browser but, in general, set default security settings to “High”. For more details, you may want to copy the following URL address into your browser and visit the site:
- Be selective about where you browse on the Internet, and be wary of downloads offered by a pop-up window.
Most internet scams are done via e-mail. However, other methods can utilize the internet itself. For example, banks and other financial institutions are seeing a rise in a different type of cyber fraud known as ACH fraud. While ACH fraud seems to hit Small- and medium-sized businesses more frequently, ACH fraud can target individuals’ personal accounts, as well. This major cyber-security threat involving ACH fraud is perpetrated by criminals who steal banking credentials and then make use of those credentials to initiate wire and ACH transfers from the victim’s account(s), out to mules and then back to where the cybercriminals are based - often in Eastern Europe. Small-medium sized businesses, as well as individuals, are typically targeted for this crime because they're viewed - relative to enterprise businesses - as lacking IT sophistication and staffing.
7 Tips for Protecting Yourself Online
Though the internet has many advantages, it can also make users vulnerable to fraud, identity theft and other scams. Ledyard recommends the following tips to keep you safer online:
- Keep your computers and mobile devices up to date. Having the latest security software, web browser and operating system are the best defenses against viruses, malware and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.
- Set strong passwords. A strong password is at least eight characters in length and includes a mix of upper and lowercase letters, numbers and special characters. Use unique passwords for all financial online accounts. Never share your password, account number, PIN or answers to security questions.
- Watch out for phishing scams. Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. Do not click on links or open any attachments or pop-up screens from sources you are not familiar with. Forward phishing emails to the Federal Trade Commission (FTC) at firstname.lastname@example.org and to the company, bank or organization impersonated in the email.
- Keep personal information personal. Hackers can use social media to figure out your passwords and answer those security questions in the password reset tools. Lock down your privacy settings and avoid posting things like birthdays, addresses, mother's maiden name, etc. Be wary of requests to connect from people you do not know.
- Secure your internet connection. Always protect your home wireless network with a password. When connecting to public Wi-Fi networks, be cautious about what information you are sending over it.
- Shop safely. Before shopping online, make sure the website uses secure technology. When you are at the checkout screen, verify that the web address begins with https. Also, check to see if a tiny locked padlock symbol appears on the page.
8 Tips to Protect Your Identity
Identity theft continues to be one of the fastest growing crimes in the United States. In 2013, an American fell victim to identity fraud every two seconds. Ledyard recommends following these tips to keep your information - and your money - safer.
- Don't share your secrets. Don't provide your Social Security number of account information to anyone who contacts you online or over the phone. Protect your PINs and passwords and do not share them with anyone. Use a combination of letters and numbers for your passwords and change them periodically. Do not reveal sensitive or personal information on social networking sites.
- Shred sensitive papers. Shred receipts, bank statements and unused credit card offers before throwing them away.
- Keep an eye out for missing mail. Fraudsters look for monthly bank or credit card statements or other mail containing your financial information. Consider enrolling in online banking to reduce the likelihood of paper statements being stolen. Also, don't mail bills from your own mailbox with the flag up.
- Use online banking to protect yourself. Monitor your financial accounts regularly for fraudulent transactions. Sign up for text or email alerts from your bank for certain types of transactions, such as online purchases of more than $500.
- Monitor your credit report. Order a free copy of your credit report every four months from one of the three credit reporting agencies at annualcreditreport.com.
- Protect your computer. Make sure the virus protection software on your computer is active and up to date. When conducting business online, make sure your browser's padlock or key icon is active. Also look for an "s" after the "http" to be sure the website is secure.
- Protect your mobile device. Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen. Before you donate, sell or trade your mobile device, be sure to wipe it using specialized software or using the manufacturer's recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen. Use caution when downloading apps, as they may contain malware and avoid opening links and attachments - especially from senders you don't know.
- Report any suspected fraud to your bank immediately.
12 Ways to Protect Your Mobile Device
Your mobile device provides convenient access to your email, bank and social media accounts. Unfortunately, it can potentially provide the same convenient access for criminals. Ledyard recommends following these tips to keep your information - and your money - safer.
- Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.
- Log out completely when you finish a mobile banking session.
- Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.
- Use caution when downloading apps. Apps can contain malicious software, worms and viruses. Beware of apps that ask for unnecessary "permissions."
- Download the updates for your phone and mobile apps.
- Avoid storing sensitive information like passwords or a social security number on your mobile device.
- Tell your financial institution immediately if you change your phone number or lose your mobile device.
- Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you're punching in sensitive information.
- Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer's recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
- Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don't know. And be wary of ads (not from your security provider) claiming that your device is infected.
- Watch out for public Wi-Fi. Public connections aren't very secure, so don't perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network.
- Report any suspected fraud to your bank immediately.
5 Ways to Protect Your Small Business from Account Fraud
Corporate account takeover is a type of fraud where thieves gain access to a business' finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable. Ledyard recommends following these tips to keepyour small business safer.
- Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices and responses to a suspected takeover are essential to protecting your company and customers.
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
- Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop-ups and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
- Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don't, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.
Other General Cybersecurity Tips
- Do not save credit or debit card, banking account or routing numbers, or other financial information on your computer, phone or tablet.
- Never give out personal information over the phone, through the mail, or on the Internet unless you've initiated the contact and are sure you know who you're dealing with. If you must share personal information, always confirm that you are dealing with a legitimate organization.
- Never use your Social Security number on your driver's license or other forms of identification.
- Banks will not ask you to verify personal information over the phone or via email. If you receive a phone call or email asking you to verify information, end the call, do not respond, and call the bank directly.
- If you receive an email asking for personal information, do not hit the "reply" button or click on any website link in the email. Instead, go directly to the sender's website by typing in the sender's website address.
- Do not plug in unknown or unfamiliar jump drives into your laptop or desktop computer.
- Protect your personal information. Don't leave sensitive documents containing personal information where anyone can see it.
- Use a shredder before disposing of personal records, espeically financial records - preferably a cross-cut shredder. (Thieves have been known to paste together singleshred documents to obtain information.)
- Don't use an automatic log-in feature on your computer.
For more information on Identify Theft please visit the Federal Deposit Insurance Corporation's website at: https://www.fdic.gov/consumers/assistance/protection/IdTheft.html
Get instant alerts on scams in Vermont
Sign up here to receive instant voice, text or e-mail alerts
FBI Fraud Advisory for Businesses: Corporate Account Takeover
Cyber criminals are targeting the financial accounts of owners and employees of small and medium sized businesses, resulting in significant business disruption and substantial monetary losses due to fraudulent transfers from these accounts. The FBI has released a fraud advisory with recommendations and resources. All banks with corporate and government accounts should read this advisory. To learn more about ACH fraud, please click on the link to read the full article: Corporate Account Takeover PDF
Do's and Don'ts During Tax Time - Do you file your taxes online or through a mobile app? Do it securely and consult these tips of Do's and Don'ts during tax time.
Public Wi-Fi and Security - Public Wi-Fi networks are a security risk for your private information. Learn how to protect your sensitive and confidential data, like banking details.
Federal Trade Commission Identity Theft Site – a one-stop national resource to learn about the crime of identity theft. It provides detailed information to help you deter, detect, and defend against identity theft.
Federal Trade Commission Video to Help Identity Theft Victims - If you’re a victim of identity theft or know someone who is, the Federal Trade Commission has a new video designed to help facilitators who assist consumers in repairing their identity.
United States Department of Justice Identity Theft Site – Frequently Asked Questions about Identity Theft and Identity Fraud.
Credit Report – annualcreditreport.com - a centralized service for consumers to request free annual credit reports.
Five Ways Identity Thieves are Targeting You - An article about five prevalent ways that fraudsters steal people's identities
Identity Theft Protection & Security Center*
Protect your identity and secure your credit with the Identity Theft Protection & Security Center† offered through GenGold®. A GenGold® membership is free with your Ledyard
Plan relationship or $2.00 per month with any other account.
* You must activate the Identity Theft Restoration Coverage to be covered.
The U.S. Postal Service has great information on preventing mail fraud. Click here to read the document and learn how to protect yourself.
Updated Scam and Fraud Alerts
AARP offers helpful, up-to-date information on latest scams and fraud here.
Here’s what some recent payment scams look like:
1. Impersonating a Ledyard Representative
Scammers may try to pose as a Ledyard representative requesting your personal information or to transfer money by phone, text or email. Please be aware that they may also use a fake caller ID that could show up as Ledyard.
TIP: When in doubt, hang up the phone and call us at (888) 746-4562, also found on our website and on the back of your debit card.
2. Pay Yourself
Scammers may contact you impersonating an individual or company you have done business with and tell you that they have noticed suspicious activity, such as money being sent from your account to another account. Typically, they’ll ask you to send the money to yourself with Zelle® to reverse the payment.
TIP: Ledyard will never ask you to do this. Before sending money to yourself at another bank or credit union, make sure the email address or U.S. mobile number you’re using to send the money has been enrolled with Zelle® at the other financial institution and is linked to your account.
3. Attempting to Gain Remote Access to Your Devices
You may receive a call or email from an unknown company or person who will request remote access to your phone or computer. They may also ask you to download an app to fix an “issue,” which would allow them remote access to your device and could expose your financial account information.
TIP: Be careful when giving device access to third parties.
4. Fake Websites
Legitimate-looking websites are being created by scammers, and a quick Google search will lead you to a real-looking phone number. When you call, they’ll try to obtain your online banking sign-in details or other sensitive information.
TIP: Always do the proper research before making a purchase online.
Protect yourself and your family.
Only use Zelle® and third-party payment apps to pay those you know and trust. Neither Zelle® nor Ledyard offers a protection program for authorized payments. For instance, if you buy an item with Zelle®, but you don’t receive it or it’s not what you expected, you may not get your money back.