Rondout Savings Bank continually makes investments in state-of-the-art online banking security to ensure we protect the confidentiality of every customer’s online information and to provide the utmost security of every user.

Equifax Security Breach

Equifax Security Information
On September 7, 2017, Equifax, one of the three major credit bureaus reported a security breach resulting in a compromise of over 143 million records. These records included peoples’ names, Social Security Numbers, addresses and, in some instances, driver’s license numbers.

What You Should Do? 

Equifax has provided information about the incident which can be found at the following website: https://www.equifaxsecurity2017.com/

The next bit of information well help protect you from fraudsters in the event your information was stolen. 

1. Check your Status:  Equifax has established a website where you can go to see if you were affected.  You enter the last six digits of your SSN and it will do a check.  The URL to check your status is https://trustedidpremier.com/eligibility/eligibility.html. Check the site every few weeks for a while as the situation is fluid and although your information may not be affected today, it could be a few weeks from now.
2. Security Freeze: This action does the most to protect you. Unfortunately, few people know about it. What a security freeze does is lock your credit scores so no one can access them. This means that while your credit score is frozen no bank or financial organization (such as a credit card company) can check what your credit score is, which means no one will give you (or a criminal pretending to be you) a loan or credit card. The challenge is you have to manually setup a security freeze with each of the credit bureaus (Innovis is actually another and fourth credit bureau). In addition, if you want to get a new loan or credit card, you then have to manually unlock your credit service. Then again, how often do you apply for a new loan or credit card? It’s well worth doing.
3. Monitor Financial Accounts: Watch your bank and credit card accounts carefully. Many of them have a service where they notify you (via text or email) if a bank withdrawal or credit card charge is over a certain limit, or can send you daily reports of your financial activity. We highly recommend you enable at least one of these. You are looking to make sure there are no unauthorized transactions in the coming weeks.
4. Social Engineering Attacks: If your email address or phone number was compromised you can bet you will receive Phishing emails or phone calls in the coming days/weeks.  Cyber criminals will take advantage of this incident and launch millions of phishing emails, phone calls or text messages trying to fool people. Do not respond to anyone asking you to provide sensitive information by phone, email or text message.
5. Tax Fraud: Unfortunately, another crime that can be committed with this stolen information is tax fraud. In other words, criminals submit for tax refunds in the name of the victim. The easiest way to protect yourself against these attacks is submit your tax refund as soon as possible, beat the bad guys to it.
6. Password: If you had an account on the Equifax website (login / password) you should change it.  Even though Equifax did not report any passwords being compromised, their investigation is still on going.

The IRS Issued An Urgent Warning Against An IRS / FBI-Themed Ransomware Phishing Attack

IR-2017-134, Aug. 28, 2017

WASHINGTON — The Internal Revenue Service today warned people to avoid a new phishing scheme that impersonates the IRS and the FBI as part of a ransomware scam to take computer data hostage.

The scam email uses the emblems of both the IRS and the Federal Bureau of Investigation. It tries to entice users to select a “here” link to download a fake FBI questionnaire. Instead, the link downloads a certain type of malware called ransomware that prevents users from accessing data stored on their device unless they pay money to the scammers.

“This is a new twist on an old scheme,” said IRS Commissioner John Koskinen. “People should stay vigilant against email scams that try to impersonate the IRS and other agencies that try to lure you into clicking a link or opening an attachment. People with a tax issue won’t get their first contact from the IRS with a threatening email or phone call.”

The IRS, state tax agencies and tax industries – working in partnership as the Security Summit – currently are conducting an awareness campaign called Don’t Take the Bait, that includes warning tax professionals about the various types of phishing scams, including ransomware. The IRS highlighted this issue in an Aug. 1 news release IR-2017-125 Don’t Take the Bait, Step 4: Defend against Ransomware.

Victims should not pay a ransom. Paying it further encourages the criminals, and frequently the scammers won’t provide the decryption key even after a ransom is paid.

Victims should immediately report any ransomware attempt or attack to the FBI at the Internet Crime Complaint Center, www.IC3.gov. Forward any IRS-themed scams to phishing@irs.gov.

The IRS does not use email, text messages or social media to discuss personal tax issues, such as those involving bills or refunds. For more information, visit the “Tax Scams and Consumer Alerts” page on IRS.gov. Additional information about tax scams is available on IRS social media sites, including YouTube videos.

If you are a tax professional and registered e-Services user who disclosed any credential information, contact the e-Services Help Desk to reset your e-Services password. If you disclosed information and taxpayer data was stolen, contact your local stakeholder liaison.

E-mails fraudulently claiming to be from the FDIC

To:
Chief Executive Officer (also of interest to Security Officer)
Subject:
Consumer Alert
Summary:
E-mails fraudulently claiming to be from the FDIC are attempting to get recipients to click on a link, which may ask them to provide sensitive personal information. These e-mails falsely indicate that FDIC deposit insurance is suspended until the requested customer information is provided.
Distribution:
FDIC-Supervised Banks (Commercial and Savings)
Note:
Paper copies of FDIC Special Alerts may be obtained through the FDIC’s Public Information Center, 877-275-3342 or 703-562-2200.

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that “in cooperation with the Department of Homeland Security, federal, state and local governments…” the FDIC has withdrawn deposit insurance from the recipient’s account “due to account activity that violates the Patriot Act.” It further states deposit insurance will remain suspended until identity and account information can be verified using a system called “IDVerify.” If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient’s computer.

This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.

The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

For your reference, FDIC Special Alerts may be accessed from the FDIC’s website. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit FDIC Special Alerts.