Security Center

Security Center

Security Center



CONTACT US

24/7/365


Security Center



 

 

Learn Protect Recent Scams Report

Learn

Account Takeovers

Account takeover is when criminals gain control of bank account(s) by stealing the victim’s online banking credentials. Although there are several methods being employed to steal credentials, the most prevalent involves malware that infects a computer. Malware is commonly distributed via email links, social networking sites and malicious websites.

Once credentials are stolen, accounts are accessed online and unauthorized transactions may result. To reduce your risk, take the following precautions:

  • Install, update, and maintain good quality anti-virus and anti-spyware software.
  • Keep your security questions safe.
  • Maintain strong passwords.
  • Watch your statements closely for any unauthorized activity.

Business customers should use online banking features like positive pay and dual controls.

If you have released any information improperly or believe you may have compromised account information, please immediately report it to Customer Care (fraud@associatedbank.com) or call 800-682-4989. You may also use the reporting fraud link on this site.

Anonymizing Online Privacy Services

Some Internet users choose to use services that intend to enable online anonymity by “anonymizing” or masking their network communication to the Internet. This can be done by using specialty software, such as TOR or other online services.

These services provide a degree of anonymity, but generally do not assure security for consumers using secure financial services. In fact, using these services with your online banking account can increase your risk of online account takeover, due to many factors beyond your control.

If you choose to use these services, you should avoid using them with your online financial service accounts, like online banking. Keep in mind that the bank knows your identity once you log in, so these services do not provide the intended value for online banking.

Associated takes your security seriously, using strong encryption and other protections for your account and personal information. Secure Sockets Layer encryption ensures industry standard, strong encryption for your online activities.

Email Account Takeover

Issue: Scammers steal passwords for web based email services. The intent is to use this information to “take over” legitimate email accounts, and then send email from your accounts to trick people you know. Because the email looks like it was created by you, the recipient “trusts” it and may fall for a scam.

Every day, thousands of people "lose control" of their personal web based email accounts. Losing control of your Gmail, Yahoo, or Hotmail account can be a pain. Criminals have latched onto this as a method for scams, including sending links or email attachments to people. These links or attachments can contain malware that may (among other things) lead to account takeover.

A prevalent scam involves the attacker using the victim’s email account to send messages to their bank or other financial institution. These messages usually indicate that the victim urgently needs account balances, and then may request to transfer money from legitimate accounts to an unauthorized party. The criminal will pretend that a serious and/or urgent issue has occurred, and has prevented the victim from using normal bank processes to transfer money (e.g. funeral, accident).

The reason this scam works so well is because the email that others receive, convincingly appears to be from the victim. The recipients may trust email from someone they already know.

How does this issue occur? People make poor password decisions or create easily guessed account recovery questions for their email accounts. Many times, password re-use from another “hacked” web service may have been used to get your email password. Another common cause is phishing.

In order for the scammer to maintain control, a host of unauthorized changes may be made to an email account. These changes allow a scammer to keep accessing the victim's account, or even forward some or all of your email to another location, even after that person has changed their password.

If you receive an email from a friend that looks out of character (strange message or clickable link), suspect this may have already occurred. Avoid clicking anything in the email until you personally validate the content with the supposed sender.


Tip: Many email services have advanced settings that allow for better security, but you have to enable these features. Review your account’s advanced security options and enable features that protect you.

If you have been a victim of this issue, follow these instructions:

  • Change your email password. Create a strong passwordthat you don’t use for any other service.
  • Contact your service provider for help and advice.
  • Go into your email account’s advanced options and change your account recovery options (challenge questions, phone numbers, and backup email address). Review these settings for changes you did not make.
  • Check the websites and applications that are allowed to access your account, and revoke any settings that are unfamiliar.
  • Check your advanced mail settings for suspicious forwarding addresses or delegated accounts.
  • Check your email folders, (such as spam, sent items and deleted items) for any messages that may have been sent from your account.
  • Contact recipients of unauthorized email to inform them of what occurred.
  • Consider advanced security settings that protect you from future issues.
Fake Checks

Checks are a convenient form of payment, but can be misused by scammers. A problem to be aware of is “fake check” scams.

There are many variations on the fake check scam. It could start with someone offering to buy something you advertised, pay you to do work at home, give you an “advance” on a sweepstakes you’ve supposedly won, or pay the first installment on the millions that you’ll receive for agreeing to have money in a foreign country transferred to your bank account for safekeeping. In many cases, the person may sound quite believable.

Fake check scammers hunt for victims. They scan newspaper and online advertisements for people listing items for sale, and check postings on online job sites from people needing employment. They may even place their own ads with phone numbers or email addresses for people to contact them. They may also call or send emails or faxes to people randomly, knowing that some will take the bait.

Don’t be a “mule”. Scammers hunt for victims and seek to make them “mules”. They do this by sending a fake check that draws money from an account that does not belong to them (another victim). They may offer this check as payment for service or work. Many times, they will call the victim an “agent”, requesting they transfer money overseas. In exchange, they will typically allow the victim to keep a percentage of money as “payment”. Whatever the scam, the act is illegal and the victims will be defrauded. They may also be subject to legal prosecution.

 

Tip: Just because funds are available, it doesn’t mean that the check has cleared. If a check doesn’t clear, you will be liable for money drawn against it.

 

The checks are fake but they may look real. Some are phony cashier’s checks, others look like they’re from legitimate business accounts. The companies whose names appear may be real, but someone has made up the checks without their knowledge.

To avoid being a victim, consider the following precautions:

  • Throw away any offer that asks you to pay for a prize or a gift. If it’s free or a gift, you shouldn’t have to pay for it. Free is free.
  • Resist the urge to enter foreign lotteries. It’s illegal to play a foreign lottery through the mail or the telephone, and most foreign lottery solicitations are phony.
  • Know who you’re dealing with, and never wire money to strangers. If possible, meet them before sending money.
  • If you’re selling something, don’t accept a check for more than the selling price, no matter how tempting the offer or how convincing the story.
  • If you accept payment by check, ask for a check drawn on a local bank, or a bank with a local branch. That way, you can make a personal visit to make sure the check is valid. If that’s not possible, call the bank where the check was purchased, and ask if it is valid. Get the bank’s phone number from directory assistance or an Internet site that you know and trust, not from the check or from the person who gave you the check.
  • If the buyer insists that you wire back funds, end the transaction immediately. Legitimate buyers don’t pressure you to send money by wire transfer services. In addition, you have little recourse if there’s a problem with a wire transaction.
  • Resist any pressure to "act now." If the buyer’s offer is good now, it should be good in a week.

Visit the FTC's website to learn more about fake check scams.

Fraudulent Email

You probably get a lot of email. Most of what you get is probably reputable, but some can be scams. Fraudulent email can take many shapes. These can be messages that look to be from your friends or family, but are actually sent by someone you don’t know or trust. These messages may even be sent over social networks!

The email may be "spoofed” or sent from email accounts that were taken over by scammers. When email accounts are taken over, a friend or family member’s email password is in the hands of a scammer, and the scammer uses that email account to contact people in the victims address book. They might send links for you to click on, spam for you to read, or pretend to be a person in need.

The scammer could pretend to be in trouble, ask for money to repair a broken down car, or to get out of jail in a foreign country. You might even trust this email because it appears to be legitimate!

Tip: Don’t use your personal accounts from a shared computer, like the library or a friend’s house. You don’t know what malware may be on the computer or how it’s being monitored. You could end up with your banking or email password in someone else’s hands.

Approach email with suspicion, especially if it seems out of character with the sender. If in doubt, call the sender and confirm what was sent.

Learn more about related threats like phishing, spoofing, and spam by reading other articles in the Security Center.

Internet Purchases

Many people purchase goods and services over the Internet. While many Internet retailers and auctions are reputable, there are scams to avoid.

Scammers can easily ""set up shop"" on the Internet with very little effort. These sites can look convincing, but may be dangerous. Purchasing from disreputable sources can cause credit card theft, deliver sub-par goods, or simply defraud you by not shipping purchases.

You can avoid trouble by using these tips:

Know who you're dealing with – avoid purchasing from links in spam or web searches. Look for positive online reviews.

Know what it will cost – and never send cash or allow "overpayment".

Pay by credit card – for better protection.

Don't email your financial information – email is not a secure transmission method.

Keep a paper trail – keep receipts and monitor your accounts for correct withdrawals.

Businesses or individuals who sell online should only use reputable payment methods. Checks and money orders may be fraudulent and are not easily checked at payment. Merchandise should only be shipped if payment is verified.

Visit the Federal Trade Commission’s website Onguardonline to learn even more about online shopping and Internet Auctions.

http://www.onguardonline.gov/articles/0020-shopping-online

Malware

Malware is a generic term for many different computer threats, including viruses, spyware, or trojans. The term generally describes malicious software. Malware threats are very different than in the past, where it generally caused data loss or computer system slowdown. These days, malware is mainly engineered to steal your personal information or gain access or use of your system.

Any computer can be at risk, not just the Microsoft Windows operating system. All systems need protection from this threat.

Malware can be brought to a computer in many ways, but the most common ways are through email and webpages. Email from strangers with attachments or clickable links can install malware, or simply surfing the web to a page that hosts malware can cause this problem.
 

Tip: Associated will never ask you for your credit card information, PIN, or card security code to identify you. If you see this on what appears to be our webpage, cease using the affected computer and immediately report it to Customer Care (fraud@associatedbank.com) or call 800-682-4989.

Some malware related terms:

Virus is a term for malicious software that infects digital files or computer processes. Viruses can spread from computer to computer, or can come from websites. Viruses have no good or useful components. They are developed to perform a task for its creator.

Spyware is a term for malicious software that is engineered to steal personal information or spy on your activities, but does not generally spread from computer to computer. This type of threat is sometimes brought into computers by being packaged with other useful software, “helper” applications, or web browser toolbars.

Trojans are named after the classic example of the Trojan Horse. A piece of software is packaged with a harmful, but hidden component, and is usually made attractive to you by promising that you are getting something useful. The victim voluntarily installs the software, and the hidden component comes along for the ride. Very often illegal, stolen software found online will contain this threat.

No matter what, malware is a serious threat. It can capture what you type (like login credentials), take screenshots of your computer’s activities, and even take control of your computer without your knowledge.

The most serious and financially impactful threat is called a "banking trojan". This type of malware can stay silent, and then selectively activate when online banking services are used. It can change how certain web sites look, especially online banking or financial sites. This type of malware may add screens that look as if the website is requesting personal information to validate you, or may impersonate a warning about the site being "unavailable". It can also steal everything you type or see on these pages. The most serious and financially impactful threat is called a "banking trojan". See an example of what banking trojans can do.

How to prevent malware:

  • Keep your computer up to date by applying software updates (patches) as soon as possible. Pay special attention to "plugins" like Flash, Java, and Acrobat Reader. You may have to apply updates to these items manually. Malware may use outdated versions of these plugins as a "gateway" to infect your computer.
  • Install and configure a quality software security suite, and keep it updated. Be sure that the product contains multiple protection methods, including anti-virus, anti-spyware, and web protection. Keep in mind that most products are subscriptions and need to be kept valid. While important, don’t rely on anti-virus security software as the sole protection for your computer.
  • Don’t ignore warnings from security software. Take the recommended actions (if offered).
  • Don’t log onto your computer as an "administrator". Many modern operating systems allow you to use your computer as a "limited" user, and selectively increase permissions as needed. This may prevent unwanted software from slipping in without your approval.
  • Consider using a dedicated computer for financial needs, and keep that computer up to date and secured. Don't use the dedicated computer for other Internet purposes, like email and casual web surfing.
  • Only install reputable, legal versions of software on your computer.
  • Don’t change computer or Internet browser settings to values that weaken security.

If your computer is infected with malware:

  • Cease using the affected computer for any sensitive purpose (like shopping or financial services)
  • Identify what passwords or information may have been used on the infected computer, and change your passwords from another, clean computer under your control (not from a shared computer, library, or coffee shop). Consider your financial, email, and shopping passwords as sensitive. Make sure you follow good password recommendations.
  • Back up your personal information (documents, pictures, music). This will keep your important information safe.
  • Obtain professional help from a reputable business who has experience in computer support and specializes in malware identification and removal.
  • For serious malware infections, consider wiping the computer and reloading it from original install disks. This method will remove data and programs from the computer, so only do this you have backed up your personal data. This is the most reliable way of removing complex malware threats.
  • After the computer issues are remediated, focus on restoring your information and following the steps outlined in How to prevent malware. If you have reinstalled the computer’s operating system, make sure you fully update the computer before surfing the web.

To learn more about malware, visit the Federal Trade Commission’s website Onguardonline.

Mobile Security

Many people today own mobile computing devices like “smartphones” and tablets to take advantage of portability and “always there” access to computing. No matter what type of system you choose, basic security precautions should be taken to protect your device, data, and online accounts.

Security threats that can affect your mobile device (smartphone or tablet):

  • Loss or theft
  • Malware (viruses)
  • Privacy stealing “good” applications
  • Snooping or access by unauthorized people

Many people don’t recognize that these mobile devices are essentially powerful computers with a small screen. In many cases, the same precautions you would take with a laptop computer apply, but there are some unique factors to consider. The good news is that a few basic security precautions can easily protect you.

Security precautions for Android devices

  • Avoid “rooting” the system. Rooting is a process of modifying the mobile operating system to allow a great deal of customization, but doing so drastically increases the chance of malware threats to your device.
  • Don’t allow your device to install applications from “unknown sources”. This is a setting under “Security” in your device.
  • Install a trustworthy antivirus program, just like you would with your main computer. Once installed, scan your device for viruses on a regular basis.
  • Remove applications you don’t need from the device. Understand and be picky about the permissions an application wants from you. A flashlight application should not access your personal contacts!
  • Set a security lock on the device that is a passphrase or PIN. This will avoid someone simply picking up your device and accessing your information.
  • Be aware of your surroundings. Don’t type passwords for your accounts while people may be watching you or looking over your shoulder. Don’t leave your phone or tablet unattended in a public place, even for a minute.
  • Don’t connect to untrustworthy, unknown, or “open” (no security) WiFi networks.
  • Avoid phishing and smsishing.
  • Keep your device up to date with the latest version of the operating system available for your system. Doing this prevents security threats due to software flaws.


Tip: Some applications can allow you to locate, lock, or even wipe clean your mobile device if it’s lost. Apple has a built-in capability, and you may be able to install an application on your Android device to do this. Learn how to do this before your device goes missing!

Security precautions for Apple iOS devices (iPhone, iPad)

  • Avoid “jailbreaking” the system. Jailbreaking is a process of modifying the mobile operating system to allow a great deal of customization, but doing so drastically increases the chance of malware threats to your device.
  • Set a security lock on the device that is a passphrase or PIN. This will avoid someone simply picking up your device and accessing your information.
  • Be aware of your surroundings. Don’t type passwords for your accounts while people may be watching you or looking over your shoulder. Don’t leave your phone or tablet unattended in a public place, even for a minute.
  • Don’t connect to untrustworthy, unknown, or “open” (no security) WiFi networks.
  • Avoid phishing and smsishing.
  • Keep your device up to date with the latest version of the operating system available for your system. Doing this prevents security threats due to software flaws.


Tip: Some applications can allow you to locate, lock, or even wipe clean your mobile device if it’s lost. Apple has a built-in capability, and you may be able to install an application on your Android device to do this. Learn how to do this before your device goes missing!

Online Romance Scams

People are increasingly turning to the Internet to meet people, and criminals know this. While many dating services are reputable, not everyone who uses those sites should be considered trustworthy. Sometimes, scams can occur with you being defrauded by someone you think you know and trust.

Here’s how the scam usually works. You’re contacted online by someone who appears interested in you. He or she may have a profile you can read or a picture that is emailed to you. For weeks or even months, you may chat back and forth with one another, forming a connection. You may even be sent flowers or other gifts. But ultimately, your new-found “friend” is going to ask you for money.

In addition to possibly losing your money to someone who has no intention of ever building a relationship, you may also find yourself unknowingly taking part in a money laundering scheme by cashing phony checks and sending the money overseas.

Recognizing an Online Dating Scam Artist

Your new online “friend” may only be interested in your money if he or she:
  • Presses you to leave the dating website you met through and to communicate using personal e-mail or instant messaging
  • Professes instant feelings of love
  • Sends you a photograph of himself or herself that looks like something digitally manipulated or from a glamour magazine
  • Claims to be from the U.S. and is traveling or working overseas
  • Makes plans to visit you but is then unable to do so because of a tragic event
  • Asks for money for a variety of reasons (travel, medical emergencies, hotel bills, hospitals bills for child or other relative, visas or other official documents, losses from a financial setback or crime victimization)
  • Coaches you on how to respond to others who ask you about monetary requests made to you
  • Requests you to open new financial accounts to allow for easy money transfer
  • Asks for your online financial account(s) passwords and usernames to check on your balances or make money transfers directly

If you suspect you have been financially scammed, save all correspondence with the scammer and report the issue to your financial institution.

Phishing

The term phishing refers to a fraudulent attempt to obtain account information done via email. The email directs customers to click on a web link, and tries to trick them into submitting login credentials or other personal information to the scammers.

Phishing is what it sounds like, scammers throw a wide net (billions of fraudulent emails) in an attempt at “hooking” a few people. In this case, the trophy is your password, username, and personal information. Once they get this information, it could be quickly used to access your accounts.

Don’t be a victim. Learn to spot the hallmarks of phishing. Phishing may have the following hallmarks:

  • Unexpected email that warns of some consequence (like account suspension). This may have a “clickable” link that takes you to a “lookalike” site.
  • Poorly worded or confusing terminology in the text.
  • Promise of reward or refund, with a clickable link to a “lookalike” site.
  • Lack of personal information in the email. Things like account details are very generic.

Phishing may not only target your bank account. Other financial accounts like investments may be targeted, consumer services like online shopping, or even email services may be in the crosshairs.


Tip: Associated will not use highly sensitive information for verification or identity. We will never request credit card or debit card PIN, account passwords or personal email password(s) under any circumstances.


Phishing can take other forms too:

  • Vishing – Voice + Phishing. Calls by phone from live people or recorded messages
  • SMSishing – Text + Phishing. Text messages that ask you to click on links or call a phone number.

Businesses can be targeted more directly; scammers may research an organization and target people by name. This is called "spear phishing". No matter the form, precautions are still the same.

Don't respond if you get a message – by email, text, pop-up or phone – that asks you to call a phone number to update your account or give your personal information to access a refund. If in doubt, cease communication and call the number on the back of your credit or debit card, or on your financial statements.

If you have released any information improperly or believe you may have compromised account information, please immediately report it to Customer Care (fraud@associatedbank.com) or call 800-682-4989. You may also use the reporting fraud link on this site.

To learn more about phishing, visit the Federal Trade Commission’s website Onguardonline.


Prevention

Associated Bank proudly partners with the Federal Trade Commission and the US Computer Emergency Readiness Team (US-CERT) to provide you security tips you can use every day. Please visit the Federal Trade Commission's website Onguardonline for more information.

The US-CERT provides many security tips that can make you safer online and offline. Please visit them at http://www.us-cert.gov/ncas/tips/.

SMSishing

SMSishing sounds a lot like another threat called phishing. That’s because it is similar, scammers attempt to get personal information from you in an effort to defraud or steal. The difference is that this problem is sent through text messages to mobile phones rather than email.

Scammers throw a wide net (millions of text messages) in an attempt at “hooking” a few people. In this case, the trophy is your credit card, PIN, and personal information. Once they get this information, it could be quickly used to access your accounts.

This issue can appear to be a very generic text message that indicates there is trouble with your account, and requests you call a number or click on a link to access a web page.

To protect yourself, you are advised to be highly suspicious when receiving messages directing you to call and provide credit card or bank numbers.


Tip: Associated’s consumer online banking system does have text message alerts that you can enable and configure, but we do not send unsolicited text messages warning of security issues.


Don't respond if you get a message – by email, text, pop-up or phone – that asks you to call a phone number to update your account or give your personal information to access a refund. If in doubt, cease communication and call the number on the back of your credit or debit card, or on your financial statements.

If you receive these scams, report fraud attempts to your cellular communications provider and local law enforcement, as they provide the best capabilities to stop this type of activity.

Read the article in the Security Center to learn more about the related threat of vishing.

If you have released any information improperly or believe you may have compromised account information, please immediately report it to Customer Care (fraud@associatedbank.com) or call 800-682-4989. You may also use the reporting fraud link on this site.

To learn more about the related threat of phishing, visit the Federal Trade Commission’s website Onguardonline.

Social Engineering Scams

What is social engineering? Simply stated, it's trickery. Social engineering can take many forms - phone calls, email, paper, even face to face. The bottom line is that it intends to get the victim to be a willing participant in their own victimization. Some examples include cleverly worded emails that “piggybacks” on newsworthy events, or web links that pretend to be charities after major disasters.

How do you protect yourself? First, know what information is important, like your password or personal information. Second, take some simple precautions:

  • Ignore spam.
  • Don’t fall for phishing.
  • Stay away from fake check scams.
  • Keep up to date on current scams.
Spam

Spam is a general term for unwanted "junk" email. Spam can be simply annoying and clog inboxes, but some spam should be considered a serious security threat. Links or attachments within spam can deliver malware, phishing, or other threats.

This is a recent example of spam that has targeted the general public in February 2012. It appears to come from AICPA, and warns that “your accountant license can be revoked”. This is one of many scams targeting individuals and businesses during the tax season. The link within the email would attempt to infect the computer with malware.

Spam1

Below is an example of spam that targeted the general public in 2011. The link within the email would attempt to infect the computer with malware.

Spam2

This is an example of spam that appears to come from UPS, a legitimate carrier. The link within the email would attempt to infect the computer with malware.

Spam3


This is an example of spam that appears to come from the IRS. The link within the email would attempt to infect the computer with malware.

Spam4

Spoofing

Many, if not most, instances of fraud use at least some spoofing. Think of spoofing as little lies. Spoofing intends to show you one thing, while giving you another.

For example, spoofing can take the form of web links in email. What is displayed (your bank's website) can actually be another thing (the scammer's website). This is also done with phone calls. Caller ID information should tell you who is calling, but scammers can change this information to look "real".

You should be aware that technology can be used to cause spoofing, and the result could be fraud. See the article in the Security Center about Phishing to learn more about what can happen and how you can protect yourself.

Vishing

Vishing sounds a lot like another threat called phishing. That’s because it is similar; scammers attempt to get personal information from you in an effort to defraud or steal. The difference is that this problem is sent through voice phone calls rather than email. Scammers throw a wide net (thousands of phone calls) in an attempt at “hooking” a few people. In this case, the trophy is your credit card, PIN, and personal information. Once they get this information, it could be quickly used to access your accounts.

To protect yourself, you are advised to be highly suspicious when receiving messages directing you to call and provide credit card or bank numbers. Associated Bank will never call and ask you for your PIN.

Don't respond if you get a message – by email, text, pop-up or phone – that asks you to call a phone number to update your account or give your personal information to access a refund. If in doubt, cease communication and call the number on the back of your credit or debit card, or on your financial statements.

Tip: If you receive an automated call that identifies itself as “your bank” or “your credit card company”, be very suspicious. To avoid serious privacy and security issues, don’t disclose personal information unless you have initiated the call. If in doubt, you should cease communication and contact us using information found on a previous bank statement or on Associated’s website.

If you receive these scams, report fraud attempts to your communications provider and local law enforcement, as they provide the best capabilities to stop this type of activity.

If you have released any information improperly or believe you may have compromised account information, please immediately report it to Customer Care (fraud@associatedbank.com) or call 800-682-4989. You may also use the reporting fraud link on this site.

To learn more about the related threat of phishing, visit the Federal Trade Commission's website Onguardonline.



Protect

Computer Physical Safety

Your computer’s software may be protected, but your information can still be at risk if your computer is stolen or lost. You could also be at risk if you give away old computers without completely wiping the old system’s internal storage.

Encryption products can protect your information, making the data useless if it leaves your control. Recent versions of Windows, Macintosh, and others provide encryption options free, with your computer. You just have to enable them.

If you give away old computers, make sure you thoroughly wipe the storage before you do so. Formatting or deleting your old information is not enough. Better yet, remove the old hard drive and keep it.

To learn more about computer disposal and how computers store personal information, visit the Federal Trade Commission’s website Onguardonline.

http://www.onguardonline.gov/articles/0010-disposing-old-computers

http://www.onguardonline.gov/laptop

Firewall

Associated Bank uses leading firewall and network security technology to protect our internal computer systems and servers from unauthorized access. Our clients can be confident that their personal information is completely safe and private.

Customers should also use firewalls to protect their computers from harm on the Internet. A firewall is like a guard, watching for outside attempts to access your system and blocking communications to and from sources you don't permit. Firewalls can be hardware or software, and may require you to configure them.


Tip: Modern operating systems usually have a firewall built in. Make sure you don’t disable or turn off this setting.

Firewalls don’t protect you from other Internet threats like phishing or malware. You need other types of protection from these issues.

To learn more about firewalls and computer security, see the Federal Trade Commission’s website Onguardonline.

Identity Theft

The FBI considers identity theft one of the fastest growing crimes in the United States and estimates 500,000 to 700,000 Americans become identity theft victims each year.

Identity theft is a federal crime. It occurs when one person's identification (which can include name, social security number or any account number) is used or transferred by another person for unlawful activities.

The Federal Reserve Board recently made available a new booklet designed to help consumers protect themselves against identity theft. The booklet describes the dangers posed by identity thieves, what people can do to protect themselves and what you should do if you're a victim.

Click here for a printable version of the booklet, "Identity Theft"

(Requires Adobe Acrobat Reader .)

My Credit Report

Give your Credit a Check-up

With a little research and five simple steps, it's easy to spruce up your credit profile.

  1. Get the facts
    The first step is to get a clear picture of your credit profile. Order your credit report, credit score and debt analysis online to get a complete picture of your current status. Look closely at the data from each credit bureau to see that it all matches up. Keep an eye out for:
    • Wrong mailing addresses
    • Incorrect Social Security info
    • Old employers
    • Signs of identity theft
    • Errors in your credit accounts
    • Late payments
    • Unauthorized hard inquiries
  2. Right the wrongs
    Contact your creditors or send letters of dispute to the credit bureaus to have errors on your credit report corrected. By law, the credit bureaus have 30 days to investigate your claim and make any appropriate corrections.
  3. Improve your behavior
    Identify problem areas on your credit report and make a plan for improvement. If you've had a hard time paying your bills on time, sign up for an automated payment service. If your debt levels are above 50% of your available limit, create a payment plan to reduce your balances. Set goals for improving your credit and be sure to celebrate when you reach a milestone.
  4. Follow up
    Check your credit again 30-60 days after disputing errors and changing your behavior to see how much you have improved. If any inaccuracies remain, continue to negotiate to have them taken off your credit report. If you want to tell your side of the story, ask to have a consumer statement added to your credit file.
  5. Monitor your credit
    To guard against fraud and keep your credit healthy, sign up for a credit monitoring service that will quickly alert you to any changes in your report. Keep copies of your old credit reports and letters of dispute in a safe place for future reference. Make a plan to evaluate your progress in the spring.
Patching

Patching is a way of keeping software up to date and safe. If you have a computer, you have software. Software can have flaws that open holes, (vulnerabilities or flaws), allowing bad things to happen to your PC.

The good news is that you can prevent issues by keeping your system up to date. Microsoft, Apple, and other software makers release software updates from time to time to correct security issues, improve performance, or add new features. You should install these updates as soon as they are available.


Tip: Microsoft releases new patches on the second Tuesday of the month. Set a reminder to apply these patches as soon as they are released.

Not only does your computer's operating system need patching, but all the other software programs you may have installed may need this attention as well. Pay special attention to software ""plugins"" like Adobe Flash Player, Java, Adobe Acrobat Reader, and media players.

Patches should only be obtained from the makers of the original software. Sometimes, scammers may send emails that pretend to be notices of patches. These will likely lead to serious security problems.

To learn more about patching, see the Federal Trade Commission's website Onguardonline.

Security Questions

Security questions, also referred to as Multifactor Authentication, are an online banking security feature that provides you with an extra layer of security to help protect you against identity theft and fraud. You may be asked to create a series of security questions when you enroll for certain financial services. These security questions are essential to ensure we can validate your identity under certain circumstances.

Security questions should be answered so they are personal, yet memorable for you. The answers to these questions should be unique and as detailed as possible, yet something that can't be guessed or easily discovered by others. Your unique answers to your selected questions will be used to confirm your identity when you login to Online Banking from an unknown computer or based on a combination of security criteria.

You are able to change your security questions and answers from within Online Banking. By selecting the "Self Service" tab on the top and then selecting the "Request Security Questions / Answers" link within the Personal Information box, you will be able to select and answer new security questions.

 
Security Software

Security software is one essential step in protecting your computer from harm. Spyware, viruses, trojans, and other malicious software (malware) can seriously compromise your information. Most malware now focuses on silently stealing your information. Malware can take your passwords, usernames, security questions, or other personal information and send them to others, where they may be misused.

Keep in mind that security software is not usually a "set and forget" solution. You have to keep it up to date by maintaining subscriptions, updating the software, and enabling scans. Many times, security software will guide you by presenting plenty of messages when things are wrong. You should pay attention to these messages.

If you ever see warnings from security software that you don’t have installed, this may be a problem called "scareware". These issues are actually the result of malware pretending to be protective software.

Tip: A common scam is for a compromised web page to pop-up fake security warnings. These security warnings may not be from your security software, but may actually be malware pretending to be legitimate. Before you take any action, compare the product name on the pop-up with what you know you have.

If you are affected by malware, you should not use the computer for banking or any other sensitive purpose. Seek assistance from competent computer professionals.

To learn more about security software and malware, visit the Federal Trade Commission's website Onguardonline.

http://www.onguardonline.gov/topics/computer-security.aspx#3
http://www.onguardonline.gov/topics/malware.aspx

Strong Passwords

Passwords can allow access to your accounts. For your safety, they should be “strong”, meaning they should not be able to be guessed or inferred by unauthorized people.

Here are some recommendations to construct your own strong passwords:

  • Use passwords that have at least eight characters and include numbers or symbols. The longer the password, the tougher it is to crack. A 12-character password is stronger than one with eight characters.
  • Avoid common words.
  • Don't use your personal information, your login name, or adjacent keys on the keyboard as passwords.
  • Change your passwords regularly.
  • Don't use the same password for each online account you access.

 

You should treat your password the same way you treat your Check Card or ATM Card PIN (Personal Identification Number). Please memorize it and don't write it down.

To learn more about passwords, visit the Federal Trade Commission’s website Onguardonline.

UserID and Password

Your userID and password are your “keys” to your financial accounts. You should protect them as you would other very important pieces of information. Avoid sharing this information or writing it down.

Associated Bank will never ask for a customer's personal or account information, or credit card information over the phone, via email, or the Internet if the customer did not initiate the contact. We will never ask for your password in any way. You should never share this information unless you are sure with whom you are dealing. If you are ever in doubt about legitimacy, hang up (or cease communication), and call the number on the back of your credit/debit card, or as printed on your financial statement.

Tip: Never re-use your password from site to site. Your important passwords (like those used for banking) should only be used in one place. That way, if another site experiences a security issue, your passwords for other services are safe.

We recommend that you change your password from time to time, and customize your userID to something very unique. This can be done anytime in your online banking account under "self service" preferences. Your userID should not be something that is personally identifiable, like your Social Security Number.

You should avoid using online banking services from shared computers that are not under your control and are untrusted, like those found in hotels, libraries, or Internet cafes. These systems may be unsafe, as they could be affected by a variety of security issues.

Business customers should be especially vigilant, and use existing business online banking features that allow for multiple users with differing roles and dual controls over processing.

If you have released any information improperly or believe you may have compromised account information, please immediately report it to Customer Care (fraud@associatedbank.com) or call 800-682-4989. You may also use the reporting fraud link on this site.

Windows XP® Support Ending

On April 8, 2014, Microsoft® ended support of Windows XP®. Read the official Microsoft announcement at this link:

http://www.microsoft.com/en-us/windows/endofsupport.aspx

Microsoft will no longer create and/or distribute security patches and software updates for the Windows XP operating system. Regular security patches and software updates are essential tools that help minimize vulnerabilities to a range of security problems, including computer virus infections, malware and system exploits. Running unsupported software significantly increases the risk of becoming victim to serious computer security issues including loss of data, account takeover and identity theft.

What can you do?
It is important to upgrade your workstation to a supported operating system like Windows Vista®, Windows® 7 or Windows® 8. You may also want to use a different computer for banking that is running a supported version of Windows. Windows XP may be susceptible to malicious activity and exploits that a more recent version of Windows is immune to.

Please visit the Associated Bank Security Center to learn more about protecting your computer systems.

All trademarks, service marks and trade names referenced in this material are official trademarks and property of their respective owners. Associated Bank, N.A. is a Member FDIC and Associated Banc-Corp.


Wireless

Many people use wireless networks for convenience and flexibility. Wireless can be provided at hotels, coffee shops, or libraries. If not properly configured, wireless networks could provide a way to listen in on your computer's communications, risking your personal information.

Wireless networks should be configured for encryption, specifically a form called WPA or WPA2. This type of encryption should require a password that is complex and unguessable to access.

Tip: For best security, use WPA2 – AES and a very long pass-phrase (20 or more complex characters). Don’t worry; you usually only have to use that pass-phrase once!

If you have wireless at home, configure it for security, and customize important settings. Default passwords (those provided by hardware makers) should be changed, and wireless passwords should be something you choose.

If you are a business and provide customers with wireless Internet access, ensure these wireless systems are completely isolated from your internal computer systems.

Not all types of your personal information are at risk from unsecured wireless networks. Certain secure sites (like www.associatedbank.com) employ security that prevents eavesdropping, but you should still take extra precautions. If you have to use unsecured wireless networks, use them only for casual web browsing.

To learn more about wireless security, visit the Federal Trade Commission’s website Onguardonline.



Recent Scams

Fake Technical Support Calls

A small but rising number of customers have reported receiving calls from people purporting to be Microsoft employees, warning customers of a virus issue or a variety of problems with your computer. This scams ends up with the victim defrauded of money for this “service”, and a computer actually infected with viruses.

The scam works like this:

  • A call is received from someone who pretends to be from Microsoft or “your Internet service provider”. Many times, these callers have distinct and heavy accents.
  • The caller attempts to convince you that serious computer problems exist on your PC by having you look at files or error logs as “evidence”. These files are misinterpreted by the victim (all computers have some simple errors).
  • Once they convince you, the caller says that “remote access” is needed to fix the issue. Many times they send you to a web link where this software can be installed. This software is actually a virus that allows the caller to access your files and passwords later.
  • The caller will demand money for this cleanup service, usually by credit card. You may be told this costs as little as $50 or as much as many hundreds of dollars for a “subscription service”
  • Your credit card will be charged, possibly many times for fraudulent, bogus services.
  • The caller pretends to fix things and hangs up. They can return later by connecting with that software you installed to spy on your online activities, steal files, and snoop on your passwords.

Legitimate Microsoft and other tech support companies will not make these kinds of calls. While they may offer virus cleanup services, you have to contact them to obtain services.

If you receive a call like this, do the following:

  • Do not allow the caller to access your computer remotely or get your credit card number.
  • If you are in doubt about the legitimacy of the call, hang up, and look up the real phone number for the tech support company. Call them via a number the caller did not give you.
  • If you have allowed a caller to obtain payment information, contact your bank or credit card company as soon as possible.
  • If you allowed a caller to install software on your computer, contact a local, reputable tech support company to clean your computer of malware.
Invoice Scams

Fraudsters can target small to medium sized businesses due to many reasons, but one way is to abuse common forms of payments or disbursements.

One type of scam is to trick a business into paying invoices to familiar names, but with the payee bank information changed. Here’s how it works:

  • Fraudster obtains details of previously paid vendors or consultants in a variety of ways (email takeover or published records)
  • A similar email address to what may have been previously seen from the consultant or vendor is created (maybe a slightly different spelling)
  • An invoice is created that is very similar to what you may have seen before, but with new banking details specified
  • The invoice is emailed from the new email account to your accounts payable person or department. This email may have some form of urgency indicating quick payment is required.
  • Your accounts payable person or department accidentally creates a payment for the fraudster, usually via wire payment method.

An easy way to defend against this issue is to carefully review all details of invoices, especially the specified method of payment and payee bank details. If this varies from what you have previously seen, contact the submitter using a previously recorded phone number in your records (not by email). Verify all the details of the invoice, especially the bank account information before you pay the requestor.

If you suspect you may have fallen for this scam, contact Associated’s Treasury Management Customer Care as soon as possible with all details of the issue.

Malware

Malware is a general term for malicious software. Malware can infect computers and can have a variety of effects.

The following screen captures were taken from actual infected computers that were affected by information stealing malware. These examples occurred while the customer attempted to log on to online banking. The screens shown are not from online banking, but rather were placed onto the Associated Bank logon page (on the computer) by the malware. These issues do not indicate a compromise or change to Associated Bank's systems. The malware changed the normal logon pages for the affected computer on the PC.

 

Malware1

 

Associated Bank’s online banking platforms do not ask for this type of information. If you see this (or something like this) please cease using the affected computer, and immediately report it to Customer Care fraud@associatedbank.com) or call 800-682-4989. You may also use the reporting fraud link on this site.

 

Malware1

 

Associated Bank’s online banking platforms do not present this type of error message. If you see this (or something like this) please cease using the affected computer, and immediately report it to Customer Care (fraud@associatedbank.com) or call 800-682-4989. You may also use the reporting fraud link on this site.

Phishing

The term phishing refers to a fraudulent attempt to obtain account information done via email. The email directs customers to click on a web link, and tries to trick them into submitting login credentials or other personal information to the scammers.

Phishing is what it sounds like, scammers throw a wide net (billions of fraudulent emails) in an attempt at “hooking” a few people. In this case, the trophy is your password, username, and personal information. Once they get this information, it could be quickly used to access your accounts.

Don’t be a victim. Learn to spot the hallmarks of phishing. Phishing may have the following hallmarks:

  • Unexpected email that warns of some consequence (like account suspension). This may have a “clickable” link that takes you to a “lookalike” site.
  • Poorly worded or confusing terminology in the text.
  • Promise of reward or refund, with a clickable link to a “lookalike” site.
  • Lack of personal information in the email. Things like account details are very generic.

Phishing may not only target your bank account. Other financial accounts like investments may be targeted, consumer services like online shopping, or even email services may be in the crosshairs.

Tip: Associated will not use highly sensitive information for verification or identity. We will never request credit card or debit card PIN, account passwords or personal email password(s) under any circumstances.

Phishing can take other forms too:

  • Vishing – Voice + Phishing. Calls by phone from live people or recorded messages
  • SMSishing – Text + Phishing. Text messages that ask you to click on links or call a phone number.

Businesses can be targeted more directly; scammers may research an organization and target people by name. This is called "spear phishing". No matter the form, precautions are still the same.

Don't respond if you get a message – by email, text, pop-up or phone – that asks you to call a phone number to update your account or give your personal information to access a refund. If in doubt, cease communication and call the number on the back of your credit or debit card, or on your financial statements.

If you have released any information improperly or believe you may have compromised account information, please immediately report it to Customer Care (fraud@associatedbank.com) or call 800-682-4989. You may also use the reporting fraud link on this site.

To learn more about phishing, visit the Federal Trade Commission’s website Onguardonline.

SMSishing
SMSishing is a scam much like phishing or vishing, but uses mobile phone text messages to convince people into divulging personal information to scammers. The messages may attempt to entice you to click on links, call phone numbers, or respond to text messages.

SMSishing

This is an example of a SMSishing that targeted Associated Bank customers and the general public.

This audio clip is from an actual SMSishing scam that targeted customers and the general public in May 2013. It’s the type of message you would hear if you called the number in a fraudulent text message (actual credit card number was edited from the recording). The computer generated message was followed by a prompt to enter credit or debit card information via the phone’s keypad.

Customers who divulge their information risk losing funds in their accounts, identity theft, and more. All banks are vulnerable to such attacks.

Customers who have been affected by SMSishing should report it to Customer Care (fraud@associatedbank.com) or call 800-682-4989.

Spam

Spam is a general term for the vast amounts of unwanted and unwelcome email that is sent across the Internet every day. This problem chokes email servers, clogs inboxes, but also can deliver a variety of threats, including malware and scams.

The top 10 email scams include things like:

  • The "Nigerian" Email Scam
  • Phishing
  • Work-at-Home Scams
  • Weight Loss Claims
  • Foreign Lotteries
  • Cure-All Products
  • Check Overpayment Scams
  • Pay-in-Advance Credit Offers
  • Congratulations, you’ve “won”…
  • Debt Relief
  • Investment Schemes

Most of these things have one thing in common; they intend to separate you from your hard-earned money.

Tip: Spam folders are the “danger zone”, where highly suspect email is moved. Be very careful and suspicious when checking this folder in your email.

Protect yourself by using anti-spam technology. Many Internet Service Providers, businesses, and email systems provide some anti-spam technology but you may have to ask for it. Many anti-virus software packages include anti-spam technology, but you may have to configure it. Keep the spam away from your inbox and never click on links or open attachments in spam email.

Businesses are special targets for spam and scams. They should employ robust solutions that protect all their computer users from receiving spam.

Scams and spam take many forms, and will continue to evolve. Read other articles in the Security Center to take a deeper look, and visit the Federal Trade Commission’s website Onguardonline to learn even more.

Vishing

Current Debit Card Scam

In this scam, when someone answers their phones they hear a recorded message claiming to be from MasterCard ® that warns them that their debit card is locked and to press 1 to be transferred to the security department. They are then directed to enter their debit card and pin information using the phone's keypad which is then captured by the scammers.

If you feel you have been affected or have any questions please contact our Customer Care at 800-642-4989, especially if you have disclosed any of their information.


Vishing is a scam much like phishing, where a scammer attempts to trick a victim into giving personal information to an unauthorized party. In this case, it is done via voice message (live, computer, or recorded).

This audio clip is from an actual vishing scam that targeted customers and the general public in August 2010. It’s typical of many different vishing scams. The computer generated message was followed by a prompt to enter credit or debit card information via the phone’s keypad.

The poor quality of the audio is typical of scams like this.

Customers who divulge their information risk losing funds in their accounts, identity theft, and more. All banks are vulnerable to such attacks.

 


Report

Lost or Stolen Credit Card

Please call the appropriate number below to report a lost or stolen card.

Debit Card, ATM, Home Equity CardTM
800-236-8866
(24 hours a day, 7 days a week)

Business Credit Card
Card Member Services 866-951-1390
(24 hours a day, 7 days a week)

Personal Visa® Credit Card
Card Member Services 866-951-1389
(24 hours a day, 7 days a week)

Reporting Fraud

Associated Bank will never ask for your account or personal information via email. If you feel that you have received a fraudulent or suspicious email or other inquiry:

  • Forward the email to fraud@associatedbank.com, then immediately delete it from your in-box
  • Or call Associated Bank Customer Care at 800-682-4989 for further assistance
  • Lost or Stolen Debit Card, ATM, HomePower Equity Card®, Business Credit Card: 800-556-5678
  • Personal Visa® & MasterCard® Credit Card: 800-219-7941
Steps For Victims

If you suspect you are a victim of identity theft, below are some guidelines that should be acted upon immediately to best insure your protection:

  • Be sure to keep records and document all communications with the creditors and government agencies you contact. Include the date and the name of the person you were in contact with. Follow up all telephone contacts with a letter and keep a copy.
  • Notify all creditors and financial institutions in writing and by phone that your name and accounts have been used without permission. If an existing account has been stolen, ask the creditor or bank to issue you new cards, checks and account numbers. Carefully monitor the account activity on your statements. Report fraudulent activity to the issuing company immediately.
  • Immediately report the crime to your local police. Provide them with as much documentation as possible. Make sure that the accounts are listed on the police report and request a copy of the police report. Credit card companies, banks and credit reporting agencies may require you to show a police report to support your claim that a crime was committed.
  • Report the crime to the Federal Trade Commission (FTC). The FTC collects complaints about identity theft from consumers and stores them in a secure online database called the Consumer Sentinel that is available to law enforcement agencies worldwide. The FTC provides information on ways to resolve problems resulting from identity theft and refers individuals to various private and government agencies for further action.

    FEDERAL TRADE COMMISSION
    Identity Theft Clearinghouse
    600 Pennsylvania Avenue, NW
    Washington, DC 20580
    www.ftc.gov
    877-438-4338

  • Contact the fraud units of the three agencies:

Ask them to place a ""fraud alert"" on your credit report to help prevent new fraudulent accounts from being opened.

Please note that you are entitled to a free copy of your credit report if you are a victim of identity theft.


CONTACT US

24/7/365




Download Associated Mobile Banking® today.