Training

Every day, thousands of people fall victim to fraudulent emails, texts and calls from scammers pretending to be their bank. Scams aren’t so scary when you know what to look for. At People's Bank, we want every bank customer to become a pro at spotting a phishing scam—and stop bank impostors in their tracks. It starts with these four words: Banks Never Ask That. Because when you know what sounds suspicious, you’ll be less likely to be fooled.

These four phishing scams are full of red flags:

Text Message: If you receive a text message from someone claiming to be your bank asking you to sign in, or offer up your personal information, it’s a scam. Banks Never Ask That.
Email: Watch out for emails that ask you to click a suspicious link or provide personal information. The sender may claim to be someone from your bank, but it’s a scam. Banks Never Ask That.
Phone Call: Would your bank ever call you to verify your account number? No! Banks Never Ask That. If you’re ever in doubt that the caller is legitimate, just hang up and call the bank directly at a number you trust.
Payment Apps: Beware of text messages from someone claiming to be your bank saying your account has been hacked. The scammer may ask you to send money to a new account they’ve created for you, but that’s a scam! Banks Never Ask That.

Additional Materials: Know the Warning Signs

Accordion 1

Cybersecurity Tips

People’s Bank closely monitors cybersecurity events and continues to take action to protect its internal operations and to continue delivery of services to customers.

We follow recommendations of the U.S. Cybersecurity and Infrastructure Agency (CISA), including heightened levels of network and threat monitoring.
Our security team is staffed and prepared to respond quickly to any detected anomalies.

It is important to be aware of potential misinformation and disinformation campaigns. To help counter these malicious efforts, please read and follow the tips below.

Rely on trusted sources. For updates, rely on information provided by reputable sources from official announcements or websites such as the White House, the Department of Treasury and the Department of Homeland Security.
Think before you link. Slow down. Don’t immediately click to share posts, memes, videos, or other content you see online. Some of the most damaging disinformation spreads rapidly via shared posts. Check your resources before sharing.
Be careful what you post. The information you share online can be misunderstood or repurposed via manipulation. Do a privacy check on your social media accounts and make sure you are not sharing content broadly that you mean only for close family and friends. Be aware that agents of disinformation often steal identities of real people, profile photos, and other information.
Be wary of manipulative content. Agents of disinformation are known to create or repurpose emotional videos and photos, and to use sensational terms to divide us. Be especially careful of content that attempts to make people angry or sad or create division.

Another area to be aware of is a Denial-of-Service Attacks (DDoS). DDoS attacks happen when a bank’s website is flooded with an extremely high level of digital traffic from any computers distributed across the internet, sometimes hundreds or thousands of systems at once. As a result, legitimate customers trying to use the site are crowded out. This may cause you to experience a slower than usual or delayed connection when logging into the website or making transactions online, slowdowns generally do no involve a data breach or hacking. Please keep in mind that during a DDoS attack, you can still access your accounts through the online banking mobile app, ATMs, by telephone and at the branch.

Additional Tips: Educating Small and Mid-Size Businesses About Increase Cyber Risks - PCBB Article 4-5-2022

Accordion 2

Debit Card Tips

Using your ATM or debit card is a simple, hassle-free way to get cash, make deposits, check account balances, transfer funds, make purchases and more. To enjoy the many conveniences debit cards offer, make protecting your card a priority. Here are some important safety tips.

Treat your card like cash
Always store your card in a safe place.

Use your Debit Card as a Credit Card
Your Debit Card includes the MasterCard logo, which enables purchases to run as a credit card purchase at most locations. Once you swipe your card, select the Credit key or the cancel key depending on location. Please make sure to tell the merchant to run your card as a credit card. This can be a safer option when using your debit card since you are not typing a PIN for any wondering eyes to see.

Keep your PIN to yourself... shhh it's a secret
No company or individual needs to know your PIN; not even your financial institution. Memorize your PIN, and never write it on your card or store it with your card. Never let a cashier, teller or other stranger enter your PIN for you.

Always be aware of your surroundings
When using an outdoor ATM such as in a parking lot, look for suspicious activity before you begin your transaction.

Shop carefully online
If you initiate an online transaction and must provide personal data, look for indicators that the site is secure, like "https" in the Web address or the closed padlock icon in the bottom frame of your browser. It is also wise to conduct financial transactions on wired Internet connections only. Wireless connections can be more vulnerable to attack.

Enroll your Card in MasterCard SecureCode®
Go to our website and link on the MasterCard SecureCode® icon to register your cards. MasterCard SecureCode delivers added protection for your card when you shop online.

Protect your card's magnetic stripe
Exposing your card's magnetic stripe to other magnetic objects can cause damage that will make your card unusable.

Report a lost or stolen card at once
Call the bank right away if your card is lost or stolen to reduce the chance that it will be used improperly. Immediate notice of lost or stolen cards also will limit your potential liability for unauthorized transactions.

Review account statements regularly
Verify all transactions matching receipts to account statements. Frequently reviewing activity online helps identify unauthorized activity between monthly statements. Sign up for eAlerts in online banking and you will receive email, text, or secure message notifications for routine account activity, as well as for unusual transactions.

Never respond to an unsolicited request
The Internet, text and calling is a common channels for fraud perpetration. Never provide your debit card number, PIN or any other non-public information to anyone in response to an unsolicited email, pop-up message, text or phone request. As a reminder, we will NEVER ask for your PIN.

Accordion 3

Fraud

How can I detect fraud?

Be aware of bills that do not arrive as expected.
Receipt of unexpected credit cards or account statements.
Denial of credit for no apparent reason.
Calls or letters about purchases you did not make.
Monitor your accounts online for any unauthorized transactions.

Accordion 4

Accordion 5

Identity Theft

Security

Your Security is important to us and we want to educate and provide you with tools and resources that will assist you in preventing identity theft.

Identity Theft

To minimize the chances that you fall victim to identity theft and financial fraud, it is vital that you recognize the various types of fraud and learn how to protect yourself against them. The following information will help you safeguard your identity and protect your financial assets from fraud. Identity theft is more extensive than fraud, which is usually limited to an isolated attempt to steal money from an existing account. Fraud and identity theft can be easily confused.

What is Identity Theft?

The crime of identity theft occurs when someone, without your knowledge, acquires a piece of your personal information and uses it to commit fraud. Personal information such as your social security number, bank account number, or other identification, and uses it repeatedly to open new accounts or initiate transactions in your name. For example, someone might do a combination of the following: open new credit cards, open new bank accounts, forge checks, and even apply for loans using your name and personal information. This can cause financial loss and damage your credit, which can lead to a lengthy resolution process.

Keep in mind however, that even if you think your security has been compromised it does not automatically mean that you are a victim of identity theft. It might be an incorrect entry or an isolated incident of theft from your account that is quickly resolved by calling us at 866.454.4735.

How does Identity Theft happen?

Identity theft is portrayed as a high-tech crime affecting only those people who shop, communicate, or do business online. However, while thieves can obtain personal information via online methods, the majority of identity theft occurs offline. Stealing wallets and purses, intercepting or rerouting your mail, and rummaging through your garbage are some of the common tactics that thieves can use to obtain personal information. The good news is that the more information you have on identity theft the better your defense.

What is “Phishing”?

Phishing (pronounced “fishing”) is a form of online scam where “phishers” attempt to gain customer account information such as user names, passwords, PINs (personal identification numbers), or social security numbers. This is accomplished by creating official looking emails with pop-ups or links that appear to be from your bank, online retailer, or government agency. These deceptive communications are the tools the “phishers” use to attempt to gain your confidential information.

How does “Phishing” work?

These phony emails often use phrases such as “your account may have been compromised”, “your account is in violation”, “we need you to verify your account information” and other variations. These emails will then usually offer a link where you can access your account to prevent adverse actions such as account closure or a freeze on an account’s assets. These links will then connect you to a site that will often look identical to the business site the email refers to. These sites, however, are forgeries created to trick users into logging into the sites with their genuine user ID and password. Once the “phishers” have obtained this information, they can then go to the real website and transfer, withdraw, or redirect the funds to another location. Then when the customer logs into their account again (on the real business website) they are surprised to find all of their assets are gone. In addition to loss of funds, there can also be adverse credit affects which may take weeks or months to resolve.

How can I protect myself from “Phishing” attacks?

The most important thing to remember is that no reputable business will send you an email requesting your personal account information. Any email you receive asking for this information should be considered phony and brought to the attention of the business being “phished”. Another way to further protect yourself is to keep your Operating System and Internet Browser software up to date. “Phishers” often use software vulnerabilities to further mask their appearance on their fake websites. Also, antivirus software can often detect methods used by “phishers” attempting to steal your information. But it is imperative that your antivirus software be updated as frequently as possible. Finally, if you are unsure as to whether or not an email or message is legitimate, call the company directly. This will ensure that you are speaking with a representative of that company and that your personal information will not be compromised.

What is “Spoofing”?

Spoofing is pretending to be something it is not, on the Internet, usually an e-mail or a Web site.

What if you downloaded a Virus or “Trojan Horse”?

Some phishing attacks use viruses and/or “Trojan Horses” to install programs called “Key logger” on your computer. These programs capture and send out any information that you type to the phisher, including credit card numbers, user names and passwords, social security numbers, etc. If this happens, it is likely you may not be aware of it until you notice unusual transactions on your account.

To minimize this risk, you should:

Install and/or update anti-virus and personal firewall software. (Several products are available online or through computer retail stores).
Update your anti-virus programs often and all virus definitions and run a full scan.
If your system appears to have been compromised, repair it, and then change your password again, since you may have transmitted the new one to the hacker.
Check your other accounts. eBay account, PayPal, your e-mail ISP, online bank accounts, online trading accounts and other e-commerce accounts, and everything else for which you use online passwords, to ensure they remain secure and have not been compromised by unauthorized access.

What is “Skimming” (ATM Tampering)?

Thieves tamper with ATMs by using a special storage device, which steals credit/debit card numbers when processing your card.

Other Forms of Identity Theft

Stealing checking/savings account statements, credit card statements, preapproved credit offers, new checks, and tax information from your mailbox.
Obtaining your credit report by posing as your landlord, employer, or someone else who may have a right to such information.
Stealing wallets or purses.
Imprinting your credit or debit card, or swiping it on a skimming device, while the card is out of your sight at a restaurant or retail establishment.
Completing “change of address” forms to send your mail to another address.
Hacking into retail store’s computer system and collecting debit or credit card information, such as card and PIN numbers.

How can I protect myself?

Do not open or respond to online solicitations or phone calls asking for personal information. The bank will never require customers to send personal information via e-mail or pop-up windows.
If you initiate an online transaction and are required to provide personal data, look for indicators that the Web site is secure, like the “https” in the URL or padlock icon.
Carry only necessary identification. In particular, do not carry your social security card.
When a social security number is requested to sign up for a service, confirm that it is actually needed rather than some other identifier. Make photocopies of all the information you carry daily, and store them in a secure location like a safety deposit box.
Shred financial or personal documents before discarding. Most fraud and identity theft incidents happen as a result of mail and garbage theft.
Do not let your debit card out of sight when purchasing goods and services. Debit cards pose a greater risk because they are associated with your checking account.
Checking your account balances and transactions online can help you regularly monitor your account activity and more quickly detect any fraudulent transactions.
Do not use an obvious password like your birth date, your mother’s maiden name, or the last four digits of your Social security number. Change your passwords frequently.
The bank may force password changes on electronic products.
Always put outgoing mail in a U.S. Postal Service mailbox, which is more secure than your home mailbox.
Collect your mail promptly each day.

To report a suspicious email that uses the bank's name, forward it to us immediately at info@peoplesbank.bank.

Accordion 6

Ransomware

What is Ransomware?
Ransomware is a malware that, once it infects your computer, encrypts all the files on your computer, denying you access to them. Most often, the ransoms must be paid in some form of digital currency, such as Bitcoin. Ransomware spreads like many other types of malware. The most common method involves emailing victims’ malicious email, where cyber criminals trick you into opening an infected attachment or clicking on a link that takes you to the attacker’s website.

Should You Pay the Ransom?
Paying a ransom becomes a business decision and may not be an option if you have no other way to get your files back. Be warned though, even if you do pay the ransom, there is no guarantee you will get your files back.

Protective Measures:

Back Up Your Files – this way, even if you get infected with ransomware, you have a way of recovering files after rebuilding or cleaning up your computer.
Don’t Get Infected – make sure you have up-to-date anti-virus software from a trusted vendor. Such tools, sometimes called anti-malware software, are designed to detect and stop malware.
Automatically Install Updates – the more current your software is, the fewer unknown vulnerabilities your systems have and the harder it is for cyber criminals to infect them.
Awareness – training family or employees to recognize which emails should be avoided.

Business Email Compromise (BEC) – Sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. Three of the most common BEC schemes include the compromise of email accounts belonging to:

Business Executives: An email account belonging to a business executive with the authority to request wire transfers, such as a CEO or CFO, is compromised and subsequently used to send wire transfer instructions to an employee with the ability to conduct wire transfers.
Vendors: An email account belonging to a vendor that receives payments through wire transfers is compromised and subsequently used to send messages to clients, instructing them to send all future wire transfers to a new bank account that is under the cyber criminal’s control.
Employees: A personal email account belonging to an employee that sends invoice payment requests is compromised and subsequently used to send instructions to vendors identified through the employee’s contact list requesting payments be made to accounts under the cyber criminal’s control.

Accordion 7

Scam Prevention Tips

First and foremost, use common sense. If it sounds too good to be true, it probably is.

Never give personal information to a stranger who contacts you, whether by telephone, email, or other means.

Don’t accept payments for more than the amount of the service with the understanding that you send the buyer the difference.

Don’t accept checks from individuals you’ve only met online.

Don’t accept jobs in which you are paid or receive commission for facilitating money transfers through your account.

No matter how urgent someone claims a deal is, you can always wait a few days to research and confirm legitimacy. Time is on your side, not the fraudster's.

You are ultimately responsible and liable for all deposits made into your account, whether they are a check, money order, transfer, etc.

General Fraud Prevention Tips
Replace paper invoices, statements and checks with electronic versions, if offered by your employer, bank, utility provider or merchant.

If you have free online account access with our Online Banking or Business Online Banking, you can reduce paper statements by signing up for Bill Pay and free Online Statement notification.

Review your credit report at least once a year, looking for suspicious or unknown transactions. You can get a free credit report once a year from each of the three major credit bureaus at www.annualcreditreport.com.

Place outgoing mail in a U.S. Postal Service mailbox to reduce the chance of mail theft.

Promptly retrieve incoming mail to limit the opportunity for theft.

Know your billing and statement cycles. Contact the company’s customer service department if you stop receiving your regular bill or statement.

Accordion 8

Accordion 9

Accordion 10

Security Tips

Online Security Tips

Use a current web browser. We recommend Internet Explorer 11.0 or newer for use with the Online Banking programs. Avoid downloading programs from unknown sources.

Do not use your Social Security number as a username or password. Change your usernames and passwords regularly and use combinations of letters, numbers, and "special characters" such as “pound” (#) and “at” (@) signs.

If your current username or password is your Social Security number, change it following these directions:

Sign in to an Online Banking session
Click on the Change Options tab in consumer online banking. For Business Online Banking, place your mouse over Options then select Change Security.
Select Edit under Password, Email, or Security Data in Online Banking. For Business Online Banking, enter the security data again. All fields must be completed.

Protect your online passwords. Don’t write them down or share them with anyone.

Protect your answers to security questions. Select questions and provide answers that are easy for you to remember, but hard for anyone else to guess. Do not write down your security questions or answers or share them with anyone. If you have selected security questions on other websites, avoid using the same questions to protect your online bank accounts. Please note that we will never ask you to provide answers to your security questions via email.

Close your browser when you’re not using the internet.

Computer Security Tips

Keep your computer operating system up to date to ensure the highest level of protection.
Install a personal firewall on your computer.
Install, run, and keep anti-virus software updated.
Turn your computer off completely when you are finished using it – don’t leave it in sleep mode.
Conduct online banking activities on secure computers only. Public computers (computers at internet cafes, copy centers, etc.) should be used with caution, due to shared use and possible tampering. Online banking activities and viewing or downloading documents (statements, etc.) should only be conducted on a computer you know to be safe and secure.

Email Security Tips

Be wary of suspicious emails. Never open attachments, click on links, or respond to emails from suspicious or unknown senders.

If you receive a suspicious email that you think is a phish email, do not respond or provide any information. Send the email to info@peoplesbank.bank.

If you respond to a phish email with personal information, contact the bank at 866.454.4735 immediately.

Bank Account Security Tips

Report lost or stolen cards and checks immediately to 866.454.4735 during banking hours or 800.554.8969 after hours or on weekends.
Review account statements carefully. Regular account review helps to quickly detect and stop fraudulent activity. Ask about suspicious charges.
With Online Banking or Business Online Banking you can monitor your account online any time and as frequently as you like.
Limit the amount of information on checks. Don’t print your Driver’s License number or Social Security number on your checks.
Store account information in a safe and secure location.
Carry your checkbook with you only when necessary.

Credit Card and Debit Card Security Tips

Always keep your credit or debit card in a safe and secure place. Treat it as you would cash or checks. Contact the bank immediately at 866.454.4735 if your debit card is lost or stolen, or if you suspect unauthorized use. After hours contact 800.554.8969 to report your lost or stolen card.
Do not send your card number through email, as it is typically not secure.
Do not give out your card number over the phone unless you initiated the call.
Regularly review your account statements as soon as you receive them to verify transactions. Contact the bank immediately if you identify any discrepancies.
If you have forgotten your PIN please visit your nearest branch location or access your password through online banking with our “Forgot Password” button on the password screen.
Cancel and cut up unused credit and other cards.
If you receive a replacement card, destroy your old card.
When selecting a Personal Identification Number (PIN) don’t use any number or word that appears in your wallet (such as name, birth date, or phone number).
Memorize your PIN. Don’t write it down anywhere, especially on your card, and never share it with anyone.
Shop with merchants you know and trust.
Make sure any internet purchase activity you engage in is secured with encryption to protect your account information. Look for “secure transaction” symbols like a lock symbol in the lower right-hand corner of your web browser window, or “https://…” in the address bar of the website. The “s” indicates "secured" and means the web page uses encryption.
Always log off from any website after a purchase transaction made with your credit or debit card. If you cannot log off, shut down your browser to prevent unauthorized access to your account information.
Safe-keep or securely dispose of your transaction receipts.

When using your card at an ATM:

Be aware of your surroundings and exercise caution when withdrawing funds.
Watch for suspicious persons or activity around the ATM. If you notice anything out of the ordinary, come back later or use an ATM elsewhere. If you observe suspicious persons or circumstances, do not use the ATM at that time. If you are in the middle of a transaction, cancel the transaction, take your card and leave the area, and come back at another time or use an ATM at another location.
Report all crimes immediately to the operator of the ATM or local law enforcement.
Consider having someone accompany you when using an ATM after dark.
Ensure no one sees your PIN when you enter it.
Refrain from displaying cash, and put it away as soon as your transaction is completed. Wait to count your cash until you’re in the safety of a locked enclosure, such as a car or home. Safe-keep or securely dispose of your ATM receipts.