Protection & Security

We’ve assembled a variety of excellent resources that can help you learn more about privacy and security issues.  Please note that these sites are not associated with Grinnell State Bank and that by using them you are governed by their own privacy policies.

Identity theft resources  

• Federal Trade Commission (FTC) Identity Theft–A national Resource to help you deter, detect and defend against identity theft.
• Identity Theft Resource Center (ITRC)–Step-by-step resolution instructions, form letters and other resources to assist identity theft victims

Online Fraud Resources

• National cyber Security Alliance (NCSA) Stay Safe Online–A nonprofit, public-private partnership focused on promoting cyber security, safety awareness and safe online behavior.
• Microsoft Security at Home–A Microsoft site committed to providing you with easy steps and resources to secure your computer at home.

Credit score monitoring resources

• Free Annual Credit Reports–Information provided by the FTC on how you can request and receive a free copy of your credit report every 12 months from each of the national credit reporting companies.
• Equifax–Website of one of the 3 largest American credit reporting agencies.
• Experian–Website of one of the 3 largest American credit reporting agencies.
• TransUnion–Website of one of the 3 largest American credit reporting agencies.

Additional privacy and security resources

• Federal Deposit Insurance corporation (FDIC) consumer Protection–Offers a variety of information for consumers on financial topics, form understanding financial privacy to filing complaints.
• OnGuardOnline.gov–Information from the federal government about avoiding scams, securing your computer and protecting kids online.
• Privacy Rights Clearing House–A nonprofit consumer organization focusing on both information and advocacy.The PRC’s goals include raising awareness of how technology affects personal privacy and empowering consumers to take action to control personal information by providing practical tips on privacy protection.

Below is a list of possible issues your computer may have if it has been compromised

• Inability to log into online banking (thieves could be blocking customer access so the customer won’t see the theft until the criminals have control of the money.)
• Dramatic loss of computer speed
• Changes in the way things appear on the screen
• Computer locks up so the user is unable to perform any functions
• Unexpected rebooting or restarting of the computer
• Unexpected request for a one-time password (or token) in the middle of an online session
• Unusual pop-up messages, especially a message in the middle of a session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc.)
• New or unexpected toolbars and/or icons
• Inability to shut down or restart the computer

Secure your computer

Here are some ways you can secure your computer to help protect your information.

Equip your computer with:

• Comprehensive spyware and virus-protection software.
• Up-to-date browser software.
• Firewall software that prevents unauthorized users from gaining access to your computer or monitoring transfers of information to and from the computer

Consider installing:

• Anti-keylogging software that can detect hidden keystroke logging malware and encrypt the keystrokes made on your computer keyboard
• Be sure to download software or applications form well-known or trusted sources.  You should download and install any operating system and software updates (sometimes called patches or service packs) in a timely manner.

Monitor your account activity

Checking your account activity frequently can help to detect fraud earlier.  You can receive information quickly about activity in your accounts when you set up Alerts.  In addition to Alerts that are automatically already turned on for your protection, you can set up additional Alerts to stay on top of your balances, payments and transactions.

Create strong passwords

• Avoid the use of personal information like birthday or a pet’s name
• Don’t choose passwords using dictionary words, names or parts of names, phone numbers, dates, etc.
• Chose passwords that aren’t easy to guess
• Never share them or write them down
• Choose a different password for each account.  For example, using the same password on bank accounts and social media may increase risk of identity theft or fraud.
• Create passwords per the website requirements

Browse safely

• To help ensure you’re on the real Grinnell State Bank site before you sign in, check your browser bar.
• Ensure proper security settings are in place like up-to-date antivirus software as well as updated applications and operating systems
• Be cautious about downloading applications.  Only install applications that come form trusted, well-known sites
• Understand the risks of using public or free Wi-Fi and sending information over unprotected connections
• Turn on the browser’s pop-up blocker
• Avoid accessing financial accounts from multiple computers or devices
• Never proceed with processing an online shopping transaction if a certificate error is received.  If multiple errors occur and the transaction can’t be completed, consider calling the company or finding another company that offers the same product.
• Don’t select “remember passwords”.  If this is chosen, anyone with access to your computer can sign-in as you.
• Don’t allow websites to keep credit or debit card information

Be smart about social networks

• Think before you share personal information.  Don’t share what you don’t want to be forwarded or seen by the public.
• Resist the temptation to post out-of-town plans, “check in” at physical locations or post vacation photos while you are away from home
• Avoid posting photos that reveal an address or a specific location
• Set privacy settings to allow only friends to see content
• Only accept requests from actual friends

Stay informed

Follow internet security issues in the news and discuss them with friends, family and colleagues.  Explore online resources like the National Cyber Security Alliance and Microsoft Security At Home websites that provide comprehensive information about topics such as securing your computer and safe online behavior.

Phishing and spoofing 

Phishing and spoofing emails ask you to go to a fake website that looks like Grinnell State Bank and provide your account information.  These emails may even ask you to call a phone number and provide account information.

Ways to identify phishing and spoofing emails include:

• Requests for personal information.  Grinnell State Bank emails will never ask you to reply in an email with any personal information, account numbers or login credentials.
• Urgent appeals.  We will never claim your account may be closed if you fail to confirm, verify or authenticate your personal information via email.
• Messages about system and security updates.  We will never claim the need to confirm important information due to upgrades and state that you much update your information online.
• Offers that sound too good to be true.  For example, you may be asked to fill out a short customer service survey in exchange for money, then be asked to provide your account number to receive the credit.
• Obvious typos and other errors.  These are often the mark of fraudulent emails and websites.  Be on the lookout for typos or grammatical errors, awkward writing and poor visual design.
• Odd-looking URLs.  Many mail programs will display the destination URL of a link when you place your cursor on the link.  (Caution:  Do not click the link.)  They often include URLs that include a legitimate company’s name or website address.

Why criminals send fraudulent email

One of the ways criminals try to trick people into providing personal account information for identity theft purposes is to send email that appears to have been sent by Grinnell State Bank, but has been sent by the criminal.

The phone email asks you to go to a website that looks like Grinnell State Bank site, but is a site the criminal has set up asking you to provide your personal account information.  Sometimes the email may ask you to call a phone number and provide account information.

Ways to protect against phishing and spoofing:

• To help ensure you’re on the real Grinnell State Bank site before you sign in, check your browser bar for www.grinnellbank.com, green text/shading or a lock icon.
• Delete any suspicious email you receive before click any inks or replying to it.

Malware

Malware, short for malicious software, includes viruses, spyware and Trojans that are designed to infiltrate or damage a computer system, steal personal information and commit fraud.  There are several easy ways you can minimize malware risk:

• Never download any file or attachment unless you are certain what it is and who provided it
• Never click on an advertisement that asks for personal or financial information
• Update your security and system software to protect your computer from malware threats

Vishing

Vishing uses Voice over Internet Protocol (VoIP) to leave an automated recording on your phone that says your account has experienced unusual activity.  The message instructs you to call what appears to be a Grinnell State Bank phone number (in fact, the caller ID has been fooled into displaying “Grinnell State Bank”).  Sometimes criminals also end emails and text messages containing fraudulent phone number.  Rather than provide any information, you should contact us immediately to verify the validity of the message.

A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property.

Things to know if you are a victim of a data breach:

The actions you’ll need to take will depend on the type of data compromised.

• If affected, you should receive a letter—via mail or email—telling you exactly what information was exposed and when. Federal law requires banks to inform customers of breaches; 46 states have laws mandating that other companies do the same, though large firms typically contact all customers regardless of state residency.
• (Bear in mind that “phishing” scammers often take advantage of breaches, purporting to be from the breached company in hopes of getting people to reveal personal information. So to be safe, don’t click through any emails or take any direct phone calls, but visit the official company website to learn about the breach and access help.)
• Notices—even legitimate ones—tend to be reassuring in tone, but don’t be fooled. Nearly one in three data breach victims also became a fraud victim in the same year, reports Javelin Strategy & Research.

If the compromised data was…

• …A password Change your password for that account immediately. If you use the same code for other accounts, change those as well.
• …Email address Watch your inbox for messages requesting information or requesting you to click on a link. If you receive a suspicious email from a company you do business with, call the sender to verify that they did indeed send it.
• …Credit card number Call the creditor and ask for a new card with a new number. Some creditors will automatically reissue cards to affected customers in wide-scale breaches. Know however that because the number rather than the card itself was stolen, you are not liable for any authorized purchases under the Fair Credit Billing Act.
• …Debit card number Since the card was not lost, you are not liable for any unauthorized transactions if you report them within 60 days of receiving your statement. Still, you should cancel the card and change your pin. If the bank account number was also exposed, close the account and open a new one with a new number. Consider asking for a verbal password, too, which prevents bank personnel from discussing your account with anyone unable to provide that password.
• …Social Security number. Contact one of the three major credit reporting agencies and have them place a fraud alert on your account. That agency will then be legally bound to notify the other two agencies to do the same. An alert lets lenders know to take extra care verifying personal information before issuing credit and entitles you to a complimentary credit report from each agency. Review this for suspicious activity. You should also place a credit freeze on your account, which will prevent a credit reporting company from releasing your credit report or score without your consent.

Sometimes the letters from breached companies also contain offers for free credit report monitoring provided by the company. While these programs are not generally worth paying for—since you can monitor your own credit for free—you may as well accept it if it’s being handed out. Monitoring services will alert you to some uses of your SSN quicker than you may be able to spot through your credit report, meaning you can resolve any problems quicker.

If you believe you’ve been a victim of a social engineering scam or any type of fraudulent activity, contact us immediately to protect your account.

You can also report social engineering scams to:

The U.S. Computer Emergency Readiness Team

The Federal Trade Commission (FTC); forward phishing emails to spam@uce.gov

Symantec’s Phish Report Network

Internet Crime Complaint Center (IC3)

Here are some ways to help you protect your Social Security number:

• Carry only necessary identification with you.  Don’t carry your social security card
• Never provide your Social Security number unless you have initiated the contact and have confirmed the business or person’s identity
• Do not use your full or partial Social Security number as a Personal Identification Number (PIN) or as a password
• If you must send your Social Security number in an email, ensure that the email is encrypted
• Only enter your Social Security number into internet websites when the site is secure and you know how the recipient will protect it
• Be cautious of your surroundings when disclosing your Social Security number into internet websites when the site is secure and you know how the recipient will protect it
• Do not transmit your Social Security number over the Internet unless you know that the connection is secure or you have encrypted the Social Security number
• Be cautious when faxing your Social Security number, double check the fax number to ensure it is the correct number
• Do not record your Social Security number on a check, traveler’s check, gift certificate, money order or other negotiable instrument unless required by law.

Elder abuse (also called “elder mistreatment,” “senior abuse,” “abuse in later life,” “abuse of older adults,” “abuse of older women,” and “abuse of older men”) is “a single, or repeated act, or lack of appropriate action, occurring within any relationship where there is an expectation of trust, which causes harm or distress to an older person.”

It is generally divided into the following categories:

• Physical abuse is physical force that results in bodily injury, pain, or impairment. It includes assault, battery, and inappropriate restraint.
• Sexual abuse is non-consensual sexual contact of any kind with an older person.
• Domestic violence is an escalating pattern of violence by an intimate partner where the violence is used to exercise power and control.
• Psychological abuse is the willful infliction of mental or emotional anguish by threat, humiliation, or other verbal or nonverbal conduct.
• Financial abuse is the illegal or improper use of an older person’s funds, property, or resources.
• Neglect is the failure of a caregiver to fulfill his or her care giving responsibilities. Self-neglect is failure to provide for one’s own essential needs.

Financial abuse is the fastest growing form of elder abuse.  Elder financial abuse spans a broad spectrum of conduct, including:

• Taking money or property
• Forging an older person’s signature
• Getting an older person to sign a deed, will, or power of attorney through deception, coercion, or undue influence
• Using the older person’s property or possessions without permission
• Promising lifelong care in exchange for money or property and not following through on the promise
• Confidence crimes (“cons”) are the use of deception to gain victims’ confidence
• Scams are fraudulent or deceptive acts
• Fraud is the use of deception, trickery, false pretence, or dishonest acts or statements for financial gain
• Telemarketing scams. Perpetrators call victims and use deception, scare tactics, or exaggerated claims to get them to send money. They may also make charges against victims’ credit cards without authorization.

Who are the perpetrators?

• Family members, including sons, daughters, grandchildren, or spouses.
• Predatory individuals who seek out vulnerable seniors with the intent of exploiting them.
• Unscrupulous professionals or businesspersons, or persons posing as such.

Who is at risk?

The following conditions or factors increase an older person’s risk of being victimized:

• Isolation
• Loneliness
• Recent losses
• Physical or mental disabilities
• Lack of familiarity with financial matters
• Family members who are unemployed and/or have substance abusers problems

What are the indicators?

Indicators are signs or clues that abuse has occurred. Some of the indicators listed below can be explained by other causes or factors and no single indicator can be taken as conclusive proof. Rather, one should look for patterns or clusters of indicators that suggest a problem.

• Unpaid bills, eviction notices, or notices to discontinue utilities
• Withdrawals from bank accounts or transfers between accounts that the older person cannot explain
• Bank statements and canceled checks no longer come to the elder’s home
• New “best friends”
• Legal documents, such as powers of attorney, which the older person didn’t understand at the time he or she signed them
• Unusual activity in the older person’s bank accounts including large, unexplained withdrawals, frequent transfers between accounts, or ATM withdrawals
• The care of the elder is not commensurate with the size of his/her estate
• A caregiver expresses excessive interest in the amount of money being spent on the older person
• Belongings or property are missing
• Suspicious signatures on checks or other documents
• Absence of documentation about financial arrangements
• Implausible explanations given about the elderly person’s finances by the elder or the caregiver
• The elder is unaware of or does not understand financial arrangements that have been made for him or her

Resources if you suspect Elder Abuse

• National Center on Elder Abuse
• Suspect Abuse?  Get Help, here are some resources.
• State Resources

Sign your cards immediately

Sign the signature panel on your credit and debit cards as soon as you receive them.

Monitor your debit card transactions

Grinnell State Bank offers ShazamBolt$ which will allow you to setup alerts on your debit card activity, so you can easily monitor your purchases.  Signing up for Shazam Bolt$ is easy, enroll today to take control of your debit card transactions. Download the ShazamBolt$ app at the Apple app store and Google Play.

Check your statements

Save the receipts from your charges and keep them in a safe location.  Check your statements to verify that they properly reflect the amounts you have authorized.  Report any fraudulent transactions immediately.  Once you have reconciled your statements, shred up all receipts and discard them.

Go paperless with Online Banking

Access your Grinnell State Bank statements through Online Banking and ask us to stop sending paper.  Checking your balances and viewing your account statements online is safer than having information sent through the mail.

Keep a list of all your card account numbers

Keep the list in a safe and secure place and include the telephone numbers to call if your cards are ever lost or stolen.

Use ATMs safely

Use ATMs with surveillance cameras and be aware of people and your surroundings.  When you enter, or exit an ATM in an enclosed area, be sure you close the entry door completely.  Do not open locked ATM vestibule doors for others or allow any unknown persons to enter the ATM area while you are making your transaction.  Shield the ATM keypad with your hand or body while entering your PIN.  Secure your card and cash after completing your transaction and before exiting the ATM area.  Count your cash later in the safety of your locked car or home.  Your ATM/Debit card is like cash, so keep it in a safe place

Always be cautious

Never provide credit or debit account information to anyone who calls you.  Grinnell State Bank will never reach out to you in this way to request sensitive account information.

If you notice your card is lost or stolen during normal bank hours, please contact the bank. If it is outside of normal bank hours, please call 800-383-8000, to report your card lost or stolen with Shazam, our debit card company.