Fraud Prevention

Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes. Identity theft can cost you time and money as well as destroy your credit and ruin your good name.

Signs your identity has been stolen:

• Bills do not arrive as expected
• You receive unexpected credit cards or account statements
• You are denied credit for no apparent reason
• You get calls or letters about purchases you did not make

Tips for protection your identity:

• Shred financial documents and paperwork with personal information
• Don’t carry your Social Security card in your wallet or write your Social Security Number on a check
• Don’t disclose personal information on the phone, through the mail, or over the Internet
• Never click on links sent in unsolicited emails
• Don’t use an obvious password like your birth date, your mother’s maiden name, or the last four digits of your Social Security Number.
• Keep your personal information in a secure place at home

Learn how to deter, detect and defend against identity theft.

“Phishing” is a term used to describe attempts to lure individuals into providing sensitive information such as account numbers or passwords. These schemes often use an authentic-looking e-mail with links to replicate web sites that ask you to submit your personal or financial information.

• Never provide personal information requested or asked for in an e-mail.
• Do not open links in suspicious e-mails.

Please be aware that CIBC:

• will never require you to enter a user ID, passwords, account numbers or any other personal information directly into the e-mail or other non-secure page,
• will not issue “threatening e-mails” such as stating to close or suspend your account if you do not take immediate action by providing personal information,
• will not ask you to confirm, verify, or refresh your account, credit card or billing information via e-mail.

If you believe you have been the victim of phishing or have any additional concerns, please contact your account officer or relationship manager immediately.

In an ongoing effort to protect our cardholder’s accounts from fraud, CIBC is now offering real-time text fraud alerts.
 

How It Works:

• A text message will be sent to the cardholder’s mobile phone when a potentially fraudulent transaction is identified on their ATM or debit card.
• The cardholder replies to the text message to confirm or deny if the transaction is valid:
  • If the cardholder verifies the transaction, the card will available for use after the card is unblocked, which could take up to 10 minutes in some circumstances.
  • If the cardholder responds that they do not recognize the transaction, this will generate an outbound call to the cardholder during available calling hours and the card will be deactivated from further use.
  • If we do not receive a response from the cardholder, we’ll attempt to verify the transaction by phone and email.
  • Your card will be blocked and unavailable for use until the transaction is verified.
• Text messages will be sent from 7:00 a.m. to 10:00 p.m. in the cardholder’s time zone. Calls will be sent from 8:00 a.m. to 9:00 p.m. in the cardholder’s time zone. Texts and voice calls pending from the night before will be triggered the following morning at the applicable time noted above. Emails will be sent 24/7.

How do I enroll in SecurLock?

• All CIBC debit card accounts are automatically enrolled and may receive fraud alerts via text to any mobile phone number listed for your account.
• Opt out of receiving text message alerts by responding back to the text message with the word STOP.
• This service is only available for CIBC customers with domestic service through AT&T, Verizon, Sprint and T-Mobile and will not be charged any message or data rates for the fraud alerts. Text messages and phone calls are unavailable internationally.

• Hacking or guessing a password is a basic tactic that can be used to access your accounts by cybercriminals.  Passwords used for bank accounts should be different from passwords used for different websites and not include your name or other easily identifiable information.
• Change your password every few months.  Use passwords that only you would know and would be difficult to guess.  For example, using “Password” or “123456” is not as secure as using a password that includes upper and lower case letter, numbers, and special characters.

• Never send personal or sensitive business or bank account information via email. Any information sent through email messages may be intercepted and stolen.
• Do not respond to an e-mail, phone call, or text message expressing an urgent need for you to update your information, initiate a payment, or verify your login credentials by calling a phone number or submitting information on an Internet site.
• Avoid downloading programs from unknown sources, or clicking on links embedded in suspicious emails, especially from social media sites.
• Networks in Internet cafés, hotels, and libraries are usually not protected and are easy to tamper with. Online banking activities and viewing or downloading documents (statements, check copies, etc.) should always be conducted on a computer and through a network you know to be safe and secure.

• Install, run, and keep anti-virus and other software updated. Anti-virus and firewalls can’t always detect the latest attacks, leaving you and your online banking account vulnerable. CIBC offers Rapport, a free online banking protection software for your computer from Trusteer, as another layer of protection from these threats. It can help:
  • Shield your online bank account information from third parties
  • Safeguard your online banking identity
  • Protect your internet banking login details
  • Help our fraud team stop malicious attempts against you
• Business NetBanking Clients Click Here to Learn More
• CIBC NetBanking Clients Click Here to Learn More
• Ensure your computer operating system, software, browser version, and plug-ins are current. Before downloading an update to your computer program, confirm the update is legitimate.
• Engage a professional service to “scrub” your computer of viruses or malware if you think your workstation has been compromised.
• Configure your devices to prevent unauthorized users from remotely accessing your devices or home network. For example, if you use a wireless router for your home internet connection, follow the manufacturer’s recommendations to configure the router with appropriate security settings.
• Also be aware of security protection for your mobile device:
  • Device Security – Install anti-virus software on your mobile device and ensure your software and other applications are updated as soon as they are made available. All of your mobile devices should have the latest security protection.
  • Mobile Malware –Avoid downloading programs from unknown sources or clicking on links embedded in suspicious emails or SMS texts, especially from social media sites.
  • Third Party Applications – Avoid downloading apps from unknown third parties or those that appear suspicious. Frequently, these apps come from sources with questionable security practices, or have been created by fraudsters for the purpose of penetrating your mobile device.
  • Unsecured Wi-Fi Networks – Never access your account information on an unsecured network.

• Pick PIN numbers that are easy for you to remember but difficult for someone to guess. Never write your PIN number down on a slip of paper that you keep in your purse or wallet, or on your card.
• Be sure to get your card back when you use it for purchases. Also, ensure you can see your card at all times when it’s being used for a transaction.
• If you’re shopping online, be sure the website you’re visiting is secure (indicated by https://) before you enter your card number.
• Write down all your card numbers or keep copies of your cards in a secure place. This information will be critical in the event you need to cancel your cards because your wallet or purse is stolen.
• Don’t allow anyone else to use your card.
• If you notice your ATM or debit card from CIBC is missing, call the phone number on the back (800-236-2442) immediately to report it lost or stolen. If you act quickly, you can help to prevent fraudulent transactions.
• Never give your account number or PINs to anyone you don’t know – especially for requests made over the computer or phone.
• Know where your cards are at all times and never leave your wallet or purse unattended.
• You are responsible for maintaining the security of your ATM or debit card.

Individuals perpetrating fake check scams typically look for victims by scanning newspaper and online advertisements for people listing items for sale, and checking postings on online job sites from people seeking employment. The fraudster will place their own ads with phone numbers or email addresses for people to contact them. They call or send thousands of emails or faxes to people randomly, hoping someone will respond. They win people’s confidence by presenting checks that appear to have been issued by legitimate individual or business accounts.

Below are red flags of a check fraud scheme:

• A potential buyer mails you a check for more than the agreed-upon price of the item, and asks you to refund the difference by wire transfer or Western Union payment.
• You receive an unsolicited check payment with a message indicating you have won a lottery or sweepstakes.
• You receive a check payment for a work at home program, even though you never applied for or were hired for such a position.
• The account holder name at the top of the check is different from the person or company that you were in contact with.

Contact your account officer or relationship manager immediately if you discover any suspicious or unauthorized transactions on your account.

• Implement secondary approval on all online payments and administration services. Secondary approval requires two authorized online banking users to release outgoing payments and make user changes.
• Set reasonable transaction limits for each individual online banking user; a representative from Client Services is always available to assist with processing the irregular payment that exceeds the limit, as needed.
• Enable BnB alerts for all outgoing payments, and review transaction history at least daily.
• Request that your banker or Client Services representative establish a template for all repetitive or recurring payments, where the beneficiary account and routing numbers cannot be modified.
• Implement ACH Positive Pay or ACH Debit Block.

• Implement Positive Pay services on all accounts on which you issue checks. Positive Pay is the most effective check fraud prevention tool available.
• Keep check issue files and online check registers up to date at all times, to ensure that all legitimate checks are honored, and all unauthorized checks are rejected.
• Lock up to blank checks, check stock, and signature stamps. Only authorized signers should have access to these items.
• Apply dual control procedures to check issuance and reconcilement. Assign one employee to create checks, and another to verify the checks and send issue files to the bank.
• Shred unused, outdated, and cancelled checks before disposing of them. These items include all of the necessary information for a motivated fraudster to create counterfeit checks on your account.

• Know your employees. Perform credit checks and background checks of all new employees who have access to your account records, online banking profile, check stock, or cash. Telephone at least three references to verify an applicant’s information.
• Know your vendors. Require all changes to vendor payment account numbers to be made in writing on the vendor’s letterhead and verified with a call to a designated representative at the vendor with a phone number on file
• Keep authorizations up to date. When an authorized signer or online banking user on your accounts leaves your company, notify the Bank immediately to remove the employee name from all authorizations.
• Conduct periodic audits (at least annually) of all bank signature cards, funds transfer agreements, access codes, online user privileges, and other authorizations to ensure they are current.

Contact your account officer or relationship manager immediately if you discover any suspicious or unauthorized transactions on your account.

Cybersecurity attacks continue to increase in frequency and sophistication. Fraudsters are attacking businesses through compromised emails and social engineering. It is imperative to authenticate requests received via email or other electronic methods before acting upon any such instructions, particularly those directing the movement of funds. Authentication may include verbal or other methods of confirming the legitimacy of the email directly with the sender through a previously established phone number.

Banks have seen an increase in compromised emails where fraudsters pose as executives (e.g., President, controller, treasurer, CFO) and vendors. In this type of attack, it appears that an executive requested a wire or that a vendor changed their wire remittance instructions so that a fraudulent transaction is initiated and approved in an online banking system. To help you be aware of these threats, we wanted to share these typical characteristics:

• Fraudulent email requests are often well-worded and may be based on previous legitimate emails.
• Phrases “code to admin” or “urgent wire transfer” are common.
• Email may provide an alternate phone number, advise that the sender is traveling or otherwise unavailable to discuss verbally, but can be reached through email.
• Fraudulent request amounts are similar to normal business transaction amounts.

To better detect these types of schemes and protect your business:

• Establish internal communication procedures (e.g., verbal authentication) to verify transaction requests, particularly any requests to a new beneficiary.
• Do not confirm a request using information contained in the email which you are trying to validate.
• Authenticate all wire remittance change requests from vendors via a phone call to a known contact or known number.
• Be suspicious of requests that pressure you to take action quickly, are to foreign beneficiaries that are not consistent with historical requests, or to a beneficiary name different from the vendor.