• Changes in banking technology make managing your refund safer and easier than ever

    February 04, 2019, 8:17 PM
    January Monthly Edition Cover

    Changes in banking technology make managing your refund safer and easier than ever

    Here are a few tips to ensure that your refund arrives as quickly and safely as possible as well as some ideas on how to get the most out of your money when it does.

    The Refund Process

    Once you have submitted your federal taxes and know you have a refund coming to you, the fastest way to get your tax refund is to have it electronically deposited into your financial account through the IRS’s Direct Deposit Program. It’s free to consumers, and it allows you to deposit your refund into as many as three separate accounts.

    While you can still receive your refund in the form of a paper check, there are several advantages to direct deposit. Not only is it faster, direct deposit is also more secure. Refund checks sent through the mail can be lost, stolen, or returned to the IRS, if undeliverable. If you don’t already have a bank account, this might be the perfect time to open one.

    Another option is to have your refund deposited onto a prepaid card. If you use a prepaid card, read the fine print and make sure you know how to deposit money onto the card and any fees involved. Cards differ in the types of deposits allowed, the process for receiving government deposits, and the fees charged for certain transactions. If you set up a new prepaid card account for your refund, you may be required to provide information to validate your identity, such as your Social Security number and date of birth.

    Whichever method you choose, you can track the status of your federal tax return from the time the IRS received it by visiting https://sa.www4.irs.gov/and filling out the appropriate information, or by downloading the mobile app IRS2GO at https://www.irs.gov/newsroom/irs2goapp.

    For more information on tax refunds, visit https://www.irs.gov/refunds.

    Protect Your Money from Tax Scams

    If your personally identifiable information (PII), such as your name, address, and Social Security number, has been stolen, the information can be used to open credit cards and loans or file a fraudulent tax return in your name, allowing the thief to claim your refund. If you suspect that your information was stolen, contact the IRS by calling 800-908-4490 or visiting the IRS website for identity protection at https://www.irs.gov/identity-theft-fraud-scams.

    Be wary of phone calls and emails from anyone claiming to be from the IRS. Identity thieves have been known to pose as IRS agents, providing a fake name and IRS badge number and even creating a fake phone number that appears on caller ID as coming from the IRS. These thieves often threaten people with audits, deportation, and other legal action or promise checks for unclaimed funds.

    The IRS typically does not initiate emails to individuals asking for personal information. Before acting on any phone call or email purportedly from the IRS, call the agency at 800-829-1040. An agent will be able to verify whether the IRS is in fact trying to get in touch with you. If you are certain the contact was part of a scam, report it to the Treasury Inspector General for Tax Administration by calling 800-366-4484. You can also report unsolicited emails by forwarding it to mailto:phishing@IRS.gov.

    Some people use tax preparers to assist them with preparing their tax return. While most tax preparers are recognized professionals who can be very helpful, some preparers are scammers. Be wary of tax preparers who advertise with fliers or posters promising large refunds or special inside knowledge of little known tax credits and rebates or those volunteering to come to your home to prepare your taxes. These scammers make money stealing your personal information for later use and collecting fees. If you aren’t sure, ask for the tax preparer’s PTIN, which is the IRS tax preparer identification number that all legitimate preparers must have. Also, ask the preparer for references.

    For more information on protecting your tax refund, visit: https://www.irs.gov/newsroom/tax-scams-consumer-alerts and https://www.fdic.gov/consumers/assistance/protection/idtheft.html.

    What to Do With Your Refund

    Once you have received your refund, you need to decide what to do with it. Many people use tax refunds to make large purchases they might not have the cash for at other times of the year. It can also provide a great opportunity to start a new savings option, contribute to your emergency fund, or reduce outstanding debt.

    The IRS allows you to divide your federal tax refund into two or three additional financial accounts. By splitting your refund, you have a convenient option for managing your money – sending some of your refund to an account for immediate use and setting some aside for savings. For example, you could have part of your refund deposited to your checking account and the remainder sent to your Individual Retirement Account, or you might use some of your refund to purchase U.S. Series I Savings Bonds. (For more information on purchasing Savings Bonds with your tax refund, visit https://www.treasurydirect.gov)

    You may also want to consider using your refund to start or augment emergency savings. Having emergency savings provides peace of mind when something unexpected occurs, such as a major car or home repair. The amount to set aside for your emergency fund will depend on factors such as your monthly expenses and the number of people in your household, but the general rule of thumb is to save at least three to six months’ worth of expenses.

    If you are carrying a credit card balance, think about using your tax refund to pay it down or even pay it off. To get the most from your money, it may make sense to pay off a credit card with a high interest rate, compounding against you month after month. Going this route allows you to have more money every month once that credit card payment vanishes from your list of bills, and it can help build your credit as you reduce that debt.

    Making extra payments on your mortgage may be another way to use your refund, saving you money over the long term. Since so much of your mortgage payment goes toward paying interest, using your tax refund to make an extra payment or two against the principal will go a long way to reducing the debt and overall cost of the loan.

    If you are getting a tax refund this year, remember to take steps to keep your refund safe, know the refund options available to you, and consider different ways to make your money work harder for you.

    Source: FDIC
  • Personal Information is Like Money. Value it. Protect It.

    January 23, 2019, 9:18 AM

    Your devices make it easy to connect to the world around you, but they can also pack a lot of info about you and your friends and family, such as your contacts, photos, videos, location and health and financial data. Follow these tips to manage your privacy in an always-on world.

    • Secure your devices: Use strong passwords, passcodes or touch ID features to lock your devices. These security measures can help protect your information if your devices are lost or stolen and keep prying eyes out.
    • Think before you app: Information about you, such as the games you like to play, your contacts list, where you shop and your location, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps.
    • Now you see me, now you don’t: Some stores and other locations look for devices with WiFi or Bluetooth turned on to track your movements while you are within range. Disable WiFi and Bluetooth when not in use.
    • Get savvy about WiFi hotspots: Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your mobile device while you are connected. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services on these networks. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection on the go.

    Keep A Clean Machine

    • Keep your mobile phone and apps up to date: Your mobile devices are just as vulnerable as your PC or laptop. Having the most up-to-date security software, web browser, operating system and apps is the best defense against viruses, malware and other online threats.
    • Delete when done: Many of us download apps for specific purposes, such as planning a vacation, and no longer need them afterwards, or we may have previously downloaded apps that are no longer useful or interesting to us. It’s a good security practice to delete all apps you no longer use.
    Source: Stay Safe Online 
  • IRS, Security Summit partners warn tax professionals of fake payroll direct deposit and wire transfer emails

    December 18, 2018, 11:30 AM

    The Internal Revenue Service and its Security Summit partners today warned tax professionals of an uptick in phishing emails targeting them that involve payroll direct deposit and wire transfer scams.

    These business email compromise/business email spoofing (BEC/BES) tactics generally target all types of industry and employers. Recently the IRS received a number of reports from tax preparers that they, too, are being targeted.

    The IRS and the Summit partners, consisting of state revenue departments and tax community partners, are concerned these scams – as well as the Form W-2 scam -- could increase as the 2019 tax season approaches.

    These emails generally impersonate a company employee, often an executive, and are sent to payroll or human resources personnel. The email from the "employee" asks the payroll or human resource staff to change his or her direct deposit for payroll purposes. The "employee" provides a new bank account and routing number, but it is actually controlled by the thief. This scam is usually discovered pretty quickly, but not before the victim has lost one or two payroll deposits.

    In another version of the BEC/BES scam, the emails impersonate a company executive and are sent to the company employee responsible for wire transfers. The email requests that a wire transfer be made to a specific account that is controlled by the thief. Companies that fall victim to this scam can lose tens of thousands of dollars.

    A common theme in these and many other email scams is that they include grammatical and spelling mistakes.

    All businesses should be alert to these BEC/BES scams that take many forms such as fake invoice payments, title escrow payments, wire transfers or other schemes that result in a quick payoff for the thief. Businesses should consider policy changes to guard against such losses.

    One version the IRS and Summit partners have highligted in recent years is the W-2 scam. This involves an email impersonating an executive or person in authority, which requests a list of the organization's Forms W-2 covering all of its employees. The purpose of this scam is to allow thieves to quickly file fraudulent tax returns for refunds. All employers, in both the public and private sectors, should be on guard against this and other dangerous scams.

    BEC/BES email examples

    Here are examples of emails that have been reported by tax professionals to the IRS in recent days. These emails have been edited by the IRS:

    From: [REMOVED]
    Sent: Monday, December 10, 2018 [REMOVED]
    To: [REMOVED]
    Subject: (no subject)
                                         
    Hello [REMOVED],
     
    I changed my bank and I will like my paycheck DD details changed. Do you think this change be effective for the next pay date?
     
    [REMOVED]
     
    Sent from my iPhone

    The wire transfer scam is similar:

    -------- Original message --------
    From: [REMOVED]
    Date: 12/10/18 [REMOVED]
    To: [REMOVED]
    Subject: ACH Payment Attention
     
    [REMOVED],
     
    Please confirm the receipt of my message, Authorized can you handle domestic transfer payment now?
     
    Thanks you.
     
    [REMOVED]
     
    Sent from my iPhone

    Where to send the BEC/BES emails

    General non-tax related BEC/BES email scams should be forwarded to Internal Crime Complaint Center (IC3), which is monitored by the Federal Bureau of Investigation. The public can file a complaint about email scams or other internet-related scams by going to www.ic3.gov.

    Tax professionals and others should also report tax-related phishing emails to phishing@irs.gov. This account is monitored by IRS cybersecurity professionals. This reporting process also enables the IRS and Security Summit partners to identify trends and issue warnings.

    Because of the dangers to tax administration posed by the Form W-2 scam, the IRS set up a reporting process for employers. Employers who fall victim to the W-2 scam should report it at dataloss@irs.gov. There is a process employers can follow at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers. Employers who receive the W-2 scam email but do not fall victim should forward the email to phishing@irs.gov.

    Source: IRS
  • Latest Consumer Protection Data Spotlight Finds Seniors Sending Thousands in Cash to Scammers Claiming to be their Grandchildren

    December 03, 2018, 3:54 PM

    Older consumers who report losing money to fraud are reporting a disturbing trend: Scammers claiming to be a loved one in trouble are getting people 70 and over to send thousands of dollars in cash.

    In the second Consumer Protection Data Spotlight, the Federal Trade Commission examined complaints about family and friend imposter scams. These scammers often call seniors claiming to be a grandchild. The FTC is seeing an increase in the number of people ages 70 and over who say they sent cash in response to this particular scam – one in four said they mailed cash in 2018, compared to one in fourteen the prior year. In about half of these types of complaints, the scammer said they were in jail or some other legal trouble and in need of money to get out of trouble.

    All age groups reported losing more money over the last 12 months to family and friend imposter scams – a total of $41 million, compared to $26 million the previous year. The most striking concern is individual losses by older Americans. The median loss for this scam was $2,000, but when seniors ages 70 and over said they put cash in the mail, their median loss was $9,000.

    The FTC urges those who might get such a call to not act right away. Instead, the FTC recommends calling the family member or friend using a known number, or checking out the request with someone else in their family or a mutual friend.

    Source: Federal Trade Commission 
  • Preventing and Responding to Identity Theft

    December 03, 2018, 3:51 PM

    Is identity theft just a problem for people who submit information online?

    You can be a victim of identity theft even if you never use a computer. Malicious people may be able to obtain personal information (such as credit card numbers, phone numbers, account numbers, and addresses) by stealing your wallet, overhearing a phone conversation, rummaging through your trash (a practice known as dumpster diving), or picking up a receipt at a restaurant that has your account number on it. If a thief has enough information, he or she may be able to impersonate you to purchase items, open new accounts, or apply for loans.

    The internet has made it easier for thieves to obtain personal and financial data. Most companies and other institutions store information about their clients in databases; if a thief can access that database, he or she can obtain information about many people at once rather than focus on one person at a time. The internet has also made it easier for thieves to sell or trade the information, making it more difficult for law enforcement to identify and apprehend the criminals.

    How are victims of online identity theft chosen?

    Identity theft is usually a crime of opportunity, so you may be victimized simply because your information is available. Thieves may target customers of certain companies for a variety of reasons; for example, a company database is easily accessible, the demographics of the customers are appealing, or there is a market for specific information. If your information is stored in a database that is compromised, you may become a victim of identity theft.

    Are there ways to avoid being a victim?

    Unfortunately, there is no way to guarantee that you will not be a victim of online identity theft. However, there are ways to minimize your risk:

    • Do business with reputable companies – Before providing any personal or financial information, make sure that you are interacting with a reputable, established company. Some attackers may try to trick you by creating malicious web sites that appear to be legitimate, so you should verify the legitimacy before supplying any information. (See Avoiding Social Engineering and Phishing Attacks and Understanding Web Site Certificates for more information.)
    • Take advantage of security features – Passwords and other security features add layers of protection if used appropriately. (See Choosing and Protecting Passwords and Supplementing Passwords for more information.)
    • Check privacy policies – Take precautions when providing information, and make sure to check published privacy policies to see how a company will use or distribute your information. (See Protecting Your Privacy and How Anonymous Are You? for more information.) Many companies allow customers to request that their information not be shared with other companies; you should be able to locate the details in your account literature or by contacting the company directly.
    • Be careful what information you publicize – Attackers may be able to piece together information from a variety of sources. Avoid posting personal data in public forums. (See Guidelines for Publishing Information Online for more information.)
    • Use and maintain anti-virus software and a firewall – Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall. (See Understanding Anti-Virus Software and Understanding Firewalls for more information.) Make sure to keep your virus definitions up to date.
    • Be aware of your account activity – Pay attention to your statements, and check your credit report yearly. You are entitled to a free copy of your credit report from each of the main credit reporting companies once every twelve months. (See AnnualCreditReport.com for more information.)

    How do you know if your identity has been stolen?

    Companies have different policies for notifying customers when they discover that someone has accessed a customer database. However, you should be aware of changes in your normal account activity. The following are examples of changes that could indicate that someone has accessed your information:

    • unusual or unexplainable charges on your bills
    • phone calls or bills for accounts, products, or services that you do not have
    • failure to receive regular bills or mail
    • new, strange accounts appearing on your credit report
    • unexpected denial of your credit card

    What can you do if you suspect or know that your identity has been stolen?

    Recovering from identity theft can be a long, stressful, and potentially costly process. Many credit card companies have adopted policies that try to minimize the amount of money you are liable for, but the implications can extend beyond your existing accounts. To minimize the extent of the damage, take action as soon as possible:

    • Start by visiting IdentityTheft.gov – This is a trusted, one-stop resource to help you report and recover from identity theft. Information provided here includes checklists, sample letters, and links to other resources.
    • Possible next steps in the process – You may need to contact credit reporting agencies or companies where you have accounts, file police or other official reports, and consider other information that may have been compromised.

    Other sites that offer information and guidance for recovering from identity theft are:


    Source: United States Computer Emergency Readiness Team
  • 10 Online Mobile Security Tips

    November 27, 2018, 11:22 AM

    As your options for purchasing and banking online grow, so does the need to safeguard your security and privacy while using the internet on your mobile device. Online security protects you from fraudulent intrusion as well as the careless release of your sensitive data.

    Sometimes, mobile security is as simple as a frequent review of your bank accounts to ensure that nothing unauthorized has occurred. But there are other things you can do to stay safe in an online environment.

    Here are 10 online mobile security tips to help protect your money and your sensitive data.

    1. Use strong passwords

    A strong password is the first step in mobile security. This is something that can't be easily guessed by either another human or a computer program. The strongest password should have at least eight characters and include letters, numbers, and symbols. Make sure you are using different passwords for your various online accounts.

    2. Avoid vulnerable numbers

    It's never a good idea to use identifying numbers as part of your password, personal identification number (PIN), or user ID. This includes parts of your Social Security number, birth date, age, or those of loved ones. This is information that someone else could find and use to access your account.

    3. Watch for strange emails

    Your bank will never send you emails requesting that you send them back sensitive data such as your account information or login details. If you receive emails like this, you can call the bank to verify their legitimacy.

    4. Be wary of email attachments

    Avoid clicking on email attachments unless you are 100% sure that you know the sender of the message. Attachments can launch virus programs on your mobile device and compromise your sensitive information. Even if a message appears to come from a friend or familiar company, it's always better to use caution with attachments.

    5. Watch your online sharing

    The more information about yourself you disclose online, the more vulnerable you can become to fraud. Identity thieves are looking for accounts that have plenty of data, so it's a good idea to check your social network privacy settings and curtail your sharing.

    6. Pause before you click

    When shopping and banking online, you can avoid scams by only using sites that have strong security in place. Look for websites that have an "https" at the beginning instead of just "http." That extra "s" indicates that they have put extra security measures in place.

    7. Secure your smartphone

    If you shop, access mobile banking, and have any other sensitive data on your smartphone, keep it secure. You can do this by turning on the screen lock function of your phone. After a set period of inactivity, your screen will lock and the phone will ask for a passcode or your fingerprint to be used again.

    8. Don't store sensitive data on your phone

    Certain sensitive data should not be stored on a mobile device. This includes bank account numbers, PINs, Social Security numbers, and credit card numbers. If you use a mobile banking app, your bank will not display this data on the app.

    9. Use caution with apps

    Speaking of apps, it's a good idea to think twice before downloading new ones. Carefully read the app's privacy policy so that you understand what personal data the company can access, use, and even sell to others.

    10. Update your technology

    Mobile devices run on an operating system (generally iOS or Android), and these systems often have security patches in each version. You should not only keep your operating system updated but also consider an additional mobile antivirus program.

    City Bank Cares About Your Personal Information

    By following these mobile security tips, you can help prevent your sensitive information from getting into the wrong hands. If you suspect that your banking data has been compromised, contact us immediately.

    At City Bank, we take your privacy and security seriously. We use a layered approach to help protect your identity and financial accounts. If you have any concerns about mobile security, we're here to answer your questions.