Bank of Luxemburg is committed to helping ensure your protection from fraudulent and/or criminal activity via the Internet. The following information is intended to help you protect against Internet crime and identity theft. Report any suspicious activity to our assistant operations manager at 920-845-2345 or firstname.lastname@example.org.
What to do when you receive a suspicious contact?
Bank of Luxemburg will never ask over the telephone, via e-mail, or from an unsecured web page, for your Social Security Number, account numbers or other financial information. If you receive any unsolicited e-mail that asks for your personal financial information and seems to come from Bank of Luxemburg, call us and verify it first. Do not reply until you check with us. This could be an e-mail scam trying to steal your information that could be used to commit fraud.
If you receive a suspicious phone call from someone who says he or she is with Bank of Luxemburg, ask the caller for a return phone number. Then call Bank of Luxemburg to verify that the call came from us.
If you call Bank of Luxemburg to inquire about your account, someone will ask you to verify your information for security purposes. This is to protect you from Identity Theft and prevent fraud.
Prevent Online Fraud and Identity Theft
Internet scams such as Phishing and Spoofing are a potential threat, and protecting your personal information from Identity Theft is crucial. Phishing and spoofing schemes use the Internet to deceive people into revealing personal information such as account numbers, social security numbers and passwords to commit fraud. We urge all Bank of Luxemburg customers to be vigilant and aware of the various types of fraud that can occur. Prevention and knowledge is one of the best ways to prevent it from happening to you.
Internet Fraud Information
Phishing involves an email sent with the intent of wrongfully obtaining the recipient’s personal
information, such as Social Security numbers, bank account numbers, debit and credit card numbers, user IDs and passwords. The emails are often “spoofed”, meaning they appear to be a legitimate communication from a bank, credit card company or other organization.
If you receive a suspicious e-mail, do not open any attachments or click on any links. Also, do not respond to the email. Bank of Luxemburg will never request personal information, including Social Security numbers, account numbers, user names or passwords in email messages or pop-up windows.
How to Recognize a Phishing E-Mail
• Legitimate businesses do not ask for this information unless you initiate a request for
a service. Please DO NOT RESPOND to these e-mails requesting personal identity,
accounts or password information.
• An e-mail includes scare tactics that lead you to believe clicking on a website link is vital
to your continued access to your financial accounts or other services.
• If there is a request for sensitive information such as your password, PIN number, Social Security
Number or account number, a legitimate company will never ask you for this via
• The e-mail message may contain misspelled words, poor grammar or strange formatting
Website Spoofing involves setting up fake websites that mimic the any legitimate website. The spoof Internet site may route whatever information you provide to criminals. This can include your account numbers, Social Security Numbers, credit card information, passwords and other personal identification numbers.
To protect yourself from spoofing, be wary of unsolicited or unexpected emails from all sources. A cyber criminal will send a fake e-mail and trick you into going to a spoofed website to steal your information. If you receive an unsolicited e-mail, treat it as you would a suspected phishing attack.
Identity theft is the fraudulent use of your personal information. Typically your Social Security number (SSN) or bank account number is stolen and used to commit fraud or theft. The thief can then use this information to apply for loans and credit cards, access your bank account, buy cell phones and rent an apartment. In the worse-case scenario, a thief could apply for a job or commit a crime under your identity.
How is Information Obtained?
There are various methods that thieves can use to steal your information. It may be high-tech or low-tech by rummaging through trash or hacking into your personal computer. Some examples that an identity thief might look for are:
• E-mails containing links to bank sites or government sites that entice you to enter in
your user ID, password, SSN, etc.
• Lost or stolen purses, wallets, briefcases which contain personal belongings.
• Mail theft - credit card statements, checks, tax information, pre-approved credit card
offers, bank statements, etc.
• Personal information taken from your home (theft) or home computer (phishing/viruses).
• Information stolen from third parties - files from offices where you are a customer,
employee, patient or student.
No reputable business will ever e-mail you requesting that you update your personal information, including account numbers, system passwords or Social Security Numbers via a link to their site.
If you are unsure that the request is valid, open a new Internet session and manually key in the business' web address. If the business genuinely needs information from you, they will have you log into your online account to see the request. In most cases, you'll just be greeted with a message indicating that the business will never e-mail you requesting personal information.
Minimize Your Risk
Now that you understand how identity theft can happen, the following guidelines will assist you in lowering your chances that it will happen to you.
• Order a copy of your credit report from each of the three major credit bureaus once year
to ensure they are accurate. You may receive a free report on an annual basis at
• Utilize the services of companies that offer proactive identity theft monitoring.
• Remove your name from pre-approved credit card offers by calling (888) 5-OPT OUT.
Note: You will be asked to provide your SSN which the consumer reporting companies need to match with your file.
• Protect your PINs and other passwords that allow you to access your credit cards, ATM cards and financial information. Avoid using easily available information like your mother's maiden name, your birth date, the last four digits of your SSN, your phone number, etc
How to Protect your Business with a Risk Assessment for Online Transactions
Perform your own periodic risk assessment:
• Make a list of the risk related to online transactions that your business faxes. For example, you could possibly be the target of a phishing scam where an email is crafted to look as it came from legitimate, known source. However, its only intent is trick you into responding to the email and steal your information.
• Are there password being written down and left out in the open?
• Are you using the original password the program came with or only using the word 'password' to login.
• Is there a possibility of internal fraud or theft?
• Are there old user accounts of former employees still lilngering on the computer?
• Is there a presence of dual controls or other checks and balances versus individual access to online transaction capabilities?
Another part of the risk assessment is evaluating the controls:
• Do your critical business programs require a password?
• Do you conduct employee background checks?
• Is there a policy and process in place to terminate access of former employees?
• You may segregate duties among two or more people so no one person has too much access or control.
• You may conduct an internal audit or have a third party audit your controls.
• Use a firewall to protect from intusions and hackers.
• Incorporate malware detection, such as antivirus software, anti-spyware, spam filters, etc.
Once you've gone through this process its equally important to conduct this periodically. It's as or more important to re-evaulate the risks and controls when there is a significant change in the business, such as a new product or service or a breach in your business.
How to Protect yourself Online and Reduce your Risk?
Make sure you choose an adequate username and password, at minimus using upper and lower case letters and numbers. Strong password should contain:
• Both upper and lower case characters (e.g., a-z, A-Z)
• Digits and punctuation characters as well as letters (e.g., 0-9, !@#$%)
• At least eight characters long
• A unique word not found in any dictionary
• Special words not based on personal information, names of family members, etc.
Lastly, passwords should never be written down, shared or stored on-line. Try to create passwords that can be easily remembered.
• Periodically change your password
• Safeguard your username and password
• Make sure you have some or all of the following in place: antivirus, spyware detection, spam filters or firewall.
• Regularly patch your computer for vulnerabilities, using Windows update and other related programs specific to the programs installed on your computer. Criminal and malicious attackers use these vulnerabilities as an attack vector to gain access to your computer. This is by far the easiest mechanisms identity thieves target.
• Log off the website when done conducting transactions online. Don't just "X" out of the window
• Monitor your account on a regular basis
Credit Reporting Agencies (by notifying one agency of fraudulent activity, you will notify all three)
• Equifax: Request a credit report: (800) 685-1111 Option 4
Reporting Fraud: (800) 525-6285 • Website: http://www.equifax.com
• Experion: Request a credit report: (888) 397-3742
Reporting Fraud: (888) 397-3742 • Website: http://www.experian.com
• TransUnion Corporation: Request a credit report: (800) 916-8800
Reporting Fraud: (800) 680-7289 • Website: http://www.transunion.com