Cyber Security and Fraud Prevention

Passwords are the first line of defense to protect your digital assets. With compromised passwords continuously the #1 cause of data breaches, password security must always remain a top priority to keep yourself safe from cyber threats.

WHAT IS A STRONG PASSWORD?

• At least 10 characters
• Include combination of numbers, uppercase letters, lowercase letters
• Include special characters such as #, &, and @

What passwords should be avoided?

• Your, child, spouse’s name
• Birthday or SSN
• Identifiable numbers from phone number, address, or license plates
• Street name
• Correctly spelled dictionary word or sequential alpha/numeric strings

HOW DO I CREATE A STRONG PASSWORD?

One technique is to transform a phrase. For example: Yankee doodle went to town: would be: YDW2town

Chicago is my kind of town: would be: CizmKot2
I dislike broccoli would be: eyeH8brocolee

Another technique is to combine a word or phrase with letters and numbers
Five barbequed chickens would be: 5BbkewChicknz
Formative years: would be 4mativeYEARZ

The strongest passwords feature a combination of nonsensical letters, numbers and special characters. For example:
#1 – 5pN!!X99732$
#2 – 78HK&302mmz

(Do not use any of the examples above for your password.)

Also remember: When selecting security questions, provide answers that are easy for you to remember, but hard for others to guess. Do not write down your security questions or answers or share them with anyone.

As a valued customer, we want to alert you of a new smishing (SMS Phishing) attack targeting smartphones.

Hackers are increasingly targeting their victims through smartphones. They send texts that attempt to trick you into doing something against your own best interests. At the moment, there is a mystery shopping scam going on, starting out with a text invitation, asking you to send an email for more info which then gets you roped into the scam. This is one example, but scammers are consistently developing new, inventive approaches to obtain information.

As a reminder, when you get a text, remember to "THINK BEFORE YOU TAP"; because more and more, texts are being used for identity theft, bank account take-overs and to pressure you into giving out personal or company confidential information. You may visit YouTube to watch a short video made by USA Today that shows how this works.

Use official Mobile Apps

Prosperity Bank offers two mobile applications. Enrollment is a one-time process that helps ensure your security. The enrollment process for SMS text banking requires you to log in to online banking, select the Mobile Management link under the User Services tab, and follow the instructions to retrieve an activation code. Our Mobile Banking App and Card Control App are only found on Google Play and Apple’s App Store.

Pop-Up Advertisements

Pop-ups appear in a separate browser window and, when clicked, can download harmful spyware or adware to your computer. While some make legitimate offers, many pop-ups are attempts to obtain your sensitive information.
Prosperity Bank will never ask you to verify personal financial information in pop-up advertisement.

SPYWARE AND VIRUSES

Spyware and viruses are destructive programs loaded on your computer without your permission or knowledge. Spyware appears as a legitimate application on your computer but actually monitors your activity and collects sensitive information. Viruses are harmful programs spread through the Internet that can compromise the security of your computer. Maintaining up-to-date anti-spyware and virus protection software and firewalls help avoid these risks.

Keep your computer updated with the most recent web browser and operating system updates. Load anti-virus software on your computer. Some of these also include a firewall for further protection.

Please be aware of fraudulent e-mails being circulated asking for personal account information. These e-mails appear to come from Prosperity Bank or other Regulatory Entities with the subject of "Important Message" and they ask for you to update your account with a security enhancement. These e-mails are part of a large scam to acquire confidential account information, and no email from Prosperity Bank or other Regulatory Entities will ask you for that information.

Prosperity Bank will not send you an email, or call you, asking you to provide any confidential account information through an email link, or phone number.

IF YOU RECEIVE ANY EMAILS THAT APPEAR TO BE FROM PROSPERITY BANK OR ANY REGULATORY ENTITY ASKING FOR CONFIDENTIAL INFORMATION YOU SHOULD:

1. Treat the email with suspicion. Do not reply to the email or respond by clicking on a link within the email message. Do not dial any phone numbers contained in the email.
2. Do not open any attachments contained in the e-mail, they may contain malicious code that will infect your computer.
3. Contact your local banking center to report the suspicious email as soon as possible. If the email claims to be from Prosperity Bank you may report by phone or by emailing us through our website by visiting our Contact Us page.

Please be aware that Prosperity Bank takes every precaution to protect your account information. If you have any questions about how Prosperity Bank handles your confidential information, please read our Privacy notices.

PHISHING

This particular type of fraud occurs when someone poses as a legitimate company to obtain personal data, such as account numbers, and then makes transactions with this information illegally. A common form of this scam is called “phishing”. PHISHING refers to cyber-criminals who attempt to gather sensitive personal information from consumers through emails and/or through imitations of legitimate Web sites.

To combat phishing, please remember that Prosperity Bank will never ask for sensitive information from you via e-mail (ex. Social security number, access ID, passcode or account number, or ATM/debit card number and PIN).

In many cases, phishing scams, whether by phone or through emails, attempt to gain personal information from the call or email recipients such as:

• First and Last Name
• Debit Card or ATM Card Number
• Debit or ATM Card Personal Identification Number (PIN)
• Date of Birth
• Social Security Number
• Account Number and/or Account Type

Before you initiate an online transaction, make sure your personal information is protected by looking for indicators that the site is secure. URLs for secure sites typically begin with "https" instead of "http" and display a lock in the lower right corner of your browser.

Always be careful when using public Wi-Fi spots, as they are not secure.

On June 14, 2016, the Federal Bureau of Investigation (FBI) issued a Public Service Announcement entitled Business E-mail Compromise: The 3.1 Billion Dollar Scam. You can read the full announcement here.

BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

By 2019, the FBI had raised the amount to $26 billion. In 2020, cyber criminals have escalated into targeting organizations that use popular cloud-based email service, costing U.S. business more than $2 billion. 

Cloud-based email services are hosted subscription services that enable users to conduct business via tools such as email, shared calendars, online file storage, and instant messaging.

How Do I Protect Against BEC Exploits?

• Be suspicious. Asking for clarification, forwarding an email to IT, or checking with a colleague is better than wiring hundreds of thousands of dollars to a fake company in China.
• If something doesn't feel right, it probably isn't. Encourage employees to trust their instincts and ask “Would my CEO actually tell me to do this?” or “Why isn't this supplier submitting an invoice through our portal?”
• Slow down. Attackers often time their campaigns around our busiest periods of the day for good reason. If a human resources manager is quickly going through emails, she is less likely to pause and consider whether a particular request is suspect.

WHAT TO DO IF YOU ARE A VICTIM

If you discover unauthorized payments, contact your Prosperity Bank immediately to request recall of the funds. Report attempted or actual fraudulent financial transfers to the Internet Crime Complaint Center at www.ic3.gov or to your local FBI field office, which can be found at www.fbi.gov/contact-us/field. The FBI may be able to assist financial institutions in the recovery of lost funds.

The Federal Deposit Insurance Corporation (FDIC) has resources on cybersecurity issues including cybersecurity basics, identity theft, frauds, and scams. Learn more about how you can protect your personal information and your money.

• Consumer Assistance Topics - Cybersecurity
• 10 Scams Targeting Bank Customers

The DHS Cybersecurity and Infrastructure Agency (CISA) has become the focal point for cybersecurity efforts in recent years. The agency has resources for consumers and businesses here.

Homeland Security has provided a great toolkit called STOP.THINK.CONNECT. It's full of important resources for both businesses and individuals. Take a look and learn how to protect yourself from today's cyber criminals.

The Federal Trade Commission (FTC) also has a website with cybersecurity tips and videos accessible here. 

Identity theft occurs when someone assumes your identity to perform a fraud or other criminal act. Criminals can get the information they need to assume your identity from a variety of sources, including by stealing your wallet, rifling through your trash, or by compromising your credit or bank information. They may approach you in person, by telephone, or on the Internet and ask you for the information.

• Never give your credit card number over the telephone unless you make the call.
• Reconcile your bank account monthly, and notify your bank of discrepancies immediately.
• Keep a list of telephone numbers to call to report the loss or theft of your wallet, credit cards, etc.
• Report unauthorized financial transactions to your bank, credit card company, and the police as soon as you detect them.

CREDIT REPORT

Review a copy of your credit report at least once each year. Notify the credit bureau in writing of any questionable entries and follow through until they are explained or removed. If your identity has been assumed, ask the credit bureau to print a statement to that effect in your credit report. If you know of anyone who receives mail from credit card companies or banks in the names of others, report it to local or federal law enforcement authorities.

Lock or freeze your credit reports unless you are applying for a loan or credit. Only unlock them when needed:

• Equifax - https://www.equifax.com/personal/credit-report-services/credit-freeze/
• Experian - https://www.experian.com/freeze/center.html
• TransUnion - https://www.transunion.com/credit-freeze

Due to the massive amounts of media coverage on the subject, most of us are aware of the enormity of the signature-based debit card fraud being perpetrated by criminals around the world. There is no doubt it is a huge problem but not one without a solution.

Currently, Prosperity Bank employs a multi-faceted approach to debit card fraud prevention and two of these facets are fraud monitoring and the use of Personal Identification Number (PIN) based transactions. At this time, PIN based transactions are the single most effective means to combat debit card fraud. Please rest assured that we want to provide you with the most friendly and efficient level of service possible while also keeping you safe from criminals who attempt to exploit our debit card system and the financial identity of our customers.

If you ever have any questions or concerns, don’t hesitate to contact us at (800) 531-1401.

card skimming

Card skimming is the theft of credit and debit card data and PIN numbers when the user is at an automated teller machine (ATM) or point of sale ( POS ). Skimmers will gather data from multiple cards and sometimes even install a camera or a fake keyboard pad to gather your PIN as well.

There are two simple steps you can take to help defend against this type of fraud.

1. If it doesn’t look or feel right, then don’t ignore your intuition…take a few extra steps to investigate. You can move everything around to see if it changes. Since card skimmers and fake keyboards are installed on top of existing hardware, they move easily and often wiggle when pushed on.
2. Cover the keypad with your hand when putting in your PIN. This will keep any possible camera from capturing your private information.

Wire Fraud refers to a type of crime that is committed through the use of technologically-based communication system, including: telephones, computational systems, online networks, the Internet, or electronic databases. There have been increasing instances where individuals or companies fall victim to wire transfer scams perpetrated through fake emails, faxes or voice requests, often from people they think are senior executives of the company or legitimate vendors.

Examples include:

• Your company’s CEO or CFO sends you an urgent email request (from his email address) to wire transfer funds immediately. He says in the email that he “was about to get on a plane” or was “at a funeral” or he provides some other excuse indicating he would be out of touch for an extended period of time.
• You get an email from your regular outside vendor from their email address with a sudden change in wiring instructions to pay for an invoice.
• You get an email or fax request from your realtor or title company with a change in wiring instructions for closing a real estate deal at the last minute.
• You get a fax, on vendor letterhead with, what appeared to be, a legitimate signature with a different set of wiring instructions for a purchase your company was making.
• You get a phone call or voice mail from a legitimate vender with wiring instructions, where you did not recognize the voice.

What to do?

Establish a culture in your business or personal finances that encourages a questioning mindset; where possible, utilize purchasing and treasury controls that require multiple approvals for wire transfers; but most of all, NEVER trust email, fax or voice wire instructions without contacting the originator directly in order to validate that the instructions are correct.

Also, watch out for emails from your “boss” or “vendor” where the language is unfamiliar. Perhaps the style is more formal than he/she normally communicates …. for instance, the use of the word “kindly” may not match the verbal style of the person sending the email…. so when the email says “kindly wire the funds” you should be suspicious. You should also be on the lookout for unusual colloquialisms … recently we had a fraudster sign off on a hijacked email with “Cheers”. Now, unless your boss or vendor is from the UK or Australia, “Cheers” is not normal vocabulary for most Texas and Oklahoma residents.