How it happens

  • A phishing attempt can be carried out through an authentic looking email seemingly from a real company in an attempt to lure you to a webpage or online form with language often reporting suspicious account activities or security issues.
  • The email message will generally place some urgency on providing your personal information at a page linked to within the email (e.g., your account will be closed). Or, the email might communicate that the company is implementing new identity theft solutions.
  • The email might include a convenient link to a website that looks similar to the financial institution in question.
  • Smishing is carried out by fraudulent text messages sent to your mobile device.

Steps to prevent it

  • Understand that legitimate companies like TIAA Bank will not request sensitive information through non-secure methods such as email and text messages.
  • Contact the company in question to verify the message’s authenticity. Be sure to use a phone number you know to be correct, not one provided by the email or text message.
  • Type the actual URL of the company into your web browser. Do not use the link or address provided by the email or text message. Note: Emails from TIAA Bank will never send you directly to a form or application requiring personal information.
  • Make sure that you’re using a secure website. Secure sites display https:// instead of http:// in your browser’s address bar and include a lock icon.
  • Ensure that the anti-virus, anti-spam and spyware detection software on your computer is up to date.
  • Install a security application, such as Trusteer Rapport, that provides online identity theft protection and online transaction protection.

How it happens

  • Pharming software infiltrates a computer system without the owner’s knowledge.
  • Pharming perpetrators steal information by redirecting victims to fraudulent websites and capturing their personal and financial information.
  • Pharming code may be sent via email, which causes the host computer to redirect correctly typed Internet addresses or bookmarks to fraudulent sites.

Steps to prevent it

  • Before entering personal information on a web page, check the address in the web browser’s address bar to make sure that the http has changed to https (the “s” stands for secure).
  • Install Internet security software that includes an anti-virus program to monitor all online activities and protect your computer from malicious programs. Ensure that this software is up to date.
  • Install a security application, such as Trusteer Rapport, that provides online identity theft protection and online transaction protection.
  • Install software which will monitor and upgrade your computer software with the latest security defenses.

How it happens

  • Malicious software infiltrates a computer system without the owner’s knowledge.
  • Malware creators steal information from a victim by intercepting the user’s passwords, credit card numbers or other information, enabling credit card fraud and other theft.
  • Malware can be inadvertently downloaded from infected email attachments and malicious websites.

Steps to prevent it

  • Avoid suspicious, questionable and illegal websites.
  • Evaluate email attachments and links carefully before opening.
  • Install Internet security software that includes anti-virus, anti-spam, anti-spyware, and firewall, which will scan all incoming data and block any threats, or which can detect and remove malware that has already been installed. Ensure that this software is up to date.
  • Install a security application, such as Trusteer Rapport, that provides online identity theft protection and online transaction protection.
  • Install software which will monitor and upgrade your computer software with the latest security defenses.

How it happens

  • Malicious software infiltrates a computer system without the owner’s knowledge.
  • Thieves steal information from a victim by tracking their keystrokes when passwords, credit card numbers or other information are typed, enabling credit card fraud and other theft.
  • Keyboard logging programs may be stored and regularly updated on a victim’s hard drive.

Steps to prevent it

  • Install Internet security software that includes anti-virus, anti-spam, anti-spyware, and firewall, which will scan all incoming data and block any threats, or which can detect and remove malware that has already been installed. Ensure that this software is up to date.
  • Install a security application, such as Trusteer Rapport, that provides online identity theft protection and online transaction protection.
  • Install software which will monitor and upgrade your computer software with the latest security defenses.

How it happens

  • An automated phone call or email will notify you of suspicious credit card or bank account activity.
  • The message will provide a phone number for you to call immediately to resolve the problem.
  • When you call the number, automated instructions request your credit card number, bank account number, PIN number and expiration dates.

Steps to prevent it

  • Never provide personal information unless you have initiated the call or have strong reason to believe in its legitimacy.
  • Have handy the customer service phone numbers of your financial institution and only use those numbers to initiate contact.
  • Ensure that your financial institution has 24-hour customer service so you can resolve an issue at any time.

How it happens

  • Thieves will search mailboxes for incoming mail such as credit card bills and bank account statements.
  • They will also check outgoing mail that might contain personal checks to pay bills. This will provide them with your routing and checking account numbers.

Steps to prevent it

  • Drop off mail that contains checks at your local post office or a postal service box.
  • As soon as possible, pick up incoming mail.
  • Limit your paper-based financial transactions by moving them online.
  • TIAA Bank and other banks provide online services like eBills and eStatements that can replace your paper bills with electronic versions.
  • Online bill pay can reduce your risk of stolen paper checks.

How it happens

Thieves could steal personal information from your wallet or purse, including:

  • Social Security cards and cards with your SSN
  • Credit cards
  • Driver Licenses
  • Voter registration cards
  • Health insurance identification
  • Bank personal identification numbers (PINs)

Steps to prevent it

  • Don’t carry your Social Security card or any documents with your SSN. If you need to do so for a specific purpose (e.g., visit to Social Security office, job requirement), be sure to remove the card when you get home.
  • Limit the amount of credit cards you carry.
  • In case of theft, act quickly to contact your bank and credit card companies to shut down your cards.
  • Store your financial institutions’ contact numbers in a reliable place.
  • Some online banking services, like TIAA Bank’s, allow you to store all of your financial vendors’ contact information online.

How it happens

Thieves could steal personal information from the trash, including:

  • Bills
  • Credit card applications
  • Unused checking account deposit slips
  • Old bank statements

Steps to prevent it

  • Before sending to the trash, be sure to shred all papers that contain personal information.

How it happens

  • Scammers compromise legitimate business email accounts through social engineering or computer intrusion techniques (such as malware) for the end goal of stealing money and/or sensitive information.

Steps to prevent it

  • Always confirm requests for fund transfers and verify changes in vendor payment locations.
  • Be cautious when sending or receiving emails from free, web-based email accounts. They are more susceptible to being hacked.
  • Know the risks and take great care when posting financial and personnel information to social media platforms and company websites.
  • Be suspicious of requests for secrecy or pressure to act quickly when you receive a wire transfer payment solicitation.
  • If possible, implement a two-step verification process for wire transfer payments.
  • Set up a system that will flag emails with extensions that are similar to company email addresses but are not exactly the same.
  • Make efforts to register all Internet domains that are similar to, or slightly different from, your actual company domain.
  • Learn the habits of your clients and be aware of significant changes to things such as the amounts and details of their payments, as well as the reasons they are sending them.
  • Phishing/Smishing
  • Pharming
  • Malware
  • Keyboard logging
  • Vishing
  • Mailbox theft
  • Wallet & purse
  • Trash & dumpster diving
  • Business email compromise

How it happens

  • A phishing attempt can be carried out through an authentic looking email seemingly from a real company in an attempt to lure you to a webpage or online form with language often reporting suspicious account activities or security issues.
  • The email message will generally place some urgency on providing your personal information at a page linked to within the email (e.g., your account will be closed). Or, the email might communicate that the company is implementing new identity theft solutions.
  • The email might include a convenient link to a website that looks similar to the financial institution in question.
  • Smishing is carried out by fraudulent text messages sent to your mobile device.

Steps to prevent it

  • Understand that legitimate companies like TIAA Bank will not request sensitive information through non-secure methods such as email and text messages.
  • Contact the company in question to verify the message’s authenticity. Be sure to use a phone number you know to be correct, not one provided by the email or text message.
  • Type the actual URL of the company into your web browser. Do not use the link or address provided by the email or text message. Note: Emails from TIAA Bank will never send you directly to a form or application requiring personal information.
  • Make sure that you’re using a secure website. Secure sites display https:// instead of http:// in your browser’s address bar and include a lock icon.
  • Ensure that the anti-virus, anti-spam and spyware detection software on your computer is up to date.
  • Install a security application, such as Trusteer Rapport, that provides online identity theft protection and online transaction protection.

How it happens

  • Pharming software infiltrates a computer system without the owner’s knowledge.
  • Pharming perpetrators steal information by redirecting victims to fraudulent websites and capturing their personal and financial information.
  • Pharming code may be sent via email, which causes the host computer to redirect correctly typed Internet addresses or bookmarks to fraudulent sites.

Steps to prevent it

  • Before entering personal information on a web page, check the address in the web browser’s address bar to make sure that the http has changed to https (the “s” stands for secure).
  • Install Internet security software that includes an anti-virus program to monitor all online activities and protect your computer from malicious programs. Ensure that this software is up to date.
  • Install a security application, such as Trusteer Rapport, that provides online identity theft protection and online transaction protection.
  • Install software which will monitor and upgrade your computer software with the latest security defenses.

How it happens

  • Malicious software infiltrates a computer system without the owner’s knowledge.
  • Malware creators steal information from a victim by intercepting the user’s passwords, credit card numbers or other information, enabling credit card fraud and other theft.
  • Malware can be inadvertently downloaded from infected email attachments and malicious websites.

Steps to prevent it

  • Avoid suspicious, questionable and illegal websites.
  • Evaluate email attachments and links carefully before opening.
  • Install Internet security software that includes anti-virus, anti-spam, anti-spyware, and firewall, which will scan all incoming data and block any threats, or which can detect and remove malware that has already been installed. Ensure that this software is up to date.
  • Install a security application, such as Trusteer Rapport, that provides online identity theft protection and online transaction protection.
  • Install software which will monitor and upgrade your computer software with the latest security defenses.

How it happens

  • Malicious software infiltrates a computer system without the owner’s knowledge.
  • Thieves steal information from a victim by tracking their keystrokes when passwords, credit card numbers or other information are typed, enabling credit card fraud and other theft.
  • Keyboard logging programs may be stored and regularly updated on a victim’s hard drive.

Steps to prevent it

  • Install Internet security software that includes anti-virus, anti-spam, anti-spyware, and firewall, which will scan all incoming data and block any threats, or which can detect and remove malware that has already been installed. Ensure that this software is up to date.
  • Install a security application, such as Trusteer Rapport, that provides online identity theft protection and online transaction protection.
  • Install software which will monitor and upgrade your computer software with the latest security defenses.

How it happens

  • An automated phone call or email will notify you of suspicious credit card or bank account activity.
  • The message will provide a phone number for you to call immediately to resolve the problem.
  • When you call the number, automated instructions request your credit card number, bank account number, PIN number and expiration dates.

Steps to prevent it

  • Never provide personal information unless you have initiated the call or have strong reason to believe in its legitimacy.
  • Have handy the customer service phone numbers of your financial institution and only use those numbers to initiate contact.
  • Ensure that your financial institution has 24-hour customer service so you can resolve an issue at any time.

How it happens

  • Thieves will search mailboxes for incoming mail such as credit card bills and bank account statements.
  • They will also check outgoing mail that might contain personal checks to pay bills. This will provide them with your routing and checking account numbers.

Steps to prevent it

  • Drop off mail that contains checks at your local post office or a postal service box.
  • As soon as possible, pick up incoming mail.
  • Limit your paper-based financial transactions by moving them online.
  • TIAA Bank and other banks provide online services like eBills and eStatements that can replace your paper bills with electronic versions.
  • Online bill pay can reduce your risk of stolen paper checks.

How it happens

Thieves could steal personal information from your wallet or purse, including:

  • Social Security cards and cards with your SSN
  • Credit cards
  • Driver Licenses
  • Voter registration cards
  • Health insurance identification
  • Bank personal identification numbers (PINs)

Steps to prevent it

  • Don’t carry your Social Security card or any documents with your SSN. If you need to do so for a specific purpose (e.g., visit to Social Security office, job requirement), be sure to remove the card when you get home.
  • Limit the amount of credit cards you carry.
  • In case of theft, act quickly to contact your bank and credit card companies to shut down your cards.
  • Store your financial institutions’ contact numbers in a reliable place.
  • Some online banking services, like TIAA Bank’s, allow you to store all of your financial vendors’ contact information online.

How it happens

Thieves could steal personal information from the trash, including:

  • Bills
  • Credit card applications
  • Unused checking account deposit slips
  • Old bank statements

Steps to prevent it

  • Before sending to the trash, be sure to shred all papers that contain personal information.

How it happens

  • Scammers compromise legitimate business email accounts through social engineering or computer intrusion techniques (such as malware) for the end goal of stealing money and/or sensitive information.

Steps to prevent it

  • Always confirm requests for fund transfers and verify changes in vendor payment locations.
  • Be cautious when sending or receiving emails from free, web-based email accounts. They are more susceptible to being hacked.
  • Know the risks and take great care when posting financial and personnel information to social media platforms and company websites.
  • Be suspicious of requests for secrecy or pressure to act quickly when you receive a wire transfer payment solicitation.
  • If possible, implement a two-step verification process for wire transfer payments.
  • Set up a system that will flag emails with extensions that are similar to company email addresses but are not exactly the same.
  • Make efforts to register all Internet domains that are similar to, or slightly different from, your actual company domain.
  • Learn the habits of your clients and be aware of significant changes to things such as the amounts and details of their payments, as well as the reasons they are sending them.

TIAA Bank is a division of TIAA, FSB, an Equal Housing Lender and Member FDIC.