Security Center

As your financial partner, we take many steps to protect you from fraud. In the broadest sense, fraud is a deception made for personal gain or to damage another individual. Defrauding people of money is presumably the most common type of fraud. We have developed the Security Center to be a resource that can strengthen education on the most common methods of deception today. The security tips are designed to help you understand risk and options to help you control these risks. It is important to be informed and proactive. When it comes to fraud, an ounce of prevention is definitely worth a pound of cure.


Identity theft continues to be one of the fastest growing crimes in the United States. In 2015, there were 13.1 million victims of identity fraud in the U.S., according to Javelin Strategy and Research. Commercial Bank of Grayson recommends following these tips to keep your information – and your money – safe.

  1. Don’t share your secrets.
    Don’t provide your Social Security number or account information to anyone who contacts you online or over the phone. Protect your PINs and passwords and do not share them with anyone. Use a combination of letters and numbers for your passwords and change them periodically. Do not reveal sensitive or personal information on social networking sites.

  2. Shred sensitive papers.
    Shred receipts, banks statements and unused credit card offers before throwing them away.

  3. Keep an eye out for missing mail.
    Fraudsters look for monthly bank or credit card statements or other mail containing your financial information. Consider enrolling in online banking to reduce the likelihood of paper statements being stolen. Also, don’t mail bills from your own mailbox with the flag up.

  4. Use online banking to protect yourself.
    Monitor your financial accounts regularly for fraudulent transactions. Sign up for text or email alerts from your bank for certain types of transactions, such as online purchases or transactions of more than $500.

  5. Monitor your credit report.
    Order a free copy of your credit report every four months from one of the three credit reporting agencies at annualcreditreport.com.

  6. Protect your computer.
    Make sure the virus protection software on your computer is active and up to date. When conducting business online, make sure your browser’s padlock or key icon is active. Also look for an “s” after the “http” to be sure the website is secure.

  7. Protect your mobile device.
    Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen. Before you donate, sell or trade your mobile device, be sure to wipe it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen. Use caution when downloading apps, as they may contain malware and avoid opening links and attachments – especially for senders you don’t know.

  8. Report any suspected fraud to your bank immediately.

Your mobile device provides convenient access to your email, bank and social media accounts. Unfortunately, it can potentially provide the same convenient access for criminals. Commercial Bank of Grayson recommends following these tips to keep your information – and your money – safe.

  1. Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.

  2. Log out completely when you finish a mobile banking session.

  3. Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.

  4. Use caution when downloading apps. Apps can contain malicious software, worms, and viruses. Beware of apps that ask for unnecessary “permissions.”

  5. Download the updates for your phone and mobile apps.

  6. Avoid storing sensitive information like passwords or a social security number on your mobile device.

  7. Tell your financial institution immediately if you change your phone number or lose your mobile device.

  8. Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you’re punching in sensitive information.

  9. Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.

  10. Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don’t know. And be wary of ads (not from your security provider) claiming that your device is infected.

  11. Watch out for public Wi-Fi.Public connections aren't very secure, so don’t perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network.

  12. Report any suspected fraud to your bank immediately.

Though the internet has many advantages, it can also make users vulnerable to fraud, identity theft and other scams. According to Symantec, 12 adults become a victim of cybercrime every second. Commercial Bank of Grayson recommends the following tips to keep you safe online:

  1. Keep your computers and mobile devices up to date. Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.

  2. Set strong passwords. A strong password is at least eight characters in length and includes a mix of upper and lowercase letters, numbers, and special characters.

  3. Watch out for phishing scams. Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. Do not click on links or open any attachments or pop-up screens from sources you are not familiar with.
    • Forward phishing emails to the Federal Trade Commission (FTC) at spam@uce.gov – and to the company, bank, or organization impersonated in the email.

  4. Keep personal information personal. Hackers can use social media profiles to figure out your passwords and answer those security questions in the password reset tools. Lock down your privacy settings and avoid posting things like birthdays, addresses, mother’s maiden name, etc. Be wary of requests to connect from people you do not know.

  5. Secure your internet connection. Always protect your home wireless network with a password. When connecting to public Wi-Fi networks, be cautious about what information you are sending over it.

  6. Shop safely. Before shopping online, make sure the website uses secure technology. When you are at the checkout screen, verify that the web address begins with https. Also, check to see if a tiny locked padlock symbol appears on the page.

  7. Read the site’s privacy policies. Though long and complex, privacy policies tell you how the site protects the personal information it collects. If you don’t see or understand a site’s privacy policy, consider doing business elsewhere.

Ransomware is a form of malware used by cyber criminals to freeze your computer or mobile device, steal your data and demand a “ransom” - typically anywhere from a couple of hundreds to thousands of dollars ? be paid. Ransomware can affect individual computers or laptops, enterprise networks and or servers used by government agencies, financial institutions and healthcare providers. Commercial Bank of Grayson recommends the following tips to help individuals and businesses avoid ransomware attacks:

Tips for consumers:

  • Don’t click. Visiting unsafe, suspicious or fake websites can lead to the intrusion of malware. Be cautious when opening e-mails or attachments you don’t recognize even if the message comes from someone in your contact list.

  • Always back up your files. By maintaining offline copies of your personal information, ransomware scams will have a limited impact on you. If targeted, you will be less inclined to take heed to threats posed by cyber criminals.

  • Keep your computers and mobile devices up to date. Having the latest security software, web browser and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.

  • Enable popup blockers. To prevent popups, turn on popup blockers to avert unwanted ads, popups or browser malware from constantly appearing on your computer screen.

Tips for businesses:

  • Educate your employees. Employees can serve as a first line of defense to combat online threats and can actively help stop malware from infiltrating the organization’s system. A strong security program paired with employee education about the warning signs, safe practices, and responses aid tremendously in preventing these threats.

  • Manage the use of privileged accounts. Restrict users’ ability to install and run software applications on network devices, in an effort to limit your networks exposure to malware.

  • Employ a data backup and recovery plan for all critical information. Backups are essential for lessening the impact of potential malware threats. Store the data in a separate device or offline in order to access it in the event of a ransomware attack.

  • Make sure all business devices are up to date. Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans so that your operating systems operate efficiently.

  • Contact your local FBI field office immediately to report a ransomware event and request assistance. Visit https://www.fbi.gov/contact-us/field to locate the office nearest you.

Companies of all sizes are being targeted by criminals through Business Email Compromise scams. In these scams, cybercriminals gain access to an employee’s legitimate business email through social engineering or computer intrusion. The criminal then impersonates the employee - often a senior executive or someone who can authorize payments - and instructs others to transfer funds on their behalf. Commercial Bank of Grayson recommends the following tips to help businesses and employees avoid business email compromise attacks:

  • Educate your employees. You and your employees are the first line of defense against business email compromise. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.

  • Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.

  • Use alternative communication channels to verify significant requests. Have multiple methods outside of email – such as phone numbers, alternate email addresses – established in advance through which you can contact the person making the request to ensure it is valid.

  • Be wary of sudden changes in business practices or contacts. If an employee, customer or vendor suddenly asks to be contacted via their personal e-mail address, verify the request through known, official and previously used correspondence as the request could be fraudulent.

  • Be wary of requests marked “urgent” or “confidential. Fraudsters will often instill a sense of urgency, fear or secrecy to compel the employee to facilitate the request without consulting others. Use an alternative communication channel outside of email to confirm the request.

  • Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions such as call backs, device authentication and multi-person approval processes.

If you fall victim to a business email compromise scam:

  • Contact your financial institution immediately to notify them about the fraudulent transfer and request that they contact the institution where the fraudulent transfer was sent.

  • Contact your local Federal Bureau of Investigation office as they might be able to freeze or return the funds, if notified quickly.

  • File a complaint, regardless of dollar loss, at www.IC3.gov.

How can you protect yourself?

  • Do not give out your personal information over the phone, through the mail or over the internet unless you initiated the contact and make sure you know who you are doing business with. If any doubt, DON’T DO IT. Remember, Commercial Bank or other reputable places you do business with should not be asking for information they will already have.

  • Carefully review all your bills and account statements, making sure you are receiving them timely.

  • Review and monitor your credit report at least annually. You are entitled to a free copy of your credit report every 12 months from www.annualcreditreport.com or 877-322-8228

  • Do not open or respond to unknown emails. Be very careful as some will disguise themselves to look like a company or person you know.

  • Keep your social security numbers, passwords and other user name and PIN numbers secure. Never give them or share them with others.

  • Keep a copy of your important wallet contents in a safe, separate location in case it is stolen. Always keep your wallet/purse in a safe location. A locked car is not considered a safe place.

  • Keep your phone, password protected, since many people use their phones like wallets with personal information and credit cards on them.

  • When submitting financial information to website, look for the padlock or key icon at the bottom of your browser and make sure the internet address begins with “https.” This signals that your information is secure during the transmission.

What to do if you become a victim?

  • Notify your bank immediately to report any suspected fraud. You can contact your Commercial Bank at 606-474-7811 so we may restrict and close any affected accounts. You should also contact all other creditors and file a police report and complaint with the Federal Trade Commission at 1-877-IDTHEFT or www.ftc.gov
  • Contact the fraud departments of the three major credit bureaus to place fraud alerts and monitor your credit reports:
    Equifax 1-800-525-6285 www.equifax.com
    Experian 1-888-EXPERIAN www.experian.com
    Trans Union 1-800-680-7289 www.transunion.com

Other helpful links:
Federal trade commission identity theft website: www.ftc.gov
Consumers guide to credit reports and credit scores: www.federalreserve.gov/creditreports
www.consumer.gov
www.usdoj.gov
Internet fraud compliant center: www.ifccfbi.cov

Elderly adults are a prime target for financial exploitation which can be perpetrated by caregivers, family members and outside parties. Financial elder abuse is when an elderly person’s money or property is being used in an unauthorized way. Some examples include:

  • Taking money or property

  • Forging signatures

  • Getting the elderly individual to sign a deed, will or power of attorney through deception or undue influence.

  • Using the individual’s property without permission.

  • Promising lifelong care in exchange for money or property and not following through on the promise.

  • Many common scams are considered financial elder abuse as they prey on the victims using scare tactics to get them to send them money.

Caregivers are the most common source of abuse as they typically have unlimited access to an elderly adult’s funds and properties as they care for them. The exploitation is recognized when a caregiver wrongly uses an elderly adult’s cash, bank accounts, income or personal items. If you notice that the caregiver is using funds for their own benefit instead of the elderly adult and/or the caregiver is not providing for the personal needs of an elder, financial abuse may be occurring.

Unfortunately, elder abuse happens daily and Kentucky is a mandatory reporting state. You can report abuse at the 24 hour toll free hotline at 1-800-752-6200.

While social media is a great place for people to share and communicate with friends and family, it poses risks to users. The social manipulators/hackers know that individuals are a weak link in cyber security and will prey on them. Some specialize in writing and manipulating computer code to gain access or install unwanted software on your computer or phone. There are others who exploit personal connections through social networks who are sometimes called social engineers. Once information is posted to a social networking site, it is no longer private and the more information you post, the more vulnerable you become.

Important preventative measures are:

  • Do not store any information you want to protect on any device that connects to the internet

  • Use anti-virus and firewall software, keeping them, your browser, and operating systems patched and updated.

  • Always use high security settings on social networking sites and limit the personal information you share. Monitor what others post about you.

  • Change your passwords periodically and do not reuse old passwords.

  • Verify those you correspond with as it is easy for someone to fake identities over the internet.

  • Do not automatically download or respond to content on a website or in an email. Do not click on links to retrieve messages but go directly to the website.

  • Only use software from trusted sources. Once installed, keep it updated.

  • Avoid accessing your personal accounts form public computers through public computers and public Wi-Fi spots.

  • Disable your global position system as sometimes if you upload a photograph it will divulge your GPS coordinates as well.

  • Beware of unsolicited contacts from individuals in person, on the telephone, or on the internet who are seeking corporate or personal data.

You should not share personal information such as, usernames, passwords, social security numbers, credit cards, and bank information. Others to not share either are computer network details, security clearances, capabilities and limitations of work systems or schedules and travel itineraries.