What is identity theft?

Identity theft, also known as identity fraud, happens when a criminal or imposter obtains key pieces of your personally identifiable information, such as your social security number or credit card number, and tries to steal money from your accounts, open new credit cards on your behalf or commit other crimes—all using your identity. Identity theft can damage your credit, leave you with unwanted bills, and require much time and frustration to clean up.

How do thieves steal an identity?

By using your social security number, credit card number or other financial account information, identity theft may pursue various methods of stealing your information., including:

• Phishing: Pretending to be a financial institution or other company and sending email or pop-up messages to get you to reveal your personal information.
• Skimming: Stealing credit/debit card numbers by using a special device on ATMs or when processing a purchase.
• Pretexting: Pretending to be you when they call financial institutions, phone companies and other sources to get additional information.
• Account Take Over: In this instance, the criminal will take over the primary inbox of the victim completely, giving the criminal access to change all the passwords of any other accounts tied to the primary email, like banking and investment accounts.
• Spoofing: This is when a criminal pretends to be someone else by changing the sender address in an email.
• Redirecting your mail: Filling out a change-of-address form to have your billing statements sent to an address they choose.
• Common stealing: Stealing information from your mail (such as bank and credit card statements), signing you up for pre-approved credit card offers or taking information by stealing your wallet or purse.
• Dumpster diving: Digging through your trash looking for bills or other paper with your personal information on it.

How can I find out if my identity was stolen?

There are several ways you can check to see if your identity is stolen and ways to put personal safeguards in place, including:

• Check your accounts and bank statements monthly to ensure no mysterious charges.
• Check your credit report at least once a year for transactions and accounts you don't recognize.
• Be sure to shred any information about your personal account numbers, social security numbers, credit card numbers or other personal information.
• Consider adding a credit monitoring service or freezing your credit. Plenty of credit cards have monitoring for free, but paying for a reputable monitoring service is a great way to keep watch. You can even freeze your credit for 90 days if you find out you have been a part of a large breach.

What should I do if my identity is stolen?

Notify all your banks and financial companies when you realize your identity has been stolen or an account is at risk. If you bank with Bank of Oklahoma, please notify us immediately. We'll work with you to help correct any unauthorized transactions in your Bank of Oklahoma accounts, fix any incorrect information we've sent to the credit reporting agencies and help protect you from any future identity theft or account fraud.

We also urge you to take these steps immediately:

• Contact Bank of Oklahoma ExpressBank immediately:
• We have safeguards in place to protect our clients' existing accounts including strong online security protection, Visa fraud protection for debit card purchases, and strong credential requirements for all interactions with the bank.
• There is no need to close your existing accounts or replace debit cards. However, we recommend signing up for Online or Mobile Access to be notified of activity on your bank accounts.
• Please note that the bank will not initiate calls to consumers. Clients should not give information to callers stating they represent of the bank.
• Call the fraud departments of all three credit reporting agencies: Ask them to place a fraud alert on your file. This alert tells creditors to call you before they open any new accounts in your name.
• Equifax: 1-800-525-6285
• Experian: 1-888-397-3742
• TransUnion: 1-800-680-7289
• File a complaint with the Federal Trade Commission (FTC). Trained counselors staff the FTC's identity theft hotline toll-free at 1-877-IDTHEFT (1-877-438-4338). Or you can file a complaint by visiting the FTC Identity Theft website.
• File a report with your local police. You may wish to file a report with the local police department. Even if the police can't catch the identity thief, having a police report can help you clear up your credit records later.
• Always consider strong passwords. Keep strong passwords on all your accounts, and if you discover that your information has been involved in a breach, change your password immediately.

What is a phishing scam?

Phishing is an email scam that attempts to trick consumers into revealing personal information — such as their credit or debit card account numbers, checking account information, Social Security numbers, or banking account passwords — through fake websites or in a reply email. Typically the emails and websites use familiar logos and slick graphics to deceive consumers into thinking the sender or website owner is a government agency or a company they know. Sometimes the phisher urges intended victims to "confirm" account information that has been "stolen" or "lost." Other times the phisher entices victims to reveal personal information by telling them they have won a special prize or earned an exciting reward.

Spotting a phish

While phishing emails can be quite sophisticated in appearance, the following features are often indicators. An email could be a scam if it:

• Asks you to provide personal information such as your bank account number, an account password, credit card number, PIN, mother's maiden name or social security number.
• Fails to address you by your name.
• Warns that your account will be shut down unless you reconfirm your financial information.
• Warns that you have been the victim of fraud.
• Has spelling or grammatical errors.

How to stay safe online

• Keep the security features of your computer software up to date. This includes your Web browser, virus scan software and a firewall.
• Be cautious. View any email request for financial information or other personal data with suspicion. Do not reply to the email or respond by clicking on a link within the email message.
• Don't open emails or attachments from unknown sources. Be suspicious of any unexpected email attachments, even if they appear from someone you know.
• Go directly to the company website by opening a new browser window and typing in the Web address.
• Contact the business that allegedly sent the email to verify its authenticity. Call a phone number or visit a website that you know to be legitimate, such as those provided on your monthly statements.
• Do NOT send personal information (e.g., credit or debit card number, Social Security number, online passwords, or PIN) in response to an email request from anyone or any entity.
• Review your statements. Check your monthly statements to verify all transactions.
• Always log off the website after you have submitted an application or concluded a secure online session (such as Online Access).
• Be careful and selective before providing your email address to a questionable website. Providing your email address makes you more likely to receive fraudulent emails.

Remember, Bank of Oklahoma will never ask you for personal information via email.

Report phishing

If you receive a suspicious email posing as Bank of Oklahoma, please forward it to reportphish@bokf.com.

For more information about protecting yourself online, phishing scams and identity theft, visit:

https://www.fdic.gov/consumers/assistance/protection/idtheft.html
http://www.consumer.gov/idtheft

• Read our fraud prevention tips on this page.
• Watch for "phishing" scams.
• Remember, Bank of Oklahoma will never ask for your personal information via email.
• Report email and online fraud as soon as you expect it.
• Call our ExpressBank if you feel your online account has been compromised, 800-234-6181.