Lady in a coffee shop using her smartphone

Security Tips

The security of your account information is one of The Dime Bank's top priorities. Our experienced team of professionals monitors your accounts and safeguards your information with state-of-the-art fraud prevention systems.

The Dime Bank will never ask you to click on a link and enter your credentials for online banking to confirm a transaction or request sensitive information such as account numbers, social security numbers, passwords, PINs, and similar details via email, text message, or phone call. Do not click on any links or respond to requests for sensitive information. Instead, immediately contact us at a telephone number you know to be authentic if you have any questions. If you clicked on a link and provided your credentials, call The Dime Bank immediately at 570-253-1970, option 0, and change your online user ID and password.

In addition, arming yourself with knowledge and monitoring your accounts on a daily basis are two ways you can assist The Dime Bank in protecting your financial information.

Please take a few moments to read and implement these important security tips.

If you receive a letter, a text, an email, or a phone call claiming to be from or associated with The Dime Bank but it sounds unusual and out of the ordinary, please be cautious. It's always a good rule to check with us directly to make sure the communication is truly coming from us!

Please confirm that a request asking for your sensitive, personal, or bank information, is from a Dime Bank employee. Please call our fraud department right away at 570-253-1970 x7790 to verify that it is a legitimate request. Doing so will prevent you from falling victim to potential fraud.

The Dime Bank wants to help you keep your information safe. Protecting your personal information is a shared responsibility

Verify it's The Dime Bank. Fraudsters pose as credible companies "phishing" for your information. The Dime Bank will never call to ask for your online login information. If you are unsure, get the individual's name and hang up and call your local branch.

Do not open suspicious texts or emails or click on links within them. Fraudsters impersonate companies to get consumers to click links and provide personal information. Clicking on links can also infect your device with malware.

A password is the first line of defense against cybercriminals. We recommend creating a complex password that is difficult for others to guess but easy for you to remember. Use a different password for each site.

Monitor your accounts regularly, respond to fraud alerts, and report unauthorized transactions promptly.

Beware of Shoulder Surfing
What is shoulder surfing? According to Experian, shoulder surfing is a criminal practice where thieves steal your personal data by spying over your shoulder as you use a laptop, ATM, mobile phone, or other electronic device in public. Some common places where shoulder surfing may occur are a bar, an ATM, and an airport. Despite the funny name, it's a security risk that can cause a financial wipeout.

According to the Wall Street Journal, criminals cozy up to phone users in public places to steal access codes. Then they can steal a phone right out of your hands while it's unlocked or use the iPhone passcode obtained from shoulder surfing and take over that phone in just minutes.

Criminal are able to access your stored passcodes, gain access to your phone's Apple ID with the ability to change it and lock owners out of their Apple account. Then they can take over all of the information stored in the phone owner's iCloud account, including Apple cash, associated credit cards, and other financial information.

It's very important to be aware of your surroundings when using your mobile devices in public. Here are some tips to keep your mobile devices' data safe:

  • If you must enter a password or PIN on a mobile device in public, stand or sit with your back against a wall.
  • Be vigilant of your surroundings and shield your screens whenever possible.
  • Strengthen your passcodes. The longer and more complicated the passcodes, the harder they are to shoulder surf.
  • Enable parental controls to restrict in-app purchases with additional passcodes that are different from your other access passcodes. Setting up additional passcodes will help prevent unauthorized Apple account changes and other in-app purchases.
Informational resources:

  • Experian article on shoulder surfing and steps for prevention.
  • Wall Street Journal article - personal tech columnist Nicole Nguyen joins WSJ Tech News Briefing host Zoe Thomas to explain how the theft works, what victims have experienced and how iPhone users can keep themselves safe.
  • Cloudwards article on how to set parental controls on iPhone and iPad in 2023.
Ransomware is a type of malicious software, or malware, that prevents access to computer files, systems, or networks and demands a ransom payment for their return.

The simplest way would be to avoid internet connectivity. LOL. Right! As that is not practical in our connected world today, what else can you do?

Auto-install updates. One of the most important controls to protect against ransomware is updating your devices and apps, including browsers (ie: Internet Explorer, Chrome, Edge, etc).

Most software companies regularly release updates for security loopholes. Computers can be configured to scan, patch, and update automatically. Unfortunately, not applying the updates leaves you open to attack. Many ransomware and other malware attacks take advantage of out-of-date software.

Another great way to protect against losing access to files due to ransomware is to keep a copy of your files in a trusted secure backup. This can be a cloud vendor or on a hard drive that you keep in your home. Keep in mind, if you backup via a service such as Google Drive or Microsoft OneDrive and have file sync turned on, any changes that are made to your files will be copied to this service. This service is a great protection in the event your computer is lost in a natural disaster but doesn’t always protect against loss via ransomware.

One of the most common ways that computers are infected with ransomware is through social engineering. Remember to exercise common sense with suspicious email, websites, and other scams. If it seems suspect, it probably is.

Be unpredictable. There are two common password attacks, brute force and dictionary attacks. Both  involve trying a sequence of numbers and/or common words like 123456, hence, trying to crack a password using “brute force” or common “dictionary” words. To minimize this type of exposure, don’t make your passwords predictable.

Be creative. Related to being unpredictable, consider creating a phrase and use the first or second letter of each word, or substitute a special character for letters and/or numbers. You can use a password generator which provides creative and secure password options.

Be long. The longer the password, the more possible combination, and permutations of the password there are, and thereby the safer they generally are. However, don’t forget the first two tips, because long common words and sequences of numbers are still easier to crack!

Be selfish. Believe it or not, one of the more common reasons passwords are compromised is because people share their credentials. Quite simply – never, ever share your password(s)!

Be mindful. Think before you click. Phishing is where you receive an email or text message asking for you to confirm your details or take some other action where you need to enter your personal credentials. These types of acts are becoming increasingly sophisticated and can look very legitimate, like an email from someone you know. As a good rule of thumb, unless you make a request, don’t ever enter your credentials. Or, if you have any doubts, contact the organization requesting the information directly.

Be unique. You should use different passwords for different logins – yes, a different password for every login. Having a unique password for all your accounts helps prevent that if or when one is compromised the others remain protected. Pro tip: If you can’t remember all your passwords, consider using a secure password manager.

Use the built-in firewall on your computer.

Turn on automatic updates for ALL software you use, including your internet browser(s).

Use antivirus and anti-malware software  and keep it current.

Create a long phrase for your password instead of a short password.

Don’t open suspicious attachments or click unusual links in email, tweets, posts, online ads, messages, or attachments. 

Browse safely.  Don’t visit illicit sites.  They may contain malware or a download that contains malware. 

Refrain from streaming or downloading movies, music, books, or applications that are not from a trusted source.  Pirated material may include malware.

Avoid malware and viruses by only using external devices you own or receive from a trusted source.  

Unexpected or suspicious email attachments should never be opened. They may execute a disguised program (malware, adware, spyware, virus, etc.) that could damage or steal data. If in doubt, call the sender to verify. A good rule of thumb is to only open file attachments if you are expecting them and if they are relevant to the work you are doing.

Signs of a Malicious Attachment

.exe Files: .exe files are executable files - meaning that they can run a program; while .exe files are not inherently malicious, they can be used to install malware on your computer; there's no reason for an .exe file to be shared via email, so if you receive one, you should delete it.
  • .exe files can also be disguised in .zip folders - if you receive an email with a .zip, and open the folder to find an .exe, you shouldn't run the file.
  • Be careful, some attachments might show the icon for a document, PowerPoint, etc., but they still have the .exe extension.
  • Just because a file isn't an .exe, doesn't mean it's not malicious - there have been instances of macro-viruses that hide themselves inside of Office Documents.
Unsolicited Email/Strange "From" Field: don't open attachments that you're not expecting, or from users who you don't know.

Strange "To" Field: if the email has a long, alphabetical list of recipients, or if the "To:" field is blank, then the email is probably illegitimate, and the attachment shouldn't be opened.

Vague Subject Line/Body: if the subject line or the body text is vague, then the attachment probably is illegitimate.

Missing Salutation: most legitimate emails have a salutation.

Poor Grammar/Spelling: legitimate emails are carefully proofread before they're sent out; if the email has a lot of spelling/grammatical errors it's probably not legitimate.

Sense of Urgency: (i.e. - "this attachment will expire in 24 hours”, “you have an unpaid invoice") most illegitimate emails try and create a sense of urgency so that the recipient will download and run the attachment without carefully looking at it.

Remember attackers/bad actors rely on user interaction. Their goal is to try to trick users into opening a malicious document to exploit system vulnerabilities. Stay alert, stay safe!
If someone says you can only pay by wiring money, putting money on a gift card, or loading money on a cash reload card - it is a scam! Whether someone tells you to pay to claim a prize, deal with tax issues from the (so-called) IRS, says your accounts have been compromised, or asks you to help someone out of trouble, nobody legitimate is ever going to say you have to pay by wiring them money or by putting it on an untraceable gift card of any type. If you comply with their request, you stand to lose a lot of money.

If you receive a phone call, text, email, or letter with this type of request, it is a scam. If someone tells you they are from The Dime Bank and you are unsure, ask for their name and phone number, hang up, and call us immediately at 570-253-1970 or toll free at 1-888-4MY-DIME (1-888-469-3463). If the call was truly from The Dime Bank, you will reach us by calling us back on our published phone numbers.

Please help us safeguard your information. We’re here to help you in any way we can.
Due to the ever increasing fraud/scams involving funds transfers, please review the important information below before requesting a wire transfer.

Fraudsters know people are most vulnerable when they are desperate or scared, and they may use crisis and pressure tactics to prey on their victims.

If you received an email from your boss, co-worker, friend, etc., asking you to wire funds, make sure to speak to that person to confirm the request and verify the wire instructions with the legitimate beneficiary by phone to ensure no email was hacked.

Some examples of recent scams are:
  • Online purchase scams
  • Romance scams, such as online dating sites
  • Phone related scams, such as texts, impersonators, apps, QR codes, SIM swapping, and more
  • One-time password bots that trick you into sharing authentication codes
  • Employment scams
  • Cryptocurrency scams
  • Hacked emails
If you answer YES to any of the questions below, it is possible that you have been misguided and are being taken advantage of financially. We recommend that you speak with one of our bank managers or officers before proceeding with your wire transfer request.

Have you been contacted by someone who…
  • instructed you not to tell your bank the real purpose for the requested wire transfer?
  • requested access to your computer stating they were from Microsoft, Norton Antivirus, Phone, Internet, Cable?
  • asked you to provide your Online Banking ID and Password?
  • asked you for personal identifying information such as your social security number, drivers license, date of birth?
  • pressured you to act right away?
  • stated they sent you funds by mistake or overpaid you for something they were purchasing from you, and requested you return the funds back to them?
  • stated they would mail you a check to deposit and requested you wire a portion of the funds to someone else?
  • claimed to be with law enforcement, IRS, or a financial institution, demanding funds?
  • is a stranger who befriended you and has asked you to send money to help them out of a jam?
  • asked you to send money to receive an inheritance?
  • asked you to send money to pay taxes on lottery winnings?
  • claims to be a family member or a friend that has been injured, stranded, robbed, or arrested, and needs you to send funds?
  • claims that a recently deceased spouse made a large purchase before their death, and you are obligated to pay for it?
  • wants you to invest or fund a new business venture domestically or internationally, and promises high returns?
Scams are constantly changing! Take time to carefully think about the purpose of your wire transfer to protect yourself from becoming a victim to fraud.
Federal Bureau of Investigation (FBI) is warning that as tech support fraud evolves, the number of people falling victim to the crime is on the rise, and so are financial losses. Investigators are seeing an emerging trend in which tech support scammers are convincing victims that their financial accounts have been compromised and their funds need to be moved so the fraudsters can gain control over the victims’ computers and finances.

In tech support scams, fraudsters pose as customer or tech support representatives from reputable well-known tech companies. They may call, email, or text their targets and offer to resolve such issues as a compromised email or bank account, a computer virus, or a software license renewal. Once they convince victims that their financial accounts have been compromised and their funds need to be moved, they gain control over the victims’ computers and ultimately their finances.

Victims are often directed to wire or transfer their funds out of brokerage or bank accounts to the fraudsters accounts. Scammers are also asking victims to install free, remote desktop software on their computers to allow them to monitor, manipulate, and perform actions within the victims’ computers such as opening virtual currency accounts to facilitate the liquidation of their genuine bank accounts.

Suggestions for Protection:
  • Legitimate customer, security, or tech support companies will not initiate unsolicited contact with individuals.
  • Ensure computer anti-virus, security and malware protection is up to date and settings are enabled to reduce pop-ups.
  • Be cautious of customer support numbers obtained via online searching. Phone numbers listed in a “sponsored” results section are likely boosted as a search of Search Engine Advertising.
  • If a pop-up or error message appears with a phone number, don’t call the number. Error and warning messages never include phone numbers.
  • Resist the pressure to act quickly. Criminals will urge the victim to act fast to protect their device or account.
  • Do not give unknown, unverified persons remote access to devices or accounts.
  • Do not download or visit a website that an unknown person may direct you to.
  • Do not trust caller ID readings as criminals often spoof names and numbers to appear legitimate. Let unknown numbers go to voice mail and do not call unknown numbers back.
  • Never trust any company-tech or otherwise-requesting personal or financial information.
If you fall victim to tech support fraud:
  • Contact The Dime Bank fraud department right away at 570-253-1970, option 2 or visit any of our branches in person to take immediate steps to protect your identity and your accounts.
  • Run up-to-date virus scan software to check for potentially malicious software installed by the scammers. Consider having your computer professionally cleaned.
  • Change all passwords if the scammer had access to your device.
  • Expect additional attempts at contact. The scammers often share their victim database information.
  • Keep all original documentation, emails, faxes, and logs of all communications.
  • File a police report at your local police station.
  • File a complaint with the FBI’s Internet Crime Complaint Center. If possible, include the following:
    • Identifying information of the criminal and company, including websites, phone numbers, and email addresses or any numbers you may have called.
    • Account names, phone numbers, and financial institutions receiving any funds (e.g., bank accounts, wire transfers, prepaid card payments, cryptocurrency wallets) even if the funds were not actually lost.
    • Description of interaction with the criminal.
    • The email, website, or link that caused a pop-up or locked screen.
Check washing is a serious crime that could cost you thousands of dollars. It's a sneaky tactic used by scammers. They steal checks, erase the writing, and substitute it with their own information. These criminals use chemicals to erase the ink from a check, leaving only the paper. They then modify the check to their name with a significantly higher amount, leaving you with the debt. Personal checks, made of soft and porous paper, are usually the most susceptible to this type of tampering. It can be hard to detect this kind of fraud as the checks may seem legitimate, even to The Dime Bank.

The first line of defense is to utilize The Dime Bank’s online banking, bill pay, and cash management services, as they are more secure than writing a check. If writing a check cannot be avoided, it should be done using a blue or black gel pen. Gel pens differ from regular ballpoint pens in that they use pigments suspended in a water-based gel, making them resistant to most chemicals. They can even write on surfaces other pens can't, especially porous materials. By using gel pens, you can maintain the quality of your checks and make them more resistant to washing attempts.

Ballpoint pen ink, which is oil-based, sits on the surface of the paper, and can easily be removed with several chemicals. Switching to a gel ink pen is the best way to protect yourself from check washing threats. Gel ink binds to the paper better, dries faster, and doesn't smear, making it easier to read and more durable than ballpoints.

There are several ways to protect your accounts from check washing:
  1. Pay your bills online.
  2. Switch to blue or black gel ink pens.
  3. Deposit checks remotely by using your phone.
  4. Monitor your checks and checking accounts regularly.
  5. Keep your mail safe.
  6. Choose checks with one or more security features.
  7. Learn how to identify altered checks.
  8. Report suspicious incidents on time.
If you discover that your checks have been washed, contact The Dime Bank immediately by calling 570-253-1970, option 2.

Concerned that your debit card or accounts at The Dime Bank have been fraudulently compromised? Please call our fraud department right away at 570-253-1970 x7790. We are here to help keep your accounts secure!
 
If you need to contact any of the three credit bureaus, their numbers are:
 
  1. Equifax 1-888-EQUIFAX (1-888-378-4329)
  2. Experian 1-888-EXPERIAN (1-888-397-3742)
  3. TransUnion 1-800-916-8800
Lady on couch using her smartphone to look at the news
NEWS

Keep up to date with us.

Learn about all of the exciting things going on at The Dime Bank on our News page.


Find out what's new