Privacy & Security

How you can protect yourself

Email and Web site scam

Criminals have capitalized on the broad power and wide availability of the Internet and electronic mail (e-mail) to defraud unsuspecting people. It is critical that each of us maintain constant vigilance over the way we use the Internet and all forms of electronic communication. Phishing (pronounced "fishing") as in fishing for confidential information - is a scam that encompasses fraudulently obtaining information by sending an e-mail that appears to originate from a trusted source, such as a financial institution, government agency or other entity.

This is how it works:

  • A consumer receives an e-mail, which appears to originate from a financial institution, government agency, or other well-known/reputable entity.
  • The message describes an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message.
  • The provided link appears to be the Web site of the financial institution, government agency or other well-known/reputable entity, but in "phishing" scams, the Web site belongs to the fraudster/scammer.
  • Once inside the fraudulent Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth.
  • When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity.

Below are current links with information regarding phishing:

http://www.youtube.com/user/FTCvideos 

Vishing is a socially engineered technique for stealing information or money from consumers using the telephone network. The term comes from combining "voice" with "phishing," which are online scams that get people to give up personal information. It is one of the latest breakthroughs in telecommunications-Voice Over Internet Protocol, or VoIP, which enables telephone calls over the web. Pharming refers to the redirection of an individual to an illegitimate Web site through technical means. For example, an Internet banking customer, who routinely logs in to his online banking Web site, may be redirected to an illegitimate Web instead of accessing his or her bank's Web site.

Web Site Spoofing

Spoofing is another trick used by criminals. Criminals steal a Web site's code the technical programming that makes the Web site work and use it to create a fake Web site that "spoofs" or appears to be the legitimate site.

The difficulty for unsuspecting consumers is that these sites look legitimate.

To help protect yourself, be aware of how you're accessing the site.

  • Don't follow a link in an unsolicited e-mail if you have any doubts about the sender (see "phishing", above)
  • Type all Web site addresses carefully, or use Favorites or Bookmarks to store frequently accessed sites especially financial-related sites. Misspelling, even by one letter, the address of the Web site you are trying to access may send you to an incorrect, possibly fraudulent, Web site.

OnGuardOnLine.gov provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information.

For additional information about safe online banking and avoiding online scams, visit http://www.fdic.gov/consumers/consumer/guard/

Lottery/Sweepstakes Letter scams

If you receive a letter, accompanied by a check from Woori America Bank, that claims you have won a lottery, a sweepstakes, have been chosen to be a paid "secret shopper" or a similar variation of a popular contest, be advised that these are scam letters and fraudulent checks since Woori America Bank will not send those winning messages via letter or email.

If you contact the sender as requested, you will be instructed to negotiate the check and forward the sender money through a wire transfer or money order. Please do not negotiate these checks, as they are not authentic Woori America Bank checks.

If you receive one of these letters and/or checks, you should report it to your local U.S. Postal Inspection Service.

Cyber Guidance for Small Business

Why cybersecurity matters?

Cyberattacks cost the U.S. economy billions of dollars a year, and pose a threat for individuals and organizations. Small businesses are especially attractive targets because they have information that cybercriminals (bad actors, foreign governments, etc.) want, and they typically lack the security infrastructure of larger businesses to adequately protect their digital systems for storing, accessing, and disseminating data and information.

Surveys have shown that a majority of small business owners feel their businesses are vulnerable to a cyberattack. Yet many small businesses cannot afford professional IT solutions, have limited time to devote to cybersecurity, and don’t know where to begin.

Start by learning about common cybersecurity best practices, understanding common threats, and dedicating resources to address and improve your cybersecurity.

Best practices for preventing cyberattacks

Train your employees

Employees and their work-related communications are a leading cause of data breaches for small businesses because they are direct pathways into your systems. Training employees on basic internet usage best practices can go a long way in preventing cyberattacks.
Other training topics to cover include:

  • Spotting phishing emails
  • Using good internet browsing practices
  • Avoiding suspicious downloads
  • Enabling authentication tools (e.g., strong passwords, Multi-Factor Authentication, etc.)
  • Protecting sensitive vendor and customer information

Secure your networks

Safeguard your internet connection by encrypting information and using a firewall. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password-protect access to the router. If you have employees working remotely, use a Virtual Private Network (VPN) to allow them to connect to your network securely from out of the office.

Use antivirus software and keep all software updated

Make sure all of your business’s computers are equipped with antivirus software and are updated regularly. Such software can be found online from a variety of different vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. It is recommended to configure all software to install updates automatically. In addition to updating antivirus software, it is key to update software associated with operating systems, web browsers, and other applications, as this will help secure your entire infrastructure.

Enable Multi-Factor Authentication

Multi-Factor Authentication (MFA) is a mechanism to verify an individual’s identity by requiring them to provide more than just a typical username and password. MFA commonly requires users to provide two or more of the following: something the user knows (password, phrase, PIN), something the user has (physical token, phone), and/or something that physically represents the user (fingerprint, facial recognition). Check with your vendors to see if they offer MFA for your various types of accounts (e.g., financial, accounting, payroll).

Monitor and manage Cloud Service Provider (CSP) accounts

Consider using a CSP to host your organization’s information, applications, and collaboration services, especially if you’re utilizing a hybrid work structure. Software-as-a-Service (SaaS) providers for email and workplace productivity can help secure data being processed.

Secure, protect, and back up sensitive data

  • Secure payment processing - Work with your banks or card processors to ensure you are using the most trusted and validated tools and anti-fraud services. You may also have additional security obligations related to agreements with your bank or payment processor. Isolate payment systems from less secure programs and do not use the same computer to process payments and casually browse the internet.
  • Control physical access - Prevent access or the use of business computers by unauthorized individuals. Laptops and mobile devices can be particularly easy targets for theft and can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel. Conduct access audits on a regular basis to ensure that former employees have been removed from your systems and have returned all company issued devices.
  • Back up your data - Regularly back up data on all of your computers. Forms of critical data include word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounting files. If possible, institute data backups to cloud storage on a weekly basis.
  • Control data access - Frequently audit the data and information you are housing in cloud storage repositories such as Dropbox, Google Drive, Box, and Microsoft Services. Appoint administrators for cloud storage drive and collaboration tools and instruct them to monitor user permissions, giving employees access to only the information they need.

Common threats

As important as it is to include best practices in your cybersecurity strategy, preventative measures can only go so far. Cyberattacks are constantly evolving, and business owners should be aware of the most common types. To learn more about a specific threat, click on the link provided to view a short video or fact sheet.

Malware

Malware (malicious software) is an umbrella term that refers to software intentionally designed to cause damage to a computer, server, or computer network. Malware can include viruses and ransomware.

Viruses

Viruses are harmful programs intended to spread from computers to other connected devices like a disease. Cyber criminals use viruses to gain access to your systems and to cause significant and sometimes unrepairable issues.

Ransomware

Ransomware is a specific type of malware that infects and restricts access to a computer until some sort of ransom is provided. Ransomware will commonly encrypt data on the victim's device and demand money in return for a promise to restore the data. Ransomware exploits unpatched vulnerabilities in software and is usually delivered through phishing emails.

Spyware

Spyware is a form of malware that is designed to gather information from a target, and then send it to another entity without consent. There are types of spyware that are legitimate, legal, and operate for commercial purposes such as advertising data collected by social media platforms, however malicious spyware is used frequently to steal information and send it to other parties.

Phishing

Phishing is a type of cyberattack that uses email or a malicious website to infect your computer or system with malware or to collect sensitive information. Phishing emails appear as though they’ve been sent from a legitimate organization or known individual. These emails often entice users to click on a link or open an attachment containing malicious code. Be very cautious about opening links from unknown sources. If something seems suspicious from a known source, don’t just click on it - ask the source directly if it's legitimate.

Additional Resources

In addition to those highlighted above, here are some additional resources available, at no cost, to help improve your cybersecurity.

Cyber Guidance for Small Businesses

https://www.cisa.gov/cyber-guidance-small-businesses

The Cybersecurity and Infrastructure Security Agency (CISA) is an operational component of the Department of Homeland Security (DHS). CISA works to understand, manage, and mitigate risk to the nation's cyber and physical infrastructure in the public and private sector.

Stopransomware.gov

As part of the whole-of-government approach to combating ransomware, CISA created StopRansomware.gov, a one-stop-shop of free resources for organizations of any size to protect themselves from becoming a victim of ransomware.

Identity Theft

What is Identity Theft?

Identity theft is when personal information is stolen, such as a Social Security number (SSN) and date of birth, to commit fraud and other illegal activities.

A thief can use this information to obtain credit cards, mortgage loans, cell phones, as well as withdrawing money from personal bank accounts. Some criminals will even use this information to commit crimes and acquire jobs in the victim’s name.

Stolen Identity can be a difficult and costly burden for the victim. Therefore, it is imperative that you make sure that you are aware of the types of activities that a criminal can do to obtain your personal information and what you can do to prevent it.

How does Identity theft Occur?

Identity thieves use many ways to steal someone’s personal information.
They can search through your trash or hack into your personal computer.
The following are just a few examples of items identity thieves look for:

  • Stealing mail or going through garbage containing personal information called Dumpster Diving.
  • Stealing payment or identification cards, either by pick-pocketing or by getting information through a compromised card reader called Skimming.
  • Impersonating a known company or financial institution in an e-mail to obtain personal information called Phishing.
  • Retrieving information from personal equipment, like disposed computers where personal information was not properly deleted.
  • Researching information about the victim on the internet.
  • Eavesdropping on public transactions to obtain personal data
  • Stealing personal information in computer databases.
  • Advertising fake job offers (either full-time or work from home) where the victims will reply with their full name, address, telephone numbers, and banking details.
  • Browsing internet websites for personal details that have been posted by you (Ex. MySpace, Facebook)
  • Changing your address to divert billing statements to another location to either get current legitimate account info or to delay discovery of fraudulent accounts.

How to Prevent Identity Theft

The following steps can decrease the threat of identity theft:

  • Shred financial documents and paperwork with personal information before you discard them.
  • Protect your Social Security number. Don’t carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary or ask to use another identifier.
  • Don’t give out personal information on the phone, through the mail, or over the Internet unless you know the person who you are dealing with.
  • Never click on links sent in unsolicited emails; instead, type in a web address you know. Use firewalls, anti-spyware, and anti-virus software to protect your home computer; keep them up-to-date.
  • Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house.
  • Order a copy of your credit report at least annually to ensure all information is accurate and includes only authorized transactions.
  • Adequately guard all passwords and PIN numbers for credit and debit cards. Avoid using easily available information such as date of birth, mother’s maiden name, SSN or a phone number.
  • Secure all personal information in your home. Remove your new mail from the mailbox promptly and send outgoing mail from the post office or other secure mailboxes.
  • Shred your charge receipts, copies of credit applications, medical information, checks and bank statements. If available, receive your account statements online instead of on paper.
  • In order to closely monitor fraudulent activity, you should review all monthly account statements or frequently review transactions online or by telephone

When You are a Victim or Identity Theft

If you believe that your personal information has been used to commit any fraudulent activity, the following are steps to take in order to protect against further damage:

  • Place a "fraud alert" on your credit file at the three major credit bureaus (Equifax, Experian, and TransUnion). A "fraud alert" tells creditors to contact you before they open any new accounts or change your existing accounts. Call any one of the three major credit bureaus as they share "fraud alert" notification. The initial fraud alert stays on your credit report for 90 days. You can renew it after 90 days. Request that all three credit reports be sent to you, free of charge, for your review.
  • Close any accounts where you believe identity theft has occurred.
  • File a complaint online with the Federal Trade Commission (FTC) or call the FTC Identity Theft Hotline.
  • Complete the Identity Theft Affidavit PDF, which may be required in reporting a new account opened in your name by an identity thief or to obtain application or transaction records from a company the identity thief dealt with.
  • File a police report and/or an Identity Theft Report with your local police department where the identity theft took place. Ask for a copy of the report; often credit card companies and others will need proof of the crime to erase the debts caused by identity theft.
  • The key to proving you are a victim of identity theft is to get the right documents to the right people.
    The following are tips to help you resolve credit problems resulting from identity theft.
  • Credit reports: Call the Credit Bureau and inform them of the information on your credit report that you believe is inaccurate. Follow up in writing and include copies (not originals) of your documentation such as a copy of the police report or your credit card statement with circles around the items in question.
  • Credit cards: Write your credit card company or other provider to inform them of fraudulent charges. Send your letter so that it arrives at the creditor within 60 days from when the first bill containing the charge was sent to you.
  • ATM cards, debit cards and electronic fund transfers: If your ATM or debit card is stolen or lost or you find a fraudulent transaction on your statement, visit the nearest Woori America Bank or call customer service at 1-888-MyWoori (699-6674)

Identity Theft Resources and information

Federal Trade Commission

http://www.ftc.gov/idtheft/

1-877-IDTHEFT (438-4338)

Credit Bureaus

Equifax

http://www.equifax.com/

To report fraud, call: 1-800-525-6285

To write: P.O. Box 740241, Atlanta, GA 30374-0241

Experian

http://www.experian.com/

To report fraud, call: 1-888-EXPERIAN (397-3742)

To write: P.O. Box 9532, Allen, TX 75013

TransUnion

http://www.transunion.com

To report fraud, call: 1-800-680-7289

e-mail: fvad@transunion.com

To write: Fraud Victim Assistance Department, P.O. Box 6790, Fullerton, CA 92834-6790

Additional Resources

Social Security Number Theft and Misuse

http://www.ssa.gov

to report fraud, call: 1-800-269-0271

Mail Theft

http://postalinspectors.uspis.gov

Phone Fraud

http://www.fcc.gov

Reporting Identity Theft and Fraud

It is important note that Woori America Bank does not contact its clients or anyone else by e-mail to confirm credit card or financial transactions, or to confirm or request personal account information or any other type of sensitive information.

If you are concerned that you have received fraudulent email, disclosed confidential information or believe your personal information has been compromised and/or stolen regarding your Woori America Bank account(s), please contact us immediately at 1-888-MyWoori (699-6674) 8:30AM ~ 4:30PM (ET) or visit the nearest Woori America Bank branch.

Privacy Policy

Learn More

Children's Online Privacy Protection

In accordance with the Children's Online Privacy Protection Act (COPPA), we will not knowingly collect, store, use or disclose personal information directly from children on the internet unless the information has been provided by an adult in connection with opening an account for or with the child. We won't send any unsolicited promotions to users who indicate they are less than 13 years of age unless the solicitation is in connection with an account opened by an adult. If you have questions about Woori America Bank Privacy Policy, you may call us toll free at 1-888-My Woori (699-6674) 8:30am ~ 5:30pm (EST) or talk to a customer service representative at a branch

Regulation GG

UNLAWFUL INTERNET GAMBLING ENFORCEMENT ACT (UIGEA) OF 2006

The UIGEA, signed into law in 2006, prohibits any person engaged in the business of betting or wagering (as defined in the Act) from knowingly accepting payments in connection with the participation of another person in unlawful internet gambling. The Department of Treasury and the Federal Reserve Board have issued a joint final rule, Regulation GG, to implement this Act. As defined in Regulation GG, unlawful internet gambling means to "place, receive or otherwise knowingly transmit a bet or wager by any means which involves the use, at least in part, of the internet where such bet or wager is unlawful under any applicable Federal or State law in the State or Tribal lands in which the bet or wager is initiated, received or otherwise made." As a customer of Woori America Bank, these restricted transactions are prohibited from being processed through your account or banking relationship with us. If you do engage in an internet gambling business and open a new account with us, we will ask that you provide evidence of your legal capacity to do so.

개인 정보 보호 방침 

How you can protect yourself

Email and Web site scans

Criminals have capitalized on the broad power and wide availability of the Internet and electronic mail (e-mail) to defraud unsuspecting people. It is critical that each of us maintain constant vigilance over the way we use the Internet and all forms of electronic communication. Phishing (pronounced "fishing") as in fishing for confidential information - is a scam that encompasses fraudulently obtaining information by sending an e-mail that appears to originate from a trusted source, such as a financial institution, government agency or other entity.

This is how it works:

  • A consumer receives an e-mail, which appears to originate from a financial institution, government agency, or other well-known/reputable entity.
  • The message describes an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message.
  • The provided link appears to be the Web site of the financial institution, government agency or other well-known/reputable entity, but in "phishing" scams, the Web site belongs to the fraudster/scammer.
  • Once inside the fraudulent Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth.
  • When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity.

Below are current links with information regarding phishing:

http://www.youtube.com/user/FTCvideos 

Vishing is a socially engineered technique for stealing information or money from consumers using the telephone network. The term comes from combining "voice" with "phishing," which are online scams that get people to give up personal information. It is one of the latest breakthroughs in telecommunications-Voice Over Internet Protocol, or VoIP, which enables telephone calls over the web. Pharming refers to the redirection of an individual to an illegitimate Web site through technical means. For example, an Internet banking customer, who routinely logs in to his online banking Web site, may be redirected to an illegitimate Web instead of accessing his or her bank's Web site.

Web Site Spoofing

Spoofing is another trick used by criminals. Criminals steal a Web site's code the technical programming that makes the Web site work and use it to create a fake Web site that "spoofs" or appears to be the legitimate site.

The difficulty for unsuspecting consumers is that these sites look legitimate.

To help protect yourself, be aware of how you're accessing the site.

  • Don't follow a link in an unsolicited e-mail if you have any doubts about the sender (see "phishing", above)
  • Type all Web site addresses carefully, or use Favorites or Bookmarks to store frequently accessed sites especially financial-related sites. Misspelling, even by one letter, the address of the Web site you are trying to access may send you to an incorrect, possibly fraudulent, Web site.

OnGuardOnLine.gov provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information.

For additional information about safe online banking and avoiding online scams, visit http://www.fdic.gov/consumers/consumer/guard/

Lottery/Sweepstakes Letter scams

If you receive a letter, accompanied by a check from Woori America Bank, that claims you have won a lottery, a sweepstakes, have been chosen to be a paid "secret shopper" or a similar variation of a popular contest, be advised that these are scam letters and fraudulent checks since Woori America Bank will not send those winning messages via letter or email.

If you contact the sender as requested, you will be instructed to negotiate the check and forward the sender money through a wire transfer or money order. Please do not negotiate these checks, as they are not authentic Woori America Bank checks.

If you receive one of these letters and/or checks, you should report it to your local U.S. Postal Inspection Service.

Cyber Guidance for Small Business

Why cybersecurity matters?

Cyberattacks cost the U.S. economy billions of dollars a year, and pose a threat for individuals and organizations. Small businesses are especially attractive targets because they have information that cybercriminals (bad actors, foreign governments, etc.) want, and they typically lack the security infrastructure of larger businesses to adequately protect their digital systems for storing, accessing, and disseminating data and information.

Surveys have shown that a majority of small business owners feel their businesses are vulnerable to a cyberattack. Yet many small businesses cannot afford professional IT solutions, have limited time to devote to cybersecurity, and don’t know where to begin.

Start by learning about common cybersecurity best practices, understanding common threats, and dedicating resources to address and improve your cybersecurity.

Best practices for preventing cyberattacks

Train your employees

Employees and their work-related communications are a leading cause of data breaches for small businesses because they are direct pathways into your systems. Training employees on basic internet usage best practices can go a long way in preventing cyberattacks.
Other training topics to cover include:

  • Spotting phishing emails
  • Using good internet browsing practices
  • Avoiding suspicious downloads
  • Enabling authentication tools (e.g., strong passwords, Multi-Factor Authentication, etc.)
  • Protecting sensitive vendor and customer information
  • Secure your networks

Safeguard your internet connection by encrypting information and using a firewall. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password-protect access to the router. If you have employees working remotely, use a Virtual Private Network (VPN) to allow them to connect to your network securely from out of the office.

Use antivirus software and keep all software updated

Make sure all of your business’s computers are equipped with antivirus software and are updated regularly. Such software can be found online from a variety of different vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. It is recommended to configure all software to install updates automatically. In addition to updating antivirus software, it is key to update software associated with operating systems, web browsers, and other applications, as this will help secure your entire infrastructure.

Enable Multi-Factor Authentication

Multi-Factor Authentication (MFA) is a mechanism to verify an individual’s identity by requiring them to provide more than just a typical username and password. MFA commonly requires users to provide two or more of the following: something the user knows (password, phrase, PIN), something the user has (physical token, phone), and/or something that physically represents the user (fingerprint, facial recognition). Check with your vendors to see if they offer MFA for your various types of accounts (e.g., financial, accounting, payroll).

Monitor and manage Cloud Service Provider (CSP) accounts

Consider using a CSP to host your organization’s information, applications, and collaboration services, especially if you’re utilizing a hybrid work structure. Software-as-a-Service (SaaS) providers for email and workplace productivity can help secure data being processed.

Secure, protect, and back up sensitive data

  • Secure payment processing - Work with your banks or card processors to ensure you are using the most trusted and validated tools and anti-fraud services. You may also have additional security obligations related to agreements with your bank or payment processor. Isolate payment systems from less secure programs and do not use the same computer to process payments and casually browse the internet.
  • Control physical access - Prevent access or the use of business computers by unauthorized individuals. Laptops and mobile devices can be particularly easy targets for theft and can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel. Conduct access audits on a regular basis to ensure that former employees have been removed from your systems and have returned all company issued devices.
  • Back up your data - Regularly back up data on all of your computers. Forms of critical data include word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounting files. If possible, institute data backups to cloud storage on a weekly basis.
  • Control data access - Frequently audit the data and information you are housing in cloud storage repositories such as Dropbox, Google Drive, Box, and Microsoft Services. Appoint administrators for cloud storage drive and collaboration tools and instruct them to monitor user permissions, giving employees access to only the information they need.

Common threats

As important as it is to include best practices in your cybersecurity strategy, preventative measures can only go so far. Cyberattacks are constantly evolving, and business owners should be aware of the most common types. To learn more about a specific threat, click on the link provided to view a short video or fact sheet.

Malware

Malware (malicious software) is an umbrella term that refers to software intentionally designed to cause damage to a computer, server, or computer network. Malware can include viruses and ransomware.

Viruses

Viruses are harmful programs intended to spread from computers to other connected devices like a disease. Cyber criminals use viruses to gain access to your systems and to cause significant and sometimes unrepairable issues.

Ransomware

Ransomware is a specific type of malware that infects and restricts access to a computer until some sort of ransom is provided. Ransomware will commonly encrypt data on the victim's device and demand money in return for a promise to restore the data. Ransomware exploits unpatched vulnerabilities in software and is usually delivered through phishing emails.

Spyware

Spyware is a form of malware that is designed to gather information from a target, and then send it to another entity without consent. There are types of spyware that are legitimate, legal, and operate for commercial purposes such as advertising data collected by social media platforms, however malicious spyware is used frequently to steal information and send it to other parties.

Phishing

Phishing is a type of cyberattack that uses email or a malicious website to infect your computer or system with malware or to collect sensitive information. Phishing emails appear as though they’ve been sent from a legitimate organization or known individual. These emails often entice users to click on a link or open an attachment containing malicious code. Be very cautious about opening links from unknown sources. If something seems suspicious from a known source, don’t just click on it - ask the source directly if it's legitimate.

Additional Resources

In addition to those highlighted above, here are some additional resources available, at no cost, to help improve your cybersecurity.

Cyber Guidance for Small Businesses

https://www.cisa.gov/cyber-guidance-small-businesses

The Cybersecurity and Infrastructure Security Agency (CISA) is an operational component of the Department of Homeland Security (DHS). CISA works to understand, manage, and mitigate risk to the nation's cyber and physical infrastructure in the public and private sector.

Stopransomware.gov

As part of the whole-of-government approach to combating ransomware, CISA created StopRansomware.gov, a one-stop-shop of free resources for organizations of any size to protect themselves from becoming a victim of ransomware.

Identity Theft

What is Identity Theft?

Identity theft is when personal information is stolen, such as a Social Security number (SSN) and date of birth, to commit fraud and other illegal activities.

A thief can use this information to obtain credit cards, mortgage loans, cell phones, as well as withdrawing money from personal bank accounts. Some criminals will even use this information to commit crimes and acquire jobs in the victim’s name.

Stolen Identity can be a difficult and costly burden for the victim. Therefore, it is imperative that you make sure that you are aware of the types of activities that a criminal can do to obtain your personal information and what you can do to prevent it.

How does Identity theft Occur?

Identity thieves use many ways to steal someone’s personal information.
They can search through your trash or hack into your personal computer.
The following are just a few examples of items identity thieves look for:

  • Stealing mail or going through garbage containing personal information called Dumpster Diving.
  • Stealing payment or identification cards, either by pick-pocketing or by getting information through a compromised card reader called Skimming.
  • Impersonating a known company or financial institution in an e-mail to obtain personal information called Phishing.
  • Retrieving information from personal equipment, like disposed computers where personal information was not properly deleted.
  • Researching information about the victim on the internet.
  • Eavesdropping on public transactions to obtain personal data
  • Stealing personal information in computer databases.
  • Advertising fake job offers (either full-time or work from home) where the victims will reply with their full name, address, telephone numbers, and banking details.
  • Browsing internet websites for personal details that have been posted by you (Ex. MySpace, Facebook)
  • Changing your address to divert billing statements to another location to either get current legitimate account info or to delay discovery of fraudulent accounts.

How to Prevent Identity Theft

The following steps can decrease the threat of identity theft:

  • Shred financial documents and paperwork with personal information before you discard them.
  • Protect your Social Security number. Don’t carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary or ask to use another identifier.
  • Don’t give out personal information on the phone, through the mail, or over the Internet unless you know the person who you are dealing with.
  • Never click on links sent in unsolicited emails; instead, type in a web address you know. Use firewalls, anti-spyware, and anti-virus software to protect your home computer; keep them up-to-date.
  • Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house.
  • Order a copy of your credit report at least annually to ensure all information is accurate and includes only authorized transactions.
  • Adequately guard all passwords and PIN numbers for credit and debit cards. Avoid using easily available information such as date of birth, mother’s maiden name, SSN or a phone number.
  • Secure all personal information in your home. Remove your new mail from the mailbox promptly and send outgoing mail from the post office or other secure mailboxes.
  • Shred your charge receipts, copies of credit applications, medical information, checks and bank statements. If available, receive your account statements online instead of on paper.
  • In order to closely monitor fraudulent activity, you should review all monthly account statements or frequently review transactions online or by telephone

When You are a Victim or Identity Theft

If you believe that your personal information has been used to commit any fraudulent activity, the following are steps to take in order to protect against further damage:

  • Place a "fraud alert" on your credit file at the three major credit bureaus (Equifax, Experian, and TransUnion). A "fraud alert" tells creditors to contact you before they open any new accounts or change your existing accounts. Call any one of the three major credit bureaus as they share "fraud alert" notification. The initial fraud alert stays on your credit report for 90 days. You can renew it after 90 days. Request that all three credit reports be sent to you, free of charge, for your review.
  • Close any accounts where you believe identity theft has occurred.
  • File a complaint online with the Federal Trade Commission (FTC) or call the FTC Identity Theft Hotline.
  • Complete the Identity Theft Affidavit PDF, which may be required in reporting a new account opened in your name by an identity thief or to obtain application or transaction records from a company the identity thief dealt with.
  • File a police report and/or an Identity Theft Report with your local police department where the identity theft took place. Ask for a copy of the report; often credit card companies and others will need proof of the crime to erase the debts caused by identity theft.
  • The key to proving you are a victim of identity theft is to get the right documents to the right people.
    The following are tips to help you resolve credit problems resulting from identity theft.
  • Credit reports: Call the Credit Bureau and inform them of the information on your credit report that you believe is inaccurate. Follow up in writing and include copies (not originals) of your documentation such as a copy of the police report or your credit card statement with circles around the items in question.
  • Credit cards: Write your credit card company or other provider to inform them of fraudulent charges. Send your letter so that it arrives at the creditor within 60 days from when the first bill containing the charge was sent to you.
  • ATM cards, debit cards and electronic fund transfers: If your ATM or debit card is stolen or lost or you find a fraudulent transaction on your statement, visit the nearest Woori America Bank or call customer service at 1-888-MyWoori (699-6674)

Identity Theft Resources and information

Federal Trade Commission

http://www.ftc.gov/idtheft/

1-877-IDTHEFT (438-4338)

Credit Bureaus

Equifax

http://www.equifax.com/

To report fraud, call: 1-800-525-6285

To write: P.O. Box 740241, Atlanta, GA 30374-0241

Experian

http://www.experian.com/

To report fraud, call: 1-888-EXPERIAN (397-3742)

To write: P.O. Box 9532, Allen, TX 75013

TransUnion

http://www.transunion.com

To report fraud, call: 1-800-680-7289

e-mail: fvad@transunion.com

To write: Fraud Victim Assistance Department, P.O. Box 6790, Fullerton, CA 92834-6790

Additional Resources

Social Security Number Theft and Misuse

http://www.ssa.gov

to report fraud, call: 1-800-269-0271

Mail Theft

http://postalinspectors.uspis.gov

Phone Fraud

http://www.fcc.gov

Reporting Identity Theft and Fraud

It is important note that Woori America Bank does not contact its clients or anyone else by e-mail to confirm credit card or financial transactions, or to confirm or request personal account information or any other type of sensitive information.

If you are concerned that you have received fraudulent email, disclosed confidential information or believe your personal information has been compromised and/or stolen regarding your Woori America Bank account(s), please contact us immediately at 1-888-MyWoori (699-6674) 8:30AM ~ 4:30PM (ET) or visit the nearest Woori America Bank branch.

Privacy Policy

Learn More

Children's Online Privacy Protection

In accordance with the Children's Online Privacy Protection Act (COPPA), we will not knowingly collect, store, use or disclose personal information directly from children on the internet unless the information has been provided by an adult in connection with opening an account for or with the child. We won't send any unsolicited promotions to users who indicate they are less than 13 years of age unless the solicitation is in connection with an account opened by an adult. If you have questions about Woori America Bank Privacy Policy, you may call us toll free at 1-888-My Woori (699-6674) 8:30am ~ 5:30pm (EST) or talk to a customer service representative at a branch

Regulation GG

UNLAWFUL INTERNET GAMBLING ENFORCEMENT ACT (UIGEA) OF 2006

The UIGEA, signed into law in 2006, prohibits any person engaged in the business of betting or wagering (as defined in the Act) from knowingly accepting payments in connection with the participation of another person in unlawful internet gambling. The Department of Treasury and the Federal Reserve Board have issued a joint final rule, Regulation GG, to implement this Act. As defined in Regulation GG, unlawful internet gambling means to "place, receive or otherwise knowingly transmit a bet or wager by any means which involves the use, at least in part, of the internet where such bet or wager is unlawful under any applicable Federal or State law in the State or Tribal lands in which the bet or wager is initiated, received or otherwise made." As a customer of Woori America Bank, these restricted transactions are prohibited from being processed through your account or banking relationship with us. If you do engage in an internet gambling business and open a new account with us, we will ask that you provide evidence of your legal capacity to do so.