Security Center

What We’re Doing to Protect You – How We Communicate

In order to comply with all aspects of the Federal Communication Commission “Telephone Consumer Protection Act of 1991” (47 CFR 64.1200), Hanmi Bank adopts the following Do-Not-Call Policy.

It is the policy of the bank that we will not make unsolicited calls, send unsolicited electronic mail or unsolicited faxes to non-customers. Customers with an existing business relationship may be called for marketing purposes. Customers who specifically advise us they do not wish to be called will be placed on the bank’s Do Not Call list and will not be called. Non customers who are on the national Do Not Call registry will not be called.

When making unsolicited telephone calls for marketing purposes, Bank employees will identify themselves by name, and provide the Bank name and phone number.

If you have any additional questions regarding the how we communicate, please contact our electronic banking department via telephone at (213) 427-4277, via U.S. Mail at 3660 Wilshire Blvd #1000, Los Angeles, CA 90010, or visit one of our branches in person.

How to Protect Yourself from Online Fraud – Email Fraud

E-mail can be used for sending scams such as a false offer from a company or an alert to a false computer virus. These e-mails are often forwarded with good intention by friends, adding an erroneous level of legitimacy. If you receive an e-mail that you think could be a scam, do not forward it and delete it immediately. If you receive an e-mail warning that a new computer virus is circulating, check the Web site of any one of the well-known anti-virus software companies for validation.

Emails such as these are most likely from criminals who send thousands of emails at a time to random addresses. These criminals are trying to entice the recipient to visit a phony website and provide personal and confidential information, such as online IDs and passcodes, or Social Security numbers and account numbers. Although the site may appear identical, it is not – which is why this practice is known as “spoofing.”

Here are some simple guidelines to follow when you believe that you have received a phishing e-mail.

• Never open an e-mail that you do not recognize.
• Never click on an e-mail that has a link to direct you to a site that you do not recognize.
• Never enter your personal information on a website that you do not recognize.
• Never enter your user ID, password, account number, ATM Pin number, or your security answers, on a non-secured webpage or e-mail.

Below are some examples of phishing e-mails.

Example 1

By looking at the link everything seems to be fine and to an unsuspecting victim everything looks correct, but if you look closely there is a misspelling on the word Hanmi.

The web address is http://www.hamni.com/onlineenrollment.html Fraudsters use clever methods to make the web address as close as possible to the address of the reputable bank. The word Hanmi is misspelled as “hamni”. This is not because fraudsters cannot spell; they purposely misspell the word so that the unsuspecting victim will not notice the difference of the actual word and the victim will think that they are actually clicking on to hanmi.com.

Example2:

Without clicking on the link on the e-mail if you move your mouse over the link, the real web address appears. The link is written as http://hanmi.com/fraud/revalidate, but the actual link is http://www.212.312.101./hanmi/login.htm. Once an unsuspecting victim clicks on the link a spoof window will open which will take them to a website that looks exactly like the reputable banks website. On this spoof website the fraudsters will create a page that will ask the unsuspecting victim to enter their personal information such as SSN, user ID, password, security answers, mother’s maiden name, etc.

If you have any additional questions regarding email fraud, please contact our electronic banking department via telephone at (213) 427-4277, via U.S. Mail at 3660 Wilshire Blvd #1000, Los Angeles, CA 90010, or visit one of our branches in person.

How to Protect Yourself from Online Fraud – Commercial Banking Customers

Commercial internet banking customers tend to be exposed to higher level of risk primarily due to fund transfer capability. We recommend commercial internet banking customers consider following security guidelines.

• Have employees sign an Acceptable Use Policy (AUP) annually or as needed
• Provide annual security awareness training to employees
• Prior to hire, run a background check on a new employee
• Make sure your computer systems are equipped with up-to-date antivirus software
• Ensure that proper process is in place for software updates and patches (i.e. Operation System, Internet Browser, Acrobat Adobe and etc.)
• Make sure that appropriate level of access is assigned to your employee
• Ensure your firewall protection exist in your company’s network
• Consider other network protection such as IDS/IPS, Internet Content Filtering and Email Filtering as your added control measure
• Apply auto-lock feature after specified period of inactivity
• Physically secure all your critical systems including computers and network equipment that are used to access internet banking
• Secure your password at all time

If you have any additional questions regarding commercial banking customer guideline, please contact our electronic banking department via telephone at (213) 427-4277, via U.S. Mail at 3660 Wilshire Blvd #1000, Los Angeles, CA 90010, or visit one of our branches in person.

How to Protect Yourself from Online Fraud – Identity Theft

Keep your personal information private and secure. If you are being asked to provide your personal information, make sure you know who you are dealing with and use a shredder to destroy any personal documents that are no longer useful.

Please use passwords on your credit card, bank, and phone accounts. Avoid using easily available information like your birth date, your Social Security number or your phone number.

Don’t give out personal information on the phone, through the email, or on the Internet unless you’ve initiated the contact or are sure you know who you’re dealing with.

Deposit your outgoing mail in post office collection boxes or at your local post office. If you’re planning to be away from home and can’t pick up your mail, call the U.S. Postal Service at 1-800-275-8777 to request a vacation hold.

To obstruct an identity thief who may pick through your trash or recycling bins to capture your personal information, tear or shred any documents that contain your personal information. To opt out of receiving offers of credit in the mail, please call 888-5-OPTOUT (888-567-8688).

Carry only the identification information and the credit and debit cards that you’ll actually need when you go out.

Place fraud alerts on your credit report. Fraud alerts can help prevent an identity thief from opening any more accounts in your name. Close the accounts that you know, or believe, have been tampered with or opened fraudulently.

File a report with your local police. When you file a report, provide as much information as you can about the crime, including the date, time, and place of the identity theft and the fraudulent accounts opened. File a complaint with the Federal Trade Commission. You can file a complaint online at www.ftc.gov/idtheft or call toll-free: 1-877-IDTHEFT (1-877-438-4338).

Exercise your rights to review your credit report and report fraudulent activity. Contact the credit bureaus listed below:

Credit Bureaus	To order your credit report	To report fraud
Equifax: (www.equifax.com)	1-800-685-1111 P.O. Box 740241, Atlanta, GA 30374-0241	1-800-525-6285 P.O. Box 105069, Atlanta, GA 30348
Experian: (www.experian.com)	1-888-397-3742 P.O. Box 2104, Allen, TX 75013-2104	1-888-397-3742 P.O. Box 9531, Allen, TX 75013
Trans Union: (www.transunion.com)	1-800-916-8800 P.O. Box 34012 Fullerton, CA 92834	1-800-680-7289 P.O. Box 6790 Fullerton, CA 92834-6790

Credit Bureaus	Contact Info
Social Security Number Theft and Misuse Social Security Administration:	oig.ssa.gov
Mail Theft:	postalinspectors.uspis.gov
Phone Fraud:	www.fcc.gov

How to Protect Yourself from Online Fraud – Malware & Viruses

What is Malware?
Malware or malicious software, such as viruses, worms and trojans, is designed to gain access to your computer systems without your consent. When installed, malware can steal your personal and financial information, send spam emails on your behalf or perform fraudulent activities under your name.

How can I spot Malware?
Malware is usually sent as an attachment to emails claiming to be from someone you know, or disguised as genuine software coming from an official site.

How can I protect myself against Malware?

• Do not click on website links or attachments in emails received from unknown senders.
• Do not run or download any programs received from suspicious emails.
• Protect your computer from malicious programs by using anti-virus software.
• Install the latest updates on your operating system and applications such as Windows, Microsoft Office, Adobe Reader, Flash, etc.
• Enable your pop-up blockers using your internet options to prevent pop-ups that may contain malware and viruses from damaging your computer.
• Delete cookies using your internet options because they can build up over time and slow down your computer.
• Signs of malware infection may include sudden slowness in your computer, change from the usual logon procedures or an increase in pop-up banners. If you suspect that your computer has been infected by malware, refrain from using banking websites until your computer is cleaned.

What should you do if you have revealed your banking details to fraudsters?
If you suspect you have been a victim of fraud and have revealed your personal banking details to fraudsters of this nature, please contact our electronic banking department via telephone at (213) 427-4277, via U.S. Mail at 3660 Wilshire Blvd #1000, Los Angeles, CA 90010, or visit one of our branches in person.

Be Smart with your Smartphone

Smartphones have changed how we live, and how we bank. Mobile banking apps are used by individuals and businesses to deposit checks by snapping a picture, access balance information, transfer funds, pay bills, and more—from virtually anywhere, anytime. However, many people do not take adequate security precautions with their smartphones, leaving them vulnerable to possible identity theft and privacy loss.

What Can You Do?

• Create a password or PIN to lock your smartphone or mobile device when not in use.
• Do not give your password to anyone, and do not store it on your mobile device.
• Use only Hanmi Bank’s mobile bank app, or the official mobile apps provided by other financial institutions you do business with.
• Do not access mobile or online banking through third-party apps or sites. If in doubt, contact your bank.
• Download apps only from official app stores, such as the Apple iTunes Store or Google Play. Avoid downloading free apps from unknown sources, as they may install malware on your smartphone.
• Keep your phone’s operating system updated with the latest security patches.
• Avoid “rooting*” your smartphone, as this may remove security features.
• Install an antivirus program on your smartphone if available.
• Beware of text messages and emails from unfamiliar senders containing links. These may be phishing scams aimed at stealing your personal financial data. Never respond to messages asking for your password or PIN. Don’t reply to unsolicited messages or voicemails.

SMARTPHONES AND SOCIAL MEDIA

Smartphones and mobile devices are now an integral part of social media activity, but it’s important not to reveal information that may put you at risk for fraud or theft. We recommend the following precautions:

• Social check-in: When away from home—whether just out to dinner or on vacation—be careful about posting your whereabouts in your social media status. Burglars and other criminals have used Facebook and other social media platforms to find vacant properties to rob. If you’re using a social app on your phone to check-in to a location, consider whether you want others knowing you’re not at home.
• Taking pictures: Most smartphones have built-in GPS, which may embed coordinates into an image when you take a picture. When you share these photos online, criminals can see where you took the picture.
• Limit photo sharing: It’s common to take pictures with smartphones of family members and personal things, such as a home, car or other possessions. Sharing these online may reveal personal information that can be used by identity thieves.

How Do You Deposit a Check with Your Smartphone or Tablet?

Start by taking photos… and taking precautions!

At an increasing number of banks, consumers can use a smartphone or tablet to deposit a check into their account from anywhere they can access their account remotely. Simply endorse the check (just like you would at the ATM or teller), use your mobile device to snap a photo of the front and back, and deposit the check using the bank’s mobile application (app).

This service — often called “remote deposit capture” or RDC — is becoming more common at banks and more popular with consumers. Still, there are potential costs and security risks. FDIC Consumer News is offering our latest tips and reminders.

Review and understand your bank’s RDC policies and fees. This information will generally be on the bank’s app or website. “For example, find out if there is a limit on the total dollar amount or number of checks that you can deposit via RDC in a certain time period,” said Deborah Shaw, an FDIC senior technology specialist. Additionally, you should determine how long the bank requires you to keep the original check after you deposit it using RDC.

Confirm when the funds from your deposited check will be made available to you. Federal rules allow banking institutions to put a temporary “hold” on certain deposits, and require institutions to provide disclosures to customers stating when their funds will be available for withdrawal. “If you do not find this information on the bank’s app or website, talk to an employee,” said Luke W. Reynolds, Chief of the FDIC’s Outreach and Program Development Section. “Also confirm the cutoff time for deposits to be considered received that day; this may not be the same as the bank’s normal closing time.”

Take steps to avoid potential problems. RDC creates the risk that a check could be deposited more than once. That could happen accidentally if, for example, a wife deposits a check electronically using RDC and then her spouse, not realizing that the check is already deposited, sees the paper check and deposits it at the bank. Or, a fraudster could steal a check, alter it and attempt to deposit the funds.
Shaw advises writing “for mobile deposit only” or “deposited” on the back of the paper check and securely storing the check for as long as required according to your bank’s policies. After the bank’s recommended retention period ends, RDC users should shred the paper check.

Always monitor your accounts. As you would if you were depositing money any other way, make sure deposits and other transactions have been properly posted to your account. “You can check your account online or through the mobile app,” Shaw said. “Your bank also may provide email alerts about changes in account balances or unusual activity on your account.” She added that your bank also may be able to notify you by email or text message when RDC deposits are posted to your account or if there is a problem with a deposit.

For more help or information regarding remote deposits, contact your bank.

* Rooting is a process that allows you to attain root access to the Android operating system code (the equivalent term for Apple devices id jailbreaking). It gives you privileges to modify the software code on the device or install other software that the manufacturer wouldn’t normally allow you to.

How to Protect Yourself from Online Fraud – Security Tips

Your nonpublic personal information is the most valuable asset online. While Hanmi Bank continuously looks for ways to strengthen online protection and security, we recognize that you are the most knowledgeable and reliable when it comes to suspecting possible fraudulent activities on your account. To avoid being a victim of fraud, always reconsider before providing sensitive information online.

Encourage yourself to adopt these security tips to protect yourself anywhere online:

• Create strong passwords by including special characters such as * and @ so your password is not easily compromised by unauthorized persons.
• Change your passwords periodically, and immediately, when you suspect that your password or account has been compromised. Do not use one password for multiple accounts. Using a one-fits-all password increases the likelihood for the imposter to hack into various accounts if they possess your user identifications.
• Update your contact information to Hanmi Bank when you move or change your phone number. Immediately notify us of your new contact information so we maintain your up-to-date changes in our records.
• Monitor your accounts regularly because no one can detect suspicious transactions or activities on your account as well as you can. Remember to review your account statements on a monthly basis to be able to make claims of fraudulent and unauthorized charges appearing on your account within a reasonable and mandated period varied by the financial institution or company.
• Browse vigilantly online to protect your personal and financial information from being exposed to criminals and unwanted/unnecessary parties. You are the ultimate decision maker. Do not provide any information to suspicious sites. If at any point you do not feel comfortable and deem that the site is unnecessarily requesting your sensitive information, do not continue.
• Refrain from entering sensitive information when using: public WIFI, public/shared computer, a wireless router without password protection, and any other devices other than your own. Always make sure that you are using a secure network that is password protected before entering your user ID and password. If you are unfamiliar with the environment, do not proceed. Always be cautious and verify to whom you are exposing your information to before providing your identification to prevent identity theft. When you are using Mobile Banking, consider your WIFI auto-connect settings.
• Notice the website as https:// on the address bar before entering any information, even your email. The “s” from https:// indicates that the webpage is “secure” and the sensitive information you provide such as your name, account number, social security number, ID and passwords will be encrypted as a security measure. Always verify and determine if the information you reveal is being delivered to secure channels and legitimate sources. Again, if you are uncertain about the site you are visiting, take precaution and do not proceed.
• Protect your devices with passwords so your phone, notebook, tablet, and computer do not easily expose the inside content of your stored data. Try not to “safe-keep” user ID and passwords on your phone and other devices as they may be compromised if you lose the device. The best way to secure sensitive information is by memorizing them. Be aware of the traces you may leave behind if an unexpected event, like losing your device, should occur.
• Monitor your credit report annually to detect, if any, unauthorized events by the use of your social security or tax identification number and other nonpublic information. You can also register for additional identity protection services. Please refer to the Identity Theft section for details to the three credit bureaus.

These are general security tips to practice when online. If you have additional questions regarding security tips, please contact our electronic banking department via telephone at (213) 427-4277, via U.S. Mail at 3660 Wilshire Blvd #1000, Los Angeles, CA 90010, or visit one of our branches in person.