Text Size

Fraud Protection

The safety and security of your financial information is of primary importance to us. This page includes important information about fraud as well as links to several resources where you can learn more about the many different types of fraud and things you can do to minimize your risk.

Consumer Protection

Identity Theft and Phishing

One way thieves can steal your identity is through "phishing." It is pronounced "fishing," and that is exactly what these thieves are doing: "fishing" for your personal financial information. What they want are account numbers, passwords, Social Security numbers, and other confidential information that they can use to loot your checking account or run up bills on your credit cards.

With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even driver's licenses in your name. They can do damage to your financial history and personal reputation that can take years to unravel. But if you understand how phishing works and how to protect yourself, you can help stop this crime.

Tips to Help Avoid Identity Theft
  • Never provide your personal information in response to an unsolicited request
  • If you believe a contact may be legitimate, contact the financial institution yourself after you have verified the contact information
  • Never provide your password over the phone or in response to an unsolicited Internet request
  • Never click on the links provided in an e-mai.
  • Protect your Social Security Number (SSN), credit card and debit card numbers, PINs (personal identification numbers), passwords and other personal information
  • Protect your incoming and outgoing mail
  • Keep your financial trash "clean” by shredding sensitive information
  • Keep a close watch on your bank account statements and credit card bills
  • Review your credit record regularly
  • Never access bank, brokerage or other financial services information at Internet cafes, public libraries, etc. Unauthorized software may be installed to trap an account number and login information, leaving you vulnerable to possible fraud

If you have a question or would like to learn more about our fraud protection products and services, please contact a bank representative.

 

How to Report Identity Theft

Contact a bank representative immediately.

If you have disclosed sensitive information in a phishing attack, you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name. Here is the contact information for each bureau’s fraud division:

Equifax
800.525.6285
P.O. Box 740250
Atlanta, GA 30374

Experian
888.397.3742
P.O. Box 1017
Allen, TX 75013

TransUnion
800.680.7289
P.O. Box 6790

Report all suspicious contacts to the Federal Trade Commission through the Internet at www.consumer.gov/idtheft, or by calling 1.877.IDTHEFT.
Fullerton, CA 92634

Tips for Preventing Mail Theft and Fraud
  • Retrieve your mail promptly after delivery
  • Always deposit your mail in a mail slot at your local post office or hand it to your letter carrier
  • Sign up for Online Services:
    • Online Bill Pay – eliminates the need to send your checks through the mail
    • Online Bill Presentment – your bills are sent electronically and not through the mail
    • eStatements – eliminates paper statements that travel through the mail

 

Educational Resources for Consumers

FDIC: Learn How to Protect Yourself from Fraud

Federal Trade Commission: Fighting Back against Identity Theft

The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA) designed to serve as a vehicle to receive, develop, and refer criminal complaints regarding cyber crime.

The Financial Fraud Enforcement Task Force maintains a wide list of resources and information dedicated to helping find and report suspected cases of financial fraud.

OnGuard Online provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information.

FBI: Common fraud schemes and helpful information to avoid becoming a victim

Internet Safety Alert Poster from The Internet Crime Complaint Center (IC3)


Corporate Protection

Corporate Account Takeover

A corporate account takeover is a method by which cyber-thieves gain control of a business’ bank account by stealing the business’ valid online banking credentials. Although there are several methods being employed to steal credentials, the most prevalent involves malware that infects a business’ computer workstations and laptops.

A business can become infected with malware via infected documents attached to an email or a link contained within an email that connects to an infected website. In addition, malware can be downloaded to users’ workstations and laptops when the users visit legitimate websites - especially social networking sites - and click on the documents, videos or photos posted there. This malware can also spread across a business’ internal network.

In common attacks, cyber-thieves send emails purporting to come from reputable, national organizations. This is a common tactic to gain credibility and lure unsuspecting individuals into taking some action. A recipient who clicks on the links within the email may be taken to a fake website, which prompts the recipient to unknowingly download malware to the computer.

The malware installs keylogging software on the computer, which allows the perpetrator to capture a user’s credentials as they are entered at the financial institution’s website. Sophisticated versions of this malware can even capture token-generated passwords, alter the display of the financial institution’s website to the user and/or display a fake Web page indicating that the financial institution’s website is down. In this last case, the perpetrator can access the business’ account online without the possibility that the real user will log in to the website.

The cyber-thieves use the sessions to initiate funds transfers, by ACH or wire transfer, to the bank accounts of associates within the U.S. These accounts may be newly opened by accomplices or unwitting “money mules” for the express purpose of receiving and laundering these funds. The accomplices or mules withdraw the entire balances shortly after receiving the money, and then send the funds overseas via over-the-counter wire transfer or other common money transfer services.

Why Are Smaller Businesses and Organizations Targeted?

The cyber-thieves appear to be targeting small- to medium-sized businesses, as well as smaller government agencies and non-profits, for several reasons:

  • Many small businesses and organizations have the capability to initiate funds transfers via ACH or wire. This funds transfer capability is often related to a small business’ origination of payroll payments
  • Many businesses maintain a type of organization chart online, making spear phishing (targeting a specific employee) for an employee with online banking authorities easier
  • Small businesses often do not have the same level of resources as larger companies to defend their information technology systems
  • Many small businesses do not utilize additional banking services, such as password-generating tokens, and do not monitor and reconcile their accounts on a frequent or daily basis

 

What Can You Do?
Protect
  • Ask us about multi-factor authentication. For example, something the person knows (user ID, PIN, password) or something the person has (password-generating token)
  • Ask us about dual control features for initiation of payments via Online Banking, with distinct responsibility for transaction origination and authorization
  • Ask us about establishing reasonable exposure limits that are related to transaction origination
  • Do not respond to or open attachments or click on links in unsolicited emails
  • If you receive an email from an apparent legitimate source requesting account information or action, contact the sender directly by other means: We will not send customers emails asking for passwords, credit card numbers or other sensitive information
  • Contact us immediately if you encounter a message stating that the system is unavailable while trying to log in to your account
  • Conduct Online Banking and payments activity from a dedicated computer that is not used for other online activity, such as general Web browsing and social networking and/or is not connected to an internal network
  • Ensure that all anti-virus and security software for all computer workstations and laptops is robust and up-to-date
  • Log/turn off and lock up computers when not in use
  • Change the default passwords on all network devices
  • Educate your employees on this type of fraud scheme
  • If you have a question or would like to learn more about our fraud protection products and services, please contact a bank representative

Detect
  • Monitor and reconcile accounts daily; many small business clients do not reconcile their bank accounts on a daily basis, and therefore may not recognize fraudulent activity until it is too late to take action.
  • Note changes in the performance of your computer such as: loss of speed, changes in appearance, computer locking up, unexpected rebooting or restarting of your computer, unusual pop-up messages, new toolbars and icons or an inability to shutdown or restart.
  • Look out for rogue emails; if someone says they received an email from you that you did not send, you may have malware on your computer.
  • Run regular virus and malware scans of your computer’s hard drive


Respond
  • If you detect suspicious activity, immediately cease all online activity and remove any computer systems that may be compromised from the network
  • Immediately contact us so that the following actions may be taken: disable online access to accounts, change online banking passwords, open new accounts as appropriate, request a review all recent transactions and electronic authorizations on the account and ensure that no one has added any new payees or made any other critical changes to account information
  • File a police report; having a police report on file will often help facilitate the filing of claims with insurance companies, financial institutions and other establishments that may be the recipient of fraudulent activity
  • In addition, you may choose to file a complaint online at www.ic3.gov. For substantial losses, contact your local FBI field office. (http://www.fbi.gov/)
  • Have a contingency plan to recover systems suspected of compromise
  • Consider whether other company or personal data may have been compromise

 

Educational Resources for Businesses


Fraud Alerts and Communications

Fraudulent E-Mails Claiming to Be From the FDIC

E-mails that claim to be from the FDIC are reportedly in circulation. 

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.

The e-mails appear to be sent from various "@fdic.gov" e-mail addresses, such as "subscriptions@fdic.gov," "alert@fdic.gov," or "accounts@fdic.gov."

They have subject lines that read: "FDIC: Your business account" or "FDIC: About Your Business Account."

The e-mails are addressed to "Business Customer" or "Business Owner" and state "We have important information about your bank" or "…financial institution." They then ask recipients to "Please click here to find details."

They conclude with, "This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership."

These e-mails and the link included are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT, under any circumstances, provide any personal financial information through this media.

Financial institutions and consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.

For your reference, FDIC Special Alerts may be accessed from the FDIC's Website at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through email, please visit www.fdic.gov/about/subscriptions/index.html.

Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.

IRS Warns of E-Mail Fraud

The IRS is currently warning taxpayers of an active email scam in the Midwest. The scam involves emails supposedly sent from the IRS that bear copycat logos and the names of real IRS officials. The recipients are told that their payment for taxes due has been rejected. They are then asked to click on a link in order to fill out an attached form and thereby resolve the payment rejection issue. However, the attachment actually contains a virus. This virus allows the scammer to gather personal and financial information from the recipient’s computer.

Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.

IRS spokesperson Michael Devine says that the IRS will never send an email asking for personal information to any taxpayer. All correspondence regarding any problem with your tax return will be through the U.S. Mail. This official IRS letter will describe the problem and contain contact information for the person or agency who can help you resolve the issue.

If you receive an email that claims to be from the IRS, remember the following:

  • Do not respond to it.
  • Do not open any attachments.
  • Do not click on any links in the email.

To assist the IRS in locating and prosecuting the criminals perpetrating this scam, you can do the following:

  • Call 1.800.829.1040 to determine if the IRS is indeed trying to contact you regarding your tax return.
  • Forward any email claiming to be from the IRS to phishing@irs.gov.

 

NACHA Phishing Alert: E-Mail Claiming to Be From NACHA

NACHA – The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA and signed by a non-existent NACHA employee. Specifically, this email claims to be from the “Electronic Payments Association” and appears to be coming from the email address "payments@nacha.org.” See a sample of the email below.

Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.

NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.

If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.

Always use anti-virus software and ensure that the virus signatures are automatically updated.

Ensure that the computer operating systems and common software applications security patches are installed and current.

Additional information and guidance on phishing is available from the Federal Deposit Insurance Corporation (FDIC).

Be alert for different variations of fraudulent emails.

FDIC Consumer Alert: Fraudulent FDIC E-Mails

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an email that has the appearance of being sent from the FDIC. The email informs the recipient that "in cooperation with the Department of Homeland Security, federal, state and local governments…" the FDIC has withdrawn deposit insurance from the recipient's account "due to account activity that violates the Patriot Act." It further states deposit insurance will remain suspended until identity and account information can be verified using a system called "IDVerify." If consumers go to the link provided in the email, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient's computer.

This email is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the email and should NOT under any circumstances provide any personal information through this media.

The FDIC is attempting to identify the source of the emails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

For your reference, FDIC Special Alerts may be accessed from the FDIC's Web site at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through email, please visit www.fdic.gov/about/subscriptions/index.html.

Read more here: http://www.fdic.gov/news/news/SpecialAlert/2011/sa11010.html.

TOP