Phishing Scams

No Phishing Allowed! How to avoid being lured into a phishing scam

Identity thieves have taken up phishing!  Phishing fraudsters use fake e-mails, text messages, phone calls, and even websites to fish for consumers’ sensitive personal information.  The word "phishing" comes from the analogy that Internet scammers are using email and text messages as lures to "fish" for passwords and financial data from the sea of internet users. In this type of scam, the victim unwittingly supplies the thieves with exactly what they need to leave the victim reeling from the resulting financial losses. 

The FBI has called phishing one of the most troubling scams out there.  Many large reputable businesses and organizations (including the Federal Deposit Insurance Corporation (FDIC), the Internal Revenue Service (IRS), and the American Bankers Association) have been fraudulently represented in this type of scam.  Statistics compiled by the Anti-Phishing Working Group have highlighted the fact that the financial services industry is the most commonly targeted business sector.  

In a typical phishing scam, you receive an e-mail or text message supposedly from a company or financial institution you may do business with or from a government agency.  These messages can look quite convincing, using company logos and banners copied from actual websites. They also usually include a fabricated message stating that you must update, verify, or re-submit confidential information such as bank account and credit card numbers, social security numbers, passwords, and personal identification numbers (PINs). They also tend to utilize a solen return e-mail, a form linked from a look-alike website of the real business, or a pop-up message with the name and even the logo of the company or government agency. 

Perhaps you are told that your bank account information has been lost, stolen, or that restrictions have been imposed on your account until you provide additional details. If you comply, the thieves hiding behind the seemingly legitimate website or e-mail can use the information to make unauthorized withdrawals from your bank account, pay for online purchases using your credit card, open lines of credit, or even sell your personal information to other thieves.

Important: Once provided to us at account opening, we will never initiate contact with you and ask for your Social Security number or bank account number(s). If you contact us, we may ask you to verify one or more as a means of identification, but we will never call or email you and ask for this information unsolicited. We advise you to never give out your Social Security number or any account numbers to anyone that you have not initiated contact with first.

To avoid becoming a victim of a phishing scam, follow these important tips:

  • Never give out your personal financial information in response to an unsolicited phone call, fax, email, or text message no matter how official it may seem.

  • Use extreme caution when clicking on links and attachments included in unsolicited emails or texts, even if they appear to be from someone you know or from a company with whom you do business. Identity thieves often spoof messages that contain links directing you to false websites designed to trick you into providing your personal information. They may even include attachments that contain dangerous malware that downloads automatically and unknowingly.
     
  • Do not respond to email or text messages that may warn of dire consequences unless you validate your information immediately.  Contact the company to confirm the messages' validity using a telephone number or web address you know to be genuine.

  • Promptly review your bank account and credit card statements and look for unauthorized transactions, even small ones.  Some thieves hope small transactions will go unnoticed. Investigate and report any discrepancies immediately.

  • When submitting financial information to a website, look for the padlock or key icon at the bottom of your browser, and make sure the internet address begins with "https." This signals that your information is secure during transmission.

  • If you believe you have responded to a fraudulent message, contact your bank immediately so they can protect your account and your identity. In addition, call the three major credit bureaus (see Fraud Alert Hotlines) to request that a fraud alert is placed on your credit report.

  • Report suspicious messages to the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center and the Federal Trade Commission.