Identity Theft Information:

Almost every day on the television or in the newspaper you will hear about someone who has become a victim of Identity Theft. No longer are crooks intent on using another person's identity digging through mailboxes or garbage bins for bank and credit card statements or hacking into computer systems that house confidential financial information. Now, identity (ID) thieves are becoming more fierce and deceptive. They will call you at home, or send you email or postal mail requesting or requiring you to complete forms or click on phony web addresses and provide personal and financial information.

Please be aware that Bitterroot Valley Bank would never ask for or require you to give out financial information (ex. SSN, account numbers, etc.) by phone, email or over unsecured web pages. We want to help you learn about some of the schemes so you can protect yourself.

Phishing comes from the analogy that Internet scammers are using email lures to “fish” for passwords and financial data from the sea of Internet users. However, phishing has grown to include more than just email lures including telephone calls, web pages, and pop-up boxes.

Typically, a phishing expedition starts with an email that warns of some problems with an account, or promotes a special offer, and directs you to a Web page that’s a dead ringer for the site of the company or bank you do business with – right down to the graphics, log-on forms, and links that lead to legitimate pages. At the core of the phishing problem is a new kind of identity theft experts are calling “corporate ID theft.” Criminals are increasingly aware of the power that trademarks have over consumers and they are using that trust against consumers. Whether it’s an email with an eBay logo, a Web site with Earthlink’s name, or a Web site using an address that seems to be a legitimate brokerage, con artists are successfully using these trademarks to trick consumers. Even experts say telling real mail from phish can be difficult. So, in actuality, the ID thieves are committing a double ID theft, first the corporations then, the consumers. The notes appear to be personal, referencing an open account at a bank or Website, but they are really just Spam. Sent to a wide enough audience, an emailing referencing Citibank or eBay will hit plenty of people who really are account holders.

The email often says that account information needs to be updated right away and asks you to click on a link that will take you to the website and an information update form. The linked page will look just like the company’s actual website but the information will be sent to identity theft scammers not the legitimate company.

As of December 2004, 1707 active phishing sites have been reported according to the Anti-Phishing Working Group. Targeted companies include: eBay, PayPal, Citibank, Bank of America, Best Buy, Earthlink, AOL, the FDIC, and AT&T… just to name a few.

Although the first phishing attacks were straight email messages with Web links to phony sites, there’s an even newer version. Hackers have developed two Trojan horse programs known as MiMail and MmdLoad that arrive as e-mail attachments. If you double-click on the attachment, it unleashes a program that not only takes you to a phony sign-on screen but also uses your email client to send a copy of the booby-trapped message to everyone on your contact list.

A great site for more information and examples of these fishing emails can be found at www.antiphishing.org.

You can protect yourself from the latest identity theft scam by following these useful tips, which were developed by the Federal Trade Commission:

If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead, contact the company site in the email using a telephone number or Web site address you know to be genuine.

Avoid emailing personal and financial information. Before submitting financial information through a Web site, look for the “lock” icon on the browser’s status bar. It signals that your information is secure during a transmission.

Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

Report suspicious activity to the FTC. Send the actual spam to uce@ftc.gov. If you believe you’ve been scammed, file your complaint at www.ftc.gov, and visit the FTC’s Identity Theft web site (www.ftc.gov/idtheft) to learn how to minimize your risk of damage from identity theft.

Another type of phishing scam sends you to the real company’s legitimate Web page – topped by a pop-up form that asks you to enter your account name, password, credit card number, Social Security number, mother’s maiden name, or other information. There’s no way to tell it’s a scam because there is no address bar up there. Because the pop-up box is so similar in color and design as the website consumers assume its from the company but the information they enter is sent to scam artists not the legitimate company.

Similar to email scams the scammers call to say they are contacting you to confirm your information or to say that your account has been hacked. As with other phishing expeditions do NOT give out information to unsolicited callers.

Be advised that some credit card companies do occasionally have agents call to confirm information. To verify who the caller is, you should ask for their name, department, and phone number extension, then call the toll free number on the credit card or account statement and ask whether the call was legitimate.

The second scheme involves Fraudulent Anti-Terrorist Stop Order letters, claiming to be sent by the Financial Crimes Enforcement Network (FinCEN). These letters are being sent to bank customers to notify them that mandatory fees, in amounts of approximately $25,000, are required for the issuance of an Anti-Terrorist Certificate before transactions may continue to be conducted.

These letters were NOT sent by FinCEN and represent a fraudulent attempt to elicit funds from consumers. Please see the FinCEN web site at www.fincen.gov/letterscamalert.pdf for an example of one of these letters. You should NOT provide any information nor send any funds, to any address as indicated in these letters. Further, consumers should NOT follow any instructions contained in these letters to access their accounts on-line.

Further, there are instances in which other letters are being circulated which claim that FinCEN is seizing assets and endorsing investment schemes. FinCEN does NOT have authority to freeze assets and does NOT endorse investment schemes.

FinCEN is working closely with law enforcement agencies to identify the source of these letters and disrupt these scams. Until this is accomplished, if you receive any letters such as these, or experience any similar attempts to obtain account information or funds, they are requested to notify FinCEN at webmaster@fincen.treas.gov.

In a variation of the "Nigerian Scam," a "buyer offers to purchase an item you have for sale but sends a cashier's check for an amount in excess of the purchase price. The seller is asked to wire the excess amount to the fraudulent buyer. Later, the original cashier's check is returned as a counterfeit item, and the depositor is responsible to make restitution to the financial institution for the full amount of the check.

For more detailed information on this and other scams, go to www.quatloos.com.

Thank you for reading this important information. We hope you find it helpful. If you have any questions or comments, please feel free to contact one of our customer service representatives at 406-273-2400 or e-mail us your identity theft questions.