Security Center

Identity Theft

When you click on one of the links below, you are leaving the Family of Banks website. Please be aware that when you leave our website you will be going to sites that are beyond our control and standards. Websites to external URLs have their own privacy policies, and may collect data or solicit personal information.

Welcome to the new generation of identity theft! No longer is identity theft limited to crooks rooting through garbage bins or hackers hacking into accounts. Now, identity (ID) thieves have the nerve to ask you directly, and they are becoming more fierce and deceptive than ever before. Masking themselves as well known and trusted companies and government organizations, they are out to steal your financial information and identity.

Please be aware that Family of Banks would never ask for or require you to give out financial information (ex. SSN, account numbers, etc.) by email or over unsecured web pages.

Phishing

Protect Yourself
Phishing comes from the analogy that Internet scammers are using email lures to “fish” for passwords and financial data from the sea of Internet users. However, phishing has grown to include more than just email lures including but not limited to telephone calls, web pages, and pop-up boxes.

Email Phishing
Typically, a phishing expedition starts with an email that warns of some problems with an account, or promotes a special offer, and directs you to a Web page that’s a dead ringer for the site of the company or bank you do business with—right down to the graphics, log-on forms, and links that lead to legitimate pages. At the core of the phishing problem is a new kind of identity theft experts are calling “corporate ID theft.” Criminals are increasingly aware of the power that trademarks have over consumers and they are using that trust against consumers. Whether it’s an email with an eBay logo, a Web site with Earthlink’s name, or a Web site using an address that seems to be a legitimate brokerage, con artists are successfully using these trademarks to trick consumers. Even experts say telling real mail from phish can be difficult. So, in actuality, the ID thieves are committing a double ID theft, first the corporations then, the consumers. The notes appear to be personal, referencing an open account at a bank or Website, but they are really just Spam. Sent to a wide enough audience, an emailing referencing Citibank or eBay will hit plenty of people who really are account holders.

The email often says that account information needs to be updated right away and asks you to click on a link that will take you to the website and an information update form. The linked page will look just like the company’s actual website but the information will be sent to identity theft scammers not the legitimate company.

Targeted companies include: eBay, PayPal, Citibank, Bank of America, Best Buy, Earthlink, AOL, the FDIC, and AT&T… just to name a few.

Although the first phishing attacks were straight email messages with Web links to phony sites, there’s an even newer version. Hackers have developed two Trojan horse programs known as MiMail and MmdLoad that arrive as e-mail attachments. If you double-click on the attachment, it unleashes a program that not only takes you to a phony sign-on screen but also uses your email client to send a copy of the booby-trapped message to everyone on your contact list.

A great site for more information and examples of these fishing emails can be found at www.antiphishing.org.

You can protect yourself from the latest identity theft scam by following these useful tips, which were developed by the Federal Trade Commission:

  • If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead, contact the company site in the email using a telephone number or Web site address you know to be genuine.
  • Avoid emailing personal and financial information. Before submitting financial information through a Web site, look for the “lock” icon on the browser’s status bar. It signals that your information is secure during a transmission.
  • Never act upon any e-mail or pop-up ad that asks for personal or financial information.
  • Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
  • Update Internet browsers and Windows operating systems.
  • Report suspicious activity to your bank and the Federal Trade Commission. Send the actual spam to uce@ftc.gov. If you believe you’ve been scammed, file your complaint at www.ftc.gov, and then visit the FTC’s Identity Theft Web site www.ftc.gov/idtheft to learn how to minimize your risk of damage from identity theft.

Web Phishing
Another type of phishing scam sends you to the real company’s legitimate Web page—topped by a pop-up form that asks you to enter your account name, password, credit card number, Social Security number, mother’s maiden name, or other information. There’s no way to tell it’s a scam because there is no address bar up there. Because the pop-up box is so similar in color and design as the website consumers assume its from the company but the information they enter is sent to scam artists not the legitimate company.

Telephone Phishing
Similar to email scams the scammers call to say they are contacting you to confirm your information or to say that your account has been hacked or frozen. These calls may come from an actual caller or an automated voice recording. As with other phishing expeditions do NOT give out any information to unsolicited callers.

Be advised that some credit card companies do occasionally have agents call to confirm information. To verify who the caller is, you should ask for their name, department, and phone number extension, then call the toll free number on the credit card or account statement and ask whether the call was legitimate.

Pharming
In pharming, an e-mail purporting to be from a known organization carries a computer virus that infects a victim’s computer in one of two ways. One sends the victim who types in a legitimate domain name to a bogus site. The other records keystrokes, for example what the victim typed when logging on to an online banking site, and then transmits the information to a criminal who then uses the data to access the account. All of this may be confusing, but it is a real threat and it is spreading, as criminals look for new ways to collect personal data and as Internet users are becoming better educated to phishing schemes. For suggestions on how to avoid this type of scam see the suggestions listed under ’phishing’ above.

Nigerian Scam Variation
In a variation of the “Nigerian Scam,” a buyer offers to purchase an item you have for sale but sends a cashier’s check for an amount in excess of the purchase price. The seller is asked to wire the excess amount to the fraudulent buyer. Later, the original cashier’s check is returned as a counterfeit item, and the depositor is responsible to make restitution to the financial institution for the full amount of the check.

For more detailed information on this and other scams, go to www.quatloos.com.

Thank you for reading this important information. We hope you find it helpful. If you have any questions or comments regarding this page please feel free to contact Customer Service by calling 406-273-2400.