SECURITY ALERT FROM FNCB!
In the worst case, you could find yourself a victim of identity theft. With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even driver’s licenses in your name. They can do damage to your financial history and personal reputation that can take years to unravel. But if you understand how phishing works and how to protect yourself, you can help stop this crime.
Here’s how phishing works:
In such a typical case, you’ll receive an e-mail that appears to come from a reputable company that you recognize and do business with, as your financial institution. In some cases, the e-mail may appear to come from a government agency, including one of the federal financial institution regulatory agencies.
The e-mail will probably warn you of a serious problem that requires your immediate attention. It may use phrases, such as "Immediate attention required," or "Please contact us immediately about your account." The e-mail will then encourage you to click on a button to go to the institution’s Web site.
In a phishing scam, you could be redirected to a phony Web site that may look exactly like the real thing. Sometimes, in fact, it may be the company’s actual Web site. In those cases, a pop-up window will quickly appear for the purpose of harvesting your financial information.
In either case, you may be asked to update your account information or to provide information for verification purposes: your Social Security number, your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother’s maiden name or your place of birth.
How to Protect Yourself
1 Never provide your personal information in response to an unsolicited request, whether it is over phone or over the Internet. E-mails and Internet pages created by phishers may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure site. If you did not initiate the communication, you should not provide any information.
2 If you believe the contact may be legitimate, contact the financial institution yourself. You can find numbers and Web sites on the monthly statements you receive from your financial institution, or you can look the company up in a phone book or on the Internet. The key is that you should be the one to initiate the contact, using contact information that you have verified yourself.
3 Never provide your password over the phone or in response to an unsolicited Internet request. A financial institution should never ask you to verify your account information online. Thieves armed with this information and your account number can help themselves to your savings.
4 Review account statements regularly to ensure that all charges are correct. If your account statement is late in arriving, contact your financial institution to find out why. If your financial institution offers electronic account access, periodically review activity online to catch suspicious activity.
What to do if you fall victim:
Never click on the link provided in an e-mail you believe is fraudulent. It may contain a virus that can contaminate your computer.
Do not be intimidated by an e-mail or caller who suggests dire consequences if you do not immediately provide or verify financial information.
If you believe the contact is legitimate, go to the company’s Web site by typing in the site address directly or using a page you have previously book marked, instead of a link provided in the e-mail.
If you fall victim to an attack, act immediately to protect yourself. Alert your financial institution. Place fraud alerts on your credit files. Monitor your credit files and account statements closely.
Report suspicious e-mails or calls to the Federal Trade Commission through the Internet at www.consumer.gov/idtheft, or by calling 1-877-IDTHEFT
FDIC Consumer Alerts - Phishing Scam
The FDIC has created this webpage to inform and warn consumers about a type of fraud called “phishing.” The term "phishing" – as in fishing for confidential information - refers to a scam that encompasses fraudulently obtaining and using an individual's personal or financial information. This is how it works:
If you suspect an e-mail or Web site is fraudulent, please report this information to the real bank, company or government agency, using a phone number or e-mail address from a reliable source. Example: If your bank's Web page looks different or unusual, contact the institution directly to confirm that you haven't landed on a copycat Web site set up by criminals. Also, contact the Internet Crime Complaint Center (www.ic3.gov), a partnership between the FBI and the National White Collar Crime Center.
If you suspect that you have been a victim of identity theft, perhaps because you submitted personal information in response to a suspicious, unsolicited e-mail or you see unauthorized charges on your credit card, immediately contact your financial institution and, if necessary, close existing accounts and open new ones. Also contact the police and request a copy of any police report or case number for later reference. In addition, call the three major credit bureaus (Equifax at 800-525-6285, Experian at 888-397-3742 and TransUnion at 800-680-7289) to request that a fraud alert be placed on your credit report.
Below are current links with information regarding phishing:
FDIC Consumer News Articles
Financial Institution Letters
A message from the federal bank, thrift and credit union regulatory agencies Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation National Credit Union Administration Office of the Comptroller of the Currency Office of Thrift Supervision