Beware of Scams (1/14/2007)

We receive periodic e-mails from our security department and two scams were recently brought to our attention at the bank. Both scams involve a technique called Phishing. Phishing is an attempt to obtain information from consumers by fraudulently sending e-mails or making phone calls to consumers.

Phishing via e-mail will instruct consumers to open an e-mail attachment or follow a link to what looks like a real corporate website and enter their personal information. These Phishing techniques are very sophisticated and typically include websites and logos very similar to the bank's website. In many occasions, the e-mail will communicate a sense of urgency and ask the recipient to provide the information immediately, citing a specific thing might happen. For example, they may require you enter your information so your account doesn't close.

Phishing via telephone is more common. The same urgency and request to provide personal information applies. In some cases, very sophisticated perpetrators may already have a small piece of information about you and may use it to try to convince you to disclose more information. For example, the caller may claim to be an employee at your bank and tell you your home address or bank account number to try to convince you that they're legit. They may obtain this information from your trash. It's important not provide any additional information. YOUR BANK WILL NEVER CALL YOU AND ASK FOR YOUR PERSONAL INFORMATION.

Some Phishing techniques will call you and ask you to call another number and provide your information to a person posing as your financial institution. To many, avoiding these scenarios is a matter of applying common sense. However, these "thieves" are very good and very convincing.

If you receive an e-mail you suspect may be Phishing, do not respond. Even if you don't enter your personal data, by clicking on a link in a fraudulent e-mail, you may inadvertently download tracking software or viruses that track your keystrokes to gain your personal information.

To this point, no customer's account has been accessed to my knowledge. I think these perpetrators are simply posing as your bank to obtain personal information. Once they receive your personal information, I think they are more likely to use it elsewhere to obtain credit in your name. These recent events give me a chance to reiterate the importance of reading your bank and credit card statements. You should also try to obtain a copy of your credit report each year by going to www.annualcreditreport.com. This is the government website set up two years ago by Congress (see previous blog regarding credit reports for more information).

Keep in mind, you're not liable for fraudulent charges to your credit card or unauthorized withdrawals from your bank accounts. However, you want to catch the activity as soon as possible before it escalates into a large mess.

In any event, do not, under any circumstances, provide your personal information to anyone. I'm referring to the following pieces of information: social security number, PIN or passwords, and account numbers. Providing your phone number or zip code to a store clerk isn't a big deal, although annoying. I think most consumers can differentiate between these two situations. If you have any questions or have been a victim, you can contact me. Maybe I can share your experience with others.