In our ongoing commitment to help combat fraud on behalf of our customers, we have created this web page to keep you informed of current alerts and resources to protect yourself from financial fraud.
Online Security for Individuals
- Protect your PC
Before going online, ensure that your computer is completely protected from phishing and other malicious spyware. Clean your browsers, temporary files and cookies often as these would contain your buying data which may become good information for scammers. Use virus, spyware, malware and other PC protection software.
- Protect your passwords
Never share your important passwords, user data or account details with others. Use complex passwords. Do not use the same password and log-in ID across multiple web sites. If one of those websites is compromised, it is a short leap for cyber criminals to see if your password can be used for all of your other financial logins as well.
- Avoid using public computers
Don't use an Internet cafe or public library or shared computers for doing financial transactions as there is every possibility of scammers tracking your details. If you have to use a public computer, check if the computer is well-protected and delete your data/cookies after being online.
- Do your homework
Read on the hazards of buying online. Find out which site or Internet security label shows that the site you are using is secure for money transactions. Do your homework on harmful scams, Internet phishing sites and also on useful, online shopping sites.
- Don't click on suspicious emails
Avoid clicking on suspicious emails – and NEVER use links in e-mails if you are not absolutely certain you know where they are taking you! Many scammers use email to attract customers. Often you get an email announcing you have won a lottery or one that says your account in a particular shopping site/bank is about to be suspended. Such an email may carry a link and may ask you to click it to retrieve your account. Often it may lead to a PayPal or Bank account login page. If you login through the site, your account details will be stored in the scammer's database and you will become a victim of online scams.
Online Security for Businesses
If you are a business owner, and you are granting certain employees the ability to access your accounts online in order to manage your banking and financial objectives – OR – are conducting online transactions such as ACH processing, then the following information is absolutely MUST READ.
Corporate Account Takeover
What is it?
Corporate Account Takeover is a type of business identity theft in which a criminal entity steals a business's valid online banking credentials. Small to mid-sized businesses remain the primary target of criminals, but any business can fall victim to these crimes. Attacks today are typically perpetrated quietly by the introduction of malware through a simple email or infected website. For a business that has low resistance to such methods of attack, the malware introduced onto its system may remain undetected for weeks or even months. Introducing layered security processes and procedures, technological and otherwise, and other tightened security efforts, can help protect businesses from criminals seeking to drain accounts and steal confidential information. These increased security procedures may help reduce the number of incidents, mitigating financial losses, business risks and reputational damage that can result from such attacks.
How Does it Happen?
Hackers often take aim at small firms' computers because they are easier to infiltrate than banks' systems. For example, a business' systems may be compromised by:
- An infected document attached to an email
- A link within an email that connects to an infected website
- Employees visiting legitimate websites – especially social networking sites – and clicking on the infected documents, videos, or photos posted there
- An employee using a flash drive that was infected by another computer
Once the employee opens the attachment or goes to the Web site, malware is installed on the computer - in each case, fraudsters exploit the infected system to obtain security credentials that they can use to access a company's business accounts. Once imbedded, it can even seek out others within the network to gain secondary access or credentials. While up-to-date antivirus software offers substantial protection against malware, it isn't 100% effective. According to the FBI, there is no single deterrent that is 100% effective against fraud, viruses and malware.
What is the Risk?
The bank's ability to protect you is severely undermined when your online credentials are compromised by a data breach initiated within your computer system. Once your computer is compromised, any action you can take from your online banking, a criminal will attempt to do fraudulently. Bill Pays, ACH Transfers, Wires, Copies of checks and signatures, etc. Any possible way to financially defraud you will not be overlooked by smart criminals with the intent to steal your money or personal information.
What To Look For
- Monitor and report suspicious activity! Ongoing monitoring and timely reporting of suspicious activity are crucial to deterring or recovering from these frauds. A business should report anything unusual to the financial institution, such as log-ins at unusual times of day, new user accounts, unauthorized transfers, etc., so the financial institution can immediately block the account and monitor activity.
- Be wary of distractions designed to camouflage a takeover: Robo-calls flooding your phone lines, designed to keep the bank from contacting you – or preventing you from dialing out. Or an email "dump" – flooding your inbox with literally thousands of emails, designed to hide any automatic alerts from the online banking system regarding password changes, security changes or transaction alerts.
- Evergreen National Bank will never ask you for any personal or identifying information through an email link.
- Only use the address that you have used before or start at your normal homepage – NEVER through a link.
- Always report fraudulent or suspicious email to your Internet Service Provider. Reporting instances of spoof web sites will help get those bogus websites shut down before they can do any more harm.
- Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and "https" in front of the website address.
- Take note of the header address on the website. Most legitimate sites will have a relatively short internet address that usually depicts the business followed by .com, .net or .org. Spoof sites are more likely to have an excessively long string of characters in the header with a legitimate business name somewhere in the string, or possibly not at all.
- If you have any doubts about an email or website, contact the legitimate company directly. Make a copy of the questionable web site's URL address, send it to the legitimate business and ask if the address is legitimate.
- When creating your passwords, don't use information that could easily be linked to you (i.e. phone number, your date of birth, address numbers).
- Do not share your passwords or PINs with anyone, or store them where they can be found.
Partner With Evergreen National Bank
We are committed to protecting your online banking information and security, and are required by our regulators to maintain strong security standards. Evergreen National Bank is constantly improving and upgrading security measures to help protect our customers. But the overwhelming majority of fraud starts at the Business/Customer level, which makes the steps YOU take more critical than ever.
Take Steps to Defend Your Business!
If you or any employees use computers to access accounts or initiate transactions, then you must make identity and data security an operational cornerstone of your daily business. If you don't have the time or knowledge to do so, then you should seek out professional security and network professionals who can provide ongoing monitoring and protection on your behalf –OR- choose not to conduct financial activity online.
- Use firewalls, security suites, anti-malware and anti-spyware on all computers
- Only access your bank accounts through a computer that isn't used for anything else—no email or Web surfing—and isn't connected to the local network.
- Do not allow the dedicated computer to be used in Wi-Fi hotspots, including airports or Internet cafes, and disallow workstations to be used for general Web browsing.
- Dual control — for example, file creation by one employee and file approval and release by another employee on a different computer.
- Assign the task of daily reconciliation of your account – one of the best tools for identifying any type of fraudulent activity on your accounts.
- If you use Microsoft's Internet Explorer browser, make sure you have the latest version, which includes security features to help prevent attacks. Consider using Explorer in "protected mode," which restricts files that try to install on a computer without the user's consent, and set your "Internet zone security" to "high," which disables some of Explorer's less-secure features, according to Microsoft.
- Educate your employees! If they don't know what to be suspicious of, you are leaving the door open for Corporate Account Takeover. Also create and use a company/employee internet usage policy, and enforce it.
- Use email alerts and notifications. Email alerts will be sent to the addresses you specify according to the transaction or activity criteria you choose. These are a great place to start, but do not rely on them exclusively! They are the first items a criminal will try to change if they have gained access to your online banking.
If You Believe Your Computer Has Been Compromised
- Immediately cease all online banking activity if the online banking application appears different and not legitimate. Do not continue and contact the Bank immediately.
- Disconnect your internet access to that computer.
- Use another computer – out of network if you are on a network – to immediately change all of your passwords.
- If your business is networked to multiple computers, be suspicious and alert to the fact that ALL networked computers are potentially compromised.
- If you are unable to contact the Bank (after hours or weekend), leave a message at the Bank to close your internet banking down immediately and contact you ASAP.
Common Financial Scams
- Online Dating Scams
As more and more relationships begin online, you should be very cautious of these common scams.
- Emergency Scam
These scammers often pretend to be from the USA/ UK/ Australia/ Canada or some other Western country. Armed with their fake identity, the scammer proceeds to forge a bond with you. They often communicate with you for weeks and months so you think you are getting to know them better while it is actually all part of their master plan. The standard scam story then starts to unfold as your online date suddenly has some sort of emergency in Nigeria or Ghana. At the end of the day they all have the same basic plot – there is an emergency and won't you please send them some money? Rest assured, once you do, that is the last you will hear of them and your money.
- Plane Ticket/ Visa Scam
This is a common ploy used by Russian and Filipino scammers to rob you of your money. The general storyline is: she will want to come visit you but does not have enough money and will ask you to send her money to help pay for the plane ticket and/or visa. Once you do send the money however, it is unlikely that the visit will ever actually materialize.
- Medical Emergency Scam
Another common scam one comes across in online dating is the medical emergency scam. Just when you think your online relationship is going really well, your online partner will be faced with some sort of medical emergency. Sometimes, the scams are long and stretched out with the scammers attempting to get as much money out of you as possible by cooking up a variety of medical complications. Do not send money if you are in a similar situation because it is probably a scam. Again, most often these scammers will pretend to be a Western person, but in reality they will be scammers based in Africa.
- Lottery / Sweepstakes Scam
Have you ever received an email or even an actual letter telling you you've won an obscenely large amount in a lottery you never entered? Or a letter, call, or e-mail saying you won something (money or a prize), but before you can collect the prize you need to send money to pay for taxes, customs, or any fees? It's definitely a scam so please do not send them any financial details because you're just setting yourself up for a fraud or identity theft. Legitimate lottery or sweepstakes NEVER require winners to pay money up front.
- Common Scams Affecting the Elderly
- Relative In Need
Did you receive a phone call from a grandchild or a family member? Or a "lawyer" or "police officer" there with your family member? Are they in despair because they have been detained in Canada for not having a fishing license or for catching a protected species of fish? Have they been in a car accident? Are they asking for money to pay fines or for car repair? Did a relative call because they need money for a family member in medical need or for medicine? THIS IS A SCAM! Use precaution when sending money in any of these situations. These callers can request that you send money anywhere in the world. If you cannot verify with your family member (calling their number you had before this call, not the "new number" the caller gives you) that they are requesting money and aren't sure about the transaction, do not send the money. You will lose any money that is sent.
- Disaster Relief
In times of disaster, it's important to be aware of charity scams. There are many legitimate ways to provide support to help people impacted by floods, earthquakes, fires or other natural disasters. If you're eager to make a donation, give in a way that you have donated before or through a trusted organization or business where you fully understand how the funds are being collected and used.
- Check/Money Order
If you get a check or money order in the mail with instructions to first cash it at your bank and then send some of the funds to someone else through a wire transfer, don't do it! This is a common scam when someone is paying you an advance for a job you applied for online, or someone sending you prepayment of rent after answering your ad, or overpaying you for something you advertised online. They have a check already made out for more than what you agreed on...but they trust you to cash the check and just wire them back the overage. This is a SCAM. Do not send the money and do not cash the check. If so, the check/money order is counterfeit and once funds are wired, you have lost them. Be aware that counterfeit checks are very hard to identify. Your bank may not even be able to tell.
- What You Can Do To Protect Older Friends and Relatives
Look out for certain factors that may indicate that a loved one is a likely target of financial abuse. Of course, no single sign is conclusive proof, but staying aware will help you avoid or limit the fallout if there are any problems.
- Unusual or large withdrawals or transfers from bank accounts, or large credit card charges that the older person can't explain.
- Checks that are missing or include suspicious signatures.
- An individual who suddenly forms a close relationship with the older person, getting easy access to his or her home, money, and other property.
- Newly executed documents, such as a will or power of attorney, that the older person doesn't seem to understand.
- Changes in account beneficiaries or authorized signers.
- A large number of unpaid bills.
- Missing property.
- Entry forms and prizes from contests, and payments made for "free" vacations or other merchandise.
- Untreated physical or mental problems, including a dramatic change in mood or disposition, or other evidence of substandard care. Sudden social isolation.
- Where to Report Suspected Abuse
There are now a number of individuals and groups dedicated to investigating suspected financial abuse, and finding and stopping perpetrators. Here are some options for taking action.
Notify Bank Personnel
Depending on the type and extent of financial abuse involved, giving a heads up to the security officer of your bank may be enough to stop the wrongdoing. Bank employees are often in a good position to note suspicious activity, such as a sudden withdrawal of large sums of money or use of an ATM card by an elder who is housebound. They can also advise you of additional steps you can take at the bank level to stop the abuse.
Get help from a senior services group
While the services offered -- from counseling to legal assistance -- vary widely depending on the locale, the Eldercare Locator, at 800-677-1116 directs callers to local programs and services that help prevent financial elder abuse. And INFO LINK at 800-394-2255 helps arrange and coordinate assistance with crimes. Or call AARP Elder Watch Hotline 1-800-222-4444 or visit www.aarpelderwatch.org.
Contact Adult Protective Services
Adult Protective Services (APS) is the government-affiliated agency charged with investigating reports of elder financial abuse and offering assistance to victims. To find your state APS office, visit the National Center on Elder Abuse's website at www.ncea.aoa.gov (click on "Find State Resources").
Alert law enforcement
The police or local prosecutor's office will often intervene when there is good evidence that a crime is being committed.