Online Banking Direct Login

For your convenience you can now access your account directly from the homepage.

  1. Use dropdown to select account type
  2. Enter your Access ID (not password)
  3. Click "Go" or press ENTER
Close Please do not remind again

Security Center imgSecurity Center

Keeping your assets and information safe is First American Bank’s #1 priority.

                            






Protecting Your Identity

Providing peace of mind for your financial activities is top of the list as well. Dedicated to providing the highest level of security available, we instill cutting edge security precautions in every aspect of your banking experience. We also offer resources to help you manage your identity protection.

Core elements of our information security program include: eStatementssm, MasterCard SecureCode®, out-of-norm debit card transaction verification, multifactor authentication, highest level of encryption (128-bit), privacy practices and fraud alerts.

 

Alerts

Knowledge is protection. First American Bank is resolved to helping you combat fraud by raising awareness and sharing best practices. Below you will find summaries of on-going fraud schemes along with tips and recommendations.

 

Heartbleed
Phishing
IRS Scam
Debit Card Scam
Fraudulent SBA Loan Assistance Offers
Visa/MasterCard Telephone Scam
ABA alert: Malware and Money Mule Scheme
Fraudulent Letter - Fake Check Scam 
Fake Check Scams
Social Networking and Identity Theft
Grandparent ("Emergency") Scam
In-Session Phishing Scam
Fake Want Ads Use ABA Name in Phishing Scam
Bank Failures - Merger Scams
Fake Error Message Scam
Card Deactivation Scams
Mortgage Foreclosure Rescue Scams
Commercial Account Scams
Whaling Scams
Phishing Scams
Vishing Scams
Smishing Scams 

 

Important Information about the Heartbleed Computer Vulnerability

A major online security vulnerability known as “Heartbleed” has opened up a window to let attackers steal information such as user names, passwords and the private keys sites use to encrypt and decrypt sensitive data.

First American Bank has tested its systems and determined that its web site, online and mobile banking applications are not vulnerable to the so-called “Heartbleed” attack. Customers’ personal and financial information are secure on First American Bank’s systems.

First American Bank must also caution customers that while our systems are secure, they need to take necessary precautions with their own personal computers and mobile devices to avoid potential attacks. An individual personal computer could become infected with a virus that compromises the transfer of confidential information.

First American Bank takes the security of its customers’ information very seriously and constantly monitors its systems for potential vulnerabilities. We actively maintain security programs that meet or exceed regulatory requirements and industry standards to ensure the protection of our web sites and applications as well as our customers’ information.

While there’s no indication of compromise, changing your password is advised when there is a known vulnerability of this type, impacting so many services across the internet. We recommend that our customers periodically change their passwords and use a unique password for each site.

Back to Top

Phishing Alert

Many First American Bank customers have reported receiving automated phone calls informing them that their debit or credit card may be blocked, locked, held or compromised. The message asks them to press 1 and then provide their entire 16-digit card number.

IMPORTANT NOTE: First American Bank will never call asking for your debit or credit  card number or any other sensitive information associated with your card. Our card partner, Shazam, who monitors card transactions for fraud on our behalf, may call you but will only request verification of specific transactions. They will never ask for sensitive information or card numbers.

If you have a concern about this or you believe you may have erroneously disclosed personal financial details, please contact your First American Bank branch immediately. To locate a phone number, click the LOCATIONS link at the top of our home page.

You can protect your accounts from this phishing scam and other types of fraud by enrolling in Shazam Bolt$, a free service offered by First American Bank through Shazam. Shazam Bolt$ allows you to establish settings for potential fraudulent activity and alerts you when those events occur. You can set this up on your PC by visiting https://bolts.shazam.net/ShazamWebPortal/index.php or on your mobile device by downloading the app from the Apple Apps store or Google Play store.  If you need help, contact your branch banker.

Back to Top

IRS Scam

Criminals have launched a major email campaign to spread the infamous ZeuS Trojan email, which will send spam messages disguised as fraud alerts from the Internal Revenue Service (IRS). The subject line of the fraudulent IRS email may include the verbiage, "Notice of Underreported Income". It will encourage recipient's to click on hyperlink's--possibly to "review your tax statement."

The fraudsters are also utilizing Twitter account hijack warnings, or lewd Youtube videos to entrap unwary users.

Tips: Do not open emails from sources you do not know; do not click on links.

Back to Top

Debit Card Scam

Many of our customers are receiving automated phone calls warning them their debit card may be shut off if they do not provide their number to the caller to enable more investigation. In one variation, a debit card breach was mentioned.

Important note: First American Bank will never call asking for debit card numbers or other sensitive information associated with your debit card.

Tips: Anyone who is concerned that they have erroneously disclosed their personal financial details should contact their bank immediately.

Back to Top

Fraudulent SBA Loan Assistance Offers

The U.S. Small Business Administration (SBA) cautions small businesses to be wary of firms contacting them with offers of help in obtaining a loan, grant, or other federal funds from SBA. Complaints lodged regarding scams, abusive marketing practices and exorbitant fees include:

  • Firms charging high fees to provide assistance applying for SBA funding programs. Some small businesses received fraudulent guarantees they would obtain SBA funding if they paid the fee. It is important to know SBA does not endorse or give preference to private companies or their clients.
  • Some small businesses were charged for services not requested after they divulged bank account and routing information. The SBA recommends never providing Social Security numbers, bank account information or credit card numbers to anyone you do not know — take extra caution over the phone.
  • Small businesses were threatened with a forfeiture letter indicating they would be ineligible for any SBA funding for three years if they refused to use the firm's services.

Tips: Small businesses can receive free assistance in person, by calling one of SBA's district office, or via their website: www.SBA.gov. They can also request free or reasonably priced help from Small Business Development Centers, Women's Business Centers, Veterans Business Outreach Centers and SCORE Chapters. Go to the SBA website for location and contact information for these resources.

If you do select a for-profit service provider, ask for references and check them out with trusted colleagues or resources such as the Better Business Bureau. Clearly understand and document the fee and when it will be levied, your responsibilities and the services you will receive.

The SBA Office of the Inspector General will investigate all complaints received. Anyone with knowledge of a misrepresentation regarding SBA programs is encouraged to contact them via their toll-free hotline at 1-800-767-0385 or submit an onlne report by going to their website and clicking the link for "report fraud waste or abuse".

Back to Top

Visa/MasterCard Telephone Scam

In this telephone scam currently sweeping the Midwest, fraudsters try to get you to divulge your secure credit card information. The typical scam works like this:

A very professional-sounding individual calls, offers their name and badge number etc. and claims to be from the security department of your credit card company. Your card has been "flagged for an unusual purchase pattern"; you are asked to verify you made a purchase for "$000.00" at  "XYZ" company. When you say, "no" you did not make that purchase, they may confide they have been watching this company — but they will take immediate steps to ensure you are credited this amount before your next statement. You may even be given a confirmation number to use when calling to check the status of this fraud claim.

Making it an even more believable scenario, the caller has your address, which you are asked to verify. You are not asked for the number on the front of your card, in fact the crook may read that off to you as well, furthering the belief you are dealing with a legitimate Visa or MasterCard staff member.

In this fraud, the target data is the three digit security code (CVC2 or CVV2 codes) found on the back of your card. After getting their hands on credit card numbers (often through dumpster-diving for discarded receipts or statements) all the identity thieves need to charge purchases to your account via the telephone or Internet is this last piece of information.

This scam is not new — it's been exploited since MasterCard started putting CVC2 security codes on its cards in 1997 (Visa started using CVV2 codes in 2001). Both companies strongly stress they will not ask a cardholder to disclose security codes or provide any information verifying physical possession of a card.

Tips: If you are asked to provide any number information, hang up and call the telephone number on the back or your credit card — or call your banker for assistance.

Important note: This credit card scam is different from the First American Bank practice of protecting you from unauthorized use of your ATM/debit card. When we authorize you to be contacted by a fraud specialist after a possibly suspicious transaction, they will simply ask you to verify a specific recent purchase.  Learn more. 

Back to Top

ABA Alert: Malware and Money Mule Scheme

The American Bankers Association warns of an increase in fraudulent schemes involving malware attached to victims' computers, along with the recruitment of individuals to receive and transmit unauthorized funds.

How the scam works.
The scam attacks two different victims:

  1. Using malware*, the cyber-crook intercepts online banking credentials from the computers of small and mid-size businesses. Having gained unauthorized access to the business' online deposit account, the crook then initiates wire transfers to "money mules" around the country. The criminals target online deposit accounts where business customers can originate electronic funds transfers (EFTs) such as automated clearing house (ACH) and wire transfers over the Internet.

    *Malware is malicious software or computer code that is installed on your computer; it collects sensitive information such as passwords or banking details, sending it back to people who use it to carry out fraud.
  2. Individuals are tricked into acting as a "money mule**" for the fraudsters, unknowingly laundering cash stolen from the above victim's business bank account. This second victim is tricked into using deposit accounts to receive the unauthorized (EFTs) and forwarding the funds overseas to criminals.

    **Money mules are consumers who have been lured into scams that involve them receiving money transfers and forwarding the funds to a fraudster.

Money mule schemes can take many different forms, but most involve receiving unauthorized EFTs into a deposit account and then withdrawing the funds or forwarding them to another party via another EFT. Because EFTs are often made immediately available by the receiving institution, funds may be removed and wire transferred overseas before the fraud is detected.

Common scenarios:

  • Online job posting sites are often used by criminals to locate and trick individuals seeking flexible hours and work from home employment. The "employee" may be asked to process payments for a foreign business, or act as a mystery shopper assessing business' services by completing EFTs
  • Advance fee scams promise monetary rewards for acting as a financial intermediary
  • Fraudsters also use imaginative stories to befriend individuals on social networking sites to receive and forward stolen funds 

How can you avoid becoming involved in these scams?

  • Do not open attachments or click on links in unsolicited emails.
  • Be wary of unsolicited offers or opportunities offering easy money — particularly if the company is based overseas. Remember the old adage: if it sounds too good to be true...it probably is! Verify any potential employer  — and never give out bank account details to someone you don't know or trust. Watch for red flags in the advertisement/emails, such as grammatical and spelling erors.

Tips: Anyone who is concerned that they have erroneously disclosed their personal financial details or has received funds into their accounts that they think could be a money mule scam should contact their banker immediately.

Back to Top

Fraudulent Letter - Fake Check Scam

Claiming to represent the American Bankers Association (ABA), fraudsters are distributing letters instructing people to call a phone number to find out how to collect a prize. When called they trick the individual into revealing personal financial information.

Fraudulent sweepstakes are just one of many scams aimed at stealing personal information. Identity thieves have posed as representatives of banks, Internet service providers, and government agencies to get people to reveal their Social Security Number, mother's maiden name, account numbers, and other identifying information.

Tips: Be cautious about providing personal or financial information to anyone you do not know. Do not give out personal information on the phone, through the mail, or on the Internet unless you have initiated the contact, and are sure you know who you’re dealing with.

Note: First American Bank will never ask for private information by email or unsecured website.

Many of the fake ABA prize letters also contain fraudulent checks. They appear to be signed by ABA or ABD Federal Credit Union, however any financial institution may be targeted.

Tips: One way to confirm you are dealing with a legitimate organization is to check their website — however it’s important to type its URL in the address line yourself. Do not cut and paste it from a message sent to you which can be altered to redirect you to an unsafe site.

Back to Top

Fake Check Scams

Millions of consumers are being tricked into accepting genuine-looking checks and money orders and wiring money to fraudsters. The Consumer Federation of America (CFA) has launched a national campaign to combat this fraud. CFA is a non-profit association of 300 pro-consumer groups — including the American Bankers Association of whom First American Bank is a member.

Common fake check scams:

  1. Sweepstake, lottery and grant fraud. Individual receives a check or money order with instructions to wire a portion to pay taxes or administrative fees.
  2. Work-from-home”. “Employee” purchases as a mystery shopper or processes payments for a foreign business with instructions to deduct their pay from a check or money order and wire the rest to their “employer”.
  3. Overpayment. Scammer sends a check or money order for more than the amount for something the individual has for sale, with instructions to wire the extra to someone for shipping.

The checks or money orders are fake. You’re out the money.

Per federal law financial institutions must give consumers timely access to money from deposited checks or money orders. Although funds are made available, that does not guarantee the deposited check or money order is good. The depositor is liable for repaying the financial institution if checks or money orders cashed or deposited are counterfeit. 

Tips:

  • No legitimate sweepstakes or lottery would send you a check or money order and ask you to send payment in return. Taxes are always paid directly to the government.
  • Do not pay for grants claiming to be from the government or foundations; grants do not charge. Most require an extensive application process and are awarded to organizations, not individuals.
  • Never cash checks and send the money somewhere as part of a job working from home. Legitimate employers do not operate that way.
  • Never wire money to anyone you have not met in person and known for a long time. Verify identification.
  • If suspicious, consult your state or local consumer protection agency, the Federal Trade Commission, Postal Inspection Service, or other trusted source. Go to www.fakechecks.org to learn more.

Back to Top 

Social Networking and Identity Theft

Online social networking can be a great way to exchange ideas, information, photos and games — but remember, putting your personal information online comes with risks. A new popular game on Twitter has been determined to also be a new fraud scheme. To play, individuals are asked to post their “porn name”— a  combination of your first pet’s name and the street you grew up on, or your mother’s maiden name.

Now think about the answers to your security questions for your online accounts…more than likely, at least one of them is your pet's name, your mother's maiden name, or the street you grew up on. If you played the game, you just shared that information with millions of people on Twitter.

How the scam works
With the information you just provided, fraudsters, alleging to be you, contact various websites claiming they forgot their login information. When “you” are asked to answer your security questions, the crooks use your Twitter porn name information and are granted access to your accounts.

Important note: If you have unwittingly shared your passwords or answers to your security questions, quickly change these passwords and security questions on your accounts.

The more information you provide about yourself online, including posts and live chats on social networking sites, the easier it is for people to use these details to commit fraud.

Your best protection:
Do not reveal too much information in your social networking. Control who can access your online information.

Tips:

  • Do not include email addresses or phone numbers in your profiles.
  • Keep your address and physical location private. Beware of publishing photos containing street-names, car license plates, or locations you frequent that can be linked to you.
  • Read the terms and conditions before you sign up to any social networking sites. Know who can access your information. Check security and privacy settings; keep them up-to-date.
  • The best passwords are at least eight to ten characters long and use a combination of upper and lower case letters, plus numbers and symbols.

Social networking sites build themselves on a culture of trust. Do not get caught up in the moment. Always think before you respond. Keep your personal information safe.

Back to Top 

Grandparent ("Emergency") Scam

Con artists are defrauding seniors out of hundreds, even thousands, of dollars by posing as their grandchildren in need of help.

In the “Grandparent” or “Emergency” scam, a grandparent receives a phone call from a fraudster claiming to be his or her grandchild needing money immediately. The crisis often involves a car accident, stranding, medical treatment, or funds required to pay bail. The caller frequently asks for secrecy so the caller does not “get into more trouble”.

Con artists can get names and family information from the Internet through family blogs, genealogy websites, social networking sites and online newspapers — and can often manage a believable impersonation. In other cases, the grandparent is tricked into revealing the grandchild’s name.

Wanting to help their grandchild, the grandparent sends money electronically, usually via a money transfer. Funds sent by wire transfer are hard to track and usually are not recoverable by law enforcement or banking officials.

Tips:

  • Do not fill in the blanks. If a caller says, “This is your granddaughter”, respond “Which one?”
  • Confirm your grandchild’s identity. Ask personal questions a stranger could not answer. Insist you will call them back on their home phone or cell. Do not ask the caller for the number. If you don’t have the number, contact a trusted family member. If you aren’t sure what to do, call your local police on the non-emergency line. They can help you sort things out.
  • Resist pressure to act immediately. Even if they ask for secrecy, don’t be afraid to check out the story with the person’s parent or another close family member before sending money.
  • Do not wire money. Do not send a check or money order by overnight delivery or courier.

Fraudsters pressure people to wire money through commercial money transfer companies like Western Union and Money Gram because wiring money is the same as sending cash.

The chances of recovering the money are slim to none. Con artists use these services so they can get your money before you realize you’ve been cheated. Victims often don’t realize they’ve been swindled until days later, when they speak to their grandchild who knows nothing about the phone call. By then, the money is not only long gone, but irretrievable.

Never provide your bank or credit card numbers to any caller for any reason. If you have initiated a transaction, for example a telephone or Internet purchase with a reputable firm, it is all right to provide your card information to complete your business.

Back to Top 

In-Session Phishing Alert

A new phishing technique tricks users into providing confidential information after they have logged onto secure websites. In-session Phishing inserts legitimate-looking pop-up messages that request passwords, account numbers etc., purportedly on behalf of the trusted website.

The malicious program detects other sites the user is visiting, and will only attempt to trick a user already logged into a secure website. It then presents a reason for victims to type in their credentials again, for example, claiming the online banking session is about to time out.

How the scam works
A user legitimately logs onto a secure site and authenticates. Having finished their business the individual leaves the bank website open and opens another browser tab. If they encounter a website that has been infected with the malicious code, a pop-up supposedly from the bank or secure site that’s still open, prompts the user to enter his login etc. again. Additional lures include pop-ups of online surveys or mini-flash games. For the attack to work, three conditions must be met: the user must stay logged into the secure site while simultaneously opening the second; the second site must be infected, and the user needs to act on the prompt.

Tips:

  • Always log off upon completion of business on a secure site.
  • Be extremely wary of pop-ups that randomly drop in if you haven’t clicked anything. Best practice: disable your pop-ups.

Back to Top 

Fake Want Ads Use ABA Name in Phishing Scam

Phishing” scams are not just limited to the Internet. A new phishing scheme uses the American Banker’s Association’s (ABA) name to trick the unwary into disclosing confidential security information relative to their savings and checking accounts.

Ads seeking to hire survey takers to evaluate local banks (similar to mystery shopping) are placed in local newspapers. Applicants receive a package of papers (that appears to be from ABA) including the detailed survey and list of bank branches. The survey takers are instructed to open an account with their assigned bank(s) using their own money, then forward the completed survey, along with account and security information, to an address in South Carolina. Individuals who follow the instructions quickly lose any money that they deposited into that account.

Back to Top 

Bank Failures, Mergers and Takeovers Spawn Phishing* Scams

Scammers are taking advantage of the unrest in the financial world to elicit personal information.

According to the Federal Trade Commission (FTC), fraudsters distribute e-mails that appear to be from the financial institution that recently acquired your mortgage, bank or savings and loan — trying to capture credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. The message may ask you to update, validate, or confirm account information.

Examples:

  • “We recently acquired the mortgage on your home and are in the process of validating account information. Click here to update and verify your information.”
  • “We experienced a data breach during our acquisition of ABC Savings and Loan, and suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below to confirm your identity.”
  • “We recently purchased XYZ Bank. Due to concerns for the safety and integrity of our new online banking customers, we have issued this warning message. Please follow the link below to renew your account information.”

You are then directed to a website that looks like your new financial institution or lender. Instead, it is a bogus site set up to trick you into revealing personal information.

Tips:

  • Avoid getting swindled by a phishing scam. Even if it appears to be from your bank, do not reply to an e-mail or pop-up message asking for personal or financial  information.
  • Do not click on links in the message.
  • Do not cut and paste a link from the message into your Web browser. Scammers can make links look like they go one place, but actually redirect you to another.
  • Do not e-mail personal or financial information. E-mail is not a secure way to send sensitive information.
  • Review your financial account statements as soon as you receive them; check for unauthorized charges.
  • If you have been scammed, visit the Federal Trade Commission’s Identity Theft website at ftc.gov/idtheft for important  information on next steps to take.

*Phishing occurs when fraudulent e-mails purportedly from a well-known company ask you to provide, update or confirm confidential information. 

Back to Top 

Fake Error Message Scam: 404* Not Found

Criminals are draining funds from the accounts of small to mid-sized businesses by using fake error messages from what looks like banks’ websites.

Antifraud safeguards include one-time use passwords, such as a number generated by fobs or tokens that expire upon use. Fraudsters circumvent these security measures by installing a data-stealing program on a business owner’s computer. When a victim whose PC is infected with this malware attempts to log in at a banking site that requires two-factor authentication, the scammer modifies the display of the bank site in the victim’s browser.

The fraudster sends the victim a fake error message with an alert saying “please allow 15 to 30 minutes for your request to be synchronized with our server.” While the victim waits, the criminal quickly uses the one-time code to log in as the victim and drain the account.

The scams are extremely well-targeted, warns Brian Krebs in his Washington Post column, “Security Fix”. The e-mails resemble official correspondence and often include the victim’s name and employer. In one recent incident, thousands of e-mails impersonating the U.S. Tax Court were distributed.

Important note: Please beware of error messages at bank sites. If you own or work at a small to mid-sized business, and are presented with an error message about data synchronization or site maintenance when attempting to access your company’s bank account online, contact your bank as soon as possible.

*The 404 or “not found” error message is an HTTP standard response code that indicates the user was able to communicate with the server, but either the server could not find what was requested, or it was configured not to fulfill the request and not reveal the reason why. 

Back to Top 

Card Deactivation Scam

Many people are receiving a variation of the following message:
Irregular activity has been detected on your ATM/Check Card. For your protection, future authorizations have been suspended, and your card has been deactivated. To re-activate your ATM/Check Card, call the (24 hour) Activation Center: (xxx) xxx-xxxx.  

Tips:

  • This is a scam. You should delete and ignore the message.
  • Do not respond to the message or call the number.

Important note: This Card Deactivation Scam is different from the First American Bank practice of protecting you from unauthorized use of your ATM/debit card. When we authorize you to be contacted by a fraud specialist after a possibly suspicious transaction, they will simply ask you to verify a specific recent purchase.  Click the Fraud Prevention tab above to learn more.

They will never ask for your PIN number or any other account information. You will not be told your card has been deactivated. As in all financial situations, should you have any concerns or questions, please contact First American Bank.

Back to Top 

Mortgage Foreclosure Rescue Scam

According to the Federal Trade Commission, firms engaged in foreclosure rescue scams promise consumers a way out, typically for a few thousand dollars. Although there are many varieties of mortgage foreclosure rescue fraud, the common theme is a promise that the consumers’ homes will be permanently saved from the pending foreclosure. Most victims not only end up still losing their home, but also the money they paid to the scammers.

Prominent frauds:

  • Title Transfer: fraudulent operators take title to the homeowner’s property.
    1. Even though the homeowner believes he is only signing documents to refinance, in reality, the fraudster ends up with a deed granting ownership of the house. The thief may forge the deed or simply insert the deed into the large stack of documents as part of a purported loan closing.
    2. The fraudster informs the homeowner of the need to temporarily sell the home to the rescue company. The former owner can remain in the home as a renter, and repurchase the house over the next few years. Instead, the fraudster asserts ownership and evicts the former owner. Alternately, the terms of repurchase are so burdensome the scammer knows the former owner will never be able to repurchase.
  • Mortgage Negotiation: fraudulent firms promise homeowners they will save their home from foreclosure by negotiating with the loan servicer.

    For a fee, the firm promises to obtain either a temporary decrease in the payment amount or a permanent loan modification. Sometimes they offer a full range of options, including credit counseling, debt negotiation and emergency lending. The homeowner pays for each service. All too often mortgage rescue consultants either do nothing or minimal work — such as calling the bank or mailing a list of refinancing sources they found on the Internet. Ultimately, the fraudster charges thousands of dollars and rarely stops foreclosure. Most victims are not only unable to get their money back, they also lose their homes.

In many cases, the fraudster directs the homeowner to have no further contact with the loan servicer — even though in some instances the servicers will agree to modifications to avoid foreclosure.

In addition, most consumers report they are unable to reach anyone at the fraudulent company to ascertain how the process is going or to complain.

The Mortgage Rescue Fraud Act of 2007 provides homeowners with the following protection:

  1. A mortgage rescuer must provide the homeowner with a written contract clearly stating the home is being sold.
  2. Prior to the sale, the mortgage rescuer must determine the homeowner has reasonable ability to make rental payments and buy the home back.
  3. A homeowner who remains in the home under a rental agreement has the right to cancel the rental agreement at any time.
  4. A mortgage rescuer must pay the homeowner at least 82% of the home’s fair market value if the rescue ultimately fails.
  5. Mortgage rescue consultants must give homeowners a written contract listing all services the consultant promises to perform.
  6. Homeowners’ have the right to cancel a consultant contract at any time.
  7. A mortgage rescue consultant cannot accept any payment from the homeowner until all services have been performed.

The Better Business Bureau (BBB) has issued a warning to homeowners that it has received complaints from victims of foreclosure rescue schemes from almost all 50 states. According to BBB reports, individuals whose homes are listed for foreclosure are increasingly being contacted directly. Fraudsters also advertise on the Internet, in local newspapers, with posters on telephone poles, bus stops and flyers distributed door to door.

Tips:

  • Beware of anyone who calls or shows up at your door promising to save your home.

If you, or someone you know, are in foreclosure, or behind in mortgage payments and facing possible foreclosure, the attorney general recommends:

  • Don’t wait. The longer you wait the harder it can be to find good solutions.
  • Call a reputable mortgage foreclosure counselor. There are many non-profit and government agencies who offer advice at no cost or at a nominal fee.
  • Be careful. Ask for everything in writing. Take it to an attorney, loan counselor or someone you trust to look it over and make sure the deal is what you were promised.

The Better Business Bureau adds these tips:

  • If you are having trouble paying your mortgage, contact your lender or an attorney for assistance.
  • Before hiring any mortgage foreclosure rescue company, check with your attorney general, real estate commission or better business bureau. You may request a free reliability report by going to www.bbb.org.

Back to Top 

Commercial Account Scam

One of the greatest risks to our customers in today’s banking environment is a fraud loss connected with accepting a counterfeit check in a scam. These scams originated years ago, many in Nigeria, and were directed primarily to individuals. They have evolved considerably and are on the increase.

Recently, businesses being targeted are those attempting to sell something over the Internet. We’ve seen a surge in fraud aimed at businesses which have large dollar equipment for sale over the Internet.

Businesses will typically be dealing with a client they have not met personally. Those conducting dealings outside the United States are more susceptible.

Tips:

  • Exercise caution when selling over the Internet. Scammers ask for wire instructions so they can wire the money to your bank. This means providing your bank account number. Do not give out your bank account number and routing number until you are certain that this sale is legitimate.
  • If you want to give wire instructions, contact your banker. He/she will give you a wire holding number to which the wire can be sent.
  • If the person sends you a check, look carefully at the physical check. Is it coming from the company or person that you were corresponding with in your emails? If not, determine on what bank the check is drawn and research a phone number for that bank using a standard or online telephone directory. Do not rely on the telephone number listed on the check. Call the number listed in the telephone directory and ask to verify the check.
  • If you are concerned and unable to verify the check, First American Bank’s security department may be able to help determine if this is a legitimate check.
  • Much of the time, instead of the promised wire you will receive a check. It may be mailed to the bank for deposit into your account or it may be sent to you directly. This check will typically be for a greater amount than you were expecting. If your “potential client” makes the request to have the excess amount wired to them, stop! This is where the monetary loss to the customer typically happens.
  • Always check with First American Bank to see if the check deposited has cleared and if the funds are available.
  • The scammer will show interest in your item, indicating they want to buy it with some investigation. This may be a scam. If they offer to wire you the funds so you can pay for their inspector to conduct the inspection, be alert.  If they arrange for the inspector, they should pay for the inspection directly; there is no need to wire you the funds.

As always, First American Bank is always there to help their clients with any security questions or issues.

Back to Top 

Whaling Scams

Whaling — is a more refined phishing scam aimed at the rich and powerful.

In this scam, criminals research the names and e-mail addresses of top executives — often freely available on the Internet. The subsequent e-mails distributed lure these executives into clicking on a link to a Website where malware* is immediately downloaded onto the executive’s computer. *Malware (a blending of the words malicious and software) is software designed to infiltrate or damage a computer system without the owner's informed consent.

One such e-mail sent to thousands of high-ranking executives claims the recipient has been subpoenaed by the United States District Court in San Diego to appear in a grand jury civil case. When the executive clicks on a link purporting to be a copy of the entire subpoena, he/she unwittingly downloads software that sends data to a remote computer.

Another version claims to be from the Better Business Bureau alerting the executives to a complaint filed against their company and posted on a website. Yet another scam claims to have information about an invoice.

Tip:
While the sender’s address may look legitimate, the post office they are sending from often is not disguised. This can be seen if you look at the header information.

Back to Top 

Phishing Scams

Phishing occurs when fraudulent e-mails, appearing to come from a well-known company, ask the recipient to provide, update or confirm confidential information.

Business alert:
First American Bank has received a warning from Equifax regarding current email phishing attempts aimed at businesses.

Equifax is a credit reporting agency utilized by First American Bank to obtain credit reports for loan applicants and to report loan payment history. Phishing attempts have been made on companies that utilize the online delivery channel with Equifax. The companies have reported receiving emails, that appear to be from Equifax, requesting their Company ID, User ID and Password.  Equifax would never ask for this information.  This is a scam. These emails have not been sent from Equifax.  If you receive a similar email, disregard it and do not respond.

Tax and IRS scams:

  • Rebate Phone Call: An individual receives a call from someone indicating they are with the IRS. The caller says the recipient may be eligible for a large rebate. All the individual needs to do is supply the caller with their bank routing number and account number for direct deposit. The caller will warn that if the person does not supply this information there will be no rebate! This is a major feature of scams: the sense of urgency or threats.
  • Refund E-mail: An individual receives an e-mail from someone claiming to represent the IRS indicating they are eligible for a tax refund—just click on the link in the e-mail to obtain a refund claim form. This form then requests personal information regarding banking account numbers or credit card information.
  • Audit E-mail: Someone claiming to be from the IRS informs an individual they are being audited. This e-mail directs the person to click on links to a form—which requests personal banking information.
  • Paper Check: An individual receives a call from someone claiming to be from the IRS. The caller says the individual will be receiving a check, but they need to verify their bank account number first.

Change to tax law e-mail scam:
People who operate businesses and accountants are the primary targets here. Individuals are told they can download information regarding changes to the tax law by clicking on links leading to publications. When the individuals click on these links, software is installed on their computer leading to their information being compromised.

Remember: Be very cautious about providing your personal or financial information to anyone you do not know.
Note: First American Bank will never ask for private information by email or unsecured Website.

Tips:
How to spot Phishing:

  • The email and linking website may appear authentic
  • You are asked to "update" or "validate" your information
  • Often it will threaten some consequence if you don't respond

Steps to avoid being Phished:

  • Do not reply to the email, even if it appears urgent
  • Do not use the links from the email to open any web page
  • Do not call any phone numbers appearing on the email

If you think you've been Phished:

  1. Immediately contact your local First American Bank office
  2. Place a fraud alert on your credit report with the three major credit bureaus. Also request to review your credit reports for suspicious activity at that time
    • Equifax: 1-888-766-0008
    • Experian: 1-888-397-3742
    • Trans Union: 1-800-680-7289
  3. Close accounts you believe have been tampered with or opened fraudulently
  4. File a complaint with the Federal Trade Commision 
  5. File a report with local police

Back to Top 

Vishing Scams

Vishing, a term coined from combining “voice” and “phishing”, exploits the public’s trust in landline telephone services.

Similar to phishing, the fraudster sends an e-mail indicating the recipient’s bank needs to update certain information. The e-mail cunningly references phishing and identity theft. The twist comes when “for security purposes” the individual is directed to call “one of our personal bankers” at a provided toll free number.  When the individual calls, thinking they are updating the information on their accounts, they actually provide their private information directly to the fraudster.

Vishing is typically used to steal credit card numbers or other information used in identity theft schemes. It is very hard for legal authorities to monitor or trace Vishing.

Tips:

  • Be highly suspicious when receiving messages directing you to call and provide credit card or bank numbers.
  • Contact your bank or credit card company directly to verify the validity of the message. Note: do not use telephone numbers provided to you via the e-mail or phone call. Look up the number yourself via online directory or telephone book.

Back to Top 

Smishing Scams

Smishing is derived from combining SMS (protocol used to transmit text messages via cell phones) and the more familiar “phishing”.

Almost identical to the phishing scam which uses e-mail, this new tactic exploits mobile banking. The fraudster, disguised as a financial institution, sends a text message requesting personal information such as account numbers or passwords.

Alternately, some messages warn the consumer will be charged unless they take action to cancel
a supposed order by going to a web site. When visited, the site downloads a “Trojan horse” that then steals credit card numbers and other private information.

Some of the new smishing techniques include mobile spyware that once downloaded to a phone can eavesdrop on conversations.

Tip:
Treat your cell phone with the same level of concern you apply to your website.

Back to Top

Fraud prevention starts with eStatementssm 

You want the safest, most reliable process for accessing your financial information. eStatementssm (electronic statements) allow you to view and reconcile your accounts more quickly. You’re in total control — you say where; you say when. Intercepting or rerouting your mail is a common fraud tactic. eStatementssm eliminate the worry of lost or stolen statements.

eStatements logo

To sign up to receive your account statements electronically instead of the traditional paper statement, simply login to online banking and follow the steps. We highly recommend all our customers take advantage of this free service. eStatementssm will simplify your life, help the environment — and provide an extra level of security.

Your protection continues with MasterCard SecureCode® 

 MasterCard SecureCode logo
We have enhanced security to your debit card by participating in the MasterCard SecureCode® program. This free online security service guards you against unauthorized use of your MasterCard when shopping online at participating merchants. It is just like entering your PIN at an ATM. 

  1. Have your MasterCard debit card in hand.
  2. Register and create your SecureCode®. You will be asked to select a six digit pin. Note: your SecureCode® is never shared with the merchant or the bank.
  3. When you make online purchases, a window pops up at checkout asking you to enter your SecureCode®. Enter your SecureCode® in the window.
  4. Your card issuer confirms you are the authorized cardholder and your purchase is completed.

Click here to register.

Most participating merchants display the MasterCard SecureCode® logo on their site.  If the merchant is not a SecureCode® participant, you will simply use your card as you have been doing.

Click here for more MasterCard SecureCode® frequently asked questions.

Out-of-the-norm Transaction Verification

Added protection for your ATM/debit card

If a questionable transaction is detected on your card, you will be contacted by the bank, or a fraud specialist (third party vendor) calling on our behalf, to verify the transaction in question. For example: while you’re at the neighborhood grocery buying a few staples, you simultaneously make a purchase in Europe. Not only is this unlikely — it’s impossible.

If the transaction is valid, no action is taken. If you confirm the transaction as fraudulent, we immediately eliminate the card’s access to your account, making it impossible for the card to be used for further unauthorized transactions. By identifying our customers’ general spending patterns, and watching for transactions that appear out of the ordinary, we reduce your risk of fraud.

Important: All information is kept strictly confidential. You will always be contacted by phone. That is why it is critical we have your current telephone numbers on file. If we are unable to make timely contact with you, your ability to use your debit card will be impeded. We don’t want you experiencing such an inconvenience!  For your security, no one at First American Bank, including fraud specialists working on our behalf, will ever send a text message to your cell phone, or email you regarding potentially fraudulent transactions.

To update your contact information, or if you have questions about this system, please contact your personal or business banker.

Multi-factor Authentication System: Online Banking Security

First American Bank delivers the highest level of security for our personal online customers by adding an additional layer of security to our log in process called Online Banking Security. Every time you log in to personal online, First American Bank identifies you, and lets you identify First American Bank using a private image and phrase. Click here for more information.

128-bit Encryption: the Highest Level of Protection

First American Bank’s website utilizes 128-bit encryption to secure your confidential account information. When data is sent, it is scrambled so it cannot be understood by unauthorized people. The data is then unscrambled when it is received by First American Bank personnel.

Privacy Statement and Practices

First American Bank promises to respect your privacy, keep your information secure and use your information responsibly. If you have a concern about our privacy practices, please contact your personal or business banker. To view the full statement, click here. 

Fraud Alerts

Identity thieves prey on the uninformed and unsuspecting. Knowledge is protection. First American Bank is dedicated to raising awareness of identity theft and fraud. Our website is updated regularly to keep you advised of prevalent scams. Click here to visit the Federal Trade Commission.

Are You at Risk for Identity Theft?

First American bank is dedicated to helping you reduce your risk of being victimized. Identity theft is the fastest-growing white-collar crime and can rob you of your money…your credit…and your good name. Are you doing everything you can to protect your identity? Test yourself with our ID Theft Quiz.

Protect Your Identity While Traveling

As you make travel plans, take into consideration these tips for protecting your identity while traveling.

Before You Leave

  • Go through your wallet, purse and/or briefcase, remove any of the following items and place them in a locked safe or safety deposit box at your local bank:
              - Social Security card
              - Checkbook and deposit slips
              - Birth certificate
              - Credit card receipts
              - Library card
              - Video rental card
              - Bills
              - Extra credit cards
  • Minimize the number of credit and debit cards in your wallet or purse.
  • However, ALWAYS have an alternate form of payment other than your debit card. A credit card may be the best alternative. Increasing security surrounding debit cards may temporarily suspend your card until transactions can be verified.
  • Write down all the phone numbers from the back of your credit and debit cards and keep them somewhere other than your wallet or purse.
  • Provide your bank with up-to-date contact information, including your cell phone number.
  • If you are leaving the country, advise your bank of your plans so they won't be alarmed when they see transactions taking place in another country and will be able to better assist you if you need help from overseas.
  • Pay bills before you go out of town.
  • Place mail on "postal hold" with the Post Office. Arrange so mail may only be picked up by you, and request that identification must be shown to receive the held mail.
  • Stop delivery of newspapers or any other items you normally have delivered.
  • Make copies of your itinerary, passport data page, visas and driver's license to leave with a designated emergency contact.
  • Notify a trusted neighbor to watch your house.

During Your Travel

  • Lock up all your valuables (jewelry, laptops, passports and any other important documents) in a room safe or hotel safe while you are out of the room.
  • Heighten your awareness of people and crowds around you - pickpockets thrive in most major cities. If you are able to carry cards and cash in your pockets, rather than a purse or bag, all the better.
  • Avoid ATMs that appear to have been tampered with.
  • Cover the PIN pad when using ATMs. This will make it difficult for criminals to capture your PIN visually or with a camera.
  • Be aware of your surroundings at all times - "shoulder surfing" is a viable method of obtaining personal information when you least suspect it.

Click here for a handy tool to take with you on your travels, just in case!

 

 

Corporate Account Takeover

What is corporate account takeover?

"Corporate account takeover" is when cyber-thieves gain control of a business' bank account by stealing the business' valid online banking credentials. Although there are several methods being employed to steal credentials, the most prevalent involves malware that infects a business' computer workstations and laptops.

A business can become infected with malware via infected documents attached to an e-mail or a link contained within an e-mail that connects to an infected web site. In addition, malware can be downloaded to users' workstations and laptops by visiting legitimate websites - especially social networking sites - and clicking on the documents, videos or photos posted there. This malware can also spread across a business' internal network.

The malware installs key logging software on the computer, which allows the perpetrator to capture a user's credentials as they are entered at the financial institution's web site. Sophisticated versions of this malware can even capture token-generated passwords, alter the display of the financial institution's web site to the user, and/or display a fake web page indicating that the financial institution's web site is down. In this last case, the perpetrator can access the business' account online without the possibility that the real user will log in to the web site.

Once installed, the malware provides the information that enables the cyber-thieves to impersonate the business in online banking sessions. To the financial institution, the credentials look just like the
legitimate user. The perpetrator has access to and can review the account details of the business, including account activity and patterns, and ACH and wire transfer origination parameters (such as file size and frequency limits, and Standard Entry Class (SEC) Codes).

The cyber-thieves use the sessions to initiate funds transfers, by ACH or wire transfer, to the bank accounts of associates within the U.S. These accounts may be newly opened by accomplices or unwitting "money mules" for the express purpose of receiving and laundering these funds. The accomplices or mules withdraw the entire balances shortly after receiving the money, and then send the funds overseas via over-the-counter wire transfer or other common money transfer services.

Why are smaller businesses and organizations targeted?

The cyber-thieves appear to be targeting small- to medium-sized businesses, as well as smaller government agencies and nonprofits, for several reasons:

  1. Many small businesses and organizations have the capability to initiate funds transfers - ACH credits and wire transfers - via online banking (individual consumers generally do not have this capability except for payees set up in online bill payment systems);
    1. This funds transfer capability is often related to a small business' origination of payroll payments;
    2. In corporate account takeover, the cyber-thieves may add fictitious names to a payroll file (directed to the accounts of money mules), and/or initiate payroll payments off-cycle to avoid daily origination limits.
  2. Small businesses often do not have the same level of resources as larger companies to defend their information technology systems.
  3. Many small businesses do not monitor and reconcile their accounts on a frequent or daily basis;
  4. Small businesses bank with a wide variety of financial institutions with varying degrees of IT resources and sophistication.

Prevention, detection & reporting for business customers account control

  1. Reconcile all banking transactions on a daily basis.
  2. Initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer.
  3. Utilize routine reporting on transactions. Perform periodic risk assessment of the banking products/services you use; including; regular reviews of user access levels,
    dollar limits and activity.
  4. Immediately report any suspicious transactions to the financial institution.
  5. Stay in touch with other businesses and industry sources to share information regarding suspected fraud activity.

Computer security tools & practices

  1. Install a dedicated, actively managed firewall. A firewall limits the potential for unauthorized access to a network and computers.
  2. Install commercial anti-virus software on all computer systems.
  3. Ensure virus protection and security software are updated regularly.
  4. Ensure computers are patched regularly, particularly operating system and key applications, with security patches.
  5. Consider installing spyware detection programs.
  6. Be suspicious of e-mails purporting to be from a financial institution, government department or other agency requesting account information, account verification or banking access credentials such as usernames, passwords, PIN codes and similar information. If you are not certain of the source, do not click any links.
  7. Create strong passwords.
  8. Prohibit the use of "shared" usernames and passwords for online banking systems.
  9. Use a different password for each website that is accessed.
  10. Change the password several times each year.
  11. Never share username and password information with third-party providers.
  12. Limit administrative rights on users' workstations.
  13. Carry out all online banking activities from a stand-alone computer system from which e-mail and Web browsing are not possible.
  14. Verify use of a secure session ("https") in the browser for all online banking.
  15. Avoid using an automatic login features that save usernames and passwords for online banking.
  16. Never leave a computer unattended while using any online banking or investing service.
  17. Never access bank, brokerage or other financial services information at Internet cafes, public libraries, etc. Unauthorized software may have been installed to trap account number and sign on information leaving the customer vulnerable to possible fraud.

Recommendations for corporate account takeover victims

  1. Immediately cease all activity from computer systems that may be compromised. Disconnect the Ethernet or other network connections to isolate the system from remote access.
  2. Immediately contact your financial institution and request assistance with the following actions:
    1. Disable online access to accounts.
    2. Change online banking passwords.
    3. Open new account(s) as appropriate.
    4. Request the financial institution's agent review all recent transactions and electronic authorizations on the account.
    5. Ensure that no one has requested an address change, title change, PIN change or ordered new cards, checks or other account documents be sent to another address.
  3. Maintain a written chronology of what happened, what was lost and the steps taken to report the incident to the various agencies, banks and firms impacted. Be sure to record the date, time, contact telephone number, person spoken to, and any relevant report or reference number and instructions.
  4. File a police report and provide the facts and circumstances surrounding the loss. Obtain a police report number with the date, time, department, location and officer's name taking the report or
    involved in the subsequent investigation. Having a police report on file will often facilitate dealing with insurance companies, banks, and other establishments that may be the recipient of fraudulent activity. The police report may initiate a law enforcement investigation into the loss with the goal of identifying, arresting and prosecuting the offender and possibly recovering losses.

This is for information purposes and is not intended to provide legal advice. The guidance included is not an exhaustive list of actions and security threats change constantly.

Sources: NACHA and the Financial Services-Information Sharing and Analysis Center

 

 

 

Lost or Stolen Card

To report a lost or stolen ATM/debit card during business hours, immediately call your First American Bank location.

We will:

  • Place a fraud alert on your account
  • Issue you an new account number
  • Replace your card and Personal Identification Number (PIN)

To report a lost or stolen ATM Card outside of business hours: 

  • Immediately call Shazam at 1-800-383-8000 (available 24 hours daily)
  • Notify your First American Bank during business hours

To report identity theft to the nationwide consumer reporting companies:

  • Equifax: 1-800-525-6285
  • Experian: 1-888-397-3742
  • TransUnion: 1-800-680-7289
  • Federal Trade Commission: 1-877-382-4357 or click here 

Additional tips for avoiding identity theft:
Order your free credit report once per year, using one of the following methods:

For more information on protecting yourself from identity theft, visit the Identity Theft section of the First American Bank online Education Center. The Federal Trade Commision is also a valuable resource.