Personal Banking
Mortgage Services
Small Business Banking
Commercial Banking
Wealth Management
About Us
Branch Locations
Personal Online
Commercial Online
Small Bus Online
Education Center
 
Reorder Deluxe Checks First American Experiences Group Security Center

Alerts

Malware and Money Mule Scheme
Fraudulent ACH Transaction Email
Fraudsters Distribute Fake FDIC Emails
Fraudulent Letter - Fake Check Scam
Fake Check Scams
Social Networking and Identity Theft
Grandparent ("Emergency") Scam
 In-Session Phishing Scam
Fake Want Ads Use ABA Name in Phishing Scam
Bank Merger Scams
Fake Error Message Scam
Card Deactivation Scams
Mortgage Foreclosure Rescue Scams
Commercial Account Scams
Whaling Scams
Phishing Scams
Vishing Scams
Smishing Scams

Malware and Money Mule Scheme

The American Bankers Association warns of an increase in fraudulent schemes involving malware attached to victims’ computers, along with the recruitment of individuals to receive and transmit unauthorized funds.

How the scam works.
The scam attacks two different victims:

  1. Using malware*, cyber-crooks intercept online banking credentials from the computers of small and mid-size businesses. Having gained unauthorized access to the business’ online deposit account, the thieves then initiates wire transfers to “money mules” around the country. The criminals target online deposit accounts where business customers can originate electronic funds transfers (EFTs) such as automated clearing house (ACH) and wire transfers over the Internet.

*Malware is malicious software or computer code that is installed on your computer; it collects sensitive information such as passwords or banking details, sending it back to people who use it to carry out fraud.

  1. Individuals are being tricked into acting as “money mules**” for the fraudsters, unknowingly laundering cash stolen from the above victim’s business bank account. This second victim is lured into using deposit accounts to receive the unauthorized electronic funds transfers (EFTs) and forwarding the funds overseas to criminals.

**Money mules are consumers who have been lured into scams that involve them receiving money transfers and forwarding the funds to a fraudster.

Money mule schemes can take many different forms, but most involve receiving unauthorized EFTs into a deposit account and then withdrawing the funds or forwarding them to another party via another EFT. Because EFTs are often made immediately available by the receiving institution, funds may be removed and wire transferred overseas before the fraud is detected.

Common scenarios:

  • Online job posting sites are often used by criminals to locate and trick individuals seeking flexible hours and work from home employment. The “employee” may be asked to processes payments for a foreign business, or act as a mystery shopper assessing business’ services by completing EFTs
  • Advance fee scams promise monetary rewards for acting as a financial intermediary
  • Fraudsters also use imaginative stories to befriend individuals on social networking sites to receive and forward stolen funds

How can you avoid becoming involved in these scams?

  • Do not open attachments or click on links in unsolicited emails.
  • Be wary of unsolicited offers or opportunities offering easy money—particularly if the company is based overseas. Remember the old adage: if it sounds too good to be true…it probably is! Verify any potential employer—and never give out bank account details to someone you don’t know or trust. Watch for red flags in the advertisement/emails, such as grammatical and spelling errors.
  • Anyone who is concerned that they have erroneously disclosed their personal financial details or has received funds into their accounts that they think could be a money mule scam should contact their banker immediately.

Back to Top

Fraudulent ACH Transaction Email

Individuals and companies have reported receiving an email indicating there is a problem with an ACH transaction the account holder (or third party) originated. They are directed to review the transaction report by clicking on a link. The link takes the individual to a fake web page which appears to belong to The Electronic Payments Association (NACHA) website. The links contains executable virus with malware. This is not a valid email from NACHA. Do not click on any links. Delete the email.

Remember, First American Bank will never contact you via unsecure email. If you have any questions on this alert, or any other security issue, please contact your banker.

Back to Top

Fraudsters Distribute Fake FDIC Emails

Fraudulent emails claiming to be from the FDIC are being distributed to trick individuals into installing spyware on their personal computers. Recipients are instructed to download and open a “personal FDIC insurance file” to check their deposit insurance coverage. In reality, the file collects personal, confidential information.

The subject line of one version reads: “check your bank deposit insurance coverage”. The email goes on to warn the recipient their bank has failed and the FDIC has taken control of its assets. They are directed to visit the official website by clicking on a provided hyperlink. Although the link appears related to the FDIC, it is believed that clicking on the hyperlink will cause malicious software to be downloaded. Fraudsters can use the information gathered to conduct identity theft.

Never click on any links or download any files unless you have initiated the contact, and are sure you know who you’re dealing with. Remember, First American Bank will never ask for private information by email or unsecured website.

Back to Top

Fraudulent Letter - Fake Check Scam

Claiming to be from the American Bankers Association (ABA), fraudsters are distributing letters instructing people to call a phone number to find out how to collect a prize. They then try to trick the individual into revealing personal financial information.

Fraudulent sweepstakes are just one of many scams aimed at stealing personal information. Identity thieves have posed as representatives of banks, Internet service providers (ISPs), and government agencies to get people to reveal their Social Security Number, mother's maiden name, account numbers, and other identifying information.

Be cautious about providing personal or financial information to anyone you do not know. Do not give out personal information on the phone, through the mail, or on the Internet unless you have initiated the contact, and are sure you know who you’re dealing with.

First American Bank will never ask for private information by email or unsecured website.

Many of the fake ABA prize letters also contain one or more fraudulent checks, typically written for between $1,000 and $5,000 each; they appear to be signed by ABA or ABD Federal Credit Union, however it is believed any financial institution may be targeted. The ABA is working with law enforcement to identify and stop the perpetrators.

One way you can confirm you are dealing with a legitimate organization is to check their website—however it’s important to type its URL in the address line yourself—do not cut and paste it from a message sent to you, which can be altered to redirect you to an unsafe site.

Often legitimate companies, such as the American Bankers Association, will post scam alerts if they know their name is being used improperly.

Back to Top

Fake Check Scams

Millions of consumers are being tricked into accepting genuine-looking checks and money orders and wiring money to fraudsters. The Consumer Federation of America (CFA) has launched a national campaign to combat this fraud. CFA is a non-profit association of 300 pro-consumer groups—including the American Bankers Association of whom First American Bank is a member.

Common fake check scams:

  1. Sweepstake, lottery and grant fraud. Individual receives a check or money order with instructions to wire a portion to pay taxes or administrative fees.
  2. “Work-from-home”. “Employee” purchases as a mystery shopper or processes payments for a foreign business with instructions to deduct their pay from a check or money order and wire the rest to their “employer”.
  3. Overpayment. Scammer sends a check or money order for more than the amount for something the individual has for sale, with instructions to wire the extra to someone for shipping.

The checks or money orders are fake. You’re out the money.

Per federal law financial institutions must give consumers timely access to money from deposited checks or money orders.Although funds are made available, that does not guarantee the deposited check or money order is good. The depositor is liable for repaying the financial institution if checks or money orders cashed or deposited are counterfeit.

There is no legitimate reason why anyone who wants to give you a check or money order should ever ask you to send money anywhere in return.

Tips to Avoid Fake Check Scams

  • No legitimate sweepstakes or lottery would send you a check or money order and ask you to send payment in return. Taxes are always paid directly to the government.
  • Do not pay for grants claiming to be from the government or foundations; grants do not charge. Most require an extensive application process and are awarded to organizations, not individuals.
  • Never cash checks and send the money somewhere as part of a job working from home. Legitimate employers do not operate that way.
  • Never wire money to anyone you have not met in person and known for a long time. Verify identification.
  • If suspicious, consult your state or local consumer protection agency, the Federal Trade Commission, Postal Inspection Service, or other trusted source. Go to www.fakechecks.org to learn more.

Back to Top

Social Networking and Identity Theft

Online social networking can be a great way to exchange ideas, information, photos and games—but remember, putting your personal information online comes with some risks. A new popular game on Twitter has been determined to also be a new fraud scheme. To play, individuals are asked to post their “porn name”—a  combination of your first pet’s name and the street you grew up on, or your mother’s maiden name.

Now think about the answers to your security questions for your online accounts…more than likely, at least one of them is your pet's name, your mother's maiden name, or the street you grew up on. If you played the game, you just shared that information with millions of people on Twitter.

How the scam works
With the information you just provided, fraudsters, alleging to be you, contact various websites claiming they forgot their login information. When “you” are asked to answer your security questions, the crooks use your Twitter porn name information and are granted access to your accounts.

If you have unwittingly shared your passwords or answers to your security questions, quickly change these passwords and security questions on your accounts.

The more information you provide about yourself online, including posts and live chats on social networking sites, the easier it is for people to use these details to commit fraud.

Your best protection
Do not reveal too much information in your social networking. Control who can access your online information.

Other tips:

  • Do not include email addresses or phone numbers in your profiles
  • Keep your address and physical location private. Beware of publishing photos containing street-names, car license plates, or locations you frequent that can be linked to you.
  • Read the terms and conditions before you sign up to any social networking sites. Know who can access your information. Check security and privacy settings; keep them up-to-date.
  • The best passwords are at least eight to ten characters long and use a combination of upper and lower case letters, plus numbers and symbols.

Social networking sites build themselves on a culture of trust. Do not get caught up in the moment. Always think before you respond. Keep your personal information safe.

Back to Top

Grandparent ("Emergency") Scam

Con artists are defrauding seniors out of hundreds, even thousands, of dollars by posing as their grandchildren in need of help.

In the “Grandparent” or “Emergency” scam, a grandparent receives a phone call from a fraudster claiming to be his or her grandchild needing money immediately. The crisis often involves a car accident, stranding, medical treatment, or funds required to pay bail. The caller frequently asks for secrecy so the caller does not “get into more trouble”.

Con artists can get names and family information from the Internet through family blogs, genealogy Websites, social networking sites and online newspapers—and can often manage a believable impersonation. In other cases, the grandparent is tricked into revealing the grandchild’s name.

Wanting to help their grandchild, the grandparent sends money electronically, usually via a money transfer. Funds sent by wire transfer are hard to track and usually are not recoverable by law enforcement or banking officials.

Protect Yourself.
Do not fill in the blanks. If a caller says, “This is your granddaughter”, respond “Which one?”

Confirm your grandchild’s identity. Ask personal questions a stranger could not answer. Insist you will call them back on their home phone or cell. Do not ask the caller for the number. If you don’t have the number, contact a trusted family member. If you aren’t sure what to do, call your local police on the non-emergency line. They can help you sort things out.

Resist pressure to act immediately. Even if they ask for secrecy, don’t be afraid to check out the story with the person’s parent or another close family member before sending money.

Do not wire money. Do not send a check or money order by overnight delivery or courier.
Fraudsters pressure people to wire money through commercial money transfer companies like Western Union and Money Gram because wiring money is the same as sending cash. The chances of recovering the money are slim to none. Con artists use these services so they can get your money before you realize you’ve been cheated. Victims often don’t realize they’ve been swindled until days later, when they speak to their grandchild who knows nothing about the phone call. By then, the money is not only long gone, but irretrievable.

Never provide your bank or credit card numbers to any caller for any reason.

Back to Top

In-Session Phishing Alert

A new phishing technique tricks users into providing confidential information after they have logged onto secure websites. In-session Phishing inserts legitimate-looking pop-up messages that request passwords, account numbers etc., purportedly on behalf of the trusted website.

The malicious program detects other sites the user is visiting, and will only attempt to trick a user already logged into a secure website. It then presents a reason for victims to type in their credentials again, for example, claiming the online banking session is about to time out.

How the scam works
A user legitimately logs onto a secure site and authenticates. Having finished their business the individual leaves the bank website open and opens another browser tab. If they encounter a website that has been infected with the malicious code, a pop-up supposedly from the bank or secure site that’s still open, prompts the user to enter his login etc. again. Additional lures include pop-ups of online surveys or mini-flash games. For the attack to work, both conditions must be met: the user must stay logged into the secure site while simultaneously opening the second; the second site must be infected. And, of course, the user needs to act on the prompt.

Keep your personal information safe

  • Always log off upon completion of business on a secure site
  • Be extremely wary of pop-ups that randomly drop in if you haven’t clicked anything—even better, disable your pop-ups

Back to Top

Fake Want Ads Use ABA Name in Phishing Scam

“Phishing” scams are not just limited to the internet. A new phishing scheme uses the American Banker’s Association’s (ABA) name to trick the unwary into disclosing confidential security information relative to their savings and checking accounts.

Ads seeking to hire survey takers to evaluate local banks (similar to mystery shopping) are placed in local newspapers. Applicants receive a package of papers (that appears to be from ABA) including the detailed survey and list of bank branches. The survey takers are instructed to open an account with their assigned bank(s) using their own money, then forward the completed survey, along with account and security information, to an address in South Carolina.

Individuals who follow the instructions quickly lose any money that they deposited into that account.

ABA is in no way affiliated with this bogus "survey" and is working with law enforcement officials to track down the individuals behind the attempted fraud.

Back to Top

Bank Failures, Mergers and Takeovers Spawn Phishing* Scams

Scammers are taking advantage of the unrest in the financial world to elicit personal information.

According to the Federal Trade Commission (FTC), fraudsters distribute e-mails that appear to be from the financial institution that recently acquired your mortgage, bank or savings and loan—trying to capture credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. The message may ask you to update, validate, or confirm account information. For example:

“We recently acquired the mortgage on your home and are in the process of validating account information. Click here to update and verify your information.”

“We experienced a data breach during our acquisition of ABC Savings and Loan, and suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below to confirm your identity.”
 
“We recently purchased XYZ Bank. Due to concerns for the safety and integrity of our new online banking customers, we have issued this warning message. Please follow the link below to renew your account information.”

You are then directed to a website that looks like your new financial institution or lender. Instead, it is a bogus site set up to trick you into revealing personal information.

Avoid getting swindled by a phishing scam:

  1. Even if it appears to be from your bank, do not reply to an e-mail or pop-up message that asks for personal or financial  information
  2. Do not click on links in the message
  3. Do not cut and paste a link from the message into your Web browser. Scammers can make links look like they go one place, but actually redirect you to another.
  4. Do not e-mail personal or financial information. E-mail is not a secure way to send sensitive information
  5. Review your financial account statements as soon as you receive them; check for unauthorized charges
  6. If you have been scammed, visit the Federal Trade Commission’s Identity Theft website at ftc.gov/idtheft for important  information on next steps to take.

*Phishing occurs when fraudulent e-mails purportedly from a well-known company ask you to provide, update or confirm confidential information.

Back to Top

Fake Error Message Scam: 404* Not Found

Criminals are draining funds from the accounts of small to mid-sized businesses by using fake error messages from what looks like banks’ websites.

Antifraud safeguards include one-time use passwords, such as a number generated by fobs or tokens that expire upon use. Fraudsters circumvent these security measures by installing a data-stealing program on a business owner’s computer. When a victim whose PC is infected with this malware attempts to log in at a banking site that requires two-factor authentication, the scammer modifies the display of the bank site in the victim’s browser.

The fraudster sends the victim a fake error message with an alert saying “please allow 15 to 30 minutes for your request to be synchronized with our server.” While the victim waits, the criminal quickly uses the one-time code to log in as the victim and drain the account.

The scams are extremely well-targeted, warns Brian Krebs in his Washington Post column, “Security Fix”. The e-mails resemble official correspondence and often include the victim’s name and employer. In one recent incident, thousands of e-mails impersonating the U.S. Tax Court were distributed.

Please beware of error messages at bank sites. If you own or work at a small to mid-sized business, and are presented with an error message about data synchronization or site maintenance when attempting to access your company’s bank account online, contact your bank as soon as possible.

*The 404 or “not found” error message is an HTTP standard response code that indicates the user was able to communicate with the server, but either the server could not find what was requested, or it was configured not to fulfill the request and not reveal the reason why.

Back to Top

Card Deactivation Scam

Many people are receiving a variation of the following message:

  • Irregular activity has been detected on your ATM/Check Card.
  • For your protection, future authorizations have been suspended, and your card has been deactivated.
  • To re-activate your ATM/Check Card, call the (24 hour) Activation Center: (xxx) xxx-xxxx  

This is a scam. You should delete and ignore the message.
Do not respond to the message or call the number.

Note: This Card Deactivation Scam is different from the First American Bank practice of protecting you from unauthorized use of your ATM/debit card. When we authorize you to be contacted by a fraud specialist after a possibly suspicious transaction, they will simply ask you to verify a specific recent purchase. Click here to read more. They will never ask for your PIN number or any other account information. You will not be told your card has been deactivated. As in all financial situations, should you have any concerns or questions, please contact First American Bank.

Back to Top

Mortgage Foreclosure Rescue Scam

According to the Federal Trade Commission, firms engaged in foreclosure rescue scams promise consumers a way out, typically for a few thousand dollars. Although there are many varieties of mortgage foreclosure rescue fraud, the common theme is a promise that the consumers’ homes will be permanently saved from the pending foreclosure. Most victims not only end up still losing their home, but also the money they paid to the scammers.

Current prominent frauds:

  • Title Transfer: fraudulent operators take title to the homeowner’s property
    1. Even though the homeowner believes he is only signing documents to refinance, in reality, the fraudster ends up with a deed granting ownership of the house. The thief may forge the deed or simply insert the deed into the large stack of documents as part of a purported loan closing.
    2. The fraudster informs the homeowner of the need to temporarily sell the home to the rescue company. The former owner can remain in the home as a renter, and repurchase the house over the next few years. Instead, the fraudster asserts ownership and evicts the former owner. Alternately, the terms of repurchase are so burdensome the scammer knows the former owner will never be able to repurchase.
  •  Mortgage Negotiation: fraudulent firms promise homeowners they will save their home from foreclosure by negotiating with the loan servicer

    For a fee, the firm promises to obtain either a temporary decrease in the payment amount or a permanent loan modification. Sometimes they offer a full range of options, including credit counseling, debt negotiation and emergency lending. The homeowner pays for each service. All too often mortgage rescue consultants either do nothing or minimal work—such as calling the bank or mailing a list of refinancing sources they found on the Internet. Ultimately, the fraudster charges thousands of dollars and rarely stops foreclosure. Most victims are not only unable to get their money back, they also lost their homes.

In many cases, the fraudster directs the homeowner to have no further contact with the loan servicer—even though in some instances the servicers will agree to modifications to avoid foreclosure.

In addition, most consumers report they are unable to reach anyone at the fraudulent company to ascertain how the process is going or to complain.

The Mortgage Rescue Fraud Act, which went into effect in 2007, provides homeowners with the following protection:

  1. A mortgage rescuer must provide the homeowner with a written contract clearly stating the home is being sold.
  2. Prior to the sale, the mortgage rescuer must determine the homeowner has reasonable ability to make rental payments and buy the home back.
  3. A homeowner who remains in the home under a rental agreement has the right to cancel the rental agreement at any time.
  4. A mortgage rescuer must pay the homeowner at least 82% of the home’s fair market value if the rescue ultimately fails.
  5. Mortgage rescue consultants must give homeowners a written contract listing all services the consultant promises to perform.
  6. Homeowners’ have the right to cancel a consultant contract at any time.
  7. A mortgage rescue consultant cannot accept any payment from the homeowner until all services have been performed.

The Better Business Bureau (BBB) has issued a warning to homeowners that it has received complaints from victims of foreclosure rescue schemes from almost all 50 states. According to BBB reports, individuals whose homes are listed for foreclosure are increasingly being contacted directly. Fraudsters also advertise on the Internet, in local newspapers, with posters on telephone poles, bus stops and flyers distributed door to door.

Beware of anyone who calls or shows up at your door promising to save your home.

If you, or someone you know, are in foreclosure, or behind in mortgage payments and facing possible foreclosure, the attorney general recommends:

  • Don’t wait. The longer you wait the harder it can be to find good solutions.
  • Call a reputable mortgage foreclosure counselor. There are many non-profit and government agencies who offer advice at no cost or at a nominal fee.
  • Be careful. Ask for everything in writing. Take it to an attorney, loan counselor or someone you trust to look it over and make sure the deal is what you were promised.

The Better Business Bureau adds these tips: If you are having trouble paying your mortgage, contact your lender or an attorney for assistance. Before hiring any mortgage foreclosure rescue company, check with your attorney general, real estate commission or better business bureau. You may request a free reliability report by going to www.bbb.org.

Back to Top

Commercial Account Scam

One of the greatest risks to our customers in today’s banking environment is a fraud loss connected with accepting a counterfeit check in a scam. These scams originated years ago, many in Nigeria, and were directed primarily to individuals. They have evolved considerably and are on the increase.

Recently, businesses being targeted are those attempting to sell something over the Internet. We’ve seen a surge in fraud aimed at businesses which have large dollar equipment for sale over the Internet.

Businesses will typically be dealing with a client they have not met personally. Those conducting dealings outside the United States are more susceptible.

When selling over the Internet exercise caution:

  • Scammers ask for wire instructions so they can wire the money to your bank. This means providing your bank account number.

    Do not give out your bank account number and routing number until you are certain that this sale is legitimate.

    If you want to give wire instructions, contact your banker.
    He/she will give you a wire holding number to which the wire can be sent.

  • If the person sends you a check, look carefully at the physical check. Is it coming from the company or person that you were corresponding with in your emails? If not, determine on what bank the check is drawn and research a phone number for that bank using a standard or online telephone directory.

    Do not rely on the telephone number listed on the check.
    Call the number listed in the telephone directory and ask to verify the check.

    • If you are concerned and unable to verify the check, First American Bank’s security department may be able to help determine if this is a legitimate check.

  • Much of the time, instead of the promised wire you will receive a check. It may be mailed to the bank for deposit into your account or it may be sent to you directly. This check will typically be for a greater amount than you were expecting.

    If your “potential client” makes the request to have the excess amount wired to them, stop! This is where the monetary loss to the customer typically happens.

    Always check with First American Bank to see if the check deposited has cleared and if the funds are available.

  • The scammer will show interest in your item, indicating they want to buy it with some investigation. This may be a scam.

    If they offer to wire you the funds so you can pay for their inspector to conduct the inspection, be alert.

    If they arrange for the inspector, they should pay for the inspection directly; there is no need to wire you the funds.

As always, First American Bank is always there to help their clients with any security questions or issues.

Back to Top

Whaling Scams

We’ve posted warnings about Phishing. Now there’s a more refined phishing scam to be aware of: Whaling — aimed at the rich and powerful.

In this scam, criminals research the names and e-mail addresses of top executives—often freely available on the Internet. The subsequent e-mails distributed lure these executives into clicking on a link to a Website where malware* is immediately downloaded onto the executive’s computer. *Malware (a blending of the words malicious and software) is software designed to infiltrate or damage a computer system without the owner's informed consent.

One such e-mail sent to thousands of high-ranking executives claims the recipient has been subpoenaed by the United States District Court in San Diego to appear in a grand jury civil case. When the executive clicks on a link purporting to be a copy of the entire subpoena, he/she unwittingly downloads software that sends data to a remote computer.

Another version claims to be from the Better Business Bureau alerting the executives to a complaint filed against their company and posted on a website. Yet another scam claims to have information about an invoice.

One of the tip offs: while the sender’s address may look legitimate, the post office they are sending from often is not disguised. This can be seen if you look at the header information.

Back to Top

Phishing Scams

Phishing occurs when fraudulent e-mails, appearing to come from a well-known company, ask the recipient to provide, update or confirm confidential information.

Business alert:

First American Bank has received a warning from Equifax regarding current email phishing attempts aimed at businesses.

Equifax is a credit reporting agency utilized by First American Bank to obtain credit reports for loan applicants and to report loan payment history. Phishing attempts have been made on companies that utilize the online delivery channel with Equifax. The companies have reported receiving emails, that appear to be from Equifax, requesting their Company ID, User ID and Password.  Equifax would never ask for this information.  This is a scam. These emails have not been sent from Equifax.  If you receive a similar email, disregard it and do not respond.

Change to tax law e-mail scam: People who operate businesses and accountants are the primary targets here. Individuals are told they can download information regarding changes to the tax law by clicking on links leading to publications. When the individuals click on these links, software is installed on their computer leading to their information being compromised.

We ask all our clients to be alert for these current scams:

  • Rebate Phone Call: An individual receives a call from someone indicating they are with the IRS. The caller says the recipient may be eligible for a large rebate. All the individual needs to do is supply the caller with their bank routing number and account number for direct deposit. The caller will warn that if the person does not supply this information there will be no rebate! This is a major feature of scams: the sense of urgency or threats.
  • Refund E-mail: An individual receives an e-mail from someone claiming to represent the IRS indicating they are eligible for a tax refund—just click on the link in the e-mail to obtain a refund claim form. This form then requests personal information regarding banking account numbers or credit card information.
  • Audit E-mail: Someone claiming to be from the IRS informs an individual they are being audited. This e-mail directs the person to click on links to a form—which requests personal banking information.
  • Paper Check: An individual receives a call from someone claiming to be from the IRS. The caller says the individual will be receiving a check, but they need to verify their bank account number first.

Remember: Be very cautious about providing your personal or financial information to anyone you do not know.

Note: First American Bank will never ask for private information by email or unsecured Website.

How to spot Phishing:
  • The email and linking website may appear authentic
  • You are asked to "update" or "validate" your information
  • Often it will threaten some consequence if you don't respond

Steps to avoid being Phished:

  • Do not reply to the email, even if it appears urgent
  • Do not use the links from the email to open any web page
  • Do not call any phone numbers appearing on the email
If you think you've been Phished:
  1. Contact First American Bank immediately at your local branch
  2. Place a fraud alert on your credit report with the three major credit bureaus. Also request to review your credit reports for suspicious activity at that time
    • Equifax: 1-888-766-0008
    • Experian: 1-888-397-3742
    • Trans Union: 1-800-680-7289
  1. Close accounts you believe have been tampered with or opened fraudulently
  2. File a complaint with the Federal Trade Commission
  3. File a report with local police

Back to Top

Vishing Scams

Vishing, a term coined from combining “voice” and “phishing”, exploits the public’s trust in landline telephone services. Similar to phishing, the fraudster sends an e-mail indicating the recipient’s bank needs to update certain information. The e-mail cunningly references phishing and identity theft. The twist comes when “for security purposes” the individual is directed to call “one of our personal bankers” at a provided toll free number.  When the individual calls, thinking they are updating the information on their accounts, they actually provide their private information directly to the fraudster.

Vishing is typically used to steal credit card numbers or other information used in identity theft schemes. It is very hard for legal authorities to monitor or trace Vishing.

Be highly suspicious when receiving messages directing you to call and provide credit card or bank numbers. Contact your bank or credit card company directly to verify the validity of the message. Note: do not use telephone numbers provided to you via the e-mail or phone call. Look up the number yourself via online directory or telephone book.

Back to Top

Smishing Scams

Smishing is derived from combining SMS (protocol used to transmit text messages via cell phones) and the more familiar “phishing”. Almost identical to the phishing scam which uses e-mail, this new tactic exploits mobile banking. The fraudster, disguised as a financial institution, sends a text message requesting personal information such as account numbers or passwords.

Alternately, some messages warn the consumer will be charged unless they take action to cancel
a supposed order by going to a web site. When visited, the site downloads a “Trojan horse” that then steals credit card numbers and other private information.

Some of the new smishing techniques include mobile spyware that once downloaded to a phone can eavesdrop on conversations.

Treat your cell phone with the same level of concern you apply to your website.

Back to Top