Fraudulent Emails and Websites
Classic Bank will never ask customers to send personal information to us via email or pop-up windows. Any unsolicited request for personal identifying information or Classic Bank account information that you receive through emails, websites, or pop-up windows should be consider as fraudulent and reported to us immediately.
What is Fraudulent Email?
Fraudulent email occurs when someone poses as a legitimate company, trusted site, or friend in an attempt to obtain sensitive personal information. If obtained, a person may fraudulently conduct transactions on your existing accounts.
Fraudulent e-mails will often:
- Appear to come from a legitimate source. Some emails are easily identified as fraudulent, but others may appear to come from a legitimate address and trusted source. Do not rely on the name or address in the "From" field, as this is easily altered.
- Contain fraudulent job offers. Some fraudulent emails appear to come from companies offering job opportunities.
- Contain prizes or gift certificate offers. Some fraudulent emails promise a prize or gift in exchange for completing a survey or answering questions. They may instruct you to provide your personal information to collect the alleged prize or certificate. (Remember, if it sounds too good to be true, it probably is.)
- Describes a reason why you must "verify" or "re-submit" confidential information--such as bank account and credit card numbers, Social Security numbers, passwords and personal identification numbers (PINs)--using a return e-mail, a form on a linked Web site, or a pop-up message with the name and sometimes even the logo of the bank, company or government agency. Perhaps you're told that your bank account information has been lost or stolen or that limits may be imposed on your account unless you provide additional details.
What is Phishing and Spoofing?
Phishing is a type of on-line fraud that can result in identity theft. Phishing is a scheme whereby scammers use fake websites and emails to fish for valuable personal information from consumers. Phishing involves the use of email messages or other forms of contact appearing to come from your bank or other trusted source, but are actually from scam artists.
Email spoofing is email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. Because SMTP doesn't provide any authentication, it is easy to impersonate and forge emails.
Although there may be legitimate reasons to spoof an address, these techniques are commonly used in spam and phishing emails to hide the origin of the email message.
How do I Detect a Phishing and Email Spoofing Scam?
- The message you receive has an "urgent" tone, it may advise you to act quickly.
- It may suggest that your account has been threatened.
- The message requests personal information such as your account numbers, credit and check card numbers, social security numbers, online banking IDs and passwords, mother's maiden name, date of birth, or other confidential information.
- The email, fax, or letter may advise you not to tell anyone about the message.
How do I Avoid a Phishing and Spoofing Scam?
- Never provide your personal information in response to an unsolicited call, fax, letter, e-mail or Internet advertisement.
- Do not download software directly from email messages, or from companies or web sites you do not recognize and trust.
- Watch out for non-secure web pages that ask for sensitive information (secure sites will typically display a lock in the tool bar at the bottom of your browser window or they will display https:// at the beginning of the web address).
- Be suspicious of any email that urgently requests personal information and/or indicates a problem with your bank account(s).
- Only provide personal information if you initiate the sign on process.
- Do not use links in an email to access a web page if you suspect the message may not be authentic.
- Be cautious when opening attachments or downloading files from emails.
- Do not open emails from an unknown source.
- Always use a secure website when submitting credit card or other sensitive information via a web browser. To verify the web site is secure, check the beginning of the web address in your browsers address bar--it should be https:// rather than http:// and also look for the closed lock in the tool bar on the bottom of the page.
What is Pharming?
Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent. Pharming has been called "phishing without a lure." Pharming, like phishing, seeks to obtain personal information. But in pharming, larger numbers of computer users can be victimized because it is not necessary to target individuals one by one and no conscious action is required on the part of the victim. In one form of pharming attack, code sent in an e-mail modifies local host files on a personal computer. A computer with a compromised host file will go to the fake Web site even if a user types in the correct Internet address or clicks on an affected bookmark entry. Your browser will show you that you are at the correct site. This makes pharming much more difficult to detect.
Some spyware removal programs can correct the corruption, but it frequently recurs unless the user changes browsing habits.