Fraud Prevention

Customers should always exercise caution when it comes to your personal and financial information. The following tips may help prevent you from becoming a fraud victim.

• Be aware of incoming email or text messages that ask you to click on a link because the link may install malware that allows thieves to spy on your computer and gain access to your information.
• Be suspicious of any email or phone requests to update or verify your personal information because a legitimate organization would not solicit updates in an unsecured manner for information it already has.
• Confirm a message is legitimate by contacting the sender (it is best to look up the sender’s contact information yourself instead of using contact information in the message).
• Assume any offer that seems too good to be true, is probably a fraud.
• Be on guard against fraudulent checks, cashier’s checks, money orders, or electronic fund transfers sent to you with requests for you to wire back part of the money.
• Be wary of unsolicited offers that require you to act fast.
• Check your security settings on social network sites. Make sure they block out people who you don’t want to see your page.
• Research any “apps” before downloading and don’t assume an “app” is legitimate just because it resembles the name of your bank or other company you are familiar with.
• Be wary of any offers that pressure you to send funds quickly by wire transfer or involve another party who insists on secrecy.
• Beware of disaster-related financial scams.  Con artists take advantage of people after catastrophic events by claiming to be from legitimate charitable organizations when, in fact, they are attempting to steal money or valuable personal information.

• Contact your nearest Commercial Bank branch or call us toll free at 888-518-7053.

• Contact the following three credit bureaus to have a fraud alert placed on your credit report.

• File a complaint with the Federal Trade Commission at http://www.ftc.gov

Criminals are constantly trying to steal consumers’ personal data using fake emails, websites, phone calls, and even text messages. They use a variety of ways to try to trick people into providing Social Security numbers, bank account numbers, and other valuable information. In many cases, their goal is to steal money from you. This article defines some terms used for different online scams and how they work, so you can protect your money.

How do scammers contact their victims?

Phishing is a term for scams commonly used when a criminal uses email to ask you to provide personal financial information. The sender pretends to be from a bank, a retail store, or government agency and makes the email appear legitimate. Criminals often try to threaten, even frighten people by stating “you’re a victim of fraud” or some other urgent-sounding message to trick you into providing information without thinking. Don’t do it.

Smishing is similar to phishing, but instead of using email, the criminal uses text messaging to reach you. Same idea, they pretend they are from an organization you might know and trust (such as a bank or the IRS) and try to get your personal information.

Vishing, similar to phishing and smishing, is when scammers use phone services such as a live phone call, a “robocall,” or a voicemail to try to trick you into providing personal information by sounding like a legitimate business or government official.

How can I avoid scams?

Be suspicious if someone contacts you unexpectedly online and asks for your personal information. It doesn’t matter how legitimate the email or website may look. Only open emails, respond to text messages, voice mails, or callers that are from people or organizations you know, and even then, be cautious if they look questionable.

If you think an email, text message, or pop-up box might be legitimate, you should still verify it before providing personal information. If you want to check something out, independently contact the supposed source (perhaps a bank or organization) by using an email address or telephone number that you know is valid, such as from their website or a bank statement.

Be especially wary of emails or websites that have typos or other obvious mistakes.

Remember that no financial institution will email you and ask you to put sensitive information such as account numbers and PINs in your response.  In fact, most institutions publicize that they will never ask for customer personal information over the phone or in an email because they already have it.

Assume that a request for information from a bank where you’ve never opened an account is probably a scam.  Don’t follow the link and enter your personal information.

Verify the validity of a suspicious-looking email or a pop-up box before providing personal information. Criminals can create emails stating that “you’re a fraud victim” or a pop-up box with another urgent-sounding message to trick people into providing information or installing malware (malicious software). If you want to check something out, independently contact the supposed source (perhaps a bank or organization) by using an email address or telephone number that you know is valid.

Visit www.banksneveraskthat.com for more information on how to avoid falling for a phishing scam. 

The best protection against identity theft is to carefully guard your personal information.  For example:

• Do not share personal information over the phone, through the mail, or over the internet unless you initiated the contact or know the person you are dealing with.
• Be suspicious if someone contacts you unexpectedly online and asks for your personal information. It doesn’t matter how legitimate the email or website may look. Only open emails from people or organizations you know and, even then, be cautious if they look questionable. Be especially wary of fraudulent emails or websites that have typos or other obvious mistakes.
• Do not provide bank account, debit card, or credit card information over the phone or through email unless you initiated the conversation. At Commercial Bank, we will never call you and ask for account information. If you are uncomfortable with a phone call that was not initiated by you, hang up or ask for the purpose of the call. Then contact the company using legitimate sources such as contact phone numbers found on the company’s website, your bank statements, and those listed on your ATM, debit or credit card.
• Don’t give out personal information in response to unsolicited requests. Be particularly careful about to whom you give your Social Security number, financial account information, and driver’s license number.
• Shred old receipts, account statements, and unused credit card offers before discarding. Many fraud and identity theft incidents happen as a result of mail and garbage theft.
• Choose PINs and passwords that would be difficult to guess and avoid using easily identifiable information, such as your mother’s maiden name, birth dates, the last four digits of your social security number, or phone numbers.
• Pay attention to billing cycles and account statements and contact your bank if you don’t receive a monthly bill or statement. Identity thieves often divert account documentation.
• Review account statements thoroughly to ensure all transactions are authorized.
• Guard your mail from theft, promptly remove incoming mail, and do not leave bill payment envelopes in your mailbox with the flag up for pick up by mail carrier.
• Replace paper invoices, statements and checks with electronic versions, if offered by your employer, bank, utility provider or merchant.
• Use an updated security program to protect your computer.
• Be careful about where and how you conduct financial transactions. For example, don’t use an unsecured Wi-Fi network because someone might be able to access the information you are transmitting or viewing
• Carry only necessary information with you. Leave your Social Security card and unused credits cards in a safe and secure location.
• Make photocopies (front and back) of vital information you carry regularly and store them in a secure place, such as a safety deposit box. Then, if your purse or wallet is lost or stolen, you have contact information and account numbers readily available.
• Review your credit report at least once a year to look for suspicious or unknown transactions. You can get a free credit report once a year from each of the three major credit bureaus at www.annualcreditreport.com.

The most common way malware spreads is when someone clicks on an email attachment — anything from a document to a photo, video or audio file.  Criminals also might try to get you to download malware by including a link in the wording of an email or in a social media post that directs you somewhere else, often to an infected file or Web page on the Internet.  The link might be part of a story that sounds very provocative, such as one with a headline that says, “How to Get Rich” or “You Have to See This!”

Malware also can spread across a network of linked computers, be downloaded from an infected website, or be passed around on a contaminated portable storage device, such as a thumb drive or flash drive. 

Here are reminders plus additional tips on how to generally keep malware off your computer.

• Don’t immediately open email attachments or click on links in unsolicited or suspicious-looking emails.  Think before you click!  Cybercriminals are good at creating fake emails that look legitimate but can install malware. Either ignore unsolicited requests to open attachments or files or independently verify that the supposed source did send the email to you (by using a published email address or telephone number).
• Install good anti-virus software that periodically runs to search for and remove malware.  Make sure to set the software to update automatically and scan for the latest malware.
• Be diligent about using spam (junk mail) filters provided by your email provider.  These services help block mass emails that might contain malware from reaching your email inbox.
• Don’t visit untrusted websites and don’t believe everything you read.  Criminals might create fake websites and pop-ups with enticing messages intended to draw you in and download malware.
• Be careful if anyone — even a well-intentioned friend or family member — gives you a disk or thumb drive to insert in your computer.  It could have hidden malware on it.  Don’t access it without first scanning it with a security software. 

A lot of people use social media sites — such as Facebook, LinkedIn, Twitter, Google+ and Instagram — to stay in touch with family and friends, meet new people and interact with businesses like their bank.  However, identity thieves can use social media sites in hopes of learning enough information about individuals to be able to figure out passwords, access financial accounts or commit identity theft.

Identity thieves create fake profiles on social networks pretending to be financial institutions and other businesses, and then lure unsuspecting visitors into providing Social Security numbers, bank account numbers and other valuable personal information.  Identity thieves also have created fraudulent profiles and then sent elaborate communications to persuade “friends” to send money or divulge personal information.  Fraud artists use social networking sites to gather information because it can help them guess passwords to online accounts or answers to ‘challenge questions’ that banks and other businesses frequently use for a second level of authentication beyond a password.  Someone who has your password and can successfully answer challenge questions may be able to access your accounts, transfer money, or even reset passwords.

What safety measures can you take with your social media accounts?

• Check your security settings on social network sites.  Make sure they block out people who you don’t want seeing your page.  If you have doubts about your security settings, avoid including information such as your birthday or the year you graduated college. Otherwise, though, experts say it is OK to provide that kind of information on your social media pages.
• Take precautions when communicating with your bank.  If you want to communicate with your bank on social media, keep in mind that your posts could become public, even though you can protect your posts to some extent through your account settings.  You should not include any personal, confidential or account information in your posts.

• Be cautious about giving third-party programs or apps, such as sites for games or quizzes, the ability to use information from your social networking pages.  “Some of these third parties may use information from your page to help you connect with others or build your network — for example, to pair you with strangers wanting to play the same game,” Boenau said.  “But they could also be selling your information to marketing sites and others, possibly even to people who might use your information to commit a fraud.” 
• Periodically search to see if someone has created a fake account using your name or personal information on social networking sites.  Checking common search engines for your name and key words or phrases (such as your address and job title) may turn up evidence that someone is using your information in a dishonest way.

Government Impostor Scams are when fraudsters pretend to be an employee of the FDIC or other government agency, sometimes even using the names of real people. The March 2020 FDIC Consumer News issue has more on how to avoid being scammed by government impostors.

Remember, the FDIC does not send unsolicited correspondence asking for money or sensitive personal information, and we’ll never threaten you. Also, no government agency will ever demand that you pay by gift card, wiring money, or digital currency. The FDIC would never contact you asking for personal details, such as bank account information, credit and debit card numbers, social security numbers, or passwords.

Lotteries and Sudden Riches Scams are when you are told that you won a lottery, perhaps in a foreign country, or that you are entitled to receive an inheritance. You are told that in order to “claim" the lottery winnings or inheritance, you must pay “taxes and fees.” A fake cashier’s check might be sent to you, which the scammer asks you to cash and then wire back the funds to cover the taxes and fees. They disappear with your funds and you get nothing but taken advantage of by the criminal when the check is found to be fraudulent and your bank holds you responsible for the loss.

Online Auctions, Classified Listing Sites, and Overpayment Scams involve an online auction or classified listing site. The scammer offers to buy an item for sale, pay for a service in advance, or rent an apartment. The clue that it is a scam is that they send you a cashier’s check for an amount that is higher than your asking price. When you bring this to their attention, they will apologize for the oversight and ask you to quickly return the extra funds. The scammer’s motive is to get you to cash or deposit the check and send back legitimate money before you or your bank realize that the check you deposited is fake.

Grandparent Scams happen when a fraudster hacks into someone’s email account and sends out fake emails to friends and relatives, perhaps claiming that the real account owner is stranded abroad and might need your credit card information to return home. If you receive such an email, make sure you contact the sender through other means before sending any money or personal information.

Secret or Mystery Shopper Employment Scams involve fake advertisements for job opportunities that claim to be "hiring" people to work from home. As the potential new “employee,” you might receive an official check as a starting bonus, and are asked to cover the cost of “account activation.” The scammer hopes to receive these funds before the official check clears and you realize you have been scammed. Another scenario involves an offer to work from home as a secret shopper to "assess the quality" of local money transfer businesses. You are sent a cashier’s check and instructed to deposit it into your bank account and withdraw the amount in cash. You are then instructed to use a local money transfer business to send the funds back to the “employer” and "evaluate" the service provided by the money transfer business.

If you think you are a victim of a fraud or scam, contact your state, local, and/or federal consumer protection agency. State consumer protection agencies could be found using the usa.gov/state-consumer webpage. Federal consumer protection agencies include the Consumer Financial Protection Bureau and the Federal Trade Commission. You could also contact the FDIC or other Federal banking agency if there is a banking issue involved. Also, a local law enforcement officer may be able to provide advice and assistance. By promptly reporting fraud, you improve your chances of recovering what you have lost and you help law enforcement. The agency you contact first may take action directly or refer you to another agency better positioned to protect you.

Violations of federal laws should be reported to the federal agency responsible for enforcement. Consumer complaints are used to document patterns of abuse, allowing the agency to take action against a company.

If you believe you have been the victim of an Internet crime, file a complaint with the FBI’s Internet Crime Complaint Center, www.ic3.gov. 

People who have no intention of delivering what is sold, who misrepresent items, send counterfeit goods, or otherwise try to trick you out of your money are committing fraud. If you suspect fraud, there are some additional steps to take.

• Contact the Federal Trade Commission (ftc.gov). The FTC enters internet, telemarketing, identity theft and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.
• If the fraud involved mail or an interstate delivery service, contact the U.S. Postal Inspection Service (postalinspectors.uspis.gov). It is illegal to use the mail to misrepresent or steal money.

Here are some basic steps you can take to secure your mobile devices.

• Avoid apps that may contain malware. Buy or download from well-known app stores, such as those established by your phone manufacturer or cellular service provider. Consult your financial institution's website to confirm where to download its official app for mobile banking.
• Keep your device's operating system and apps updated. Consider opting for automatic updates because doing so will ensure that you have the latest fixes for any security weaknesses the manufacturer discovers.
• Consider using mobile security software and apps to protect your device. For example, anti-malware software for smartphones and tablets can be purchased from a reputable vendor.
• Use a password or other security feature to restrict access in case your device is lost or stolen. Activate the "time out" or "auto lock" feature that secures your mobile device when it is left unused for a certain number of minutes. Set that security feature to start after a relatively brief period of inactivity. Doing so reduces the likelihood that a thief will be able to use your phone or tablet.
• Back up data on your smartphone or tablet. This is good to do in case your device is lost, stolen or just stops working one day. Data can easily be backed up to a computer or to a back-up service, which may be offered by your mobile carrier.
• Have the ability to remotely remove data from your device if it is lost or stolen. A "remote wipe" protects data from prying eyes. If the device has been backed up, the information can be restored on a replacement device or the original (if you get it back). A number of reputable apps can enable remote wiping.
• Take extra precautions for logging into bank and other financial accounts.  These measures include using "strong" user IDs and passwords by choosing combinations of upper- and lower-case letters, numbers, and symbols that are hard for a hacker to guess.  Don't use your birthdate, address or other words or numbers that can be easy for con artists to find out or guess.  Don't use the same password for different accounts because a criminal who obtains one password can then log in to your other accounts. Keep your user IDs and passwords secret, and change them regularly. Make sure to log out of financial accounts when you complete your transactions or walk away from the computer.
• Take precautions if you provide financial account information to third parties online.  For example, some people use online "account aggregation" services that, from one website, can provide a convenient way to pay bills, monitor balances in deposits and investment accounts, and even keep track of your frequent flyer miles.  While these websites may be beneficial, they can also present potential issues related to the security of the account information you have shared with them.  If you want to use their services, thoroughly research the company behind the website, including making sure that you're dealing with a legitimate entity and not a fraudulent site. Also ask what protections the website offers if it experiences a data breach or loss of data.
• Periodically check your bank accounts for signs of fraud.  If you bank online, check your deposit accounts and lines of credit at regular intervals to spot and report errors or fraudulent transactions, just as you would review a paper statement.  Online banking makes it easier and faster to monitor your accounts.  This is important, because the sooner you can detect a problem with a transaction, the easier it should be to fix.

To learn more about safely using smartphones and tablets, see the Federal Trade Commission's Computer Security Web page.