What is Phishing?
Most likely you've seen them: email messages asking you to verify personal information over the Internet. The scam, popularly called "phishing" (pronounced "fishing"), involves the use of replicas of existing Web pages to try to deceive you into entering personal financial or password data. Often suspects use urgency or scare tactics, such as threats to close accounts. By utilizing a company's name, logo and other visually recognizable information, recipients are deceived into thinking that the requests are legitimate.
First City Bank will never ask you via email to verify account information. Some safeguards to help protect you from phishing scams:
- Be suspicious of any email messages that claim to be from First City Bank that use an urgent or scare-tactic tone.
- Do not respond to email messages asking you to verify personal information. Instead, call the business to inquire about the request or enter the web address yourself.
- Delete suspicious email messages without opening them. If you do open a suspicious email message, do not open any attachments or click on any links.
- Install and regularly update virus protection software.
- Keep your computer operating system and Web browser current.
- Examine accounts frequently and thoroughly to detect unauthorized activity.
If you see a suspicious-looking email message claiming to be from First City Bank, please let us know. Also consider contacting the FBI's Internet Fraud Complaint Center (IFCC) at www.ifccfbi.gov or the Federal Trade Commission (FTC) Consumer Response Center at www.ftc.gov.
What is Pharming?
Phishing requires victims to voluntarily visit a criminal's website; pharming simply redirects victims to fraudulent websites without assistance. Pharming subverts a basic service of the Internet known as the "Domain Name Service," or "DNS." Each machine connected to the Internet knows the location of one or more DNS servers. This service translates a human-friendly URL name such as www.myfirstcitybank.com into an IP address, which is a unique number that has been assigned to each web server on the Internet.
To execute pharming, suspects first must gain access to the DNS server used by many people, such as the server of an ISP. Once accessed, the suspect will replace the IP number for the financial institution's URL with the IP number of his or her fraudulent website. When this occurs, any person using that DNS server will be redirected, silently, to the fraudulent website.
The good news is pharming requires either an unpatched software/server vulnerability to exist on the DNS server itself, or the criminal needs an insider at the ISP or financial institution to make unauthorized DNS server changes. This is rare.
Please be assured that First City Bank manages and updates its DNS server's software to maintain a high level of security. We maintain the highest standards; our customers are protected from pharming that would result from a compromise of our DNS server.
If you are suspicious about a website, consider contacting the FBI's Internet Fraud Complaint Center at www.ifccfbi.gov.
How to Report Identity Theft
In 2005, the Federal Trade Commission quantified that 9.93 million persons were affected by identity theft, causing a loss to financial institutions of $46.9 billion (Source: ftc.gov).
One survey by First Data Corp. in 2005 found 43% of US adults had received at least one bogus email purporting to be, in most cases, a financial institution. Of those, about one in 20 - or 4.5 million people - provided the requested information, and about half of those end up being victims of theft or identity fraud. (Source: firstdata.com)
First City Bank recommends that you never respond to email messages asking you to verify personal information. But accidents happen, and the following information could be useful if you've become a victim of identify theft.If you have given out your credit, debit or ATM card information:
- Report the incident to the card issuer immediately
- Cancel your account and open a new one
- Review billing statements carefully after the incident
- If the statements show unauthorized charges, send a letter to the card issuer via regular mail (keep a copy) describing each questionable charge
Credit Card Loss or Fraudulent Charges
Your maximum liability under federal law for unauthorized use of your credit card is $50 (policies vary). If the loss involves your credit card number, but not the card itself, you have no liability for unauthorized use; in general, you may only be liable for a very small amount but always check with your individual card company for their exact policy.
Your liability depends on how quickly the loss is reported. You risk unlimited loss by failing to report an unauthorized transfer within 60 days after your bank statement containing unauthorized use is mailed to you.
If you have given out your bank account information:
- Report the theft to the bank as quickly as possible
- Cancel your account and open a new one
If you have given out your personal identification information:
Identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes. If you have given this information to a phisher, you should do the following:
- Report the theft to the three major credit reporting agencies, Experian, Equifax and TransUnion Corporation, and do the following:
- Request that they place a fraud alert and a victim's statement in your file
- Request a FREE copy of your credit report to check whether any accounts were opened without your consent
- Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft.
Major Credit Bureaus
- Equifax - www.equifax.com
- Experian - www.experian.com
- Trans Union - www.transunion.com
If you become a victim of identity theft you should do the following:
- Notify your bank(s) and ask them to flag your account and contact you regarding any unusual activity
- If bank accounts were set up without your consent, close them
- If your ATM card was stolen, get a new card, account number and PIN
- Contact your local police department to file a criminal report
- Notify credit bureau fraud units and place a fraud alert statement on your credit report
- Contact the Social Security Administration's Fraud Hotline to report the unauthorized use of your personal identification information
- Notify the Department of Motor Vehicles of your identity theft and check to see whether an unauthorized license number has been issued in your name
- Notify the passport office to watch for anyone ordering a passport in your name
- File a complaint with the Federal Trade Commission hotline at 1-877-438-4338
- Check your post office for unauthorized change of address requests
- File a complaint with the Internet Fraud Complaint Center (IFCC) by visiting their website www.ifccfbi.gov
- Document the names and phone numbers of everyone you speak with regarding the identity theft violation. Follow-up your phone calls with letters and keep copies of all correspondence.
Identity Theft Resources:
- https://www.stopthinkconnect.org/ STOP. THINK. CONNECT.—online safety and security education and awareness campaign
- https://staysafeonline.org/ National Cyber Security Alliance—tools and resources for business and home users
- www.ftc.gov/infosecurity Federal Trade Commission’s (FTC) Protecting Personal Information: A Guide for Business; Bureau of Consumer Protection Business Center
- http://business.ftc.gov Federal Trade Commission’s (FTC) Protecting Personal Information: A Guide for Business; Bureau of Consumer Protection Business Center