ONLINE BANKING > Privacy and Security > Common Scam and Fraud

Phishing and Spoofing

Through the use of fraudulent emails, Internet thieves attempt to “phish” for your confidential information. What they want are account numbers, passwords, Social Security numbers, and other confidential information that they can use to loot your bank accounts or run up bills on your credit cards. With the sensitive information obtained from a successful Phishing scam, identity thieves can do damage to your financial history and personal reputation that can take years to unravel.

Often times the fake email disguised as legitimate business or organization that you may deal with, e.g., an Internet service provider, online payment service, e-Bay, or even a government agency such as the IRS or FBI. They often include company logos that look real. It entices you to visit a “spoof” (phony) Website that encourages you to divulge sensitive information. Additionally, some Phishing emails will attempt to install software on your computer (commonly known as “spyware”) to capture your keystrokes so that thieves may obtain confidential information like login IDs and passwords.

Always keep in mind that Omni Bank, N.A., will not send you unsolicited emails with embedded links or pop-up windows that ask for confidential information. We will never ask you to provide personal information or account information via our Web site or by email. If you ever receive a suspicious request for confidential information that purports to be from Omni Bank, N.A., do not respond to it and do not click on any links that it provides. Report the request to any of our Customer Relationship Personnel or Operations Officer at any of our locations.

Fake emails will often:

• Contain urgent or threatening appeal for personal information. Fake emails often claim that your information has been compromised, that your account has been frozen, or ask you to confirm the authenticity of your transaction. Another example is that it may claim that your account may be closed if you fail to confirm, verify, or authenticate your personal information immediately. Omni Bank, N.A., and most other financial institutions will not ask you to verify information in this way.
• Urgent request for security information. Fake emails often claim that the bank has lost important security information and needs to update it online. Or, the email may warn you of a serious problem that requires your immediate attention. It may use phrases such as “immediate attention required,” or “Please contact us immediately about your account.” The e-mail will then encourage you to click on a button to go to the bank’s Web site.
  
  In either case, you may be asked to update your account information or to provide information for verification purposes: your Social Security Number, your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother’s maiden name or your place of birth.
  
  If you provide the requested information, you may find yourself the victim of identity theft. Omni Bank, N.A., and most other financial institutions will not ask you to verify information in this way.
• Appear to be from a legitimate source. While some emails are easy to identify as fraudulent, others may appear to be from a legitimate address and trusted online source. However, you should not rely on the name or address in the “From” field, as this is easily altered.
• Contain fraudulent job offers. Some fake emails appear to be from companies offering jobs. These are often work-at-home accounting positions which are actually schemes that victimize both the job applicants and other customers. Be sure to confirm that the job offer is from a known and trusted company.
• Contain prizes or gift certificate offers. Some fake emails promise a prize or gift certificate in exchange for completing a survey or answering questions. In order to collect the alleged prize or gift certificate you may be directed to provide your personal information. Just like with job offers, be sure to confirm that prize or gift certificate is being issued from a known and trusted company.
• Too-good-to-be-true offers are often just that. Don’t get mixed up in fraudulent activities by believing emails or Web advertisements that offer to help you earn money by transferring cash.
• Link to “spoof” Web sites. Fake emails may direct to counterfeit Web sites carefully designed to look real, but which actually collect personal information for illegal use.
• Contain fraudulent phone numbers. Fake emails often contain telephone numbers that are tied to Internet thieves. Never call a number featured on an email you suspect is fraudulent, and be sure to double-check any numbers you do call (e.g., using the phone book).
• Contain real phone numbers. Some of the telephone numbers listed in fake emails may be legitimate, connecting to actual companies. Just like with links, Internet thieves include the real phone numbers in an effort to make the email appear to be legitimate.
• Contain typo and other errors that are often the mark of fraudulent emails or websites. Be on the lookout for: typographical or grammatical errors; awkward, stilted, or inappropriate writing; and poor visual or design quality.

How is my email address obtained

Email addresses can be obtained from publicly available sources or through randomly generated lists. Therefore, if you receive a fake email that appears to be from Omni Bank, N.A., this does not mean that your email address, name, or any other information has been taken from Omni Bank, N.A.

Spoof (Counterfeit) Web Site

Online thieves often direct you to fraudulent Web sites via email and pop-up windows and try to collect your personal information. In many cases there is no easy way to determine that you are on a phony Web site because the URL (Uniform or Universal Resource Locator) will contain the name of the institution it is spoofing. However, if you type, or cut and paste, the URL into a new Web browser window and it does not take you to a legitimate Web site, or you get an error message, it was probably just a cover for a fake Web site.

How can I protect myself

With a few simple steps, you can help protect your bank accounts and personal information from fake emails and Web sites.

• Delete suspicious emails without opening them. If you do open a suspicious email, do not open any attachments or click on any links it may contain.
• Never provide sensitive account or personal information in response to an email. If you have entered personal information, contact us immediately.
• Install and regularly update virus protection software.
• Keep your computer operating system and Web browser current.

Spyware, Viruses, and Malware

Spyware, viruses, and malware are malicious programs that are loaded onto your computer without your knowledge.

• Spyware is designed to allow unauthorized access to computer systems. Spyware can be used to steal your personal information. Some spyware programs can detect the numbers and letters you enter on your keyboard such as passwords.
• Viruses are designed to make copies of themselves, quickly using up your computer’s memory. Some viruses can transmit across computer networks.
• Malware (Malicious software). Viruses and “Trojans” (latent malicious code or devices that secretly capture data) on your personal computer may intercept your request to visit a particular site, such as anybank.com, and redirect you to the spoof site that the Internet thief has set up.

Protecting against viruses, spyware and malware

• Anti-spyware protection. Make sure your computer has an anti-spyware protection program that detects and removes all forms of spyware, which can steal vital information. Use this program to scan your computer frequently. Many software companies offer software that will protect you from a wide variety of spyware threats, and also will provide customer service in case you have questions. To keep up with any new threats, be sure to keep your anti-spyware program updated.
• Anti-virus protection. Make sure your computer has an anti-virus protection program that detects and removes viruses. Software from major providers will protect you from a wide variety of threats, and also will provide customer service in case you have questions. Be sure to always keep your anti-virus program updated.
• Automatic upgrades. Buy a protection program that automatically upgrades your spyware or virus protection on a recurring basis. If you don’t have this automatic upgrade feature, make sure you update your spyware and virus detection programs weekly, as well as whenever you hear of a new computer threat.
• Attachments. Don’t open attachments, diskettes, or CDs unless you are sure that you can trust the source. Learn how to manually screen diskettes, CDs, and attachments if your anti-virus software doesn’t automatically do so.
• Contact your ISP. Your Internet service provider (ISP) may have more recommendations and technical support for protecting yourself. Contact your ISP for recommendations specific to your computer and network.

Pop-up Windows

Pop-ups are the small advertisements that “pop-up” in a separate browser window on your screen. When you download material from the Internet, it is possible that you are also downloading “spyware” and/or “adware” that generate these ads.

Sometimes, criminals create pop-up ads that look like they come from a respected financial institution and ask you to enter personal financial information. Do not enter any personal financial information in these ads. Omni Bank, N.A. and most other financial institutions will not ask you to verify personal financial information in pop-ups.

Additionally, some pop-ups will appear to “detect” spyware or viruses on your computer. At best, these are advertisements to direct you to sites where you may purchase software to combat these problems. At worst, these pop-ups may actually lead you to install these unwanted computer pests.

Protecting against pop-up advertisements

• Immediately close any pop-up ad windows. Do not enter information or respond in any way.
• Activate a pop-up blocking tool. There are many companies that offer pop-up blocking software, and many Internet browser companies are starting to integrate pop-up blocking tools into the newer versions of their products.

If You Accidentally Click on a Fraudulent Link

If you accidentally clicked and followed the link and provided any information, please CONTACT US immediately. Your account may be compromised, and you may want to close your existing account and open a new one. In addition,

• Call the three major credit bureaus to request that a fraud alert to be placed on your credit report or to seek for appropriate assistance.
  
  Equifax at (800) 525-6285 or www.equifax.com
  Experian at (888) 397-3742 or www.experian.com
  TransUnion at (800) 680-7289 or www.transunion.com
• Report any suspicious activities immediately. Scrutinize any charges on your account statements carefully to ensure that they are legitimate. If there is a questionable transaction or a fraudulent transaction, report it right away.
• Contact your local police department. Financial fraud is a crime.
• Call the Federal Trade Commission’s ID Theft hotline at (877) IDTHEFT to report it. The FTC will take a report, notify law enforcement officials and offer advice.
• Notify the Postal Inspector if you suspect mail theft. It is a felony.
• Contact the Social Security Administration to get a new Social Security number if you believe it is being used by a thief.
• Keep detailed notes of your repair efforts.