Phishing (pronounced fishing) is a common fraud activity that criminals employ to steal sensitive information. In many cases, the criminal would use email, text messages, instant messages, or false websites to impersonate a legitimate company and ask customers to provide username, passwords, social security number, or credit card numbers.
To prevent yourself from becoming a victim of phishing, be very cautious of unsolicited messages that request sensitive information. Resist the impulse of clicking or responding to an email, no matter how upsetting or exciting the email or messages may be.
How to Detect Phishing
How do you know when it's phishing? It is obvious when the message asks for your personal information, such as account numbers, usernames and passwords. This type of information is for you to know only. Your bank or other institution where you do business should already have this information, so they should never ask you for it.
Another obvious example of phishing is if you receive messages from companies that you do not have an account with. Immediately discard these messages. If it is from a company that you handle personal business with, you can always call their customer support center to validate the authenticity of the message. Never use the link or phone number provided in the message.
Visit the American Bankers Association's (ABA) website to learn more about phishing.
Report Phishing Activity
Federal Trade Commission www.ftc.gov (877) 382-4357
Social engineering is a form of fraud that starts with direct human interaction in an attempt to gather your personal information. In the most basic form, hackers might go through your trash searching for sensitive data. This is known as dumpster diving. Criminals can also obtain your information by deliberately looking over your shoulders while you are keying in a card transaction. This is known as shoulder surfing.
More sophisticated method of social engineering often involves tricking people into providing personal information by claiming to be from a trusted business or the government. These criminals are often well trained and usually sound believable. Just remember, never trust anyone who calls you and asks for your personal information.
If a person calls (or uses email) to ask for your personal information or requests your information as a form of validation, be skeptical, and question why they need such information. Delete messages that ask for personal information.
Do not follow the link from an email, even if you feel it is legitimate. Instead, manually open a web browser and type in the web address. If you want to call the customer service department regarding the message, don't use the number provided in the email, look up the number for customer service.
Social Engineering tends to use tactics of urgency. They want you to respond immediately by pressuring customers to provide information. Do not let their urgency influence your decision making.
Malicious Software (Malware) is a common threat for all Internet users. Malware consist of viruses, Trojans, worms, and spyware which can infect your computer and steal valuable information.
Good Internet security software is essential to protect your computer and your personal information against hackers, spammers, viruses and adware. We recommend you purchase, use and keep up-to-date a computer security software package that provides a broad range malware protection. Many computers come with good Internet security software already installed. Most software companies that offer anti-virus software also have full Internet security packages.
If you do not have an Internet security package, at the very least, make sure you invest in anti-virus software that will protect your computer from harmful programs. Anti-virus software such as Norton and McAfee can detect, block, and delete unwanted viruses on your computer. Make sure your anti-virus software is configured to automatically update and to periodically scan your computer for possible viruses.
When it comes to identity theft and account hijacking, the right information means money to hackers. One sophisticated method criminals use to trick people into giving their personal information is through website spoofing (creating a fake website that looks like the website of a legitimate business).
Often when hackers want to obtain personal financial information they create (spoof) a website that looks like the website of a financial institution. Then they direct people to the spoofed site and try to get them to enter their personal financial information. To lure people to a spoofed website, hackers may send hundreds of thousands of emails urging the recipient to click on the link (which will take them to the spoofed website).
Anytime when visiting eldoradosavingsbank.com, remember to look for the padlock symbol and "https://" on your browser status bar. If you do not see them then you are not on our website. Do not provide any information to prompts at this site. Report this site to our Internet Banking Department by calling (800) 874-9779.
Also, while El Dorado Savings Bank does use email for Internet Banking alerts, we will never ask for any personal information, nor will we use it as a form of advertisement. If you are concerned with an unscheduled email from El Dorado Savings Bank, you may call our Internet Banking Department to verify its authenticity.