INTERNET RELATED BANK FRAUD
1st National Bank will NEVER request that you send us confidential information
such as account numbers or credit card number via e-mail. If you receive a
request for confidential information via e-mail, please report it to the webmaster
by calling (513) 932-3221 or via e-mail at internetbanking@bankwith1st.com.
The number of instances of Web-related fraud are on the rise. Although no incidents havebeen reported to 1st National Bank, we felt that our customers would benefit by being aware
of two of the latest fraud techniques, and how to protect you from them.
Phishing
What It Is“Phishing” refers to a new technique being used by hackers to dupe web users into giving out
personal information like account numbers and credit card numbers. This is done by creating
a duplicate of an existing web site and then fooling users into logging in or filling out forms at
the fake site. The fake site looks nearly identical to the real site, including the use of logos and
other distinguishing characteristics.
The FBI has called phishing the “hottest and most troubling new scam on the Internet.”
How It Works
The scam usually works something like this: the victim receives an e-mail that appears to come
from their bank. The e-mail contains links to a web site that appears to belong to the bank.
It uses the same graphics and generally has a similar web address. The user “logs in” to their
account at the fake site. Often, the user will get an “error” message and be redirected to the
legitimate login page to “try again”. What has really happened, however, is that they have sent
their login information to the hacker.
How To Avoid It
There are a number of things you can do to avoid getting caught up in this scam.
- The first and most important is to understand that 1st National Bank will never send
you an e-mail message requesting that you log in. If you receive such an e-mail,
please forward it to internetbanking@bankwith1st.com.
- Second, never log into your 1st Online account by clicking an e-mail link. It is
possible to create a link that looks like it is pointing to one address, but that leads
you to another.3. Third, know the web address for the 1st Online login:
https://secure.fundsxpress.com/piles/fxweb.pile/fx?iid=1NBLOHDo not log in if the address does not match this one. The web address for billpay is:
https://www.billpaysite.com/login.asp?instid=385104. Finally, check the site certificate if you are unsure. To check the certification of a site,
double-click on the lock icon in the lower-right corner of your browser. (If there is no lock
displayed, then you are not a secure site and no information should be entered.)
This will display the site’s certification.
Look for issued to “secure.fundsexpress.com” or www.billpaysite.comE-mail Solicitation
What It Is A more common (and less sophisticated method is to solicit personal information directly
via e-mail. In this scenario, the victim receives an e-mail message that would appear to
come from their bank. The message usually claims that some technical error has occurred
and that the bank needs to re-establish their database. The victim is told to send their
account numbers, passwords, and address information via a reply. This type of scam
can also be perpetrated via instant messenger.
How It Works This scam works with basic deception. The e-mail message is usually worded pretty
convincingly and may even appear to come from someone you know.
How To Avoid It
This is easy – never send confidential information via e-mail. E-mail is generally plain
text and is readable by anyone with access to the computers used to relay it. A good
rule of thumb is to never send anything via e-mail that you would not want to see
published on the front page of tomorrow’s paper.