Security

EMAIL FRAUD / ID THEFT

Fraud Alerts

Some rapidly growing forms of internet fraud are practices known as Phishing, Pharming, Vishing and Smishing.

How It Works. “Phishing” is the practice of sending fraudulent messages to e-mail addresses requesting that the recipient supply confidential information to the sender. The message can be directed at a smaller number of targeted recipients, but is most often mass-mailed or “spammed” to thousands of potential victims. The e-mail is disguised to look like a request from a legitimate organization such as a financial institution, a credit card company, or a retail merchant with which recipients may already have a business relationship. Often the message includes a warning regarding a problem related to the recipient’s account and requests the recipient to respond by providing specific confidential information. The format of the e-mail typically includes proprietary logos, and branding, a “From” line disguised to appear as if the message came from a legitimate sender, and a link to a website or a link to an e-mail address. You may be directed to provide or update personal account information by responding to the e-mail, or you may be directed to click on a link that takes you to a legitimate looking web page containing a form on which you are instructed to provide the information. Typically the information requested includes items such as account numbers, passwords, PINS, Social Security Numbers, or other personal identifying information that will allow the perpetrator to gain access to your accounts, steal your identity or sell the information to others seeking to do the same.

“Mail letter Phishing” is a new scam where the phisher creates a letter that is sent through the mail asking the user to respond by calling a phone number. The phisher outlines in the letter that the individual must respond for their own protection.

“Pharming” is an attack in which a user can be fooled into entering sensitive data such as a password or credit card number into a malicious website that impersonates a legitimate website. Pharming does not have to rely on having a user click a link in an email to deceive the user. Even if a user correctly enters a URL (web address), the attacker can still redirect the user to a malicious web site. Do not download or install anything prior to notification and certification by the IT Department to determine the validity of the site or software program. Never click “yes” to toolbars, helpers or anything else that pops us unexpectedly.

“Vishing”, also called “VoIP phishing for the Internet phone” is the practice of receiving a voice mail that asks users to call a telephone number. The call triggers a voice response system that asks for the user’s credit card or debit card number or other personal or financial information.

“Smishing” is the mobile phone counterpart to phishing. A text message is sent to the user’s cell phone or mobile device with a ploy to click on or access the like. The link causes a Trojan virus to be installed in the cell phone or other mobile device.

Sterling Federal Bank will not solicit confidential or sensitive customer information via e-mail.

How Can You Protect Yourself? Our Sterling Federal Bank website uses 256-bit secure sockets layer (SSL) encryption. Locate the padlock icon in the address bar of your browser and click on it to see the website information. A security certificate will pop up. It is a Sterling Federal Bank site if the “Issued to:” is www.sterlingfederal.com.

Be alert for scam e-mails. These may appear to come from a trusted business or friend, but are actually designed to trick you into downloading a virus or redirecting you to a fraudulent website.

Open e-mails only when you know the sender.

Be careful of opening e-mails with attachments. Even a friend may accidentally send an e-mail with a virus.

Leave suspicious sites. If you suspect that a website is not what it purports to be, leave the site immediately. Do not follow any of the instructions it may offer.

Do not reply to e-mails that request your personal information. Use strong Passwords or personal identification numbers for your Internet accounts. Choose passwords that are difficult for others to guess, and use a different password for each of your online accounts. Use both letters and numbers and a combination of lower case and capital letters if the password or PINS are case sensitive.

Never disclose your user ID and password to other persons. Keep them in a secure place.

Make sure your home computer has the most current anti-virus software. Anti-software programs need frequent updates to guard against new viruses. Download the updates as soon as they are available.

Install a personal firewall to help prevent unauthorized access to your home computer. This is especially important if you are connected to the internet via a cable modem or a digital subscriber line (DSL) modem.

Monitor your transactions. Review your bank statement as soon as you receive it. Immediately report any irregularities.

Learn more about Identity Theft and ways to protect yourself by visiting the sites listed below.

How To Report A Fraudulent Email. If you have replied to the e-mail and you are a Sterling Federal Bank customer, please immediately call our Customer Service Department at 815-626-0614. If you have replied to the message and you are not a customer of Sterling Federal Bank, please contact your financial institution.

If you have not replied to the e-mail but have specific questions related to fraudulent e-mail, please contact us.