Icon Star

Fraud Prevention


Types of Fraud

How do scammers contact their victims?

Phishing (Fraudulent Emails)

Phishing is a term for scams commonly used when a criminal uses email to ask you to provide personal financial information. The sender pretends to be from a bank, a retail store, or government agency and makes the email appear legitimate. Criminals often try to threaten, even frighten people by stating “you’re a victim of fraud” or some other urgent-sounding message to trick you into providing information without thinking.

Vishing (Fraudulent Phone Calls)

Vishing is similar to phishing, but instead of using email, the criminal uses phone services such as a live phone call, a “robocall,” or a voicemail to try to trick you into providing personal information by sounding like a legitimate business or government official.

Smishing (Fraudulent Text Messages)

Smishing, similar to phishing and vishing, is when scammers use text messaging to reach you. They pretend they are from an organization you might know and trust (such as a bank or the IRS) and try to get your personal information.


What are different types of scams?

Financial Institution Imposter Scams are when fraudsters get cardholders to share the information they need to commit fraud by posing as a financial institution call center agent, or by sending text messages that look like they are coming from the bank, warning of suspicious transaction activities.

A text alert warning of suspicious activity on your card will NEVER include a link to be clicked. A valid notification will provide information about the suspect transaction and ask you to reply to the text message with answers such as ‘yes’, ‘no’, ‘help’, or ‘stop.’ A text alert will always be from a 5-digit number and NOT a 10-digit number resembling a phone number. A phone call will only include a request for your Zip code, and no other personal information, unless you confirm that a transaction is fraudulent. Only then will you be transferred to an agent who will ask questions to confirm your identity before going through your transactions. If at any point you are uncertain about questions being asked or the call itself, hang up and call us directly.

Government Impostor Scams are when fraudsters pretend to be an employee of the FDIC or other government agency, sometimes even using the names of real people.

The FDIC does not send unsolicited correspondence asking for money or sensitive personal information, and we’ll never threaten you. Also, no government agency will ever demand that you pay by gift card, wiring money, or digital currency. The FDIC would never contact you asking for personal details, such as bank account information, credit and debit card numbers, social security numbers, or passwords.

Lotteries and Sudden Riches Scams are when you are told that you won a lottery, perhaps in a foreign country, or that you are entitled to receive an inheritance. You are told that in order to “claim” the lottery winnings or inheritance, you must pay “taxes and fees.” A fake cashier’s check might be sent to you, which the scammer asks you to cash and then wire back the funds to cover the taxes and fees. They disappear with your funds and you get nothing in return.

Online Auctions, Classified Listing Sites, and Overpayment Scams involve an online auction or classified listing site. The scammer offers to buy an item for sale, pay for a service in advance, or rent an apartment. The clue that it is a scam is that they send you a cashier’s check for an amount that is higher than your asking price. When you bring this to their attention, they will apologize for the oversight and ask you to quickly return the extra funds. The scammer’s motive is to get you to cash or deposit the check and send back legitimate money before you or your bank realize that the check you deposited is fake.

Grandparent Scams happen when a fraudster hacks into someone’s email account and sends out fake emails to friends and relatives, perhaps claiming that the real account owner is stranded abroad and might need your credit card information to return home. If you receive such an email, make sure you contact the sender through other means before sending any money or personal information.

Secret or Mystery Shopper Employment Scams involve fake advertisements for job opportunities that claim to be “hiring” people to work from home. As the potential new “employee,” you might receive an official check as a starting bonus, and are asked to cover the cost of “account activation.” The scammer hopes to receive these funds before the official check clears and you realize you have been scammed.

Another scenario involves an offer to work from home as a secret shopper to “assess the quality” of local money transfer businesses. You are sent a cashier’s check and instructed to deposit it into your bank account and withdraw the amount in cash. You are then instructed to use a local money transfer business to send the funds back to the “employer” and “evaluate” the service provided by the money transfer business.

How can you avoid scams?

Be suspicious if someone contacts you unexpectedly online and asks for your personal information. It doesn’t matter how legitimate the email or website may look. Only open emails, respond to text messages, voice mails, or callers that are from people or organizations you know, and even then, be cautious if they look questionable.

If you think an email, text message, or pop-up box might be legitimate, you should still verify it before providing personal information. If you want to check something out, independently contact the supposed source (perhaps a bank or organization) by using an email address or telephone number that you know is valid, such as from their website or a bank statement.

Regularly check your account(s) online for suspicious transactions, but especially if you are unsure about a call or text message you’ve received. If anything looks amiss, call us directly for assistance.

Internet and Social Media Safety

Update Your Software. Keep your software – including your operating system, the web browsers you use to connect to the Internet, and your apps – up to date to protect against the latest threats. Most software can update automatically, so make sure to set yours to do so.

Outdated software is easier for criminals to break into. If you think you have a virus or bad software on your computer, check out how to detect and get rid of malware.

Protect Your Personal Information. Don’t hand it out to just anyone. Your Social Security number, credit card numbers, and bank and utility account numbers can be used to steal your money or open new accounts in your name. So every time you are asked for your personal information – whether in a web form, an email, a text, or a phone message – think about why someone needs it and whether you can really trust the request.

In an effort to steal your information, scammers will do everything they can to appear trustworthy. Learn more about scammers who phish for your personal information.

Protect Your Passwords. Here are a few ideas for creating strong passwords and keeping them safe:

  • Use at least 10 characters; 12 is ideal for most home users.
  • Try to be unpredictable – don’t use names, dates, or common words. Mix numbers, symbols, and capital letters into the middle of your password, not at the beginning or end.
  • Don’t use the same password for many accounts. If it’s stolen from you – or from one of the companies where you do business – thieves can use it to take over all your accounts.
  • Don’t share passwords on the phone, in texts or by email. Legitimate companies will not ask you for your password.
  •  If you write down a password, keep it locked up, out of plain sight.

Consider Turning On Two-Factor Authentication. For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in to your account. The second piece could be a code sent to your phone, or a random number generated by an app or a token. This protects your account even if your password is compromised.

Give Personal Information Over Encrypted Websites Only. If you’re shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for https at the beginning of the web address. That means the site is secure.

Back Up Your Files. No system is completely secure. Copy your files to an external hard drive or cloud storage. If your computer is attacked by malware, you’ll still have access to your files.

Use Privacy Controls. You can restrict who can see your social media profile and posts by setting up privacy controls.

Watch What You Post. You shouldn’t post information about significant dates that involve your family members i.e., birthdays, ages or even family members’ names. Personal information such as where you live, work, or go to school could be used against you. Travel plans can give an indication that your home may be unoccupied. Identity thieves will read through your profile history which can paint a detailed picture of who you are.

Identity Theft

What Is Identity Theft?

The United States Federal Trade Commission defines identity theft as follows:

“Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.”


What do you do if you think your identity has been stolen.

  1. Contact us. If you think you are a victim of identity theft or identity fraud, immediately call (not sure which contact to put here).
  2. Contact all other creditors. In addition to contacting us, you must also promptly contact all other banks, financial institutions, and other creditors with whom you do business and let them know your identity has been compromised. Follow up phone conversations with an email or certified letter.
  3. Close accounts. Close accounts that you believe were tampered with or opened fraudulently. When you open new accounts, be sure to use different Personal Identification Numbers (PINs) and passwords. Choose new, non-obvious passwords that combine numbers, letters, and symbols and are hard for thieves to guess.
  4. Contact credit reporting companies. If a thief tries to get credit in your name, the potential creditor will see the fraud alert and will be required to verify your identity before issuing credit in your name. The initial alert stays on your credit report for one (1) year.


Set up a fraud alert:

  1. Call one of the companies below (not all three).

– Equifax: 800-525-6285 or equifax.com

– Experian: 888-397-3742 or experian.com

– TransUnion: 800-680-7289 or transunion.com

  1. Report that you are an identity theft victim.
  2. Ask the company to put a fraud alert on your credit file.
  3. The company you call must tell the other two companies about your alert. Confirm that the company will contact the other two companies.
  4. Request a copy of your credit report from each of the three credit reporting companies. Provide your current contact information if they need to contact you.
  5. Mark your calendar. The initial fraud alert stays on your report for one (1) year. You can renew it after one (1) year.
  6. Record the dates on which you made calls or sent letters and keep copies of all letters.
  7. Submit an “Identity Theft Complaint/ Affidavit” with the FTC. The Federal Trade Commission (FTC) is the nation’s consumer protection agency that collects identity theft information. It is important that you file an identity theft complaint with the FTC. After you file your complaint, you will need a printed copy of the complaint.


To submit an identity theft complaint:

  1. Contact the FTC’s Identity Theft Hotline at 877-ID-THEFT (877-438-4338)


  1. File your complaint online. Click here to learn more about submitting a complaint with the FTC. [https:// www.ftccomplaint assistant.gov] After you submit your complaint online, print a copy.
  2. File a Police Report. Complete a report about the theft at your local police department. Keep a copy of the police report in your files. Bring the following documents to the police department when filing a report:


  • A printed copy of your Identity Theft Complaint Affidavit (see step 5)
  • A copy of the FTC’s Law Enforcement Cover Letter. Click here to get the cover letter [ftc.gov/bcp/edu/microsites/idtheft/downloads/memorandum.pdf]
  • Your driver’s license or other government-issued identification document, preferably with a photo
  • Proof of residency (a document with your address), such as a copy of your phone or utilities bill, rental agreement, or payroll stub; you can black out any financial information
  • Copies of your credit reports that show credit problems caused by identity theft
  • Copies of any credit cards, bills, monthly statements, or collection letters you received relating to the identity theft
  • Anything else that shows what happened or provides information about the theft


  1. Create an Identity Theft Report. Attach your FTC Identity Theft Affidavit (the document you created in step 5) to your police report – this is your Identity Theft Report. You need an Identity Theft Report to:


  • Get fraudulent information removed from your credit report
  • Stop a company from collecting debts that result from identity theft
  • Place an extended fraud alert on your credit report that will stay in affect for seven years
  • Get information from companies about accounts the identity thief opened or misused
  1. Dispute errors with credit reporting companies. In step 4e, you requested free copies of your credit report from all three credit reporting companies. After you get your credit reports, read them carefully. Send a letter to each reporting company (Equifax, Experian, and TransUnion) explaining any mistakes you notice on existing accounts and new accounts. In your letters, include the following information:


  • You are an identity theft victim
  • List the errors you found
  • Include copies of documents showing the errors
  • Ask the credit reporting company to remove the fraudulent information from your file The credit reporting companies will investigate your claims. This may take a month or more. In the meantime, you must also write to the banks, retailers, credit card companies and other businesses reporting unauthorized activity on your credit report.
  1. Dispute fraudulent transactions on existing accounts. Review your credit reports for fraudulent transactions on your bank accounts, retailers, utility and companies, or other businesses. If you find a suspicious transaction:
  2. Change the password and PIN for each account immediately.
  3. Call the business to inquire about their dispute process. Tell the business you are an identity theft victim and want to dispute a transaction on an existing account. Ask if they accept your Identity Theft Report or if they require you to complete their own dispute form. If they have their own form, ask where to obtain a copy (online or by mail).
  4. Write a letter to send in along with the company’s dispute form or your Identity Theft Report. Include the following:

– Explain that you are an identity theft victim.

– List the fraudulent transactions you found.

– Ask the business to remove fraudulent information.

  1. Send in the following documents along with your letter and dispute form (or Identity Theft report):

– A copy of your Identity Theft Report (or the special dispute form if required).

– A copy of your credit report. (Black out any personal information that does not pertain to your dispute.)

– Copies of documents that show the fraudulent transactions

  1. Mail the letter and associated documentation disputes and keep copies of all correspondence.
  2. Dispute fraudulent new accounts opened in your name. Contact the fraud department of each business that reported a new account opened in your name by an identity thief.
  3. Contact the fraud department of each business where an account was opened.
  4. Explain that you are an identity theft victim.
  5. Ask the business to close the account.
  6. Ask if they will accept your Identity Theft Report or if they require you to complete their own dispute form. If you must use their form, ask where to obtain a copy (online or by mail).
  7. Send a copy of your Identity Theft Report or the business’ dispute form with an accompanying letter that requests the business to send you written confirmation of the following:

– The fraudulent account is not yours.

– You are not liable for the fraudulent account.

– The fraudulent account was removed from your credit report.

  1. Keep copies of the letters you send and the confirmation you receive from the business. You will need these documents if you see this account on your credit report in the future.

ATM and Debit Card Safety

Be Aware of Your Surroundings. Shield the ATM keypad with your hand or body while entering your PIN. Don’t accept help from anyone you don’t know when using an ATM or night deposit facility. At a drive-up facility, make sure all the car doors are locked and all of the windows are rolled up, except the driver’s window.

Protect Your PIN and Card. Protect the secrecy of your Personal Identification Number (PIN). Don’t tell anyone your PIN or write it where it can be discovered. Put away your card and cash immediately after withdrawals.

Check to See if the ATM Appears to Have Been Tampered With. Capturing card information or “skimming” is on the rise at ATM and gas stations.  Never use an ATM or card swipe that looks like it has been tampered with as indicated by loose or extra parts attached to the face of the machine, adhesive tape or glue residue.  Look for anything that may have a tiny hole or slot for a camera that is aimed at the keypad.