- Don’t carry your Social Security number, memorize it and keep the card at home
- Watch for the timely arrival of monthly bills and statements in the mail
- Mail your bills inside the post office, rather than using a mailbox near the street
- Don’t share your account numbers over the phone or anywhere others can hear you
- Keep your eye on your credit card at all times while making purchases – a dishonest clerk may distract you and swipe it through a second scanner that records your information
- Keep track of all credit card receipts and shred any you don’t need
- Shred any unneeded documents that contain bar codes, account numbers or other sensitive data
If you would like more information on Identity Theft and how to protect yourself, you can do the following:
- View our Identity Theft Solutions Flyer
- Visit any one of our Central Valley Community Bank Office locations to pick up the Federal Trade Commission's "Taking Charge - What To Do If Your Identity Is Stolen" Packet or download it here
- Visit the Federal Trade Commission's Identity Theft site
- Visit On Guard Online to learn more about protecting yourself against Internet fraud
- Business and local government agencies can find cyber security resources at US - Cert.
Identity Theft Prevention - Simple Steps For Protecting Your Identity video
Learn more about computer security and online scams can find additional information at FDIC - Don't Be An Online Victim
How to protect your Business?
At Central Valley Community Bank we take your banking security seriously, so we want to share some online banking guidance. Small businesses are frequently targeted by fraudsters because they often have fewer resources to protect their information.
To learn more about ways to better protect your business click here.
What is Phishing?
Phishing is a high-tech scam that uses spam email or pop-up messages that appear to be from a legitimate source, and deceive you into disclosing your Social Security number, bank account information, credit card numbers, passwords, or other sensitive information. Phishing emails or pop-up messages are sent claiming to be from a business or organization that you associate with like your bank, Internet service provider, online payment service, or a government agency. Although they can be difficult to spot, the phishing emails usually ask you to click a link back to a fraudulent website to provide, update or confirm your personal information. What you need to know:
- Don't open emails if you do not know the sender
- Delete any suspicious emails as soon as you receive them
- If you receive an email that looks legitimate, but asks for personal or financial information, do not reply or click on the link in the message
- Legitimate companies do not ask for this information through email.
- Do not e-mail personal or financial information, because email is not a secure method to transmit personal information
- Review bank account statements and credit card statements as soon as you receive them to determine if there are any unauthorized charges
- Use anti-virus software on your computer and keep it updated. Emails could contain viruses that can harm your computer or monitor your activities on the Internet
What is Vishing?
Vishing is also known as "voice phishing," vishing attacks attempt for you to provide personally identifiable information either over the phone or by using the phones Internet browser. Vishing schemes involving a phone call are often directed to an automated "bank" greeting that prompts the caller to provide credit card or bank numbers. Here is some advice on how to protect yourself:
Be aware and suspicious of unknown callers asking for your personal information
Don't trust your caller ID
If someone is asking for your personal or financial information, ask them to identify who they work for so that you can check to see if they are legitimate
Call them back - if it's a bank or credit card company, call them back using the number that is on your bill or on your card
Never provide credit card information or other private information to anyone who calls you
Register your number with the FTC National Do Not Call Registry, even though criminals may ignore the list, a call from a supposed telemarketer might tip you off that it is a vishing attack
For more information or to report an incident, visit the Federal Trade Commission
Contact the Federal Trade Commission Complaint Assistant
Customer Service 1-800-554-8969
Debit Card Security
Central Valley Community Bank is very excited to offer an enhancement to our fraud/security monitoring for our debit cards that came into effect Monday June 21, 2010. We have support monitoring unusual activity on your debit cards 24 hours a day, 7 days a week. An automated call will be initiated from our Fraud Detection Center to have you verify any unusual activity.
If you receive one of these automated calls, you will be asked to verify your account and the activity, but will not need to provide any identifying personal or financial information. If you have any questions regarding this upgrade, please contact Customer Service at 1-(800) 298-1775.
To better serve legitimate Internet Banking customers, Central Valley Community Bank collects generic information about visitors to our website. This information includes the date and time of access, the Internet service provider's address, referring site information, the web browsers used, and the operating systems used. Again, this is generic information for our monitoring purposes, and cannot be traced to a specific user or machine.
Central Valley Community Bank requires customers to utilize specific passwords for access to confidential and private information. Central Valley Community Bank reminds customers of their responsibility to safeguard login IDs and passwords. In addition, commercial customers should carefully screen those employees to whom user IDs and passwords are granted.
Central Valley Community Bank utilizes encryption, firewall, router, third party verification procedures and other security software and hardware to help prevent unauthorized eavesdropping of and access to customers' confidential and private information.
Central Valley Community Bank utilizes virus protection software to help prevent the spread of computer viruses.
Central Valley Community Bank utilizes "cookies" to help authenticate our customers' identities and to help facilitate the exchange of information between Central Valley Community Bank systems and our customers' systems.
Central Valley Community Bank reminds all of its customers that links in the institution's websites can be found to websites not under our control. These websites will not necessarily comply with Central Valley Community Bank's "Privacy Principles" and security standards.
Central Valley Community Bank reminds all of its customers that confidential and private information may be compromised in both traditional and non-traditional banking activities. Central Valley Community Bank can only establish policies and procedures to help restrict use of and access to confidential and private information. If any Central Valley Community Bank customer believes that confidential and private information has been compromised, please contact Central Valley Community Bank immediately so that the potential breach can be investigated.
No doubt about it, online technology has made the world better connected and more efficient than ever. But it has also given birth to a wide range of cybercrimes including identity theft. As a result, you may be wondering: how safe is Online Banking at Central Valley Community Bank?
The answer: extremely. Central Valley Community Bank takes online security very seriously, and we are constantly adopting and updating our security measures to ensure the highest levels of safety and protection for our customers. Learn More
Identity theft continues to be one of the fastest growing crimes in the United States, and has ranked as one of the top consumer concerns for the past several years. The Federal Deposit Insurance Corporation (FDIC) has produced a multimedia presentation to help consumers protect themselves from identity theft. The presentation provides information on steps consumers should take to secure their computer and protect themselves from identity theft, as well as actions consumers should take if they become a victim of identity theft. View Video
Protect Your Information When Online
Spam e-mail or pop-up messages can appear to be from a legitimate source and deceive you into disclosing your personal information, passwords or financial information. Protecting your security is a commitment Central Valley Community Bank takes very seriously. For a step-by-step guide to preventing, detecting and responding to identity theft, click here. If you have additional questions or need assistance, please contact our Customer Service Department at (800) 298-1775 or email us at email@example.com.
If you would like to print this document, click here.
As one of Central Valley Community Bank’s valued customers, your security and satisfaction are extremely important to us. Always remember to take extra precautions with your personal information when online. While most online retailers have measures in place to prevent identity theft, the single most effective way to ensure your privacy and security is to be alert and cautious when making online transactions. Protecting your security is a commitment Central Valley Community Bank takes very seriously. If you have additional questions or need assistance, please contact our Customer Service Department at (800) 298-1775 or email us at firstname.lastname@example.org.
Security researchers from email security provider AppRiver warn of a new IRS-themed spam campaigns that take advantage of the tax filing period to distribute infamous ZeuS banking trojan virus. The subject of these emails states: "Your Federal Tax Payment Notice sn#######" (where # is a digit) and have forged headers to appear as they originate from an IRS address. The message advises recipients that their tax return filing was rejected by the Electronic federal Tax Payment System (EFTPS) and asks them to correct the error.
The messages are targeting businesses and ZeuS virus has a long track record of helping fraudsters steal money from organizations. These emails should come from the tax preparation company and not from the IRS. In addition, this "code R21" trick has been used in malware distribution campaigns so hopefully some people are already aware of it.
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.
The subject line of the e-mails state: "you need to check your Bank Deposit Insurance Coverage." The e-mail tells recipients that, "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets." The e-mail then directs recipients to click on a link stating "You need to visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage."
This e-mail and associated Web site are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers and should not click on the link provided.
The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.
Recently, several Central Valley Community Bank customers notified the Bank they had received phone calls from individuals claiming to be representatives of our Bank. PLEASE be alerted these calls ARE NOT from Central Valley Community Bank or any of its affiliates. These individuals are using common techniques in an attempt to solicit personal, and or financial information from our customers for unlawful purposes. Should you receive such a call, please hang up and notify your local branch of the activity. At Central Valley Community Bank we take the privacy and security of your banking relationship very seriously and as a rule our Bank NEVER ASKS for personal or financial information.
We have been notified that several customers have received fraudulent automated phone calls to their cell phones. The calls may be identified as coming from 300-6 and will state your debit card has been blocked. The muffled recording says "ATM FRAUD has occurred, please press 1, for our security department.” When the customer presses 1 they are asked to provide their debit card number. THIS IS A FRAUDULENT CALL AND YOU SHOULD NOT RESPOND TO THEIR INSTRUCTIONS. If you have received one of the fraudulent calls or have additional questions or concerns, please contact Customer Service at (800) 298-1775.
PLEASE NOTE: Central Valley Community Bank does not ask customers to provide the debit card number but will use methods to verify and substantiate your ownership. All of our calls to customers will be identified as Central Valley Community Bank.
ACH SPAM Fraud Alert (11/17/11)
Central Valley Community Bank (CVCB) has received reports that customers and non-customers have received a fraudulent e-mail that has the appearance of having been sent from CVCB. See sample below.
The subject line of the e-mail states: “ACH Transfer not accepted by Central Valley Community Bank.” The e-mail includes a link which redirects the individual to a fake web page which will download an executable virus, Trojan or other malware. If you are a recipient of this email, please promptly delete it, update your anti-virus software definitions to the latest version and run a full scan of your system. Both the e-mail and the related Web site are fraudulent.
Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software applications security patches are installed and current.
Central Valley Community Bank will never advise a customer via email, of the status of an ACH transaction. In most cases, email is only used for responses to email requests or queries initiated by the customer. If you are uncertain of any email that you receive, which appears to be sent from, or on behalf of, Central Valley Community Bank, you may contact our Customer Service Department at 1-800-298-1775, option 3 for confirmation. You can provide a copy of the wording to Customer Service, but please delete any sensitive data.
NACHA requests that if you receive a fraudulent email that appears to come from NACHA, please forward them to email@example.com for analysis. These fraudulent emails typically make reference to an ACH transfer, payment, or transaction and contain a link or attachment that infects the computer with malicious code when clicked on.
Additional information and guidance on phishing is available from the Federal Deposit Insurance Corporation (FDIC).
Fraudulent Emails Claiming to be from NACHA (Phishing Alert Update 3/29/2011)
Further to notices issued on March 11 and February 22, 2011, NACHA – The Electronic Payments Association has received reports that individuals and/or companies continue to receive fraudulent emails that have the appearance of having been sent from NACHA. These emails vary in content and appear to be transmitted from email addresses associated with the NACHA domain (@nacha.org). Some bear the name of fictitious NACHA employees and/or departments.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.
Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.
Always use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software application security patches are installed and current.
Additional information and guidance on phishing is available from the Federal Deposit Insurance Corporation (FDIC).
NACHA – The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent e-mail that has the appearance of having been sent from NACHA. See sample below.
The subject line of the e-mail states: “Rejected ACH Transaction.” The e-mail includes a link which redirects the individual to a fake web page which appears like the NACHA Web site and contains a link which is almost certainly executable virus with malware. Do not click on the link. Both the e-mail and the related Web site are fraudulent.
Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software applications security patches are installed and current.
Be alert for different variations of fraudulent e-mails.
= = = = = Sample E-mail = = = = = =
From: nacha.org [mailto:firstname.lastname@example.org]
Sent: Thursday, November 12, 2009 10:25 AM
To: Doe, John
Subject: Rejected ACH transaction, please review the transaction report
Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:
Unauthorized ACH Transaction Report (this is the how the link is presented) Copyright ©2009 by NACHA - The Electronic Payments Association
For more information, click here.
The growing popularity of accounting software including Intuit, Quicken, QuickBooks and Turbo Tax has led to a rise in e-mail scams targeted at do-it-yourself tax payers. Intuit, Quicken, QuickBooks, TurboTax and numerous other accounting preparation products have seen a "marked increase" this year in reports of fraudulent e-mails. Identity thieves target tax software providers because they send mass e-mails to a large number of users advising them on the status of their tax return and customers are more likely to click on the links. Legitimate accounting software emails never ask customers to provide, update or confirm sensitive data. Tips to use when online:
- Never reply to unsolicited email. Don't open attachments.
- Don't respond to emails requesting your password, log-on or any financial information.
- Don't respond to emails that claim to offer a "software update" or "software download." Updates should be done on your provider's website or desktop product.
- Forward suspicious Intuit, Quicken, QuickBooks and Turbo Tax emails to email@example.com
- For emails that claim to come from the Internal Revenue Service, the IRS will not send you unsolicited email and or use email to discuss tax account information with you or request personal or financial information from you. Additionally, the IRS will never ask for your PIN numbers or security passwords for your credit card, bank or other financial information.