North Cascades National Bank

Other Resources

Report Fraud to NCNB
FTC Identity Theft Site
FBI Fraud Alerts
Online Banking Security
US CERT Phishing Advice


Holiday Shopping Tips This holiday season the Federal Bureau of Investigation ( FBI) is reminding people that cyber criminals continue to aggressively create new ways to steal money and personal information. Scammers use many techniques to fool potential victims including fraudulent auction sales, reshipping merchandise purchased with a stolen credit card, and sale of fraudulent or stolen gift cards through auction sites at a discounted price. Fraudulent Classified Ads or Auction Sales Internet criminals post classified ads or auctions for products they do not have. If you receive an auction product from a merchant or retail store, rather than directly from the auction seller, the item may have been purchased with someone else's stolen credit card number. Contact the merchant to verify the account used to pay for the item actually belongs to you. Shoppers should be cautious and not provide financial information directly to the seller, as fraudulent sellers will use this information to purchase items for their scheme from the provided financial account. Always use a legitimate payment service to protect purchases. As for product delivery, unfamiliar Web sites or individuals selling reduced or free shipping to customers through auction sites many times are deemed to be fraudulent. In many instances, these Web sites or sellers provide shipping labels to their customers as a service. However, the delivery service providers are ultimately not being paid to deliver the package; therefore, packages shipped by the victims using these labels are intercepted by delivery service providers because they are identified as fraudulent. Diligently check each seller's rating and feedback along with their number of sales and the dates on which feedback was posted. Be wary of a seller with 100% positive feedback, if they have a low total number of feedback postings and all feedback was posted around the same date and time. Gift Card Scams Be careful about purchasing gift cards from auction sites or through classified ads. If you need a gift card, it is safest to purchase it directly from the merchant or another authorized retail store. If the gift card merchant discovers the card you received from another source or auction was initially obtained fraudulently, the merchant will deactivate the gift card number and it will not be honored for purchases. Phishing and Smishing Schemes Be leery of e-mails or text messages you receive indicating a problem or question regarding your financial accounts. In this scam, you are directed to follow a link or call the number provided in the message to update your account or correct the problem. The link actually directs the individuals to a fraudulent Web site or message that appears legitimate where any personal information you provide, such as account number and PIN, will be stolen. Another scam involves victims receiving an e-mail message directing the recipient to a spoofed Web site. A spoofed Web site is a fake site or copy of a real Web site and misleads the recipient into providing personal information, which is routed to the scammer's computers. Tips to avoid becoming a victim of cyber fraud Make sure your computer and browser are secure. Set your firewall, anti-virus and anti-spyware software to automatically update and scan your PC. Don’t create passwords that include easily accessed personal information, such as mother’s maiden name or date of birth. Instead, use something unique that only you know. Don't give personal information over the phone, through the mail or on the Internet unless you know who you’re dealing with and preferably only if you've initiated the contact. Never give out Social Security or driver’s license numbers. If you must share personal information, confirm that you are dealing with a legitimate organization. Look for secure sites with an "s" in the URL (https://) and a closed-padlock icon on the Web page. Never respond to an offer by way of a spam or bulk e-mail. If something sounds too good to be true, it usually is. Log on directly to the official Web site for the business identified in the e-mail, instead of "linking" to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information. Contact the actual business that supposedly sent the e-mail to verify if the e-mail is genuine. Always double-check the URL to be sure you are shopping with the company you intended to shop with. A simple typo can help identity thieves. If you’re using a company’s site for the first time, consider checking it out with the Better Business Bureau (www.bbb.org). Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Virus scan the attachments if possible. Avoid filling out forms contained in e-mail messages that ask for personal information. Consumer protections in the federal Fair Credit Billing Act apply to online credit-card purchases. Keep records of all your purchases in case there’s a problem. Avoid providing unnecessary information such as annual income, spending habits, hobbies and lifestyle data. Shop with U.S.-based companies. Domestic state and federal consumer-protection laws apply. You’ll be protected and have recourse should something go awry. Register your credit and debit cards at www.verifiedbyvisa.com or www.mastercardsecurecode.com for a more secure online shopping experience. Some credit-card companies offer virtual account numbers that are generated each time you make a purchase, and some e-mail providers let you create several aliases to protect your personal e-mail address. To receive the latest information about cyber scams, please go to the FBI Web site and sign up for e-mail alerts by clicking on one of the red envelopes. If you have received a scam e-mail, please notify the IC3 by filing a complaint at www.IC3.gov. For more information on e-scams, please visit the FBI's New E-Scams and Warnings webpage at http://www.fbi.gov/cyberinvest/escams.htm.
Email claiming to be from the FDIC The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC. The subject line of the e-mail states: “check your Bank Deposit Insurance Coverage.” The e-mail tells recipients that, "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets.” The e-mail then asks recipients to “visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage” (a fraudulent link is provided). It then instructs recipients to “download and open your personal FDIC Insurance File to check your Deposit Insurance Coverage.” This e-mail and associated Web site are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft. The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.
Local Debit Card Scam Our customers have recently informed us that they have received phone call scams over the last few days involving their debit card. The scam goes like this: The caller reports that they are calling from either North Cascades National Bank or Cashmere Valley Bank, and tells the customer that their debit card has been compromised and the PIN has been changed. The customer is then asked to confirm their card number and old PIN before the new PIN can be issued. Some of the calls have utilized a computerized voice and some have had a live person with a foreign accent. NCNB will never call you and ask for your account number or PIN. If you receive any call that makes you suspicious, please do not provide any information and call the bank immediately to report the call.
SmiShing. . . .a text message scam As you may know, SmiShing is a type of social engineering that uses cell phone text messages to persuade victims to provide personal information such as card number, CVV2 (3 digit verification number on the back of your card), and PINs. The text message may contain either a website address or more commonly, a phone number that connects to an automated voice response system, which then asks for personal information. An example of a SmiShing attempt may look something like this: Text message originating from sms.alert@visa.com: sms.alert@visa.com/VISA. (Card Blocked) Alert. For more information please call 1-877-269-XXXX Although NCNB may at times ask you for personal information to confirm identification such as your name, date of birth or mother’s maiden name, we will never ask you for a CVV2 or PIN and we will not contact you via text messaging.
In-Session Phishing In-session phishing is a type of attack that targets a users secure web browsing session through a popup window posing as a legitimate message. This particular phishing attack originates by injecting a legitimate secure website with malicious JavaScript. The malware exploits weaknesses in the browser that allows the attacker to see the login URL of where the victim is logged in. Once the URL is received by the phisher, the phisher will then automatically generate a popup posing as the legitimate web site. When a customer visits the legitimate web site and attempts to log in, they are instantly prompted by a pop-up window asking the victim to retype their username and password for the site since their session has expired.. If the user enters their credentials in the phony popup, the phisher then steals the login information. Since this is a browser based attack, the best way to defend against it is to be aware of this type of phishing and to follow the "best practices" in browser security: Be suspicious of unprompted pop up windows that appear without clicking on a hyperlink. Deploy browser security tools and set security settings to disallow popups and certain scripts from running. Always log out of banking and other sensitive online applications and accounts before going to other websites so sessions do not remain active. Please let us know if you have any questions about the security of your personal information. Stop by or call your local branch, or call us at 800-603-9342. We can also be reached by email at info@ncnbank.com.
Advance Fee Loan Scams The Federal Deposit Insurance Corporation (FDIC) is reminding consumers and financial institutions to be aware of advance fee loan scams. The FDIC has observed a significant increase in the number of unsolicited e-mails ("spam") advertising mortgage refinancing, debt consolidation and elimination, small business loans, and special loan programs for veterans and minorities. While some of these e-mails may advertise legitimate loan programs and lenders, advance fee loan scams are becoming more prevalent. Advance fee loan scams prey on consumers who may be under financial duress and may be seeking quick and easy loan approval and funding. The scam typically involves the lender making false promises to arrange for a loan in return for fees paid upfront by the loan applicant. Scam artists may even design Web sites and online loan applications giving the appearance that the company is legitimate. Fraudulent logos and letterhead of legitimate financial institutions or government agencies may also appear on documents that are faxed to the loan applicant. Potential borrowers may be asked to provide information through a Web site or be contacted by phone or e-mail by a "representative" who guarantees loan approval as soon as the borrower pays a required fee. The loan applicant may be told that the fees will be used to pay a third party for loan insurance or application processing, or to make the first month's loan payment. The loan applicant may also be told to send or wire transfer money to an individual overseas before receiving the loan proceeds. In some cases, the loan applicant has been falsely directed to a legitimate financial institution with no knowledge of the transaction. In other cases, the loan applicant is told that the loan request was declined and is asked to forward additional money to qualify for a different loan program. The following are warning signs that may indicate a loan offer is not legitimate: The loan approval is "guaranteed." Lenders do not typically guarantee loans before analyzing the applicant's financial condition, credit history and ability to repay. The loan applicant is required to pay upfront fees to a third party or individual. Loan fees are normally paid to a business after the loan has been approved. The lender or loan processor may be located outside of the United States. Fees are requested using a retail wire transfer system. A password is sometimes used by the overseas receiver to pick up the funds in an attempt to hide the true identity of the criminals and make funds more difficult to trace. More information about fraudulent advance loan fee scams can be found at http://www.ftc.gov/bcp/conline/pubs/tmarkg/loans.shtm.
Vishing... A Local Scam You've heard of "phishing"... now get ready for "vishing". Vishing, like phishing, is the use of social engineering to gain personal and financial information - this time by phone. And just like the recent phishing scams in our area, vishing scams are being carried out locally. Several financial institutions have reported vishing scams targeting their customers in the Wenatchee area. Law enforcement is investigating. To help protect our customers, we need to be prepared to answer their questions and let them know how to identify these scams and avoid becoming a victim. The FAQs listed below will help you address your customers on this issue. What is vishing? Standard phishing scams use email to direct potential victims to phony web pages to steal their identities. Phone vishing scams work a little differently. Instead of being directed to a web page, victims are prompted by email to call a customer support number OR are called directly by the perpetrators. On the other end of the phone line, a person or an audio response unit waits to take the victim's account number, personal identification number, password, or other valuable personal data. The perpetrators may claim the victim's account will be closed or other problems could occur if a response is not received. In most cases, the perpetrators use fake caller ID to make it appear the call is from a legitimate bank or financial institution. They also often use pay phones, stolen cell phones, or hacked accounts. How can I avoid becoming a victim? Treat all unsolicited email and phone messages with skepticism and avoid clicking on links. If you do receive one of these suspicious calls, hang up and call the organization at a familiar number. To determine actual customer support and other phone numbers, check the organization's web site. When you do your research, don't follow a link in an email - always type in the site URL address yourself. If available, refer to your hard copy records of past statements or invoices for legitimate contact phone numbers and other information. Creditor customer support phone numbers are also often listed on the back of credit cards. Scrutinize emails for telltale signs of a phishing attempt, such as poor grammar, typos, strange web addresses, or anything else that seems odd. In the United States, report suspicious email to the FBI, the Federal Trade Commission, and the Anti-Phishing Working Group. How can I tell if an email or website is fake? First off, note that NCNB will NEVER ask you to provide private, secure information through an email link. Here are some tips on identifying fake emails or websites: Even if the site LOOKS like NCNB's online banking page, if the URL (web address) is not correct, it's a fake. If the email makes it sound urgent, wants you to change your information now, or "confirm" your information now, it's fake. If the email or website asks you for a credit card number, a PIN, a CVV number or your password, it's fake. If the email you've been sent asks you to help us "update our database," it's fake. If the email asks you to click on a link to "restore access to your account," it's fake. If the email provides you with a link asking you to change your password through that link, it's fake.
Protect Yourself from Identity Theft Here are our top tips for protecting yourself from this crime: Regularly review your monthly/periodic financial statements for any fraudulent activity- make sure you're the only one responsible for using your name and accounts. Shred all financial and personal documents with a cross-cut paper shredder before you dispose of them. This includes any pre-approved credit offers, letters, bills, receipts, and other personal articles that reveal any account numbers or financial information about you. Never give your Social Security number, bank account number, credit card numbers, or PIN number to anyone over the phone, even if you've been informed you won a prize or are eligible for an amazing offer. That's a common way crooks obtain confidential information they'll use to steal from you. Mail your bills from a locked mailbox or the post office. Thieves like to steal outgoing bill payments for the checks they know they'll find inside. Never give out confidential information like Social Security, bank account, PIN, and credit card numbers in response to an e-mail you've received. Such requests can be "phishing" expeditions for thieves looking to steal your identity. Commit your PIN numbers and passwords to memory, or at the very least, keep them separate from wallet or purse. When you order new checks from us, make sure they get delivered to a secure mailbox and ask us when to expect them. If your mailbox isn't secure, ask to pick them up at your local branch instead. When possible, keep your eye on your credit/debit cards when using them in a store or restaurant, and get your card back right away. Don't carry around your Social Security card, passport, or birth certificate unless you need it that day. Take out any credit cards you don't need as well, just in case your wallet is stolen or misplaced. Keep a list at home of all credit cards and account numbers, along with the appropriate customer service and fraud department telephone numbers. That way, you'll have quick access to the information you need in case of theft.
How We Protect You NCNB is committed to protecting your personal financial information. Here are a few ways that we go the extra mile to protect you: Enhanced Login Security, an online security feature that helps prevent unauthorized access to your accounts by recognizing not only your login information but also your computer. If we don't recognize your computer, we will request additional information that is known only by you, to ensure authorized access. NCNB's Online Banking system will automatically log you off after specified time period of inactivity. This reduces the risk of others accessing your information from your unattended computer. NCNB will never ask you for personal financial information via email. NCNB's computer systems are protected 24 hours a day by powerful firewalls that block unauthorized entry. From the moment account information leaves your computer to the time it enters NCNB's system, all Online Banking and Bill Pay sessions are encrypted. We employ some of the strongest forms of encryption available today. Look for a "closed lock" icon in the lower right-hand corner (Microsoft Internet Explorer) to determine if encryption is being used on any Web page you are viewing. Any Web address beginning with "https://..." indicates the page you are viewing uses encryption. The "s" stands for "secured." To resist constantly evolving online threats, NCNB has adopted proven industry standards for technology to protect your account security.
Tips for Online Banking customers If you are an Online Banking user, we want to let you know that we are committed to keeping your financial information safe and secure. To aid in the protection of your financial information, we want to inform you of two types of online scams and how you can avoid being “hooked” by these scams. Phishing is the practice of sending an e-mail that appears to be from a financial institution, an online store, or another organization with the goal of persuading online banking users to share sensitive information. Pharming redirects Internet users from a legitimate web site to a “spoofed” or imitation site. Computer users might think they are visiting a legitimate online shopping site, for example, but instead are taken to a different site with a similar name. This “pharming” site is used to steal information such as credit card numbers, account numbers, passwords or Social Security numbers. Cyber-criminals use the personal information they gain from phishing and pharming to commit identity theft or fraud. Over time, cyber-criminals have learned to create messages that can seem to genuinely come from the legitimate site. They may “borrow” a company logo, copy the format and colors used on its web site, or imitate the language used in the organization’s real communications. Please note that we will never ask you to click on an e-mail link to share sensitive financial information. If you receive an e-mail that claims to be from North Cascades National Bank and asks you to share account numbers, Social Security numbers, passwords or other personal information, please report it to us immediately. We will give you instructions for changing your password and taking other steps to protect your accounts. Five Rules for Online Safety 1. Never click on links in e-mail messages. 2. Enter web addresses in the browser bar instead of using e-mail links. 3. Never share financial or personal information by e-mail. 4. Tell us about suspicious e-mails that contain our name or logo. 5. Check accounts regularly to spot fraud or unauthorized account access. Please let us know if you have any questions about the security of your personal information. Stop by or call your local branch, or call us at 800-603-9342. We can also be reached by email at info@ncnbank.com.