A fraudulent (a.k.a. spoofing, imposter, or phishing) e-mail involves the mass distribution of "spoofed" e-mail messages with return addresses, links, and branding which falsely appear to come from a particular organization (such as a bank, insurance company, retailer or credit card company). These fraudulent messages are designed to fool the recipients into divulging sensitive personal data such as credit card numbers, bank account numbers and passwords, social security numbers, etc. Because these emails look "official," an average of 5% of recipients respond to them, resulting in financial losses, identity theft, and other fraudulent activity. It's often hard to detect a fraudulent e-mail. That's because the visible e-mail address of the sender often seems genuine (such as firstname.lastname@example.org), as do the design and graphics. But there are telltale signs to be aware of. For example, fraudulent e-mails often try to extract personal information from you:
- By luring you into providing it on the spot (e.g., by replying to the e-mail)
- By including links to a 'phishing' website that tries to get you to disclose personal data.
- By threatening to close or disable your account if you don't provide the requested information.
- By announcing that someone wants to send you money and needs your bank account information to complete the transaction.
- By asking you to re-activate or verify your account information because of recent security upgrades or software enhancements.
- By name impersonation. Be sure the name referenced in the email is the exact name of the business or person you believe it to be from. Oftentimes fraudsters will use a name that's close, but not exactly right.
Other phishing scams
A new form of phishing, known as Facebook phishing has materialized. In this scam, prompted by a Facebook message sent from a friend's account, users are sent to websites constructed to mirror Facebook's log-in page. They then enter an e-mail address and password. It perpetuates the scam by hacking into users' accounts and re-sending the link to their friends in a message simply labeled "Hello" that contains the link. This allows the hacker access to the Facebook user's friend list. Users should never click an unidentified link and should be vigilant about checking the web adress in the browser window. CNB will never message its fans with just a "Hello" in the subject line, nor will we ever ask for private information, such as a username or password through instant message or by email.
Fraudulent e-mail messages from sources claiming to be either CNB or something with the Citizens name in the title have been reported. Fraudulent e-mails claiming to be from the FDIC have also been reported by our customers. We assure you that these messages have not compromised our systems or your accounts in any way. We take these incidents seriously and work with law enforcement agencies to investigate them.
If you ever receive suspicious e-mails claiming to be from CNB, please notify your local branch office right away.