“Phishing” and Fraudulent Email
What Is "Phishing"?
"Phishing" is a form of e-mail fraud. Criminals
create e-mails and websites that closely resemble those of legitimate
companies. These emails often ask the user to "verify" or
"re-submit" personal or confidential information by clicking on a
link embedded in the message. Their goal is to entice you to provide them
with personal information they can then use to gain access to your assets or
other sensitive data. In this case, they’re trying to get to your accounts.
One of the most common methods is to e-mail a link to a website that
"spoofs" a legitimate company’s site. There, they hope to trick you
into entering your login information. Once a criminal has successfully
"phished" information from you and/or your account, he/she can use
that information to steal your money and your identity.
FDIC has published an alert regarding phishing. To read more click here.
How Do I Recognize a Fraudulent Email?
It can be very difficult. Many of these e-mails use logos,
formats and phrases that are identical to legitimate e-mails sent by legitimate
senders. Here are some easier to spot clues to identify a fraudulent email:
-
Contains a link with a direct IP address link. (e.g.
http://123.203.245.10/isnb)
-
Asks you to enter your User ID, password, account
number or Social Security Number right in the email. ISN Bank will
NEVER send you an email asking you to enter your important account
information right in the email body.
-
Contains a file attachment with suspicious extensions
(exe, com, bat, vbs, scr, reg) even if the suspicious files are enclosed
in a compressed file (zip, rar, sit).
-
Contains misspellings, misused words.
-
Contains unfamiliar return email address or links to
websites that don't include our domain name (isnbank.com).
How can I protect myself from "phishing"?
There are many different types of
email fraud, which makes enforcement and prosecution difficult. The best way to
protect your identity and your accounts is to be informed and cautious. And,
remember - we will NEVER ask you to enter personal or account information in
email or download an attachment from email. Here are some guidelines to
help you protect yourself:
-
Be suspicious of emails with urgent requests for
personal financial information.
Many fake emails use strong and often threatening language to convince you
that something bad will happen (i.e., your account will be shut down) if
you do not click the provided link immediately and update or validate your
account information. Misspelled or misused words should also be warning
signs. If we need to convey urgent requests, we will send you a physical
mailing.
-
Do not reply, click or enter information if you
receive a suspicious email.
"Phishing" emails typically ask for login information, Social
Security Numbers or account numbers. We will never ask you to disclose it
in email.
-
Don’t click unfamiliar links or fill out forms
within email messages.
If you don’t recognize a web address included in an
email, you should open a new browser and type in an address you know. The
majority of fraudulent emails will either have a copy of a web page
included as part of the email or link to fake copies of the page or Login
page. If you’re suspicious, type the familiar address, like "www.isnbank.com"
into your browser to be certain you go to our site.
-
Access your account through
ISN Bank home page.
Before you click "login",
always make sure that you are on the correct webpage by checking the
address bar on your browser
even if you
reached the page from your browser bookmark
(some fraudulent emails are so potent that they
will alter your bookmark.)
You can also add the website to your Trusted Sites in Internet Explorer.
Make sure that the address is either
https://www.isnbank.com,
or https://www.isnbank.org