Fraud Prevention Tips

How to avoid falling victim to phishing, pharming and other types of online and mobile banking fraud


“Phishing” is the act of attempting to fraudulently acquire sensitive information like passwords and credit card numbers by masquerading as a trustworthy person or business. The request often comes through with a sense of urgency in an email or text message that appears to be official. 

How to prevent phishing attacks

  • Be cautious of emails or texts that request account information and/or passwords
  • Never provide personal details to “receive a prize” or “verify a statement”
  • Never respond to emails or texts, open attachments or click on links from suspicious or unknown senders. If you’ve opened one inadvertently, delete it immediately.
  • Never provide your social security number (SSN) to confirm the authenticity of your transactions unless you confirm it’s necessary and from a reputable source
  • Always ask if you can provide another piece of identifying information first


“Pharming” is an attack that misleads a user to enter sensitive data like passwords or credit card numbers into a malicious website that “spoofs” a legitimate website. Unlike phishing, the attacker doesn’t have to rely on the user clicking a link in an email. Even if the user correctly enters a URL into a browser’s address bar, the attacker can still redirect the user to a malicious website.

How to prevent pharming attacks

Don’t expect the Internet browser address bar on the spoofed site to tell you anything useful. If the criminals are good, it will look exactly like the real website. Only a certificate like those issued by Verisign will confirm you’re on a valid website.

How will you know? When you visit a website that uses a certificate, you’ll see a box asking if you want to trust the certificate, a common practice for online banking. Compare the name on the certificate. If it doesn’t match the site you’re trying to reach, you know something is wrong. Close the window and call the company immediately. If the certificate is valid, save that page so your browser will recognize it next time.


Business Email Compromise

Business Email Compromise (BEC) is a type of phishing attack in which a cybercriminal impersonates a high-level executive or other trusted contact to trick an email recipient into transferring funds into a fraudulent account.

Who’s targeted in a BEC attack?

Cybercriminals seek out situations in which fund transfers happen on a regular basis, and anyone authorized to complete financial transactions for a business could be a target. Controllers, accountants and real estate agents are frequent victims.

How does a BEC attack happen?

  • Email Spoofing: Hackers manipulate the sender’s email address to appear to be from a trusted source.
  • Compromised Email Account: Cyber criminals send a spoofed email with urgent payment instructions typically to a junior staff member, who is instructed not to discuss the email with their colleagues.
  • Company Research: Cyber criminals use services like LinkedIn to gather information on business relationships, employee names and positions, and even an executive's communication style.

How to prevent BEC attacks

  • Be careful with social media posts. Remember that anything you share is public and permanent.
  • Be vigilant with unsolicited emails and phone calls. Even small pieces of information like vendor names and vacation schedules are useful to cybercriminals.
  • Don’t rush to read email. Criminals plan their attacks for the busiest times of the day – when it’s easy to overlook key details in email requests.
  • Verify originating email addresses and phone numbers when sensitive requests are made.
  • Implement two-factor authentication before initiating wire transfers or providing sensitive data. Call a verified phone number for a live confirmation of the request’s legitimacy.

Credit Reporting Bureaus

How to check on fraud

If you believe you’ve been a victim of fraud, call the fraud unit of one of the credit reporting bureaus. (All three share fraud information, so you only need to contact one.) Here’s what to do once you reach them:

1. Report credit card theft.

2. Ask for your accounts to be flagged.

3. Add a victim’s statement to your report (100 words max). Example: “My ID has been used to apply for credit fraudulently. Contact me at [phone number] to verify all credit applications.”

4. Ask for names/phone numbers of credit grantors who’ve opened fraudulent accounts in your name.

5. Ask the credit bureau to remove inquiries generated via fraudulent access and send notifications to any recipients of your credit report in the last six months (two years for employers).

6. Be sure to check how long a fraud alert is on your account and how to extend it if necessary.

7. Request free copies of your credit report every few months so you can monitor it.


Report fraud: Call 800-525-6285 or 800-685-1111

Request a copy of your credit report in writing: Equifax, P.O. Box 740241, Atlanta, GA 30374-0241

Dispute information in your credit report in writing: Equifax, P.O. Box 740256, Atlanta, GA 30374-0256

Opt out of pre-approved credit offers in writing: Equifax, P.O. Box 740123, Atlanta, GA 30374-0123



Report fraud: Call 888-397-3742 or fax 800-301-7196

Contact Experian Consumer Fraud Assistance in writing: P.O. Box 1017, Allen, TX 75013

Dispute information in your credit report: Call Experian at the phone number on your credit report.

Opt out of pre-approved credit offers and marketing lists: Call 800-353-0809


Trans Union

Report fraud: Call 800-680-7289 or write to Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92634.

Order a copy of your credit report: Call 800-916-8800 or write to Trans Union, P.O. Box 390, Springfield, PA 19064.

Dispute information in your credit report: Call 800-888-4213 or the phone number on your credit report or use the “Investigation Request Form” that comes with your credit report.

Opt out of pre-approved credit offers and marketing lists: Call 888-5OPTOUT (888-567-8688)


Consumer Credit Counseling Service of Los Angeles

For additional assistance with removing fraudulent claims from your credit report, call the Consumer Credit Counseling Service of Los Angeles at 800-750-2227.

Social Security Administration

If your Social Security number has been compromised, call the Social Security Administration (SSA) immediately at 800-269-0271. You may also order your Earnings and Benefits Statement by calling the SSA at 800-772-1213.

Reporting Theft or Fraudulent Use of Checks

To report theft or fraudulent use of your checks, call your local bank branch immediately and contact:

Equifax 800-437-5120

Telecheck 800-710-9898

ChexSystems* 800-328-5121 or 800-428-9623

SCAN  800-262-7771

*Regarding closed checking accounts only.

Wire Fraud Prevention

Wire transfer is one of the common types of fraudulent activity due to the speed of payment. Cyber criminals know money wired is nearly impossible to recover because of immediate settlement and funds availability. They use BEC schemes initiated by an email requesting a wire transfer that appears to come from a known source.

How to prevent wire fraud

  1. Carefully examine the e-mail address, URL and spelling used in any correspondence.
  2. Verify the legitimacy of the wire request by calling the listed number vs. the one in the email.
  3. Verify the wire instruction to see if the receiving bank and account number match prior transactions. A request to wire money to a new beneficiary or different bank account is a red flag.
  4. Always stay vigilant!