Hancock Bank and Trust Company wants to inform you of the most common types of Online Fraud which are Phishing and Spoofing. These types of fraud usually come in the form of e-mails that appear to be sent from legitimate sources. These e-mails ask customer to verify personal information (phishing) or to link to counterfeit (spoofed) websites that seem real.
To better protect yourself, watch for e-mails that:
- Urge you to act quickly because your account may be suspended or closed, or to update personal information.
- Don't address you by name, but instead use a more generic greeting such as " Dear Valued Customer.
- Ask for account numbers, passwords, Access IDs, or other personal information.
Hancock Bank and Trust Company will never ask for sensitive data such as account numbers or your Access ID, or passwords in an e-mail.
Other Common Forms of Fraud
Fraudsters may also use other contact methods to obtain your private information. These include but are not limited to text messages (smishing) and through phone calls (voice phishing or vishing). You might receive a text message, phone call, or voice mail warning that your account may be suspended, frozen, or compromised unless you visit a particular website or call a designated phone number where you will then be asked for personal information. These "scare" tactics are designed to convince you to provide your information or face negative consequences.
Hancock Bank and Trust Company will never ask for sensitive data such as account numbers or your Access ID, or passwords in an e-mail
Customer Awareness & Education
Warning signs of potentially compromised computer system:
- Dramatic loss of computer speed
- Changes in the way things appear on the screen
- Computer locks up or freezes
- Unexpected rebooting or restarting
- Unexpected request for a token pass-code in the middle of an online session
- Unusual pop-up messages, especially a message in the middle of an online banking session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc)
- New or unexpected toolbars and/or icons
- Inability to shut down or restart the computer
Best practices for safe business online banking:
- Reconcile banking transactions on a daily basis
- Utilize separation of duties when initiating ACH and/or wire transfers- one person originates the transaction on one computer and another person approves the transaction on another computer
- Immediately report suspicious transactions to Hancock Bank & Trust by calling 1.800.447.4282
- Install a firewall to help limit unauthorized access to the network and/or computer
- Install anti-virus software on all computer systems
- Do NOT download “Free versions” of anti-virus programs. Free versions do not provide “real-time” protections
- Ensure that computers are patched regularly, particularly operating systems and key applications
- Install anti-spyware/anti-malware software and update them often
- Be suspicious of Emails purporting to be from the bank or any financial institution requesting account information, account verification or online banking credentials such as user names, passwords, token codes, and similar information
- Create strong passwords and do not use your business online banking password for other sites
- Change the default login passwords on all network devices
- Limit administrative rights on users’ workstations
- Carry out all business online banking activities from a stand-alone computer system- that is, one that is not used for Email and general web browsing and Facebook
- Avoid using automatic login features that save usernames and passwords for business online banking
- Never leave a computer unattended while using any online banking service
- Never access bank, brokerage or other financial services information at Internet cafes, public libraries, airports, etc. Unauthorized software may have been installed to trap account number and login information leaving open the possibility of fraud
- Purchase insurance against electronic banking fraud
What to do if you are a victim of Corporate Account Takeover (CATO):
- Immediately cease all activity from computer systems that may be compromised. Disconnect the Ethernet cable or other network connections to isolate the computer from its Internet access.
- Immediately contact Hancock Bank & Trust Company, stating that you believe that you are a victim of Corporate Account Takeover (CATO). Request assistance with the following actions:
- Disable online access to accounts
- Change online banking passwords
- Open new account(s) as appropriate
- Request that the bank’s security officer and auditor review all recent transactions and electronic authorizations on the account(s).
- Ensure that no one has requested an address change, re-ordered checks, ordered debit cards, etc. to be sent to a different address
- Maintain a written chronology of what happened, what was lost and the steps taken to report the incident to the various agencies, banks, and firms impacted. Be sure to record the date, time, and telephone number, person spoken to, and any relevant report or reference number and instructions.
- File a police report and provide the facts and circumstances surrounding the loss. Obtain a police report number with the date, time, department, location and officer’s name taking the report or involved in the subsequent investigation. Having a police report on file will facilitate dealing with insurance companies, banks, and other establishments that may be the recipient of fraudulent activity. The police report may initiate a law enforcement investigation into the loss with the goal of identifying, arresting and prosecuting the offender and possibly recovering losses.
For additional information on information security, navigate your browser to the link listed below. This guide was published by the National Institute of Standards and Technology (NIST). The guide identifies recommend practices to improve information security in small businesses.
Small Business Information Security
*This document is for informational purposes in order to promote business online banking customer awareness and is not intended to provide legal advice. The best practices included within this document are not an exhaustive list of actions and security threats change constantly. Risk assessments should be done regularly to address the changing cyber threat landscape.
Business Online Banking
Merchant Source Capture
Personal Online Banking