First Commercial Bank
About Us

Security

Your trust is one of our greatest assets and keeping your personal financial information secure is one of our highest priorities. To maintain your trust, we make sure our online services and mobile products receive the very latest in security and technology updates. We use industry accepted best practices and continue to invest in these products to ensure whether you conduct business with us at our branches, ATMs, by telephone, online or our mobile apps, your information is secure.

We also encourage you, our customer, to be proactive about protecting your personal information. Please review the information in this Security section for tips on maintaining your personal information.

Phishing

The term "Phishing" - as in fishing for confidential information - refers to a socially engineered scam that consists of fraudulently obtaining and using an individual's personal or financial information through an electronic mean.

Example: A consumer receives an email which appears to originate from a financial institution, government agency or other well-known/reputable entity. These messages describe an urgent reason you must "verify" or re-submit personal or confidential information by clicking on a link embedded in the message. The provided link appears to be the web site of the financial institution, government entity or well-known/reputable entity, but in "phishing" scams, the web site belongs to the fraudster/scammer.

Once inside the fraudulent web site, the consumer may be asked to provide social security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth.

Vishing

Voice phishing is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from consumers for the purpose of financial reward. The term vishing is a combination of "voice" and "phishing". Voice phishing exploits the public's trust in landline telephone services and is typically used to steal credit card numbers or other information used in identity theft schemes.

Some fraudsters utilize features facilitated by Voice over IP (VoIP). Features such as caller ID spoofing (to display a number of their choosing on the recipients phone line), and automated systems.

Example: A consumer receives and answers the call, an automated recording, often generated with a text to speech synthesizer, is played to alert the consumer that their credit card has had fraudulent activity or that their bank account has had unusual activity. The message instructs the consumer to call the following phone number immediately. The same phone number is often shown in the spoofed caller ID and given the same name as the financial company they are pretending to represent. Consumers unknowingly provide personal financial information to the fraudsters while believing they are working to protect their accounts.

Voice phishing is difficult for legal authorities to monitor or trace. To protect themselves, consumers are advised to be highly suspicious when receiving messages directing them to call and provide credit card or bank information. When in doubt, calling a company's telephone number listed on billing statements or other official sources is recommended as opposed to calling numbers received from messages or suspicious callers.

Smishing

Smishing is a form of criminal activity using social engineering techniques similar to phishing. The name is derived from "SMS Phishing" SMS (Short Message Service) is the technology used for text messages on cell phones.

Similar to phishing, smishing uses cell phone text messages to deliver the "bait" to get a consumer to divulge their personal information. The smishing messages used to capture consumer information may contain a web site URL or phone number that connects to an automated voice response system.

Example: A consumer receives the following SMS phishing message: "Notice - this is an automated message from (a local bank), your ATM card has been suspended. To reactivate call us at 866-XXX-XXXX."

In many cases, the SMS phishing message will show that it came from "5000" instead of displaying an actual telephone number. This usually indicates the SMS message was sent by email to the cell phone rather than from another cell phone. This information can then be used to create duplicate credit/debit/ATM cards.

Money Wiring Scams

Wiring money is like sending cash and once a wire is sent, you cannot get the money back.

How to spot a money wiring scam?

Scammers and fraudsters are tricky - they might say:

  • You won a prize, or inherited money, but you have to pay fees first.
  • You won the lottery, but you have to pay some taxes first.
  • A friend or family member is in trouble and needs you to send money to help.
  • You need to pay for something you just bought online before they send it.
  • You received a check for too much money and need to send back the extra.

These are all tricks. When you hear stories like these, you have spotted a money wiring scam. You can avoid a money wiring scam by never wiring money to someone you do not know. Even if you feel like you know the person, take the extra steps to contact them before ever sending any money.

What you should know:

First Commercial Bank will never request sensitive banking information via email or other electronic message. We will also never contact you requesting your online banking credentials and recommend that you do not share these or keep them written down.

Some common sense and easily implemented precautions can help you safeguard your personal information:

  • Strong Passwords - Experts suggest a combination of letters and numbers, and advise against using easily guessed passwords such as birthdays or home addresses. Do not use dictionary words, proper nouns or foreign words, and never repeat passwords. Having the same password on multiple accounts creates a single point of failure.
  • Anti-Virus Protection - Make sure the anti-virus software on your computer is current and scans your email as it is received.
  • Email Safety - Email is generally not encrypted so be wary of sending any sensitive information such as account numbers or other personal information in this way.
  • Sign Off and Log Out - Always log off by following the bank's secured area exit procedures.
  • Monitor Your Accounts - When you check your accounts regularly, you can let us know immediately if you encounter anything that seems unusual. 

Consumer Resources

- Internet Crime Complaint Center: www.ic3.gov
- Consumer Fraud (Department of Justice Homepage) www.usdoj.gov
- Federal Trade Commission (FTC ) Consumer Response Center: www.ftc.gov
- Consumer Guides and Protection: www.usa.gov
- Financial Fraud Enforcement Task Force: www.stopfraud.gov
- On Guard Online: onguardlonline.gov

 

For Business Online Banking Customers

What is corporate account takeover?

"Corporate account takeover" is when cyber-thieves gain control of a business' bank account by stealing the business' valid online banking credentials. Although there are several methods being employed to steal credentials, the most prevalent involves malware that infects a business' computer workstations and laptops. Malicious software, which is available over the internet, automates many elements of the crime including circumventing one time passwords, authentication tokens and other forms of multi-factor authentication.

A business can become infected with malware via infected documents attached to an e-mail or a link contained within an email that connects to an infected web site. In addition, malware can be downloaded to user workstations and laptops by visiting legitimate websites - especially social networking sites - and clicking on the documents videos or photos posted there. This malware can also spread across a business' internal network.

The malware installs key logging software on the computer, which allows the cyber thieves to capture a user's credentials as they are entered at the financial institution's website. Sophisticated versions of the malware can even capture token-generated passwords, alter the display of the website to the user, and/or display a fake web page indicating the financial institution's website is down. In this case, the criminal can access the business' account online without the possibility that the real user will log in to the website.

Once installed, the malware provides the information that enables the cyber-thieves to impersonate the business in online banking sessions. To the financial institution, the credentials look just like the legitimate user. The perpetrator has access to and can review the account details of the business, including account activity and patterns, and ACH and wire transfer origination parameters (such as file size, frequency, limit, and SEC codes).

The cyber-thieves use the sessions to initiate funds transfers, by ACH or wire transfer, to the bank of associates within the US. These accounts may be newly opened by accomplices or unwitting "money mules" for the express purpose of receiving and laundering these funds. A "money mule" is a person who transfers stolen money or merchandise from one country to another, either in person, through a courier service, or electronically. The term is commonly used to describe online scams that prey on victims who are unaware that the money or merchandise they are transferring is stolen. In these scams, the stolen money or merchandise is transferred from the victim's country to the scam operator's country. The accomplices or mules withdraw the entire balance shortly after receiving the money, and then send the funds overseas via over-the-counter wire transfer or other common money transfer services.

Why are businesses and organizations targeted?

The cyber-thieves appear to be targeting business, as well as government agencies and nonprofits, for several reasons:

  1. Many Business and organizations have the capability to initiate funds transfers - ACH credits and wire transfers - via online banking.
      a. This funds transfer capability is often related to a business origination of payroll payments.
      b. In corporate account takeover, the cyber-thieves may add fictitious names to a payroll file (directed to the accounts of money mules) and/or initiate payroll payments off-cycle to avoid daily origination limits.
  2. Some business do not have the level of resources to defend their information technology systems.
  3. Many business do not monitor and reconcile their accounts on a frequent or daily basis.
  4. Some business bank with a wide variety of financial institutions with varying degrees of IT resources and sophistication.

Prevention, detection & reporting for business customers account control

  1. Reconcile all banking transactions on a daily basis.
  2. Initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer.
  3. Utilize routine reporting on transactions.
  4. Perform periodic risk assessments of the banking products/services you use; including regular reviews of user access levels, dollar limits and activity.
  5. Immediately report any suspicious transactions to the financial institution.
  6. Stay in touch with other business and industry sources to share information regarding suspected fraudulent activity.

Computer security tools & practices

  1. Install a dedicated, actively managed firewall. A firewall limits the potential for unauthorized access to a network and computers.
  2. Install commercial anti-virus software on all computer systems and ensure virus protections and security software are updated regularly.
  3. Ensure computers are patched regularly, particularly operating systems and key applications, with security patches.
  4. Consider installing spyware detection programs.
  5. Be suspicious of emails purporting to be from a financial institution, government department or other agency requesting account information, account verification or banking access credentials such as usernames, passwords, PIN codes and similar information. If you are uncertain of the source do not click any links.
  6. Use strong password policies.
  7. Prohibit use of "shared" usernames and passwords for online banking systems.
  8. Use a different password for each website that is accessed.
  9. Change the password several times per year.
  10. Never share username and password information with third-party providers.
  11. Limit administrative rights on user workstations.
  12. Carry out all online banking activities from a stand-alone computer system from which email and web browsing are not possible.
  13. Verify use of a secure session ("https") in the browser for all online banking.
  14. Avoid using automatic login features that save usernames and passwords for online banking
  15. Never leave a computer unattended while using any online banking or investing service.
  16. Never access bank, brokerage or other financial services information at Internet cafes, public libraries, etc. Unauthorized software may have been installed to trap account number and sign on information leaving the customer vulnerable to possible fraud.

Symptoms of an Infected Computer

  • A Computer may have been compromised if it exhibits any of the following characteristics or signs:
  • Is slow or nonresponsive
  • Shows signs of high-level activity on the hard drive that is not the result of anything you initiated
  • Displays messages on your screen that you haven't seen before
  • Is unable to run a program because you don't have enough memory
  • Crashes constantly
Member FDIC Equal Housing Lender