Cybersecurity Awareness

Internet Banking / Mobile Banking / e-Statement Access

When performing internet and mobile banking personally, or for your business organization, you are entering a secure access website ensuring that effective safeguards are in place to protect your account confidentiality and identity. Farmers and Merchants Bank has taken the following measures to insure the protection of our authorized internet banking customers and their account transactions conducted on the internet.

Login Name and Password Protection

Your assigned internet banking login name and user-selected password are the first line of defense, and are a unique identifier. Remember not to share them with anyone, as the most frequent occurrences of account fraud are often related to someone the victim knows.

Encryption

Your internet and mobile transactions and personal account information are secured by encryption software applications that translate information fields into code that is only readable to the bank and the internet-banking or mobile user. Layers of firewall protection and 24/7/365 monitoring are in place to further secure bank systems against unauthorized access to internet and mobile banking applications and stored database information.

Multi-Factor Authentication

Multi-Factor Authentication is a security system which supports more than one form of end-user authentication in verification of the legitimacy of a specific transaction. Multi-Factor Authentication components include, transmission of one-time, six (6) digit security codes by text, email, or voice activated telephone calls to the approved user to validate and verify the user's secure login credentials for PC, tablet, or mobile device authentication.

Privacy Policies

Bank privacy policies were instituted to maintain strict procedural, physical, and electronic compliance guidelines to comply, and adhere to, federal banking guidelines in protection of your non-public personal information.

Cookies

During your use of the Internet Banking service, our Internet Banking Service Provider, Fiserv, will pass an encrypted cookie to your computer in order to identify your computer during the session. This cookie enables us to process multiple transactions during the session without having to provide an Access ID and Passcode for each individual transaction. Users must accept this cookie to use the Internet Banking service. This cookie does not contain any personal information; it simply provides another level of security for our Internet Banking product. The cookie is stored on your computer’s hard-drive, identifying your computer while you are logged on. If multiple computers access our Internet Banking service, a cookie reset may be required to establish a new session, which can be requested to the bank’s Client Services Department at 410-517-3065.

Internet/Mobile Banking Tips that can assist you in protecting Your Identity and Account Passwords

Computer and Internet Banking Security begin with establishing a strong password which only you, as the authorized user, know. Consider using a complicated or unique password routine, without using easily identified information or numbers, which could be guessed by other parties. Consider changing your password periodically, especially when the internet/mobile banking solution advises you to do so.

Anti-Virus Protection

Protection of home and business computers should include current anti-virus & malware software updates and e-mail scan capabilities, in protection of your personal security, when online.

E-Mail Protection - Tips & Considerations

Be alert to the receipt of unsolicited, or unscheduled, delivery of e-mail claiming to originate from Farmers and Merchants Bank. Be cautious, and take the time to call our bank to verify it was indeed from Farmers and Merchants Bank. Most e-mail correspondence is not encrypted. Users should be mindful of not documenting account numbers or other personal information (i.e. Social Security Number or Tax ID Number) in e-mail correspondence between two parties.

Please note that Farmers and Merchants Bank will never request that you send your internet banking password, Social Security Number, Tax ID Number, or other confidential information, including your secure account information, through e-mail correspondence.

Logging Off

Upon completion of internet banking activities, including account information review, transfers and bill payment transactions and other ancillary services, be sure to log off to exit the bank’s secure web site ensuring protection of your personal information.

Online Awareness

Internet hackers, and fraudulent cyber organizations, are actively attempting to compromise your personal information. They will exhaust many means to achieve their goal. Be aware of unusual or suspicious requests for personal information. Do not respond to the requests and when in doubt, contact the bank at 410-517-3065 to discuss the situation further and to verify your suspicions.

.BANK website address      www.fmb1919.bank

.BANK is a trusted, verified, more secure, and easily-identifiable location on the Internet for U.S. bank institutions, such as Farmers and Merchants Bank.  Only banks, bank trade associations, bank regulators, and approved bank service providers are eligible for a .BANK domain.  Domain registrars like EnCirca, and Symantec, add a layer of trust to .BANK by verifying the eligibility of companies requesting secure bank domains.   When you access our .BANK domain, you have the peace of mind to be assured you are visiting our legitimate bank website on a secure connection.  Cyber criminals will be unable to duplicate our website on a similar .BANK domain, keeping our website more secure for internet banking services.

Phishing Scams

Phishing attacks are sophisticated spoofed e-mails and fraudulent websites, often including official-looking logos from real banking institutions. Their purpose is to trick the recipient into divulging personal identity and bank account information. Utilizing various methods such as trusted brands of well-recognized banking institutions, credit card companies, online retailers, as well as providing web links to fraudulent sites, phishers are able to attract up to 5% of recipients to respond to them. Preventative measures to avoid phishing scams include:

• Do not respond to urgent instructions to provide personal information contained in suspicious e-mails.
• Do not click on internet web links included in the body of suspicious e-mails.
• Use only secure websites when conducting online transactions and providing personal information.
• Routinely log into online accounts and review account activity statements to ensure all transactions are accurate and legitimate.
• Forward any suspicious or phishing e-mails to the anti-phishing network at: reportphishing@antiphishing.com 

Malware

Malware, an abbreviation for Malicious Software, is software developed by internet hackers, or hacking organizations, designed to hijack and damage a computer system without the user’s knowledge. Malware applications often record keyboard strokes with the intent to steal your identity, your passwords and track your computer activities. Malware can be in many forms, including computer viruses, worms, Trojan horses, harmful spyware, and adware. Further complicating the spread of Malware are techniques, which include free pop-up advertisements for free anti-spyware, and adware applications that seem authentic, at the time of need, but ultimately are a mechanism to trigger the harmful spread of these forms of Malware.

Fraudulent Letter Scams

(Delivered by U.S. Mail, Fax, or E-Mail Correspondence)

In recent years, many fraudulent letter scams have originated from within the U.S. borders. Many others have also originated in bordering countries and foreign countries. These fraudulent scams target unsuspecting individuals with offers that ultimately seem to be too good to be true. These scams promise wealth for little effort in return, usually ending in personal and bank institutional monetary loss. In protection against many of these popular fraudulent letter scams that can be perpetrated by the single, “con” artist or an organized group or “ring”, Farmers and Merchants Bank is providing some helpful information to ward against being a targeted suspect.

Nigerian Letter Scam

The Nigerian Letter Scam is a long-standing letter scam perpetrated by organized groups of individuals alleging to be government officials from the third-world country of Nigeria, or other third-world countries. The basis of the scam is a poorly written letter, which indicates that a large sum of money has resulted from unclaimed funds relating to the estate of a deceased individual, or frozen government funds. The letter states that the recipient of the letter can receive a significant percentage of the sum proceeds, (i.e. 30-35%) for assistance in negotiating funds through a local U.S. banking institution.

Characteristics of the scam include a sense of urgency in the response instructions, several forged “official looking” documents, and rotating points of contacts with generic sounding surnames. Mass mailings of the Nigerian Letter scam are executed daily by U.S. mail, fax transmittal, and e-mail. The intent is for unsuspecting individuals to consider a very lucrative, albeit questionable, arrangement. Instructions are provided to negotiate paper currency conversion of fraudulent check items, or fraudulent U.S. Postal Money Orders, with a corresponding Western Union cash gram transaction returned to the scam artist, accompanying the promise of future proceeds to the victim – which never occurs. Often times repeat requests are directed after successful cash grams have been initiated. With this instruction comes the future promise of proceeds remitted that simply extend the scam process and increase the risk of exposure for incurred losses to the victims and the banking institutions.

If you feel that you have been a victim of this Nigerian Letter Scam, or other fraudulent scams, please notify Chris Oswald, Bank Security Officer, at the bank at your earliest convenience. Contacting the United States Secret Service at your local Baltimore field office at (443) 263-1000, is another course of action.

Foreign Lottery Scam

The Foreign Lottery scam is another emerging scam, perpetrated by organized con artists or fraudulent groups that communicate that the recipient of the letter was selected as a winner of a foreign lottery, despite the absence of a purchased lottery ticket. This letter scam is often received by U.S. mail and is accompanied by a fraudulent official bank check, which originates from a non-local state or foreign country. Instructions will explain that the winner was randomly selected and that the check is representative of a portion of the lottery proceeds, or the export tax, needed to redeem the lottery winnings. The recipient is directed to negotiate, or deposit the funds in their local U.S. banking institution and remit a Western Union cash gram to the con artists. This completes the scam cycle without any lottery proceeds materializing for the victim.

Alternative forms of this scam include an e-mail letter stating that the victim recently completed an online survey, which randomly selected them as the lottery winner. Specific instructions are given to open new accounts at their local U.S. Banking institution, while requesting the account number and bank routing-in-transit number information be given to the con artists in order to facilitate a future deposit of check instruments that are ultimately deemed fraudulent. If you feel that you have been a victim of this Foreign Lottery Scam, or other fraudulent scams, please notify Chris Oswald, Bank Security Officer, at the bank at your earliest convenience. Contacting the United States Secret Service at your local Baltimore field office at (443) 263-1000, is another course of action.

Bank, Credit Card, or Federal Regulatory Official Telephone Scam

One of the more concerning scams involves con artists who target unsuspecting individuals, often times seniors. These individuals are contacted by telephone and the perpetrator poses as a representative of a local bank, credit card company, or Federal Bank Regulator, similar to the FDIC. The scam artists seem authentic, at first, and are hastened by urgent requests for victims to quickly provide personal and account information in protection of their local bank account relationships. If accurate information is provided, and not questioned in the process, con artists can quickly act to swindle unsuspecting victims of account funds in a very short period of time.

A derivation of this scam consists of when the con artist poses as a representative of the credit card security department, stating that a high volume of transaction activity has occurred in a distant U.S. state, with a confirmation request inquiring if the cardholder is in possession of the actual credit card. The conscientious victim tries to assist while thinking they are helping to prevent further exposure, yet are duped into providing their specific card information, expiration date and security code on the reverse side of their credit card. Proactive measures include ending the conversation, prior to providing any card information, and contacting the fraud department number listed on the reverse side of their credit card. Another helpful measure is to request the caller’s telephone number to return their call once their credit card company security department has verified the validity of the initial telephone call.

Internet / Online - Secret Shopper Scam / Temporary Employment Scams

In the recent economic recession, the popularity of internet-based online scams targeting unemployed or fixed-income household members have been increasing in frequency and occurrence, on a local and national scale. These scams appeal to individuals looking for temporary online employment and short-term compensation, with the correspondence being directed by e-mail communications or brief telephone conversations. The identified source of employment or assigned duties often pertain to performing simple, low-level secret shopper surveys or online informational surveys, in return for mailed compensation in the form of a fraudulent check. Similar to other identified scams, urgent instructions to deposit the check instrument in their local bank institution and execute a Western Union cash gram transaction once the account funds become available to the accountholder. The cash gram instructions to another party, often directed outside of the United States of America, are accompanied with precise wiring instructions and are repetitively requested through e-mail and/or by telephone to the targeted responder until successfully completed and received.

The dollar amounts range from $ 1,500 to $ 5,000, with a residual amount of the check amount being deemed the compensation for completing the secret shopper or work assignment task. Often, the secret shopper survey is conducted for Western Union in how their retail operation executes the fraudulent cash gram instruction. The Western Union cash gram transaction is the scam, with the fraudulent checks being returned to the bank institution of first deposit at a later date, with losses incurred by the bank and/or account customer.

Natural Disaster / Tragic Events - Fraudulent Charitable Scams

In light of some of the recent natural disaster events and/or terrorist events, including Hurricane Sandy, the shooting at Sandy Hook Elementary, the Boston Marathon Bombing, and Moore, Oklahoma Tornado, fraudulent scammers are preying on heightened emotions of people recovering and those willing to assist with charitable donations. With many charitable organizations facilitating online donations to expedite relief and recovery efforts, con artists are reacting quickly as media reports and social media sites spread information of the occurrence.

In the Moore, Oklahoma Tornado occurrence in May 2013, two fraudulent charitable web sites were enabled within twenty (20) minutes of the tragic weather occurrence in this community. Recommendations are to donate to reputable charitable organizations, like the Red Cross, and be wary of e-mail, and telephone solicitation requests for donations to unfamiliar charitable organizations. Research charities online and inquire as to how funds received through donations are to be used in the relief process.

Home Repairs Scams

Local Police organizations warn of in-person solicitation for home repairs, with some tied to these regional natural disaster occurrences, where individuals request to come into the home for presentations. In many cases, con artists work in tandem and can be distracting one person in the home while another is elsewhere on the property with malicious or theft intentions. Don’t be pressured into “one-day” only specials, check references and perform licensing verification, always ask for written estimates, and get a second opinion before contracting services. Never extend cash payments to home contractors or other vendors or sign over insurance checks, only pay by credit card or personal check, and be sure not to pay in full up front.

If you feel you have been targeted or have suspicions in these types of scams, or have fallen prey to providing personal information to con artists, you can contact your local police authorities or initiate a complaint to the Federal Trade Commission

Consumer Complaint Website

Learn More About Identity Theft and Fraud Issues

November 19, 2018
FEDERAL DEPOSIT INSURANCE CORPORATION Protect Your Money From Scams

Shopping Online During the Holidays?

During the holiday season, we tend to make a lot more purchases online for travel and gifts, so it’s especially important to be vigilant about protecting your money. Here are some of the most common scams to watch for:

Fake Websites and Apps. Scammers often create fake websites that are so similar to the sites of popular retailers, it easily tricks consumers into providing payment information. The scammers take your information and your money, but you never receive the products. Scammers have also developed fake apps that contain malware. When you download the app, the malware steals personal information from your device or locks it, holding it for ransom until you pay the scammers. Other types of fraudulent apps ask you to login using your social media or email accounts that could expose your personal information for the scammers to steal.  Be careful of apps or websites that ask for suspicious permissions, such as granting access to your contacts, text messages, stored passwords, or credit card information. Also, poor grammar or misspelled words in an apps’ description or on a website is a red flag that it is not legitimate.

Email Links. Avoid clicking on links in unsolicited emails or emails from unfamiliar sources. The links may lead to an illegitimate website attempting to get you to enter your credit card or other personal information. Some links may download malware (malicious software, such as computer viruses) to your computer when you click on them that can steal your banking information, including login identification, passwords, and credit or debit card numbers. These emails typically look very similar to ones sent by well-known retailers, banks, and other entities.

Be on the lookout for emails that have typos or other obvious mistakes. In addition, be skeptical of email attachments described as coupons, rebates, or payment forms – they could include malware. And avoid email offers that seem “too good to be true.” If an email promises popular items for free or a surprisingly low price, it is probably a scam.

Making Payments on Unsecure Sites. Before paying for a purchase online, make sure the website you’re on has “https” at the beginning of its URL with a lock symbol: This means the site has a protected network connection. Websites with “http” at the beginning of the URL with no “s” are more vulnerable to attacks by scammers who steal credit card information by monitoring network traffic. Also be aware of pop-up windows that appear while you are on a website asking for your credit card information to receive coupons or to win free items. Legitimate companies do not ask for your personal information for those purposes.

Using Public Wi-Fi to Shop or Access Sensitive Information. Wireless connectivity, also known as Wi-Fi, allows your laptop, PC, or mobile device to connect to the internet without a physical wire connection. Many restaurants, hotels, libraries, and other places offer free public Wi-Fi, which is convenient when you’re on the go. However, these networks may not be secure (since they either do not require a password or provide the same generic password to all customers for access) and may expose your personal and banking information to scammers looking to steal names, social security numbers, and bank account numbers.

Avoid using public Wi-Fi to make purchases online, login to your financial accounts, or access other sites that have sensitive information about you. It’s also a good idea to stick with websites that have “https” encryption (discussed above) when in public places.

Package Delivery Confirmation Scams. This scam is especially popular during the holidays when people receive gifts through the mail that they may not be expecting. The scammers call or email claiming to be from the U.S. Postal Service or a major shipping company and state that you have a package waiting for delivery. To ensure the package is meant for you, you are asked to provide personal information, which the scammers steal to use to open credit accounts in your name. In response to this scam, the U.S. Postal Service explained it does not call or email people and ask for personal information if there is a problem with a delivery. 

Learn More

Don’t let these scams dampen your holiday spirits. Instead, here are precautions you can take to protect your money while shopping online:

• In general, always use difficult-to-guess, unique passwords on every account.
• If you’re using shopping apps, focus only on official retailer apps found on the retailer’s website or a reputable app marketplace, which offer stronger security.
• Never provide your credit card information unless you are on a secure site, showing “https” at the beginning of the URL and the lock symbol.
• Think about implementing two factor authentication on your accounts. Two factor authentication requires you to provide two pieces of evidence when logging into an account. It presents an extra layer of security to make it more difficult for someone who isn’t you to log into your account. For more information, visit https://www.nist.gov/itl/tig/back-basics-multi-factor-authentication
• Monitor credit card bills and bank statements as well as app and other online transactions for unauthorized purchases or withdrawals.  Immediately contact your bank if you see anything suspicious. In addition, you may want to consider signing up for alert services. Many credit card issuers, banks, and mobile app providers offer services that notify you about certain account activities, such as recent logins from unrecognized devices.

For more help or information, go to www.fdic.gov or call the FDIC toll-free at 1-877-ASK-FDIC (1-877-275-3342). Please send your story ideas or comments to Consumer Affairs at consumeraffairsmailbox@fdic.gov