Security Threats

Safeguard your sensitive information
  • Learn useful tips.
  • Discover the latest scams.
  • Click here for the most current scams.

Let's work together against
harmful security threats.

At First Bank, we want to help you identify and avoid threats to your accounts and personal information.

First Bank has been notified of a new scam asking clients to verify their card numbers or other financial information. This is a scam. First Bank will never contact you by phone asking you for your card numbers, to disclose your financial information, or to login to your account. Stay alert!

Useful Security Tips and Ideas

Threats are ever evolving and keeping up with current threats can be difficult. We encourage you to use caution and never provide confidential information via text, email, incoming call (by a person or automated call), or pop-up ad on your computer.

When you receive a call or message that seems suspicious or unusual, hang up and call the phone number from your most recent bill or the back of your card. With our increased dependence on electronic devices and the Internet, below is information to help educate and provide you and your business.

Ransomware

Ransomware is malware that is downloaded through email attachments that then encrypts an entire system, including any attached storage. One particular ransomware that businesses need to pay attention to is CryptoLocker.

The only way to decrypt an infected device is to pay a fee or "ransom" to the malware owner. Preventing the malware from loading is the key. Don't open any email with a .zip file as an attachment - even if you are familiar with the sender. The exception is if you confirm the sender actually sent the email.

Package Emails

Beware of email alerts which advise you that a package is being shipped to you, especially when the email contains a link to a tracking number. Clicking through a link in a phishing email can result in malware being downloaded to your PC which may then put your business at risk.

Never click on links or open attachments from email senders that you are not familiar with or expecting an email from. If the email is from a known sender but appears unusual or is unexpected, call the sender to verify the validity of the email before you open it or click on any links.

Java Security

A large percentage of PCs with Java do not contain Java security patches or are not running the most current version of Java. Java runs on millions of PCs and is often exploited by cyber criminals to infiltrate or attack your PC. To combat this vulnerability, as part of your overall security best practices, keep Java up-to-date and secure.

Account Takeover

This is a common form of identity theft for business customers. An account takeover occurs when a fraudster has an individual's information such as social security number, User ID and password, account number, and/or access to email accounts. Once the fraudster has access to this information, they can use it to pose as the customer and conduct unauthorized transactions.

Social Engineering 

There are many ways a criminal can obtain confidential information. Social engineering is a contributing factor to these and many more scams. Fraudsters use every avenue of communication to have you divulge sensitive account information.

Phishing

Phishing uses fraudulent emails or pop-up messages to attempt to collect personal or account information. These messages often have a sense of urgency that suggests dire consequences, such as an email from your 'bank' stating your account has been or will be frozen.

Smishing

Smishing uses a text message from an unknown number, asking you to click a link to another site or call a phone number. They entice you to provide personal or account information and may attempt to infect your mobile device with malware.

Vishing

Vishing uses the telephone in an attempt to get the user to provide personal or account information, often presenting themselves as legitimate businesses offering assistance to the user.

Contact Us / Questions?

Your security is important to us. When communicating via email please do not include any personal, business, or confidential account information. Thank you!

Scams and Alerts You Should Be Aware Of

With tax season underway, experts are warning taxpayers to be aware of tax-related identity theft. Tax identity theft occurs when a criminal uses your personal information to file a tax return in your name and then claim a refund. Experts note that filing taxes early and identity protection PINs from the IRS are both ways to limit the risk of tax-related identity theft. Learn more about taxpayer identity theft here.
The FBI has recently issued an advisory about the increasing threat of call back phishing, a sophisticated cyberattack tactic. Unlike traditional phishing, call back phishing doesn't include a malicious link in the email. Instead, it features a prominent phone number, urging the recipient to call for an urgent matter.
  • The email typically contains a convincing phishing message, like a fraudulent charge, designed to alarm the user into calling the number provided.
  • These phishing emails are usually composed of a single unclickable picture, displaying the phone number multiple times to encourage a call back.
  • When victims call, they are often directed to an overseas call center where operators are handling multiple call back scams.
  • In cases linked to ransomware groups, the fraudulent call center is specifically prepared for the scam, aiming to install ransomware or other malicious software on the victim's computer.

Ways to Avoid Phishing

  • Do not call the number in the suspicious email. Go directly to a company's website. 
  • Look up email addresses, links, and phone numbers. Do not use those provided in the messages or over the phone.
First Bank will never email you and ask you to call a phone number and enter any type of personal information.  A First Bank representative may call you regarding activity on your account or to verify specific transaction activity on your account. We will always verify that you are the account holder before discussing specific account activity. Consult First Bank customer service at 800-760-2265 about any phishing attempts, or call us to validate any communications seemingly originating from First Bank.

Phishing, vishing, and smishing all involve spoofed communication that appears to be from a legitimate business urging you to “act immediately” or your account might be closed. Phishing uses fraudulent email messages, smishing employs text messages, and vishing combines both spam phone calls and fraudulent emails. Hackers use this information to access your accounts to withdraw money or make purchases.

Here is an example of a common email phishing scam.

First Bank will never email you and ask you to provide  personal information, such as your social security number, account number, or birthdate, via email.  If you choose to open an account online, however, through our secure, online portal, you will be asked to provide personal information. 
 
Please note: 
A First Bank representative may call you regarding activity on your account or to verify specific transaction activity on your account. We will always verify that you are the account holder before discussing specific account activity. Consult First Bank customer service at 800-760-2265 about any phishing attempts, or call us to validate any communications seemingly originating from First Bank.

First Bank strives to keep our clients informed. We do send legitimate emails to our clients with news, alerts, product offers, secure, online account opening options, and branch-specific information. If you should have any questions regarding the email addresses we use for such client communications or questions regarding an email that you’ve received, please feel free to reach out to us by calling 800-760-2265. 

Ways to Avoid Phishing, Vishing, and Smishing

  • When purchasing a product or service, go directly to a company's website. Pay close attention to the URL in the browser window and watch for the padlock symbol that indicates you are visiting a secure site.
  • Verify messages by contacting the company or financial institution that supposedly sent them.
  • Confirm the sender’s identity before replying to email requests and before opening attachments or clicking on links, even if they appear to come from a legitimate source.
  • Look up email addresses, website URLs, and phone numbers of reputable companies. Do not automatically use those provided in the messages or over the phone before doing your research and homework. 
  • Whether it’s a phone call, suspicious email, or an usolicited text, always be cautious.

The FBI is warning financial institutions and investors about cyber criminals creating fraudulent cryptocurrency investment applications (apps) to defraud cryptocurrency investors.

Read More

The FBI Criminal Investigative Division and the United States Securities and Exchange Commission’s Office of Investor Education and Advocacy (OIEA) warn of fraudsters swindling investors while pretending to be registered brokers or investment advisers.

Read More

In today’s remote-working world, technology is at the forefront of almost everything we do. With millions of people online every day, it is important to be aware of your digital surroundings.

Read More

It’s no secret that scams and fraudulent activity are at an all-time high. Fraudsters will stop at nothing to gain access to valuable personal information, access account numbers, and/or find ways to illegally receive payment from you in any manner.

Read More

Ransomware is a type of malware that is unwittingly downloaded when you click on a tainted link, open an infected attachment, or even click on a phony advertisement. If your computer freezes, and a message on your screen tells you that your computer will remain frozen until you pay a ransom or a fee, you have become a victim of ransomware. The criminals often ask for a minimal amount of money to give you access to your computer again. They believe that you are comfortable paying them to avoid the frustration of the situation. Sometimes the denominations are very small and the accepted method of payment transmission might include wiring money through a common wire service. Thieves also may ask you to make a payment via a premium text message or send them money as a type of online cash.

Protect Your Devices Against Ransomware

  • Install current firewall, anti-virus software, and anti-malware software on your computer, tablet, and other mobile devices.
  • Back up everything on your devices to a cloud service or a USB drive.
  • Never click on a link or download an attachment unless you have independently confirmed that the communication or advertisement is legitimate. Emails that contain links to businesses sent from friends may have been hacked by scammers. Go directly to a company’s website instead of clicking on a link in an email.
  • Create different passwords for all of your accounts.
  • Change your passwords regularly.

IRS, Summit Partners warn on tax deadline scams, ‘IRS Refunds’ email

WASHINGTON – When the tax deadline is approaching, the Internal Revenue Service and Security Summit partners urge taxpayers and tax professionals to be alert to identity theft scams, especially a new email version currently pretending to be from “IRS Refunds.”

As the filing season comes to a close, thieves step up their efforts, warned the Internal Revenue Service and the Security Summit partners. The Security Summit, a partnership between the IRS, state tax agencies and the tax industry, continues to take steps to combat tax-related identity theft.

The “IRS Refunds” scam is a common tactic used by cybercriminals to trick people into opening a link or attachment associated with the email. This link takes people to a fake page where thieves try to steal personally identifiable information, such as Social Security numbers.

Often these links or attachments also secretly download malware that can perform many functions, such as giving the thief control of the computer or tracking keystrokes to determine other sensitive passwords or critical data.

The IRS does not randomly contact taxpayers or tax professionals via email, including asking people to confirm their tax refund information. The IRS initiates most contacts through regular mail delivered by the United States Postal Service.

However, there are special circumstances in which the IRS will call or come to a home or business, such as when a taxpayer has an overdue tax bill, to secure a delinquent tax return or a delinquent employment tax payment, or to tour a business as part of an audit or during criminal investigations.

Even then, taxpayers will generally first receive several letters (called “notices”) from the IRS in the mail.

Note that the IRS does not:

  • Demand that taxpayers use a specific payment method, such as a prepaid debit card, gift card or wire transfer. The IRS will not ask for debit or credit card numbers over the phone. Taxpayers should make check payments to the “United States Treasury” or review IRS.gov/payments for IRS online options.
  • Demand that taxpayers pay taxes without the opportunity to question or appeal the amount they say is owed. Generally, the IRS will first mail a bill to those who owe any taxes. Taxpayers should also be advised of their rights as a taxpayer.
  • Threaten to bring in local police, immigration officers or other law-enforcement to have taxpayers arrested for not paying. The IRS also cannot revoke a driver’s license, business license or immigration status. Threats like these are common tactics scam artists use to trick victims into buying into their schemes.

With scams like these circulating, taxpayers and tax professionals should take ongoing security precautions to protect their identities and their computer networks from identity thieves. Here are a few basic security steps for taxpayers:

  • Always use security software with firewall and anti-virus protections. Make sure the security software is always turned on and can automatically update. Encrypt sensitive files such as tax records stored on computers. Use strong, unique passwords for each account.
  • Learn to recognize and avoid phishing emails, threatening calls and texts from thieves posing as legitimate organizations such as banks, credit card companies and even the IRS. Do not click on links or download attachments from unknown or suspicious emails.
  • Protect personal data. Don’t routinely carry Social Security cards, and make sure tax records are secure. Shop at reputable online retailers. Treat personal information like cash; don’t leave it lying around.

Here are few basic security steps for tax professionals:

  • Learn to recognize phishing emails, especially those pretending to be from the IRS, e-Services, a tax software provider or cloud storage provider. Never open a link or any attachment from a suspicious email. Remember: the IRS never initiates initial contact with tax pros via email.
  • Create a data security plan using IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security – The Fundamentals, by the National Institute of Standards and Technology.
  • Review internal controls:
    • Install anti-malware/anti-virus security software on all devices (laptops, desktops, routers, tablets and phones) and keep software set to automatically update.
    • Use strong and unique passwords of 10 or more mixed characters, password-protect all wireless devices, use a phrase or words that are easily remembered and change passwords periodically.
    • Encrypt all sensitive files/emails and use strong password protections.
    • Back-up sensitive data to a safe and secure external source not connected fulltime to a network.
    • Wipe clean or destroy old computer hard drives that contain sensitive data.
    • Limit access to taxpayer data to individuals who need to know.
    • Check IRS e-Services account weekly for number of returns filed with EFIN.
  • Report any data theft or data loss to the appropriate IRS Stakeholder Liaison.
  • Stay connected to the IRS through subscriptions to e-News for Tax Professionals, Quick Alert and Social Media.