• Personal
  • Business

Online Banking Login

Access ID:

Take Me To:


Enroll  |   Learn More

Online Banking Login

Access ID:

Business Log In Help

 

Learn More

Phishing and Pharming

What is "Phishing?"

Phishing is an email scam involving fraudulent individuals who pretend to be a legitimate business such as a financial institution, credit card company, online service provider, retailer, etc. Using the anonymity of the Internet, they send out official-looking emails to trick you into divulging your account numbers, passwords, Social Security numbers and other sensitive data. In most cases, the email claims there is an account problem or warns of a possible account fraud threat. The whole idea is to convince you there is an immediate need to update your financial or personal information.

How to Avoid Getting Lured Into a "Phishing" Scam

If you are not a customer of a company and you receive unsolicited email, ignore it. People who commit fraud rely on the few recipients who are customers to fall victim to the scam. Do not reply to unsolicited email or respond by clicking on a link within the unsolicited email message.

Even if you are a customer, never respond to an email request from a company for personal or financial information. Instead, verify the authenticity of the request by using an email or telephone contact that you know is legitimate.

Never go to a web site from a link in an email. Enter the URL to a web site in your browser's address bar or call a phone number that you know to be legitimate.

If an apparently legitimate web site that you have visited before prompts you for a password, enter an incorrect one first. A fraudulent web site will accept an incorrect password while a legitimate one will not.

Look for the lock. Prior to entering account information on any web site, be sure to look for the *locked padlock* in the browser or *https* at the beginning of the web site address to make sure the site is secure.

If you unwittingly supply personal or financial information, inform the appropriate institutions immediately. Banks and credit card companies will work with you to prevent your information from being used against you.

Be cautious. Check your monthly statements to verify all transactions. Notify the bank immediately of any erroneous or suspicious transactions.

Become familiar with the tricks of the trade so you can spot fraudulent emails. Knowledge is a powerful weapon in the fight against email fraud.

Forward any suspicious emails claiming to be from NexTier Bank to info@thebank.com.

Many financial institutions use email to communicate with customers and direct them to their sites, where the customer may be asked to enter personal information as part of registering for a service.

NexTier Bank will never ask you to send your Social Security number, account number, password or PIN by email.

What is "Pharming?"

Pharming is a scamming process whereby someone changes the Internet lookup system to redirect your browser to a fake site that appears to look like the real website, to obtain personal or private information. Scammers install malicious code on a personal computer or server,
misdirecting users to fraudulent websites without their knowledge or consent.

The most alarming pharming threat is domain name system (DNS) poisoning, which can direct a large group of users to bogus sites. DNS translates web and e-mail addresses into numerical strings and, if a DNS directory is "poisoned" -- altered to contain false information regarding which web address is associated with what numeric string -- users can be
silently shuttled to a bogus website even if they type in the correct URL.

The problem occurs in the DNS server, which handles thousands or millions of Internet users' requests for URLs. Every Internet request has to go through a DNS server, and malicious hackers realized a long time ago the profit potential in hacking DNS records. The DNS is
modified so someone who thinks they are accessing legitimate websites is actually directed toward fraudulent ones. In this method of pharming, individual personal computer host files need not be corrupted.

The danger is that you no longer have to click an e-mail link to hand over your personal information to identity thieves. Once you enter personal information such as a credit card number, bank account number, or password at a fraudulent website, criminals have the information and identity theft can be the result.

NexTier will never send you an email asking you download a file or software, nor an email that includes a link to a website. In addition, NexTier will never send you an email requesting your personal information, account information, online banking password or ATM PIN.

© Copyright 2012 NexTier. All Rights Reserved