Privacy and Security Alerts
How to keep your accounts safe
We want to help you keep your personal and banking information as safe and secure as possible. We’ve provided the following resources to help keep you informed on how to protect yourself against fraudulent activity, and instructions for what to do if you do discover fraud on your account.
Recent Security Alerts
In recent years, the FBI has seen a significant increase in fraud involving the exploitation of valid online banking credentials belonging to small and medium businesses, municipal governments, and school districts. In a typical scenario, the targeted entity receives a “spear phishing” e-mail which either contains an infected attachment, or directs the recipient to an infected website. Once the recipient opens the attachment or visits the website, malware is installed on their computer. The malware contains a key logger which will harvest each recipient’s business or corporate bank account login information. Shortly thereafter, the perpetrator either creates another user account with the stolen login information or directly initiates funds transfers by masquerading as the legitimate user. These transfers have occurred as both traditional wire transfers and as ACH transfers.
Further reporting has shown that the transfers are directed to the bank accounts of willing or unwitting individuals within the United States. Most of these individuals have been recruited via work-at-home advertisements, or have been contacted after placing resumes on well-known job search websites. These persons are often hired to “process payments,” or “transfer funds.” They are told they will receive wire transfers into their bank accounts. Shortly after funds are received, they are directed to immediately forward most of the money overseas via wire transfer services such as Western Union and Moneygram.
Customers who use online banking services are advised to contact their financial institution to ensure they are employing all the appropriate security and fraud prevention services their institution offers.
If you have experienced unauthorized funds transfers from your bank accounts, or if you have been recruited via a work-at-home opportunity to receive transfers and forward money overseas, please notify the Internet Crime Complaint Center by filing a complaint at: http://www.ic3.gov.
For a detailed analysis of this scam please visit http://www.ic3.gov/media/2009/091103-1.aspx
The Federal Trade Commission today issued a new consumer education blog post with the National Association of Attorneys General, offering tips on how to recognize and avoid vaccine-related scams. According to the post, with COVID-19 vaccines in the pipeline, scammers will not be far behind, and people should recognize the red flags of potential scams.
The post notes that: 1) reports about the release of COVID-19 vaccines in the U.S. by the end of the year are promising, but distribution plans are still being worked out; 2) while we wait for a timeline and more information, people need to be wary of pitchmen claiming to have vaccine doses for sale; and 3) for most people living in the U.S., state agencies—not individuals—will be responsible for implementing vaccine distribution plans.
Specifically, the post cautions that until a vaccine distribution timeline is available, people should know that if they get a call, text, email—or even someone knocking on their door—claiming they can provide early access to the vaccine, it’s a scam. People should not pay for a promise of vaccine access or share their personal information. Instead, they should report the scam to the FTC at ReportFraud.ftc.gov or file a complaint with their state or territorial attorney general through consumerresources.org, the consumer website of the National Association of Attorneys General.
For more information about COVID-related scams and tips on how to recognize, avoid and report them, see ftc.gov/coronavirus/scams.
If suspicious activity occurs on your account, we make every attempt to notify you promptly. If we are unable to reach you, your Montgomery Bank debit card will be hot carded so no further activity can be made until we hear from you.
If this occurs, please call us at 1-800-455-2275.
To legally report the loss of your Montgomery Bank Debit Card you must call Montgomery Bank at 1-800-455-2275.
Under federal law, you can reduce your financial liability for unauthorized use of your Montgomery Bank, ATM Card or Debit Card by reporting the loss of your card immediately after you are able to detect that the card is lost.
Debit card transaction restrictions have been lifted within the US. The restrictions stated below remain in place:
International (anything outside of US):
- All transactions are blocked (Signature and PIN) – unless a card is listed as an exception
- International: All transactions are blocked
- Domestic: No limits / No restrictions
Auto Bill Pay with card
- International: All transactions are blocked
- Domestic: No limits / No restrictions
Signature (Credit) Based = No PIN used
- PIN (Debit) Based = PIN used
Before you travel outside of the United States, please contact a Personal Banker or our Customer Service Center at 800-455-2275 to schedule travel notes on your account.
All international transactions are restricted by default. If you plan to travel outside of the United States, please contact your local branch or our Customer Service Center at 1-800-455-2275.
- NY Gas Stations
- Magnetic Stripe Transactions in Michigan and any Magnetic Stripe Transactions over $149.99 in Missouri.
- Air BnB over $149.99
- Cash App
Debit card transactions at chip capable machines when the chip is not used over $149.99.
International transactions are restricted.
If you plan to travel outside of the United States, please contact your local branch or our Customer Service Center at 1-800-455-2275
Last Update: 05/29/2020
A technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from a legitimate retailer, bank, organization, or government agency. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card or bank account details. These emails can look authentic with company logos and banners copied from Web sites.
One of the fastest-growing types of financial fraud. Without stealing your wallet, a crook can steal your financial identity with as little information as your social security number. Identity theft involves crooks’ assuming your identity by applying for credit, running up huge bills and stiffing creditors – all in your name.
Using human interaction (social skills) to obtain or compromise sensitive information about an individual or an organization. This social engineering could be used to gather personal information on you or other family members. An attacker may seem unassuming and respectable. They may even offer “credentials” to support their identity. By asking seemingly harmless questions, they may be able to piece together enough information to steal your identity or to infiltrate your computer.
Avoiding Social Engineering and Phishing Attacks
Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution such as Montgomery Bank. In this email they will request account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts. It is important to note: MONTGOMERY BANK WILL NEVER ASK FOR PERSONAL INFORMATION IN AN EMAIL OR PHONE CALL TO YOU!
Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year.
- natural disasters (i.e., Hurricane Katrina, Indonesian tsunami, Joplin tornado)
- epidemics and health scares (i.e., H1N1)
- economic concerns (i.e., IRS scams)
- major political elections
How do you avoid being a victim?
Do not give sensitive information to anyone unless you are absolutely sure that they are indeed who they claim to be and that they should have access to the information.
Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company. Do not provide personal information unless you are absolutely certain of a person’s authority to have the information. Do not reveal personal or financial information in an email and do not respond to email solicitations for this information. This includes following links sent in email. Don’t send sensitive information over the Internet before checking a website’s security (see Protecting Your Privacy for more information). Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a slight variation in spelling or a different domain (i.e., .com vs. .net). If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.
Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).
Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic over your personal computers. (see Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information). Take advantage of any anti-phishing features offered by your email client and web browser.
What do you do if you think you are a victim?
If you believe your personal financial accounts may be compromised, contact your financial institution such as Montgomery Bank immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account. Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
Watch for other signs of identity theft (see Preventing and Responding to Identity Theft for more information).
Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).
Used with permission and available at http://www.us-cert.gov/, the United States Computer Emergency Readiness Team, a service of the U.S. Department of Homeland Security.
With the increase in fraudulent activities and e-mail scams, Montgomery Bank has taken another step to ensure your information is secure by providing a secure email service.
Our secure email service has recently changed. A link will be available to our new service soon. In the meantime, to send a secure email to Montgomery Bank, please contact our customer service center at 1-800-455-2275 for assistance.
Caution: Email is not a secure method of communication. We ask that you NOT include confidential information including account numbers, passwords, social security numbers, etc., in the emails you send to us. To discuss confidential information, please stop by any Montgomery Bank location or call us at 1-800-455-2275 between 8:00 a.m. to 5:00 p.m., Central Time. The bank assumes no responsibility for interception of confidential information you send in an unsecured (unencrypted) email message.
The security of your private information is very important to us. Montgomery Bank will never provide your confidential information to any source not affiliated with the bank. We will never ask you for your personal information through an email so be aware of the phishers who try to gain this information via email.
The security of your personal and account information is important to us.
We understand that our continued success as a leading financial institution relies on both our ability to offer banking services to you in a secure manner as well as your responsibility in keeping any access codes, passwords or PINs secure. To assist us in offering these Web-based banking services in a secure manner, we employ a number of measures which are described below. These measures allow us, among other benefits, to properly authenticate your identity when you access these services and protect your information as it traverses the Internet between your PC and Montgomery Bank.
Montgomery Bank is proud to deliver the highest level of security for our Internet banking customers. An additional layer of security has been added to our log in process. This will help ensure that your information is secure, protecting you from fraud and identity theft.
Enhanced online security is provided for our Internet banking customers that verifies your identity in two ways. Every time you log in to Internet banking, the bank identifies you, and it lets you identify the bank using a private image and pass phrase that is unique to each individual Internet banking user. This level of security is used for routine Internet banking services such as balance inquiries, transfers and eBill Pay.
Security Tokens are provided to our commercial Internet banking customers that verify your identity in two ways. Every time you log in to business Internet banking, the bank identifies you using a one-time password generated by the security token, and it lets you identify the bank. This enhanced level of security is provided to our commercial customers that utilize more complex Internet banking services such as wire transfers and ACH origination.
Many of the financial services we provide on this web site utilize access codes (e.g., ID and password/PIN). For further details about a particular service’s access codes, follow the links to the discussion of that service’s security specifics.
To further protect you, a timeout feature is often used. This feature will automatically log you out of your current financial service session after an extended period of inactivity on our site.
Montgomery Bank also requires the use of secure browsers to protect you while you access our online financial services. More specifically, the personal and account information that flow back and forth between your PC and Montgomery Bank must be encrypted while in transit – secure browsers are how we achieve this level of protection. Encryption is the process of scrambling information (typically for data transmission) so that it can only be reassembled in its original clear text format by someone who has the correct encryption key to do so. Likewise, when we send personal or account information to you, this technology encrypts it, which then only you can decrypt.
Montgomery Bank employs an additional protection mechanism known as a firewall to protect our computer systems and your information. Firewalls can be thought of as selective barriers that only let authorized traffic (i.e., you, our Online Banking customer) through to Montgomery Bank’s systems.
System and application activity logs are another mechanism Montgomery Bank uses to protect our systems and your information. These logs are reviewed regularly and any anomalies or discrepancies are investigated thoroughly.
Montgomery Bank’s Online Banking product provides additional security measures.
The browsers that Montgomery Bank’s Web-based financial services currently support are listed below. Some versions of these browsers provide 128-bit encryption while other versions support only 40-bit encryption. 128-bit browsers provide strong encryption capability. The U.S. government does not allow the export of secure browsers with strong encryption anywhere outside the U.S., with Canada being the only exception. Montgomery Bank requires its financial service customers to use browsers with 128-bit encryption. Use of 40-bit browsers for accessing Montgomery Bank’s services will not be permitted.