Fraud Threats

Online Banking Fraud – What's it all about?

Whenever you access the Internet through a PC or a mobile device, you run the risk of exposing yourself to online scams or unauthorized downloads. Online fraud schemes attempt to obtain confidential information -- including passwords, personal ID numbers and account numbers -- and use it to access your accounts, transfer money, or commit other fraudulent acts. The primary methods of online fraud are social engineering, malware, and a combination of both.

Social engineering is someone impersonating a trustworthy entity, in an electronic communication, to manipulate you into performing actions or divulging confidential information.

An email ("phishing") or text message ("smishing") appears to be from a legitimate company, bank, or government agency. It typically warns you of a potential problem with your account and requests that you follow a link and provide personal or account information to update your account.

You should not reply to these emails, open any attachments, or follow any of the links provided. If you believe an email is legitimate, you should contact the company using the contact information or URL provided in a printed statement.

Malware is malicious software installed on your computer without your consent. Once there, it can record keystrokes, re-direct your internet browser, or display fake websites, all in an effort to impersonate you in online banking transactions.

"Pharming" is a type of fraud that involves redirection from a legitimate site to a site that appears to be legitimate, but has been created by fraudsters in an attempt to gain your personal or account information.

Your computer can become infected with malware through documents attached to emails, links contained in emails, infected search engine results, or by clicking on links, videos, and documents on legitimate websites, particularly social networking sites.

Online Banking Security – What Community 1st Does to Protect You!

Individual Username and Password

When you sign up for Online Banking, you create your own username and password to access your accounts. You should not share your username or password with anyone. And, once signed-up for Online Banking, you can change your username and password anytime. In fact, for your protection, our system will prompt you to change your password every 180 days.

Security Questions

Besides username and password, you select security questions and provide answers that are meaningful to you. And, like username and password, you should not share security questions and answers with anyone.

Encryption

Encryption is the scrambling of data to make it unreadable to anyone who does not have the key to decipher it. The information you enter when signing-up, or signing-on, to Online Banking is encrypted during transmission. All Online Banking access and Bill Pay sessions are encrypted. Here's how you can tell:

  • Any web address beginning with "https://..." indicates the page you are viewing uses encryption. The "s" stands for "secured."
  • To determine if encryption is being used on any web page you are viewing look for a "closed lock" icon in the lower right-hand corner (Microsoft Internet Explorer) or in the right end of the address bar (Firefox 2) or in the top right corner (Safari) of your browser.

Firewall

Our computer systems are protected 24/7 by a powerful firewall that blocks unauthorized entry.

Timed "Log-Off"

The Online Banking system will automatically timeout and log you off after 20 minutes of inactivity.

Monitoring

Our Operations Team monitors access and activity in the Online Banking system daily. We look for anything that may appear unusual or suspicious. If we see something that doesn't look right, we may restrict online access to accounts or prevent certain types of transactions until we can verify with you that the activity is legitimate. These measures safeguard your identity and your accounts. You should monitor your account, too, for any unauthorized transactions.

We're here for you!

If you see something that looks suspicious in your account activity, you should contact us immediately. Promptly report any incident of unauthorized account access or use.

Anytime you have questions or concerns about your Online Banking account or transactions, you can send us a secure message using our Online Form.

  • Or call us at: 916-724-2424 or 530-863-4800,
  • Monday through Friday, 9:00am to 5:00pm.

If we need to reach you, we may send you a secure message through the Online Banking system, or send you an email, or call you by phone, BUT we will NEVER send you a text message or e-mail requesting that you text us, link to a website, or call us to provide your personal information such as your Social Security Number, Credit Card Number, Online Banking ID, Passwords, PINs or birth date.

These are scams from criminals – don't be fooled!

If you receive an email or phone call that requests this type of sensitive information, you should be suspicious of it. We strongly recommend that you do not share your confidential account information with anyone, under any circumstances.

Claims for Unauthorized Activity

Under federal law, Regulation E (Electronic Fund Transfer Act) provides certain protections to consumer customers when there is unauthorized account activity initiated electronically (including online) in a consumer's checking, savings, or other asset account used primarily for personal, family, or household purposes.

All of the protections and requirements of Regulation E are incorporated into our Electronic Fund Transfers disclosure and apply to the consumer accounts covered by our Internet Banking Agreement. Regulation E does not apply to business-purpose accounts.

In the unlikely event that someone you have not authorized removes funds from your consumer account using Online Banking services, you must follow the steps outlined in the Electronic Fund Transfers disclosure to file a claim for return of the funds.

Fraud Prevention Tips – What YOU can do to Protect Yourself!

We constantly reassess the risks to internet banking and evaluate the protective controls in our systems and procedures. As you use Online Banking services for your personal or business banking, we suggest you do the same. Here are some things you can do to take control of your own security.

Tips on Your Username, Password and Security Questions

  • Create a "strong" password with at least 8 characters that includes a combination of mixed case letters, numbers, and special characters.
  • Do not use your social security number or account number as any part of your username or password.
  • When creating account nicknames or other titles, do not use account numbers, your social security number, or other account or personal information.
  • Do not use your Online Banking username and password as credentials for other online accounts.
  • Change your password frequently.
  • Select security questions and answers that are easy for you to remember, but hard for others to guess. Avoid using the same questions that you have used on other websites.
  • Never share username, password or security question information with anyone else.
  • Avoid using an automatic login feature that saves usernames and passwords.

Tips to Protect Account Data and Online Payments

  • Do not use public or other unsecured computers for logging into Online Banking.
  • Never leave a computer unattended while using Online Banking.
  • Never conduct banking transactions while multiple browsers are open on your computer.
  • Check your last login date/time every time you log in.
  • When you have completed a transaction, ensure you log off to close the connection with the Bank's computer.
  • Review account activity and balances regularly (preferably daily) and immediately report to us any suspicious transactions or transfers.
  • Whenever possible, use online Bill Pay instead of paper checks to limit the distribution of your account number and to gain better electronic record keeping.

Tips to Avoid Phishing, Spyware and Malware

  • Do not open e-mail from unknown sources. Be suspicious of e-mails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, PIN codes, and similar information.
  • Opening file attachments or clicking on web links in suspicious e-mails could expose your system to malicious code that could hijack your computer.
  • Never respond to a suspicious e-mail or click on any hyperlink embedded in a suspicious e-mail. Call the purported source if you are unsure who sent an email.
  • If an e-mail claiming to be from your financial organization seems suspicious, checking with your financial organization may be appropriate.
  • Install a personal firewall on your computer.
  • Install and run anti-virus and spyware detection software on your computer. Free software may not provide protection against the latest threats compared with an industry standard product.
  • Update your computer regularly with the latest versions and patches of the operating system, anti-virus and anti-spyware software as recommended by the software vendor.
  • Before downloading an update to your computer program, first go to the vendor's website to confirm the update is legitimate.
  • Check your computer settings and select, at least, a medium level of security for your web browsers.
  • Clear the browser cache before starting an online banking session in order to eliminate copies of web pages that have been stored on the hard drive. How the cache is cleared depends on the browser and version you are using. This function is generally found in the browser's preferences menu.
  • Turn your computer off completely when you are finished using it – don't leave it in sleep mode.
  • Conduct online banking activities on secure computers only. Public computers (computers at internet cafes, copy centers, etc.) should be used with caution, due to shared use and possible tampering. Online banking activities and viewing or downloading documents (statements, etc.) should only be conducted on a computer you know to be safe and secure.