All Internet and Email Users should be aware of the increasing sophistication and number of scams that have the potential to affect consumers. Criminals use emails and websites that appear to be from legitimate, well-known, and respected financial institutions or companies to retrieve personal and financial information such as Credit Card or other Account Numbers, User Names/ID’s, Passwords or PIN numbers, Social Security Numbers, Birth Dates, Mother’s maiden names, etc.
The following information describes some common internet and email scams and malicious software threats and recommends "best practices" to assist you with fraud prevention while using MNB's Internet Banking Products.
"Phishing" – is a type of scam that utilizes "spoofed" emails that appear to be legitimate in order to steal consumers' personal identity data and account information. They either ask the recipient to reply or link to counterfeit websites which trick recipients into divulging their personal information. These email messages frequently convey a sense of urgency so that you'll respond immediately without thinking, threaten account cancellation or other consequences, or possibly even claim that a response is required because the account may have been compromised. If an email contains inappropriate grammar and/or misspellings, this is often an easy clue that an email is suspicious, this is not always the case.
"Pharming" - is a type of scam that redirects Internet traffic from one website to a different, identical-looking site in order to trick you into entering your user name and password into the database on the fake site. Pharming might sound similar to email phishing scams, but pharming is more insidious because you can be redirected to a false site without any participation or knowledge on your part. If you notice something suspicious about a trusted website, report it—by telephone if possible—to the business or site owner. It might be a normal glitch or a new update, or it may be a mistake a criminal has made when trying to duplicate a website.
Mountain National Bank will always attempt to notify our customers in advance regarding any major changes to our site. Please contact us immediately if you notice anything unusual about our site.
Resources and Reporting - For more information regarding “phishing” or “pharming” Internet scams, or for instructions on how to report an incident, please use the following links which are recommended by the Federal Reserve Bank of Atlanta:
If you believe that you may be a victim of Identity Theft, please use the following links:
Federal Reserve Bank of Atlanta - “Coping with Identity Theft” article
The Internet Crime Complaint Center - to file an incident report
Whether you choose to file a report with local law enforcement or not, you may report the incident to The Internet Crime Complaint Center (IC3). “IC3” is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center, and the site is monitored by the FBI for reported Internet-related crimes.
If you receive a questionable email which suggests that it is from Mountain National Bank or if you notice anything suspicious about our site, please contact Internet Banking Customer Service immediately at 865-908-1600.
"Malware" is short for malicious software. It is a general term which refers to a variety of forms of hostile, intrusive, or annoying software or program code, scripts, active content, and other software, designed to disrupt and/or deny operation, gather information that leads to loss of privacy and/or exploitation, gain unauthorized access to system resources, and other abuses.
Software is considered to be malware based on the perceived intent of the originator, rather than on any particular features. Malware can include computer viruses, worms, Trojan horses, spyware, dishonest adware, scareware, crimeware, rootkits, and other malicious and unwanted software or program.
Tips for Avoiding Fraudulent/Malicious incidents
- Do not open emails from unknown sources. Be suspicious of emails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, PIN codes, and similar information.
- Opening file attachments or clicking on web links in suspicious emails could expose your system to malicious code that could hijack your computer's content.
- Never respond to a suspicious email. Call the alleged source if you are unsure who sent an email.
- If an email claiming to be from any financial organization* seems suspicious (for instance, misspelled words, improper grammar, etc.), please do not respond to it and notify the financial organization as soon as possible.
*Please be advised: Mountain National Bank will never ask you to verify your personal security information by email. If you ever receive an email soliciting personal information that appears to be from us, please do not respond to it and notify us immediately.
Malicious software threats
- Install anti-virus and spyware detection software on all computer systems.
- Update all of your computers regularly with the latest versions of both anti-virus and anti-spyware software.
- Ensure computer operating systems, browsers, and other key application software programs are updated regularly with security patches.
- Install a dedicated, actively managed firewall, especially if using a broadband or dedicated connection to the Internet, such as DSL or Cable. A firewall limits the potential for unauthorized access to your network and computers.
- Check your web browser's privacy and security settings and select at least a medium level of security for your browsers.
- Clear the browser cache after completing or before opening an online banking session in order to eliminate copies of Web pages that have been stored or "cached" on the hard drive. How the cache is cleared depends upon what version of which browser you are using. This function is generally found in the browser's preferences/internet options menu.
User ID and Password Guidelines
- Create a "strong" password with at least 8 characters that includes a combination of numbers and mixed case (upper and lower case) letters.
- Change your password when it is required and avoid using the same password repeatedly.
- Never store passwords under your keyboard, around your computer, or in plain sight (i.e. / posted on or near your monitor/keyboard).
- Don't reveal your password to ANYONE, including co-workers, bosses, friends, or family members.
- Never share your username and password information with third-party advisors, providers, or enter it into other software programs in order to bypass security features.
- Avoid using an automatic login feature that saves usernames and passwords, especially on Mobile Communication Devices.
General Guidelines & Tips to Protect Online Account Data & Payments
- If at all possible, do not use public or other unsecured computers for logging into Internet Banking.
- Check your last login date/time in the left sidebar every time you log in.
- Review account balances and detail transactions regularly (preferably daily) to confirm payment and other transaction data and immediately report any suspicious transactions to your MNB.
- Monitor internet banking transaction history available through the "Activity Log", located under the "My Profile" menu option.
- Whenever possible, use MNB's Online BillPay Manager to make payments and receive Electronic Bills to limit the exposure of your account numbers and for superior electronic record keeping.
- Take advantage of and regularly view system alerts; examples include:
- Balance alerts
- Transfer alerts
- Password change alerts
- Do not use account numbers, your social security number, date of birth, or other account or personal information when creating User Names, Passwords, account nicknames, etc.
- Each time you log into Internet Banking from a different computer, you will be asked if you wish to register it. If you typically use the same computer every time you log in to Internet Banking, you will want to "Register" it as a Personal Computer. When you "Register" your computer using your PassMark Advanced Authentication login credentials, the secure server records a randomly generated, unique identifier for that computer, which allows it to be recognized without asking challenge questions. [Please note, that due to the security, cookie handling, and privacy settings on your Internet Browser or with your Internet Service Provider, you may receive challenge questions every time even if you register your computer. We realize that this can be annoying, so if it happens, please feel free to contact us and we will help as best we are able.]
- If you have no other choice than to use "Public" computers such as in a library, hotel data center, or at a friend's house, do NOT register them even if you use them to log on regularly.
- Never leave a computer unattended while using Internet Banking or BillPay.
- Never conduct banking transactions while multiple browsers are open on your computer.
- When you have completed a transaction, ensure that you properly log off using the "EXIT" icon to close the connection with the secure Internet Banking site. Closing the page with the "X" at the top of the screen closes only the window, not the secure program!
Tips for Wireless Network Management
Wireless networks can provide an unintended 'open door' to your network. Unless a valid business reason exists for wireless network use, it is recommended that all wireless networks be disabled. If a wireless network is to be used for legitimate business purposes, it is recommended that wireless networks be secured as follows:
- Change the wireless network hardware (router/access point) administrative password from the factory default to a complex password. Save the password in a secure location as it will be needed to make future changes to the device.
- Disable remote administration of the wireless network hardware (router/access point).
- If possible, 'disable' broadcasting the network SSID (Service Set Identifier).
- If your device offers WPA (WIFI Protected Access) encryption, secure your wireless network by enabling WPA encryption of the wireless network. If your device does not support WPA encryption, enable WEP (Wired Equivalent Privacy) encryption.
- If only known computers will access the wireless network, consider enabling MAC (Media Access Control) filtering on the network hardware. Every computer network card is assigned a unique MAC address. MAC filtering will only allow computers with permitted MAC addresses access to the wireless network.
Reminder: Mountain National Bank will never ask you to verify your personal security information by email. If you receive a questionable email or text message soliciting personal information which suggests that it is from Mountain National Bank, or if you ever notice anything suspicious about our site, please contact Internet Banking Customer Service immediately at 865-908-1600 or send us a message via our "CONTACT US" link.