News and Alerts Archive

September 21, 2018 — Free Security Freeze

With all the breaches that merchants have reported over the years, many consumers have wanted to freeze their credit but have had to pay to do this. A credit freeze is the only law-based way to ensure your credit is locked down and loans or other services (phones, utilities) where a vendor uses credit bureaus to approve you are not fraudulently issued in your name. Freezes typically do not affect your ability to open checking and savings accounts, and it’s very easy to “thaw” or temporarily release your freeze when you want to get a loan.

Effective September 21, 2018, a new federal law makes credit freezes free to consumers. Under the new law,

• Each of the three credit bureaus (TransUnion, Experian, and Equifax) will freeze a consumer’s credit at no charge and provide each consumer with a PIN to “thaw” when needed.
• Consumers can freeze their children’s (under the age of 16) credit to protect their information until their children are ready to use it.
• Fraud alerts will be extended from 90 days to 1 year to provide notice to consumers before credit is issued. However, there is no legal obligation for creditors to provide notice, so these alerts are not as secure as a freeze.

Some of the credit bureaus may offer their “security lock” or other service provided by them, but this may not be as secure as a freeze and they may change the terms of the service. The only law-based way to secure your credit is with a credit freeze. Learn more.

May 30, 2018 — FBI Alert of Router Compromise

The FBI recently issued a warning about hundreds of thousands of home or office routers and network devices compromised by Russia-linked malware. A router is sometimes provided by your internet service provider (ISP) (e.g., Comcast), or you may have purchased it elsewhere. A router connects your devices to the internet, through either your PC with a network cable or Wi-Fi. Other compromised internet-connected devices may include smart thermostats, TVs, or baby monitors—basically anything you can monitor over the internet or via a smartphone app.

Most of us know to secure our Wi-Fi access. What most people don’t know is that your router can be hijacked just like a PC can. Fraudsters can scan the internet for these devices, and once they find them, push their own software to the router. They usually do this by making use of a manufacturer's default remote access credentials and using your router to become part of a “botnet” to attack others, redirect your outgoing traffic to a site intended to steal your credentials (e.g., online banking or e-mail), or attack or monitor your internet devices in your home network.

What should you do?
Consult the manual (available online) for your specific router or contact your ISP for assistance and

• Reboot your router. Unplug your router from the electrical outlet, wait a few seconds, then plug it back in. This is only a temporary solution and may not fully resolve any malware, if installed, but it’s a start.
• Update the firmware by logging onto the router and finding the Option to Update/Upgrade the firmware, which will then reach out to the manufacturer’s website to download the update for the router. This should overwrite any infection.  If your router is too old to update, it is time for a new one.
• Disable Remote Access to the router within the Option menu or make the Remote Access password very long and complicated. Strong passwords are one of the best first lines of defense. Remember to use an encrypted password keeper to keep track of all your strong passwords.

You will also want to update any other home-networked devices. Ensure that the manufacturer has your valid email for any update notices and that you apply mobile app updates, as most updates include security enhancements, not just bug fixes.

Click here to read the news story.

September 11, 2017 — Equifax Security Breach

As you may have seen on the news, Equifax is reporting a possible compromise of private data involving names, social security numbers, dates of birth, and addresses of 143 million people. Equifax is one of the four major credit bureaus that most creditors report to, and while they are still investigating and working on notifying affected consumers, below are answers to questions you may have.

Q: How do I know if I’m affected?
A: You can visit the Equifax informational website. They are regularly providing updates, so you should continue to check back.

Q: For me to find out if I’m affected, I have to provide part of my social security number…why would I want to do this for a company reporting a breach?
A: If you obtained any credit in the last few years, Equifax most likely already has your information, as most creditors report monthly to all the major credit bureaus, including Equifax, so that your credit history and scores are accurate.

Q: It has been reported in the news that the Equifax website is not providing consistent responses (e.g., you can put in bogus information, and it reports you are affected), so how do I really know I’m affected?
A: We understand that the news has reported some inconsistencies with the Equifax website, so you should continue to check for updates. Again, since they likely have your information, it’s probably best to assume your information has been compromised and take action.

Q: What should I do to protect my information?
A: Consider a credit freeze; this is the ONLY way to stop your credit from being used, as credit monitoring only alerts you after the fact that your data has been used. Once a freeze is placed, you would be provided a secure PIN to “thaw” or allow credit only when you authorize it to that specific credit bureau. You can place a freeze by calling all four credit bureaus below, and it will cost $10 in New Hampshire and $5 in Massachusetts for each bureau, unless you have a police report of identity theft (in which case it’s free). We encourage you to contact your State and Federal representatives to request a law change to make these free for all consumers.

• Equifax: 800-349-9960
• Experian: 888-397-3742
• TransUnion: 888-909-8872
• Innovis: 800-540-2505

If you do not want a restrictive freeze, you should at least consider a 90-day fraud alert that requires the creditor to call you at a number you provide before any credit is given. You only need to place a fraud alert with one credit bureau: Legally, the bureau must share the alert with the other bureaus. You must call again if you want to continue the fraud alert every 90 days (or you can place one permanently with a police report of identity theft).

Q: Why should I sign up for Equifax credit monitoring?
A: While it doesn’t seem to make sense to sign up for monitoring from a company reporting a breach, remember they likely have your information already. But their credit monitoring includes recovery services so that in the event you have an identity theft situation or misuse of your credit information, (such as your name and social security number), their ID theft insurance provides services to assist in the recovery and pays for some out-of-pocket expenses.

Q: How can I get a copy of my credit report to see if anything has happened?
A: You can always review your free credit report at www.annualcreditreport.com. Consider reviewing each bureau’s report every four months (e.g., one from Equifax in September, one from Experian in January, etc.). Even if you placed a credit freeze, you can still obtain these reports for review.

Q: What else can I expect?
A: It’s very likely that fraudsters who may not even have this information will try to scare consumers into giving out their information by phone, email, or text messages (e.g., “We are calling to tell you your information has been compromised by Equifax. Can you confirm your social security number for us?”). Review your statements carefully and be wary of any email/calls/texts trying to get information or to confirm private information, especially any with links or attachments that could include malware.

Q: Am I giving up my rights for possible civil suit by signing up for credit monitoring?
A: Refer to their website for updates but they have indicated that the class action waiver is not applicable in this incident.

Q: Is Equifax waiving their fees?
A: Refer to their website but they indicated September 12 they will waive fees for credit freezes until November 21 and that they are looking into a process to “lock” credit with all three major bureaus.
 

January 30, 2017 — Online/Mobile Banking Scam Requesting Your Logon

St. Mary’s Bank is aware of a scam where fraudsters request members to provide their online banking user name and password in order to have funds deposited to their accounts. Members have been contacted through email, text message, or online conversation.

The fraudsters claim they will deposit money from a friend, for a work-from-home job, for an approved loan, etc. but there is NEVER a legitimate reason to provide your private online banking logon to anyone who does not already have access (e.g. joint owner, signer). The fraudsters will either deposit counterfeit checks that get returned and could cause you a loss OR they will now have access to all of your checking, savings, home equity line, etc., and the fraudsters can withdraw funds up to allowed balances at any time. And because you gave them this unrestricted access, you become fully liable for these transactions and may not be able to recover any losses! If you have provided this access, please contact our Member Contact Center immediately at 888-786-2791, and of course, contact us with any other questions or concerns.
 

October 7, 2016 — Beware of Recent Scams to Local Consumers

St. Mary’s Bank is aware that local residents have been targeted by fraudsters in Jamaica calling from area code 876. The fraudster may indicate that you have won a lottery, that a relative is in trouble and needs money, or that the fraudster is representing law enforcement to help you recover funds from a prior scam, and they need money to pursue the case. We are also aware of scams coming from all areas of consumers being asked to provide their online banking logon. Fraudsters claim to be asking for the credentials in order to have funds automatically deposited to their accounts for a loan advance, work from home job, or from a “friend” they’ve been speaking with online. Regardless of where calls, emails or texts originate from, follow the steps below to protect yourself from potential scams.

• Never provide your online banking logon to anyone. Once you provide this access, you may be liable for losses! Even a joint owner on your accounts should have their own logon.
• Never provide private information to any caller (your debit/credit card number, your social security number, etc.) unless you initiated the call to a company well known to you.
• Never send money based on a phone, email or text request unless you can positively confirm this is someone well known to you in person.
• Be extremely cautious of anyone asking you to send money via Western Union, Moneygrams, Green Dot card or other non-bank means especially if you did not initiate the contact or you are speaking to someone that you don’t know in person.
• Law enforcement will NEVER ask for money to help you recover from a scam.

If you have any questions or concerns, please contact our Member Contact Center at 1-888-786-2791.
 

June 14, 2016 — Exercise Caution in Choosing to Use Cards at Wendy’s

Wendy’s has confirmed a few days ago through NBC News that a second variant of malware has been discovered and that the number of franchise restaurants impacted will be “considerably higher” than the 300 originally reported. Wendy’s has not yet provided a list of affected restaurants, and St. Mary’s Bank continues to see increased fraud on cards that coincidentally have been used at various Wendy’s locations. Because of this, we strongly advise you to use extreme caution in choosing to use your cards at any Wendy’s location until Wendy’s provides additional information on the affected locations or until they report that the breach has been fully contained.

Wendy’s customers may call a toll-free number (888-846-9467), or email PaymentCardUpdate@wendys.com with specific questions.
 

May 27, 2016 — Wendy's Data Breach

Wendy’s has publicly reported on 5/11/16 that they have seen unusual card activity and malware installed on some of their point of sale systems and that their investigation is ongoing. Because Wendy’s has not yet concluded their investigation, members should be aware of this and closely monitor their card activity. More information can be found here: http://www.foxnews.com/tech/2016/05/11/wendys-data-breach-hit-5-percent-our-restaurants.html

May 12, 2016 — Yahoo/Gmail/Hotmail Password Compromise

It was recently reported that over 40 million Yahoo, 33 million Hotmail, and 24 million Gmail passwords were stolen by a young Russian hacker. While the data may have been old and vendors have indicated they will notify affected users, this serves as a courtesy notification to you that if you have one of these type of mail accounts, we recommend you be proactive and do the following:

• Change your password
• Use multi-factor authentication any time it is offered (e.g. a private activation code is sent to you in order to reset/change your account)
• Set up an alternate email or cell phone so that if/when changes are made you are sent a text or email of the change so at the very least you are aware if someone makes a change that you did not authorize

If you have any questions about these types of accounts, you should go to the vendor’s website and review the frequently asked questions section or contact their support.
 

April 12, 2016 — Manchester Police Discover and Remove Skimming Device On McGregor Street Drive-Up ATM

On Sunday, April 10, Manchester Police discovered and removed a skimming device that had been applied to the drive-up ATM at the headquarters location on McGregor Street. It was identified the device had been placed on the ATM on Saturday, April 9 at 4:42 a.m.

We are proactively issuing new debit cards for any St. Mary’s Bank member who used the ATM during the hours the skimming device was present. Additionally, we have increased fraud monitoring on affected cards. There has been no fraud reported.

Visa and ATM networks have been alerted to the incident to inform other financial institutions. Cardholders of other financial institutions, are encouraged to contact their bank or credit union.

It is important to note, consumers are not liable for fraudulent transactions. It is always a good practice to monitor account activity and statements. If anything unusual is found, it should be reported immediately.

St. Mary’s Bank members with questions may call 1-888-786-2791 or visit any branch office.

Read this article for tips on "How to Spot and Avoid Credit Card Skimmers" - http://www.pcmag.com/article2/0,2817,2469560,00.asp
 

March 20, 2015 — NCUA Warns Consumers about "National Credit Union" Phishing Scam

The National Credit Union Administration (NCUA) is warning consumers of an online phishing scam that uses a website with similar logos and designs to the agency’s own site, in an attempt to defraud consumers. Consumers have received emails from the National Credit Union website which originates in Australia and claims to offer services in the U.S. and Europe. The emails are an attempt to persuade individuals to provide personal information such as Social Security numbers, account numbers and login credentials or to transfer large sums of money. 

The NCUA is not affiliated in any way with this website and the emails are not from the NCUA. Consumers should not provide information to the website or conduct any financial transactions through it. The NCUA would not request personal or financial information in this manner. See the NCUA’s Privacy Policy for more information (http://www.ncua.gov/about/pages/Privacy.aspx)

If you have any questions or concerns, feel free to contact our Member Contact Center at 1-888-786-2791.

January 5, 2015 — Anthem Breach

Anthem reported that they were a victim of a sophisticated cyberattack resulting in information being accessed including names, health ID numbers/Social Security numbers, dates of birth, addresses, telephone numbers, email addresses and employment information, including income data.  The FBI is investigating the matter and Anthem will be contacting its customers directly to provide free credit monitoring but in the meantime, you should continue to pay close attention to your account statements and credit reports…you can view your free credit report at www.annualcreditreport.com. Because the fraudsters may have obtained so much private information, you may be more vulnerable to social engineering attacks such as fraudsters posing as valid representatives from Anthem, your employer or your financial institution. You should be very suspicious of any calls asking you for information or emails with links or attachments asking you to verify information or that create a sense of urgency requiring immediate reply or action.  You should instead contact these companies by going to their known website directly or calling them from a known phone number (e.g. from the back of your card).
 

October 3, 2014 — JP Morgan Chase

JP Morgan Chase announced that over 76 million consumers’ information had been hacked.  They have reported that no account information was included but what was included are names, addresses, phone numbers and email addresses.  This could potentially put consumers at higher risk for social engineering calls or phishing emails in order for a fraudster to entice you to divulge more information about yourself or your accounts.  If you get any emails or phone calls that appear to be from legitimate sources but are requesting private information from you, do not respond and instead contact the company from a known source (e.g. directly from their website or from a phone number on the back of your debit/credit card…do not click any links in the email).  Even if the sender claims that there is fraud on your account, if they are asking for more information other than simply verifying a transaction, remember that you are not liable for unauthorized transactions if reported timely so do not feel pressured into responding.  If you have any questions or if you have provided private information that is concerning to you, please contact our Member Contact Center at 1-888-786-2791.

September 9, 2014 — Home Depot Breach

You may have heard on the news today about a breach involving Home Depot that may have compromised credit and debit cards. At this time we are not reissuing debit or credit cards, but please be assured that St. Mary’s Bank utilizes real time fraud monitoring to identify and help prevent unauthorized transactions and members would be notified of any potential issues. Members should also take action by ensuring statements are reviewed timely, as well as monitoring accounts through online banking. Any unauthorized transactions reported timely to St. Mary’s Bank are covered by VISA’s zero liability protection with provisional credit provided quickly to our members. If you have any questions or concerns, feel free to contact our Member Contact Center at 1-888-786-2791.

August 15, 2014 — Shaw's Data Breach

You may have heard on the news today about a breach involving Shaw's Supermarket stores that may have compromised credit and debit cards. Please be assured that St. Mary’s Bank utilizes real time fraud monitoring to identify and help prevent unauthorized transactions and members would be notified of any potential issues. Members should also take action by ensuring statements are reviewed timely, as well as monitoring accounts through online banking. Any unauthorized transactions reported timely to St. Mary’s Bank are covered by VISA’s zero liability protection with provisional credit provided quickly to our members. If you have any questions or concerns, feel free to contact our Member Contact Center at 1-888-786-2791.

April 10, 2014 — Heartbleed Internet Security Bug

You may have seen on the news a recently identified vulnerability called "Heartbleed" that impacts many secured websites that could compromise passwords. Please be assured that we have verified with our online banking and bill payment vendors that these sites are not vulnerable, and your information remains secure. If you have any questions or concerns, feel free to contact our Member Contact Center at 1-888-786-2791.

January 10, 2014 — Target Data Breach Update

Target stores disclosed today that a data breach discovered last month exposed not only card data, but also the names, mailing addresses, phone numbers and email addresses for up to 70 million individuals. Fraudsters could use the phone and/or email information to send specific phishing emails or calls to you in order to convince you to provide even more private information (e.g. PIN, last 3 numbers from the back of the card). You should NEVER provide private information to anyone based on an email or phone call you did not initiate. You should also never click a link within any unsolicited email or even any expected email if you cannot validate it (e.g. verifying a security code specific to you, verifying it includes the last 4 of the account number associated with the sender).  If you have any questions or concerns, feel free to contact our Member Contact Center at 1-888-786-2791.

December 19, 2013 — Target Data Breach

You may have heard on the news this morning about a breach involving Target’s physical stores that may have compromised millions of credit and debit cards. Please be assured that St. Mary’s Bank utilizes real time fraud monitoring to identify and help prevent unauthorized transactions and members would be notified of any potential issues. Members should also take action by ensuring statements are reviewed timely, as well as monitoring accounts through online banking.  Any unauthorized transactions reported timely to St. Mary’s Bank are covered by VISA’s zero liability protection with provisional credit provided quickly to our members.  If you have any questions or concerns, feel free to contact our Member Contact Center at 1-888-786-2791.

November 18, 2013 — Fraudulent Credit Report Pop-Up Scam Targeting Online Banking Users

St. Mary’s Bank has been made aware of a recent scam targeting online banking users. There have been reports of a pop-up window opening upon logging into our online banking site. The pop-up window advertises credit reports and falsely implies that St. Mary’s Bank is involved with the company that is displaying the advertisement. If you encounter this pop-up message, please do not click on any links, or provide financial and sensitive information. St. Mary’s Bank does NOT have any connection to the company displaying the advertisements, and your individual computer likely has a virus or malware that needs to be removed. Please remain alert when logging into any online banking site as the virus/malware is targeted to individual users’ computers and not to specific financial institutions. What you should do to protect yourself from these types of scams:

• Ensure all software is kept up to date including operating systems, internet browsers, Java, etc.
• Ensure your anti-virus and malware software is up to date and that you scan your computers regularly
• Question any unusual login requirements, including pop ups requesting additional entry of user name/password, or entering of financial and personal information

Please contact our Member Contact Center at 1-888-786-2791 if you have any concerns of unusual activity or suspected compromise.

July 30, 2013 — Debit Card Deactivation Scam

We have reports of members receiving calls (possibly from 888-997-1234) stating that their debit cards have been deactivated. These calls are not coming from St. Mary's Bank. If you received one of these messages and responded by entering your card number, expiration date and PIN, please contact us immediately to prevent unauthorized withdrawals.

May 16, 2013 — Phishing Email Scam

We have received reports of fraudulent emails circulating. The email instructs the individual to contact their Financial Institution about a fraudulent transaction on their debit card from Wal-Mart in the amount of $960.86. These emails are fraudulent and not coming from St. Mary’s Bank or any other financial institution.  If you responded to one of these emails and provided any information such as your debit card number, expiration date and PIN, please contact us immediately to prevent unauthorized withdrawals from your account.   Contact Options

1.  Call our Member Contact Center during normal business hours: 1-888-786-2791 or 603-647-1111 Monday - Friday 8:30 a.m. - 7 p.m.
Saturday 9 a.m. - 12:30 p.m.

2. Outside of normal business hours, call the 24/7 hour support line: 1-888-241-2510.

3. Use the online service anytime if you are already signed up for online banking:
Just follow these simple directions:

1. Log on to your online banking account
2. Under “Preferences” select the option “Report Lost ATM / Debit Card”
3. On this screen, you will see the ATM/Debit cards linked to your account(s).
4. Check on the card you wish to deactivate and click submit.
5. Once your ATM / Debit card has been deactivated, a new card will be automatically mailed to you.

You should receive your new card within 7-10 business days.

April 1, 2013 — Debit Card Deactivation Scam

We have reports of members receiving calls (possibly from ) stating that their debit cards have been deactivated. These calls are not coming from St. Mary's Bank. If you received one of these messages and responded by entering your card number, expiration date and PIN, please contact us immediately to prevent unauthorized withdrawals.

November 15, 2012 — Malware Targeting Online Banking Users

A new variant of malware is being used that is unknowingly being installed on user’s computers.  Once the user logs on to any online banking site, the malware creates a pop up that asks the user to enter their user name and password a second time….it’s at that time the malware collects logon information to be used to compromise the accounts and perform unauthorized transfers.  We strongly encourage use of the following prevention methods:

• Ensure all software is kept up to date including operating systems, internet browsers, Java, etc.
• Ensure your anti-virus software is up to date and that you scan your computers regularly (weekly is recommended)
• Question any unusual login requirements including pop ups requesting additional entry of user name/password or installation of “upgrades”
• Contact our Member Contact Center at 1-888-786-2791 if you have any concerns of unusual activity or suspected compromise

April 4, 2012 — NetTeller Phishing Emails

Our online banking vendor has notified us that phishing emails are being sent to members who may use Netteller Online Banking.  These emails have an address of customer _service @cm.netteller.com with the subject line of NetTeller Watch Notice.  These emails are NOT coming from St. Mary’s Bank or any valid online banking company so you should not click on any links contained in the email.  If you clicked on any link, you should perform a full scan of your computer using your updated anti-virus or other anti-malware tool and you should not logon to any secured sites until you are sure your computer is not infected.  If you provided any private information including your online banking credentials, please contact us at 1-888-786-2791 so that we may take further action to secure your private information and/or accounts.

March 23, 2012 — Phony Text Messages

We have reports of members receiving text messages allegedly from their "credit unions" stating that their debit cards have been deactivated. These are not coming from St. Mary's Bank. If you received one of these messages and responded by entering your card number, expiration date and PIN, please contact us immediately to prevent unauthorized withdrawals:

Contact Options
1. Call our Member Contact Center during normal business hours:

1-888-786-2791 or 603-647-1111
Monday - Friday 8:30 a.m. - 7 p.m.
Saturday 9 a.m. - 12:30 p.m.

2. Outside of normal business hours, call the 24/7 hour support line: 1-888-241-2510 

3. Use the online service anytime if you are already signed up for online banking:

Just follow these simple directions:

1. Log on to your online banking account
2. Under “Preferences” select the option “Report Lost ATM / Debit Card”
3. On this screen, you will see the ATM/Debit cards linked to your account(s).
4. Check on the card you wish to deactivate and click submit.
5. Once your ATM / Debit card has been deactivated, a new card will be automatically mailed to you.

You should receive your new card within 7-10 business days.

April 27, 2011 — Sony Playstation Gaming Network Security Breach

It was reported in the news recently that Sony Playstation’s online gaming network was recently breached.  This network allows Playstation users to connect to other players on the Internet to compete and play against each other. It’s been reported that user names, home addresses, email addresses, date of birth and passwords were compromised. At this time there’s no evidence of compromised debit/credit card data but Sony has not ruled out that concern; Sony is in the process of notifying users. If you have used your St. Mary's Bank debit card on the Playstation network recently, please contact our Member Contact Center at 1-888-786-2791, so we may reissue you a new card. You should also be aware that you must change your Playstation password before updating any debit/credit card information with the Playstation network.

April 5, 2011 — Epsilon Data Breach

You may have received notification that your email address and possibly your name was compromised due to a data breach at Epsilon, an online marketing company that runs loyalty programs for many large companies such as Target, Capital One, Walgreens and Best Buy to name a few. At this time no private financial data appears to be involved in the breach but the concern is that a fraudster could use your email address to target you with a phishing email specific to a particular company you’ve done business with which may make you more likely to fall for the scam. If you receive any email noting you may have fraud or requesting private information or validation of such information, contact the company at a known phone number or directly thru their website (NOT thru an attached link). You should not click on any links or open any attachments in these emails as they could contain malicious code.

March 17, 2011 — Fraudulent E-Mails Claiming to Be from NACHA (The Electronic Payments Association)

We received an alert from NACHA that their information is being used in a phishing email scam.  The emails vary in content and appear to be transmitted from email addresses associated with the NACHA domain (@nacha.org). Some bear the name of fictitious NACHA employees and/or departments claiming that there’s been an error in the processing of the member’s transaction.  NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions.  Please be advised of the following:

• Do not click on any links or open any attachments from unknown senders as these could contain malicious code and/ or may route you to fake websites.
• If you have opened any attachments, you should ensure your anti-virus is up to date. Make sure you perform a full scan of your system.
• If you clicked on a link to a website and provided banking data, you should close your accounts. If they provided private personal data (e.g. DOB, SSN, mother’s maiden), they should place a fraud alert with the 3 major credit reporting agencies (Equifax 800-525-6285, Experian 888-397-3742, TransUnion 888-397-374888-397-3742).

April 22, 2010 — Current Phone Scam

NH residents are being targeted with phone calls claiming to be from the person’s “bank” stating there are fraudulent transactions on their debit card or account.  If you receive such a call, do not provide any private information including your debit card number or account number.  If you have provided this information, please contact us immediately at 1-888-786-2791. 1/27/2010 - The American Bankers Association (ABA) recently reported fake emails using their name and fraudulently alerting consumers of unauthorized transactions to their bank card.  The email instructs the consumer to click on a link to receive a transaction report but the email is a fraud and you should not click on the link as it could install malicious code onto your PC without your knowledge.  St. Mary’s Bank will NEVER notify you of unauthorized transactions in this manner.  If you have responded or provided private data, please contact our Member Contact Center at 1-888-786-2791 for assistance. See the section of this site labeled “E-mail Scams” for more information.

Fraudulent Email Link

We have received notice that some of our members may be receiving emails referencing a security alert and redirecting the user to a fraudulent link. The link or website may look exactly like the legitimate website but in fact is a “dummy” site that is set up to collect the private information you provide in order to commit identity theft or to initiate unauthorized transactions. You should never call the number or visit the website provided in the email…rather contact the sender at a known number or website directly. Learn more about these types of scams here.

December 4, 2008 — Invalid Website Certificates

Have you ever gone to a secure website and received a warning box that the security certificate is invalid and if so, what should you do?  Secure website certificates are issued to help ensure that you are actually at the secure website you selected and have not be re-directed to a bogus website.  If you receive a pop-up or warning box that the certificate is invalid or expired, you should not proceed any further especially if this is a website in which you intend to enter private information such as account or login information that can then be used to commit identity theft or unauthorized withdrawals.  You should instead contact the company at a known phone number (i.e. from your bank statement or from the back of your credit/debit card).  If you have any questions or feel that you may have been compromised, please contact our Member Contact Center at 1-888-786-2791.

September 30, 2008 — Beware of “Smishing” Scams that Involve Fraudulent Text Messages

The text messages appear to come from legitimate companies and note some urgency in order to protect your finances or avoid unauthorized debits.  Typically the user is asked to call a certain number and enter ATM/Debit card info or on web-enabled phones may be asked to click on a link that could contain malicious code or direct the user to a fraudulent website in order to obtain private data.  Please be aware that legitimate companies do not notify customers in this manner and that St. Mary’s Bank will never send a text of this nature.   If you have responded and provided private data, please contact our Member Contact Center at 1-888-786-2791 for assistance.

March 19, 2008 — Advance Fee Loan Scams

The FDIC has reported an increase in Advance Fee Loan Scams that prey on consumers who may be under financial duress and may be looking for “guaranteed” loans or are promised loans in return for fees paid upfront by the loan applicant.  The following are warning signs that may indicate a loan offer is not legitimate:

• The loan approval is "guaranteed." Lenders do not typically guarantee loans before analyzing the applicant's financial condition, credit history and ability to repay.
• The loan applicant is required to pay upfront fees to a third party or individual. Loan fees are normally paid to a business after the loan has been approved.
• The lender or loan processor may be located outside of the United States.
• Fees are requested using a retail wire transfer system. A password is sometimes used by the overseas receiver to pick up the funds in an attempt to hide the true identity of the criminals and make funds more difficult to trace.

January 28, 2008 — Mystery Shopper Scam

Various counterfeit checks have been received by members with instructions to evaluate Western Union locations as part of a “Mystery Shopper” program.  Instructions note to keep a portion of the funds as “salary” and to remit the larger portion via Western Union in order to evaluate the effectiveness and efficiency of the payment system.   Included may be an official looking questionnaire to note how friendly the representative was, if the area was clean, etc.  After the funds have been sent, the check is returned as counterfeit resulting in financial loss to the depositor. See the section of this site labeled “Checks/Mail Scams” for more information.

December 18, 2007 — American Express $500 checks

American Express has reported that counterfeit $500 travellers and gift checks are in circulation.  If you receive American Express checks (or any other type of check) with instructions to deposit/cash the items and return some of the funds, do not do so as they are likely to be counterfeit! You may call 1-800-525-7641 to verify American Express checks. See the section of this site labeled “Checks/Mail Scams” for more information.

October 30, 2007 — CUNA Phishing E-Mail

Some members have reported receiving e-mails from “CUNA” asking that they call a phone number or click on a link to resolve a compromised credit card. Please be aware that CUNA has reported this as a phishing scam and you should not click on any link or respond. If you have responded and provided private data, please contact our Member Contact Center at 1-888-786-2791 for assistance. See the section of this site labeled “E-mail Scams” for more information.

August 13, 2007 — Increase in Counterfeit US Postal Money Orders

We are seeing an increase in counterfeit US Postal Money orders being received by members through the mail. If you receive postal money orders (or any other type of check) with instructions to deposit the items and return some of the funds, do not do so as they are likely to be counterfeit! You may call 1-866-459-7822 to verify US Postal Money Orders or visit your local post office to determine if they are valid. See the section of this site labeled “Checks/Mail Scams” for more information.

July 3, 2007 — Beware of Fraudulent FDIC Mailings

FDIC reported that fraudulent emails, mailings and faxes are being sent out with the purpose of gaining sensitive personal information. FDIC never contacts banking customers directly and you should never respond to such requests. See the section of this site labeled “Email Scams” for more information.

June 12, 2007 — Increase in Counterfeit Checks for Government Grants

We are seeing an increase in counterfeit checks being received by members for an alleged “grant” they have received from the US Government. While there are legitimate US grants available, these grants are typically for projects that benefit the community and require detailed accounting and oversight by the government. They are never checks randomly mailed out. Be wary of any check randomly received especially if you get instructions to deposit the check and return some of the funds to another individual. 


Back to Security Center Home.