Scam Warnings

Debit Card Security

With the increasing frequency of fraudulent activity, it is important to know how debit cards could be compromised and steps to protect your debit card.

How is cardholder information compromised?

There are a number of ways that cardholder information may be compromised:

Skimming is the theft of debit card information used in an otherwise legitimate transaction. Skimming is typically an “inside job” by a dishonest employee of a legitimate merchant. The employee may photocopy sales receipts that contain a customer’s card information or may use a small electronic device known as a “skimmer” to swipe and store hundreds of debit card numbers

Hacking is the fraudulent intrusion into a merchant’s computer or computer network which has stored a customer’s debit card information from a previously conducted, legitimate transaction

Sniffing involves electronically intercepting debit card information in its unencrypted state, usually during the transmission phase between the merchant and the third-party vendor the merchant uses to obtain card authorizations

Phishing represents the fraudulent acquisition of a customer’s debit card number through an e-mail purporting to be from a trustworthy source

SMishing is phishing via text message

Vishing is phishing that takes place in a telephone call

How can I protect myself?

Here are some tips to help protect you from card skimming or becoming the victim of a phishing/SMishing/vishing attack:

Skimming

1. Don’t let your card out of your sight. Watch carefully anyone who handles your card

2. Regularly check your bank statements to ensure that all debit card purchases were authorized by you

3. Don’t swipe your card through any card reader that appears suspicious or shows evidence of possible tampering

Phishing

1. Never click on a link to an Internet address contained in an e-mail. Type the URL into your web browser yourself or use a bookmark that you have previously created

2. Utilize anti-virus software that contains anti-spam and spyware detection features; and keep it up to date. Only conduct financial transactions on secure websites, or URL’s that start with “https” instead of just “http”

SMishing

1. Don’t respond. Don’t call any numbers listed in the text message or click on any links to an Internet address

2. Remember, legitimate financial institutions don’t send text messages to their customers requesting personal or financial information

Vishing

1. Be suspicious of unknown callers, especially those who ask for personal or financial information

2. Call them back. Use the phone number shown on your card or your statement, NOT a number the caller provides to you

3. Register your telephone number with the National Do Not Call Registry at www.donotcall.gov

Passwords Can Protect You Against Pretext Calling Fraud

(Please remember that CBG will never solicit information from you via phone or email.)

As criminals become more skilled at obtaining personal information, it is important to safeguard your biographical data. Pretext callers contact Bank employees, posing as customers, in an attempt to access personal account information and status. He/she will often have the correct biographical information (name, address, phone number, date of birth, social security number) of the true account holder, having obtained this biographical information from public resources, proprietary investigative databases and/or identity theft.

How to Avoid Pretext Calling Fraud

CBG has a security program in place and our staff is trained on pretext call prevention. However, you can help us. Please take time to visit with your Personal Banker and place authorization codes or passwords on your account(s). These passwords and other identifying information are used by the Bank before any release of information in-person, by phone, fax or other telecommunication device.

When you add passwords to your credit card, bank and phone accounts, avoid using easily available information like your mother's maiden name, your birth date, the last four digits of your SSN or your phone number, or a series of consecutive numbers.

If You Believe You Have Been a Victim

Contact the fraud department of each of the three major credit bureaus to report the identity theft and request that the credit bureaus place a fraud alert and a victim's statement in your file. The fraud alert puts creditors on notice that you have been the victim of fraud, and the victim's statement asks them not to open additional accounts without first contacting you.

The following three telephone numbers for the fraud departments of the three national credit bureaus are:

• Trans Union: 1-800-680-7289
• Equifax: 1-800-525-6285
• Experian: 1-888-397-3742

You may request an initial fraud alert online:

• Equifax – https://www.alerts.equifax.com
• Experian – http://www.experian.com/fraud

You may request a free copy of your credit report at annualcreditreport.com. Consistently review your credit report.

Contact CBG’s security officer and/or other creditors where you have accounts that may have been the subject of identity theft.

File a report with your local police department.

SCAM ALERT (4/19/12)

We have been made aware of a “phishing” attack being broadcast through the Twitter hash tag #shazamdebitcard. This attack has led to the creation of several fraudulent “Shazam Debit Card” Internet sites. The sites claim to be collecting information for fast-cash loans; therefore, personal information, such as a person’s Social Security number, date of birth, and driver’s license number, is being targeted. For your own safety, please do not respond to any of these tweets. If you have any concerns that your information may have been compromised, please contact CBG Customer Care at (888) 880-4048.

FEDERAL RESERVE WIRE EMAIL SCAM (11/2011)

There is a Federal Reserve “themed” email spam campaign being waged against individuals and businesses.

THIS IS A FRAUDULENT EMAIL – IT WAS NOT SENT BY THE FEDERAL RESERVE. DO NOT click on the link.

The fraudulent email appears to have originated from the Federal Reserve. Specifically, the email claims to be from the Federal Reserve Wire Network and the email address has been falsified to read “fedwire@federalreserve.gov.”

The message notifies recipients that their recently sent wire transaction sent from their checking account was cancelled by the Federal Reserve Wire Network and the individual or business target needs to click on the link to view details. The Wire transaction, recently sent from your checking account (by you or any other person), was cancelled by the Federal Reserve Wire Network.

Be aware the phishing emails frequently have attachments and / or links to Web pages that host malicious code and malware. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or appear to be known but are suspicious or otherwise unusual.

To check on your transaction – call CBG at 331-3100 … do not click the link.

SCAM ALERT (2/7/2011)

CBG customers are notifying the Bank that they have received automated and live telephone calls requesting debit card/account information. The calls are referencing “Your MasterCard debit card” or “Your SHAZAM debit card.” These calls are not being made by CBG. They are a fraudulent attempt to obtain account information.

Customers should not provide any account or personal information if they receive one of these calls. If you have responded to one of these calls, please contact CBG Customer Care immediately at 515-331-3100.

SCAM ALERT (1/2010)

CBG has been notified that counterfeit cashier's checks are being circulated under the bank's name. The checks have been received by individuals in VA, NY and FL. The group of checks reported to us all have the incorrect logo on them. They are in the amount of $3,500.22 and have the remitter name of Lanny A. Breuer.

Currently, these checks are being issued as part of a mystery shopping scam. Recipients are instructed to cash the check, keep a portion of the money and send the balance to China.

These cashiers checks are counterfeit and should be turned over the authorities.

Free Trials Aren't Really "Free"

A popular way to get consumers to buy products is a free trial offer. The problem? These free trials are not really free. Companies promote a wide variety of products that range from diet pills to teeth whiteners. They promise a "free" trial of their product and all you have to do is pay for shipping. They ask you to provide your credit card or debit card to "receive" the sample.

Hidden deep in their long and complicated fine print is the provision that if you do not cancel within a certain amount of time, usually about 2 weeks to thirty days, you will be automatically signed up for monthly deliveries and they will continue to charge your debit card a monthly fee. Trying to stop these charges is extremely difficult. The trial period does not begin from the time you receive the product, but from the second you place the order for the “free” sample. Because you willingly turn over your card information, you are consenting to let the company charge your card, and therefore, the Bank cannot dispute the charge for you.

So, before you take part in a free trial offer, read the fine print. Ask yourself if the proverbial saying, “If it is too good to be true, it probably is … ” applies to the “free” trial offer you are considering.