Phishing and Spoofing

Sometimes criminals may send you emails that look like they come from First Arizona Savings.  These phony emails ask you to go to a website that also looks like First Arizona Savings.  They will ask you to provide personal account information.  The Website is a fake.  Here are some key warning flags:

·         Asking for personal information should raise a flag since First Arizona Savings emails will never ask you to reply in an email with any personal information, such as your Social Security number, ATM or Debit Card PIN.

·         Urgent appeals claim that your account may be closed if you fail to confirm, verify or authenticate your personal information.  First Arizona Savings will not ask you to verify information in this way.

·         Messages about system and security updates claim that the bank needs to confirm important information due to upgrades and state that you must update your information online.  First Arizona Savings will not ask you to verify information in this way.

·         Offers that sound too good to be true often are. You may be asked to fill out a short customer service survey in exchange for money being credited to your account and you are then asked to provide your account number for proper routing of the supposed credit.  First Arizona Savings will not request your information in this way.

·         Typos and other errors are often the mark of fraudulent emails or websites.  Be on the lookout for types or grammatical errors, awkward writing and poor visual design.

To protect against phishing and spoofing:

• Always look for your secure padlock    when you sign in to Online Banking.
• Make sure you are at First Arizona’s Website when you sign in to Online Banking.  You can type www.firstarizona.com in your browser.
• If you receive a suspicious email, do not click on any links or reply to it. Simply delete it.
• To report a suspicious email that uses First Arizona’s name, you can forward it to customerservice@firstarizona.com

E-mail Claiming to Be From the FDIC

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.

The subject line of the e-mail states: "Funds wired into your account are stolen." The e-mail tells recipients that the proceeds of identity theft crimes have been wire-transferred into their bank account. The e-mail then directs recipients to open and review an attached copy of their bank account statement. The attached file is actually an unknown executable file.

Recipients should consider the intent of the executable file as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.

The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT open the executable file attached to the fraudulent e-mail.

Phishing Alert:  Emails from the Internal Revenue Service.

There is a phishing email being sent out by vicious thieves.  It purports to be from the IRS and the top of the copy has the U.S. Treasury logo.  It looks very official – but it is not real.   The email refers to the Economic Stimulus Refund checks and will ask for your account information in order to direct deposit your check.  Please do not send any bank information to anyone soliciting through email.  Below is information taken the official IRS website:

If you receive an unsolicited e-mail communication claiming to be from the IRS, please forward the original message to: phishing@irs.gov using the instructions provided below. You may not receive an individual response to your e-mail because of the volume of reports we receive each day.

• The IRS does not initiate taxpayer communications through e-mail. In addition, the IRS does not request detailed personal information through e-mail or ask taxpayers for the PIN numbers, passwords or similar secret access information for their credit card, bank or other financial accounts.
• Do not open any attachments to questionable e-mails, which may contain malicious code that will infect your computer. Please be advised that the IRS does not initiate contact with taxpayers via e-mails.

Fraud and Consumer Tips

Because of growing online threat, we feel it important to create awareness about the different avenues of attack that you may come across.  Please browse through this page to learn more about how to protect yourself.

• First Arizona Savings will never ask for any personal or other sensitive information via email.
• The email “From” field can be easily forged
• Cyber-criminals use Phishing as a tool to gather sensitive information from unsuspecting internet users.

Beware of Internet Fraud.  The bank will never request confidential information through e-mail.

Report any such requests to the bank at 1-800-280-2800 or 480-481-8500.

• Identity Theft
• Online Security
• Fake Email – Phishing

Identity Theft

Identity theft occurs when someone steals your personal information and uses it repeatedly to open new accounts or initiate transactions in your name. Identity theft is easily confused with fraud, so we recommend that you review the information found in below to confirm your particular situation so you can resolve it appropriately.

If the fraudulent activity is limited to your First Arizona Savings account(s):
Contact us at 1-800-280-2800 immediately.

If you believe you are a victim of identity theft that extends beyond your First Arizona Savings account(s), here are some steps you should consider taking:

• Contact First Arizona Savings. Report any fraudulent activity on your accounts by calling us at 1-800-280-2800 or 480-481-8500.
• Contact the major credit bureaus. The fraud departments of the three main credit bureaus track the accounts opened in your name. You can request that a short or long-term “fraud alert” be placed on your credit file, which requires creditors to verify your identity before opening any new accounts in your name or changing any existing accounts. You only need to contact one bureau to do this — that bureau will notify the others.
  
  Credit bureaus must provide victims of identity theft with a free copy of their credit report. You should request one from each bureau, since the information can differ. Look them over carefully to see if any fraudulent accounts have been opened, and if so, notify the credit bureau and the companies where accounts were opened to report the fraud directly. Once the dispute has been resolved, the credit bureaus that you dealt with will send you another copy of your credit report so you can review it again to make sure that all fraudulent activity has stopped and your file has been corrected.
  
  For more information about the steps to take, and to get your credit reports, contact the credit bureaus listed below.
•  Equifax: 1-800-525-6285 or www.equifax.com
•  Experian: 1-888-397-3742 or www.experian.com
• TransUnion: 1-800-680-7289 or www.transunion.com

• Contact other creditors. Contact your other creditors including credit card and phone companies, as well as banks and other lenders, to notify them of potential fraud. Always follow up any telephone conversations with a letter. Close any accounts that have been breached and reopen them with new account numbers and passwords. We strongly suggest not using your Social Security number as either a username or password.
• File a report with the local police. Contact your local police department if you suspect that your personal information was stolen. A police report will lend weight to your case when dealing with creditors who may require proof of criminal activity.
• Report the criminal activity to the Federal Trade Commission (FTC). Call the toll-free hotline at 1-877-ID THEFT (1-877-438-4338) to speak with a trained identity theft counselor. Or enter information about your complaint into a secure FTC online database at www.consumer.gov/idtheft for information may be shared with other law enforcement agencies investigating identity theft.
• Contact other agencies as appropriate.   
• Postal Inspection Service at www.usps.com.   If you believe your mail was stolen or redirected, notify the Postal Inspector at your local post office.
• Social Security Fraud Hotline at 1-800-269-0271. If you suspect someone is using your Social Security number for fraudulent purposes, call the hotline.
• Department of Motor Vehicles office at www.dmv.org. If you believe someone is trying to get a driver’s license or identification card using your name and information, contact your local DMV.
• Carefully review all your accounts. Since identity theft takes time to completely resolve, you should continue to carefully review all charges and transactions appearing on account statements and online. Any discrepancies should be reported immediately.

Online Security

Online fraud occurs when someone poses as a legitimate company to obtain sensitive personal data and illegally conducts transactions on your existing accounts. Often called “phishing” or “spoofing,” the most current methods of online fraud are fake emails, Web sites and popup windows, or any combination of these.

Always keep in mind that First Arizona Savings will never send email containing attachments, or require customers to send personal information to us via email or pop-up windows. Any unsolicited request for First Arizona Savings account information you receive through emails, Web sites, or pop-up windows should be considered fraudulent and reported immediately.

Fake emails will often:

• Appear to be from a legitimate source. While some emails are easy to identify as fraudulent, others may appear to be from a legitimate address and trusted online source. However, you should not rely on the name or address in the “From” field, as this is easily altered.

• Ask you for personal information. Fake emails often contain an overly generic greeting and may claim that your information has expired, been corrupted or been lost, and that you must immediately resend it.

• Link to counterfeit Web sites. Fake emails may direct you to counterfeit Web sites carefully designed to look real, but which actually collect personal information for illegal use.

• Link to real Web sites. In addition to links to counterfeit Web sites, some fake emails also include links to legitimate Web sites. The fraudsters do this in an attempt to make a fake email appear real.

• Contain fraudulent phone numbers. Fake emails often contain telephone numbers that are tied to the fraudsters. Never call a number featured on an email you suspect is fraudulent, and be sure to double-check any numbers you do call.

• Contain real phone numbers. Some of the telephone numbers listed in fake emails may be legitimate, connecting to actual companies. Just like with links, fraudsters include the real phone numbers in an effort to make the email appear to be legitimate.

Trojan horses

These fake emails may also contain a virus known as a “Trojan horse” that can record your keystrokes. The virus may live in an attachment or be accessed via a link in the email.

Again, First Arizona Savings customers should keep in mind that we do not request personal information via email or send email attachments. Never respond to emails, open attachments, or click on links from suspicious or unknown senders.

If you’re not sure if a First Arizona Savings email is legitimate, report it to us without replying to the email.

How is my email address obtained?

Email addresses can be obtained from publicly available sources or through randomly generated lists. Therefore, if you receive a fake email that appears to be from First Arizona Savings, this does not mean that your email address, name, or any other information has been taken from First Arizona Savings' systems.

Counterfeit Web sites

Online thieves often direct you to fraudulent Web sites via email and pop-up windows and try to collect your personal information. In many cases there is no easy way to determine that you are on a phony Web site because the URL will contain the name of the institution it is spoofing. However, if you type, or cut and paste, the URL into a new Web browser window and it does not take you to a legitimate Web site, or you get an error message, it was probably just a cover for a fake Web site.

Another way to detect a phony Web site is to consider how you arrived there. Generally, you were directed by a link in a fake email requesting your account information. Again, First Arizona Savings will not request personal information from customers via email and any unsolicited request should be considered fraudulent and reported immediately.

How can I help protect myself?

With a few simple steps, you can help protect your accounts and personal information from fake emails and Web sites:

• Delete suspicious emails without opening them. If you do open a suspicious email, do not open any attachments or click on any links it may contain.

• Never provide sensitive account or personal information in response to an email. If you have entered personal information, call First Arizona Savings immediately at 1-800-280-2800 or 480-481-8500.

• Install and regularly update virus protection software.

• Keep your computer operating system and Web browser current.

• Monitor your accounts on a regular basis and report suspicious charges immediately.  Scrutinizing your account activity regularly is one of the best ways to notice and stop fraudulent activity quickly.

We have taken steps to insure that your experience with our online services are safe.  These steps include utilizing a secure connection to log in to internet banking, virus protection on all of the systems that handle your information, and a strict policy that all of our employees adhere to when to comes to processing your information.