As with all financial transactions, please exercise discretion when using an ATM or night deposit facility. The following suggestions may be helpful.

• Be aware of your surroundings, particularly at night.
• Consider having someone accompany you when the ATM is used after dark.
• Refrain from displaying your cash at the ATM. As soon as your transaction is completed, place your money in your purse or wallet.  Count the cash later in the safety of your car or home.  Do not leave your receipt at or near the ATM.
• It is appropriate to politely ask someone who is uncomfortably close to you to step back before you complete your transaction.
• Consider using another ATM or coming back later if you notice anything suspicious. If you are in the middle of a transaction and you notice something suspicious, cancel the transaction, pocket your ATM card and leave.
• Go to the nearest public area where people are located if you are followed after making a transaction.
• Do not reveal your Personal Identification Number (PIN) to others. Avoid allowing others to view your PIN entry into an ATM.  Memorize your PIN and do not write your PIN or code on your ATM Card.
• Report all crimes to law enforcement officials immediately.

Identity theft is when fraud is attempted or committed using identifying information of another person without their authority such as name, date of birth, social security number, or mother’s maiden name.  Fraud is committed when these criminals:

• Conduct unauthorized transactions on existing accounts.
• Take over an existing account through prolonged use or by emptying an account.
• Establish or attempt to establish new accounts (credit cards, loans, etc.) using acquired information.

How to protect yourself

1. Protect your personal information. Only give out this information if you know how it will be used or shared and you have initiated the contact.
2. Only provide the last four digits of your Social Security Number or Driver’s License number when absolutely necessary.
3. Do not keep unnecessary information you do not need in your wallet or purse.
4. Check your credit report at least once a year.
5. Review your account statements promptly and report any discrepancies or suspicious transactions to the bank immediately.
6. Shred or tear up statements, checks, credit card solicitations, charge receipts, expired cards and documents containing personal identifying information.
7. Promptly pick up delivered mail and deposit outgoing mail at a postal mailbox or the post office. To avoid this threat, enroll in E-Statements.

Contact Metro Bank immediately at 205-884-6200.

Contact the Federal Trade Commission’s Identity Theft Hotline at 1-877-ID-THEFT (1-877-438-4338).

Contact the three main credit bureaus to report fraud and request copies of your credit report. Fraud flags and statements will be added to your report saying that all potential creditors should contact you to verify credit applications.

Equifax – to report fraud, call 1-800-525-6285.  To request a copy of your credit report, call 1-800-685-1111.

Experian – to report fraud or request a copy of your credit report, call 1-888-397-3742.

TransUnion – to report fraud, call 1-800-680-7289.  To request a copy of your credit report, call 1-800-916-8800.

Report the theft of mail to your local postal inspector.

Metro Bank will never ask you to provide, verify or update your personal, account or financial information via email or pop-up windows.  This includes: social security number, passwords, PIN, Credit or Debit Card numbers. If you receive an email requesting such information, do not respond and never click on a link contained in a suspicious email.

Cyber criminals are targeting the financial accounts of owners and employees of small and medium-sized businesses, resulting in significant business disruption and substantial monetary losses due to fraudulent transfers from these accounts.

Cyber criminals employ various technological and non-technological methods to manipulate or trick victims into divulging personal or account information. Such techniques may include performing an action such as opening an email attachment, accepting a fake friend request on a social networking site, or visiting a legitimate, yet compromised, website that installs malware on their computer(s).

The cyber criminal’s goal is to get the employee to open the infected attachments or click on the link contained in the email and visit the fraudulent website where hidden malware is often downloaded to the employee’s computer. This malware allows the fraudster to “see” and track employee’s activities across the business’ internal network and on the Internet. This tracking may include visits to your financial institution and use of your online banking credentials used to access accounts (account information, log in, and passwords). Using this information, the fraudster can conduct unauthorized transactions that appear to be a legitimate transaction conducted by the company or employee.  To learn more read the paper created as part of a joint effort between the United States Secret Service, the Federal Bureau of Investigation, the Internet Crime Complaint Center (IC3) and the Financial Services Information Sharing and Analysis Center (FS-ISAC). (http://www.ic3.gov/media/2010/CorporateAccountTakeOver.pdf)

“Phishing” involves the use of fraudulent email or internet browser pop-up messages that appear to be from a legitimate source, often using a company name, logo and/or graphic. A typical scam consists of:

• Receipt of an email message stating you need to update or validate your account information.
• The message suggests a dire consequence, such as your online access expiring or being suspended, if you do not respond.
• Via a link in the message, it directs you to a website that looks legitimate, but it is not.
• THE INTENT IS TO TRICK YOU INTO DIVULGING YOUR PERSONAL INFORMATION, such as your account number, social security number, User ID or password so they can commit crimes of a monetary nature or identity theft. It may also be an attempt to deliver and install malicious code (malware) that can harm your computer.

Reporting a Fraudulent Email

If you receive a suspicious email that appears to be coming from Metro Bank, please forward a copy of the suspicious email to bookkeeping@metrobankpc.com  (Previous link takes you to email setup) If you discover a potentially phony Metro Bank Web site, please forward the Web address (url) to bookkeeping@metrobankpc.com (Previous link takes you to email setup)

To report unauthorized transactions on your account, contact Metro Bank at

205-884-6200.

“Pharming” occurs when you go to a website but are redirected without your consent or knowledge, to a fraudulent website which looks similar to a legitimate site; the intent of the fraudulent website is to capture confidential information.

Lottery and/or sweepstake scams offer recipients a percentage of the money transferred as compensation for their help. Individuals/companies who respond are asked to provide their account information in order to have the money transferred to them.  International scams involve unsolicited letters and emails that individuals/companies receive offering the recipient large sums of money for assistance in transferring millions of dollars to American banks.  Once these scam artists have your account information, they not only don’t transfer money to the account, they use the account information to steal money from the individuals/companies.  These offers are originated out of the country, often from Canada and Nigeria.

One of the newest scams is the Account Manager or Money Transfer Agent.  Recipients receive an email or advertisement on the web trying to recruit them to be an account manager or transfer agent for a fictitious company.  These scam artists steal money from an unsuspecting person’s account, then transfer the money into the manager/agents’ account.  The criminals then ask that the money be sent back to them.  Again, the compensation the manager/agent gets to keep is a percentage of the money, as their ‘commission’.  This opens the personal accounts of the manager/agent up to fraud – and if the account is used in an online scheme, the owner can be liable for lost funds.

The Secret Service, which handles complaints related to these types of schemes, believes many people have responded to these requests for assistance and sent money, but did not report their losses due to embarrassment.

Please keep in mind, there is NO legitimate reason for someone to give you money (in any form including money order, check or wire transfer) only to ask you to send the money back.  It’s illegal for a company to require you to buy something or pay a fee in order to win or claim a prize.  Should you receive one of these letters, please do not reply, but report the letter to the Internet Fraud Complaint Center. (http://www.ic3.gov/default.aspx)

Fraud can also occur when selling items online.  If the item is being purchased by a check, the seller may request the purchaser issue a check for an amount greater than the asking price.  The ‘seller’ is asked to wire the difference back.  Frequently, the original check used is counterfeit or forged.

1. Protect your personal information, account numbers, User ID & password, card numbers and PINs. Use caution when providing this information to persons/entities over the Internet or the phone.
2. Install and update anti-virus software regularly. To learn more about computer security visit the FTC’s Information Security website. (http://www.ftc.gov/infosecurity/)
3. Make sure your computer is updated with the most recent patches and security updates.
4. Never send your personal or account information using your personal email. To send this information to us, use the secure messaging feature in Online Banking or Metro Bank Secure Email under contact us tab on the bank’s website.
5. Immediately delete any emails from an unknown source prior to opening it. If you open a suspicious email, do not click on a links or attachments provided in the email.
6. Be cautious of emails that warn you that your account may be at risk, fraudulent activity or charges exist on your account or convey a sense of urgency. These often include details of the suspicious activity requesting you respond to the email or ‘click here’ to visit their site to update your information.
7. Prior to sending confidential information or financial transactions through a website, look for the lock icon on your status bar in the lower right corner. This signifies information is secure during transmission. By double clicking the padlock, you can view the security certificate.  Also, look for the ‘s’ in the “https” of the URL in your Web browser when engaging in financial transactions.  This indicates scrambling or encryption of the communication.
8. Keep your password confidential. Change passwords regularly using a combination of numbers, letters and special characters. Avoid using obvious passwords like mother’s maiden name, children or pet names, social security number or date of birth.
9. Be careful when using a computer in a public area where someone could watch you enter your User ID and password.
10. Review your account statements promptly and report any discrepancies or suspicious transactions immediately.
11. Install anti-spyware on your computer to help prevent your personal and account information from being collected without your knowledge.
12. Clean the hard drive of a computer before disposing of it.

Metro Bank will never ask a customer to provide, verify or update your personal information, account number, card number and PIN, User ID and password, or other financial information via email, live or automated phone call, or text message.  If you are contacted by any of these methods requesting personally identifiable or account information, do not respond.

Note: Remember, we may call you to verify card activity that appears suspicious or to provide you with information about products and services we offer.

This Internet Privacy Policy explains how we may collect information from you when you visit our web site or when you use our online financial services.

We recognize the importance our customers place on the privacy and security of their personal information.  Our goal is to protect your personal information in every way that we interact with you, whether it’s on the telephone, in our lobby, at one of our ATMs, or on the Internet.

We think it is important for you to be informed of the policies, procedures, and security measures that we have in place to safeguard your personal and confidential information. With that in mind, we have developed this Internet Privacy Policy to help you to understand the steps we take to protect your personal information when you utilize our online financial services.

In addition to the protections discussed within this Internet Privacy Policy, your online financial activities may also be protected by our general privacy policy.

Below are several definitions of terms used within this policy:

Customer Information – Customer Information refers to personally identifiable information about a consumer, customer or former customer of this Institution.  

Internet Protocol (IP) Address – an IP address is a unique address that devices use in order to identify and communicate with each other on a computer network.  An IP address can be thought of as a street address or a phone number for a computer or other network device on the Internet. Just as each street address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network. We may use IP addresses to monitor login activity and for identification purposes when necessary for security investigations.

Cookie – a Cookie is a very small text file sent by a web server and stored on your hard drive, your computer’s memory, or in your browser so that it can be read back later.  Cookies are a basic way for a server to identify the computer you happen to be using at the time. Cookies are used for many things from personalizing start up pages to facilitating online purchases.  Cookies help sites recognize return visitors and they perform a very important function in secure Internet banking.

“Session” Cookies are used to monitor session activity within our Internet banking product. These Cookies are encrypted and only our Service Provider can read the information in these Cookies.  The session Cookie facilitates the processing of multiple transactions during a session without requiring you to reenter your passcode for each individual transaction.  Session Cookies used within our Internet banking product do not pass to your computer’s hard drive.  Instead, the Cookie is stored in your computer’s memory, identifying only your computer while you are logged on.  When you log off, or close your browser, the Cookie is destroyed. A new Cookie is used for each session; that way, no one can use the prior Cookie to access your account. For additional security, the Cookie expires after 10 minutes of inactivity. It must then be renewed by reentering your passcode. We do not use this Cookie to collect or obtain personal information about you.

An encrypted non-expiring Cookie is also used within our Internet banking product for the identification of this Institution.

Service Provider – In order to provide a full range of online financial services, we may use various third party providers.  These third parties provide services such as: website hosting, Internet banking, bill payment, and account aggregation.  Third party providers are referred to within this policy as “Service Providers”.

Information Collected on the Internet

If you are just browsing through our website, we do not request any personally identifiable Customer Information, nor do we collect unique identifying information about you unless you voluntarily and knowingly provide us that information, such as when you send us an email or complete an application online. If you provide us this information, it is only used internally and in furtherance of the purpose for which it was provided.

As part of providing online financial products or services, we may obtain information about our customers and website visitors from the following sources:

• Information we receive from you on applications, emails, or other forms;
• Information about your transactions with this Institution and our affiliates;
• Information we receive from a consumer-reporting agency; and
• Information that is generated electronically when you visit our website or use our online financial services.

Service Providers hosting our website and Internet banking service may collect general information on our website visitors for security and statistical purposes.  Such information may include:

• The Internet address (referral site) which brought you to our web site;
• The date and time you access our site;
• The name and version of your web browser;
• Your Internet Protocol (IP) address;
• The pages visited in our website; and
• The duration of your online session.

Our Service Providers may use Cookies to collect some the above information. In some cases you must accept cookies in order to view our website.   

When you click on advertisements in our website or advertisements on linked 3rd party web sites, you may receive another Cookie; however, you do not have to accept any Cookies from third party advertisements.

As mentioned previously, our Service Provider(s) may also use Cookies within our Internet banking and bill payment products. You must accept these Cookies in order to utilize the service.  These Cookies do not store any personally identifiable information; they simply provide another level of security.

Use of Information Collected

• We may disclose the information that we collect, as described above, with Service Providers acting on our behalf to provide online financial services such as: Internet banking and bill payment.
• We may also disclose Customer Information when required or permitted by law. For example, Customer Information may be disclosed in connection with a subpoena or similar legal process, fraud prevention, or security investigation.
• We may also share Customer Information outside this Institution when we have your consent, such as when you request a specific product like insurance or an investment product from a third party financial services provider.
• We may also disclose aggregate (not personally identifiable) Customer Information with Service Providers or financial institutions that perform marketing and research services on our behalf and with whom we have joint marketing agreements. Our contracts require all such Service Providers/or financial institutions to protect the confidentiality of your Customer Information to the same extent that we must do.
• We do not disclose any Customer Information about our customers, former customers, website visitors to anyone, except as permitted or required by law.
• We do not sell any of your personal information.

Account Aggregation

Account aggregation sites allow you to consolidate account information from several sources into one online location.  In order to provide this service, an aggregation provider may request your passcode and login information. You should ensure that the aggregation provider has appropriate policies to protect the privacy and security of any information that you provide.

If you provide information about your Metro Bank accounts to an aggregation provider, we will consider all transactions initiated by an aggregator using the access or login credentials that you provide, to be authorized whether or not you were aware of a specific transaction.

If you decide to revoke the authority given to an aggregation provider, we strongly recommend that you also change your online passcode with this Institution.  This will help ensure that the aggregation company cannot continue to access your account(s) with us.

Email Policies

When you enroll for our online services, we will send you a welcome email.  We may also send emails marketing various products and services offered by this Institution. We will always provide you an opportunity to opt-in or opt-out of marketing related emails.

We will also send security related email notices when you sign-up for email (“notify me”) alerts on your account(s) or whenever you change your passcode, security question, or email address.

If you agree to accept electronic disclosures and/or online account statements, we may also send you notices of important account updates through email. For example, if you have agreed to accept disclosures electronically, we may send you an email with updates to this privacy policy and/or we may send you a notice that your account statement is available for viewing on our website.   For more information on how to enroll for electronic disclosures, please contact us at (205) 884-6200.

Beware of Phishing Attempts and Internet Scams

While email is convenient and has a good business use, it can also be misused by criminals for scams and various other fraudulent purposes.   “Phishing emails” are frequently used by criminals to entice the recipient to visit a fraudulent website where they try to convince the recipient to provide personal information, such as ATM card numbers, account numbers, Social Security numbers, access Ids and passcodes.  Some of these fraudulent websites may also be virus laden and can be used to download mal-ware to your computer.  Fraudulent websites often look identical to a legitimate site, so it’s important to look very closely at the website address.

Below we have listed a few tips to help protect your personal information on the Internet:

• Always be wary of links in emails, especially any links in emails purporting to be from this Institution.
• Please remember that if we send you an email, we will never ask for personal information such as your account number, ATM card number, PIN number, or social security number.
• Bookmark financial websites and use these bookmarks every time you visit the website.
• Whenever you enter personal information like your access ID or passcode, always look for the lock symbol, or https: in the address bar. Always click on the lock symbol and review the certificate details.
• Update your Internet browser! Most browsers now offer free anti-phishing tool bars that can help alert you of fraudulent websites.
• If you send us an email, please do not include any confidential, personal or sensitive information in the email message, as email messages are generally not secure. We do offer secure messaging through our Internet Banking product and you may use this secure messaging feature if you need to send us sensitive or confidential information.
• Make sure that your computer always has up-to-date versions of both anti-spyware and anti-virus software.
• If you receive an e-mail that you think could be a scam, delete it immediately or forward the email to spam@uce.gov.
• If you have any questions about the legitimacy of an email, especially an email from this Institution, you can also call us at this number (205) 884-6200 or forward the email to bookkeeping@metrobankpc.com.

External 3rd Party Links

Our website may include links to other 3rd party web sites.  These links to external 3rd parties are offered as a courtesy and a convenience to our customers.  When you visit these sites, you will leave our website and will be redirected to another site.

This Institution does not control linked 3rd party web sites.  We are not an agent for these third parties nor do we endorse or guarantee their products.  We make no representation or warranty regarding the accuracy of the information contained in linked sites.  We suggest that you always verify the information obtained from linked websites before acting upon this information. Also, please be aware that the security and privacy policies on these sites may be different from our policies, so please read third party privacy and security policies closely.

While using our website, you may still see our logo when linking to a 3rd party site.  A technique called “Framing” allows us to display our logo and look and feel while allowing you to browse another site at the same time. It’s important to note that while you may still see our logo and frame, any information you provide to a 3rd party is not covered by our privacy or security policies.

If you have questions or concerns about the privacy policies and practices of linked 3rd parties, please review their websites and contact them directly. This privacy policy applies solely to the Customer Information collected by this Institution. 

Security

This Institution and our Service Providers have developed strict policies and procedures to safeguard your Customer Information.  Our policies require confidential treatment of your personal information.  We restrict employee access to your personal information on a “need to know” basis and we take appropriate disciplinary measures to enforce employee privacy and confidentiality responsibilities.   We have established training programs to educate our employees about the importance of customer privacy and to help ensure compliance with our policy requirements.

Furthermore, this Institution and our Service Providers maintain strong physical, electronic and procedural controls to protect against unauthorized access to customer information.  Our computer systems are protected in the following ways:

• Computer anti-virus protection detects and prevents viruses from entering our website, email, and computer network systems.
• Firewalls and intrusion prevention systems block unauthorized access by individuals or networks.
• We use encryption technology, such as Secure Socket Layer (SSL), to protect the transmission of your confidential information. Whenever you login to our Internet banking product or schedule an online transaction through our system, the communication is encrypted. Encryption scrambles transferred data so it cannot be read by unauthorized parties.
• We use strong multi-level authentication and behavior analysis to help prevent unauthorized access to your accounts. Multi-level authentication can help prevent access by someone who may have stolen your login credentials.
• We provide secure email through our Internet Banking product to help ensure that your communications with us are confidential.
• We continually monitor technological advances and upgrade our systems to ensure your information remains secure.

Privacy of Children

COPPA, the Children’s Online Privacy Protection Act, protects children under the age of 13 from the collection of personal information on the Internet.  This financial institution respects the privacy of children. We do not knowingly collect names, emails addresses, or any other personally identifiable information from children.  We do not knowingly market to children, nor do we allow children under 13 to open online accounts.

Our website may include linked 3rd party sites that would be of interest to children.  We are not responsible for the privacy and security practices of these sites.  Parents should review the privacy policies of these sites closely before allowing children to provide any personally identifiable information.   Parents can also be proactive by installing filtering software that provides more control over the family’s Internet experience.

Privacy Updates

This policy maybe updated from time-to-time as new products and features may require changes to our Internet Privacy Policy.  The effective date of our policy will always be clearly displayed. If we make any changes regarding the use or disclosure of your personal information, we will provide you prior notice and the opportunity to opt-out of such disclosure if required by law.

Metro Bank Privacy Policy Disclosure

Questions

If you have any questions about our privacy policy or concerns about our privacy practices, please contact us at (205) 884-6200 or bookkeeping@metrobankpc.com.

Revised: October 1, 2014

To protect your account, your ATM and Check Card transactions are monitored for potentially fraudulent activity which may include a sudden change in locale (such as when your issued card is used unexpectedly outside of Alabama or overseas), a sudden string of costly purchases, or any pattern associated with new fraud trends around the US or the world.

If fraudulent ATM or Check Card use is suspected, you will be called to validate the legitimacy of your transactions.  Your participation in responding to our call is critical to prevent potential risk and avoid restrictions we may place on the use of your card.

Metro Bank with our card processor’s fraud detection center.

• Calls placed by a bank employee will register as 205-884-6200 as the caller ID.
• You’ll be asked to verify your identity.
• You’ll be asked to verify recent transaction activity on your card.
• Our goal is to minimize your exposure to risk and the impact of any fraud to your account. To ensure we can continue to reach you whenever potential fraud is detected, please keep us informed of your correct phone number and address at all times.
• Before you travel, please contact us to discuss your travel plans and for tips to assist with uninterrupted card transactions.

Skimming” is a method by which thieves capture the magnetic stripe data from your card and use it to create a new, counterfeit card.  These counterfeit cards are then used to process unauthorized transactions against your account.  There are two main methods of skimming card information:

• A small device that appears to be a part of the machine is placed over the card insertion slot of an ATM, gas pump, or other self-service kiosk. As you slide your card into the ATM, this device “reads” the data on the stripe and either stores it or transmits it to a nearby location.  Often times, there is also a small, hidden camera that captures your keystrokes as you input your PIN into the machine.
• The device is carried by an employee in a merchant’s store location. When the employee walks away with your card to complete your transaction, they swipe the card through the skimming device and capture the magnetic stripe data.

How to Protect Yourself

• Look at the ATM, gas pump or self-service kiosk before using it. If it doesn’t look right, don’t use it.
• If you see an attachment on an ATM that looks suspicious, don’t use the ATM. Notify the institution that owns the machine as soon as possible.  If it’s a Metro Bank ATM, contact 205-884-6200.
• Never give your PIN to anyone or write it on your card.
• Review your monthly statements immediately and notify us of any discrepancy by calling 205-884-6200.

Card Data Compromises

Many news reports have recently surfaced surrounding banks and merchants whose systems are hacked and card data is obtained.  Metro Bank takes an active role in reviewing these instances and is taking action to protect your account.  If we receive a report that includes your information, we will:

Immediately review your account activity and contact you if we find something suspicious.

Send you a new card if the data obtained puts your account at risk.  If we do this, we will allow you to continue using your existing card for a period of time until you receive your new card.  During this interim period, we will continuously review your account activity and look for suspicious transaction activity.

Card Security

Metro Bank continuously trends your transaction activity and looks for suspicious transactions that might fall outside of your normal spending patterns.  If we find something suspicious, we will temporarily restrict your card and make attempts to contact you.  Once we’re able to validate the legitimacy of your transaction, we’ll reinstate your card.  In addition to this, we recommend the following things to help keep your personal information and accounts safe:

If your card is lost or stolen, contact us immediately using one of the following telephone numbers:

For Metro Bank ATM/Debit Cards, call 205-884-6200 during business hours or

(800) 500-1044 after business hours.

You will never be contacted directly by companies like MasterCard® or Visa® to verify personal or card information, your PIN or to request that you transfer funds or process transactions to protect your account. If you are concerned about the legitimacy of such requests, call the bank at 205-884-6200.

Make a list of ATM, debit card, credit card, and bank account numbers, as well as the customer service telephone numbers for each.  Keep this list in a safe and secure place so you can easily notify the necessary companies in case you lose your wallet or purse.  This will also mitigate the risk of fraud.

Whether at home or traveling, carry ATM, credit and debit cards that are necessary.  If traveling, cancel unused cards or secure them in a safe place while you’re away.

Memorize your PIN.  Never write it on the card or anywhere else where it could be compromised.

It’s not a good idea to use the last four digits of your social security number, date of birth, address or numbers that may be easily obtained by identify thieves as your PIN.

Never give out your credit or debit card numbers over the telephone or on the internet unless you have a trusted business relationship with the person or company.

Never leave ATM, credit or debit cards lying around where anyone has access to them.

Always keep your receipts for card purchases or withdrawals.  Never throw them in a public trash container where they could eventually be found.

Be aware if a merchant takes your card out of your sight for an extended period of time. Most merchants will process transactions within your view.  If you become suspicious, contact the bank or your credit card financial institution to warn of possible fraud on your account.

When vacationing, contact your bank regarding your plans.  Most banks, including Metro Bank, monitor suspicious activity, including geographic shifts in cardholder use. The Bank may choose to temporarily restrict the card until the activity can be validated. By informing us up front, you can prevent unnecessary inconveniences while traveling.

Always carefully review credit card and bank statements upon receipt.  If there is suspicious activity on your account, notify the Bank or Credit Card Company immediately.

Reporting ATM or Debit Card Fraud

To report suspicious activity on your card or account, contact us immediately at

205-884-6200 during regular business hours.  To report fraud or a lost or stolen debit card after hours, call (800) 500-1044

Telephone/Cell Phone Fraud

Metro Bank will never ask a customer to provide, verify or update their personal information, account number, card number and PIN, User ID and password, or other financial information via email, live or automated phone call, or text message.  If you are contacted by any of these methods requesting personally identifiable or account information, do not respond.

Note: Remember, we may call you to verify card activity that appears suspicious or to provide you with information about products and services we offer.

“Vishing” stands for voice-phishing.  Vishing involves the use of email, voice messages, automated calls, or text messages that appear to be from a legitimate source, such as a debit or credit card issuer, financial institution, police department, etc., but are, in fact, criminals that are attempting to gain information to be used for illegitimate purposes.

A scam often consists of:

• Receiving an email, voice mail, or text message which asks the recipient to call a phone number; you are directed to an automated system or customer service representative that asks you to enter your account number, debit card and PIN, social security number, or other personally identifiable or financial information.
• Receipt of a text message asking the recipient to reply to the message in order to:
   Activate an account or newly issued debit/credit card by entering the account number or the card number and/or PIN.
  Verify that a debit/credit card is in their possession by entering the 3 digit verification number on the back of the credit card or card number and/or PIN.
  To reactivate their account or debit/credit card, commonly used to make people think that it’s recently been suspended or deactivated.
• Receipt of an automated call stating the recipients account or card has been blocked. They are directed to select a menu option and asked to enter account number, debit/credit card and PIN, Social Security Number, or other personally identifiable or financial information.

THE INTENT IS TO TRICK YOU INTO DIVULGING YOUR PERSONAL INFORMATION, such as your account number, social security number, User ID or password so they can commit crimes of a monetary nature or identity theft.  If you believe the call may be legitimate, tell them that you will call them back, call the bank or the customer service number provided by the financial institution at the time the account was opened or the number on the back of the debit/credit card.

If you do not know who is making a request for personal information, delete the text message/email/voice mail or hang up.

Never give out personal information, such as your social security numbers, bank account numbers or ATM/debit/credit card numbers, to anyone you do not know.

Criminals set up an automated system to text people in an area code.  The victims receive messages like: “There’s a problem with your account,” or “Your ATM card needs to be reactivated,” and are directed to a phone number or website asking for personal information.  Armed with that information, criminals can steal from victims’ bank accounts, charge purchases on their charge cards, create a phony ATM card, etc.

Sometimes, if a victim logs onto one of the phony websites with a smartphone, they could also end up downloading malicious software that could give criminals access to anything on the phone.  With the growth of mobile banking and the ability to conduct financial transactions online, smishing attacks may become even more attractive and lucrative for cyber criminals.

DO NOT respond to text messages from unknown or blocked numbers on your mobile phone.

Treat your mobile/smart phone like you would your computer… DO NOT download anything unless you trust the source.

DO NOT respond to unsolicited e-mails or texts or phone calls requesting personal information, and never click on links or attachments contained within unsolicited e-mails or texts.

“Phone-by” Download Scam

Criminals try to get users to download malware from a malicious website.  Phone scammers try to convince you to install a piece of software that would allow them to remotely monitor and control your computer.

While you are using your PC, you receive a call from a “call center” telling you that your PC was about to crash and that they were calling to assist you.  The call center representative advises you to log onto a website and provides the web address.  Then the criminal tells you to click on a link on that website called ‘Remote Assistance’ which would enable them to have access to your PC.

Another variation of the scam consists of someone calling and saying they were “technical support” from the user’s Internet Service Provider, and emphasizing that it was not a sales call.   The caller asked if user’s computer had been running slowly, or if you had seen “403 or 404 errors” when surfing the web, etc.  The caller asks: “Can you turn on your computer, and bring up a web browser? You respond “It’s already up?”  Now go to this website … and click on the ‘Remote Assistance’ icon.” The “Remote Assistance” icon is a link to a file which contains malware to monitor and control your PC.

Be suspicious of unsolicited phone calls/messages or email from individuals asking about your computer or you, or soliciting personal or sensitive client or confidential company information.

If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.

Keep your PC up-to-date with the latest patches and security updates.

Review anti-virus signatures, anti-spyware, and firewall software for current updates.

Do not reveal personal or financial information, and do not respond to email solicitations for this information. This includes following links given by unknown individuals or sent in emails or opening attachments.

If you do not know who is making a request for personal information, delete the text message/email/voice mail or hang up.

Mail theft occurs when someone illegally intercepts your mail.  Their intent is to get personal information, such as account numbers, social security number, credit card numbers, etc.  They then use this information to commit identity theft.  If you have reason to believe your mail has been stolen, contact your local post office or your local postal inspector (https://postalinspectors.uspis.gov/).