What is Phishing?

Phishing is a form of email fraud designed to steal your identity. It works by using false pretenses to get you to disclose sensitive personal information, such as credit and debit card numbers, account passwords, or Social Security numbers.

One of the most common phishing scams involves sending a fraudulent email that claims to be from a well-known company. Emails may include the company's logo and appear to be official. Often they include a false name or phone number. Phishing can also be carried out in person, over the phone, through fraudulent pop-up windows, and websites.

Often these emails contain a link that appears to go to the company's website, but instead lands on a fraudulent website.

Questions Heritage Bank will never ask you in an email

To help you better identify fake emails, we follow strict rules. We will never ask for the following personal information in email:

• Credit and debit card numbers
• Bank account numbers
• Driver's license numbers
• Passwords
• ATM PIN

Spotting Phishing

Things to look for in scam email and websites

Fraudulent email and websites are designed to deceive you and can be difficult to distinguish from the real thing.

Whenever you receive an email about your Heritage Bank account, the safest and easiest course of action is to call you local branch to ensure it is indeed real. More than likely it is fraudulent. Heritage Bank rarely sends emails to customers.

How to spot a phishing email

1. Sender's Email Address. To give you a false sense of security, the "From" line may include an official-looking email address that may actually be copied from a genuine one. The email address can easily be altered ñ it's not an indication of the validity of any email communication.
2. Generic Email Greeting. A typical phishing email will have a generic greeting, such as "Dear User." Note: All Heritage Bank emails will greet you by your first and last name.
3. False Sense of Urgency. Most phishing emails try to deceive you with the threat that your account will be in jeopardy if it's not updated right away. An email that urgently requests you to supply sensitive personal information is typically fraudulent.
4. Fake Links. Many phishing emails have a link that looks valid, but sends you to a fraudulent site that may or may not have an URL different from the link. Always check where a link is going before you click. Move your mouse over the URL in the email and look at the URL in the browser. As always, if it looks suspicious, don't click it.
5. Attachments. Similar to fake links, attachments can be used in phishing emails and are dangerous. Never click on an attachment. It could cause you to download spyware or a virus. PayPal will never email you an attachment or a software update to install on your computer.

Spotting A Fraudulent Website

A phishing email will usually try to direct you to a fraudulent website that mimics the appearance of a popular website or company. The spoof website will request your personal information, such as credit card number, Social Security number, or account password.

You think you are giving information to a trusted company when, in fact, you are supplying it to an online criminal.

1. Deceptive URLs.
   Be cautious. Some fraudsters will insert a fake browser address bar over the real one, making it appear that you're on a legitimate website. Follow these precautions: Even if an URL contains the word "PayPal," it may not be a PayPal site.
   
   Examples of fake Heritage Bank addresses:
   www.heritagebankaz.com/heritagebankaz
   
   The term "https" should precede any web address (or URL) where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure web session, and you should not enter data.
2. Out-of-place lock icon.
   Make sure there is a secure lock icon in the status bar at the bottom of the browser window. Many fake sites will put this icon inside the window to deceive you.

<< Back to Security Center