Customer Awareness Program

Identity theft and other forms of cybercrime are constantly on the rise. Miners Exchange Bank considers it our duty as a community provider of financial products and services to help our customers be aware of these threats and be prepared to protect their information.

Miners Exchange Bank will NEVER request you to provide your personal information by email or text messaging.

This includes account numbers, social security numbers or tax identification numbers, debit card number and/or expiration, passwords, PINs, or other forms of confidential information. You may be contacted by us or an affiliate regarding your account or suspicious activity on your account and you may be asked to verify the last four digits of your SSN, your phone number, or your address to verify your identity in such cases. However, we will never initiate contact by phone, email, or text messaging and ask for a full account number, debit card number, full SSN, or any usernames or passwords.

Phishing and Vishing Attacks

Phishing

An attempt through electronic communications to acquire sensitive information. This normally occurs through email but may also occur in text messaging, instant messaging, or through social media. These attacks can spoof (copy) the name and domain of a legitimate organization to appear genuine.

Example:
You may receive an email that appears to come from a company that you have a relationship with that mentions a billing error or balance due and asks to confirm personal information. There may be a link that directs the target to a page that looks similar to or replicates the company’s real website and requests that you log in to confirm your information.

How to recognize phishing attacks:

The message may contain awkward language, grammatical errors, and spelling errors.
The message may address you as ‘customer’ or some other generic honorific instead of your name.
Various types of language to invoke a sense of urgency may be included to cause a panicked reaction. Some variations may include statements such as “We have identified fraudulent activity on your account”, “Please pay the past due amount on your account or you will be reported to collections”, or “Your account has been frozen for your security. Please follow this link to confirm your identity/information to regain access to your account.”
On a computer, use your mouse to hover over any links to view the real website the link uses. The name of the link may not always be where the link directs you.
The message may come from a person or organization that you are not familiar with and with which you have no affiliation.

Vishing

Like phishing, vishing is an attempt to acquire sensitive information over the phone, either by contacting you directly or by leaving a voicemail for you to respond. Also like a phishing attack, these can spoof (copy) a legitimate phone number to appear genuine.

Example:
You receive a phone call or voicemail stating there was problem processing your recent payment and that you need to confirm your full credit or debit card number, expiration date, and CVV code (the 3 digit code on the back of your card).

How to recognize vishing attacks:

The caller may have a foreign accent or appear to have trouble communicating.
The caller may be computer generated and have a robotic sounding voice, particularly on voicemails.
The caller may state they represent a company you are not familiar with or ask you to confirm the name of a company or bank with which you are affiliated.
The caller may become pushy or issue threats in attempt to scare you into providing your information.
You may not have any affiliation with the organization the caller claims to represent.

Responding to Phishing/Vishing Attacks

If you receive communication in an email, text message, or phone call that you find questionable, the following responses are the safest methods to verify legitimacy:

Do not use any contact information, click on any links, or open any attachments included in the communication.
Use only phone numbers, email addresses, and URLs that you know are legitimate to initiate contact with an organization.
If you believe a communication is an attempt to gather your information, ignore or delete the communication without responding.

Protecting Your Information

There are several recommendations and tips that customers can use to protect their information from unauthorized access. Some of these steps include:

Online Banking and Mobile Banking Security

Never give out personal information including any usernames and passwords, social security number, PIN, and date of birth.
Avoid using public computers to access any type of Online Banking services.
Ensure your mobile device (cell phone, tablet, laptop, etc.) is protected by a passcode or with biometric security such as a fingerprint or facial recognition.
Ensure any electronic device is updated to the most recent software and has some type of antivirus software installed.

Password Security

Use a unique password for online and mobile banking that is not used for any other application.
Ensure your password is appropriately complex, means it meets most of the following:

Do not use personal information or dictionary words
Use a combination of upper- and lower-case letters, numbers, and special characters
Ensure password is an appropriate length (normally 8 character minimum)

Do not share your passwords or leave them accessible to others.
Change your password periodically, normally at least every 30 days.

General Guidelines for Protecting Information

Securely store any written or printed documents that contain sensitive information
Shred any statements, invoices, receipts, applications, medical records, expired cards, or other documents that contain sensitive information that no longer need to be kept.
Review all account statements upon receipt.
Only provide information when you initiate contact and when you can positively verify the authenticity of the requestor.
Check your credit report periodically.
Be cautious with what information you provide on social media or other public channels.
Avoid clicking on links included in emails. It’s always safer to visit a website on your own.

Customer Resources

Electronic Fund Transfer Act (Regulation E):

Regulation E establishes the basic rights, liabilities, and responsibilities of consumers who use electronic fund transfer and remittance transfer services and of financial institutions or other persons that offer these services.

Regulation E - Electronic Fund Transfer Act (FDIC)

Regulation E - Electronic Fund Transfer Act (Federal Reserve)