Skip to Main Content Skip to Sitemap

Fraud Protection

Being aware of fraudulent methods helps you safeguard your personal, confidential, and financial information.

We're dedicated to alerting our customers about popular fraud tactics, and helping them to become more empowered and secure.

image supporting promotion for Let's Thrive Together
Let's Thrive Together
Make well-informed decisions on topics relating to credit, budgeting, homeownership, cybersecurity, and more! Visit Our Blog

Fraudulent activity occurs in many different ways - from stealing paper-based information to using online strategies. Be aware of these tactics:

Dumpster Diving

Thieves rummage through trash looking for bills or other paper that includes your personal information. Always be sure to shred any important financial documents or sensitive personal information so they don’t end up in the wrong hands.


Also known as 'malicious software', malware is designed to harm, attack or take unauthorized control over a computer system. Malware includes viruses, worms and Trojans. It's important to know that Malware can include a combination of all three of the types noted.


Phishing is a scam where criminals attempt to obtain sensitive information such as bank account and credit card numbers, usernames, passwords, or social security numbers. Phishing is commonly carried out via phony emails or spoofs or legitimate websites that aim to lure unsuspecting victims to enter their information on the fake site.


Also known as "voice phishing", vishing is a type of scam where the attacker makes phone calls or leaves voicemails pretending to be from a reputable company, in an effort to get the victim to reveal sensitive personal and financial information.


Pharming takes place when you type in a valid website address and you are illegally redirected to a phony website posing as a legitimate one. When unsuspecting victims enter their sensitive personal or financial information on these fake websites, the information is sent to the attackers.


A Trojan is malicious code that is disguised or hidden within another program that appears to be safe (as in the myth of the Trojan horse). When the program is executed, the Trojan allows attackers to gain unauthorized access to the computer in order to steal information and cause harm. Trojans commonly spread through email attachments and Internet downloads. A common Trojan component is a "keystroke logger" which captures a user's keystrokes in an attempt to record the user's login credentials and passwords.


Spoofing is when an attacker imitates something in order to illegally obtain sensitive information. Spoofing can come in many forms. With Website Spoofing, the attacker creates a website that looks like a legitimate one, with the intention of misleading the user and collecting sensitive information they may enter on the website. Similarly, URL Spoofing involves the attacker creating a fake or forged URL which impersonates a legitimate, secure website. The spoofed URL looks exactly like the valid, safe URL, but redirects the user to an unsafe, “booby trapped” website. With Email Spoofing, the attacker creates an email with a forged sender address, in an effort to fool the recipient into thinking the email is from a legitimate source. Caller ID Spoofing is similar to Email Spoofing, where the attacker manipulates the caller identification to display a legitimate phone number when the call is placed. This scam is meant to fool victims into thinking they’re speaking to a reputable company or person, so they’re more likely to relay sensitive information over the phone.


Loaded on to your computer unbeknownst to you, spyware is a type of software that enables a user to obtain information about another's computer activities by transmitting data from their hard drive. It is most often installed when you download free software from the Internet. Unfortunately hackers discovered this to be an effective means of obtaining sensitive information. Attackers often use free software available for download on the internet, that contain spyware for legitimate purposes like marketing, to maliciously steal sensitive information from their victims.


A form of online advertising where the ad "pops up" on a computer screen, pop-ups are intended to increase ad views or capture email addresses for marketing purposes. However, some pop-ups are designed with malicious intent. An example of a malicious pop-up is one that claims there is a Virus on your computer and prompts you to click or call for more information.


A computer virus is a malicious program that attaches itself to, and infects, other software applications and files without the user's knowledge, disrupting computer operations. Viruses can carry what is known as a "payload," executable scripts designed to damage, delete or steal information from a computer. A virus is a self-replicating program, meaning it copies itself. Typically, a virus begins replicating when the user executes the program or opens an "infected" file. Viruses spread from computer to computer when users unknowingly share "infected" files. For example, viruses are commonly spread when users send emails with infected documents attached.


This virus specifically targets your computer's defenses. It will look for vulnerabilities within your computer's operating system or any third party security software you may be using. Most security vendors have some form of tamper-proof measure in place, so it is important to keep your security software up-to-date. Retro Viruses are usually combined with another form of attack.


A worm is similar to a virus but with an added, dangerous element. Like a virus, a worm can make copies of itself; however, a worm does not need to attach itself to other programs and it does not require a person to send it along to other computers. Worms are powerful malware programs because they cannot only copy themselves, they can also execute and spread themselves rapidly across a network without any help.

Take these tips into consideration to prevent fraudulent activity.

Safeguard your email


Email is often a vehicle used to transmit malware and commit fraud. It is important to evaluate your email behaviors and develop good habits to help protect your computer and your identity.

In addition to viruses and worms that can be transmitted via email, phishing also threatens email users. Phishing emails involve perpetrators posing as legitimate, trustworthy businesses in an attempt to acquire sensitive information like passwords or financial information.

Never open or respond to SPAM (unsolicited bulk email messages).

Delete all spam without opening it. Responding to spam only confirms your email address to the spammer, which can actually intensify the problem.

Never click on links within an email.

It's safer to retype the website address rather than click on it from within the body of an email.

Don't open attachments from strangers.

If you do not know the sender or are not expecting the attachment, delete it.

Don't open attachments with odd filename extensions.

Most computer files use filename extensions such as ".doc" for documents or ".jpg" for images. If a file has a double extension, like "heythere.doc.pif," it is highly likely that it is a dangerous file and should not be opened. In addition, never open email attachments that have file endings of .exe, .pif, or .vbs. These are filename extensions for executable files that run a program when opened. These types of files could be dangerous if you don't know what's in them.

Never give out your email address or other sensitive or personal information to unknown websites.

If you don't know the reputation of a website, don't assume you can trust it. Many websites sell email addresses or may be careless with your personal information. Be wary of providing any information that can be used by others for fraudulent purposes.

Never provide sensitive information in email.

Forged email purporting to be from your financial institution or favorite online store is a popular trick used by criminals to extract personal information for fraud. Keep in mind that BankFive will never ask for your account information, or sensitive personal information, via email. And any time you need to communicate with the bank about sensitive account or personal information, be sure to send a secure email from within your Online Banking account, rather than sending the message from your regular email account to a email address.

Don't believe the hype.

Many fraudulent emails send out urgent messages that claim your account will be closed if sensitive information isn't immediately provided, or that important information needs to be updated online. BankFive will never use this method to alert you of an account problem.

Be aware of poor design, and/or bad grammar and spelling.

Tell-tale signs of a fraudulent email or website include typos and grammar errors as well as unprofessional design layout and quality. If you receive an email with this type of unprofessional content, delete it immediately.

Safeguard your identity online

In addition to protecting your email, there are a number of guidelines to follow that can help safeguard your identity online.

Do not allow a website to keep sensitive information or credentials for future convenience.

It is a common practice when registering for access to a website or making a purchase from a website to be asked if you want to keep your login credentials, credit card numbers or other sensitive information on file as a matter of convenience. This common request is referred to as "remembering" for future use. Although it may seem convenient, it's never a good idea to allow a website to store your sensitive information. In the event that the website is compromised, your information could fall into the wrong hands.

Be selective about where you surf.

Not all websites are safe. Sites that engage in illegal or questionable activities often host damaging software and can make users susceptible to aggressive computer attacks.

Don't use public computers for sensitive operations.

Since you cannot validate the computer's integrity, there's a higher risk of fraud when you log in from a public computer.

Work on a computer you trust.

Firewalls, and anti-virus and anti-spyware programs help keep your device properly monitored and provide peace of mind. These tools are important in order to protect your device and the data on it. A good firewall is critical if you commonly access the Internet via a wireless connection. It is also important to keep your device's browser, operating system, and security software up-to-date.

Select a strong password.

The best password is an undetectable one. Never use birthdays, names, pet names, addresses, phone numbers, or Social Security numbers as passwords. It's good practice to use a combination of letters, numbers and symbols, and be sure to change your passwords regularly.

Only enter sensitive information on secure webpages.

Be sure to use secure webpages any time you're conducting transactions online or entering sensitive personal information. You'll know if a webpage is secure if it has "https" preceding its address, or if there's an icon of a padlock or key in the left-hand corner of your browser's address bar.

Sign off, shut down, disconnect.

Always sign off or logout of your online banking session or any other website that you've logged into using a user ID and password. When your device is not in use, it should be shut down or disconnected from the Internet.

Lock your computer or mobile device when it is not in use. 

Locking your device when you're not using it helps protect from unauthorized access.

Beware of shoulder surfing.

This is a common tactic that happens in public places such as coffee shops, airports, libraries, etc. where an attacker will look over your shoulder when you're logging in or entering a credit card number to obtain your sensitive information. Be vigilant and aware of prying eyes.

If you know, or even suspect, you've been a victim of identity fraud, follow these five steps immediately.

More specifics can be found on the FTC's Privacy & Identity Site.

1.) Report the fraudulent activity. If the activity is related to BankFive, please contact us directly. If it is related to another financial institution, your credit card company, or any other organization, contact them directly.

2.) Contact one of the three consumer reporting companies and have a fraud alert placed on your credit report. This will help stop fraudsters from opening any additional accounts in your name. You only have to contact one of the following, as the one you call is required to contact the other two: 

Equifax: 1-800-525-6285;; P.O. Box 740241, Atlanta, GA 30374-0241

Experian: 1-888-EXPERIAN (397-3742);; P.O. Box 9532, Allen, TX 75013

TransUnion: 1-800-680-7289;; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

3.) Close any accounts that you know - or even suspect - might have been tampered with or opened fraudulently. Report the transgression to a security spokesperson at the relevant company. Ask them about any additional steps you need to take. They'll probably ask you to send relevant copies of the fraudulent activity. You can also use the IRS ID Theft Affidavit Form as formal certification of your dispute.

4.) File a complaint with the FTC. File your complaint online; or call the FTC's Identity Theft Hotline, toll-free: 1-877-ID-THEFT (438-4338); TTY: 1-866-653-4261; or write Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580. Sharing your identity theft complaint with the FTC will help law enforcement officials track down identity thieves and stop them.

5.) Call or visit the local police or police in the community where the identity theft took place and file a report. Have a copy of your FTC ID Theft complaint form available to give them. Obtain a copy of the police report and the police report number.

Banking Resources
Learn about our 100% deposit insurance and access handy financial calculators, customer testimonials, and more.