Your Banking Version of a Neighborhood Watch

Our online world has delivered exceptional conveniences. It has also demanded that we each become diligent about protecting our identities, accounts, and money. Read more about ways you can protect yourself.


Identity Theft Bulletin

Email and internet-related fraudulent schemes, such as “phishing” (pronounced “fishing”), are being perpetrated with increasing frequency, creativity and intensity. Phishing involves the use of seemingly legitimate email messages and internet websites to deceive consumers into disclosing sensitive information, such as bank account information, Social Security numbers, credit card numbers, passwords, and personal identification numbers (PINs). The perpetrator of the fraudulent email message may use various means to convince the recipient that the message is legitimate and from a trusted source with which the recipient has an established business relationship, such as a bank. Techniques such as a false “from” address or the use of seemingly legitimate bank logos, web links and graphics, may be used to mislead email recipients.

In most phishing schemes, the fraudulent email message will request that recipients “update” or “validate” their financial or personal information in order to maintain their accounts, and direct them to a fraudulent website that may look very similar to the website of the legitimate business. These websites may include copied or “spoofed” pages from legitimate websites to further trick consumers into thinking they are responding to a bona fide request. Some consumers will mistakenly submit financial and personal information to the perpetrator who will use it to gain access to financial records or accounts, commit identity theft, or engage in other illegal acts.

Please be assured that Two Rivers Bank and Trust will not solicit any information from our customers over the Internet or by email. We request that when sending emails to the bank that you DO NOT include account names, PINs, or social security numbers.

Customers who fall prey to email and internet-related fraudulent schemes face real and immediate risk. Criminals will normally act quickly to gain unauthorized access to financial accounts, commit identity theft, or engage in other illegal acts before the victim realizes the fraud has occurred and takes action to stop it.

Common Precautionary Steps

A financial institution’s web page should never be accessed from a link provided by a third party. It should only be accessed by typing the website name, or URL address, into the web browser or by using a “bookmark” that directs the web browser to the financial institution’s website.

A financial institution should not be sending email messages that request confidential information, such as account numbers, passwords, or PINs. Please be sure you report any such requests to your financial institution.

All secure web pages on a financial institution’s web site should contain security certificates such as from Verisign or Thawte that are used to authenticate the institution’s web pages.

If you are aware of any fraudulent schemes or possible identity theft, please contact us immediately.

Common Identity Theft Scams


Malware is malicious software created by criminals to infect your computer and/or get your sensitive information and send it back to the creator. It can infiltrate your computer easily and quickly, often without your knowledge at all! Types of malware include computer viruses, worms, Trojan horses, spyware, and adware.

You can protect yourself from this by installing software to guard your system and protect you from unwanted applications. Also, do not click on anything sent to you by someone you do not know. Often spam emails can contain attachments that will infect your computer. DON’T click unless you are sure you know the sender and what the attachment is.


Phishing is an electronic scam wherein criminals try to obtain your personal information (credit card information, account numbers, passwords, etc.) by posing as reputable sources. This is usually done using an email that directs you to follow some specific instructions. Phishers create very realistic and legitimate-seeming websites so be careful!

Remember—TWO RIVERS WILL NEVER ASK FOR PERSONAL INFORMATION via email. If you get an email like that from us or anyone else and are unsure of the source, do not respond. Contact them independently through proven means and confirm with them directly.


Also called “domain spoofing,” pharming is the purposeful rerouting traffic to an imposter site that looks identical to the one the user intends to visit. Once there, the site will ask for your bank or credit card information.

If you are being asked for information the bank or credit card company should already know, be suspicious. Verify the domain name and URL to make sure you are on the right site. If you are still unsure, call the company directly and ask.

Spear Phishing

While phishing is usually a mass email sent to thousands, spear phishing is a customized email sent to a specific person. It usually contains personal information and/or some fact meant to make you feel comfortable and sure that the email is legitimate. It may contain a link or downloadable file. DO NOT DOWNLOAD IT. It is probably malware that will collect your personal information later and send it to back to the scammers.

While spear phishing attacks are almost always directed towards corporations and their employees, you should still be on guard. Report any emails like this to your company’s HR or technical departments. They can help you ascertain if this is a legitimate communication.


Vishing (“voice” + “phishing”) is similar to standard phishing but is done by phone. If you receive a phone call and are told that your credit card has been used illegally or some other story that requires you to tell the caller your account number, credit card information, or other secure data, DO NOT DO IT. They may also give you another phone number to call and give your data.

If you are unsure if this is a legitimate call, hang up and call the bank or credit card company directly with a number you know is correct. They can tell you if the story the caller gave you is true.


Smishing is a phishing scam using SMS text messaging. This is using texts to your cell phone to convince you to go to a website or call a phone number that connects to any automated voice response system. If you get a seemingly urgent text saying you are about to be charged a large amount of money unless you call a certain number or log on to a specific site, watch out. They will probably ask you for your credit information, PIN numbers, or other sensitive information. Do NOT give it to them!

The truth is that most reputable businesses would never contact you about matters this sensitive via text. If you believe the message might be real, contact that vendor or company directly (rather than using the number or site provided) to confirm it.

Credit/Debit Card Skimming

Some thieves might try and attach a card reader or other device to ATMs that will scan the magnetic stripe and obtain your card information and PIN. They can then use your information to create a new card, or sell the information to people who will do this.

To avoid this hazard, make sure you only use ATMs you know and trust. Avoid using machines that are secluded or in dark areas or that do not have cameras, where someone could tamper with them without being noticed. Also, if you notice a change in an ATM (the color of the reader has changed, there is a new gap in the slot or a machine that seems to be taped on), DO NOT USE THIS ATM.

Fake Check Scams

Some criminals can forge extremely realistic cashiers checks. They will use these fake checks to pay for online purchases or may try to pass it off to you as foreign lottery winnings. This scam always involves you being overpaid and having to pay them the difference. Then, when their check bounces, they’re long gone, and you’ve lost whatever money you paid them.

You can avoid this one by using common sense. If you didn’t enter a foreign lottery, how could you have won it? When receiving payment, always insist on payment by traditional means, and never accept a check for more than the amount due.

Free Credit Reports

It’s difficult to protect yourself from every possible attack on your credit or private financial information. But in addition to being on guard, there is one way to make sure nothing ever happens to your credit. You are legally entitled to a free credit report each year so you can verify that no one is using your information but you.

If your information has been compromised, your credit report is the first place new accounts or unusual charges will appear. It is smart to take advantage of your free annual credit check as a way to ensure your credit is still safe. Contact online or call (877) 322-8228 to get your free credit report today!