About Us

Products & Service

Online Banking Info

Contact Us

News & Events

Links

Customer Service

EZ - Switch

Se Habla Español

Accessibility Statement

 

Remote Deposit Login

 

Verified by Visa
Verified by Visa

Lost or Stolen
Visa Card?
Click Here!

  All Location Hours  
Lobby
Mon-Wed
8:30 AM – 5:00 PM
Thur-Fri
8:30 AM – 6:00 PM
Saturday
9:00 AM – 1:00 PM

Drive-Thru
Mon-Thur
8:00 AM – 6:00 PM
Friday
8:00 AM – 7:00 PM
Saturday
9:00 AM – 1:00 PM

Secure Your Personal Finances While Online

Pretext Fraud

Defining Pretext

Pretext is the use of deception to cover the true reason for a given action. Under Title V of the GLB Act, the use of pretext to illegally gain access to customer information maintained by financial institutions is a felony punishable by fine and/or imprisonment. Further, it is a felony to illegally induce the customer of a financial institution to reveal his or her own customer information. All employees of the financial services industry need to understand and be able to define pretext and pretext calls in order to protect customer information.

The most common pretext is a caller falsely informing an employee of a financial institution that the caller is a customer attempting to gain authorized access to his or her own information. The goal is to convince the financial institution employee to provide customer information that the employee would not provide if the employee knew the true identity of the caller. In many cases the pretext caller posing as a legitimate customer will have obtained some biographical and relevant account information from other sources or by means of identity theft in order to perform the pretext and further convince the financial institution that the pretext caller is the legitimate customer.

Example

Bob Smith is the holder of an account at Main Street Bank. Joe Imposter obtains from various sources Mr. Smith’s full name, social security number, address, and date of birth. Joe Imposter, using pretext, calls Main Street Bank and identifies himself as Mr. Smith. The bank, for security reasons, asks for personal information that the bank mistakenly believes only Mr. Smith could know. Joe Imposter, armed with Mr. Smith’s biographical data, is able to convince the bank that he is actually Mr. Smith. The bank then provides Joe Imposter with any information he requests on Mr. Smith’s account.

Pretext Methods

The four steps used by a pretext caller are:

  1. Decide what information is sought;
  2. Identify the custodian of the information;
  3. Identify who the custodian will release the information to and under what circumstances; and
  4. Use a pretext to be that person under those circumstances.

There are a variety of pretext methods in use today, and the list continues to grow. Numerous books and training courses are available to those seeking to use pretext to gain unauthorized access to confidential information. Additionally, on a daily basis, new pretext methods and variations are traded in Internet discussion areas specializing in pretext and investigation.

While pretext methods vary, all pretext calls to the financial services industry have one common feature:

The individual illegally attempting to access customer information by placing a pretext call will try to convince the financial institution that the pretext caller is authorized to access the customer information.

In order to determine what pretext methods have the potential to defeat the institution’s customer information security procedures, the institution must first determine what individuals and/or entities are currently granted access to customer information and under what circumstances. Once a list is created of who has access to customer information and under what circumstances that access is granted, an institution can make educated decisions concerning what methods of pretext might succeed in defeating the current customer information security procedures. Further, the institution can take steps to further review and strengthen procedures for access to customer information. Remember that a pretext caller failing to get the desired information from one employee will often call employee after employee, using the same or different methods.

Traditionally, pretext callers have succeeded in using the following five general pretext methods to circumvent the customer information security procedures of a financial institution:

Spotting Pretext Calls

There are a number of indicators that what at first appears to be a routine and valid request for customer information may instead be a pretext call. The presence of any one of these indicators or a combination thereof does not always indicate a pretext attempt. Financial institutions receive numerous requests every day for customer information. In many of those requests one or more of the following indicators may be present and be perfectly innocent. However, financial institution employees should be aware of these potential indicators and review them on a regular basis in order to be prepared to spot a potential pretext.

Most important, remember that the pretext caller is a confidence artist. The basis of the confidence game for the pretext caller is to take advantage of the financial services industry’s reputation as customer service-oriented.

By appealing to the emphasis placed on customer service within the industry, the pretext caller attempts to obtain information that he or she is not legally entitled to.

If it feels like a con – it probably is.

  • Missing Information Any call or request for customer information where the institution’s defined requirements for gaining access (PIN, password, last date of deposit and amount, etc.) are not met.

  • Non-customer Calls Any call where the person requesting the information is not the customer.

  • Calls Placed from Numbers Others Than Those Listed on the Customer’s Account .

  • If an institution has caller identification capabilities, employees should note whether the phone number displayed matches the phone number(s) associated with the customer account. Particular attention should be given to calls placed from outside the local calling area of the customer and calls that have been placed that block the caller identification feature.

  • Callers Who are Hesitant or Refuse to Give a Call-back Number Any caller that refuses or hesitates in providing the number they are calling from may be concerned about the call being traced back to them. Many pretext callers will immediately hangup if confronted with a courteous request for the number they are calling from.

  • Out of the Ordinary Request Any call that is out of the ordinary. This includes requests for faxes of account information or statements to numbers outside the local calling area of the customer and requests to mail duplicates of account information to an address other than that on the customer account.

  • Overly Aggressive Callers Any caller who becomes belligerent or aggressive when asked routine account identifying information. A favorite ploy of pretext is to bully the employee into releasing information by threats to speak to a supervisor, close an account or make a complaint about the employee.

  • Overly Talkative Callers Callers who appear to be laying out a story concerning why they need to bypass the access rules of the institution or who appear to be attempting to distract the employee with excessive chit-chat while posing more account-related questions may be constructing a pretext. The best pretexts lure the employee into providing information not even requested in an attempt to assist the confused caller.

  • Absentminded Callers Callers who appear to be overly confused or absent-minded and are unable to provide even basic biographical information may be placing a pretext call. Many pretexts rely on placing many calls to the institution and picking up one piece of information at a time until enough data are collected to convince the institution that the caller is the legitimate account holder.

Acrobat File
ATM Safety Tips


Fair Credit Report

As a result of a amendment to the Federal Fair Credit Practices Act, consumers nationwide are now able to obtain free copies of their credit histories from the three national credit bureaus (Equifax, Experian and TransUnion), once every 12 months, by making a single request.

The address for obtaining your annual credit report by making a single request is:

Annual Credit Report Request Service
P.O. Box 105281
Atlanta, GA 30348-5281
www.annualcreditreport.com
1-877-322-8228

You may also contact the credit bureaus individually:

Equifax Credit Information Services
P.O. Box 740241
Atlanta, GA 30374
www.equifax.com
1-800-685-1111

Experian
P.O. Box 19719
Irvine, CA 92623
www.experian.com
1-888-397-3742

TransUnion
P.O. Box 2000
Chester, PA 19022
www.transunion.com
1-800-916-8800

To protect your rights, you should report any inaccuracies in writing to the credit bureau so that they may be investigated.