Online Security

At Merrimac Savings Bank, every precaution is taken to protect your personal and account information. In recent months there has been an increase in unsolicited emails (Phishing) that try to obtain personal information by pretending to be a company you do business with.  Some emails claim to be from a Bank or the FDIC.  These emails, which often display official looking names and logos, can be as simple as asking you to reply back with personal information or they may redirect you to a web site that appears to be legitimate, but is not (Pharming).

Personal Information can be used to access your accounts, open new credit cards or assume your identity (Identity Theft).  You should NEVER provide personal information to anyone if you are uncertain who they are or what they will do with that information.

Merrimac Savings Bank will NEVER ask you for any private information (such as account numbers, passwords, PINs, social security numbers, etc.) through unsolicited email.

Preventing Fraud

Fraud can be committed in a variety of ways, even against the most savvy of consumers. Merrimac Savings Bank is committed to preventing fraud and helping to educate customers on ways to protect themselves from fraudulent activity.

How to Protect Your Personal Information Online

oNever provide any personal information in an email or website that was unsolicited. This includes:

  • Account numbers, credit card numbers or debit card numbers
  • Social Security Number
  • Password or PINs
  • Mother's maiden name

oChange your PINs and passwords on a frequent basis. Use passwords that are not easy to guess and contain both letters and numbers.

oLog out and close your browser after using any of our online products before leaving your computer.

oDo not leave your computer unattended when logged into any online product.

oDo not enter sensitive personal information on any site that is not encrypted. Look for a padlock symbol on the bottom bar of the browser to ensure that the site is running in secure mode BEFORE you enter sensitive information. Also, the web address will appear https:// (instead of http://) if you are in secure mode.

oReview your bank statements for accuracy.

oNever open unsolicited email, delete immediately and if possible report it as spam to your Internet Service Provider (like AOL, Comcast or MSN).

oReport any suspicious online activity at once.

oDo not use public computers, such as those in libraries, hotels and internet cafes to connect to online banking web sites.

oInstall and periodically update anti-spyware, virus protection and firewall software.

oAdjust browser settings to prompt the user whenever a Web site tries to install a new program or Active-X control.

oCarefully read all End User Licensing Agreements and avoid downloading software when licensing agreements are difficult to understand.

oMaintain patches to operating systems and browsers.

oBeware of emails or pop-up windows that request an "urgent reply", "immediate action" or threaten "cancellation".

oBeware of emails with a general greeting that doesn't identify you.

oIf you feel that you have been victimized by someone pretending to be from Merrimac Savings Bank, please contact us immediately at 1-978-346-8661.

To report any type of fraud committed over the internet, you should contact your local law enforcement agency and complete a complaint form with the Internet Crime Complaint Center at www.IC3.gov.

Additional Ways to Protect Your Information

oPromptly review all account statements for accuracy.

oSecure your personal information at home and at work.   Consider keeping your sensitive personal information such as bank, mortgage, and credit card statements, Social Security cards, and other documents and passwords, in a safe location accessible only to you.

oObtain your credit report from each of the three major credit bureaus once every 6-12 months.   Review these reports for any inaccurate information, or any transactions that you were not aware of or did not authorize. 

oAvoid giving out personal information over the phone especially when the telephone call is initiated by another party.   Identity thieves may pose as a representative of a legitimate organization with whom you do business and may contact you to "verify" your information.

oBefore disclosing any personal information, make sure you know why it is required and how it will be used.

oCarry only the information you need.   Only take with you the credit cards you need, and avoid carrying your Social Security card, your birth certificate or passport, except when necessary.

oCall 1-888-5OPTOUT to have credit card companies stop sending you pre-approved credit card applications.

oShred any mail or financial papers with your personal information on it. Never recycle them.

oReport lost or stolen checks, ATM cards, or check cards as soon as you discover they are missing.

Types of Fraud

To learn more about the types of fraud that consumers should be aware of, please review the following information:

Identity Theft

Spyware

Phishing & Spear Phishing

Pharming & Spoofing

Keystroke Logging

Viruses

Identity Theft

Identity theft is a serious crime. It occurs when someone uses your name or personal information, such as your Social Security number, driver's license number, credit card number, telephone number or other account numbers, without your permission. Identity thieves use this information to open credit accounts, bank accounts, telephone service accounts, and make major purchases-all in your name. Information can be used to take over your existing accounts, or to open new accounts. Identity theft can result in damage to your credit rating and denials of credit and job offers.

Identity Theft can begin in various ways:

  1. Spyware installed on a user,s computer, without the user,s knowledge, reports personal information to a third party.
  1. An online user responds to a fraudulent, yet legitimate looking, email (phishing) and provides personal, confidential information to the sender.  The email may also contain a link to a fraudulent web site (pharming).
  1. An online user unknowingly visits a fraudulent web site (pharming), believing it is a legitimate web site (such as an online banking or shopping site), and enters confidential information such as an ID, PIN or credit card number.
  1. A keylogger program or hardware device is installed on a user's computer, without the user,s knowledge, to record passwords, IDs and other confidential information.
  1. Phone calls that seemingly originate from well known companies (banks, credit card companies, online retailers) and deceive consumers into providing or "updating" personal information such as account numbers, ATM card numbers, PINs, passwords, social security numbers, mother,s maiden name or credit card/debit card numbers.
  1. A wallet or purse containing personal information is lost or stolen. Thieves may also steal records from their employers, or bribe employees who have access to personal customer information.
  1. Thieves purposely look through trash for thrown away papers (mail, bank statements, credit card statements, etc.) that contain personal, confidential information such as account numbers or social security numbers.

If you believe you might be a victim of Identity Theft:

oContact your financial institution immediately and alert it to the situation.

oIf you have disclosed sensitive information over the telephone or online, you should also contact one of the three major credit bureaus below and discuss if you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name.

      Equifax 800-525-6285 P.O. Box 740250, Atlanta, GA 30374
      Experian 888-397-3742 P.O. Box 1017, Allen, TX 75013
      TransUnion      800-680-7289      P.O. Box 6790, Fullerton, CA 92634

oReport all suspicious contacts to the Federal Trade Commission through the Internet at www.consumer.gov/idtheft, or by calling 1-877-IDTHEFT.

Spyware

Spyware is a commonly used term to describe software that collects data without the knowledge of the data's owner and reports that data to a 3rd party.  Spyware can intercept confidential information such as IDs, passwords, social security numbers and other identifying data.   

Spyware can be installed on a user's computer through the following methods: 

oDownloaded with other Internet downloads in a practice called "bundling." In many cases, all the licensing agreements may be included in one pop-up window that, unless read carefully, may leave the user unaware of "bundled" spyware.

oDirectly downloaded by users who were persuaded that the technology offers a benefit. Some spyware claims to offer increased productivity, virus scanning capabilities or other benefits.

oInstalled through an Internet browsing technique called "drive-by downloads." In this technique, spyware is installed when a user simply visits a Web site. The user may be prompted to accept the download believing it is necessary in order to view the Web page. Another method is to prompt the user to install the program through pop-up windows that remain open, or download the software regardless of the action taken by the user.

oAutomatically downloaded when users open or view unsolicited e-mail messages.

Users can prevent spyware by taking the following precautions:

oDo not use public computers, such as those in libraries, hotels and internet cafes to connect to online banking web sites.

oInstalling and periodically updating anti-spyware, virus protection and firewall software.

oAdjusting browser settings to prompt the user whenever a Web site tries to install a new program or Active-X control.

oCarefully reading all End User Licensing Agreements and avoiding downloading software when licensing agreements are difficult to understand.

oMaintaining patches to operating systems and browsers.

oNot opening e-mail from untrustworthy sources.

Phishing

Phishing (pronounced fishing) uses fraudulent emails that seemingly originate from well known companies (banks, credit card companies, online retailers) to deceive consumers into divulging personal information such as user names, passwords, social security numbers, mother's maiden name or credit card numbers.   Many times a phishing email will contain a link to a fraudulent, yet official looking, company web site (pharming). 

Phishing can also occur via online pop-up windows, direct mail and phone calls.  Fraudulent emails, web sites and direct mail will use a bank or company logo, colors and other graphics to appear legitimate.  These communications will sometimes urgently ask a user to "verify" or "validate" some personal information.   Communications targeting specific individuals are sometimes referred to as "spear-fishing".

Consumers can protect themselves from Phishing scams by taking the following precautions:

oDo not share your PIN numbers and passwords or keep them in a visible location.

oDo not provide your social security number or other personal information by unsecured email.

oDo not provide personal, confidential information to anyone calling you requesting this type of information.

oBeware of emails or pop-up windows that request an "urgent reply", "immediate action" or threaten "cancellation".

oBeware of emails with a general greeting that doesn't identify you.

Pharming & Spoofing

Pharming (pronounced farming) is the process of redirecting a user to a false web site (also called a spoofed site) to collect personal information.  Pharming can be more dangerous than phishing because it is designed to be completely hidden from the user. 

Pharming occurs when a user enters a legitimate domain name (web address) and is redirected to a fraudulent web site designed to look legitimate, with authentic company colors, logos and other graphics.  The redirection can be caused by a malicious application on the user's computer such as a virus, an email attachment or download.  The redirection can also occur if the user makes a mistake or a misspelling while typing a domain name into a browser.

Some Pharming sites are very well designed but consumers can detect a false site by some of the following signs:

oSometimes the login process or information displayed will not look exactly like the legitimate site.

oPharming sites will usually ask for additional information such as social security numbers, PINs or account numbers that are not usually requested.

oLegitimate sites that request confidential information will always encrypt the session with Secure Sockets Layer (SSL).  Look for and double click on the "padlock icon" at the bottom of your browser to verify the SSL certificate.  The Web URL should also contain the prefix https:// (rather than http://) to denote a secure site. 

oPharmed sites do not normally have SSL certificates and if a Pharmed site attempts to use another sites SSL certificate, a user's browser will display a security alert message.

If a user wishes to respond to an email (sale at a favorite retailer, etc.), the user should type the desired web address into a browser instead of simply following the link contained in the email. 

Keystroke Logging

Keystroke logging is the practice of recording every keystroke made on a computer and is commonly used to steal passwords.  Keystroke logging can take the form of a program (keylogger program) installed on a computer, similar to the way spyware is installed, or can take the form of an actual hardware device installed between a computer and keyboard. 

Users can prevent keylogger programs from being installed by taking the same precautions as a user would take to prevent spyware from being installed.  Users should also be wary of a new hardware device installed between the keyboard and computer of a workplace PC to be sure it is not a keystroke recorder.

Computer Viruses

A virus is a program or programming code that infects a computer causing malicious acts, such as deleting files, accessing personal data or using a computer to attack other computers.  Viruses spread through floppy disks, CDs, email, Web sites and downloaded files. Some viruses wreak their effect as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer. Some viruses are benign or playful in intent and effect ("Happy Birthday!") and some can be quite harmful, erasing data or causing a hard disk to require reformatting.

A virus that replicates itself by resending itself as an e-mail attachment or as part of a network message is known as a worm.  Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.

A user's best defense against viruses is to install and periodically update virus protection and firewall software.  Additionally, a user should never open email from an unknown source and should be aware of emails with a general greeting that does not specifically identify the recipient.

Home | Deposit Products | Loan Products | About Us | Hours/Locations
Telephone Banking | Contact Us | Useful Links | Online Security | Privacy | Do Not Call

Merrimac Savings Bank is a community bank serving the communities of West Newbury and Merrimac MA, as well as Newton, NH.

Merrimac Savings Bank will NEVER ask you for private information by phone or unsolicited email.
Click here to protect yourself against Identity Theft.

Online Security for Consumers
Click here to learn more about online security and protecting yourself from fraud.

Fraudulent E-Mail Claims to Be From the FDIC
Click here to view this new consumer alert.

FREE Online Banking & Bill Pay!
Please try our Demo on the left of this page.