Security Center

Suspect Fraud? Contact our Fraud Hotline at 888.566.2366 or send us an email.

Advances in technology and the growing presence of mobile and online activities means it is more important than ever to protect your personal information from compromise. The security of your personal information is a top priority at Susquehanna. Learn about the measures we take to protect you, and how you can arm yourself against the threat of scams and fraud.

How Susquehanna Protects You

How Susquehanna Protects You

At Susquehanna, the security and privacy of your financial information is paramount. Our security features, policies and procedures provide multiple layers of protection to ensure your information is secure.

General Security Features

Our website features multiple levels and types of security throughout the design, as well as during a customer's banking session. We employ Secure Socket Layer (SSL) protocol for data encryption, firewalls, unique identifiers and passwords, and continual suspect monitoring and reporting. Consistent invalid ID attempts result in user "lock out" and generation of suspect reports. Customers are logged off after a period of inactivity as a deterrent to access by unauthorized persons. Susquehanna works continuously with cyber-security firms to shut down illegitimate websites and toll-free numbers.

Secure Socket Layer (SSL)

All data exchanged over the Internet is divided into small units and sent in envelope-type packets. Upon arriving at the computer that requested the information, the packets are reassembled into the original message. For Internet transactions and communications, you must employ a method of securing these packets as they travel across the Internet. Secure Socket Layer (SSL) is a leading method for encrypting and decrypting packets of data as they are exchanged using a code known only to the data's sender and recipient. SSL locks the data so that regardless of the path the data takes as it passes across the Internet, it can be opened only by the end user with the proper key or combination to the lock on the data. SSL technology is widely accepted today and is the Internet standard for secure, encrypted web communications.

Email Communications

When you send us an email message through our website, we may record your email address, your message and our response to ensure quality customer service. Visit our Contact Us page for contact information.

Susquehanna Bank does not sell customer information, including emails, to third parties and does not send out unsolicited emails asking people to input confidential information.

Protecting Your Access Codes

We use personal access codes and passwords to identify our authorized online banking customers. Our security measures rely on these codes remaining confidential and we strongly recommend that you do not share these access codes and passwords with others. Certain third party providers such as bill consolidation sites; financial aggregator sites or other e-commerce sites may offer to provide services to you by accessing your accounts using your access codes and passwords. While it is certainly your decision whether to utilize these services, please be advised that we cannot be responsible for the security and accuracy of the information displayed to you anywhere but at our website. You should know that all transactions initiated by a consolidation site using access information you provide are considered authorized by you, regardless of whether you were aware of the specific transaction. You may revoke this authority only by notifying us, and we may need to block your account until we issue new access codes.

Why Online Banking Uses Cookies

Online Banking uses cookies to keep track of a user's session. Each new login session receives a new set of cookies which are valid for only that session. We use the cookies to ensure that the user has entered a valid Online Banking ID and PIN, and to ensure that the user's session has not timed out. It is very important to use 'Logout' when exiting Online Banking so that your session is closed and cookies are dropped. The use of cookies also permits faster responses in Online Banking by temporarily storing some user information on our web server's memory. Accessing the user's information in memory is much faster than having to retrieve it from the host or from a database every time it is needed. When the user logs off or the session times out, the information held in memory is discarded.

Protecting Children Online

We do not knowingly solicit information from or market information to children online. We recognize that protecting children's identities and privacy online is important and that the responsibility to do so rests with both the online industry and with parents. If an individual under the age of 18 provides us with personally identifiable information through an online account application, the application will be declined and all related information will only be maintained as required or allowed by law.

Links To Our Web site

We are not responsible for the content or the privacy policies of websites to which we may provide links.

How To Protect Yourself

How To Protect Yourself

You have the power to protect yourself from scams and fraud. Learn about best practices to keep your information safe.

Disclosing personal information

It is often necessary to ask for certain personal information when a customer calls or visits a branch or logs into our website. Confirming this information is a valuable security tool to verify and protect a customer's identity. However, identity thieves and scammers often use this same method, so make sure you're only providing information to businesses you know and trust.

One point to keep in mind is Susquehanna will never independently call a customer or send an email asking a customer to disclose account numbers, ATM or debit card numbers, passwords or other personal information. If you receive such a call or email from someone claiming to be a Susquehanna representative and asking for personal or identifying information, do not respond! Instead, please call our Customer Service Center to verify you are communicating with a Susquehanna representative.

Be alert for potential email scams

Customers should be on the lookout for phishing scams in which fraudulent emails claiming to come from Susquehanna ask recipients to click on hyperlinks to update account information, unlock debit cards, receive a tax rebate or refund or complete a survey to receive a fee. These are not legitimate emails from the bank. Instead, they are fraudulent emails sent as part of a scam to trick people into divulging confidential information.

Recipients of these emails should not click on these links or respond with any confidential information such as account numbers, debit card numbers or Social Security numbers. Clicking on a link in this type of email could expose a computer to malicious software that could track keystrokes, potentially giving the scammers private information such as account passwords. Fraudulent emails such as these may look official and can sometimes include the company logo. Susquehanna does not send out unsolicited emails asking its customers to click on a hyperlink and input confidential account or debit card information.

If you think you are a victim of a phishing scam

Contact us as soon as possible so we can close your account and reopen another account with a different account number. If you gave out your credit, debit or ATM card information, report the incident to the card issuer as soon as possible and request your card be closed and a new card with a different number be issued to you. Monitor your account activity regularly and contact the card issuer immediately if any unauthorized charges appear.

Protect your personal information online

Online banking with Susquehanna is safe, secure and convenient. Whether you are banking online or not, you should always take the necessary steps to prevent your financial information from falling into the wrong hands. By keeping aware of possible internet and email scams, you will be better prepared to protect yourself.

Here are some best practices to make online banking a safe and enjoyable experience.

  • Keep all your passwords private.
  • Refrain from disclosing your personal information through unsolicited emails, telephone calls and social media messages.
  • Beware of emails that may warn of dire consequences unless you validate your information immediately.
  • Always click the logout link to end your online banking session.
  • Immediately leave any website that appears to be suspicious or doesn't perform the function it claims to provide. Carefully check the spelling of a web address so you're not fooled by a fraudulent site that is similar to the legitimate site. Often, fraudulent URLs can differ from the real site by only one character.
  • Be careful about what you install or download to your system. Avoid downloading software from sources you do not know and trust. Read the complete End User License Agreement before clicking "Agree" when downloading any software.
  • Businesses using Susquehanna Business Online Banking should download Trusteer Rapport, which provides added protection to your online banking session with Susquehanna Bank.
  • Be suspicious of any information-collecting website which does not have a home page or has a home page with an "under construction" message on it.
  • When using an online site for banking or other consumer activities, carefully read the site's privacy and security statements. Always look for the padlock icon on your online browser.
  • Review your online credit card and bank accounts to make sure there are no unauthorized charges. Also, review all account statements mailed to your home as soon as they arrive. Store and/or discard paper records carefully, and shred or destroy them when they're no longer needed.
  • If you notice any unauthorized activity on your accounts, please contact us immediately so we can take steps to protect your bank accounts.
  • If you use a mobile device for banking, we recommend securing it with a password.

Tips to remember

When you deposit or cash a check at a bank, you're essentially acknowledging you believe it is genuine and the person who wrote it will pay. If it bounces, you're responsible to repay the full amount. There's no legitimate reason someone – especially a stranger – would send you a check and ask you to wire a portion back. Remember two basic questions you should ask yourself if you receive communications like these:

  • Is this offer too good to be true? In most cases, the answer to this question is yes.
  • Does it smell fishy? Ask yourself: Why would a stranger send someone (you) thousands of dollars and ask you to wire it back?
  • Keep your social security number confidential.
  • If you believe you have responded to a fraudulent email or website, please send a copy of the email and/or a link to the suspicious site to reportfraud@susquehanna.net.
  • Protect your computer system with up-to-date antivirus protection and run spyware detection programs regularly.

Resources to fight ID theft

Fraud Activity and Examples

Fraud Activity and Examples

There are many different ways thieves may try to separate you from your money. By staying informed about common scams and fraud, you'll have the knowledge you need to be alert to threats.

Examples of Financial Scams

  • Phishing scammers. These scammers send out mass messages to as many people as they can, attempting to trick them into giving out their confidential bank account information. Fraudulent emails have been designed to look as if they came from Susquehanna, often including the company's logo. Consumers should be aware that these are not legitimate messages from Susquehanna Bank, and they should not click on any links in emails, call any toll-free numbers provided, or respond with any confidential financial or other information.
  • A text message saying that the customer's account has been locked and giving a phone number to call to have it restored.
  • An offer of a reward if they fill out an online customer service survey. The email recipient would be asked to enter their bank account information so the reward could be deposited.
  • A claim that a company has initiated a monthly charge to the recipient's account; in order to stop the charge, the recipient is directed to a website, where they'd be asked for their confidential account information.
  • A warning that fraudulent emails are being sent out and the recipient's debit card has been temporarily blocked as a security precaution. To re-activate the card, recipients are asked to call a toll-free phone number, where they'd need to input their card information.
  • A warning to be on the lookout for phishing scams where recipients are asked to click on a fraudulent link and immediately login and report any unnoticed password changes, unauthorized withdrawals, and check their account profile.
  • A security notice advising customer that an unsecured PIN reset was recently attempted on their account and then directing them to contact a toll-free number and input their card information.

Be aware: Many fraudulent emails provide clues they are illegitimate. Misspelled words, urgent appeals, money offerings and unfamiliar return addresses are all signs of a fraudulent email. You should also be aware fraudulent emails are becoming more creative and sophisticated, and often include a seemingly legitimate business reason, such as a survey. Ironically, some even pretend they're trying to protect consumers from fraud. However, eventually they get to the same point: asking customers to divulge confidential bank card or account information, either online or by phone. That's the red flag that should stop you in your tracks! Even if you don't see any obvious signs that an email is fraudulent, but you suspect it could be, contact us immediately.

Here are some phishing examples:

  • Fraudulent Email – Example #1
  • Dear Valued Customers,

    IMPORTANT NOTE : You are reciving this letter regarding a new user ID and Password Being assigned to our customers , You should begin to use the new ID and Password after filling a small form please Click Here Please take 2 minutes to update your information with us on files , Incase of delay your online account can be suspended and limited access.

    Kind Regards,

    Susquehanna Bank

  • Fraudulent Email – Example #2
  • Dear Susquehanna Bank member,

    We have changed your online account username and password because you have violated our Terms and Conditions. Your account is now suspended.

    New Login Information:
    USER:48011651
    PASSWORD:xPf!HGuzP
    Please unsuspend and confirm your Online Account within 24 hours after reading this message. Ignoring this message will result into account removal.

    Unsuspend by clicking here.

    Regards

    Susquehanna is a regional financial services holding company with assets of approximately $14 billion. It includes a commercial bank that provides financial services at more than 230 branch locations in the Mid-Atlantic region. Through Susquehanna Wealth Management, the company offers investment, fiduciary, brokerage, insurance, retirement planning and private banking services. Susquehanna also operates an insurance and employee benefits company, a commercial finance company, and a vehicle leasing company. Our extensive portfolio of financial products and services is managed locally to provide maximum value to our customers and communities. We invite you to get to know us better through the information and links provided.

  • Fraudulent Email – Example #3
  • You have received this email because we have strong reason to believe that your Susquehanna Bank account had been recently compromised. In order to prevent any fraudulent activity from occurring we are required to open an investigation into this matter.

    If your account informations is not updated within the next 12 hours, then will assume this account is fraudulent and will be suspended. We apologize for this inconvenience, but the purpose of this verification is to ensure that your Susquehanna Bank account has not fraudulently used and to combat fraud. To speed up the process, you are required to verify your Susquehanna Bank account by following the link below:

     https://cm.nettel.com/login/Views/Login.aspx

     We apologize in advance for any inconvenience this may cause you and we would like to thank you for cooperation as we review this matter.

    Be wary of urgent appeals.

  • Fraudulent Email – Example #4
  • ADVISORY: Some members and non members of Susquehanna Bancshares have received fraudulent emails. This email was NOT issued by Susquehanna Bancshares, and should be deleted. Do not follow the instructions in the email. Do not click the link. For security reasons we have deactivated your debit card. Please contact us at (800) 516-1453 to activate your debit card.

    A fraudulent email masking a consumer alert. Be suspicious if the customer service number does not match the one on your bank statement.

Scams Related to Online Customer Authentication

There are some online scams happening as banks like Susquehanna have begun Online Customer Authentication features. Here are a couple variations to watch out for:

  • You may receive an email saying that your account has been accessed from multiple computers and will be shut down unless you click on a link, which then asks you to input your account number and password. If you receive this type of email, it is a scam; delete it without clicking on the link or responding. We already have that information, so we won't request it from you in an unsolicited email.
  • In another variation, you may receive an email telling you that you need to click on a link to set up "challenge questions" that the bank would then use to confirm your identity during any future suspicious log-ins. Although our Online Customer Authentication feature does ask you to establish security questions and answers, we ask you to do that only AFTER you've logged into Online Banking and confirmed your identity. We wouldn't ask you to take that step through a link in an unsolicited email.

Malware

Is software used or programmed by fraudsters to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. Malware, short for malicious software, is a general term used to refer to a variety of forms of hostile or intrusive software.

Man in the Browser

Man in the browser is a security attack where the hacker installs a Trojan horse on a victim's computer that's capable of modifying web transactions as they occur in real time, taking advantage of vulnerabilities in browser security. A man in the browser attack, unlike phishing, occurs when the victim has entered the URL into the browser independently, without an external prompt such as a link in an email. On the surface, transactions are taking place normally with expected prompts and password requirements.

Phishing Scams Using Phones

There is a variant of traditional phishing scams that uses telephone calls (instead of email) to gather confidential information. Customers may receive an automated phone call or an email saying their account or debit card has been compromised and giving them a phone number to call to resolve the issue. When they call, they reach an automated answering program that asks them for their account number (or debit card number) to verify their account. Customers should not give confidential information in response to suspicious requests like this. These types of phone-phishing scams, sometimes called "vishing," have become more common with the increasing popularity of Voice over Internet Protocol (VoIP), which allows telephone calls to be made from computers instead of from traditional phones.

Merger Phishing

Susquehanna customers should be aware of the potential for this variation of phishing. In this scam, customers receive an email that says it's from a company that is acquiring their bank and asks for account numbers and other data as part of the merger. Consumers may be susceptible to this scam if it mentions a merger that is actually occurring. The Bank already has this type of information, and another bank doing an acquisition would not need to ask individual customers for that data.

Survey Phishing

These phishers send out a survey, claiming that they represent a bank or another company. The survey may start out with harmless questions to get you comfortable with responding, but then they ask for confidential information. Often, people are told they will receive a gift certificate or other reward for participating. This technique has been used over the phone in the past, but is now being used online as well.

Pharming

Unlike phishing, scammers using a technique called "pharming" don't lure their victims with emails. Instead, they install malicious software or use other techniques to re-direct a user to a fraudulent website – even if the user types the correct address into their browser or uses an existing bookmark for their bank's website. So how can users protect themselves? If you're going to enter confidential information on a website, first check to be sure the site has a valid certificate from a service such as VeriSign®. Click on the padlock icon in the browser's status bar to see the certificate, and check to be sure the name on the certificate matches the website.

As always, customers should run anti-virus and anti-spyware software and update their computers with the latest security patches and a firewall. If you notice something suspiciously different about the way your online banking site is functioning, call the bank to verify that you are using the correct site.

Key Logging

Key logging software records everything that is typed on your computer, including password information, and sends the information to an outside party. The unwanted software, sometimes referred to as "spyware," "adware" or "key logging software," usually infects a computer in the form of a virus attached to an e-mail or other type of download. Many times, these downloads are bundled with free program offers. If you click to install a free program and click "Agree" to the End User License Agreement without reading it fully, you may be unknowingly granting permission to download spyware along with the free program.

Some signs that your PC may be infected by unwanted software include:

  • A slowing of your computer, both offline and online.
  • An unexpected increase in unsolicited e-mail or messages sent without your knowledge.
  • Strange browser behavior, such as increased pop-ups or unexplained changes to your home page settings and Web site favorites.

To lessen your risk of key logging, avoid downloading software from sources that you do not know and trust. Also, make sure you have up-to-date antivirus protection installed on your PC. Antivirus software provides protection against viruses that compromise your computer's security. Once installed, make sure you keep your antivirus software updated.

Consumer Fraud Scams

For a list of fraudulent offers that consumers routinely receive, visit www.fakechecks.org. Be on the lookout for scams like these or similar ones. Instead of responding, notify your local police department or financial institution.

Lottery Scam

You receive a letter and a check, often a large amount, stating that you have won a lottery, usually one in a country other than the United States. You are told to deposit the check and wire a portion of it back to cover fees and/or taxes. If you follow the instructions, the check will turn out to be counterfeit, but by the time it's returned, the criminal will already have the money you wired from your account. You will have to pay back the full amount of the bogus check. It is against laws in the United States to participate in a lottery in another country, so a letter saying you have won a foreign lottery is a scam.

Internet Purchase Scam

You offer to sell something online, and the buyer sends you a check for more than the purchase price you agreed on. The buyer asks you to wire back the amount over the agreed-upon selling price. The buyer's payment will turn out to be counterfeit, but by the time it's returned, he already has the money you wired from your account. You are responsible to pay back the full amount of the bogus check. When selling or buying on the Internet, only send or accept checks for the exact amount. Ask for cashier checks when possible.

Reporting Fraud

Reporting Fraud

See something suspicious? Or, do you suspect you are a victim of fraud? Don't be afraid to reach out for help.

If you have questions about a suspicious message you received, you should call the Susquehanna Bank Fraud Hotline at 1.888.566.2366 or send an email to reportfraud@susquehanna.net.

If you responded to what you believe to be a fraudulent email and/or disclosed personal information, it's important to take action right away. Don't be embarrassed! Call your bank immediately. Search for your branch online.

If you suspect you were a victim of a fraud, contact the major credit bureaus and place a fraud alert on your account. Here are the fraud numbers for the three major credit reporting bureaus:

  • Equifax: 1-800-525-6285
  • Experian: 1-888-EXPERIAN (397-3742)
  • TransUnion: 1-800-680-7289

You should also contact your local law enforcement agency or the state attorneys' general office to report the fraud. In Pennsylvania, you can reach the Office of Attorney General's Bureau of Consumer Protection at 1-800-441-2555. In Maryland, the Office of Attorney General's consumer complaint hotline is 410-528-8662. In New Jersey, you can contact the Department of Banking & Insurance's Division of Banking at 609-292-7272.