Disclosing Personal Information
It is often necessary to ask for certain personal information when a customer calls
or visits a branch or logs into our Web site. Requiring the disclosure of personal
information before beginning a transaction is a valuable security tool to verify
and protect a customer’s identity. Unfortunately, personal information shared on
the Internet or telephone may be used to commit fraud, so provide this information
only to businesses you know and trust.
Susquehanna will NEVER independently call a customer or send an e-mail asking a
customer to disclose account numbers, ATM or debit card numbers, passwords, or other
personal information. If at any time you receive an unsolicited telephone call or
e-mail from a person claiming to be a representative of Susquehanna asking for personal
or identifying account information, do not respond. Instead, please call our Customer
Service Center to verify that you are communicating with a Susquehanna representative.
Be Alert for Potential Email Scams
Susquehanna cautions consumers to be on the lookout for phishing scams in which
various fraudulent emails claiming to come from Susquehanna ask recipients to click
on hyperlinks to update account information, unlock debit cards, receive a tax rebate
or refund, or complete a survey to receive a fee. These are not legitimate emails
from the bank; instead, they are fraudulent emails sent as part of a scam in which
criminals try to trick people into divulging their confidential information. Recipients
should not click on any links in these emails or respond with any confidential information
such as account numbers, debit card numbers or Social Security Numbers. Clicking
on a link in this type of email could expose a computer to malicious software that
could track keystrokes, potentially giving the scammers private information such
as account passwords. Fraudulent emails such as these may look official, sometimes
including the company logo. Susquehanna does not send out unsolicited emails asking
its customers to click on a hyperlink and input confidential account or debit card
information. If you have questions about whether a communication you’ve received
is legitimate, please contact the bank using a phone number you know is reliable,
such as the customer service number found on your account statements or in the upper
right corner of each page on our website. If you receive an email that you believe
may be fraudulent, you can notify us by emailing firstname.lastname@example.org or calling 1.888.566.2366.
We recommend the following actions if you think you are a victim of a phishing scam.
- If you have given out your bank account information:
as soon as possible so we may close your account and reopen a like account
with a different account number.
- If you have given out your credit, debit, or ATM card information:
Report the incident to the card issuer as soon as possible and request that your
card be closed and a new card with a different number be issued to you. Monitor
your account activity regularly and contact the card issuer immediately if any unauthorized
Scams Related to Online Customer Authentication
There are some new online scams that have begun occurring as banks like Susquehanna
implement our new Online Customer Authentication feature. Here are a couple variations
to watch out for:
Remember, if you ever have questions about a communication you received concerning
Online Banking, please call us at
. Thank you.
- You may receive an email saying that your account has been accessed from multiple
computers and will be shut down unless you click on a link, which then asks you
to input your account number and password. If you receive this type of email, it
is a scam; delete it without clicking on the link or responding. We already have
that information, so we won’t request it from you in an unsolicited email.
- In another variation, you may receive an email telling you that you need to click
on a link to set up “challenge questions” that the bank would then use to confirm
your identity during any future suspicious log-ins. Although our Online Customer
Authentication feature does ask you to establish security questions and answers,
we ask you to do that only AFTER you’ve logged into Online Banking and confirmed
your identity. We wouldn’t ask you to take that step through a link in an unsolicited
Phishing Scams Using Phones
There is a variant of traditional phishing scams that uses telephone calls (instead
of email) to gather confidential information. Customers may receive an automated
phone call or an email saying their account or debit card has been compromised and
giving them a phone number to call to resolve the issue. When they call, they reach
an automated answering program that asks them for their account number (or debit
card number) to verify their account. Customers should not give confidential information
in response to suspicious requests like this. These types of phone-phishing scams,
sometimes called “vishing,” have become more common with the increasing popularity
of Voice over Internet Protocol (VoIP), which allows telephone calls to be made
from computers instead of from traditional phones.
Susquehanna customers should be aware of the potential for this variation of
phishing. In this scam, customers receive an email that says it’s from a company
that is acquiring their bank and asks for account numbers and other data as part
of the merger. Consumers may be susceptible to this scam if it mentions
a merger that is actually occurring. The Bank already has this type of information,
and another bank doing an acquisition would not need to ask individual customers
for that data.
These phishers send out a survey, claiming that they represent a bank or another
company. The survey may start out with harmless questions to get you
comfortable with responding, but then they ask for confidential information. Often,
people are told they will receive a gift certificate or other reward for participating.
This technique has been used over the phone in the past, but is now being used online
Unlike phishing, scammers using a technique called “pharming” don’t lure their victims
with emails. Instead, they install malicious software or use other techniques to
re-direct a user to a fraudulent website – even if the user types the correct address
into their browser or uses an existing bookmark for their bank’s website. So how
can users protect themselves? If you’re going to enter confidential information
on a website, first check to be sure the site has a valid certificate from a service
such as VeriSign®. Click on the padlock icon in the browser’s status bar to see
the certificate, and check to be sure the name on the certificate matches the website.
As always, customers should run anti-virus and anti-spyware software and update
their computers with the latest security patches and a firewall. If you notice something
suspiciously different about the way your online banking site is functioning,
call the bank to verify that you are using the correct site.
A new scam gaining popularity among criminals involves “key logging.” Key logging
software records everything that is typed on your computer, including password information,
and sends the information to an outside party. The unwanted software, sometimes
referred to as “spyware,” “adware” or “key logging software,” usually infects a
computer in the form of a virus attached to an e-mail or other type of download.
Many times, these downloads are bundled with free program offers. If you click to
install a free program and click “Agree” to the End User License Agreement without
reading it fully, you may be unknowingly granting permission to download spyware
along with the free program.
Some signs that your PC may be infected by unwanted software include:
To lessen your risk of key logging, avoid downloading software from sources that
you do not know and trust. Also, make sure you have up-to-date antivirus protection
installed on your PC. Antivirus software provides protection against viruses that
compromise your computer’s security. Once installed, make sure you keep your antivirus
- A slowing of your computer, both offline and online
- An unexpected increase in unsolicited e-mail or messages sent without your knowledge
- Strange browser behavior, such as increased pop-ups or unexplained changes to your
home page settings and Web site favorites.
Tips to Protect Your Personal Information Online
Online Banking with Susquehanna is safe, secure, and convenient. Whether you are
banking online or not, you should always take the necessary steps to prevent your
financial information from falling into the wrong hands. By staying knowledgeable
about possible Internet and e-mail scams, you will be better prepared to protect
Below are some tips to remember to make doing business online a safer and more enjoyable
experience, whether it is banking with Susquehanna or any other consumer online
account you may have.
- Keep all of your passwords private. Passwords can only serve their purpose if they
- Refrain from disclosing your personal information through unsolicited e-mails and
telephone calls. Beware of e-mails that may warn of dire consequences unless you
validate your information immediately. Contact the sending company to confirm the
e-mail’s validity using a phone number or Web address you know to be genuine.
- Always use the logout button to discontinue your Online Banking session and then
close your browser.
- Immediately leave any site that appears suspicious or seems to not perform the function
that it claims to provide. Carefully check the spelling of a Web address so as not
to be fooled by a fraudulent site that is identical to the legitimate site. Often
fraudulent site URLs can differ from legitimate site URLs by only one stroke or
- Be careful about what you install or download to your system. Avoid downloading
software from sources that you do not know and trust. Read the complete End User
License Agreement before clicking “Agree” when downloading any software.
- Be suspicious of any information-collecting Web page that does not have a home page
or has a home page with an “under construction” message on it.
- When using an online site for banking or other consumer activities, carefully read
the site’s privacy and security statements. Always look for the padlock icon on
your Internet browser.
- Maintain up-to-date virus protection and use a personal firewall on your PC. If
you use MS Windows, install up-to-date service packs.
- Review your online credit card and bank accounts to make sure there are no unauthorized
charges. Also, review all account statements that are mailed to your home as soon
as they arrive. Store and/or discard paper records carefully, and shred or destroy
them when they’re no longer needed.
- If you notice any unauthorized activity on your accounts, please
immediately so we can take steps to protect your bank accounts.
- If you believe you have responded to a fraudulent email or website, please send
a copy of the email and/or a link to the suspicious site to
- For more information on Internet/e-mail scams and identity theft issues, visit the
Federal Deposit Insurance Corporation,
Federal Trade Commission, the
National Consumers League, or the
OCC Consumer Protection News.
Consumer Fraud Scams
Below is a list of fraudulent offers that consumers routinely receive. Be on the
lookout for scams like these or similar ones. Instead of responding, notify your
local police department or financial institution.
For more on Consumer Fraud Scams, visit
You receive a letter and a check, often a large amount, stating that you have won
a lottery, usually one in a country other than the United States. You are told to
deposit the check and wire a portion of it back to cover fees and/or taxes. If you
follow the instructions, the check will turn out to be counterfeit, but by the time
it’s returned, the criminal will already have the money you wired from your account.
You will have to pay back the full amount of the bogus check. It is against laws
in the United States to participate in a lottery in another country, so a letter
saying you have won a foreign lottery is a scam.
Internet Purchase Scam
You offer to sell something on the Internet, and the buyer sends you a check for
more than the purchase price you agreed on. The buyer asks you to wire back the
amount over the agreed-upon selling price. The buyer’s payment will turn out to
be counterfeit, but by the time it’s returned, he already has the money you wired
from your account. You are responsible to pay back the full amount of the bogus
check. When selling or buying on the Internet, only send or accept checks for the
exact amount. Ask for cashier checks when possible.
Tips to Remember
When you deposit or cash a check at a bank, you’re essentially acknowledging that
you believe it is genuine and the person who wrote it will pay. If it bounces, you’re
responsible to repay the full amount. There’s no legitimate reason that someone
– especially a stranger – would send you a check and ask you to wire a portion back.
Remember two basic questions you should ask yourself if you receive communications
- Is this offer too good to be true? (Then it’s probably not true.)
- Does this make common sense? (For example, why would someone send a stranger thousands
of dollars and ask them to wire it back?)
If you would like to learn more about how to protect yourself from potential identify
theft, you can view the video
Don’t Be An Online Victim, produced by the Federal Deposit Insurance Corporation.
Resources to Combat Identity Theft
Below are links to identity theft information pages established by state governments: