Internet Fraud: Phishing

Phishing is an internet scam that employs techniques that steal a website's HTML (a website's code infrastructure) in order to create fraudulent or "spoof" websites. These "spoof" websites fool the user into believing he/she is on an authentic site. For example, a user may follow a link from a maliciously-designed email that takes the user to a familiar-looking site, but the user has actually been taken to a "spoof" website whose sole purpose is to obtain the user's sensitive information (such as password, user ID, ATM/Debit Card number, social security number or bank account number) by means of asking the user to confirm or update that information. Once the information has been entered, the internet criminal gains access to the user's account(s). Fraudulent emails usually create a sense of urgency (about a threatening account condition, for example) in order to bait the user into following a link, which then instructs the user to update or provide sensitive information.

This process, commonly known as Phishing, allows internet criminals to infiltrate a customer's account by capturing and using their sensitive information. Many banks and financial institutions have been targets of this criminal activity.

Merchants Bank and its customers have not been victims of these infringements. The website is designed with security and functionality as a priority; however, Merchants Bank feels it is important to educate our customers about this new electronic criminal trend and to offer some helpful, precautionary techniques.

Once a customer is initially set-up for electronic banking services with Merchants Bank, we will never send a customer an email requesting an update or confirmation of sensitive information. Additionally, Merchants Bank will inform you of pertinent account information solely via a bank letter or bank statement, sent through the US Postal Service.

Some of the easiest methods to protect oneself from Phishing are to type in a trusted URL (website address) into the internet address bar (this brings one directly to the intended site) and avoid clicking on any links from emails requesting sensitive information. If a user is unsure of the nature of an email, he/she can look for obvious spelling errors, a certain indication of fraudulent content. It is also important for users to update operating and browser software on a regular basis, as these updates usually contain free, imperative security enhancements. It is also wise to purchase current anti-virus software for added protection. Lastly, it is recommended that users change a password every 30 to 60 days, using at least six characters with a combination of letters and numbers (try not to incorporate user ID information, pet, children or spouse names into passwords and it is helpful to use a different password for each account).

If a user suspects that he/she has received a fraudulent email regarding his/her Merchants Bank account(s), please contact Merchants Bank at 1-800-322-5222. One may also wish to forward the suspicious email to the Federal Trade Commission at or contact them at this Web site or 1-877-IDTHEFT.