Privacy & Security

Online Fraud

Customer Resources

How to Prevent Account Takeover

Exchange Bank will never call, text or email you to ask for your log in information, secure access code, PIN# or token code.

Account Takeovers occur when a criminal obtains your personal banking information and uses it to take over your bank accounts. It can take weeks or months to discover. Fortunately, there are steps you can take to protect yourself.

Often, the account hijacker uses one or more methods to obtain your personal data. You should be particularly aware of the following methods:

  • Spoofing: Takeovers by spoofing occur when a scammer is disguised as a trusted source to gain access to important data or information. Spoofing can happen through websites, emails, phone calls, texts, IP addresses and servers. These scammers may impersonate Exchange Bank's phone number on your caller ID, send unsolicited text messages and/or emails to trick you by claiming that you have fraud on your card or that you need to update your account information.
  • Phishing: Takeovers by phishing deceive customers into providing their user names, passwords and account numbers via deceptive e-mails, fake (spoofed) Web sites or both. The classic phishing attack involves a deceptive e-mail that purports to be from a legitimate financial institution. The e-mail typically tells the customer that there is some sort of problem with the customer's account, and instructs the recipient to click on the included hyperlink to "fix" the problem. In reality, the spoofed Web site is simply collecting customer user names and passwords in order to hijack accounts.
  • Spyware: Takeovers with Spyware works by inserting malicious software, often referred to as "spyware," on a person's personal computer. Spyware can be loaded when a user opens a seemingly innocuous e-mail attachment or clicks on a pop-up advertisement. The spyware collects selected information (e.g., user names, passwords and account numbers) and forwards that information to the fraudster.
  • Vishing: Takeovers by phone fraud where account hijackers use deceptive techniques such as purporting to be from a financial institution to gain access to your personal data and account information.

The best way to avoid fraud is to prevent it. Here are some basic safety tips you can implement immediately:

  • Password Protection: If your password is easy for you to remember, chances are good it’s also easy for a hacker to figure out. Experts advise a combination of letters, numbers and special characters. Avoid pet names, your home address and similar easy-to-crack codes.
  • Virus Protection: Your computer anti-virus software is like a vaccine—it works at first, but you need to keep it up-to-date to guard against new strains.
  • A Strong Firewall: This protective wall between the outside world and your computer can help prevent unauthorized access to your computer. Updates are called patches, and you should check regularly with your software company to be sure you have the latest patches.
  • Anti-Spyware: Anti-spyware programs are readily available, and every computer connected to the Internet should have the software installed and updated regularly.
  • Don’t take the "Phishing" bait: If you receive an unexpected or suspicious e-mail, delete it.
  • Don’t take the "Vishing" bait: If you receive a call reporting to be from Exchange Bank asking for account information simply hang up.

Remember: Your bank will never e-mail you and ask you to go to another site to verify information.

Chances are you will never be victimized by account takeover identity theft. But if you are victimized, early detection is critical.

  • Check your statements regularly. If something seems irregular, contact your banker to discuss it. A recent study showed that customers who monitor their accounts online discover problems sooner.
  • Check your credit report at least once a year. You are entitled to one free credit report annually from each of the three major credit bureaus. If a hijacker is misusing your credit, clues are likely to show up here.

For a free credit report, click here.

Substantial measures are in place at Exchange Bank to protect your identity and your accounts against theft and fraud. For example, stringent bank privacy policies protect your personal financial information. Password protections for online transactions help assure online security. When using our online services, you develop a password that only you know. Encryption of online transactions converts your information into secure code, protecting you against hackers.

Maximum security is possible only with your help. Here's what you can do to stop these crimes before they happen:

  • Do not give out financial information such as checking, debit and credit card numbers or your Social Security number, unless you know the person or organization.
  • Report lost or stolen checks immediately. Exchange Bank will block payments.
  • Notify your banker of suspicious phone inquiries such as those asking for account information to "verify a statement" or "award a prize."
  • Closely guard your ATM Personal Identification Number (PIN) and ATM receipts.
  • Shred any financial solicitations and bank statements before disposing of them.
  • Put outgoing mail into a secure, official Postal Service collection box.
  • If regular bills fail to reach you, call the company to find out why.
  • If your bills include questionable items don't ignore them. Instead, investigate immediately to head off any possible fraud.
  • Periodically contact the major credit reporting companies to review your file and make certain the information is correct.

The Fair and Accurate Credit Transactions Act (FACTA) was passed into law in 2003. It requires the three major credit-reporting agencies (Equifax, Experian and TransUnion) to provide consumers with a free copy of their own credit report once a year. The credit reports can be ordered via, which is the only “authorized website for free credit reports,” says the Federal Trade Commission (FTC).

Requirements were placed on mortgage lenders to release consumer information regarding credit scores and factors influencing the price of a mortgage. This includes releasing to consumers “risk-based-pricing” notices as well as credit scores concerning any credit denials or less favorable credit offers.

FACTA allows enforcement agencies to take action on the so-called “Red Flag Rules,” which require creditors and financial institutions, such as banks and credit unions, to put into action identity theft prevention programs to help detect and prevent identity theft. For example, the issuers of credit and debit cards must take steps to validate any changes to customers’ addresses.

Other measures help consumers recover their credit reputation after they have been victimized:

  • Credit reporting agencies must stop reporting allegedly fraudulent account information when a consumer establishes that he or she has been the victim of identity theft;
  • Creditors or businesses must provide copies of business records or fraudulent accounts or transactions related to them. This information can assist victims in proving that they are, in fact, victims.
  • Consumers are allowed to report accounts affected by identity theft directly to creditors—in addition to credit reporting—to prevent the spread of erroneous credit information.