Customer Awareness

We will NEVER request personal information by email, phone, or text messaging, including account numbers, passwords, personal identification information, or any other confidential customer information.

Fraudulent emails and phone numbers may be designed to appear as though they are originated from Sherburne State Bank. Do not respond to any email, phone, or text communications that request any type of personal or confidential information, and do not go to any links listed on that email. These communications are not originated by Sherburne State Bank. Never give out any information that the Bank would already have to a caller, texter, or email sender. If you contact us, we may verify the last 4 digits of your SSN to confirm your identity, but we will never contact you and ask for your debit/credit card number or your full SSN. If we need to contact you, it will always be done in a manner that protects your personal, confidential information, and we will clearly identify ourselves.

One new twist we’ve seen lately is a text message containing a phone number, usually beginning with an 8 (i.e., 8XX-XXX-XXXX). This gives the impression that it’s from a toll-free number. When called, there is an automated recording requesting payment information.

Please continue to report all fraud so we have all pertinent information to report- answers to the following questions should be included, if available:

• What did the fraudster say to the customer?
• What were the steps leading to the fraud? For example, did the fraudster send a text and then call? Did the customer change their password with the fraudster on the phone? Will you please send us a screen shot of the text?
• Who did the fraudster impersonate?
• How many customers had fraud on their account?
• Did the fraudster leave a voice message? If so, will you forward it to our support team?
• Will you share details of the call? Pertinent information includes name and customer phone number, the number displayed on the caller ID, date, and time of the call (including time zone), and how long the call lasted. Screen shots help as well.

If you suspect fraudulent activity or have any questions regarding this notice, please contact us:

BECKER
12500 Sherburne Avenue P.O. Box 428 Becker, MN 55308
Phone: 763-261-4200

PRINCETON
136 North Rum River Drive Princeton, MN 55371
Phone: 763-389-4099

MONTICELLO
1200 State Highway 25 S. Monticello, MN 55362
Phone: 763-271-7177

Unsolicited Customer Contact

Sherburne State Bank will never contact its customers on an unsolicited basis to request their security logon credentials, such as the combination of the customer’s username, password, and/or security questions. If you receive a request of this type, do not respond to it. Please hang up and call us immediately at 763-261-4200 to report any suspicious activity.

Online Banking Security

To help protect your personal information, please consider following some or all the following steps:

• Make sure you choose a strong and unique username and password that mixes upper- and lower-case letters and numbers.
• Avoid using public Wi-Fi Connections. Use a secure network connection.
• Keep a record of your username and password in a secure place, and update your password regularly.
• Make sure you have up-to-date security software in place on your computer or network when conducting financial transactions, and install updates regularly.
• Log off the system when you are done with your transactions. (Don’t simply “X” out of or close the window)
• Monitor your account activity regularly. If there are any unauthorized transactions, report them to your Bank immediately.

For more information about how to protect yourself and your information please visit www.onguardonline.gov. This is a government run website with information and simple tips.

Debit Card Protection

Debit card usage has increased dramatically in recent years and fraudulent use of debit cards has also increased.

NEVER give your debit card information when requested by phone, email, or texting. We at Sherburne State Bank nor any other bank we know of will ever request information from you in this manner. Please contact us if you receive any such request.

What is Identity Theft?

Identity theft involves the unlawful acquisition and use of someone’s identifying information, such as:

• Name
• Address
• Date of Birth
• Social Security Number
• Mother’s Maiden Name
• Driver’s License
• Bank or Credit Card Account Number

Crooks then use the information to repeatedly commit fraud to duplicate your identity which may include opening new accounts, purchasing automobiles, applying for loans, credit cards, and social security benefits, renting apartments and establishing services with utility and telephone companies. It can have a negative effect on your credit and create a serious financial hassle for you.

How do I protect myself?

• Report lost or stolen checks or credit cards immediately
• Never give out any personal information including birth date, SSN or Passwords
• Shred all documents containing personal information, like bank statements, unused checks, deposit slips, credit card statements, pay stubs, medical billings, and invoices
• Don’t give any of your personal information to any web sites that do not use encryption or other secure methods to protect it

For more information about identity theft and other tips on how to protect yourself and your information please visit the following websites:

Federal Trade Commission: www.ftc.gov/bcp/edu/microsites/idtheft
FDIC Consumer Assistance: www.fdic.gov/consumers/assistance
United States Department of Justice: www.usdoj.gov/criminal/fraud

Equifax
P O Box 105069
Atlanta, GA 30349-5069
www.equifax.com
To order a report: (800) 685-1111
To report fraud: (800) 525-6285

Experian
P O Box 2002
Allen, TX 75013-0949
www.experian.com
To order a report: (888) 397-3742
To report fraud: (888) 397-3742

Trans Union
P O Box 1000
Chester, PA 19022
www.transunion.com
To order a report: (800) 916-8800
To report fraud: (800) 680-7289

Regulation E: Electronic Fund Transfers (EFT)

Regulation E protects individual customers using electronic funds transfers (EFT). Non-consumer such as business/commercial accounts are not protected by Regulation E.

What is an EFT?
An EFT is any transfer of funds that is initiated through an electronic terminal, telephone, computer, or magnetic tape for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit a consumer’s account. The term includes but is not limited to:

• Point of sale transfers
• Automated teller machine transfers
• Direct deposits or withdrawals of funds
• Transfers initiated by telephone
• Transfers resulting from debit card transactions, whether initiated through an electronic terminal or not
• Transfers initiated through internet banking and bill pay.

How does Regulation E apply to a consumer using Online Banking and/or Bill Pay?
Regulation E is a consumer protection law for accounts such as checking or savings, established primarily for personal, family, or household purposes. Regulation E provides consumers a means to notify their financial institution that an EFT has been made to their account without their permission. If you are unsure if your account is protected by Regulation E contact us.

Refer to the Banks Electronic Funds Disclosure for more information regarding your rights under the regulation. You may find the Electronic Funds Disclosure in your new account paperwork or may access the disclosure online.

Business/Commercial customers are not covered by Regulation E.

As a result, it is critical that business/commercial customers implement sound security practices within their places of business.

If you follow sound business practices, you can protect your company:

• Using a dedicated PC for financial transactions only.
• Conducting employee background checks.
• Create a process to eliminate access by former employees.
• Divide duties among several people so no one person has complete control.
• Perform your own risk assessments and control evaluations.
• Use firewalls to protect from outside intrusion of hackers.

Good practices can keep business/commercial customer’s information secure.

Corporate Account Takeover

Corporate Account Takeover is a form of identity theft in which criminals steal your valid online banking credentials. The attacks are usually stealthy and quiet. Malware introduced onto your systems may go undetected for weeks or months. Account-draining transfers using stolen credentials may happen at any time and may go unnoticed depending on the frequency of your account monitoring efforts.

The good news is, if you follow sound business practices, you can protect your company:

• Use layered system security measures: Create layers of firewalls, anti-malware software and encryption. One layer of security might not be enough. Install robust anti-malware programs on every workstation and laptop. Keep the programs updated.
• Manage the security of online banking with a single, dedicated computer used exclusively for online banking and cash management. This computer should not be connected to your business network, should not retrieve any email messages, and should not be used for any online purpose except banking.
• Educate your employees about cybercrimes. Make sure your employees understand that just one infected computer can lead to an account takeover.

Make them very conscious of the risk, and teach them to ask the question:

“Does this email or phone call make sense?” before they open attachments or provide information.

• Block access to unnecessary or high-risk websites. Prevent access to any website that features adult entertainment, online gaming, social networking, and personal email. Such sites could inject malware into your network.
• Establish separate user accounts for every employee accessing financial information and limit administrative rights. Many malware programs require administrative rights to the workstation and network to steal credentials. If your user permissions for online banking include administrative rights, don’t use those credentials for day-to-day processing.
• Use approval tools in cash management to create dual control on payments. Requiring two people to issue a payment – one to set up the transaction and a second to approve the transaction – doubles the chances of stopping a criminal from draining your account.
• Review or reconcile accounts online daily. The sooner you find suspicious transactions, the sooner the theft can be investigated.

Additional Resources

The following links are provided solely as a convenience to our Online Banking customers. Sherburne State Bank neither endorses nor guarantees in any way the organizations, services, or advice associated with these links. Sherburne State Bank is not responsible for the accuracy of the content found on these sites.

• Avoiding Online Scams: www.consumer.ftc.gov/articles/0060-10-things-you-can-do-avoid-fraud
• Avoiding Social Engineering and Phishing Attacks: www.us-cert.gov/cas/tips/ST04-014.html
• Computer Security: www.onguardonline.gov/articles/0009-computer-security
• Phishing: www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
• Phishing – Avoid the Bait: www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
• Consumer Advisories: www.ic3.gov/media/2010/WorkAtHome.pdf
• Consumer Threat Alerts: www.home.mcafee.com/consumer-threats-signup
• OCC Consumer Advisories: www.occ.treas.gov/news-issuances/consumer-advisories/index-consumer-advisories-all.html
• U.S. Cert: www.us-cert.gov/
• Stay Safe Online: www.staysafeonline.org/stay-safe-online