Examples of Financial Scams
- Phishing scammers. These scammers send out mass messages to as many people as they can, attempting
to trick them into giving out their confidential bank account information. Fraudulent emails have been
designed to look as if they came from Susquehanna, often including the company's logo. Consumers should
be aware that these are not legitimate messages from Susquehanna Bank, and they should not click on any
links in emails, call any toll-free numbers provided, or respond with any confidential financial or other
- A text message saying that the customer's account has been locked and giving a phone number to call
to have it restored.
- An offer of a reward if they fill out an online customer service survey. The email recipient would be
asked to enter their bank account information so the reward could be deposited.
- A claim that a company has initiated a monthly charge to the recipient's account; in order to stop the
charge, the recipient is directed to a website, where they'd be asked for their confidential account
- A warning that fraudulent emails are being sent out and the recipient's debit card has been
temporarily blocked as a security precaution. To re-activate the card, recipients are asked to call a
toll-free phone number, where they'd need to input their card information.
- A warning to be on the lookout for phishing scams where recipients are asked to click on a fraudulent
link and immediately login and report any unnoticed password changes, unauthorized withdrawals, and check
their account profile.
- A security notice advising customer that an unsecured PIN reset was recently attempted on their
account and then directing them to contact a toll-free number and input their card information.
Be aware: Many fraudulent emails provide clues they are illegitimate. Misspelled words, urgent appeals,
money offerings and unfamiliar return addresses are all signs of a fraudulent email. You should also be aware
fraudulent emails are becoming more creative and sophisticated, and often include a seemingly legitimate
business reason, such as a survey. Ironically, some even pretend they're trying to protect consumers from
fraud. However, eventually they get to the same point: asking customers to divulge confidential bank card or
account information, either online or by phone. That's the red flag that should stop you in your tracks!
Even if you don't see any obvious signs that an email is fraudulent, but you suspect it could be, contact
Here are some phishing examples:
Dear Valued Customers,
IMPORTANT NOTE : You are reciving this letter regarding a new user ID and Password Being assigned to
our customers , You should begin to use the new ID and Password after filling a small form please
Click Here Please take 2 minutes to update your information with us on files , Incase of delay your
online account can be suspended and limited access.
Dear Susquehanna Bank member,
We have changed your online account username and password because you have violated our Terms and
Conditions. Your account is now suspended.
New Login Information:
Please unsuspend and confirm your Online Account within 24 hours after reading this message. Ignoring
this message will result into account removal.
Unsuspend by clicking here.
Susquehanna is a regional financial services holding company with assets of approximately $14 billion.
It includes a commercial bank that provides financial services at more than 230 branch locations in the
Mid-Atlantic region. Through Susquehanna Wealth Management, the company offers investment, fiduciary,
brokerage, insurance, retirement planning and private banking services. Susquehanna also operates an
insurance and employee benefits company, a commercial finance company, and a vehicle leasing company.
Our extensive portfolio of financial products and services is managed locally to provide maximum value
to our customers and communities. We invite you to get to know us better through the information and
You have received this email because we have strong reason to believe that your Susquehanna Bank account
had been recently compromised. In order to prevent any fraudulent activity from occurring we are required
to open an investigation into this matter.
If your account informations is not updated within the next 12 hours, then will
assume this account is fraudulent and will be suspended. We apologize for this inconvenience,
but the purpose of this verification is to ensure that your Susquehanna Bank account has not fraudulently
used and to combat fraud. To speed up the process, you are required to verify your Susquehanna Bank
account by following the link below:
We apologize in advance for any inconvenience this may cause you and we would like to thank you for
cooperation as we review this matter.
Be wary of urgent appeals.
ADVISORY: Some members and non members of Susquehanna Bancshares have received fraudulent emails.
This email was NOT issued by Susquehanna Bancshares, and should be deleted. Do not follow the instructions
in the email. Do not click the link. For security reasons we have deactivated your debit card. Please
contact us at (800) 516-1453 to activate your debit card.
A fraudulent email masking a consumer alert. Be suspicious if the customer service number
does not match the one on your bank statement.
Scams Related to Online Customer Authentication
There are some online scams happening as banks like Susquehanna have begun Online Customer Authentication
features. Here are a couple variations to watch out for:
- You may receive an email saying that your account has been accessed from multiple computers and will be
shut down unless you click on a link, which then asks you to input your account number and password. If
you receive this type of email, it is a scam; delete it without clicking on the link or responding. We
already have that information, so we won't request it from you in an unsolicited email.
- In another variation, you may receive an email telling you that you need to click on a link to set up
"challenge questions" that the bank would then use to confirm your identity during any future suspicious
log-ins. Although our Online Customer Authentication feature does ask you to establish security questions
and answers, we ask you to do that only AFTER you've logged into Online Banking and confirmed your identity.
We wouldn't ask you to take that step through a link in an unsolicited email.
Is software used or programmed by fraudsters to disrupt computer operation, gather sensitive information, or
gain access to private computer systems. It can appear in the form of code, scripts, active content, and other
software. Malware, short for malicious software, is a general term used to refer to a variety of forms of
hostile or intrusive software.
Man in the Browser
Man in the browser is a security attack where the hacker installs a Trojan horse on a victim's computer that's
capable of modifying web transactions as they occur in real time, taking advantage of vulnerabilities in browser
security. A man in the browser attack, unlike phishing, occurs when the victim has entered the URL into the
browser independently, without an external prompt such as a link in an email. On the surface, transactions are
taking place normally with expected prompts and password requirements.
Phishing Scams Using Phones
There is a variant of traditional phishing scams that uses telephone calls (instead of email) to gather
confidential information. Customers may receive an automated phone call or an email saying their account or
debit card has been compromised and giving them a phone number to call to resolve the issue. When they call,
they reach an automated answering program that asks them for their account number (or debit card number) to
verify their account. Customers should not give confidential information in response to suspicious requests
like this. These types of phone-phishing scams, sometimes called "vishing," have become more common with the
increasing popularity of Voice over Internet Protocol (VoIP), which allows telephone calls to be made from
computers instead of from traditional phones.
Susquehanna customers should be aware of the potential for this variation of phishing. In this scam, customers
receive an email that says it's from a company that is acquiring their bank and asks for account numbers and
other data as part of the merger. Consumers may be susceptible to this scam if it mentions a merger that is
actually occurring. The Bank already has this type of information, and another bank doing an acquisition would
not need to ask individual customers for that data.
These phishers send out a survey, claiming that they represent a bank or another company. The survey may start
out with harmless questions to get you comfortable with responding, but then they ask for confidential
information. Often, people are told they will receive a gift certificate or other reward for participating.
This technique has been used over the phone in the past, but is now being used online as well.
Unlike phishing, scammers using a technique called "pharming" don't lure their victims with emails. Instead,
they install malicious software or use other techniques to re-direct a user to a fraudulent website – even
if the user types the correct address into their browser or uses an existing bookmark for their bank's
website. So how can users protect themselves? If you're going to enter confidential information on a website,
first check to be sure the site has a valid certificate from a service such as VeriSign®. Click on the
padlock icon in the browser's status bar to see the certificate, and check to be sure the name on the
certificate matches the website.
As always, customers should run anti-virus and anti-spyware software and update their computers with the
latest security patches and a firewall. If you notice something suspiciously different about the way your
online banking site is functioning, call the bank to verify that you are using the correct site.
Key logging software records everything that is typed on your computer, including password information, and
sends the information to an outside party. The unwanted software, sometimes referred to as "spyware,"
"adware" or "key logging software," usually infects a computer in the form of a virus attached to an
e-mail or other type of download. Many times, these downloads are bundled with free program offers. If
you click to install a free program and click "Agree" to the End User License Agreement without reading
it fully, you may be unknowingly granting permission to download spyware along with the free program.
Some signs that your PC may be infected by unwanted software include:
- A slowing of your computer, both offline and online.
- An unexpected increase in unsolicited e-mail or messages sent without your knowledge.
- Strange browser behavior, such as increased pop-ups or unexplained changes to your home page settings
and Web site favorites.
To lessen your risk of key logging, avoid downloading software from sources that you do not know and trust.
Also, make sure you have up-to-date antivirus protection installed on your PC. Antivirus software provides
protection against viruses that compromise your computer's security. Once installed, make sure you keep your
antivirus software updated.
Consumer Fraud Scams
For a list of fraudulent offers that consumers routinely receive, visit
Be on the lookout for scams like these or similar ones. Instead of responding, notify your local police
department or financial institution.
You receive a letter and a check, often a large amount, stating that you have won a lottery, usually one
in a country other than the United States. You are told to deposit the check and wire a portion of it back
to cover fees and/or taxes. If you follow the instructions, the check will turn out to be counterfeit, but
by the time it's returned, the criminal will already have the money you wired from your account. You will
have to pay back the full amount of the bogus check. It is against laws in the United States to participate
in a lottery in another country, so a letter saying you have won a foreign lottery is a scam.
Internet Purchase Scam
You offer to sell something online, and the buyer sends you a check for more than the purchase price you
agreed on. The buyer asks you to wire back the amount over the agreed-upon selling price. The buyer's
payment will turn out to be counterfeit, but by the time it's returned, he already has the money you wired
from your account. You are responsible to pay back the full amount of the bogus check. When selling or buying
on the Internet, only send or accept checks for the exact amount. Ask for cashier checks when possible.