Savings Accounts-CDs Checking Accounts Loans
About Us Personal Banking Commercial Banking Investor Relations ATM Office Locator
Heritage Mortgage Services Heritage Bank Wealth Management Online Security


Heritage Bank: Online Security

Online Fraud

About Identity Theft

Identity theft or identity fraud occurs when someone steals your personal or business information to obtain credit, credit cards from banks and retailers, steal money from the victim’s existing accounts, apply for loans, establish accounts with utility companies, rent an apartment, file bankruptcy or obtain a job using the victim’s name and identity.


Internet thieves are "phishing" (fishing) for confidential information. Fraudulent emails, appearing to be from a trusted source such as your bank, or a government agency, direct you to websites. Once there, you are asked to verify personal information such as name, account and credit card numbers and passwords. These sites are often designed to look exactly like the site they are imitating.

How To Protect Yourself

If you receive an email that warns you, with little or no notice, that your account will be shut down unless you reconfirm certain information, do not click on the email link. Instead, use a phone number or enter the web address yourself. Clicking on the link that looks legitimate may in fact direct you to a fraudulent website where crooks will steal your personal information. Remember, your bank or a government agency will never send you an alert asking you to disclose your personal information.

Before submitting any financial information to a legitimate website, look for the "lock" icon on the browser status bar, or look for "https" in the web address. Both are indications that the information is secure and encrypted during transmission.

Report suspicious activity to the FTC (see resources section at bottom).


Web spoofing allows an attacker to create a "shadow copy" of a legitimate website. Access to the shadow web is funneled through the attacker's machine, allowing the attacker to monitor all of the victim's activities, including any passwords or account numbers the victim enters. The attacker can also cause false or misleading data to be sent to web servers in the victim's name, or to the victim in the name of any web server. In spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by "spoofing" the address of that machine. Phishing and spoofing often go hand-in-hand in Internet fraud.

How To Protect Yourself

Be wary of unsolicited or unexpected emails from all sources.

If an unsolicited email arrives, treat it as you would a phishing source.

Identity Theft Frauds

Internet fraudsters often use identity theft as a starting point for larger crimes. In one case, criminals obtained the names and social security numbers of military personnel then used them to apply to a bank over the Internet for credit cards. In another case, stolen personal data was used to submit car loan applications online.

How To Protect Yourself

Keep a close eye on your account activity at your bank, either through statements or using online services. Report anything that looks suspicious.

Your personal information can be obtained by "phishing", "spoofing" or the old fashioned way - dumpster diving. Make sure your unused checks, bills and statements are shredded before discarding.

General Tips

Don't Judge By Initial Appearances. Just because something appears on the Internet - no matter how impressive or professional the website looks - doesn't mean it's real. The ready availability of software that allows anyone at minimal cost to, set up a professional-looking website means that criminals can make their websites look as impressive as those of legitimate businesses, banks or government agencies.

Be Careful About Giving Out Personal Data Online. If you receive emails from someone you don't know asking for personal data - don't send the data without knowing more about who's asking. While secure transactions with known e-commerce sites should be safe, especially if you use a credit card, non-secure messages to both known and unknown recipients are not safe.

Be Especially Wary Of Emails Concealing Their True Identity. If someone sends you an email using a mail header that has no useful identifying data (e.g.,, that may be an indication that the person is hiding something and is not legitimate.

Review Credit Card and Account Statements as soon as you receive them to determine whether there are any unauthorized charges or suspicious charges/transactions. If your statement is late by more than a few days, call your credit card company or bank to confirm your billing address/account balance and determine whether they have mailed your statement.

Watch Out For "Advanced-Fee" Demands. Look carefully at any online seller of goods or services that wants you to send checks or money orders immediately to a post office box before you receive the goods or services you've been promised.