• Personal Banking
• Business Services
• Real Estate
• Online Banking
  • Personal / Business Banking
  • Ecorp Banking
  • View Bill Pay Demo
• About Mother Lode Bank
  • Our Mission/Our Vision
  • History
  • Board of Directors
  • Senior Management Team
  • Audit Committee Charter
• Mother Lode Bank Locations
• Identity Protection
• Careers at Mother Lode Bank
• Rates
• Disclosures
  • Internet Banking Disclosure
  • Privacy Policy
  • Patriot Act
  • Regulation GG
• Shareholder News

SECURITY AWARENESS ALERT

OVERVIEW:

This security advisory discusses a sophisticated and highly effective phishing attack technique that is carried out while a user is in an active session with a secure banking, brokerage, or other sensitive web application.

DETAILS:

"Phishing" is by far the easiest way to steal log in credentials for accessing secure online accounts. Recently there has been evidence of a "next generation" of phishing attacks with a special focus that is being called "In-Session" attacks.

A typical attack scenario would occur as follows.
A user logs onto their online banking to perform some tasks. While still logged on the user begins to navigate to other websites or surf the web, look at email, etc. A short time later a popup appears, appearing that it is from the banking website, which asks the user to retype their username and password because the session has expired, or complete a customer satisfaction survey, or participate in a promotion, etc. Since the user had recently logged onto the banking website, he/she will likely not suspect this popup is fraudulent and thus provide the requested information which the bad guy has now "stolen" without the user knowing.

To protect yourself:

1. ALWAYS "Log Off" of any password protected website when you are finished with your transactions and only enter your user name and/or password on the log in screens.
2. Be extremely suspicious of popups that appear in a web session if you have not clicked on a hyperlink that would prompt you to enter the personal information.
3. Know that Mother Lode Bank does not ask for any personal information in a pop up.

If you should get a popup like explained above, or is suspicious in nature, report it to the company immediately.

Current Identity Theft Scams

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.

The subject line of the e-mails state: "you need to check your Bank Deposit Insurance Coverage." The e-mail tells recipients that, "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets." The e-mail then directs recipients to click on a link stating "You need to visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage."

This e-mail and associated Web site are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers and should not click on the link provided.

The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.