Fraud Alert

Keep Your Personal Information Safe

Banks, insurance agencies, retailers and credit card companies continue to be targeted with fraudulent phishing, spoofing, and scamming attacks. But you can reduce the chances of becoming a victim by remembering these tips.

Phishing attacks involve the mass distribution of spoofed e-mail messages with return addresses, links and branding which appear to come from a trusted organization. While we are unaware of any recent incidents involving Mission Valley Bank, or our clients—over the past few years, our customers (and those of other financial institutions) have reported receiving fraudulent e-mails that appear to be from our bank (and others).

Please be advised that use of our name and logo in these “phishing” schemes is done without our consent in an attempt to obtain sensitive, personal information. It’s important for our valued customers to know that Mission Valley Bank will NEVER send you an e-mail from info@missionvalleybank.com. This e-mail address is used only for incoming e-mails to the bank. Additionally, Mission Valley Bank will NEVER initiate a request for sensitive information such as your social security numbers, account numbers, or passwords from you via e-mail. To learn more about current online scams, visit the FTC website.

Reminder — Please remember to safeguard your personal information. Mission Valley Bank will never call or email you to verify your sensitive information or pass codes.


Fraudulent Cashier’s Checks

May 21, 2014

ALERT

Mission Valley Bank has been informed that fraudulent cashier’s checks bearing the bank’s name and logo are in circulation.

The items carry the bank’s name and logo in the upper left hand corner as well as the address 28159 Avenue Stanford, Suite 190 – Valencia CA 91355. The lower left hand corner states “PAYABLE THROUGH BOKF.NA – EUFAULA, OK”.

To date, the items identified have been issued in various amounts and seem to be associated with a scam wherein victims are sent the fraudulent ‘Cashier’s Check’ and instructed to negotiate the item as part of an ‘evaluation’ (or similar request), directed to keep approximately $300.00 as ‘compensation’ and forward the remaining funds back to the originator. Be aware that the appearance of counterfeit / fraudulent items may be modified and variations of the appearance, dollar amount as well as the associated scam could be numerous.

If you are in possession of one of these fraudulent Cashier’s Checks – DO NOT NEGOTIATE the item.

Any information you have concerning this matter wherein the fraudulent item carries the Mission Valley Bank name or logo should be sent to info@missionvalleybank.com or contact the Compliance Department by calling (818) 394-2300.

New Scam – Done ‘Old School’

April 22, 2014

Police crime scene

From OnGaurdOnline.gov

In a recent twist, scam artists are using the phone to try to break into your computer. They call, claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need.

These scammers take advantage of your reasonable concerns about viruses and other threats. They know that computer users have heard time and again that it’s important to install security software. But the purpose behind their elaborate scheme isn’t to protect your computer; it’s to make money.

(more…)

The Heartbleed Bug

April 18, 2014

The Heartbleed BugWhat is the Heartbleed Bug?

Heartbleed is a flaw in the programming on secure websites that could put your personal information at risk, including passwords, credit card information and e-mails. The Heartbleed Bug is a defect in encryption technology – called Open SSL – used by most Web servers to secure users’ personal or financial information. It is behind many “https” sites that collect personal or financial information. Basically, it provides a secure connection when you are conducting a transaction or sending an e-mail online. Experts discovered the bug recently and warned that cybercriminals could exploit it to access visitors' personal data or to impersonate a website and collect even more information.

Am I affected?

Most active users of the Internet have likely been exposed, since a majority of websites – including Facebook, retail and even government sites – use the Open SSL software. But it is unknown whether any criminals have actually exploited the bug, and several major sites, like Amazon, have already installed patches. Most sites with an address beginning with “https” are vulnerable until the website operator fixes the bug and users change their passwords.

Is my bank account safe?

Yes, consumers are protected from unauthorized transactions. Let the bank know immediately if you suspect any unusual activity.  Banks use many different systems to protect customers’ information including rigorous security standards, encryption, and fraud detection software.

What can I do?

As always, it is a good idea to update your bank password every few months. Also, monitor your account regularly and report suspicious transactions to the bank immediately. Beware of phishing scams – or e-mails with malicious links – that will attempt to get additional sensitive information from you.

What are banks doing?

Banks are researching the possible impact of the Heartbleed Bug and are taking appropriate actions to ensure that it has no impact on their customers. Most Internet banking applications are not impacted by this bug. Most financial institutions have a special layer of security that prevents this type of exploit and some don’t use Open SSL at all.

What is Mission Valley Bank doing?

Since the announcement of the existence of the Heartbleed Bug on April 7, 2014 – Mission Valley Bank has been in close contact with our security experts and service providers, confirming that there are no vulnerabilities within our systems, or those of our vendors.  With that said – regardless of the safety of your communications and transactions with Mission Valley Bank, the Heartbleed Bug is a real threat to all of us that use the internet for anything from Facebook to shopping.

Security experts across the board are strongly advising that you change ALL of your passwords – particularly on those sites where you might have exchanged personal information, credit card numbers, or other sensitive data.  However, prior to changing your current passwords, verify that the site has already installed the necessary patches, or was not considered vulnerable to Heartbleed.  While changing your passwords does not guarantee that your information has not already been compromised, it is a simple step that improves your odds going forward (and as stated earlier, it is a sensible thing to do every few months to decrease your vulnerability to bugs and scammers).

If you would like more information about “Heartbleed” go to http://heartbleed.com/.

FTC Warns Small Businesses: Don’t Open Email Falsely Claiming to be from Federal Trade Commision

March 3, 2014

Warning Sign 03 03 14The Federal Trade Commission is warning small businesses that an email with a subject line “NOTIFICATION OF CONSUMER COMPLAINT” is not from the FTC. The email falsely states that a complaint has been filed with the agency against their company. The FTC advises recipients not to click on any of the links or attachments with the email. Clicking on the links may install a virus or other spyware on the computer.  (more…)

An Important message for our customers regarding the Target data breach.

December 26, 2013

We recommend you closely review the information provided in this letter for some important steps that you may take to protect yourself against potential misuse of your credit and debit information.

As reported in the news, Target reported a breach to their security that resulted in unauthorized access to Target payment card data. This includes both credit and debit cards used to make purchases in its stores from November 27, 2013 through December 15, 2013. Protecting customer and account information is a top priority for Mission Valley Bank that we take very seriously. As such, we are taking extra precautions to try and keep your accounts safe. Target Scam

If you made purchases at Target during the affected dates, we ask that you monitor your accounts more closely to look for unfamiliar purchases. Additionally, you can set up account alerts that will advise you when transactions over a certain dollar amount are presented against your account.

What you should know:

  • Mission Valley Bank customers have zero liability for fraudulent activity. That means you will not be liable for unauthorized transactions reported to the Bank.
  • We were informed that there wasn’t significant personally identifying information stolen such as Social Security numbers or addresses.
  • If you used your card during the time of the breach it is possible that fraud can occur. However, if you did not use your card at Target during this timeframe we do not have reason to believe your card was compromised.
  • If your card is identified as one at risk because of the security breach, you will be notified by the Bank and a new card reissued to you.
  • Whether you are notified, or not, it is a good idea to check your accounts and your credit reports to ensure no unauthorized transactions have occurred. You are entitled to one free copy of your credit report every year at www.annualcreditreport.com .We will also be monitoring your accounts and notifying you of any suspicious activity.

We appreciate the inconvenience this has caused you and ask for your patience as we take the necessary precautions to protect your account from fraud.

If you have any questions or additional concerns please call us at 818.394.2300.

Don’t Get Taken by Wire Transfer Scams – from the FDIC Consumer News

November 22, 2013

Using a bank or a money transfer company to "wire" funds electronically is an easy and convenient way to send cash to someone. And when consumers wire money to people they know, the transaction typically takes place without a problem. But wiring money to strangersCyber Crime Nov eNews — in the U.S. but especially in another country — is risky because often they could be scam artists.

"Crooks like their victims to use wire transfers because the money moves fast and they can take the money and run before the victim discovers the truth," explained Michael Benardo, manager of the FDIC's Cyber Fraud and Financial Crimes Section. "Con artists also know that the transaction is difficult to reverse, and the money is difficult to get back. That's why they will use any tactic to convince people to wire money to a complete stranger."

How can you protect yourself against wire fraud? (more…)

Tips for Small Businesses to Combat Fraud

September 25, 2013

Cybercriminals are targeting small businesses with increasingly sophisticated attacks. Criminals use spoofed emails, malicious software and online social networks to obtain login credentials to businesses’ accounts, transfer funds fromi Stock Hacker w laptop the accounts and steal private information, a fraud referred to as “corporate account takeover.”

Combating account takeover is a shared responsibility between businesses and financial institutions. Bankers can explain the safeguards small businesses need and the numerous programs available that help ensure fund transfers, payroll requests and withdrawals are legitimate and accurate. Companies should train employees about safe internet use and the warning signs of this fraud, because they are the first line of defense.

As part of National Cyber Security Awareness Month coming in October, Mission Valley Bank offers small businesses these tips to help prevent account takeover: (more…)

Banking trojan hijacks SSL connections

July 3, 2011

Security researchers from Symantec warn of a new banking trojan capable of hijacking the SSL connections between browsers and online banking sites in a way that is hard to spot.

Variants of this malware, which Symantec detects as Trojan.Tatanarg, have been in circulation since last October, but its code is believed to be based on an older threat called W32.Spamuzle.

The trojan has a modular architecture, with separate components handling different tasks, and the functionality of most banking malware.

It can inject rogue HTML code into pages (man-in-the-browser attacks), disrupt antivirus software, uninstall other banking trojans and enable Windows remote access.

It also features a backdoor component through which attackers can issue commands to control the infected computers.

However, the most interesting functionality of this trojan is its ability to function as a proxy between browsers and SSL-secured websites.

This is achived by hijacking the legit SSL connection and establishing a new one on the browser end using a self-signed certificate.

Alerts are blocked and exceptions are added automatically in the browser making the attack almost transparent to users.

The HTTPS prefix is present, as is the padlock indicating a SSL connection. The only way for the user to realize he's not using his bank's certificate would be to manually check the issuer.

Tatanarg is one of several banking trojans that appeared since the crackdown on ZeuS-based cyberfraud operations last year. It seems that unhappy with the heat, criminal gangs have begun developing their own custom malware.

They also try to come up with innovative attack methods. Just last week, Trusteer reported about a trojan dubbed OddJob which forces browsers to keep sessions open after users think they successfuly logged out.

Users are advised to always keep their antivirus programs up to date to ensure they have the latest protection available. Also, if possible, online banking should be performed from a dedicated computer or a live cd.

Active Debit Card Scam!

May 21, 2011

Warning! There are several reports of an active debit card scram affecting multiple states. A recent onslaught of recorded telephone messages are being received by customers and non-customers of several banks informing the recipients that their debit card has experienced billing errors and has been deactivated. In order to reactive their debit card they are being instructed to provide their card information.

These calls are fraudulent. Neither Mission Valley Bank, nor any Bank, will call you and request information regarding your debit card number and PIN.

FDIC Special Alert: Email claiming to be from FDIC

April 29, 2011

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.

The e-mail appears to be sent from "alert@fdic.gov" and includes a subject line that states: "FDIC: Your business account."

The e-mail is addressed to "Business Owners" and states "We have important information about your bank. Please click here to see information." It then states, "This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership."

This e-mail and link are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should not click on the link provided.

The FDIC does not issue unsolicited e-mails to consumers or business account holders.

FDIC Special Alert: Email claiming to be from FDIC

March 11, 2011

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.

The e-mail appears to be sent from "accounts@fdic.gov" and includes a subject line that states: "About your business account."

The e-mail is addressed to "Business Customers" and states "We have important information about insurance coverage of your business accounts." It then asks recipients to "Please click here to view details" and includes a hyper link to a Web site.

The e-mail says that it is from "Alyssa Williams, FDIC Insurance."

This e-mail and link are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should not click on the link provided.

The FDIC does not issue unsolicited e-mails to consumers or business account holders

FDIC Special Alert: Email claiming to be from FDIC

January 12, 2011

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that "in cooperation with the Department of Homeland Security, federal, state and local governments…" the FDIC has withdrawn deposit insurance from the recipient's account "due to account activity that violates the Patriot Act." It further states deposit insurance will remain suspended until identity and account information can be verified using a system called "IDVerify." If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient's computer.

This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.

The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

For your reference, FDIC Special Alerts may be accessed from the FDIC's Web site at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

NACHA Phishing Alert: Email Claiming to be from NACHA

July 22, 2010

The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA. See sample below.

The subject line of the email states: “Unauthorized ACH Transaction.” The email includes a link that redirects the individual to a fake Web page and contains a link that is almost certainly an executable virus with malware. Do not click on the link. Both the email and the related website are fraudulent.

Be aware that phishing emails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.

NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.

If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.

Always use anti-virus software and ensure that the virus signatures are automatically updated.

Ensure that the computer operating systems and common software applications security patches are installed and current.

Be alert for different variations of fraudulent emails.

= = = = = Sample Email = = = = = =

From: Information
Sent: Thursday, July 22, 2010 8:27 AM
To: Doe, John
Subject: Unauthorized ACH Transaction

Dear bank account holder,

The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:

Unauthorized ACH Transaction Report

------------------------------------------------------------------

Copyright ©2009 by NACHA - The Electronic Payments Association

= = = = = = = = = = = = = = = = = = =

ZeuS Trojan Attack Spoofs IRS, Twitter, Youtube

June 18, 2010

In an effort to make our clients aware of security issues, we would like to inform you that we have been notified by Krebs on Security, in-depth security news and investigation, that criminals have launched a major e-mail campaign to deploy the infamous ZeuS Trojan, blasting out spam messages some variously disguised as fraud alerts from the Internal Revenue Service, Twitter account hijack warnings, and salacious Youtube.com videos. You might wish to notify your clients.

The fake IRS e-mails arrive with the tried-and-true subject line "Notice of Underreported Income" and encourage the recipient to click a link to review their tax statement. All of the latest e-mails use a variety of URL shortening services.

For additional information, go to http://krebsonsecurity.com/2010/06/zeus-trojan-attack-spoofs-irs-twitter-youtube/.

Online Banking, Bill Paying and Shopping: 10 Ways to Protect Your Money

February 19, 2010

Online banking, bill paying and shopping are conveniences that most people want to enjoy. And most of the time, high-tech transactions are completed quickly and without a glitch. However, just as with other transactions, in a small percentage of cases something goes wrong. That's why you need to take precautions against theft and errors.

In particular, even as banks and merchants tighten up security, Internet thieves devise new, sophisticated ways to trick consumers into sending money or into revealing information that can be used to commit fraud. "Today's Internet threats wear many different disguises, from fake Web sites to fraudulent text messages on cell phones," warned Michael Benardo, Chief of the FDIC's Cyber-Fraud and Financial Crimes Section. "That's why online consumers need to be aware that they may be targeted and they should always be on guard."

David Nelson, an FDIC fraud specialist, added: "Online fraud is an ongoing game of cat and mouse. Crooks continuously hunt for security holes, banks and merchants plug those holes, and then the criminals find new ones to slink through. But consumers play an important role in keeping crooks at bay by being aware of the potential risks, taking precautions and remaining vigilant."

FDIC Consumer News, which periodically issues guidance to consumers regarding online precautions they can take, offers our latest collection of top tips. Note: Not all financial institutions offer each product or service described here.

1. If you bank online, frequently check your deposit accounts and lines of credit to spot and report errors or fraudulent transactions, just as you should with traditional banking. "Your ability to monitor your accounts online has gotten easier, faster and more convenient now that banking by cell phone is starting to mature alongside banking online," said Michael Jackson, Associate Director of the FDIC's Technology Supervision Branch. "This is important, because the sooner you can detect a problem with a transaction, the easier it should be to fix."

Nelson suggested checking your accounts online about once or twice a week, but he also noted that "more and more banks are making it easier for their customers to keep an eye on their accounts electronically. For example, many banks offer e-mail or text message alerts when your balance falls below a certain level or when there is a transaction over a certain amount."

Federal laws generally limit your liability for unauthorized electronic funds transfers, especially if you report the problem to your financial institution within specified time periods, which will vary depending on the circumstances. A good rule of thumb is to check your statements promptly and report unauthorized transactions to your bank as soon as possible.

2. Never give your Social Security number, credit or debit card numbers, personal identification numbers (PINs) or any other confidential information in response to an unsolicited e-mail, text message or phone call, no matter who the source supposedly is. Chances are an "urgent" e-mail or phone call appearing to be from a government agency (such as the IRS or the FDIC), a bank, merchant or other well-known organization may be a scam attempting to trick consumers into divulging personal and account information. It's called "phishing," a high-tech variation of the concept of "fishing" for personal information.

Also watch out for phishing scams that involve bogus text messages sent to cell phones claiming that a bank account has been "blocked" and the recipient must call a certain number to fix the problem. If you make that call, you likely will be asked to enter your account number and PIN. The criminals can use this information to make counterfeit debit cards and drain your account.

"Real bankers and government officials don't contact people asking for this kind of information," said Benardo. "Your bank will already have your account numbers and only you should know your log-in credentials, and a government agency won't have a need for this information."

3. Don't open attachments or click on links in unsolicited e-mails from anyone you don't know or you otherwise aren't sure about. Sometimes these attachments or links can infect your computer with "spyware" that can change your security settings and record your keystrokes. "Spyware can secretly steal your passwords, bank or credit card numbers, and your answers to security questions like your mother's maiden name or your high school," Benardo advised. "Online thieves can use this information to log into your account, make changes and transfer money, leaving your bank account empty."

In one recent example, criminals sent out fake IRS e-mails warning recipients that they were being investigated for unreported income and asking them to click on an attachment for more information. The file launched a program that allowed hackers to install spyware and other unwanted programs on personal computers (PCs) to access bank accounts.

4. Watch out for sudden pop-up windows asking for personal information or warning of a virus. This is called "scareware" because it frightens people into providing information, downloading malicious software or paying for removal. If you get an e-mail or pop-up window saying your computer has a virus and it offers a program to clean your PC — and the warning window won't go away — your first step is to use the computer's "task manager" function and click "end task" or "force quit" to shut down the pop-up window. Scareware can be a nuisance to clean off your computer, so call your anti-virus software company if you need help.

5. Use a mix of security tools and procedures. "Staying safe online is like protecting your home with lighting, locks, alarms and fire extinguishers," explained Nelson. "You can't rely on just one layer of defense to protect you from all online threats."

At the top of the list of security tools to use — and keep updated — are anti-virus software to detect and block spyware and other malicious attacks, and a "firewall" to stop hackers from accessing your computer.

Even if your computer seems fine, Nelson said, schedule an automatic anti-virus scan to run at least once a week but preferably every day. Call or e-mail your anti-virus vendor right away if you get a warning message and you don't know what to do next.

Also consider these extra precautions as you use the Internet:

  • Don't log into your bank account while using public computers, such as at a library, or free wireless connections at coffee shops and similar places. Criminals often try to intercept Internet traffic, including passwords, from these locations.
  • Pay attention to the toolbars at the top of your screen. Current versions of the most popular Internet browsers and search engines often will indicate if you are visiting a suspicious Web site.
  • Choose "strong" user IDs and passwords that will be easy for you to remember but hard for hackers to guess. The strongest ones have a combination of letters, numbers and other characters, and are at least 10 characters long. For your online banking, choose IDs and passwords that are not the same as those you use for e-mails or social networking sites, just in case they get into the wrong hands. Also change your online banking password about every 90 days. And if you remove a computer virus from your PC, immediately change your password.
  • Have each person in your household bank and shop online and send e-mail through his or her own "standard user account." Not conducting these online activities through the computer's "administrator account" — the one that makes changes affecting all users — reduces the likelihood that a hacker can install unwanted programs on your PC. Limit the use of the administrator account to special tasks needed for your computer, such as adding or removing software and installing updates to your operating system.
  • Consider using a separate computer solely for online banking or shopping. A growing number of people are purchasing basic PCs and using them only for banking online and not Web browsing, e-mailing, social networking, playing games or other activities that increase the chances of downloading malicious software. You can also consider using an old PC for this limited purpose, but you should uninstall any software you no longer need and follow up with a scan of the entire PC to check for malicious software.
  • Only use security products from reputable companies. Nelson said one way to check out these products is by reading reviews from computer and consumer publications. "Look for a product that has high ratings for detecting problems and for providing tech support if your computer becomes infected," he said.

    Kathryn Weatherby, a fraud specialist at the FDIC, also cautioned that banks normally don't ask their customers to download software updates. "If you get an unsolicited request to update your banking software," she said, "independently verify it by calling your bank using a phone number from your bank statement, not the phone number that appears in the request, which could connect you to a scam operation instead of your bank."

6. Beware of check scams. With unemployment high, con artists are preying on people who need cash. One common check scam involves attractive offers — usually originating in e-mails or online job postings — involving part-time work from home. As the new "employee," you will be sent a check to deposit (which will be counterfeit) and told to forward cash from your own account (to the crooks). Another scam involves "mystery shopper" programs where the new hire is given fake money orders or checks and asked to wire funds to the criminals. And unlike electronic transfers that are covered by consumer protection laws, fraudulent check scams often leave consumers suffering the loss.

7. When shopping online, deal with reputable merchants and be wary of unbelievably low prices. "There is no guaranteed way to ensure that an online merchant you're unfamiliar with is reputable, but there are ways to avoid doing business with an unreliable one," cautioned Jeff Kopchik, an FDIC Senior Policy Analyst specializing in technology matters.

First, he said, ask your friends and family if they've had good experiences with a merchant you're considering using. "If people you know have used and can recommend an online merchant, that's a strong indicator," he added. Second, you may already know and like some online merchants from their retail outlets, mail order catalogues or other services. They are likely to be a safer bet than an unfamiliar merchant that doesn't list a physical address or a phone number on its Web site.

If you are uncertain about an online merchant, check with the Better Business Bureau Online (www.bbbonline.com). You can also search online for complaints about the business. Similarly, if you have a problem with an online merchant, file a report with the Better Business Bureau. The Bureau will notify the merchant about your concern and ask you if the issue was resolved. A legitimate merchant will attempt to fix the problem, while a crooked company may have many unresolved issues.

8. Using a credit card generally offers more purchase protection than a debit card or other electronic forms of online payment. "Unlike paying with a debit card and the money being immediately transferred out of your account, with a credit card you generally have weeks to pay your bill," Kopchik said. "So if the merchant does not deliver as promised, you have time to dispute the transaction and even enlist the help of your credit card company." He also noted that federal law gives you certain rights, in areas such as dispute resolution, when buying with a credit card.

However, watch your budget when using your credit card to shop online. Kopchik said studies have shown that people spend more when they use a credit card instead of cash, a gift card or a debit card.

9. Be on guard against scams hiding behind online coupon offers. Web sites for legitimate coupons will only ask consumers to provide an e-mail address in order to use their service to search for online specials and discounts. Beware of any coupon site that asks for personal, financial or payment information, which can be misused by criminals.

10. Be careful if you download banking software onto a cell phone. Many cell phones called "smart phones" allow consumers to add computer-like features ranging from video games to "mobile" banking. But cell phone users need to be aware of an emerging threat from criminals selling malicious software for mobile banking, some even falsely displaying bank logos. "These applications may contain spyware, and downloading them could be giving a hacker access to your bank account or payment card information," reported Nelson.

His advice? "Only download mobile banking applications from a safe site, such as your wireless provider, phone manufacturer or your bank." When in doubt, he added, "contact your bank before downloading any banking applications to your cell phone."

To learn more, see Depositing Paper Checks Over the Internet and For More About Internet Commerce.

IMPORTANT: If you are a customer of Mission Valley Bank and have already responded to a suspicious e-mail, and provided any personal or sensitive information, please contact us immediately at (818) 394-2300.