Fraud Alert

Keep Your Personal Information Safe

Banks, insurance agencies, retailers and credit card companies continue to be targeted with fraudulent phishing, spoofing, and scamming attacks. But you can reduce the chances of becoming a victim by remembering these tips.

Phishing attacks involve the mass distribution of spoofed e-mail messages with return addresses, links and branding which appear to come from a trusted organization. While we are unaware of any recent incidents involving Mission Valley Bank, or our clients—over the past few years, our customers (and those of other financial institutions) have reported receiving fraudulent e-mails that appear to be from our bank (and others).

Please be advised that use of our name and logo in these “phishing” schemes is done without our consent in an attempt to obtain sensitive, personal information. It’s important for our valued customers to know that Mission Valley Bank will NEVER send you an e-mail from This e-mail address is used only for incoming e-mails to the bank. Additionally, Mission Valley Bank will NEVER initiate a request for sensitive information such as your social security numbers, account numbers, or passwords from you via e-mail. To learn more about current online scams, visit the FTC website.

Reminder — Please remember to safeguard your personal information. Mission Valley Bank will never call or email you to verify your sensitive information or pass codes.

FTC Warns Small Businesses: Don’t Open Email Falsely Claiming to be from Federal Trade Commision

March 3, 2014

Warning Sign 03 03 14The Federal Trade Commission is warning small businesses that an email with a subject line “NOTIFICATION OF CONSUMER COMPLAINT” is not from the FTC. The email falsely states that a complaint has been filed with the agency against their company. The FTC advises recipients not to click on any of the links or attachments with the email. Clicking on the links may install a virus or other spyware on the computer.  (more...)

An Important message for our customers regarding the Target data breach.

December 26, 2013

We recommend you closely review the information provided in this letter for some important steps that you may take to protect yourself against potential misuse of your credit and debit information.

As reported in the news, Target reported a breach to their security that resulted in unauthorized access to Target payment card data. This includes both credit and debit cards used to make purchases in its stores from November 27, 2013 through December 15, 2013. Protecting customer and account information is a top priority for Mission Valley Bank that we take very seriously. As such, we are taking extra precautions to try and keep your accounts safe. Target Scam

If you made purchases at Target during the affected dates, we ask that you monitor your accounts more closely to look for unfamiliar purchases. Additionally, you can set up account alerts that will advise you when transactions over a certain dollar amount are presented against your account.

What you should know:

  • Mission Valley Bank customers have zero liability for fraudulent activity. That means you will not be liable for unauthorized transactions reported to the Bank.
  • We were informed that there wasn’t significant personally identifying information stolen such as Social Security numbers or addresses.
  • If you used your card during the time of the breach it is possible that fraud can occur. However, if you did not use your card at Target during this timeframe we do not have reason to believe your card was compromised.
  • If your card is identified as one at risk because of the security breach, you will be notified by the Bank and a new card reissued to you.
  • Whether you are notified, or not, it is a good idea to check your accounts and your credit reports to ensure no unauthorized transactions have occurred. You are entitled to one free copy of your credit report every year at .We will also be monitoring your accounts and notifying you of any suspicious activity.

We appreciate the inconvenience this has caused you and ask for your patience as we take the necessary precautions to protect your account from fraud.

If you have any questions or additional concerns please call us at 818.394.2300.

Don’t Get Taken by Wire Transfer Scams – from the FDIC Consumer News

November 22, 2013

Using a bank or a money transfer company to "wire" funds electronically is an easy and convenient way to send cash to someone. And when consumers wire money to people they know, the transaction typically takes place without a problem. But wiring money to strangersCyber Crime Nov eNews — in the U.S. but especially in another country — is risky because often they could be scam artists.

"Crooks like their victims to use wire transfers because the money moves fast and they can take the money and run before the victim discovers the truth," explained Michael Benardo, manager of the FDIC's Cyber Fraud and Financial Crimes Section. "Con artists also know that the transaction is difficult to reverse, and the money is difficult to get back. That's why they will use any tactic to convince people to wire money to a complete stranger."

How can you protect yourself against wire fraud? (more...)

Tips for Small Businesses to Combat Fraud

September 25, 2013

Cybercriminals are targeting small businesses with increasingly sophisticated attacks. Criminals use spoofed emails, malicious software and online social networks to obtain login credentials to businesses’ accounts, transfer funds fromi Stock Hacker w laptop the accounts and steal private information, a fraud referred to as “corporate account takeover.”

Combating account takeover is a shared responsibility between businesses and financial institutions. Bankers can explain the safeguards small businesses need and the numerous programs available that help ensure fund transfers, payroll requests and withdrawals are legitimate and accurate. Companies should train employees about safe internet use and the warning signs of this fraud, because they are the first line of defense.

As part of National Cyber Security Awareness Month coming in October, Mission Valley Bank offers small businesses these tips to help prevent account takeover: (more...)

Banking trojan hijacks SSL connections

July 3, 2011

Security researchers from Symantec warn of a new banking trojan capable of hijacking the SSL connections between browsers and online banking sites in a way that is hard to spot.

Variants of this malware, which Symantec detects as Trojan.Tatanarg, have been in circulation since last October, but its code is believed to be based on an older threat called W32.Spamuzle.

The trojan has a modular architecture, with separate components handling different tasks, and the functionality of most banking malware.

It can inject rogue HTML code into pages (man-in-the-browser attacks), disrupt antivirus software, uninstall other banking trojans and enable Windows remote access.

It also features a backdoor component through which attackers can issue commands to control the infected computers.

However, the most interesting functionality of this trojan is its ability to function as a proxy between browsers and SSL-secured websites.

This is achived by hijacking the legit SSL connection and establishing a new one on the browser end using a self-signed certificate.

Alerts are blocked and exceptions are added automatically in the browser making the attack almost transparent to users.

The HTTPS prefix is present, as is the padlock indicating a SSL connection. The only way for the user to realize he's not using his bank's certificate would be to manually check the issuer.

Tatanarg is one of several banking trojans that appeared since the crackdown on ZeuS-based cyberfraud operations last year. It seems that unhappy with the heat, criminal gangs have begun developing their own custom malware.

They also try to come up with innovative attack methods. Just last week, Trusteer reported about a trojan dubbed OddJob which forces browsers to keep sessions open after users think they successfuly logged out.

Users are advised to always keep their antivirus programs up to date to ensure they have the latest protection available. Also, if possible, online banking should be performed from a dedicated computer or a live cd.

Active Debit Card Scam!

May 21, 2011

Warning! There are several reports of an active debit card scram affecting multiple states. A recent onslaught of recorded telephone messages are being received by customers and non-customers of several banks informing the recipients that their debit card has experienced billing errors and has been deactivated. In order to reactive their debit card they are being instructed to provide their card information.

These calls are fraudulent. Neither Mission Valley Bank, nor any Bank, will call you and request information regarding your debit card number and PIN.

FDIC Special Alert: Email claiming to be from FDIC

April 29, 2011

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.

The e-mail appears to be sent from "" and includes a subject line that states: "FDIC: Your business account."

The e-mail is addressed to "Business Owners" and states "We have important information about your bank. Please click here to see information." It then states, "This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership."

This e-mail and link are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should not click on the link provided.

The FDIC does not issue unsolicited e-mails to consumers or business account holders.

FDIC Special Alert: Email claiming to be from FDIC

March 11, 2011

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.

The e-mail appears to be sent from "" and includes a subject line that states: "About your business account."

The e-mail is addressed to "Business Customers" and states "We have important information about insurance coverage of your business accounts." It then asks recipients to "Please click here to view details" and includes a hyper link to a Web site.

The e-mail says that it is from "Alyssa Williams, FDIC Insurance."

This e-mail and link are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should not click on the link provided.

The FDIC does not issue unsolicited e-mails to consumers or business account holders

FDIC Special Alert: Email claiming to be from FDIC

January 12, 2011

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that "in cooperation with the Department of Homeland Security, federal, state and local governments…" the FDIC has withdrawn deposit insurance from the recipient's account "due to account activity that violates the Patriot Act." It further states deposit insurance will remain suspended until identity and account information can be verified using a system called "IDVerify." If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient's computer.

This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.

The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to

For your reference, FDIC Special Alerts may be accessed from the FDIC's Web site at To learn how to automatically receive FDIC Special Alerts through e-mail, please visit

NACHA Phishing Alert: Email Claiming to be from NACHA

July 22, 2010

The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA. See sample below.

The subject line of the email states: “Unauthorized ACH Transaction.” The email includes a link that redirects the individual to a fake Web page and contains a link that is almost certainly an executable virus with malware. Do not click on the link. Both the email and the related website are fraudulent.

Be aware that phishing emails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.

NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.

If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.

Always use anti-virus software and ensure that the virus signatures are automatically updated.

Ensure that the computer operating systems and common software applications security patches are installed and current.

Be alert for different variations of fraudulent emails.

= = = = = Sample Email = = = = = =

From: Information
Sent: Thursday, July 22, 2010 8:27 AM
To: Doe, John
Subject: Unauthorized ACH Transaction

Dear bank account holder,

The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:

Unauthorized ACH Transaction Report


Copyright ©2009 by NACHA - The Electronic Payments Association

= = = = = = = = = = = = = = = = = = =

ZeuS Trojan Attack Spoofs IRS, Twitter, Youtube

June 18, 2010

In an effort to make our clients aware of security issues, we would like to inform you that we have been notified by Krebs on Security, in-depth security news and investigation, that criminals have launched a major e-mail campaign to deploy the infamous ZeuS Trojan, blasting out spam messages some variously disguised as fraud alerts from the Internal Revenue Service, Twitter account hijack warnings, and salacious videos. You might wish to notify your clients.

The fake IRS e-mails arrive with the tried-and-true subject line "Notice of Underreported Income" and encourage the recipient to click a link to review their tax statement. All of the latest e-mails use a variety of URL shortening services.

For additional information, go to

Online Banking, Bill Paying and Shopping: 10 Ways to Protect Your Money

February 19, 2010

Online banking, bill paying and shopping are conveniences that most people want to enjoy. And most of the time, high-tech transactions are completed quickly and without a glitch. However, just as with other transactions, in a small percentage of cases something goes wrong. That's why you need to take precautions against theft and errors.

In particular, even as banks and merchants tighten up security, Internet thieves devise new, sophisticated ways to trick consumers into sending money or into revealing information that can be used to commit fraud. "Today's Internet threats wear many different disguises, from fake Web sites to fraudulent text messages on cell phones," warned Michael Benardo, Chief of the FDIC's Cyber-Fraud and Financial Crimes Section. "That's why online consumers need to be aware that they may be targeted and they should always be on guard."

David Nelson, an FDIC fraud specialist, added: "Online fraud is an ongoing game of cat and mouse. Crooks continuously hunt for security holes, banks and merchants plug those holes, and then the criminals find new ones to slink through. But consumers play an important role in keeping crooks at bay by being aware of the potential risks, taking precautions and remaining vigilant."

FDIC Consumer News, which periodically issues guidance to consumers regarding online precautions they can take, offers our latest collection of top tips. Note: Not all financial institutions offer each product or service described here.

1. If you bank online, frequently check your deposit accounts and lines of credit to spot and report errors or fraudulent transactions, just as you should with traditional banking. "Your ability to monitor your accounts online has gotten easier, faster and more convenient now that banking by cell phone is starting to mature alongside banking online," said Michael Jackson, Associate Director of the FDIC's Technology Supervision Branch. "This is important, because the sooner you can detect a problem with a transaction, the easier it should be to fix."

Nelson suggested checking your accounts online about once or twice a week, but he also noted that "more and more banks are making it easier for their customers to keep an eye on their accounts electronically. For example, many banks offer e-mail or text message alerts when your balance falls below a certain level or when there is a transaction over a certain amount."

Federal laws generally limit your liability for unauthorized electronic funds transfers, especially if you report the problem to your financial institution within specified time periods, which will vary depending on the circumstances. A good rule of thumb is to check your statements promptly and report unauthorized transactions to your bank as soon as possible.

2. Never give your Social Security number, credit or debit card numbers, personal identification numbers (PINs) or any other confidential information in response to an unsolicited e-mail, text message or phone call, no matter who the source supposedly is. Chances are an "urgent" e-mail or phone call appearing to be from a government agency (such as the IRS or the FDIC), a bank, merchant or other well-known organization may be a scam attempting to trick consumers into divulging personal and account information. It's called "phishing," a high-tech variation of the concept of "fishing" for personal information.

Also watch out for phishing scams that involve bogus text messages sent to cell phones claiming that a bank account has been "blocked" and the recipient must call a certain number to fix the problem. If you make that call, you likely will be asked to enter your account number and PIN. The criminals can use this information to make counterfeit debit cards and drain your account.

"Real bankers and government officials don't contact people asking for this kind of information," said Benardo. "Your bank will already have your account numbers and only you should know your log-in credentials, and a government agency won't have a need for this information."

3. Don't open attachments or click on links in unsolicited e-mails from anyone you don't know or you otherwise aren't sure about. Sometimes these attachments or links can infect your computer with "spyware" that can change your security settings and record your keystrokes. "Spyware can secretly steal your passwords, bank or credit card numbers, and your answers to security questions like your mother's maiden name or your high school," Benardo advised. "Online thieves can use this information to log into your account, make changes and transfer money, leaving your bank account empty."

In one recent example, criminals sent out fake IRS e-mails warning recipients that they were being investigated for unreported income and asking them to click on an attachment for more information. The file launched a program that allowed hackers to install spyware and other unwanted programs on personal computers (PCs) to access bank accounts.

4. Watch out for sudden pop-up windows asking for personal information or warning of a virus. This is called "scareware" because it frightens people into providing information, downloading malicious software or paying for removal. If you get an e-mail or pop-up window saying your computer has a virus and it offers a program to clean your PC — and the warning window won't go away — your first step is to use the computer's "task manager" function and click "end task" or "force quit" to shut down the pop-up window. Scareware can be a nuisance to clean off your computer, so call your anti-virus software company if you need help.

5. Use a mix of security tools and procedures. "Staying safe online is like protecting your home with lighting, locks, alarms and fire extinguishers," explained Nelson. "You can't rely on just one layer of defense to protect you from all online threats."

At the top of the list of security tools to use — and keep updated — are anti-virus software to detect and block spyware and other malicious attacks, and a "firewall" to stop hackers from accessing your computer.

Even if your computer seems fine, Nelson said, schedule an automatic anti-virus scan to run at least once a week but preferably every day. Call or e-mail your anti-virus vendor right away if you get a warning message and you don't know what to do next.

Also consider these extra precautions as you use the Internet:

  • Don't log into your bank account while using public computers, such as at a library, or free wireless connections at coffee shops and similar places. Criminals often try to intercept Internet traffic, including passwords, from these locations.
  • Pay attention to the toolbars at the top of your screen. Current versions of the most popular Internet browsers and search engines often will indicate if you are visiting a suspicious Web site.
  • Choose "strong" user IDs and passwords that will be easy for you to remember but hard for hackers to guess. The strongest ones have a combination of letters, numbers and other characters, and are at least 10 characters long. For your online banking, choose IDs and passwords that are not the same as those you use for e-mails or social networking sites, just in case they get into the wrong hands. Also change your online banking password about every 90 days. And if you remove a computer virus from your PC, immediately change your password.
  • Have each person in your household bank and shop online and send e-mail through his or her own "standard user account." Not conducting these online activities through the computer's "administrator account" — the one that makes changes affecting all users — reduces the likelihood that a hacker can install unwanted programs on your PC. Limit the use of the administrator account to special tasks needed for your computer, such as adding or removing software and installing updates to your operating system.
  • Consider using a separate computer solely for online banking or shopping. A growing number of people are purchasing basic PCs and using them only for banking online and not Web browsing, e-mailing, social networking, playing games or other activities that increase the chances of downloading malicious software. You can also consider using an old PC for this limited purpose, but you should uninstall any software you no longer need and follow up with a scan of the entire PC to check for malicious software.
  • Only use security products from reputable companies. Nelson said one way to check out these products is by reading reviews from computer and consumer publications. "Look for a product that has high ratings for detecting problems and for providing tech support if your computer becomes infected," he said.

    Kathryn Weatherby, a fraud specialist at the FDIC, also cautioned that banks normally don't ask their customers to download software updates. "If you get an unsolicited request to update your banking software," she said, "independently verify it by calling your bank using a phone number from your bank statement, not the phone number that appears in the request, which could connect you to a scam operation instead of your bank."

6. Beware of check scams. With unemployment high, con artists are preying on people who need cash. One common check scam involves attractive offers — usually originating in e-mails or online job postings — involving part-time work from home. As the new "employee," you will be sent a check to deposit (which will be counterfeit) and told to forward cash from your own account (to the crooks). Another scam involves "mystery shopper" programs where the new hire is given fake money orders or checks and asked to wire funds to the criminals. And unlike electronic transfers that are covered by consumer protection laws, fraudulent check scams often leave consumers suffering the loss.

7. When shopping online, deal with reputable merchants and be wary of unbelievably low prices. "There is no guaranteed way to ensure that an online merchant you're unfamiliar with is reputable, but there are ways to avoid doing business with an unreliable one," cautioned Jeff Kopchik, an FDIC Senior Policy Analyst specializing in technology matters.

First, he said, ask your friends and family if they've had good experiences with a merchant you're considering using. "If people you know have used and can recommend an online merchant, that's a strong indicator," he added. Second, you may already know and like some online merchants from their retail outlets, mail order catalogues or other services. They are likely to be a safer bet than an unfamiliar merchant that doesn't list a physical address or a phone number on its Web site.

If you are uncertain about an online merchant, check with the Better Business Bureau Online ( You can also search online for complaints about the business. Similarly, if you have a problem with an online merchant, file a report with the Better Business Bureau. The Bureau will notify the merchant about your concern and ask you if the issue was resolved. A legitimate merchant will attempt to fix the problem, while a crooked company may have many unresolved issues.

8. Using a credit card generally offers more purchase protection than a debit card or other electronic forms of online payment. "Unlike paying with a debit card and the money being immediately transferred out of your account, with a credit card you generally have weeks to pay your bill," Kopchik said. "So if the merchant does not deliver as promised, you have time to dispute the transaction and even enlist the help of your credit card company." He also noted that federal law gives you certain rights, in areas such as dispute resolution, when buying with a credit card.

However, watch your budget when using your credit card to shop online. Kopchik said studies have shown that people spend more when they use a credit card instead of cash, a gift card or a debit card.

9. Be on guard against scams hiding behind online coupon offers. Web sites for legitimate coupons will only ask consumers to provide an e-mail address in order to use their service to search for online specials and discounts. Beware of any coupon site that asks for personal, financial or payment information, which can be misused by criminals.

10. Be careful if you download banking software onto a cell phone. Many cell phones called "smart phones" allow consumers to add computer-like features ranging from video games to "mobile" banking. But cell phone users need to be aware of an emerging threat from criminals selling malicious software for mobile banking, some even falsely displaying bank logos. "These applications may contain spyware, and downloading them could be giving a hacker access to your bank account or payment card information," reported Nelson.

His advice? "Only download mobile banking applications from a safe site, such as your wireless provider, phone manufacturer or your bank." When in doubt, he added, "contact your bank before downloading any banking applications to your cell phone."

To learn more, see Depositing Paper Checks Over the Internet and For More About Internet Commerce.

ABA Warns Bankers About Fraudulent E-Mail

January 27, 2010

The American Bankers Association has been alerted that someone or a group of individuals sending emails purporting to be from ABA are actually part of a scam commonly known as phishing. These con artists are sending emails asking people to click on a link for more information -- a popular technique to get financial information from the email recipient.

Phishing for financial information has been a long-standing practice. However, criminals are increasingly phishing for access to corporate, small business and government accounts and using that access to withdraw large sums of money from those accounts. Clicking on the link could enable fraudsters to download malicious software on to victims’ computers and steal bank passwords and other account information.

The emails inform recipients that an “unauthorized transaction” has been charged to their account using their “bank card.” The amount of the transactions is typically between $3,000 and $7,000. ABA would never contact a consumer and ask for financial information.

ABA is working with law enforcement to identify the source of the emails and to disrupt them. ABA offers the following advice to consumers, business and government organizations:

  • Never give out financial information in response to an unsolicited phone call, fax or email, no matter how official it may seem. If you are uncertain, call your financial institution or the organization that is purportedly contacting you using a phone number you know is safe.
  • If you have already responded to this type of call or email by providing financial information, contact your financial institution immediately to protect your account;
  • Be extremely cautious about clicking on links within unsolicited emails. When in doubt, contact the organization purportedly sending the email.
  • Inform the ABA about fraudulent phone calls and emails that use ABA’s name by sending an email to

Fraudulent Correspondence Claiming to Be From the FDIC

December 3, 2009

Fraudulent correspondence bearing the FDIC’s name continues to be mailed, faxed and e-mailed. This correspondence is being used in illegal schemes to collect sensitive personal information, such as bank account numbers, and to steal money and other assets.

View the Special Alert (PDF, 27KB)

NACHA Phishing Alert

November 12, 2009

Fiserv has been notified of a Phishing Alert from NACHA Member Communications. It appears that random individuals and/or companies may have received a falsified e-mail with the subject title "Rejected ACH Transaction". The e-mail appears to be from NACHA - The Electronic Payments Association and indicates that there is a problem with an ACH transaction they have originated. The e-mail includes a link which redirects the individual to a fraudulent web page which mimics the NACHA website and contains a link which is likely to include an executable virus with malware.


Below is a sample e-mail:

= = = = = Sample E-mail = = = = = =

From: []
Sent: Thursday, November 12, 2009 10:25 AM
To: Doe, John
Subject: Rejected ACH transaction, please review the transaction report

Dear bank account holder,

The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:

Unauthorized ACH Transaction Report (this is the how the link is presented)

Copyright ©2009 by NACHA - The Electronic Payments Association

= = = = = = = = = = == = = =

IMPORTANT: If you are a customer of Mission Valley Bank and have already responded to a suspicious e-mail, and provided any personal or sensitive information, please contact us immediately at (818) 394-2300.