Archive | Security RSS for this section

Positive Pay a Positive Experience for One Customer

Check Fraud Averted!positivepay

Check fraud continues to rise as more are attempting it due to the increased difficulty of credit card fraud with the introduction of the chip technology. CNB’s business customers have the option of using a software program called Positive Pay, which reviews daily all the checks a business writes to match the amount of the check, payee information and check number. If any items are a mismatch, they’re placed on a report for the business to review and approve or deny prior to the check being cashed. One customer, Anderson Tractor Supply, had previously had check fraud and when Positive Pay became available they signed up. They were glad they had when a recent review of their report showed 2 checks for $900 each that they had not written. The check stock looked similar and the business information printed on the checks was all the correct information. By denying those checks, they were able to save $1,800 in fraudulent check activity and maintain peace of mind that they have an extra layer of protection by using the Positive Pay service.

If your business writes checks, consider the Positive Pay service for assurance against check criminals. We offer packages based upon the size of your business and your checking activity. Call CNB’s Cash Management department today to learn more – 1-800-262-4663, or email

– See more at:

DocuSign – a Recent Phishing Scam

phishing computer data stealDocuSign, a reputable firm known for being the industry-leader in online documentation distribution and signing, was recently a victim of a phishing attack. During the week of May 8 and again the week of May 15, DocuSign detected an increase in phishing emails sent to some of its customers and users. The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software. The emails may come from or something similar and Subject Lines may reference a completed wire transfer or complete accounting invoice. The company was able to determine a third party had gained temporary access to their non-core system which allowed them access to email addresses for customers with DocuSign accounts. The good news is no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. The bad news is for those who received the spoofed emails, clicked on the link to open the Word document and allowed the macro to run. Their computers are now infected, limiting access to their information or they may even be asked to pay money to unlock access to their computer files.

This case once again highlights the importance of being wary of opening emails and especially clicking hyperlinks from within emails that you aren’t familiar with or weren’t expecting. Be sure to educate your family and employees about the possible consequences of clicking on the wrong link and encourage them to thoroughly review the email account it comes from, type the url for a link into a browser if possible vs. clicking on a link within an email and not opening attachments from sources they weren’t expecting to receive.

If you have a DocuSign account and would like to keep informed about the progress of the investigation, follow them on Twitter @askdocusign, or check out

– See more at:


Positive Pay – Put Your Business in Control of Check Fraud

If your business writes checks, you’re at risk for check fraud. Citizen National Bank’s Positive Pay program can help protect you from the potential loss of funds from this growing problem. This online tool is easy to use, requiring just minutes a day to set parameters for checks processing through the business account. Watch this video to see why Larry Webb of Webb Insurance in Lima chose the Positive Pay program and the peace of mind he has knowing safeguards are in place to protect his business.

Debt Consolidation Scam Costs Customer $1,000’s

Financial scamWe recently had a customer who was a victim of a debt consolidation scam. She was contacted by phone from a company (BPT Funding, Inc.) claiming to specialize in debt consolidation and offering to help lower her monthly payments by paying smaller balances off with a cash advance from Discover. A three way conference call was held between the customer, the fraudulent company and Discover where she was approved for the amount needed to pay off the balances. Discover transferred the funds to her checking account. She made a personal check out for that amount to the fraudulent company who offered to take care of paying all her balances off for her. Unfortunately, her bills kept coming and nothing had been paid off.

After attempting to contact them after 90 days, the phone number she’d been given no longer worked, the company had no website and the only address she had for them was a PO Box number. She now owes the original amounts on her credit cards, as well as the additional funds she had taken as a cash advance from Discover, and the fraudster is $11,000 richer.

If you receive a phone call from a company offering services of any kind, be sure to research them well before offering any information. Check out their website, be sure they have a physical location and customer references. Also, check them out on the Better Business Bureau website to see if any complaints have been lodged against them. If possible, consider a local company that offers the same services in order to be assured of access to a physical location and someone you can speak with in person vs. just over the phone.

– See more at:


Gone Phishing? Fraudsters Use Email Effectively

phishingPhishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. This is not a new scheme, but it continues to be an effective one. According to Wombat Security, 85% of organizations have suffered phishing attacks and 30% of those emails get opened. According to Verizon, the number one delivery vehicle for malware is email attachments and the simple act of clicking a link in an email can leave your company exposed to dangerous activity on your network.

The easiest solution? Educate your employees to never click on links within emails that they don’t trust or weren’t expecting to receive. Attachments should only be downloaded from reputable sources. If possible type the URL you want to view into a browser rather than clicking the link provided in the email. Anything that requests personal information is most likely a scam. Reputable companies will not ask for sensitive information through insecure channels such as email.

Phishing emails are often written to make you feel threatened or scare you into providing information. Messages such as “Our records indicate that your account was overcharged. You must call us within 7 days to receive a refund,” provide a level of urgency that you feel you must address. It’s important to not take the bait and click on any links or call provided phone numbers that might open you up to providing personal information that can be used against you.

The Federal Trade Commission offers tips for dealing with phishing scams, action steps to take to avoid phishing attacks and how to report phishing emails on its website. Check it out to get better educated and remember always, “Think before you click!”

– See more at:

Tax-Related Identity Theft

Computer hacker stealing information with laptopInformation provided by the Federal Trade Commission (

Tax-related identity theft occurs when an identity thief has used your social security number to get a tax refund or a job. Unfortunately, it may be several months later that you realize it has happened when you are notified by the IRS that you were paid by an employer you don’t know or that more than one tax return was filed using your social security number. It’s important to note that the IRS will never send an email, text or social media message that asks for personal financial information. Notification would always come in the form of a letter. If you do receive an email that claims to be from the IRS, do not reply or click any links. Instead, forward it to

If you do receive an official notice from the IRS that alerts you to potential identity theft, visit to report it and begin the recovery process. Contact the IRS immediately if you think someone has used your SSN for a tax refund or a job (toll free 1-800-908-4490). Specialists will work with you to get your tax return filed, get you any refund you are due, and protect your IRS account from identity thieves in the future. After you contact the IRS, it’s important to limit the potential damage from identity theft by putting a fraud alert on your credit reports, ordering your credit reports for review and creating an Identity Theft Report by filing a complaint with the Federal Trade Commission (FTC) and filing a police report.

To learn more about this serious problem and what steps you can take to protect yourself, visit

– See more at:

Tax Scammers Might Target You: Here’s What to Do

logoProvided by the Consumer Federal Trade Commission

It’s that time of year — tax time. It’s also a great time to get up to speed on tax-related scams. Here are two ways tax scammers might target you and what you can do about it:

Tax identity theft

This kind of identity theft happens when someone files a fake tax return using your personal information — like your Social Security number — to get a tax refund. Tax identity theft also happens when someone uses your Social Security number to get a job. You find out about it when you get a letter from the IRS saying:

  • more than one tax return was filed in your name
  • IRS records show wages from an employer you don’t know

If you get a letter like this, contact the IRS Identity Protection Specialized Unit at 800-908-4490. You can find more about tax identity theft at and

IRS imposter scams

This time scammers aren’t pretending to be you — they’re posing as the IRS. They call you up saying you owe taxes, and threaten to arrest you if you don’t pay right away. They might know all or part of your Social Security number, and they can rig caller ID to make it look like the call is coming from Washington, DC – when it could be coming from anywhere. Leaving you no time to think, they tell you to put the money on a prepaid debit card and tell them the card number right away.

The real IRS won’t ask you to pay with prepaid debit cards or wire transfers, and won’t ask for a credit card number over the phone. When the IRS contacts people about unpaid taxes, they usually do it by mail. You can report IRS imposter scams to the Treasury Inspector General for Tax Administration (TIGTA) online or at 800-366-4484, and to the FTC at

Visit is the federal government’s one-stop resource to help you report and recover from identity theft. You can report identity theft, get step-by-step advice, sample letters, and your FTC Identity Theft Affidavit. These resources will help you fix problems caused by the identity theft.