Find out how we protect you, and how you can help protect yourself by recognizing and reporting fraudulent activity.
Browsing the Internet
When browsing the Internet, remember to look for secure web pages when entering your password or financial information. Most secure web pages begin with https:// and display a padlock icon in the bottom right corner of the browser window. A locked padlock, or a key, indicates a secure connection and an unlocked padlock, or a broken key, indicates an unsecured connection. If this is not apparent, you can review the Properties of the web page to verify that it is secure. If you are not using Internet Explorer, consult the Help Option or Properties on your browser to determine the security of web pages on your system.
It is important to be cautious and do research before divulging personal information. Below please review a few common frauds/scams prevalent today.
- Create a strong unique Online Banking password. Select a password that is hard to guess by using random letters, numbers, and symbols. Do not use a word that can be found in the dictionary and do not use readily identifiable information such as your name, birth date, or child's name.
- Do not share your password with anyone else. Keep your password secure.
- Do not use the Save Password option on your computer.
- Change your password regularly. We recommend changing your password every 60 to 90 days.
- Signoff when you have finished your online banking session.
- Run a variety of reputable anti-malware programs on the computer you use to conduct online banking transactions. Schedule full system virus scans at least once per week.
- Use a current Internet browser with 128 bit encryption.
- Update your computer frequently for software updates and patches, especially for the operating system, internet browser, and add-on programs.
- Use personal firewall software or ensure the firewall is enabled on your home wireless router.
- Enable security on your home wireless router.
- Avoid clicking on links or downloading software from unverified or unknown sources.
- Educate yourself on good cyber security practices and how to avoid having malware installed on a computer and how to avoid phishing attacks. Helpful links are provided below.
Mobile Device Security
- When purchasing a smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device.
- Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user's personal data in the case of loss or theft.
- With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application.
- Review and understand the permissions you are giving when you download applications.
- Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity.
- Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.
- Be aware of applications that enable geo-location. The application will track the user's location anywhere. This application can be used for marketing, but can also be used by malicious actors, raising concerns of assisting a possible stalker and/or burglaries.
- Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device. Anytime an application or service runs in "unrestricted" or "system" level within an operation system, it allows any compromise to take full control of the device.
- If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.
- Smartphones require updates to run applications and firmware. If users neglect this, it increases the risk of having their device hacked or compromised.
- Use the same precautions on your mobile phone as you would on your computer when using the Internet.
Business Best PracticesWhat you should know about business email fraud and online fraud.
Hackers perpetrate scams in many ways. A common way is to send fraudulent email appearing to be from a known source (an executive of your company or a client, for example) requesting bank transactions or other financial information. Hackers can also fabricate or steal an email address and use it to invite you to click on a link to a bogus website. If you follow the email instructions from a fraudster or provide confidential information, such as your user ID, password, account number, or tax ID number, then online fraud can take place, potentially putting you and your company at risk.
By proactively enhancing your company’s security, you can reduce the risk of email fraud and online fraud and minimize threats.
- Safeguard your company’s online access and password.
- Create passwords that are not easily guessed. Avoid using personal information, such as your last name or birthday.
- Use different user ID and passwords for multiple websites.
- Don’t record or save passwords, IDs, or other sensitive information on your computer.
- Don’t share your passwords or other login credentials with anyone.
- Don’t share company user IDs. Each user must have a unique user ID and password.
- Remind users to change their passwords frequently.
- Log out or lock your computer when you are away from your workstation.
- Avoid using automatic login features that save usernames and passwords for online banking.
- Never access bank, brokerage or other financial services information at Internet cafes, public libraries, etc. Unauthorized software may have been installed to trap account number and sign on information leaving you vulnerable to possible fraud.
Maintain internal controls and policies.
Maintain appropriate internal controls, including segregation of duties, and periodically review them. For example, require one user to set up or initiate payments and another to approve the payments. Make sure to delete user profiles that no longer need access.
- When approving transactions, carefully review all details, paying close attention to the beneficiary routing number and account number.
- Set up customized account alerts, like balance minimums, through online banking, so you know when certain account activity takes place.
- Do not approve transactions by batching them together, and be sure to review and approve each one individually.
- If you initiate ACH and wire transfer payments, do so under dual control, with a transaction originator and a separate transaction authorizer.
- Verify payment or change requests with the vendor. You could receive a fraudulent email disguised to be from a known vendor. When a payment is made, the funds are sent to the fraudster instead of the intended vendor.
- Review and reconcile banking transactions daily.
- Perform periodic risk assessments of the banking products/services your company uses, including regular reviews of user access levels, dollar limits and activity.
Additional Best Practices
- Avoid using public computers or public wireless access points to perform transactions. If you must use a wireless network, only use a secure wireless connection.
- Enable email alerts to advise you of outgoing funds transactions.
- Monitor transactions on your accounts daily and immediately report any irregularity to your banker.
"Phishing" is a method developed by fraudsters to get unsuspecting victims to reveal their personal information. The most common method of phishing involves cleverly designed e-mails or text messages containing or linking to forms requesting personal information. Fraudsters also seek to acquire this information through phone calls and recorded messages.
Fake e-mails, texts or messages request the recipient to confirm personal information such as an ID, password, account numbers,or PIN. The message may instruct the person to "update" or "validate" personal information and direct them to a phony web site that looks like a legitimate website. Fraudulent emails, websites and/or web pages may look strikingly similar to legitimate ones. You can always type a URL into your web browser instead of clicking on a link.
Ways to identify phishing scams include:
- Links in messages appear to be from IBERIABANK but are not. When you place your cursor over a link in a suspicious email, your email program should display the destination URL. Do not click on the link. A URL that is formatted iberiabank.fakewebsite.com is taking you to a location on fakewebsite.com. Just because "IBERIABANK" or "IBERIA" is part of the URL does not guarantee the site is an official IBERIABANK website or webpage. Look for added word(s), symbols, or numbers before or after the name in the URL.
- Requests for personal information. IBERIABANK will never ask you to reply in an email with any personal information such as your Social Security number, ATM or PIN.
- Urgent appeals. We will never claim your account may be closed if you fail to confirm, verify or authenticate your personal information via email or text message.
- Messages about system and security updates. We will never claim the need to confirm important information via email or text due to system upgrades.
- Offers that sound too good to be true. We will never ask you to fill out a customer service survey in exchange for money, then ask you to provide your account number so you can receive the money.
- Obvious typos and other errors. Be on the lookout for typos or grammatical errors, awkward writing and in some instances, poor visual design.
Should you question the origin of any communication regarding your IBERIABANK account, please contact us immediately.
Tax Scams/Refund Fraud
The Internal Revenue Service (IRS) has seen a significant increase in refund fraud that involves identity thieves who file false claims for refunds by stealing and using someone's Social Security number. The IRS warns taxpayers about e-mails falsely claiming to be from the IRS and the growing number of shady tax preparers. Be on alert for identity thieves and mindful about disclosing personal information such as your Social Security number. Be sure to research any person or company's offer before taking action.
Internet Dating/Romance Scams
Internet dating/romance scams usually involves an international online dating site but can be performed on domestic websites as well. Dating and romance scam artists try to play on emotional triggers to get a person to provide money, gifts or personal details. Should a person begin discussing personal financial problems that require your help, do not provide assistance. Never give personal or financial information such as account numbers or credit card numbers. To learn more about dating and romance scams, visit the U.S. Department of State website.
A money mule is a person who transfers stolen money in person, electronically, or through a courier service on behalf of others. Money mules are often innocent people recruited online for what they think is legitimate employment, not aware that the money they are transferring is the product of a crime. The most common money mule solicitations are disguised as "work from home" opportunities. The employee is instructed to transfer funds to another bank account or to deliver the merchandise to a third party. The bank account or third party is associated with the criminal. After the money mule performs his or her role in the transaction, the criminal usually dissolves the relationship and recruits someone else for the next scheme.
Always remember, if an opportunity sounds too good to be true, it probably is. If you believe that you are participating in a money mule scheme, stop transferring money and/or merchandise immediately and notify the authorities and your Financial Institution.