Skip Navigation Download Acrobat Reader 5.0 or higher to view .pdf files.
Merchants Bank of Commerce

Alerts & Scams

Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, credit or debit card number, without your permission, to commit fraud or other crimes. Identity theft can happen to anyone, but there are steps you can take to minimize your risk of becoming a victim.
Scam of the Week - The information provided below belongs to and is provided by KnowBe4 and is intended for informational purposes only.
November 8, 2019: Phishing Attacks Using Employee Benefits and Pay Raises as Bait
The bad guys know that annual pay raises and employee benefit enrollments often happen at the end of the year, or at the beginning of a new year. That’s why they take this time to send phishing emails related to these types of communication.

These scammers pose as your HR department and send emails about things such as employee benefits surveys and salary increases. These emails typically contain dangerous attachments or malicious links that take you to a fake login page where your login information could be stolen.

If you receive emails about employee benefits or pay raises, do not click on links or open attachments. Even if the email appears to be from someone in your Human Resources department, it’s best to play it safe. Pick up the phone and contact your HR team to confirm the email is valid.
November 1, 2019: Smishing from Mobile Carriers
Not only do internet criminals phish your email inbox, they also send text messages to try their malicious tricks. Using text messages, or short message service (SMS), for phishing attempts is known as “Smishing”.

Lately, smishing scammers have been sending text messages that appear to come from your cell phone service carrier. The message claims they’ve been unable to process your recent payment. To avoid fees, you’re asked to log in and update your information using the link in the text message. Once you click the link, you’re brought to an identical, but fake, login page for your cell phone service. If you mistakenly enter your credentials, the attackers will have access to your real account, and therefore, your payment information.
Remember the tips below to protect yourself from smishing scams:
  • Links sent through text messages are usually shortened. Therefore, you can’t see where the link will actually take you. If your mobile device allows it, before clicking the link, hold your finger down to see the full web address of where the link will take you.
  • Always log in to your online accounts through your phone’s browser or through the mobile application you’ve installed on your phone, instead of clicking an unexpected link.
  • Never use the same password for multiple accounts. If you did fall for a scam such as this you may not even realize it happened, but the attackers would be able to break into all of the accounts where you use the same password.
October 25, 2019: Beware! Bogus Performance Reviews Used as Phishbait
Be warned. The bad guys are using fake job performance reviews as phishing bait so they can trick you into giving up your username and password.

Here's how it works: First, the scammers send you an email that appears to come from your Human Resources department. The email contains a link to a fake website where you're instructed to log in so you can "receive the information about your performance review". If you enter your login credentials here, the attackers will have access to your account, and your entire organization could be compromised.

Always remember: Never click on a link you weren’t expecting, even if it appears to be from an internal team or someone you know. It’s best to pick up the phone and verify that the email is legitimate before putting yourself and your company at risk.
October 17, 2019: Don't FALL for LinkedIn Job Posting Scams this Season
According to LinkedIn, more job postings are added to their platform in October than in any other month. If you’re a job seeker, be warned–the bad guys are also aware that October is a popular hiring month.

Cybercriminals develop attractive job postings to target people. Once the scammer’s job posting or recruitment message has captured your interest, they’ll have you send your personal information or your full resume. They can then sell your personal or biographical data to companies to use it for marketing purposes.
Always remember the following to avoid falling victim to job search scams:
  • Never send personal information or your resume to an email address that is unrelated to the company. Even if a message appears to be from a company or individual of interest, pick up the phone and be certain you’re communicating with the correct person before sharing sensitive information or downloading any attachments.
  • If you receive a suspicious email that appears to be from LinkedIn, don’t fall for it. Log in to LinkedIn through your browser and ensure the message is legitimately from LinkedIn’s platform.
  • Only accept LinkedIn invitations from people you know. This reduces your organization’s exposure to criminals who crawl the web to find details about your company so they can plan an attack.
October 11, 2019: Amazon, PayPal, and Gmail Users Targeted in Recent Phishing Attacks
The bad guys are at it again. They’re posing as well-known services–such as Gmail, Amazon, and Paypal–so they can bait you into giving up your personal and financial information.

The phishing attack starts off with a common tactic: You receive an email claiming that you need to verify your account. The scammers send their emails from an active domain, which makes it look more legitimate and makes it easier for them to bypass email security filters. Once you click the button or link in the email, you’re stepped through several stages of the attack. You're first brought to a website that is only used to redirect you to a second page. This helps the hackers get past email filters. From the second page, you're asked to verify that you're not a robot. Once this fake site has confirmed you’re not a robot, the real danger begins. On the final phishing page, you’re asked to fill in fields with your account credentials, credit card details, and other sensitive information. Nothing happens when you click the button to submit your information, but all of your data has already been sent directly to the attacker’s email address.

Always remember: If you receive a suspicious email from an online service that you use, log in to your account through your browser (not through links in the email) to check the validity of the information. Even if the sender’s email address appears to be from a well-known organization, the email address could be spoofed.
October 4, 2019: Yahoo Data Breach Settlement Phishing Attacks
From 2012 through 2016, several hackers got into Yahoo email systems and stole billions of personal records. Recently, there’s been news of Yahoo reaching a settlement on the class action lawsuit created for these events. Yahoo must offer two years of free credit-monitoring services or $100 to anyone who had an account stolen during the hacks.

Watch out! The bad guys are taking advantage of this situation by tricking you into filing a Yahoo claim to get your $100 payment. They’re sending phishing emails that look like they come from Yahoo. When you click on their phishing links, you wind up on a website that appears to be for Yahoo’s class action lawsuit. Don’t fall for it! The website will steal your personal information instead.

If your Yahoo account was compromised and you want to claim your rights to this settlement, be certain you’re using an official resource. To submit your claim, visit
September 27, 2019: Amazon Phishing Scam in Progress
The bad guys are targeting Amazon customers and tricking them into giving up their account login details, personal information, and even their financial information. They’re sending phishing emails that tell you to update your account information within twenty-four hours or your account will be permanently disabled. Don’t fall for this warning! Cybercriminals are counting on your impulsive reaction.

Once you click the “Update Now” button in the phishing email, you’re taken to a realistic-looking Amazon login page. After you’ve entered your credentials, another form is displayed for you to “update” your name, phone number, date of birth, and address. Then, you have to provide your credit card and bank account details.

After you’ve given up all of this sensitive data, the phishing site tells you your account has been recovered and that you’ll be logged out automatically. You’re then redirected to the real Amazon website without having any idea of what actually happened.

Always remember: If you receive a suspicious email from an online service that you use, log in to your account through your browser (not through links in the email) to check the validity of the information presented. Also, be careful with emails that are seemingly urgent. The bad guys often use a ‘sense of urgency’ to pressure you into clicking as an impulsive response.
Know Be 4. Human error conquered.



Lost your ATM/Debit card? We can help.