Security Center

Identity Theft & Scam Information

Welcome to the new generation of identity theft! No longer is identity theft limited to crooks rooting through garbage bins or hackers hacking into computers or online accounts. Now, identity (ID) thieves have the nerve to ask you directly, and they are becoming fiercer and more deceptive than ever before. Masking themselves as well known and trusted companies and government organizations!

Please be aware that TrailWest Bank would never ask for or require you to give out financial information (ex. SSN, account numbers, etc.) by email or over unsecured web pages.


Protect Yourself

Phishing comes from the analogy that Internet scammers are using email lures to “fish” for passwords and financial data from the sea of internet users. However, phishing has grown to include more than just email lures including telephone calls, webpages, and pop-up boxes.

Email Phishing

Typically, a phishing expedition starts with an email that warns of some problems with an account, or promotes a special offer, and directs you to a webpage that is a dead ringer for the site of the company or bank you do business with—right down to the graphics, forms, and links that lead to legitimate pages. At the core of the phishing problem is a new kind of identity theft experts are calling “corporate ID theft.” Criminals are increasingly aware of the power that trademarks have over consumers and they are using that trust against consumers. Whether it’s an email with an eBay logo, or a website using an address that seems to be a legitimate brokerage firm, con artists are successfully using these trademarks to trick consumers. Even experts say telling real mail from phish can be difficult. So, in actuality, these thieves are committing a double ID theft, first the corporations, then the consumers. The notes appear to be personal, referencing an open account at a bank or website, but they really are just Spam. Sent to a wide enough audience, an emailing referencing Citibank or eBay will hit plenty of people who really are account holders.

The emails often say that account information needs to be updated right away and asks you to click on a link that will take you to the website and an information update form. The linked page will look just like the company’s actual website, but the information will be sent to identity theft scammers not the legitimate company.

Targeted companies include: eBay, PayPal, Citibank, Bank of America, Best Buy, Verizon, AOL, the FDIC, and AT&T…just to name a few.

Although the first phishing attacks were straight email messages with links to phony sites, there’s an even newer version. Hackers have developed two Trojan horse programs known as MiMail and MmdLoad that arrive as e-mail attachments. If you double-click on the attachment, it unleashes a program that not only takes you to a phony sign-on screen but also uses your email client to send a copy of the booby-trapped message to everyone on your contact list!

A great site for more information and examples of these fishing emails can be found at .

You can protect yourself from the latest identity theft scam by following these useful tips, which were developed by the Federal Trade Commission:

  • If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead, contact the company site in the email using a telephone number or Web site address you know to be genuine.
  • Avoid emailing personal and financial information. Before submitting financial information through a Web site, look for the “lock” icon on the browser’s status bar. It signals that your information is secure during a transmission.
  • Never act upon any e-mail or pop-up ad that asks for personal or financial information.
  • Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
  • Update Internet browsers and Windows operating systems.
  • Report suspicious activity to your bank and the Federal Trade Commission. Send the actual spam to . If you believe you’ve been scammed, file your complaint at , and then visit the FTC’s Identity Theft Web site to learn how to minimize your risk of damage from identity theft.

Web Phishing

Another type of phishing scam sends you to the real company’s legitimate website—topped by a pop-up form that might ask you to enter your account name, password, credit card number, Social Security number, mother’s maiden name, or other information. Because the pop-up box is so similar in color and design as the website consumers assume it’s from the company, but the information entered is sent to scam artists not the legitimate company.

Telephone Phishing

Similar to email scams, the scammers call to say they are contacting you to confirm your information or to say that your account has been hacked or frozen. These calls may come from an actual caller or an automated voice recording. As with other phishing expeditions do NOT give out any information to unsolicited callers.

Be advised that some credit card companies do occasionally have agents call to confirm information. To verify who the caller is, you should ask for their name, department, and phone number extension, then call the toll-free number on the credit card or account statement and ask whether the call was legitimate.


In pharming, an e-mail purporting to be from a known organization carries a computer virus that infects a victim’s computer in one of two ways. One sends the victim who types in a legitimate domain name to a bogus site. The other records keystrokes, for example what the victim typed when logging on to an online banking site, and then transmits the information to a criminal who then uses the data to access the account. All of this may be confusing, but it is a real threat, and it is spreading, as criminals look for new ways to collect personal data and as Internet users are becoming better educated to phishing schemes. For suggestions on how to avoid this type of scam see the suggestions listed under ‘phishing’ above.

Craigslist & Other Online Selling Scams

In a variation of the “Nigerian Scam,” a buyer offers to purchase an item listed for sale but sends a cashier’s check for an amount that exceeds the purchase price. The seller is asked to wire the excess amount to the fraudulent buyer. Later, the original cashier’s check is returned as a counterfeit item, and the depositor is responsible to make restitution to the financial institution for the full amount of the check.

Thank you for reading this important information. We hope you find it helpful. If you have any questions or comments please chat with us by clicking the bubble on the bottom right of your screen or give us a call at (406) 523-5419.

*Please note: When you click on one of the links above, you are leaving the TrailWest Bank website. Please be aware that when you leave our website you will be going to sites that are beyond our control and standards. Websites to external URLs have their own privacy policies, and may collect data or solicit personal information.