M&F Bank

Phishing Alerts

ALERT - Phishing Attempt email may be trying to collect accout information.

This morning M&F Bank received several emails and calls pertaining to a phishing type email that is trying to collect customer account information. If you receive one of the emails, please delete the email and do not click on any links contained in the email. We would like to remind you that M & F Bank will never ask for confidential customer information via email. Here is a copy of what the email looks like. If you have questions regarding this email, please contact your local M&F Branch.

Be aware that you may receive an email disguised as a survey from M & F Bank that states you will receive $80 by completing the survey. The site will eventually ask for your card account number. Please delete this email and do not click on the link.

Dear Merchants and Farmers Bank account holder,

Because of several failed sign on attempts to your online account, your Merchants and Farmers Bank account features have been restricted as of the time of this notification. To restore your Merchants and Farmers Bank features and online access, please click the link below and carefully follow the prompts.

http://www.mfbank.com/PBI_PBI1961/Login/signon.asp

Please Note:
If we do no receive the appropriate account verification within 24 hours, then we will assume this account is fraudulent and will be permanently restricted.

After you follow the prompts to restore your account , your account features and online access will be restored and you will be redirected to our secure website .

If you are not a Merchants and Farmers Bank customer please ignore this message and accept our apologies.

Thank you for using Merchants and Farmers Bank.

Hugh S. Potts, Jr.
CEO/Chairman

M&F Bank Earns Top 3 Spot as one of the best Service Providers among Financial Institutions in Memphis Tennessee.

"Phishing" Fraud: How to Avoid Phishing Scams.

"Phishing" involves the use of fraudulent emails and copy-cat websites to trick you into revealing valuable personal information — such as account numbers for banking, securities, mortgage, or credit accounts, your social security number, and the login IDs and passwords you use when accessing online financial services providers. The fraudsters who collect this information then use it to steal your money or your identity or both.

When fraudsters go on "phishing" expeditions, they lure their targets into a false sense of security by hijacking the familiar, trusted logos of established, legitimate companies. A typical phishing scam starts with a fraudster sending out millions of emails that appear to come from a high-profile financial services provider or a respected Internet auction house. M&F Bank will never request our customers to update their personal or account information via web links contained within e-mails.

The email will usually ask you to provide valuable information about yourself or to "verify" information that you previously provided when you established your online account. To maximize the chances that a recipient will respond, the fraudster might employ any or all of the following tactics:

Names of Real Companies — Rather than create from scratch a phony company, the fraudster might use a legitimate company'’s name and incorporate the look and feel of its website (including the color scheme and graphics) into the phishy email.
"From" an Actual Employee — The "from" line or the text of the message (or both) might contain the names of real people who actually work for the company. That way, if you contacted the company to confirm whether "Jane Doe" truly is "VP of Client Services," you'd get a positive response and feel assured.
URLs that "Look Right" — The email might include a convenient link to a seemingly legitimate website where you can enter the information the fraudster wants to steal. But in reality the website will be a quickly cobbled copy-cat — a "spoofed" website that looks for all the world like the real thing. In some cases, the link might lead to select pages of a legitimate website — such as the real company's actual privacy policy or legal disclaimer.
Urgent Messages — Many fraudsters use fear to trigger a response, and phishers are no different. In common phishing scams, the emails warn that failure to respond will result in your no longer having access to your account. Other emails might claim that the company has detected suspicious activity in your account or that it is implementing new privacy software or identity theft solutions.

How to Protect Yourself from Phishing

The best way you can protect yourself from phony phishers is to understand what legitimate financial service providers and respectable online auction houses will and will not do. Most importantly, legitimate entities will not ask you to provide or verify sensitive information through a non-secure means, such as email.

Follow these five simple steps to protect yourself from phishers:

Pick Up the Phone to Verify — Do not respond to any emails that request personal or financial information, especially ones that use pressure tactics or prey on fear. If you have reason to believe that a financial institution actually does need personal information from you, pick up the phone and call the company yourself — using the number in your rolodex, not the one the email provides!
Do Your Own Typing — Rather than merely clicking on the link provided in the email, type the URL into your web browser yourself (or use a bookmark you previously created). Even though a URL in an email may look like the real deal, fraudsters can mask the true destination.
Beef Up Your Security — Personal firewalls and security software packages (with anti-virus, anti-spam, and spyware detection features) are a must-have for those who engage in online financial transactions. Make sure your computer has the latest security patches, and make sure that you conduct your financial transactions only on a secure web page using encryption. You can tell if a page is secure in a couple of ways. Look for a closed padlock in the status bar, and see that the URL starts with "https" instead of just "http."

Security Tip: Some phishers make spoofed websites which appear to have padlocks. To double-check, click on the padlock icon on the status bar to see the security certificate for the site. Following the "Issued to" in the pop-up window you should see the name matching the site you think you're on. If the name differs, you are probably on a spoofed site.
Read Your Statements — Don't toss aside your monthly account statements! Read them thoroughly as soon as they arrive to make sure that all transactions shown are ones that you actually made, and check to see whether all of the transactions that you thought you made appear as well. Be sure that the bank has current contact information for you, including your mailing address and email address.
Spot the Sharks — Visit the website of the Anti-Phishing Working Group at www.antiphishing.org for a list of current phishing attacks and the latest news in the fight to prevent phishing. There you'll find more information about phishing and links to helpful resources.

[back to top]

	© 2007 M&F Bank. All Rights Reserved. Website powered by Goldleaf Financial Solutions. Home \| Privacy Statement \| About Children's Online Privacy \| Security Statement \| USA PATRIOT ACT Internet Banking \| Personal Banking \| Business/Commercial \| Investing/Insurance Lending \| Investor Relations \| Resource Center
NOTICE: M&F Bank is not responsible for and has no control over the subject matter, content, information, or graphics of the web sites that have links here. The portal and news features are being provided by an outside source - The bank is not responsible for the content. Please contact us with any concerns or comments.