Security Center

  

Security Center Topics

Account Security

  • Never share your MCT Online Banking username and password with anyone.
  • Never re-use your MCT password on any other websites- it should be a strong password & used only with MCT online/mobile banking.
  • Never allow anyone to use scare tactics to get you to take actions in your bank account that you're not sure of.
  • Never allow any unauthorized people to view your MCT Online or Mobile Banking accounts, either in-person or on any computer/smartphone devices.
  • Never allow anyone to install software or apps on your computer/smartphone devices that allow them to view and/or control those devices remotely. Scammers can take control and steal your information.
  • If you add your MCT Debit Card number to mobile payment apps like PayPal, Venmo, CashApp, etc., also make those apps have a strong, unique password.
  • Beware of scammers falsely using MCT's Caller ID. MCT will never ask you for your private account details via phone. If you are suspicious, hang up immediately and call us directly, toll-free 877-325-2265 or 570-325-2265.
    • Learn more about what banks will never ask you by clicking here.

If you suspect that any of these has occurred, please contact us immediately at 877-325-2265 or 570-325-2265 or visit your nearest MCT Office.

Please also continue reading below for additional ways to protect your accounts.

MCT.BANK Security

Why .bank?
Our mct.bank address helps to prevent "phishing" attacks against our customers, employees and vendors by providing a visual identification cue for our emails and websites. Website & email addresses ending in .bank are only available for verified banks. You should authenticate our staff emails and main bank website simply by looking for the “mct.bank” at the end of our email addresses and our main website address. Don't be fooled by lookalike .com websites pretending to be Mauch Chunk Trust Company.

Frequently Asked Questions:
WHAT IS .BANK?
.BANK is a "gated domain," like .gov or .edu, but for verified banks. Replacing .com, which can be purchased by anyone, mct.bank quickly verifies that the website or email is authentically from MCT, so you can interact with confidence when you see the ‘mct.bank’ in our website and email addresses.

HOW IS .BANK MORE SECURE?
All banks are verified and authenticated by fTLD, the .BANK administrator, prior to registering their BANK domain, and re-verified annually thereafter. This ensures everyone using a .BANK domain is an eligible organization. Hackers and bad actors can’t get a .BANK domain to create lookalike domains for phishing and spoofing, as they can in ‘.com’ and other publicly available domains.

With the mct.bank visual authentication cue in place you can quickly confirm emails and websites of ours are real and avoid interactions that could lead to identity theft and financial fraud. This authentication is also an additional layer of protection for internal and vendor communications, helping to secure against potential breaches.

All banks within the .BANK domain must also implement additional Security Requirements to help secure their sites and email, and protect them, their vendors and their customers from phishing, spoofing and other cyberattacks. All banks using .BANK are monitored for compliance with these security requirements on an ongoing basis.

Online & Mobile Banking Alerts

We highly recommend you use the optional "Alerts" feature in our online and mobile banking to ensure you know about banking transactions and balance updates to your accounts the moment they occur. Creating daily balance alerts can also potentially help you avoid overdraft fees by being aware of your daily account balances. Notifications can be delivered by email, text message or mobile push notifications.

This can help you monitor your finances and detect fraudulent debit card use in real-time. Emails will be sent from "alerts@mct.bank" and text messages will be sent from "31727." 

In MCT Online Banking, click "Alerts" in the top-right menu to explore & create your custom alerts:

Online Banking Alerts Menu 08-2021

In MCT Mobile Banking, click the "More" menu at the bottom-right to explore & create your custom alerts:

Mobile App More Menu 08-2021 Mobile App Alerts Menu 08-2021 Mobile App Account Alerts Menu 08-2021 Mobile App Security Alerts Menu 08-2021 

Note: Any alerts you create in either MCT Online or Mobile Banking are available in either system. For example, create an alert in our Mobile App, and you can change/delete it within Online Banking. 

Helpful Resources

Recent security alerts & scams to be aware of:

  • Recognize the 4 basic signs of a scam:
    • Scammers pretend to be from a familiar organization or agency, like the IRS or Social Security Administration. They may send you email attachments with official-looking logos, seals, signatures, or pictures of employee credentials.
    • Scammers mention a problem or a prize. They may say your Social Security number was involved in a crime or ask for personal information to process a benefit increase.
    • Scammers pressure you to act immediately. They may threaten you with arrest or legal action.
    • Scammers tell you to pay using a gift card, prepaid debit card, cryptocurrency, wire or money transfer, or by mailing cash. They may also tell you to transfer your money to a “safe” account.
    • Ignore scammers and report criminal behavior! R
  • Scammers use email ("phishing") or text messages ("smishing") to trick you into giving them your personal information. But there are several things you can do to protect yourself. Learn more at FTC.gov
  • How to Safely Use Mobile Payment Apps and Services
  • Cybercriminals Tampering with "QR Codes" to Steal Victim Funds. Read more at FBI's Internet Crime Complaint Center
  • Gift Card Scams. Read more at FTC.gov
    • Someone might ask you to pay for something by putting money on a gift card, like a Google Play or iTunes card, and then giving them the numbers on the back of the card. If they ask you to do this, they’re trying to scam you. No real business or government agency will ever insist you pay them with a gift card. Anyone who demands to be paid with a gift card is a scammer. Read on to learn more about gift card scams.
  • "Hang up on business" imposter scams. Read more at FTC.gov
    • Some scammers are pretending to be popular online shopping websites, phishing for your personal information. Scammers want you to call the number they give so they can ask for your passwords, credit card number, and other sensitive information to get your money. If you get a call like this, there are a few steps you should take. 
  • Tech Support Scams
  • Fake Offers for Secret Shopper Jobs. Read more at FTC.gov
    • Did you get an offer to be a secret shopper for a well-known company? It might come as text, email, or letter inviting you to work on a "research project starting soon in your area." Read more to protect yourself.

Cyberspace is a virtual community. Within it, you chat with your neighbors, shop, get news updates, do research, seek medical advice, and perform banking functions.

As such, it’s prone to the same activities as your physical community. You need to perform routine cleaning of your computer files for increased performance. You need to exercise caution about who you communicate with. You must keep software patched and updated to protect against intrusion. And you absolutely must remain alert to potential threats.

Unlike your physical community, cyber-theft is not something you can see coming And the stakes are even greater. Your very identity is at risk, along with your good name and all you’ve earned over your lifetime.

Online safety has two key components:

  1. EDUCATION: Understand the various threats lurking in cyberspace. Learn how to detect and avoid them. Information is your first line of defense against cybercrime. But all those terms can be confusing. Learn more below.
  2. AWARENESS: Most people today understand online safety. Yet they still risk becoming a victim. Why? Because our hectic lifestyle distracts us. Multi-tasking is a way of life. We’re trying to squeeze in just one more chore before moving on to a different project. We let our guard down for just an instant. And that’s all it takes. It’s just as important to know what to do if we become a victim as it is how to avoid becoming one. The quicker you respond, the less damage they can do. These resources will help you keep it to a minimum.
    Your first line of defense is a strong password. Use a minimum of nine characters containing a combination of upper and lower case characters, both alpha and numeric. If special characters are allowed, use them to make it even harder to crack. Don’t use the same password on multiple sites. If one site gets hacked, all of your accounts are compromised.

Despite your best efforts, your personal information can still be compromised. Someone can hack into a vendor’s database and steal their customer’s name, address, Social Security number, credit card number, even medical data.

Don’t think you’re safe if you avoid banking or shopping online. Cyber crooks can download malware onto Point-of-Sale terminals and swipe credit card information at brick-and-mortar store locations. Consider adding your MCT Debit Card to your smartphone's mobile wallet for a more secure way to make contactless payments.

Contact Mauch Chunk Trust Company IMMEDIATELY if you suspect your account has been compromised so we can take immediate steps to prevent further theft.

Additional Resources

The following are just some of the resources available to you online to better educate yourself on the best ways to prevent identity theft and online theft.

  • Equifax offers Credit Lock service - find out more
  • Check your accounts regularly. This means bank accounts and credit card accounts. Report any unrecognized transactions immediately for prompt action.
  • Check your credit reports. All of the major credit reporting bureaus allow one free credit report each year. By spacing them out over the course of the year, you can recognize errors or inaccuracies in your statements. If you’re married, space out your spouse’s report in the mix and you can check a report for free every other month. Act Immediately and report any errors on your credit report to the bureau involved.
  • Visit FTC OnGuard Online for a wealth of consumer tips and resources on staying safe online.
  • The Federal Trade Commission (FTC) maintains up-to-date information on Identity Theft and recent scams - please visit their site regularly
  • The FBI and Homeland Security US-CERT both post new scams frequently on their websites.
  • Krebs on Security
  • AARP Fraud Watch has many resources for AARP members. Call the AARP Fraud Watch Alert Helpline at 877-908-3360 to report or receive assistance

What to do if you suspect fraud or scamS

  • Notify MCT immediately: Contact Us / Locations
  • Checking and savings accounts must be closed and new accounts, with new account numbers, must be opened.
  • If your ATM or debit card was compromised, request a new card with a new account number and a new personal identification number (PIN).
    • PIN/PW creation tips: when creating a new PIN, do not use your birthdate or the last four digits of your social security number. Do not record your PIN on any article or on your ATM/debit card. Keep it in a safe and secured place.
  • Add confidential passwords to every account, (including new accounts), name, and social security number that was exposed to the scammer.
  • Close your Online Banking account if your user name and password was compromised, or if your computer was remotely accessed by anyone.
  • Place an alert on all open lines of credit, including home equity loans and credit cards.
  • Credit Cards: report the fraud to the credit card issuers and get new credit cards with new account numbers. (Ask the issuer to process the card as “account closed at consumer’s request.” Follow-up in writing to protect yourself in case of a disputed transaction.
  • Report the scam to the police. Some police departments may refuse to write a police report, but be persistent. Provide a copy of the police report to banks, credit card issuers, insurance company, and others that may request it.
  • Change user names and passwords on all websites.
  • Hang up or block all calls from scammers. Quite often, they will continue to call a victim for more money.
  • Add your phone number(s) to the National Do Not Call Registry: https://www.donotcall.gov/
  • File a complaint with the Federal Trade Commission, (FTC), by completing an online complaint form OR If your computer has been hacked, call the FTC’s Identity Theft Hotline, 1-877-ID-THEFT (438-4338) to file a complaint. https://www.ftc.gov/
  • If a caller is rude, abusive, or if scammed money has already been sent, call the FTC: 1-877-FTC-HELP.
  • Place a fraud alert on your credit report by notifying 1 of the 3 credit reporting agencies. (They must share the information with the other 2 companies). The initial fraud alert is free, but will expire after 90 days. The alert can be renewed, but it is up to you to do so. The alert will make it more difficult for a scammer to open accounts in your name.
    • TransUnion – 1-888-909-8872
    • Experian – 1-888-397-3742
    • Equifax – 1-800-685-1111

      By placing a fraud alert, you can order one free copy of your credit report from each of the three reporting agencies. Make sure the agencies have your current contact information.
  • Have a reputable computer repair shop remove any viruses on your computer. You may need to purchase or updated Anti-Virus protection software. Do not download free versions of this software, or you may be installing additional viruses to your computer.
  • If your social security number has become associated with bad checks and credit, because of fraud or identity theft, contact your local office of the Social Security Administration to request that your SSN is changed. This is used in rare and the most extreme situations only.
  • If your mail has been stolen or misdirected, notify the postal inspector in your area about suspected mail theft.
  • If you have a passport, notify the passport office to be on the alert for anyone ordering a new passport fraudulently.

Glossary

BOTNET: A group of compromised computers infected with malicious software and controlled as a group without the owner's knowledge. Used to distribute spam or malware, or conduct DDoS attacks. If your computer runs sluggish or returns page errors when you visit an anti-virus site, you may have unknowingly become part of a botnet. If your IP address is detected as generating malware, you can be charged with a cybercrime whether or not you even knew about it. The best way to eliminate a botnet from an infected computer is to wipe the entire hard drive clean and perform a system restore. And hope that you have a good, clean backup dated prior to the compromise.

DISTRIBUTED DENIAL OF SERVICE (DDoS): Form of electronic attack involving multiple computers, which send repeated HTTP requests or pings to a server to load it down and render it inaccessible for a period of time.

MADWARE: Mobile malware. Security experts rank mobile threats as the fastest rising cybercrime faced today. Your mobile device needs the same level security used to protect your PC. Always,
ALWAYS, lock your phone with a password or code to prevent unauthorized access. Your favorite anti-virus software is available for download as an app for whatever type device you use.

MALWARE: Software designed to infiltrate or damage a computer system without the owner's knowledge or consent. It is a blend of the words "malicious" and "software." It includes computer viruses, worms, trojan horses, spyware, adware and other malicious and unwanted software. Keep your operating system and anti-virus software patched and updated to protect yourself against malware threats.

PHARMING: Or "domain spoofing" is an attack in which a user can be redirected from a legitimate site to a fraudulent site and then fooled into entering sensitive data such as a password or credit card number. The fraudulent site often looks like the legitimate site; e.g. your bank. It is different from phishing in that the attacker does not have to rely on having the user click a link in an e-mail to deceive the user. Even if the user correctly enters a Web address into a browser's address bar, the attacker can still redirect the user to a malicious Web site.

PHISHING: Fraudulent e-mails, appearing to be from a trusted source such as your bank or credit card carrier, direct you to Web sites. Once there, you are asked to verify personal information such as name, account and credit card numbers, passwords and the like. These sites are often designed to look exactly like the site they are imitating. The information you provide is used to hijack your accounts and your identity. E-mails that warn you, with little or no notice, that your account will be shut down unless you reconfirm certain information, are very likely to be phishing. A newer tactic is to "confirm" personal credentials they supposedly have in their file, displaying false information. You call to correct the erroneous data and unwittingly provide them with the tools they need to steal your identity. NEVER follow a link or phone number provided in an email. Use a phone number or Web site address you know to be legitimate to check the source.

SCAREWARE: Software with malicious payloads sold to consumers. Victims are lured by fake ads warning of an infected computer, etc. Pop up ads trying to sell you anti-virus products are typically scareware.

SMISHING: Phishing attacks conducted via text messaging.

SPEAR PHISHING: Phishing attacks targeting targets specific entities holding whatever valuable information they seek. Typically, the crooks are looking for inside access to an organization's internal network. The target will receive an email appearing legitimate and click the link or open the attachment to unleash the malware. Some appear to contain confidential information the recipient believes was sent to them in error, and can’t resist the temptation to learn what’s inside. Others may alert you to account upgrades and ask login credentials to confirm continued access. Be aware of these tactics and avoid them, no matter how tempted you may be to respond. Take the time to confirm legitimacy before acting on them.

SPYWARE: Software that captures information from your computer such as browsing habits, usernames and passwords or credit card information. Current anti-virus software is your best prevention against spyware download.

TROJAN: Software programs that masquerade as regular games or utilities but harm your computer. Keep your anti-virus software and operating system patched and updated for your protection.

VIRUS: Small programs or scripts that harm your computer, causing it to cease functioning properly. This is old school – more of a threat in the early days of the Internet. Cybercrime has become quite sophisticated over the years. Once again, updated anti-virus software virtually eliminates this threat.

VISHING: Phishing attacks conducted over the telephone. The scammer will try to trick you into divulging personal information over the phone. Never provide your Social Security number, account numbers or passwords to anybody who contacts you unexpectedly. No matter what form of contact they may use. If you believe the call could be legitimate, contact the agency or company they claim to represent using a phone number that is known to you. Do not call a number they provide.

WORMS: Type of virus that replicates itself. Does not destroy files but can take up all available memory or had disk space by multiplying itself. It can cause your computer to run slowly or crash.

ZERO-DAY ATTACK: An attack or threat that exploits a security hole before or immediately after the vulnerability is known.

Questions

If you have any questions regarding using any of our online services, please contact your local office.

Contact Us