NBT Bank Fraud Alerts


Spear-Phishing Scam

Dear Valued Online Banker for Business Customers: 

NBT Bank makes every effort to ensure that our customers' information is protected. We have taken steps to enhance and secure your Online Banker access. At this time we wanted to educate our Business Online Banker users of a potential threat involving online account access. E-mail and Internet-related fraudulent schemes, such as "phishing" are being perpetrated with increasing frequency, creativity and intensity. Phishing involves the use of seemingly legitimate e-mail messages and Internet websites to deceive consumers into disclosing sensitive information, such as bank account information, Social Security Numbers, credit card numbers, passwords and personal identification numbers (PINs). It has recently come to our attention that within the last few months there has been an increase in fraud attempts involving the exploitation of valid online banking credentials belonging to small and medium sized businesses. Theses recent attacks are being referenced as "Spear Phishing", which usually comes in an e-mail. Below is a description of the attacks and prevention tips to help keep your online banking and internet transactions safe from "phishing" attacks.

  • A "spear phishing" e-mail contains either an infected file or a link to an infectious Web site. The e-mail recipient is usually a person within a company who has initiated funds transfers on behalf of the business (both Wires and Automated Clearing House (ACH) transfers). Once the user opens the attachment or navigates to the website, Malware is installed on your computer. This malware contains a key logger, which in turn will compromise the users' corporate online authentication credentials. The attacker will then initiate a funds transfer by logging into your internet banking accounts.

  • There is no guarantee that you can protect yourself from a "spear phishing" attack. It is important to educate all users of your Online Banker account, and any employees that have access to corporate financial information; to be wary of any e-mails received containing attachments or directed to links through e-mails. Employees should know to never assume that just because you know the address the e-mail was sent from, that the e-mail is safe. Any e-mail that contains an attachment that arrives unexpectedly could contain malware, even if its not "spear phishing" malware. Simply requesting that friends and co-workers notify before they send an attachment will reduce your risk of becoming a victim in these fraudulent attacks.

  • Don't take any chances; educate yourself and your employees to stay safe online using these prevention tips:
    1. Initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer.
    2. Carry out all online business banking activities from a stand-alone computer from which e-mail and Web browsing are not possible.
    3. Reconcile all banking transactions on a daily basis instead of monthly.
    4. Never access a website from a link in an e-mail, especially a site asking for personal information.
    5. Beware of e-mails offering a prize or discount, then asking you to enter a user id and password (thieves will collect login information, since most login's are the same for all sites).
    6. Monitor all account activity regularly and watch for unusual activity
    7. Change your passwords every 45-60 days.
    8. Note fraudulent e-mails containing poor grammar or misspelled words.
    9. Update anti-virus and spyware software frequently.
    10. Do not include personal or sensitive data in response to an e-mail.

If you have any questions or concerns please feel free to reach out to one of our Customer Service Representatives at 1-800-NBT-BANK (1-800-628-2265). For additional information please visit the following websites: