Content

Security & Safety

Fraud Center FAQ

Your privacy matters.

Let’s keep your private information, well, private.

Cortland Bank does not request confidential account information or PIN information from customers through text or email, or any other automated means of communication.

Can you spot a phishing scam? Learn more.

Our products have you, and your security, in mind. 

Online Banking Security

Protect Your Online ID and Password.
Never share your online banking ID or password with anyone. Do not save your password in your browser.

Never Share Your Security Questions and Answers.
If our system detects an unusual pattern with your login or for external transfers greater than $1,000.00, you will be prompted to answer these questions. You must answer correctly before logging in; helping to prevent unauthorized individuals from accessing your account. 

Install Anti-Virus Software, Keep It Up To Date, and Install Regular System Updates.
This will help prevent your computer from receiving viruses and protect your information.

Review Your Account Statements Every Month. 
If you find a transaction that  you did not authorize, you must tell us within 60 days of the date that your statement was delivered. 

Call Immediately. 
If you believe your online banking ID and password have been lost or stolen, call us immediately. Also, if you receive an email asking you to provide your User ID, Password, Social Security Number, or any other personal information, ignore it and contact us immediately. 
We will never ask for your personal information through an email. 

Mobile Security Tips 
-Create a strong password for your mobile device. Use face ID or fingerprint scanning as an added layer of security.
-Only download mobile apps from authorized vendors like the Apple App Store or Google Play Store. 

Tips for Avoiding Phishing Scams

Every day countless phishing emails, text messages, and even phone calls go out to unsuspecting victims all over the world. While some of these messages are so outlandish that they are obviously a scam, others may appear  legitimate. Unfortunately, there is no one single technique that works in every situation, but there are a number of different things that you can look for.

Here are some tips to help spot phishing scams. 

The message contains a mismatched or misspelled URL. 
One of the first things to check in a suspicious email message or text message is the integrity of any embedded URLs. Often times, the URL in a phishing message will appear valid. However, if you hover your mouse over the top of the URL, you will see the actual hyperlinked address. If the hyperlinked address is different from the address that is displayed, then the message is probably fraudulent or malicious. If there is a misspelling in the URL, that's another sign of a suspicious email. 

URLs contain a misleading domain name.
Often times people that launch phishing scams depend on their victims not knowing how the DNS naming structure for domains work. It is the last part of the domain name that is the most telling. For example, the domain name info.brienposey.com would be a child domain of brienposey.com because brienposey.com appears at the end of the full domain name (on the right hand side). Conversely, brienposey.com.maliciousdomain.com would clearly not have originated from brienposey. com because the reference to brienposey.com is on the left side of the domain name, not the right. This trick is used by phishing artists as a way of trying to convince victims that a message came from a company like Microsoft or Apple. The phishing artist simply creates a child domain bearing the name Microsoft, Apple, etc. The resulting domain name looks something like this: Microsoft.maliciousdomainname.com. 

The message contains poor spelling and grammar. 
Whenever a large company sends out an email, the message is usually reviewed for spelling, grammar, legality, and a number of other things. As such, if a message is filled with poor grammar or spelling mistakes, it probably didn't come from a major corporation or legitimate business. 

The message asks for personal information.
This is a major RED FLAG! No matter how official an email or text message might look, it is always a bad sign if the message asks for personal information. Your credit card company doesn't need you to send them your account number. They already know what it is. Similarly a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

The offer seems too good to be true.
There is an old saying that if something seems too good to be true, it probably is. That saying holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, then the message is probably a scam. 

You didn't initiate the action.
If you get a message informing you that you have won a contest that you did not enter, then you can bet that the message is a scam. 

You are asked to send money to cover expenses. 
One telltale sign of a phishing email or text is that you will eventually be asked for money. You might not get hit up for cash in the initial message, but sooner or later a phishing artist will likely ask for money to cover expenses, taxes, fees, or something like that. If that happens, you can bet it's a scam. Furthermore, if you are asked to pay in the form of gift cards, it is a scam. 

The message makes unrealistic threats or demands urgency on your part. 
Although most of the phishing scams seem to try to trick people into giving up cash or sensitive information by promising the victim instant riches, other phishing artists try to use intimidation to scare the victim into giving up information. The scammer may also demand that you respond within a certain amount of time. 

The message appears to be from a government agency.
Sometimes scammers will send messages claiming to have come from a law enforcement agency, the IRS, the FBI, or just about anything else that could scare the average law abiding citizen.

Something just doesn't look right. 
If something just doesn't look right, there is probably a good reason. The same principle almost always applies to email messages. If you receive a message that seems suspicious then it is usually in your best interest to avoid acting on the message. 

Types of Scams

Money Mule Scams
If someone sends you money and asks you to send it so someone else, STOP. You could be what some people call a money mule - someone scammers use to transfer and launder stolen money.
Scammers often ask you to buy gift cards or wire money. They might recruit you through online job ads, prize offers, or dating websites. 

To learn more about spotting and avoiding money mule scams, take a look at this the infographic below.
Money Mule Scams Infographic

Imposter Scams
Imposter scams often begin wit ha call, text message, or email. The scams may vary, but work the same way - a scammer pretends to be someone you trust, often a government agent, family member, or someone who promises to fix your computer - to convince you to send them money or share personal information. Scammers may ask you to wire money, put money on a gift card, or send cryptocurrency, knowing these types of payments can be hard to revise. 

According to the Federal Trade Commission, Americans lost more than $667 million to imposter scams in 2019. 

Do you think you or someone know is being targeted by an imposter scam? Review the infographic below to learn more. 
Imposter Scams Infographic

Password Protection Tips

Do not use personal information.
You should never use personal information as part of your password. It's very easy for someone to guess things like your last name, pet's name, child's birth date, and other similar details. 

Do not use real words.
There are tools available to help attackers guess your password. With today's computing power, it doesn't take long to try every word in the dictionary and find your password. 

Mix different character types. 
You can make a password much more secure by mixing different types of characters. Use some uppercase letters along with lowercase letters, numbers, and even special characters such as '@' or '$'. 

Use a passphrase.
Rather than trying to remember a password created using various character types, which is also not a word from the dictionary, you can use a passphrase. Think up a sentence or a line from a song or poem that you like and create a password using the first letter in each word. You can use a variety of character types and create a secure password that is hard to crack, but must easier for you to remember. 

Never share your password with anyone.

  FDIC Resources

Downloads

Federal Reserve Bank Lending Basics