Customer Service: 610-882-8800
Routing Number: 031318716

Embassy Bank Security Center Internet Scams, Schemes, and Frauds

Guarding Against “Phishing,” “Spoofing,” and Other Cyber Fraud.

The subject matter presented on these webpages are for informational purposes only. Before acting on any ideas presented; security, legal, technical and reputational risks should be independently evaluated considering the unique factual circumstances surrounding each organization and individual. No computer system can provide absolute security under all conditions. Any views or opinions expressed on these webpages do not necessarily state or reflect those of Embassy Bank or any other entity.

How To Protect Yourself from Coronavirus Financial Scams

A message from the PA Department of Banking and Securities for ways to be safe from opportunists who will try and take advantage of them during major events such as the current COVID-19 situation:

"Consumers should be on alert for increased fraud during major events such as the outbreak of COVID-19," said Acting Secretary Richard Vague. "Scams are becoming increasingly more sophisticated and scam artists are taking advantage of people, making every attempt to separate you from your hard-earned money."

Beware of Coronavirus Financial Scams

Read Full Article

Coronavirus - Beyond Health and Wellness

Cybercriminals like to take advantage of incidents such as the coronavirus threat to entice people to click on phishing emails and conduct social engineering attacks. Cybercriminals may send malware‐laced emails with attachments and links to websites that can harvest your private information and passwords to exploit your personal and corporate accounts. It is important to remain diligent in reviewing emails to ensure they are safe.

Email Spoofing & Phishing

Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a popular tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate or familiar source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation.

Although most spoofed emails can be easily detected and require little action other than deletion, the more malicious varieties can cause serious problems and pose security risks. For example, a spoofed email may pretend to be from a well-known shopping website, asking the recipient to provide sensitive data such as a password or credit card number. Alternatively, a spoofed email may include a link that installs malware on the recipient's device if clicked. One type of spear phishing attack used in business email compromises involves spoofing emails from the CEO or CFO of a company requesting a wire transfer or internal system access credentials.

While email spoofing is most popularly used to execute phishing attacks, a cybercriminal may also use this technique to avoid spam email blacklists, commit identity theft or tarnish the image of the impersonated sender.

Cyber-Defense Tactics:

If you receive an email that warns you, with little or no notice, that your account will be shut down unless you reconfirm certain information, do not click on the email link. Instead, use a phone number or enter the web address yourself. Clicking on a link that looks legitimate may in fact direct you to a fraudulent website where your personal information may be compromised.

Before submitting any financial information to a legitimate website, look for the “lock” icon on the browser status bar, or look for “https” in the web address. Both are indications that the information is secure and encrypted during transmission.

Be wary of unsolicited or unexpected emails from all resources.

If an unsolicited email arrives, treat it as you would a phishing source.

Report suspicious activity to the Federal Trade Commission (FTC).

Identity Theft Frauds

Internet fraudsters often use identity theft as a starting point for larger crimes. In one case, criminals obtained the names and social security numbers of military personnel then used them to apply to a bank over the Internet for credit cards. In another case, stolen personal data was used to submit car loan applications online.

Cyber-Defense Tactics:

Keep a close eye on your account activity at your bank, either through statements or using their online services. Report anything that looks suspicious.

Your personal information can be obtained by “phishing,” “spoofing,” or the old fashioned way – dumpster diving. Make sure your unused checks, bills, and statements are shredded before discarding.

General Tips Against Cyber-Fraud

  1. Don’t Judge By Initial Appearances. Just because something appears on the Internet – no matter how impressive or professional the website looks – doesn’t mean it’s real. The ready availability of software that allows anyone, at minimal cost, to set up a professional-looking website means that criminals can make their websites look as impressive as those of legitimate businesses, banks or government agencies.
  2. Be Careful About Giving Out Personal Data Online. If you receive emails from someone you don’t know asking for personal data – don’t send the data without knowing more about who’s asking. While secure transactions with known e-commerce sites should be safe, especially if you use a credit card, non secure messages to both known and unknown recipients are not safe.
  3. Be Especially Wary of Emails Concealing Their True Identity. If someone sends you an email using a mail header that does not have useful identifying data (e.g.,, it may be an indication that the person is hiding something and is not legitimate.
  4. Review Credit Card and Account Statements as soon as you receive them to determine whether there are any unauthorized charges or suspicious charges/transactions. If your statement is late by more than a few days, call your credit card company or bank to confirm your billing address/account balances, and determine whether they have mailed your statement.
  5. Watch Out For “Advance-Fee” Demands. Look carefully at any online seller of goods or services that wants you to send checks or money orders immediately to a post office before you receive the goods or services you’ve been promised.
  6. Use Common Sense.

Protecting Against Corporate Account Takeover (CATO)

CATO is a fast growing electronic crime where thieves obtain log-in credentials to corporate on-line banking accounts and fraudulently transfer funds from corporate bank accounts.

Businesses should protect themselves against CATO in several areas:

  • Domestic and International Wire Transfers
  • Business-to-Business ACH Payments
  • Online Bill Payments
  • Electronic Payroll Payments

The following is a helpful list of key terms to be aware of and practical tips that will provide guidance on what steps you can take to prevent CATO for your business:

How does CATO work?

  1. Fraudsters target victims by scams using phone calls, text messages or e-mails.
  2. Fraudsters may pose as the FDIC, IRS, Better Business Bureau, NACHA, Banks or other organizations requesting personal or account information, the installation of software or user’s access credentials.
  3. Victim unknowingly installs malware by clicking on a hyperlink, visiting an infected website, or opening a file or zip file.
  4. Installed malware collects and transmits a victim’s log-in credentials to the fraudsters.
  5. Fraudsters initiate a funds transfer from the victim’s account.

Social Engineering:

Social Engineering refers to manipulating, influencing or misleading people into performing actions for the purpose of divulging confidential information, data gathering, fraud, or system access.


Some experts believe e-mail is the biggest security threat of all. It’s the fastest, most effective method of spreading malicious software to the largest numbers of users... victims. Be on the lookout for electronic greeting cards, chain letters, jokes, graphics, spam and junk e-mail.

Other Red Flags to watch out for:

  • Don’t recognize the sender or the sender’s e-mail address.
  • The e-mail address is from a suspicious domain.
  • The e-mail is unexpected, unusual or out of character.
  • E-mail was addressed to a mixed group of people.
  • The subject is irrelevant or doesn’t make sense.
  • Hovering over a hyperlink reveals an address for a different website.
  • Hyperlink or e-mail address is misspelled.
  • E-mail arrived at an unusual time of the day/night.
  • E-mail contains bad grammar and/or spelling errors.
  • E-mail requests the opening of a file, zip file, clicking on a link, providing sign-on credentials or personal or confidential information.
  • In general, the e-mail seems suspicious, out of place, or unusual.


Short for malicious software, it is software designed to infiltrate a computer system without the owner’s knowledge or informed consent. Malware includes computer viruses, worms, Trojan horses, spyware, dishonest adware, ransomware, scareware, crimeware, most rootkits and other unwanted malicious software. Malware can be found in malicious websites (including Social Networking and Video Sharing websites), e-mail, Person-to-Person (P2P) downloads, and in ads on popular websites.


This form of malware deceives or misleads users into paying for the fake, simulated or actual removal of malware and Is a growing and serious security threat.

  • Mainly relies on social engineering in order to defeat the security software.
  • Most have a Trojan Horse component which users inadvertently install on their PC.
  • Trojan Horse sources – browser plug-ins (toolbars), web image downloads, screensavers, zip files, video clips, shared software, free on-line malware scanning services.


Phishing is the criminally fraudulent process of attempting to acquire sensitive information (usernames, passwords, credit card details) by masquerading as a trustworthy entity in an electronic communication. Be wary of commonly received communications pretending to come from:

  • Social websites
  • Auction sites
  • Banks
  • Payment processors
  • Websites
  • IT Administrators

Tips for Detection and Protection

  • Educate - provide security awareness training for employees.
  • Communicate basic on-line security standards to staff.
  • Stay informed through newsletters, webinars, seminars and publications.
  • Make note of any changes in the performance of a user’s PC.
  • Do not open attachments, files or links from suspicious e-mail addresses.
  • Do not use public internet access points with company owned equipment.
  • Secure PCs and network.
  • Limit internal administrative rights.
  • Install and maintain spam filters, virus protection & fraud detection software.
  • Use routers and firewalls to prevent unauthorized access.
  • Install security updates to operating systems and applications.
  • Use pop-up blockers.
  • Back-up data daily.
  • Perform penetration testing.

For Your Ongoing Protection:

Embassy Bank will never call you, text you, or send you an email asking you to provide or verify your user names, passwords, card numbers, PIN numbers, account numbers or personal information. We may ask you to reply to a text message, in order to authenticate a specific suspicious transaction, but we will NEVER ask you to click on a link, or to submit any personal credentials or bank account information.

If you believe you have received a suspicious email, phone call or text message appearing to be from Embassy Bank, please contact us at 610-882-8800. If your Embassy Bank debit card has been lost, stolen or compromised after banking hours, call 1-800-472-3272.

Fraud Protection Resources

Safety Tips

With the ever-evolving threat of financial fraud, it's important to stay educated. Stay up-to-date with tips and best practices concerning online, in-store, and at-home fraud.

Learn More

Fraud Protection Alerts

Embassy Bank consumer and business debit cardholders have the ability to receive fraud alerts via text message to confirm activity on their card. Are you protected?

Learn More

Travel Tips & Card Security

When traveling, it is important to be aware of the ever growing risks of debit/credit card fraud and identity theft so you can protect yourself and your accounts.

Learn More

Identity Theft

If your Social Security number is stolen it can be used to file a fraudulent tax return. What do taxpayers need to know to protect themselves?

Learn More

Have You Been a Victim of Fraud?

Please reach out immediately. Contact Embassy Bank at (610) 882-8800, or reach out to one of the resources listed below for next steps in preventing further damages to your finances, credit, or worse.

Reporting Fraud

Credit Bureau Fraud Departments


Fraud Victim Assistance Department
P.O. Box 6790
Fullerton, CA 92834

Phone: 800-680-7289
Website: Click Here

Equifax Credit Information Services

Consumer Fraud Division
P.O. Box 740256
Atlanta, GA 30374

Phone: 800-525-6285
Website: Click Here


Experian's National Consumer Assistance
P.O. Box 2002
Allen, TX 75013

Phone: 888-397-3742
Website: Click Here

Federal Trade Commission

Phone: 877-ID-THEFT
FTC Website: Click Here
Consumer Website: Click Here

Other Resources

Credit Bureau Pre-Screen Opt-Out

Phone: 888-567-8688
Website: Click Here

Free Credit Report

Website: Click Here