Consumer Alerts

January 2019

FBI Warns of "Money Mule" Fraud

The Federal Bureau of Investigation (FBI) is warning about a new form of fraud that targets companies, schools and nonprofits around the United States.

According to the Associated Press, “money mules” are individuals who (often) unknowingly use their bank accounts to transfer funds for criminals. The FBI is especially concerned about the people who become involved in international money laundering schemes that result in large economic losses.

“They trial and error this stuff, and they see what works and they see what doesn’t,” said FBI Supervisory Special Agent James Abbott. “It’s a much higher success rate when you have a lot of money using somebody else’s account going through there, instead of trying to cross the border with a physical transportation of cash.”

As a result, law enforcement agencies around the world have increased their efforts against money mule fraud. In fact, this month, Europol announced that it had identified 1,504 money mules, arresting 168. The FBI revealed in June the arrests of 74 people, and launched a publicity campaign called “Don’t Be a Mule.”

One example of the fraud, according to the FBI, was a criminal posing as an overseas Army captain, who recruited a man he met online to help him make plans to travel home by transferring money in and out of his bank account. The agency noted that $10,000 was wired into the man’s account, which he was instructed to withdraw in small increments and send to a woman in Texas.

Since the mules are often elderly, lonely or confused, the FBI usually gives them stern warnings and skips prosecution.

“When we approach them and talk to them, and explain to them what they’ve been doing, a lot of times, the horror is there,” said Steven D’Antuono, an FBI section chief who specializes in financial crimes. “It’s all walks of life, all educational levels. Anyone can fall victim to this.”

September 2017


Recently, Equifax, one of the three national consumer credit reporting agencies, announced a major data breach. This breach affects approximately 143 million Americans. This is what we know according to Equifax: the data breach occurred May – July 2017, and the information stolen includes consumers’ personally identifiable information, including names, Social Security numbers, dates of birth, addresses and, in some cases, driver’s license numbers. Approximately 209,000 credit card numbers and dispute documents with personally identifiable information for approximately 182,000 consumers were also stolen. There is no evidence of unauthorized access to consumers’ credit reporting databases.

To be clear, Sutton Bank was not compromised and your information was not stolen from our bank. However, Sutton Bank takes the security of our customer information very seriously, and we are providing you with the information we know about this massive breach and the steps you can take to protect your personally identifiable information if you so desire. Following this unprecedented breach, we are also asking our customers to be extra vigilant and report any suspicious activity in your Sutton Bank accounts to us by calling 800-422-3641.

Equifax has established a website that informs consumers if they may be affected by the breach, provides additional information on the breach, and offers complimentary identity theft protection and credit file monitoring. This information is available at To protect your identity and personal information, we strongly encourage our customers to take the actions noted below.

            P.O. Box 2000
            Chester, PA 19016

            P.O. Box 740241
            Atlanta, GA 30374

You should also contact the credit reporting agencies to notify them of any suspected fraud or identity theft.Equifax has established a dedicated toll-free number to answer questions you may have about the Equifax data breach and its effect on your personally identifiable information. You may call them at 866-447-7559.

If you believe you are the victim of identity theft, contact your local law enforcement office and/or your state attorney general. Finally, you may also want to consider reviewing information about recovering from identity theft, which is available from the Federal Trade Commission (FTC) at or by calling 1-877-IDTHEFT (1-877-438-4338). The FTC also offers general information to protect your online presence at

10 Scams Targeting Bank Customers: Plus the basics on how to protect your personal information and your money.

The FDIC often hears from bank customers who believe they may be the victims of financial fraud or theft, and they provide information on where and how to report suspicious activity. To help further, FDIC Consumer News includes crime prevention tips. The latest issue features a list of 10 scams that you should be aware of, plus key defenses to remember.

June 2017

Same Day ACH            Q & A’s

What is same day ACH?

  • Same Day ACH is essentially an expedited payment process compared to standard next day ACH settlement. It is NOT immediate or real-time payment settlement. It’s basically moving up ACH processing approximately 12 hours sooner. It allows originators to send ACH payments, with a same day effective date, so receiver accounts can receive the payments on a same day basis. Same day does not replace the existing ACH next day batch processing. It allows for a new same day settlement option.
  • All participating ACH financial institutions are required to process incoming same day ACH items for their receiving accounts. However, same day ACH origination is optional – financial institutions are not required to offer it.
  • International ACH transactions (IATs) and any single payment transaction over $25,000 will not be eligible for same-day processing.

How will same day ACH work?

Same day ACH is being rolled out in three phases over the next two years. The first phase will begin on September 23, 2016. With this phase:

  • Only ACH credits are eligible (phase 1) – think payroll, T&E, tax payments, or other disbursements.
  • Your same day ACH credits will be credited by the end of their financial institution’s processing day. That timeframe differs by financial institution, but currently the credit availability is typically between 5:00-5:30 pm ET here at Sutton Bank.
  • The federal government will not be participating in Phase 1 of Same Day ACH implementation, and will not send or receive same day ACH payments at this time. (EX: SSA, SSI, RRB, OPM)

Phase 2 begins on September 15, 2017. With this phase:

  • ACH debits are eligible in phase 2. Any payments made by writing a paper check, made by telephone or payments authorized via a billers website could clear your checking account on the same day you write the check or authorize the payment.
  • Previously, the debit could have taken as long as 1-2 days. Just a reminder that checks should never be written or payments scheduled when sufficient finds are not in your account to cover the entire amount of the purchase or payment.

How will same day ACH impact my day-to-day operation?

For incoming same day ACH credits, consider the following:

  • Your financial institutions do not have to make your funds available until the end of their processing day. This will vary so it may be difficult to know when you get your money.
  • You may receive ACH credits sooner, so you may need to update your accounts receivable system more frequently.
  • Your bank account may be credited sooner, so you may have an increase in funds availability and positive cash flow.

Does Sutton Bank offer same day ACH origination?

Sutton Bank will NOT offer same day ACH origination at this time. It was decided to take a wait and see approach during phase one based on customer demand and potential impact to bank operations and processing. In addition, many financial institutions like us want to see what the growth in same day ACH will be in the short run. We will keep you updated should we become a same day ACH originator.

Where can I find more information about same day ACH?

Feel free to visit NACHA’s Same Day ACH Resource Center. This site is your one-stop-shop for all things same day ACH. It has fact sheets, checklists, articles, and recorded training webinars.

Going Mobile: How to be Safer When Using a Smartphone or Tablet

FDIC Consumer News Winter 2016

Everywhere you look, people are using smartphones and tablets as portable, hand-held computers. "Unfortunately, cybercriminals are also interested in using or accessing these devices to steal information or commit other crimes," said Michael Benardo, manager of the FDIC's Cyber Fraud and Financial Crimes Section. "That makes it essential for users of mobile devices to take measures to secure them, just as they would a desktop computer."

Here are some basic steps you can take to secure your mobile devices.

Avoid apps that may contain malware. Buy or download from well-known app stores, such as those established by your phone manufacturer or cellular service provider. Consult your financial institution's website to confirm where to download its official app for mobile banking.

Keep your device's operating system and apps updated. Consider opting for automatic updates because doing so will ensure that you have the latest fixes for any security weaknesses the manufacturer discovers. "Cybercriminals try to take advantage of known flaws, so keeping your software up to date will help reduce your vulnerability to foul play," said Robert Brown, a senior ombudsman specialist at the FDIC.

Consider using mobile security software and apps to protect your device. For example, anti-malware software for smartphones and tablets can be purchased from a reputable vendor.

Use a password or other security feature to restrict access in case your device is lost or stolen. Activate the "time out" or "auto lock" feature that secures your mobile device when it is left unused for a certain number of minutes. Set that security feature to start after a relatively brief period of inactivity. Doing so reduces the likelihood that a thief will be able to use your phone or tablet.

Back up data on your smartphone or tablet. This is good to do in case your device is lost, stolen or just stops working one day. Data can easily be backed up to a computer or to a back-up service, which may be offered by your mobile carrier.

Have the ability to remotely remove data from your device if it is lost or stolen. A "remote wipe" protects data from prying eyes. If the device has been backed up, the information can be restored on a replacement device or the original (if you get it back). A number of reputable apps can enable remote wiping.

February 2016

Identity Fraud May be Down But Your Guard Needs to Stay Up!

Fraud comes in many shapes and sizes and unfortunately, it will never go away. Nor will the money and time spent fixing it. That's why it's vital to ramp up your security arsenal.

While fraud operators are constantly developing new viruses, spyware and online fraud schemes, the good news is that you can take action to protect yourself against online fraud. Delve into this site to find out how:

Avoiding online tax scams

It's tax season, which means it's also time for tax scams. Some tax scams occur when fraudulent tax returns are filed in the victim's name, while other variants occur when the malicious actors call the victim and pretend to be IRS agents. There are even malicious actors who use the tax season to spread malware and phishing emails.

Tax scams where the malicious actor files the return in the victim's name include identity theft and fraud, as well as tax fraud. This scenario occurs when the malicious actor finds or receives information about the tax filer, including the filer's name, address, date of birth and Social Security number. The malicious actor then uses this information to file a malicious tax return, citing as many deductions as possible to create a large tax refund.

Another variant of tax scams occurs when the malicious actor contacts the victim and tries to convince him or her to do something, such as immediately pay a fine or provide his or her financial information so a refund can be issued. In these instances the malicious actor uses what he or she knows about the victim, often information gained from a data breach or social networking website, to convince the victim that the caller has access to the victim's tax information. During these calls, the caller will frequently pretend to be an IRS agent.

In the third type of tax scam, malicious actors use tax-related spam, phishing emails and fraudulent websites to trick victims into providing login names, passwords or additional information, which can be used in further fraud. Other emails or websites may download malware onto the victim's computer.

What to watch out for

  • Watch for "spoofed" websites that look like the official website but are fake.
  • Don't be fooled by unsolicited calls. The IRS will never call to demand an immediate payment or require you to use a specific payment method, such as pre-loaded debit cards, pre-loaded credit cards or wire transfers. It will never claim anything is "urgent" or due immediately, nor will it request payment over the telephone.
  • The IRS won't be hostile, insulting or threatening, nor will it threaten to involve law enforcement to have you arrested or deported.
  • Sometimes malicious actors change their caller ID to read as the IRS. If you're not sure, ask for the agent's name, hang up and call the IRS (or your state tax agency) using a telephone number from its official website.


If you believe you're the victim of identity theft or fraud, there are a couple of steps you should take: •File a report with your local law enforcement agency.

  • File a report with the Federal Trade Commission (FTC).
  • File a report with the three major credit bureaus -- Equifax, Experian and TransUnion -- and request a "fraud alert" for your account.

If you receive spam or a phishing email about your taxes, don't click on the links or open any attachments; instead, forward the email to

Other tax scams or fraud can be reported according to the directions found on the IRS website.

Department of Commerce Warns of Unclaimed Funds Scam!

The Ohio Department of Commerce is warning Ohioans that, "Unclaimed Money Discovery," has emailed Ohioans saying that a recovery agent has been assigned to help them find and claim their unclaimed funds. The email asks that the recipients pay $29.95 for the service. Once the fee is paid they send a claim form to a legitimate unclaimed fund site to complete the process. The department noted that Unclaimed Money Discovery is not registered or authorized to perform this service. The Ohio Department of Commerce wants Ohioans to know that a fee is not required to claim funds that are rightfully theirs. It is unfortunate that during the holiday season there are people trying to take advantage of others for their own personal financial gain.

Computer Security Tips for Bank Customers: A Basic Checklist

Computer-related crimes affecting businesses or consumers are frequently in the news. While federally insured financial institutions are required to have vigorous information security programs to safeguard financial data, consumers also need to know how to protect and maintain their computer systems so they can steer clear of fraudsters. Here is a short checklist.

1. Protect your computer.Install anti-virus software that scans your computer for malicious software ("malware") that can steal login IDs, passwords and account information (including credit or debit card numbers). Also use a firewall program to guard against unauthorized access to your computer. "Anti-virus protection and firewall options vary, and some are free," said Michael Benardo, Manager of the FDIC's Cyber Fraud and Financial Crimes Section. "Choose one, install it, and then set the software to update automatically."

2. Safeguard your smartphone, tablet and similar mobile devices, especially when using them for banking or shopping. Reduce your risk of downloading "apps" (applications) that contain malware by using well-known app stores, such as those established by your phone manufacturer or cellular service provider, or from the official Web site of the bank.

Also, to ensure that you have the latest fixes to software problems affecting mobile devices, opt for automatic updates for your operating system and apps or manually download updates as soon as you receive notice that they are available. Some banks provide customers with anti-malware software that can be loaded on a smartphone. You can also purchase the software from a reputable vendor.

And, don't leave your mobile device unattended. In case your device does get lost or stolen, use a password or other security feature to restrict access. You should enable the "time-out" or "auto-lock" feature on your mobile device to secure it when it's not used for a period of time. "Some phones have a remote feature that will allow you to erase all the personal information on your phone or disable it in the event that your phone is lost or stolen," said Jeff Kopchik, a Senior Policy Analyst with the FDIC.

3. Understand your Internet safety features. When you are buying something online or filling out an application that contains sensitive personal information, you can have greater confidence in a Web site that encrypts or scrambles the information as it travels to and from your computer. Look for a padlock symbol on the page and a Web address that starts with "https://." The "s" stands for "secure."

4. Be careful where and how you connect to the Internet. A public computer, such as at an Internet café or hotel business center, may not have up-to-date security software and could be infected with malware. Also, for online banking or shopping, avoid connecting your computer, tablet or smartphone to a wireless network at a public "hotspot" (such as a coffee shop, hotel or airport).

5. Be suspicious of unsolicited e-mails and text messages asking you to click on a link or download an attachment. It's easy for fraudsters to copy corporate or government logos into fake e-mails that can install malware on your computer.

"Your best bet is to ignore any unsolicited request for immediate action or personal information, no matter how genuine it looks," Benardo said. "If you decide to validate the request by contacting the party that it is supposedly from, use a phone number or e-mail address that you have used before or otherwise know to be correct. Don't rely on the one provided in the e-mail."

6. Use "strong" IDs and passwords and keep them secret. Choose combinations of upper- and lower-case letters, numbers and symbols that are hard for a hacker to guess. Don't, for example, use your birthdate or address. Also don't use the same password for different accounts because a criminal who obtains one password can log in to other accounts. Finally, make sure to change your passwords on a regular basis.

7. Take precautions on social networking sites. Criminals can go there to gather details such as someone's date or place of birth, mother's maiden name or favorite pet and use that information to figure out and reset passwords. Fraudsters also may pretend to be your "friend" to persuade you to send money or divulge personal information. More tips on avoiding fraud on social media sites are available from the FBI and the Internet Crime Complaint Center.

For more tips on computer and Internet security for bank customers, including how to protect yourself from data breaches, see back issues of FDIC Consumer News. Also watch the FDIC's multimedia presentation "Don't Be an Online Victim."

Also visit for a variety of information from the federal government on how to be safe online. The site includes new videos from the Federal Trade Commission on what to do if your e-mail is hacked or malware attacks your computer.

Changes Could Help Boost Credit Scores

Your credit score, which is mainly based on your history of repaying loans, can determine your ability to borrow money and how much you will pay for it. Here is good news for some consumers: Your score may improve as a result of changes in how credit reports and scores are compiled.

In one development, FICO, a company that provides software used to produce many consumer credit scores, announced in August 2014 that unpaid medical debt will not have as big an impact on the new version of its most popular credit score.

And in December 2014, the Consumer Financial Protection Bureau (CFPB) announced that it will require the major consumer reporting agencies to provide regular accuracy reports to the Bureau on how disputes from consumers are being handled. The CFPB said medical debt in particular is a source of numerous complaints because the billing process can be complicated and confusing to consumers. The CFPB noted that the accuracy reports will help it hold credit reporting companies accountable for ensuring that erroneous information does not damage a consumer's credit score.

Separately, as part of an agreement in March 2015 with the New York Attorney General's Office, the nation's three major credit reporting agencies -- Equifax, Experian, and TransUnion -- are taking steps that could help some consumers raise their scores. For example, they committed to conduct a more thorough review of documents provided by a consumer who is disputing information in a credit report. Also, they are clarifying how consumers can appeal the decision that the credit reporting company makes. In addition, medical debts will not appear on credit reports until they are at least 180 days past due.

These changes may help raise some consumers' credit scores and reduce their borrowing costs. In general, though, to build or maintain a good credit score, consumers need to manage their money carefully, and that includes using caution when taking on additional debt.

Here are reminders from FDIC Consumer News about how to achieve and maintain good credit scores:

Be cautious with how much you borrow: Credit scores are generally higher for consumers who do not "max out" or otherwise use a large share of their available credit. Being careless about borrowing money can lead to debt overload. "Keep in mind that filing for bankruptcy harms your credit score and can remain on your credit report for 10 years," noted Elizabeth Khalil, a Senior Policy Analyst at the FDIC.

Always make your payments on time: "Whether it's your phone bill, utility bill, car loan or credit card, pay at least the minimum due, and pay it on time, because payments that are 30 days late may start lowering your credit score," said Heather St. Germain, an FDIC Senior Consumer Affairs Specialist. "Setting up automatic payments can help you make the due dates."

Check your credit report regularly: Erroneous or outdated information on your report or fraudulent information can hurt your credit score. "The Fair Credit Reporting Act gives you the right to dispute information on your credit report and have corrections made," St. Germain said. "However, many people don't check their credit reports. It's better to find errors and get them corrected, since your credit report is used for many decisions, such as when an employer is making hiring decisions or when you are applying to rent an apartment."

By law, consumers are entitled to receive a free credit report every 12 months. To request your free credit reports from each of the three major credit reporting agencies, go to or call toll-free 1-877-322-8228.

ICBA Provides Tips for Consumers to Protect Themselves Against Cyber Crimes

Washington, D.C. (Feb. 10, 2015)--The Independent Community Bankers of America® (ICBA) and the nation's more than 6,500 community banks want consumers to be aware of ways to protect themselves and their personal financial information against identity theft and cybersecurity-related crimes.

"It is vital that customers alert their community banks immediately if they know or suspect their personal information has been compromised," said ICBA Chairman John Buhrmaster, president and CEO of 1st National Bank of Scotia, N.Y. "Criminals are on the hunt to capture confidential consumer financial information and personal data. The community banking industry wants consumers to have as much information, education and resources as possible so they can protect themselves against such attacks."

Community banks across the nation work aggressively to protect their customers' financial, personal and sensitive information on a daily basis. Community bankers have been informing their customers about multiple layers of security protection, monitoring customer accounts for fraudulent activity, reissuing credit and debit cards as appropriate and educating consumers on how to avoid fraud, identity theft and becoming a victim of a cyber crime.

Additionally, the Federal Trade Commission provides guidance on immediate steps consumers should take to repair identity theft. If any consumer believes they have had their identity stolen or are victim of fraudulent charges on a credit or debit card, reach out to your community bank immediately.

ICBA provides consumers valuable tips when it comes to taking proactive security measures:

  • Monitor all of your financial accounts and report any suspicious activity, such as false or multiple charges, to your community bank immediately.
  • Be sure to use unique passwords for all financial online accounts. Never share or duplicate usage of your password, account number, PIN or answers to security questions.
  • Do not save credit or debit card, banking account or routing numbers, or other financial information, on your computer, phone or tablet.
  • Use caution when sharing personal information about yourself on social media channels and the Internet. Identity thieves and cyber criminals can use information to gain access into your life. Never post account numbers, credit card statements or bank details.
  • Be vigilant about using a password on mobile devices. Be sure to set your devices to automatically lock after a selected period of time to ensure no one can access your smartphone, tablet or laptop.
  • Be aware of the location of your mobile devices (smartphones, tablets) at all times. Only log on financial websites when you have a secure, safe and trusted Internet connection.
  • Shred ATM receipts, credit card offers or statements, checks and other similar documents when you no longer need them.
  • Consider getting an IP PIN. An IP PIN is a six-digit number assigned to eligible taxpayers that helps prevent the misuse of Social Security numbers on fraudulent federal income tax forms, per the IRS.
  • Do not provide your secure financial information over the phone or Internet if you are unsure of who is asking for it. Contact your community bank directly by using the phone number on the back of your debit or credit card, or stop in your bank to speak with someone in person. Remember, Sutton Bank will never contact or text you asking for personal or banking information.

ICBA and SHCPF Provide Tips to Protect Elderly Veterans from Financial Abuse

The Independent Community Bankers of America and the Senior Housing Crime Prevention Foundation have banned together to provide tips on preventing financial abuse for our nation's elder veterans and their families, offering the following tips on ways to prevent financial abuse for our nation's elder veterans:

  • Secure all of your valuables in a bank safety deposit box. These valuables can include your Social Security card, passports, credit card account numbers, will and other legal documents, financial statements and medical records.
  • Do not give financial information to callers that contact you and claim to be from established organizations such as your bank or credit card companies, especially if they ask you to wire funds or send them private information. If you are concerned about your bank account, contact your local community bank directly.
  • Check your bank accounts and bill statements carefully. You can check them online so you can zoom in easily in case you need to make the statement larger for easier reading. Plus, online banking makes it easy to check your transactions on a regular basis. If you notice unauthorized charges, alert your bank immediately.
  • Do not give your personal information, such as bank account numbers or PINs, to anyone in a phone call, letter, email, fax or in a text message.

"Protecting our nation's veterans is a need that must be addressed. These men and women have dedicated their lives to protecting us and SHCPF is dedicated to protecting them now," said SHCPF Chairman, President and CEO Peter K. Gwaltney. "Elder financial abuse is a rapidly growing problem in our country and we owe it to our veterans and all of the elderly to stop financial exploitation."