Man holding a smartphone


If your debit card or ATM card is lost, stolen or compromised, please call 334-774-4931 during regular banking hours or 1-800-417-4592 after banking hours.
Bogus emails that trick unsuspecting individuals and businesses into revealing valuable personal and financial information are among the simplest, most common, and costliest cyber-scams.

In "spoofing" or "phishing" scams, as they are known to law enforcement officials, messages are disguised to appear as if they come from trusted, legitimate companies such as online auction site, your Internet service provider, even Commercial Bank of Ozark. Typically, they ask you to click on a link to the company website or call a fictitious phone number. However, the link actually goes to an impostor or “spoof” site, operated by criminals perpetrating several possible scams.

Watch for Red Flags
Fraudulent emails may appear to come from a reputable source. This is how spammers and scam artists fool recipients into opening and responding to their solicitations. But check the finer details and you may notice:

  • Spoof email addresses: If you notice that the return email address is not the actual email address of the purported sender, that’s a warning sign of a scam. Criminals are sophisticated, so check carefully – sometimes the “spoof” email address is only one or two characters different than the real company’s email address.
  • Altered links: Although the link within the email may appear to go to a legitimate site, hovering over it may show that it actually goes to a totally different – and fraudulent – site.
  • Misspellings and poor grammar: Many scam emails originate from outside the U.S., and typical red flags include poorly written text and misspelled words. Misspelled company names, typos, and grammatical errors are also employed to avoid detection by spam and email filters.
  • Your name is missing: Scam emails may not have the recipient’s actual name; instead they may say “Dear customer” or even “Dear” – with the space for the recipient’s name left blank.
  • Wrong information: If you receive an email thanking you for signing up for PayPal, eBay, or another service, but you signed up years ago, or never did, this incorrect information is a red flag for a scam.
Internet scammers casting about for people's financial information have a new way to lure unsuspecting victims: They go "phishing."

Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. Identifying the fraudulent e-mails and web sites is not easy. Here are a few examples of fraudulent e-mails that we are aware of to help you better protect yourself. If you believe that you have received one of these e-mails or may have become the victim of identity theft, please contact the bank immediately.

Fraudulent E-mails Appearing to Come from NACHA
NACHA, the system that processes ACH transactions between banks, has been the victim of sustained and evolving phishing attacks in which consumers and businesses are receiving emails that appear to come from NACHA. The attacks are occurring with greater frequency and increased sophistication. Perpetrators may also be exploiting email addresses recently stolen from Epsilon. These fraudulent emails typically make reference to an ACH transfer, payment, or transaction and contain a link or attachment that infects the computer with malicious code when clicked on by the email recipient. The contents of these fraudulent emails vary, with more recent examples including a counterfeit NACHA logo and the citation of NACHA’s physical mailing address and telephone number. NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive. If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software application security patches are installed and current. Additional information and guidance on phishing is available from the Federal Deposit Insurance Corporation (FDIC).
How Not to Get Hooked by a 'Phishing' Scam

“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”

“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”

Have you received email with a similar message? It’s a scam called “phishing” — and it involves Internet fraudsters who send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims.

According to the Federal Trade Commission (FTC), the nation’s consumer protection agency, phishers send an email or pop-up message that claims to be from a business or organization that you may deal with — for example, an Internet service provider (ISP), bank, online payment service, or even a government agency. The message may ask you to “update,” “validate,” or “confirm” your account information. Some phishing emails threaten a dire consequence if you don’t respond. The messages direct you to a website that looks just like a legitimate organization’s site. But it isn’t. It’s a bogus site whose sole purpose is to trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

The FTC suggests these tips to help you avoid getting hooked by a phishing scam:

If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address yourself. In any case, don’t cut and paste the link from the message into your Internet browser — phishers can make links look like they go to one place, but that actually send you to a different site.

Area codes can mislead. Some scammers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a “refund.” Because they use Voice Over Internet Protocol technology, the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card. In any case, delete random emails that ask you to confirm or divulge your financial information.

Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for antivirus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or OSX) or browsers (like Internet Explorer or Safari) also may offer free software “patches” to close holes in the system that hackers or phishers could exploit.

Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.

Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

If you believe you’ve been scammed, file your complaint at, and then visit the FTC’s Identity Theft website at Victims of phishing can become victims of identity theft. While you can’t entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk. If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit bureaus. See for details on ordering a free annual credit report.

You can learn other ways to avoid email scams and deal with deceptive spam at

The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. To file a complaint or get free information on consumer issues, visit or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. Watch a new video, How to File a Complaint, to learn more. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

High quality, personalized customer service is our true mission.