Print this page small font normal font large font

Online Fraud

Spoof Websites

Spoofed Web sites are commonly used in conjunction with phishing scams. The spoofed site is usually designed to look like the legitimate site, sometimes using components from the legitimate site.

Fraudsters may attempt to direct you to spoof websites via various methods, some of which include: emails, pop-up windows or text messages. These websites are used to try to obtain your personal information. One way to detect a phony website is to consider how you were directed to the site or landed there. Use caution if you may have followed a link in a suspicious email, text message, online chat or other pop-up window requesting your personal or account information.

What to look for:

  • Typo Scamming
    Cyber criminals also use Web addresses that resemble the name of a well-known company but are slightly altered by adding, omitting, or transposing letters. For example, the address "" could appear instead as:

  • Check The Domain Name

    Be careful of misspellings when you type in a domain name, especially for the first time. After that, your browser may fill in the rest of the address of a site you've visited before. Typo-scammers have been known to download malicious software apps and spyware onto non-firewalled computers that connect to their sites.

    One of the more insidious cyber attacks is the Man-In-The-Middle Attack, which is the type of attack where attackers attempt to intrude into an existing secure connection to intercept exchanged data and inject false information. It involves eavesdropping on a connection, intruding into the connection, and intercepting sensitive messages or data, and selectively modifying data like the amount of money within a transaction. This is why you need to verify that you are in the correct domain when logging in to our online banking and mobile banking systems, and why you should monitor your accounts for suspicious activity.

  • Man-In-The-Middle-Attack Sample

  • Hover Over Links

    When you hover over a link on a page and the real web address is revealed, be suspicious if rather than a URL that makes sense (like "") you see a string of numbers, like "http://187.472.252.052." Also be suspicious if you're on what should be a secure site (like our bank site or your secure session) and there is no padlock symbol in your browser frame, and the URL does not begin with "https://".

  • Be Aware Of Emails From The Bank

    If you get an email that appears to be from Mechanics Bank or another secure site asking you to "verify your account," call us to ask if an email was sent. Never answer one of these emails. We have other ways of contacting you. Note: Mechanics Bank will never send unsolicited emails asking clients to provide, update, or verify personal or account information, such as passwords, Social Security numbers, PINs, credit or Check Card numbers, or other confidential information.