Yes, but just for business purposes. We use outside vendors to help us maintain customer accounts by doing things like printing checks, processing account transactions, providing technological assistance and helping us offer products and services tailored to fit your financial needs. By using outside vendors, we can keep our costs down and operate more efficiently.

No. CoreFirst Bank & Trust has not and will not sell information to outside companies.

IMPORTANT INFORMATION ABOUT OPENING A NEW ACCOUNT

The USA Patriot Act was signed into law to help the government fight the funding of terrorism and money laundering activities. Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account.

What this means for you: When you open an account, we will ask for your name, address, date of birth, tax payer identification number and other information that will allow us to identify you. We will also ask to see your driver’s license and other identifying documents.

Your personal information and the security of that information is our top priority, make sure to review our Privacy Policy.

View our Privacy Policy 

As scammers get more sophisticated, phishing emails are becoming more official in nature and harder to spot. Recently, some of the bigger phishing frauds have been impersonations of giant companies such as; Office 365, MailChimp, FedEx and UPS. In all of these attempts, the alleged sender of the email is well known to the recipient. This sense of comfort with the purported sender leads the recipient to drop their guard and click on links or open attachments resulting in an infected PC and/or company network.

CoreFirst Bank & Trust is dedicated to providing your business with the tools it needs to stay safe from this and other fraudulent activity. Take a minute to review how you can stay on top of phishing attempts.

Common Terms:

• Spam – Email messages that arrive in bulk.
• Phishing – Manipulates end user to divulge personal/business information or entices them to click on malicious links or attachments by use of a phony email or website.   
• Spear Phishing – A targeted attack that is focused on an organization or business where emails are sent under a guise of a known, trusted sender to obtain information to commit fraud.
  

How Do You Identify an Email Attack Carefully scrutinize any email that has the following calls to action:

1. Any type of “reply”, this includes unsubscribe messages
2. Hyperlinks to click, this includes unsubscribe messages
3. Attachments to open
4. The request to forward the email  
5. Encouragement to ‘act now’ or something negative will happen
   
   Often the cybercriminal words the messages so that you complete the above actions. Be extremely cautious of messages that appear crucial and elude to a negative consequence if action isn’t taken.

Be Cautious of Everything in an Email By educating yourself and your staff you can mitigate the chances for a phishing attack on your business. Make sure to hold email training sessions with your team so they know what to look for.

Here are just a few of the ways the criminals can get your staff to unwittingly engage their cyber threat.

• From Address Line – The address can be forged and may look right but is not legitimate.
• Web Links – A link can say anything in the email message but be something very different. Get in the habit of hovering your mouse over the link to verify where the link is actually taking you. If you still aren’t sure, don’t click it! 
• Files – Word, Excel, PDF and other files can contain hidden malware. If you are not expecting a file from the sender do not open it.
• Be Vigilant - If you don’t know the sender or aren’t expecting an email never click on links or open attachments.

Card Cracking is a scheme to defraud consumers via online solicitations to earn "easy-money" or to work-from-home. Fraudsters usually target younger people and use Facebook, Twitter or Instagram to lure in victims.

How Does Card Cracking Work?
Once the individual has responded to a solicitation, they are usually asked for their debit card number, PIN and other account information for direct access to the account. Once the fraudsters have what they need, they begin to deposit fraudulent checks into the account, and then withdraw the funds immediately through the ATM. The bank customer is then instructed to call the bank and claim fraud on the ATM withdrawal. Once the money is refunded, the fraudster provides a portion of the refund money back to the bank customer.

Guard Yourself
To help consumers avoid involvement in this scam, the American Bankers Association (ABA) and CoreFirst offer the following tips:

• Do not respond to online solicitations for "easy money." Card cracking advertisements will suggest that this is a quick, safe way to earn extra cash.
• Never share your account number and PIN. Always keep this information private. By sharing it with others, you expose yourself to potential fraud.
• Do not file false fraud claims with your bank. By filing a false claim, you are a co-conspirator to fraud. Banks' detection techniques for card cracking are constantly improving and suspicious claims will be investigated.
• Report suspicious posts linked with scams. If you notice postings that appear to be linked with a possible scam, report them to the social media site. There is usually a drop-down menu near the post to allow for easy reporting.
  

Learn More
The ABA's infographic on Card Cracking is a great first step in arming yourself against this type of attack.

Ransomware is a type of phishing attack that is initiated when a user clicks on an infected link in an email or infected advertisement. Malware is then deployed on your computer and blocks you from accessing your files. You will then be instructed to pay a "ransom" hence the name to restore your files. The ransom is a scare tactic to force you to make a hasty decision.

Guard Yourself
Take steps to prohibit this type of activity by taking note of the following:

1. Make sure you have anti-virus installed on your device and that it is current and up-to-date
2. Always make sure to have your computer files backed up
3. Don't click on links within an email unless you know it is legitimate
4. Be cautious of ads that pop-up while you are online

I have Ransomware, now what?
Don't pay the ransom and stop using your computer. Get help from a reputable computer professional who can help you restore your files, advise you on paying the ransom and check your computer for further infection.

Learn More
The American Bankers Association infographic on Ransomware is a great first step in arming yourself against this type of attack.

Phishing is a scam that uses spam emails to deceive consumers into disclosing their credit card numbers, bank account information, Social Security numbers, passwords and other sensitive information.

The emails often pretend to be from businesses that potential victims deal with such as their Internet service provider (ISP), online payment service or bank. The fraudsters tell recipients that they need to “update” or “validate” their billing information to keep their accounts active, and direct them to a “look-alike” website of the legitimate business. There will be a place on the website to enter your information, which the scammer can steal and use.  

Avoid getting caught by one of these scams by following these tips:

• If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or website address you know to be genuine.
• Avoid emailing personal and financial information. Before submitting financial information through a website, look for the “lock” icon on the browser’s status bar. It signals that your information is secure during transmission.
• Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
• Report suspicious activity to the FTC at www.ftc.gov or IdentityTheft.gov. 

As a rule, CoreFirst Bank & Trust will never ask for personal information through an un-solicited email. Please call us immediately if you receive any questionable solicitations.

Consumers lose millions of dollars each year to con artists and scams. Many scams involve the withdrawal of money that is wired to an unknown person or put on a prepaid credit card. BEFORE YOU WITHDRAW YOUR MONEY for something that seems too good to be true, ask yourself the following questions:

1. Has anyone asked you to withdraw your money for any reason?
2. Have you been instructed to wire funds or purchase prepaid cards for this person?
   

Always be on the lookout for scams like the below:

You Won Scams:

• You may be notified by mail or by phone that you have just ‘won the lottery’ without playing.
• A popup might claim you’ve selected to be a mystery shopper.
• You receive a check in the mail and are now instructed to send funds for taxes, overpayments, fees, expenses, etc. through a wire or prepaid card.
  

Utility Payments, Taxes, Jury Duty & Home Repair Scams:

• You may be contacted by someone claiming to be a utility company, the IRS, a courthouse, or law enforcement threatening you for taxes, utility payments, jury duty, etc.
• You may be told you need home repairs and the contractor demanded immediate cash payment.
  

Grandparent Scams:

• You may be contacted by someone claiming to be your grandchild in need of funds to 'get out of jail' or for other emergency expenses and they need funds wired immediately.
  

Selling Goods Scam:

• You may receive a check or wire for ‘more than the asking price’ for something you are trying to sell or sublease and are supposed to send funds back.
  

CoreFirst Bank & Trust is always here to assist you and help protect your assets. Please understand that once you have negotiated an item, you are responsible for that item. Wiring funds or purchasing prepaid cards will most likely result in a loss of funds that cannot be reclaimed.

If you are the victim of any type of financial scam, please contact CoreFirst Bank & Trust and report the scam with the Federal Trade Commission at: 1.877.382.4357 or www.ftc.gov.

If you have any questions about your rights as a user of the CoreFirst Bank & Trust website, you can reach the site administrator by email at [email protected].

The CoreFirst Bank & Trust website does not collect personal information about users except when specifically and knowingly provided by such users. Once you have provided personal identifying information, it will only be used for the purposes of managing the CoreFirst Bank & Trust website, or for such other purposes as described at the point of data collection. Such information will not be transferred to other parties unless otherwise stated at the point of data collection.

Website users should be aware that when they voluntarily disclose personal information, either through registering, by posting a message or completing an application, that information can be collected and used by others and may result in unsolicited messages from third parties.

CoreFirst Bank & Trust is committed to protecting user privacy and the CoreFirst Bank & Trust website is maintained consistent with the Banking Industry Privacy Principles for U.S. Financial Institutions.

Visitors to this bank website remain anonymous. We do not collect identifying information about visitors to our site. We may use standard software to collect non-identifying information about our visitors such as:

• Date and time our site was accessed
• IP address (a numeric address given to servers connected to the Internet)
• Web browser used
• City, state and country
  

The bank uses this information to create summary statistics and to determine the level of interest in information available on our site.

Visitors may elect to provide us with personal information via email, online registration forms or our guest book. This information is used internally, as appropriate, to handle the sender’s request. It is not disseminated or sold to other organizations.

Some areas of our website may use a “cookie” temporarily stored in the visitor’s computer memory (RAM) to allow the web server to log the pages you use within the site and to know if you have visited the site before.

Pursuant to the Children’s Online Privacy Protection Act, this website was not created or intended to be used by children.

Authentication 
CoreFirst Bank & Trust uses multi-layered authentication before allowing access to accounts through various access points that include but are not limited to Internet Banking, Mobile Banking, ATM or point-of-sale use. Authentication can include several things that the bank knows about its account holder, like the correct knowledge of passwords, personal identification numbers, correct usernames or the presence of the corresponding debit/credit/ATM card.

Policies & Account Protection CoreFirst Bank & Trust has both Privacy and website policies in place to protect personal data. A copy of your Privacy Policy is mailed annually and may be obtained by calling our Customer Service Center at 1.800.280.0123 or by visiting our website at CoreFirstBank.com.

Resources are also available that allow CoreFirst to monitor accounts for transactions that are not customary in the account’s history. This may allow us to detect suspicious activity sooner, therefore preventing losses.

Customer rights and responsibilities pertaining to electronic funds transfers are mailed annually in your account statement. Information regarding these rights can also be obtained by calling our Customer Service Center at 785.267.8900 or 1.800.280.0123. Contact us immediately if you believe there is an error or discrepancy with any of your account transactions.

Online banking is a secure and private environment. With CoreFirst Bank & Trust’s Online Banking security features, your account is safe. Our state-of-the-art routers, firewalls and Secure Socket Layer (SSL) technology provide security which exceeds industry standards. Further encryption and password safeguards are built in. 

• Resetting your password online is easy. Click on the Login Area in the top banner and check the Forgot Password box. Then, choose business phone or cell phone as a delivery option for the secure access code to be delivered to you. As soon as you receive your secure access code, enter it, and then enter a new password.
  
• Your password should be changed periodically. Internet Banking prompts you to change your password every 120 days. If you ever believe your user ID and/or password have been compromised, change them immediately.

Here are 12 steps to make sure your mobile device is protected:

1. Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.
2. Log out completely when you finish a mobile banking session.
3. Protect your phone from viruses and malicious software, or malware, by installing mobile security software.
4. Use caution when downloading apps. Apps can contain malicious software, worms and viruses. Beware of apps that ask for unnecessary "permissions."
5. Download the updates for your phone and mobile apps.
6. Avoid storing sensitive information like passwords or a social security number on your mobile device.
7. Tell your financial institution immediately if you change your phone number or lose your mobile device.
8. Report any suspected fraud to your bank immediately.
9. Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings, especially when you’re punching in sensitive information.
10. Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
11. Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don’t know. And be wary of ads (not from your security provider) claiming that your device is infected.
12. Watch out for public Wi-Fi. Public connections aren’t very secure, so don’t perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network.

Whether you shop online, enjoy social media or have an active email account, keep these tips in mind to keep your online data secure:

• Establish a strong password. Make sure it is at least 8 characters long and includes numbers, lower case letters and at least one capital letter. Change your password frequently and pick something that cannot easily be guessed. Never write down or share your passwords or PINs.
• Use antivirus software on your home and business computers. Make sure to run periodic scans and update the software with new releases.
• Always avoid emailing personal information such as your social security number or account numbers.
• Review your account statements as soon as you receive them for unauthorized charges. If your statement is late by a couple of days make sure to call the bank or credit card company to confirm your mailing address, balance and transactions. Consider utilizing Internet Banking to access and check your accounts daily. E-statements are also a great way to receive your statement more securely.
• Emails you receive with no warning and ask for specific account information to avoid some type of account closure are ALWAYS a scam. If you are in doubt about the authenticity of an email, call the company with a phone number not listed in the email. CoreFirst Bank & Trust will never solicit account information via an email message.
• Anytime you are conducting online financial business, make sure that address starts with https:// rather than http://. The “s” means your financial and personal information is encrypted before being sent over the Internet and can only be read by the website you are doing business with.
• If you are using a smart phone, check to see if your phone can run antivirus. If so, install it and run periodic scans. Regardless of the manufacturer, be sure to install software updates just as you would with your PC. Using a password to protect your device is also recommended.
• Be leery of links posted on social network sites, sometimes these links are the opening for criminals to install viruses or steal data. Be cautious of all information you disclose on these sites regardless of your security settings.
• As a reminder, CoreFirst Bank & Trust will never email or call on an unsolicited basis and ask for personal information such as account and social security numbers, passwords or user IDs.
• Ultimately, it is your responsibility to keep your information protected. For more information on keeping your finances safe, visit www.fdic.gov/consumers. If you have any questions about the safety of your online accounts with CoreFirst, please do not hesitate to call our Customer Service Center.

• Which is better for me, a Traditional IRA or a Roth IRA?
• How long will my retirement savings last?
• How much do I need to fund my retirement?

• How can I save a million dollars?
• How much could I save over time?
• How much should I save each month?

• How much car can I afford?
• How long will it take to pay off my credit card?
• How much do I need to save for college?
• How much will I need to save for a major purchase?
• How much can I afford to borrow?
• How much will my loan payments be?
• Should I consolidate my loans?
• How soon can I eliminate my debts?

Call our Customer Experience Center at 1.800.280.0123 or 785.267.8900

Find the reorder slip that’s attached to your 3^rd book of checks in your last order and pop it in the mail. This is especially quick and simple if you don’t need to update any of your information!