The Internet is one of the most powerful communication tools available, making it possible to share information instantly, any time of the day or night, around the globe.
Criminals have capitalized on the broad power and wide availability of the Internet and electronic mail (e-mail) to defraud unsuspecting people. It is critical that each of us maintain constant vigilance over the way we use the Internet and all forms of electronic communication.
The Bank of New York Mellon maintains active oversight of all of our systems as part of our efforts to protect the security and privacy of client information.
If you have any concerns or questions, please contact your Bank of New York Mellon representative.
The Bank of New York Mellon does not contact its clients or anyone else by e-mail to confirm credit card or financial transactions, or to confirm or request personal account information or any other type of sensitive information.
To help protect yourself and your personal data, do not trust any e-mail communications that request your personal information.
Criminals can be convincing. They make their fraudulent e-mails look like they come from legitimate sources. They publish fake Web sites that use designs, information and programming stolen from their rightful owners. Cyber criminals use methods to impersonate you over the phone to arrange funds transfers, or imitate communications from the financial institution to verify transactions, or initiate other changes to your account. Don't fall for their ploys.
E-mail is by far the most popular way for criminals to try to get your attention — and your personal information. An e-mail may direct you to a Web site designed and operated by criminals to trick you into revealing such information. Therefore, treat e-mail from someone you don't know the same way you would treat a telemarketing call from someone you don't know: don't necessarily believe what you're being told.
Fraudulent e-mails and Web sites are created every day to attempt to steal personal information. It's called "phishing" — a variation of the word "fishing." There are limitless variations of these online scams, so the best defense is education and a healthy dose of skepticism. A few misleading and deceptive techniques in use include the following:
As technology and one's ability to detect these scams improves, so, unfortunately, do the criminals. The latest attacks do not even require you to do anything. Merely opening the e-mail can launch "hidden" software — a virus, "spyware" or other malicious code — that will download to and reside on your computer. Should they go undetected, any of these programs could compromise your computer in a variety of ways, including stealing private information, redirecting your Web surfing to unscrupulous sites and transmitting information that you type on your computer directly to the criminals. Therefore you should delete all unwanted and potentially fraudulent e-mails without opening them.
Some fraudulent e-mails, spear-phishing attempts for example, can be very well done and very convincing. These are often created by more sophisticated and more determined criminals who are highly motivated to succeed. More generally, however, most fraudulent e-mails and Web sites established for fraud may frequently be characterized by the following:
There are a number of common e-mail scams of which you should be aware. While this list is by no means exhaustive, recent e-mail tricks include:
"Spoofing" is another trick used by criminals. Criminals steal a Web site's code — the technical programming that makes the Web site work — and use it to create a fake Web site that "spoofs" or appears to be the legitimate site.
The difficulty for unsuspecting consumers is that these sites look legitimate. To help protect yourself, be aware of how you're accessing the site.
If you receive a letter, accompanied by a check with a The Bank of New York Mellon brand, that claims you have won a lottery, a sweepstakes, have been chosen to be a paid "secret shopper" or a similar variation of a popular contest, be advised that these are scam letters and fraudulent checks. If you contact the sender as requested, you will be instructed to negotiate the check and forward the sender money through a wire transfer or money order. Please do not negotiate these checks, as they are not authentic The Bank of New York Mellon checks. If you receive one of these letters and/or checks, you should report it to your local U.S. Postal Inspection Service.
Corporate account takeovers, once associated mostly with large corporations, have started to target municipalities, smaller businesses, and non-profit organizations. Thousands of businesses, small and large, have reportedly fallen victim to this type of fraud. To obtain access to business financial accounts, cyber criminals often target employees and cause the targeted individual to download and spread malicious software (or "malware") which in turn steals their log-in credentials. Cyber criminals typically will accomplish this by getting you to perform some action such as open an email attachment, accept a fake friend request on a social networking site, visit an already compromised legitimate website, or plug an infected USB drive into your system. All of these can install malware on your computer.
Some recent methods used to trick employees into opening the attachment or clicking on the link, have included making the e-mail appear come from a legitimate business, for example:
Cyber criminals may try to take advantage of some current event, such as a natural disasters or major sporting events, They may use credentials stolen from company websites or co-workers or executives and design the e-mail to look like it comes from a trusted source.
Once they are able to get you to download their malware, they can easily steal your account login credentials and then be able to electronically steal money from your business accounts through unauthorized wire transfers and ACH payments.
Report any problems regarding The Bank of New York Mellon to your customer service representative.
If you should become a victim of identity theft, you can take the following actions to help you protect your personal and financial interests:
Contact your bank and credit card issuers to ensure that:
File a police report with your local police department and provide the facts and circumstances surrounding your loss. Obtain a police report number with the date, time, police department, location and name of the police officer taking the report or involved in the subsequent investigation. Having a police report on file will often facilitate your dealings with insurance companies, banks, credit card agencies, and commercial establishments that may be parties involved in fraudulent transactions. The police report may initiate a law enforcement investigation into the loss with the goal of identifying, arresting, and prosecuting the offender and possibly recovering your lost items. The police report will also help provide immediate clarification should someone assume your identity and be arrested for criminal activity using your name and biographical data.
Contact the three major credit bureaus (listed below) to order copies of your credit report, and to report identity theft.
PO Box 105069
Atlanta, GA 30349
To order a credit report: +1 800 685 1111
To report credit fraud: +1 800 525 6285
PO Box 2002
Allen, TX 75013
To order a credit report: +1 888 397 3742
To report credit fraud: +1 888 397 3742
PO Box 1000
Chester, PA 19022
To order a credit report: +1 800 916 8800
To report credit fraud: +1 800 680 7289
By ordering your credit report, you will be able to determine if the identity thief has opened any credit accounts in your name. You can then contact these creditors to let them know that your identity has been stolen, and that the accounts are fraudulent.
When calling to report fraud, request that a statement be placed on your credit report that indicates no further credit is to be granted in your name without first contacting you directly at the telephone number you designate. This is typically called a "Fraud Alert" or "Victim Statement", and will help prevent further accounts from being opened in your name.
Contact the Federal Trade Commission. The FTC maintains the Identity Theft Data Clearinghouse (the federal government's centralized identity theft complaint database), and provides identity theft victims with information. The FTC can be contacted through the following methods:
If you discover that a fraudulent bank account has been set up using your name, report the account information to the following merchant check guarantee firms:
Report improper use of your Social Security Number to the Social Security Administration (SSA) by contacting the SSA Hotline at +1 800 269 0271.
If your driver's license is stolen, report the theft immediately to your local Department of Motor Vehicles. Ensure that a duplicate license was not issued to the identity thief.
Maintain a log of what happened, what was lost, and all of the steps you took to correct the situation. Remember to record dates, times, phone numbers, people you spoke with, and any relevant reference numbers and information. Correcting an ID theft can be a long and difficult process — do not rely on your memory.
Businesses and Corporate clients should
Business and personal customers also should employ best practices to secure computer systems in their homes and business including, but not limited to:
Immediately notify us of any suspicious transactions, particularly ACH or wire transfers
BNY Mellon actively works to protect the privacy and data integrity of sensitive information while it is in our possession and control. In the course of providing services, we may exchange information with clients or their authorized representatives which is sensitive and confidential. In order to protect this information, BNY Mellon requires Highly Confidential Information (HCI), and in some cases other types of sensitive information, to be encrypted when transmitted over an open unsecured network.
BNY Mellon provides two methods of encryption for electronic messages containing HCI sent to external recipients.
Enforced Transport Layer Security (ETLS) is the primary and preferred method of encryption for BNY Mellon. This method of encryption allows e-mail to be automatically secured with no additional steps required by the sender and recipient. ETLS requires our external partner organizations to have both an ETLS capable infrastructure and a valid digital certificate for encryption. Once established, this method is the most convenient for all users and provides seamless encryption for e-mail and attachments. ETLS encrypts e-mail message between servers and is designed to protect confidentiality and data integrity and is a widely recognized standard issued by the Internet Engineering Task Force (IETF) for securing transmitted data.
If you have questions about ETLS encryption or to establish an ETLS relationship with your client, please contact the TLS Administration Team.
BNY Mellon Secure Messaging Portal is the alternative secure encryption tool which is utilized when an external partner does not have ETLS capability. The portal encapsulates a message and its attachments into an encrypted message. Once protected, the encrypted message is sent to recipients as an attachment to a plain text email. The recipient uses a self-created, pre-registered password to access the notification and any attachments. This guide provides step by step instructs on how to register and use BNY Mellon's Secure Messaging tool.
Access the BNY Mellon Secure E-Mail User Guide (PDF - 1.4 MB) or the BNY Mellon Secure E-Mail Quick Guide (PDF - 238 KB) for External Partners.
If you have questions about BNY Mellon's Secure Messaging Portal, please contact the Secure Messaging Team.
When accessing any third-party/external sites that may be linked above, you will leave the BNY Mellon web site. These sites are not controlled or endorsed by BNY Mellon, and BNY Mellon is not responsible for the contents, operation or security of these sites.