Stronger Security Starts
With Awareness

• To report suspicious or fraudulent activity on your account, call your Relationship Manager or your nearest branch location. All branch contact information can be found on our Locations page.

Security is something Capital Bank takes very seriously — from safeguarding your privacy, to defending against fraud and identity theft. As your partner, we work hard to help you bank with confidence.

To help ensure that your privacy, identity, and transactions are well protected, Capital Bank has state-of-the-art security measures in place, as well as services and account features that help prevent fraud. There are also actions that you can take. Visit Being Money Smart for tips and suggestions about how you can protect your identity.

Online security:

• • Firewall systems and intrusion detection software protect our systems
  • Sensitive information is encrypted with 128-bit Secure Socket Layer (SSL) to protect the confidentiality of your data
  • Security information is built directly into our systems and networks using internationally recognized standards, regulations, and industry-based best practices
  • We work with a third-party vendor that provides strong authentication controls based on guidance provided by the Federal Government’s banking regulators
  • It is a must for you to keep your mobile device up to date with security updates and patches especially if you use it for banking services.

ATM security:

• • Capital Bank’s ATM network runs on an application from Intel®, allowing each ATM to operate as its own mini-computer
  • The ATM network is not susceptible to the Microsoft® Windows® XP operating system “sunset”
  • Capital Bank maintains and updates security protocols as necessary, ensuring information security at Capital Bank ATMs.

Your best practices:

• • Your login credentials, user ID and password, are your unique keys to accessing and managing your Capital Bank account. Do not write them down or share them with anyone
  • Keep your credentials safe, whether they’re for your financial accounts or other websites
  • Never share your user name, password, or security questions with anyone, even with a Capital Bank employee
  • Beware of suspicious e-mails or unsolicited phone calls asking for your user name password or security questions
  • Be sure that no one is watching you enter your credentials, and always “log out” or “sign out” of any websites, especially those accessed over public WIFI connections
  • Remember to close the browser when leaving a computer or laptop or other device
  • Install and regularly update anti-virus and anti-spyware software and perform frequent scans of your computer
  • Protect your computer with a firewall; simple anti-virus software is inadequate on its own
  • Be aware and learn how to protect yourself from malicious email and malware infections. Learn more from the FTC website.

1. Strengthen Your Bank Account Security

– Use a strong, unique password:

• • Never reuse it across accounts.
  • Avoid personal info like birthdays or pet names.

– Use a dedicated email for banking:

• • Keep it separate from shopping or social media to reduce phishing exposure.

2. Monitor Your Bank Activity Regularly

– Set up account alerts

– Check statements frequently:

• • Review your online banking app weekly and your monthly statements carefully. Report any unauthorized transactions immediately.

– Audit linked accounts:

• • Remove old devices, apps, or merchants connected to your account.

3. Protect Your Debit & Credit Cards

– Use contactless or chip payments:

• • Avoid swiping your card when possible — chip transactions are more secure.

– Set transaction limits

4. Avoid Phishing & Social Engineering

– Beware of fake bank emails, texts, and calls:

• • Banks never ask for your password, PIN, or OTP.

– Verify before acting:

• • If you get a suspicious request, call your bank directly using the number on your card or official website.

– Check website URLs carefully:

• • Only log in through the bank’s official app or website.

5. Secure Your Devices & Network

– Keep your banking app updated:

• • Updates often include security fixes.

– Use antivirus & anti-malware protection

– Avoid public Wi-Fi for banking:

• • Use a VPN or mobile data when accessing sensitive accounts.

6. Protect Your Personal Information

– Shred sensitive bank documents:

• • Statements, checks, and loan papers can be used for identity theft.

– Be cautious on social media:

• • Avoid posting info fraudsters can use to guess security questions.

– Secure your mailbox:

• • Physical mail theft is still a common way fraudsters get banking info.

7. Use Extra Fraud Protection Tools

– Monitor your credit report o Use free services like AnnualCreditReport.com or sign up for Experian, Equifax, or TransUnion alerts.

– Consider a credit freeze (optional but powerful):

• • Prevents criminals from opening accounts in your name.

8. Act Immediately If You Suspect Bank Fraud

– Call your bank right away.

– Change your online banking password immediately.

– Dispute unauthorized transactions immediately.

– File a report with your local fraud authorities

Pro Tip: For extra security, keep a separate bank account for online shopping or recurring payments. That way, your primary savings account is less exposed to potential fraud.

Strengthen Access Controls

– Use dedicated business bank accounts

– Never mix personal and business finances.

– Implement multi-user access with permissions:

• • Give employees only the access they need — use role-based permissions

– Use strong, unique passwords

– Enable Multi-Factor Authentication (MFA)

Monitor Accounts & Transactions

– Set up transaction alerts

– Enable SMS, email, or app notifications for every withdrawal, deposit, or transfer.

– Reconcile accounts daily:

• • Review bank statements and compare them with invoices, receipts, and payroll
    reports.

– Audit linked accounts regularly:

• • Check which apps, payment processors, and employees have access to your
    banking system.

Secure Your Online Banking

– Use a dedicated computer for banking

– Avoid using it for web browsing, email, or social media to reduce malware risk.

– Keep software updated:

• • Regularly patch your OS, antivirus, firewall, and banking apps.

– Use a secure network

– Avoid public Wi-Fi. If employees work remotely, require a VPN for online banking.

Protect Against Business Email Compromise (BEC) & Phishing

– Business email compromise is one of the biggest threats to companies today. Fraudsters
impersonate CEOs, suppliers, or vendors to trick employees into wiring money.

– Train employees to spot phishing attempts

• • Look out for slight domain name changes, urgent payment requests, or unusual
    emails.

– Verify payment requests

• • Use a two-step approval process for any vendor or wire transfer changes.
    Implement email authentication

Use Fraud Prevention Tools from Your Bank

– Positive Pay:

• • You send the bank a list of issued checks; review exception items that don’t match daily.

– ACH Debit Blocks & Filters:

• • Block unauthorized electronic withdrawals from your account.

– Dual Authorization:

• • Require two authorized users to approve high-value transfers.

– Transaction Limits:

• • Set maximum daily transfer amounts to limit potential losses.

Protect Business Payment Methods

– Separate accounts for payroll, operations, and vendor payments:

• • Limits exposure if one account is compromised.

– Use virtual cards for online purchases:

• • Generates disposable card numbers for better security.

– Lock unused checks & cards:

• • Store them securely and shred old ones.

– Verify vendor details regularly:

• • Call suppliers using verified numbers, not info from an email.

Establish Internal Controls

Fraud doesn’t always come from outside — sometimes it’s internal.

– Segregate financial duties:

• • Don’t let one person handle invoicing, payments, and reconciliation.

– Conduct regular audits:

• • Schedule quarterly or annual reviews of financial processes.

– Require dual signatures:

• • For checks and wire transfers above a certain threshold.

– Screen employees carefully:

• • Background checks help reduce insider threats.

Have an Incident Response Plan

If fraud does happen, speed matters:

1. Contact your bank immediately.

2. Freeze affected accounts and disable compromised credentials.

3. Report fraud to law enforcement.

4. Notify vendors, customers, and employees if necessary.

5. Update your internal controls to prevent future breaches.

Pro Tips for Businesses:

• • Use cyber insurance — many policies cover financial fraud losses.
  • Consider services like Experian Business Credit Alerts to monitor for identity theft.

1. Contact all of your banks and lenders immediately

2. File a report with the Federal Trade Commission: www.identitytheft.gov or call 1-877-FTC-HELP (1-877-382-4357)

3. Place a fraud alert on your credit by notifying the Credit Bureaus.

Credit Bureaus:

• • • Experian:
      ▪ Experian.com/help
      ▪ 888-EXPERIAN (888-397-3742)
    • Equifax:
      ▪ Equifax.com/personal/credit-report-services
      ▪ 800-685-1111
    • TransUnion:
      ▪ TransUnion.com/credit-help
      ▪ 888-909-8872
      **You only need to notify 1 to report fraud, they will notify the other credit bureaus.

4. Contact Local Police

5. Reset your passwords

6. Regularly check your credit reports: www.annualcreditreport.com

7. Consider a credit freeze

Phishing Scams (Fake Emails & Websites)

How it works:

• • Scammers send emails pretending to be from your bank, asking you to click a link to “verify your account” or “fix an issue.” The link leads to a fake banking site designed to steal your username, password, and even one-time passcodes (OTPs).

Example scam:

• • You receive an email saying “Your account has been locked due to suspicious activity. Click here to restore access.” The site looks real — but it’s fake.

How to protect yourself:

• • Never click suspicious links.
  • Type your bank’s official website directly into your browser.
  • Check the sender’s email carefully — scammers often use look-alike domains.

Smishing Scams (Text Message Fraud)

How it works:

• • You get a text message claiming to be from your bank. It may say your account is locked, a payment failed, or you must confirm a transaction. Scammers include a link or phone number that leads to fraud.

Example scam:

• • “Your bank account has been frozen due to unusual activity. Click here to verify: [fake-link.com]”

How to protect yourself:

• • • Never click on links in unexpected texts.
    • Call your bank using a known phone number.
    • Enable your notifications to spot real alerts.

Vishing Scams (Phone Call Fraud)

How it works:

• • Scammers call pretending to be from your bank or even the police, claiming there’s a problem with your account. They’ll pressure you into sharing your PIN, OTP, or transferring money to a “safe account.”

Example scam:

• • Impersonation scam: A caller claims to be from your bank’s fraud department, warning that your account has been hacked. They ask you to “move your funds” to protect them — but the “safe account” belongs to the scammer.

How to protect yourself:

• • Hang up and call your bank back using the official number.
  • Remember: Banks will NEVER ask for your PIN, OTP, or full password.

Romance Scams

How it works:

• • Fraudsters build online relationships through dating sites or social media. After gaining your trust, they invent emergencies — like medical bills, travel issues, or investment opportunities — and ask you to send them money.

Example scam:

• • Someone you met online claims to be stuck overseas and needs help paying hospital bills. They promise to pay you back — but disappear after you send the money.

How to protect yourself:

• • Be cautious with anyone asking for money online.
  • Never send funds to someone you haven’t met in person.
  • Talk to a trusted friend or family member if you feel pressured.

Grandparent & Family Emergency Scams

How it works:

• • Scammers pretend to be a grandchild, niece, nephew, or other relative in urgent need of money. They often spoof phone numbers to make it look like the call is real.

Example scam:

• • “Grandma, I’m in trouble! I was arrested while traveling and need bail money. Please wire $2,000 right away.”

How to protect yourself:

• • Always verify with another family member before sending money.
  • Call your relative directly on a known number.
  • Be suspicious of anyone who pressures you to keep it a secret.

Account Takeover Scams

How it works:

• • Scammers steal your online banking credentials — usually through phishing, malware, or leaked passwords — then log in, change your settings, and drain your account.

Example scam:

• • A fake “security alert” email tricks you into entering your username and password on a fake login page. Within minutes, scammers take over your account.

How to protect yourself:

• • Use strong, unique passwords for online banking.
  • Turn on two-factor authentication (2FA).
  • Enable real-time transaction alerts. Overpayment & Refund Scams

How it works:

• • Scammers send you a fake payment — often by check — for more than the agreed amount, then ask you to refund the difference. Later, the check bounces, and you lose your money.

Example scam:

• • You sell something online for $300. The scammer “accidentally” sends you a $1,000 check and asks you to send back $700. The check never clears.

How to protect yourself:

• • Never send money back until payments fully clear.
  • Only accept payments from trusted buyers.

Fake Investment & Crypto Scams

How it works:

• • Scammers pose as financial advisors or bank representatives promising “guaranteed returns” or special insider offers. They often lure victims into sending money for fake stocks, crypto schemes, or “exclusive opportunities.”

Example scam:

• • A caller claims to represent your bank’s “investment department” and offers a 50% guaranteed return if you invest immediately. Once you send money, they disappear.

How to protect yourself:

• • Be skeptical of high-return, low-risk offers.
  • Verify investment opportunities directly with your bank.
  • Never send funds to “investment managers” you’ve never met. Business Email Compromise (BEC) (For Business Owners)

How it works:

• • Scammers hack or spoof vendor or company emails and send fake invoices or payment requests, tricking employees into wiring funds to fraudulent accounts.

Example scam:

• • A hacker sends a fake email from your CEO’s account asking finance to urgently transfer $50,000 to a “supplier.”

How to protect yourself:

• • Always verify payment requests with a call or separate email.
  • Use dual approvals for large transfers.
  • Implement banking tools like Positive Pay and ACH debit blocks. Remember: Banks never ask for your password, PIN, or OTP by email, text, or phone.

Multi-Factor Authentication (MFA) codes are one of the most effective tools banks

Multi-Factor Authentication (MFA) adds an extra step when you log in to your online banking or approve transactions. Instead of just using your username and password, the bank requires a onetime verification code (sometimes called an OTP – one-time password).

Common MFA Code Delivery Methods:
• SMS Text – A code is sent to your registered mobile number.
• Email – A code is sent to your email on file.
• Authenticator Apps (e.g., Google Authenticator, Microsoft Authenticator) – The app
generates time-based codes.
• Push Notifications – Some banks send approval requests to your banking app.
• Hardware Tokens (less common) – A small device generates unique codes.

These codes are typically 6–8 digits and expire within 30–60 seconds for security.

Fraudsters often try to steal usernames and passwords through:
• Phishing emails or texts
• Malware on devices
• Data breaches where login info is leaked
• Credential stuffing (using leaked passwords from other sites)

Best Practices for MFA:

Without MFA, a stolen password = account access.
With MFA, even if someone has your password, they still need your one-time code, making
unauthorized access much harder.

• Always enable MFA for online banking and mobile apps.
• Prefer authenticator apps over SMS when possible — they’re more secure.
• Never share your codes with anyone — even if someone claims to be from the bank.
• Beware of “MFA fatigue” scams — fraudsters may try to spam you with repeated code
requests to trick you into approving one.

There are several consumer protection services available that can help block spam calls, detect phishing texts, and verify caller identities. Here are some highly rated options:

Protection Against Spoofed Phone Calls:

These services help block robocalls, detect spoofed caller IDs, and warn you about suspicious numbers:

• RoboKiller: Blocks 99% of spam calls and texts using predictive analytics and Answer Bots.
• Hiya: Provides real-time spam alerts, caller ID information, and carrier-integrated protection.
• Nomorobo: Uses AI-powered filtering to block spoofed calls and screen suspicious numbers.

Protection Against Fake or Phishing Text Messages:

These tools detect and block scam texts (smishing) and phishing attempts:

• IRONSCALES: AI-driven protection for email and text phishing, with real-time remediation and training tools.
• Norton Genie: AI-powered scam detector for texts, emails, and calls, offering scam reimbursement and deepfake detection.
• F-Secure Text Message Checker: A free AI tool that analyzes suspicious texts and blocks smishing attempts.

Phone Number Verification Services:

These services help verify the legitimacy of incoming calls by checking the reputation of phone numbers:

• Number Verifier: Monitors caller ID reputation, flags spam-labeled numbers, and provides real-time alerts.
• Phonexa iClear: Validates incoming calls with fraud detection and lead verification tools.
• T-Mobile Caller Verified: Uses STIR/SHAKEN standards to confirm caller authenticity and display “Caller Verified” on supported devices.

1. Consumer Financial Protection Bureau (CFPB)

Offers a wealth of practical guidance—including how to recognize common scams, understand
identity theft, and steps to take if you or someone else has been targeted.
Consumer Financial Protection Bureau

2. Federal Trade Commission (FTC) & OCC
The OCC (Office of the Comptroller of the Currency) provides fraud awareness materials and
directs consumers to helpful FTC content. The FTC’s Bureau of Consumer Protection lets you reportscams, flag identity theft, and access education on emerging threats.
OCC.govFederal Trade Commission

3. FDIC (Federal Deposit Insurance Corporation)
Their “Avoiding Scams and Scammers” page shares tips, educational podcasts, consumer news, and how to report ransomware and phishing.
FDIC

4. Identity Theft Resource Center (ITRC)
A national nonprofit providing free education, live help, and resources on identity theft, data
breaches, and fraud trends. Great for both consumers and small businesses.

5. BanksNeverAskThat.com (American Bankers Association)
Engaging videos, quizzes, and interactive activities designed to help people spot phishing and other scam tactics—“banks never ask” style.