INTERNET SECURITY GUIDELINES

Heritage Financial Group and its affiliates are committed to ensuring your account(s) and personal information is protected. Please contact us immediately at 229-878-3200 or 1-800-227-7989 ext. 3200 if you suspect fraudulent activity on your HeritageBank account or if you receive e-mails of a suspicious nature.

In an effort to protect your account(s) and personal information, HeritageBank will not solicit or provide confidential or sensitive customer information via e-mail. If you call or receive a call from HeritageBank, we will not ask for or provide your on-line password.

It is the bank's policy to personalize all e-mail messages. All e-mails sent by HeritageBank employees will include the name, title, phone number, and e-mail address of the sender. A message concerning the nature of the e-mail will be included in the subject line. If you receive a non-personalized message we ask that you call us at one of the numbers noted above.

E-mail Fraud

Phishing, which is a form of Internet fraud, is the practice of sending fraudulent e-mail messages to addressees requesting them to supply confidential information. The e-mail is disguised to look like a request from a legitimate organization such as a bank, credit card company, or retail merchant with which recipients may already have a business relationship. Recent phishing scams involved e-mails that appear to have originated from government agencies such as FDIC, IRS, or the Social Security Administration. Often the messages ask the recipient to "validate" or "update" information, or they may include a warning regarding a problem related to the recipient's account.

The format of the e-mail typically includes proprietary logos, a "from" line disguised to appear as if the message came from a legitimate sender, and a link to a web site or an e-mail address. All of these features are designed to assure the recipient that the e-mail is from a legitimate business source when in fact, the information submitted will be sent to the perpetrator.

Victims may be directed to provide their personal information by responding to the e-mail, or they may be directed to click on a link that takes them to a legitimate looking web site that contains a form on which they are instructed to provide the information.

Typically the information requested includes items such as account numbers, passwords, PINs, Social Security numbers or other personal identifying information that will allow the perpetrator to gain access to the victim's accounts, steal the victim's identity, sell the information to others seeking to do the same, or all of these. Another potential problem from this activity is viruses being transmitted that can cause major damage to your computer.

Fictitious Web Sites

To facilitate e-mail fraud activities, a fictitious web site may have an address that is similar to a legitimate company web site address. The perpetrator may reverse letters or add a letter/word thereby tricking you into thinking they are a legitimate company's web site. Their hopes are that you will continue to do business as usual such as online transactions and entering personal information.

To identify the authentic HeritageBank web site, you should look for "Powered by Digital Insight" logo on the bottom of our home page and verify the accuracy of our web address, www.eheritagebank.com

Avoiding E-mail and Web Site Scams

HeritageBank has controls in place to protect your non-public personal information. The following guidelines may provide you with additional protection against Internet fraud:

E-mail

Delete e-mails from any unknown source without opening the e-mail.
If you receive an e-mail that warns you, with little or no notice, that an account of yours will be shut down or closed unless you reconfirm personal information or that suspicious activity has been detected, do not reply or click on the link in the e-mail. Instead, contact the company cited in the e-mail using a telephone number or web site address you know to be genuine.¹
Avoid sending an e-mail message that includes personal or financial information. Before submitting financial information through a web site, look for the padlock icon on the browser's status bar. It signals that your information is secure during transmission.¹
Be familiar with legitimate third-party web site privacy policies to know how your e-mail address will be used.
You may want to subscribe to a spam filter. Talk with your Internet Service Provider (ISP) regarding their support for blocking unwanted e-mails.
You may also want to consider purchasing and installing personal firewalls or virus protection software for added security.

Web Sites

If you enter a web site address directly, recheck the address to be sure you has entered the correct address before sharing personal or financial information. Once you have established that this is a valid address for a trusted company, you may bookmark it for further use.
You should be wary of information-collecting pages where you cannot locate a home page for the company. Also be cautious of home pages that have the notation "under construction".
Be suspicious of any web site that includes an "@" symbol anywhere in the page URL. This usually indicates a fraudulent web site.
Only provide your ID and password when your browser indicates an encrypted connection. This is normally indicated by an "https" rather than "http" in the address bar. Also verify that the padlock icon is displayed on the browser status bar.

Additional Information Regarding Identity Theft and Fraud Prevention

Below are several informative sites that will give you more details pertinent to internet fraud.

Recent Internet Scams

Please take time to review some of the recent scams noted below.

Nigerian Advance Fee Fraud Scheme
An individual receives a letter, fax or e-mail from an alleged official from a foreign country. They sometimes send a cashier's check for you to deposit and ask that you send them a percentage of the amount of the check to cover various expenses to get the remainder of the funds into the country. The cashier's checks are counterfeit or stolen. See the following web site for more information www.usss.treas.gov/alert419.shtml

Auto Debit Scam
Fraudulent telemarketers send a postcard, e-mail, or call saying you won a free prize and qualify for a major credit card, regardless of past credit problems. The telemarketer asks the individual to read the information off of the bottom of their check to qualify the customer for the offer. The company runs a paper draft or electronic draft against the account and the customer is not aware of the transaction until he or she receives a statement. A credit card is never sent. See the following web site for more information www.ftc.gov

FDIC scam
Consumers receive e-mails that appear to have been sent by the FDIC security department and the subject is fraud report. The e-mail informs the recipient that their bank account has been temporarily closed because of fraudulent activity and asks the consumer to review an embedded attachment file for details. Another e-mail that appears to have been sent by FDIC offers a service to secure credit cards against fraud. These may be fraudulent attempts to obtain personal information and/or implant a virus onto the recipient's computer. These e-mails were not sent by FDIC. See the following web site for more information www.fdic.gov

IRS Scam
Consumers receive an e-mail claiming they are under investigation for tax fraud and subject to prosecution. The e-mail informs the recipients they can help the investigation by providing personal information. The e-mail directs them to an official-looking web site where detailed personal information must be provided to dispute the charge. The fictitious site address is deptreas.org/irs/. This e-mail was not sent by IRS and appears to be an attempt to take over the identity of individuals. See www.irs.gov for further information.

¹ Federal Trade Commission (FTC) recommendation.