Personal Banking Business Banking Loans & Mortgages Investor Relations Resources About Us CONTACT US LOCATIONS
Recognizing Online Fraud
Electronic Banking Recognizing Online Fraud

Spoofs and Other Online Fraud

Every internet user should know about spoof (also known as phishing or hoax) emails* that appear to be from a well-known company, but can put you at risk.

Although they can be difficult to identify, spoof emails generally ask you to click a link back to a spoof website and provide, update or confirm sensitive personal information. To bait you, they may allude to an urgent or threatening condition concerning your account.

What types of information are spoof emails looking for?

  • Password or PIN
  • Credit Card Validation (CCV) Code
  • ATM/Debit or Credit Card Number
  • Social Security Number (SSN)
  • Bank Account Number

Even if you don't provide the information they ask for, simply clicking the link could subject you to background installations of key logging software or viruses. Key logging* software allows every key stroke on your computer to be recorded. The program can remain undetected, recording your passwords, email, websites you've visited or credit card information.

Security Tip: NEVER click on a link contained in a suspicious email. Delete any suspicious emails from your inbox immediately.

How to Identify a Spoof

Although there is no fool-proof formula for identifying a spoof email or website, the following signs should arouse your suspicion:

Telltale Signs of a Spoof Email

  • There may be a sense of urgency. Example: "Your account will be closed or temporarily suspended," or "you'll be charged a fee if you don't respond.
  • "There are embedded links that appear legitimate because they contain all or part of a real company's name. These links may take you to spoof sites (or popup windows) that ask you to enter, confirm, or update sensitive personal information.
  • There may be obvious spelling errors. These help spoof emails avoid the spam filters that internet services providers use.
  • Spoof websites can be more difficult to detect, because even the address bar and padlock that appear in your browser window can be fixed. To ensure you are on a safe website, type in the root address (ex. to see if you get to the same place.

Protect Your Account

Educating yourself is the first step to protecting yourself.

What You Can Do

  • Do not click on links in unsolicited emails, especially those asking for personal information. Even if you don't supply it, simply clicking can enable thieves to access your computer, record your keystrokes and capture passwords you use to log into various websites.
  • Go directly there. The best way to get to any site is to type its address (URL) into the browsers and bookmark it for future visits.
  • Change your password and PINs frequently. Every 30 days is recommended.
  • Keep your operating system and browser up to date. Software updates often include security enhancements that you can usually download for free. For example, Microsoft ( can even scan your computer and make sure your software is up to date.
  • Check your account frequently. With online, mobile and telephone banking, you can monitor your account transactions immediately without waiting for monthly statements.
  • If you do not recognize a transaction or suspect fraudulent activity on your account, call 423-745-1111 immediately.

Additional Security Tips

  • Create hard-to-guess passwords. Use at least six characters and a combination of letters, numbers and symbols (#$%&) to create your passwords. Do not use all or part of your User ID or email address, nor the names of your children, spouse or pet. You should also use a different password for each of your online accounts.
  • Protect your Identity. Don't carry your Social Security card, passport or birth certificate—or those of your spouse or children—unless you need them for a specific purpose on a certain day.
  • Destroy all pre-approved credit offers to which you do not plan to respond. Make sure your home computer/laptop/tablet has the most current anti-virus software. Anti-virus software needs frequent updates to guard against new viruses. Be sure to download updates as soon as you are notified they are available.
  • If you connect to the internet via a cable modem or digital subscriber (DSL) modem, install a personal firewall to help prevent unauthorized access to your home computer. If you connect to the internet via a wireless router, install a password (refer to the "create hard-to-guess passwords" above) to prevent unauthorized access.
  • Stay aware. Click here for information on scams and fraud attempts.

What Athens Federal will NEVER Do ...

We will NOT send urgent or time sensitive emails.
We will NOT send emails asking you to provide, update or confirm sensitive data.
We will NOT send emails asking for personal information for your own security.

We will NOT require you to enter anything other than your User ID and password to log into online banking.

Report a Spoof or Fraud Attempt

If you suspect that you have received a fraudulent email, please forward it to Athens Federal immediately at

Note: Do not change or retype the subject line—this allows us to have the ability to properly investigate it. After forwarding the email to us, immediately delete it from your inbox.

How does Athens Federal protect your online account information?
Click here to download our online security brochure [PDF]


Spoof website: a website that mimics a popular company’s website to lure you into disclosing confidential information. To make spoof sites seem legitimate, thieves use the names, logos, graphics and even code of the real company’s website. Thieves can even fake the URL that appears in the address field at the top of the browser window; however the links in a spoof email almost always redirect you to a spoof website.

Key logging: a method used to fraudulently capture personal information. When you click on a link or attachment in a spoof email, undetected software is installed on your computer. Once installed, the software records every keystroke (everything you type), including any User IDs, passwords and account or personal information. Thieves know how to retrieve this information, or can even set up an automatic retrieval process. Key logging is a very real risk, particularly when using a public or shared computer, such as a restaurant or library with free wireless (Wi-Fi) internet service.