Skip Navigation

Documents in Portable Document Format (PDF) require Adobe Acrobat Reader 5.0 or higher to view. Download Adobe© Acrobat Reader.

Business Loans Apply button Home Mortgage Apply Here button

You Can Never Be Too Informed.

money with lock around it At F&M Bank, we are dedicated to your security and privacy. This page is your go-to resource for Fraud Alert and ID Theft Protection Tips.

Equifax Data Breach 

Equifax, one of the three Credit Reporting Agencies, says a giant cybersecurity breach compromised the personal information of as many as 143 million Americans — almost half the country. Cyber criminals have accessed sensitive information -- including names, social security numbers, birth dates, addresses, and the numbers of some driver's licenses.

Additionally, Equifax said that credit card numbers for about 209,000 U.S. customers were exposed, as was "personal identifying information" on roughly 182,000 U.S. customers involved in credit report disputes. Residents in the U.K. and Canada were also impacted.

Unlike other data breaches, not all of the people affected by the Equifax breach may be aware that they're customers of the company. Equifax gets its data from credit card companies, banks, retailers, and lenders who report on the credit activity of individuals to credit reporting agencies, as well as by purchasing public records.
Equifax is mailing notices to people whose credit cards or dispute documents were affected.

Now more than ever it is important that you are checking the activity on your bank accounts and credit cards.

Equifax has set up a website to help consumers determine if their information was breached and, if so, to sign up for credit monitoring and identity theft protection offered by TrustedID, an Equifax subsidiary. Equifax will also mail notices to consumers whose credit card numbers or dispute documents were breached.

See our FAQ to learn more about the breach and how to protect yourself. Click here. 

National Disaster Scams

National and local disasters - hurricanes, floods, tornadoes - are tragic and can leave hundreds to thousands in need of funds and donations. Unfortunately, scam artists and criminals use these disasters, such as Hurricane Harvey, to exploit those that want to help for their own personal gain.  

They do this by sending fraudulent emails/text messages, creating fake social media pages, or through fraudulent phone calls.  Some may even set up fake websites to help solicit contributions.  

When approached to donate to a cause, always be weary of the source.  If you receive a phone call, an email, or a text asking you to donate funds shortly after a disaster, make sure you do your homework before giving any information or donating any funds.  In addition, do not click on any links or images sent to you in unsolicited emails or texts as it could lead to a virus.   

If you want to donate, seek out a reputable organization directly.  The FTC has information on valid charity sites or you can also visit the BBB's Wise Giving Website at  If you think that you have been a victim of a scam, report it to the National Center for Disaster Fraud Hotline at 866-720-5721.  

Smishing - Fraud Via Text

Scam artists aren't just targeting your email, they are now targeting their victims through text message - "Smishing".  The goal of these scams is to uncover personal information that could help them access your bank and other accounts. 

"Smishing" scams typically convey a sense of urgency and are masked as coming from legitimate sources.  For example, one might read:  "Dear XYZ Bank Customer, We have detected unusual activity on your account.  We urgently ask you to follow the account review link" or "Your PayPal account has been locked.  Please click on the link below to restore your access. Sincerely, PayPal Team"  The hope is that you will click on the link and enter in the requested information, which could be personal data, usernames, passwords, and possibly debit/credit card data.  

Most companies only use text for alerts and updates.  Always call the company or go directly to the website vs clicking on the link.  It is also important to use secure passwords.

Remember: "Think Before You Tap." 

Tax Fraud Safety Tips

IRS type scams continue to happen no matter the time of year. Usually, these types of scams come in the form of phone calls, claiming that you owe back taxes, have outstanding tax penalties, or a pending lawsuit against you. It is important to be aware of these types of scams and how to protect yourself.

Per the IRS website, the IRS will never:

  • Call to demand immediate payment, nor will the agency call about taxes owed without first having sent you a bill.
  • Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  • Require you to use only a specific method of payment, such as a pre-paid debit card.
  • Call you about pending litigation or lawsuits without first sending you a letter.
  • Ask for debit or credit card numbers over the phone.
  • Threaten to bring in local police or other law enforcement agencies to arrest you for failing to pay.  

For more information, visit the IRS website.   You may also call their listed phone number at 844-800-6870.  


Debit Card Phone Scam

There is a string of phone calls happening in the Midwest right now and moving across the country. This is a tricky one because the caller provides you with all of the information, except the one piece they want. Please know, a representative from F&M Bank will never ask you for card information over the phone. 

Note, the callers do not ask for your card number; they already have it.

  • Person calling says - 'This is (name) and I'm calling from the Security and Fraud Department at VISA. My Badge number is 12460, your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card which was issued by (name of bank).
  • They will then ask if you purchased an Anti-Telemarketing Device for $497.99 from a marketing company based in Arizona? Or a similar purchased.
  • When you say 'No', the caller continues with, 'Then we will be issuing a credit to your account. This is a company we have been watching, and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address). Is that correct?' You say 'yes'.
  • The caller continues - 'I will be starting a Fraud Investigation. If you have any questions, you should call the 1- 800 number listed on the back of your card (1-800-VISA) and ask for Security. You will need to refer to this Control Number. The caller then gives you a 6 digit number. 'Do you need me to read it again?'
  • Here's the IMPORTANT part on how the scam works - The caller will say, 'I need to verify you are in possession of your card'. He'll ask you to 'turn your card over and look for some numbers'. There are 7 numbers; the first 4 are part of your card number, the last 3 are the Security Numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the last 3 numbers to him. After you tell the caller the 3 numbers, he'll say, 'That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?'
  • After you say no, the caller then thanks you and states, 'Don't hesitate to call back if you do', and hangs up. You actually say very little, and they never ask for or tell you the card number.
  • The REAL VISA Security Department says this is a scam and what happens is that once you provide them with the 3 digit security code, a new purchase of $497.99 (or whatever they said) gets charged. What the Scammer wants is the 3-digit PIN number on the back of the card. Don't give it to them. Instead, tell them you'll call VISA or Master Card directly for verification of their conversation.

The real VISA  will never ask for anything on the card, as they already know the information, since they issued the card.  If you give the Scammer your 3 Digit PIN Number, you think you're receiving a credit. However, by the time you get your statement you'll see charges for purchases you didn't make, and by then it's more difficult to actually file a fraud report.

If you receive a call like this HANG UP! Call the number on the back of your card or F&M Bank directly to verify if there has been any suspicious activity on your account. 

- Scam report courtesy of the Anamosa Police Department

Online Password Security Tips

At F&M Bank, we value your confidentiality and security.  Internet and password security is very important.  With the rising number of online scams, viruses, and hackers, having secure passwords for your confidential and financial information is of the utmost importance.  

At F&M, we always recommend using a combination of upper/lower case letters, numeric characters, and special characters.  Follow these tips and suggestions for a more secure password:

  • Never use your name, nickname, child's name, pet's name, or spouse's name for your password. These can be easy to guess. Try instead using things like, your favorite singer/actor, flavor of ice cream, season, television show, or song.
  • When choosing numeric characters, stay away from personal ID numbers such as your month/day of birth, the last 4 of your social, or your phone number. You will also want to stay away from ordered numbers like 1234, 4567, 8910. Try instead using things such as your height in cm or inches, your family shoe sizes, an old address, the year of a non-public milestone, or a random combination.
  • Replace letters with symbols or numbers: i = !, e = 3, s = $, a = @
  • Spell words backwards or transpose numbers.
  • Never give out your password or write it down where someone can find it
  • Use different passwords for different sites.
  • If a site doesn't prompt you to update your password at least every 6 months, make sure to do it yourself.

Facebook/Social Media Scam

There are many scams through Social Media, this can include receiving Facebook friend requests from unknown individuals or requests from duplicated Facebook profiles, after a friend or family member account has been hacked. 

Some victims report receiving private Facebook messages about “Grants”  or other "Money Making Opportunities" from friends or family members. These messages claim that you can be awarded thousands of dollars after paying small start-up or processing fees.  These messages are sent typically after your friend or family member has sent you a friend request from a fictitious account.  

Some tips:
  • Always keep your pages set to private.
  • If you receive a friend request from an unknown person and you have little to no mutual connections, do not accept it.
  • If you receive a friend request from someone you are already friends with, contact their current page to see if they have been hacked and deny any messages from the new request.  
  • If it sounds too good to be true, it is.  

ATM/Pay at the Pump Card Skimmers

In the last several months, there have been reports of ATM or Pay at the Pump card skimmers.  These skimmers have been found as close as Camp Douglas, West Salem, and La Crosse.  

What is a skimmer? A skimmer records data stored on the magnetic stripe or in the chip of a debit or credit card, which is then transmitted back to the installer to make duplicate cards.

Some more advanced scammers may also use tiny cameras to capture your PIN when you enter it on the keypad. A new type of skimmer is called  a deep-insert skimmer, a tiny device that goes inside ATM card slots - which is very hard to detect.  

How do I know if there is a skimmer?  Skimmers, especially as they continue to advance, can be very hard to detect. 

Here are some ways that you can protect yourself:

• Examine the ATM slot where you insert your card.  Try to shake it around to make sure that it doesn’t come loose. If it’s moving up and down in your hand, there may be a skimmer attached.  Contact the manager of the merchant immediately. 
• Always shield the PIN pad with your hand when entering in your PIN. This will help keep that number secure. 
• If possible, only use bank-affiliated ATMs or indoor ATMS.  These are less likely to have skimming devices installed, however they are not immune to it and you should still check.  
• If possible, avoid using your debit card at Pay at the Pump terminals.  Pay inside if you must use your debit card. 
• Check your bank and credit card activity on a daily basis: If your account is compromised, you may be able to catch it quickly and avoid further damage and losses. 

If you do fall victim to debit or credit card fraud, report it to your financial or credit card company immediately.  You may have charge back rights on fraudulent purchases.  

 Scam Alert

Prize Winning Scams

F&M Bank employees helped save someone from being scammed out of $5,000. This individual was contacted and told they won a vacation package, but in order to secure the prize they would need to pay for the vacation up front and then be reimbursed. With help and advice from F&M Bank employee, Bob Bandoli – Cash Management Director, this individual was able to stop the funds from being mailed out.

Anyone can fall victim to a scam. Most scams are very well put together, thought out, and very believable. Prize and lottery scams have been around for years, however they continue to evolve and get harder to identify. It’s easy to get caught off guard and excited about the possibility of winning something, however here are some tips from F&M Bank:

1. Can you not recall signing up for a drawing or sweepstakes?
2. Is the person on the other end of the call asking you to mail them a down payment via cash or money order, pay for the taxes up front with a debit/credit card, or wire funds?
3. Does it seem too good to be true?
4. Is the person on the other end pushy and aggressive when you question them?

If you answered yes to any of the above questions, there is a good chance it could be a scam. Proceed with caution. Tell them that you would like more information prior to sending any funds or giving them personal information. Ask for their website, how you won, the name of the business/company, where they are located, what their call back number is, etc. Chances are, the scammer will become frustrated and disconnect from the call.  If you are still unsure, reach out to your financial institution.