Skip Navigation

Fraud & Security

We recognize that keeping your money and account information secure is our most important goal.

Report Fraud & Get Help

Let us tell you how we do this:

Orrstown has a team of fraud analysts that work around the clock, 24 hours a day, monitoring your purchase activity. We also score each transaction to see the potential for fraud and will contact you if we believe your spending pattern is abnormal. We call this feature Fraud Watch Plus.

This team is available to you 24x7 as well – simply by calling 866-842-5208 (Fraud Watch Plus). They will be able to disable your card if you fear fraudulent activity is taking place.

Lost Your Debit Card?

If you need to report a lost, stolen, or compromised Debit Card we ask that you do ALL of the following.

  1. First, use our Mobile or Online Systems (Manage Card) to disable your Debit Card.
  2. If you  don't  have access to these Online systems, call the 24x7 Hotline at 1-800-264-5578 and explain your situation.
  3. Contact us the next business day to ensure we haven’t seen any suspicious activity. During this call we will also ensure your new card is on its way. 1-888-677-7869.

Lost Your Orrstown Credit Card?
For Orrstown Bank Visa Credit Cards, please call:
  • 1-800-558-3424 for personal c ards.
  • 1-800-552-8855 for business c ards.

If you're worried your account is compromised?
Please contact us immediately. We have a team that specializes in helping customers protect their accounts and identities, the sooner we know the sooner we can begin to help you. We prefer you contact us by telephone, but if you prefer electronically – please utilize the Fraud Reporting feature under the “Your Orrstown” section of our website.

For additional information, please download and read our Identify Theft letter .

How Orrstown Protects Your Information

We have several security measures in place to ensure your online safety:
All information entered into and displayed by the Orrstown Online Banking site is protected by a strong encryption through transport layer security (TLS)
  • You will establish a unique user name and password and enter it each time you log on
  • Orrstown Bank recommends you establish a complex password containing numbers and characters 
  • You will establish challenge and response questions that you will have to answer when the system sees changes in patterns of online use, such as a new Internet service provider or a new bill payment payee
  • Additional security features are available for our commercial banking customers

How to Protect Yourself

Stay Aware
Review your account activity regularly. The sooner you discover and report fraudulent activity, the faster we can help you limit further damage. This includes ordering your free annual credit report to keep track of your credit activity.

Know Your Device
Whether it’s your home computer or mobile device, take time to understand and use the security features available. In particular:
  • Keep current with all patches and updates
  • Install anti-malware and keep it up to date 
  • Employ strong passwords or PINs on all devices
  • Change your passwords regularly
  • If your mobile device is lost or stolen, report it to us immediately

Ask Questions

Fraudsters will use all kinds of tricks to get you to divulge your personal and financial data—spoofed emails and websites designed to look authentic, even phone calls and text messages. Orrstown will never ask you for personal information in a call or email that you did not initiate. If a call or text seems questionable, report it to Orrstown.

  • Never provide your confidential information, such as Social Security Number, user name and password, date of birth, account numbers or PIN numbers to someone unless you have initiated the contact
  • Links in emails, tweets, social networking postings and text messages are often ways cybercriminals disperse their malware. If it looks suspicious, even if you know the sender, it’s best to delete it or call the sender to validate the message
  • Be wary of any communication that requires you to act immediately or asks for personal information. Remember, Orrstown Bank will never:
  • 1) Call, email or text you asking for your online banking password, wire PIN or challenge question answers
    2) Email or text you about a problem with your account 
  • Sign up for e-statements to reduce the amount of mail and paper with your personal information printed on it
  • Shred paper documents that contain sensitive personal information
  • Be mindful when using online social networking. Information about you gathered from social media is often pieced together to commit identity theft

Fraud Prevention Tips:

  • Never provide your confidential information, such as Social Security Number or Date of Birth, to someone unless you have initiated the contact.
  • If you are contacted by phone or email and asked to confirm your confidential information, do not respond to the caller or the email. Contact the company back using the phone number found on your monthly statement or in the phone book. Do not use the phone number provided in the email correspondence or that the caller provides to you.
  • Do not use your confidential information as a Personal Identification Number (PIN) or a password.
  • When completing online applications or making purchases, ensure the website is utilizing encryption and the page shows as an “https” page.
  • Do not record your Social Security number on a check, traveler's check, gift certificates, etc., unless required by law.
  • Don't carry your Social Security card and be cautious of your surroundings. Old fashioned wallet stealing is still profitable and utilized by criminals.
  • Be mindful when using online social networking. Use a search engine to see how much information about you is listed online and could be pieced together to commit Identity Theft.
  • Order your FREE Annual Credit Report.
  • Reduce the amount of mail and paper with your personal information printed on it to reduce the chance of criminals stealing it.
  • Sign up for electronic statements and stop receiving paper account statements.
  • Sign up for direct deposit with your employer to have your funds put directly in your account without paper checks.
  • Pay your bills with online bill payment to reduce the risk of sending your checks in the mail.
  • Watch for the signs of identity theft such as receiving bills in the mail for things you didn’t authorize.
  • Purchase a shredder and shred bills and statements.
  • Anti-spyware and anti-virus protection detects and removes viruses and spyware, which can steal vital information.
  • A firewall prevents unauthorized users from gaining access to a computer or monitoring transfers of information to and from the computer.
  • Operating system and software updates, sometimes called "patches" or "service packs," should be installed as soon as possible.
  • Web browser updates are deployed with your security in mind so keep them current.
  • Your smartphone contains a host of personal information about you. Secure access to your application by applying a strong password.
  • Change your password regularly and never write it down or share it with anyone.
  • Configure your phone to automatically lock and apply the password when your device is not in use.
  • Do not allow the device to save your mobile banking passwords. Anyone else who uses your device can easily gain access to your account because the access information would already be stored.
  • If your phone is lost or stolen, report it to us immediately.
  • Links in emails, tweets, social networking postings and text messages are often ways cybercriminals disperse their malware. If it looks suspicious, even if you know the sender, it’s best to delete it or call the sender to validate the message.
  • Be wary of any communications that require you to act immediately or ask for personal information. Remember, Orrstown Bank will never:
    • Call, email or text you asking for your online banking password, wire pin or challenge question answers
    • Email or text you about a problem with your account
  • Consider adding anti-virus software to your smartphone.
  • Mobile Banking does send confirmation messages to your device to alert you of transactions taking place. These messages do not contain private information about you or your account. Become familiar with content of these messages and contact us immediately if you receive a message you feel is suspicious.
  • Jailbreaking is a method of “self-hacking” your smartphone. This makes your smartphone more susceptible to malware and other malicious programs. If you choose to use your mobile device for online banking we advise you not to jailbreak your smartphone.
  • Review your account transactions regularly and immediately report any suspicious activity.

Criminals “phish” for your personal information. Phishing can take place via phone calls, emails, text messages, visiting your place of business or by directing you to a phony website that claims to be Orrstown Bank.

Stop and ask yourself, if you were to receive an email, text message or phone call from Orrstown Bank stating there was a problem with your account, would you question the validity of the message?

Criminals attempt to trick us in to believing the communication we are seeing or hearing is from someone we trust.

Remember, Orrstown Bank Will Never:
  • Call, email or text you asking for your online banking password, wire pin or challenge question answers.
  • Direct you to a website that asks you to update your personal account information.
  • Email you computer software updates.
  • Email or text you about a problem with your account.
  • Visit your place of business and request to perform maintenance on your computer.

If you receive a phone call, email, text message or visit to your place of business that you question, please take the time to call and ask us to validate the communication before taking any action requested. Please do not use the contact information provided in the email or text message you receive. Use the number advertised on our website or on the back of your debit card so you know you’re reaching us.

Criminals may send you an email that looks like it has come from Orrstown Bank. These phony emails may contain an infected link or attachment. These emails will either ask you to reply and provide your confidential information or they will direct you to a website that asks you to enter your confidential information. Remember, Orrstown Bank will not ask you to email us your personal information nor will we ask you to enter it online to update our records. Do not take any action requested in the message. Report the message to us.

These messages are usually well-crafted to trick you in to thinking that you must take immediate action. Be on the lookout for messages such as the following:

  • Urgent appeals claim that your account may be closed if you fail to confirm, verify or authenticate your personal information.
  • Messages about system and security updates claim that the bank needs you to confirm important information and states that you must update your information online.
  • Offers that sound too good to be true often are. You may be asked to fill out a short customer service survey in exchange for money being credited to your account, and you are then asked to provide your account number for proper routing of the supposed credit.
  • Typos and other errors are often the mark of fraudulent emails. Be on the lookout for typos or grammatical errors.
  • If you receive a suspicious email, do not click on any links or reply to it. Simply delete it. To report a suspicious email that is abusing Orrstown Bank’s brand, please contact our Customer Service Center at 1.888.677.7869 or locally in the Shippensburg area at 717.530.3530, Monday - Friday, 8:00 AM to 6:00 PM and Saturday, 8:00 AM to Noon

Phone Phishing, called “Vishing” uses Voice over Internet Protocol (VoIP) to generate automated phone calls. The calls are usually an automated recording that states your account has experienced unusual activity. The message instructs you to call a phone number to have the issue corrected.

Rather than return the phone call, contact us and report the incident. We do not utilize automated systems to contact you about your accounts. Please do not use the number in the message. Contact our Customer Service Center at 1.888.677.7869 or locally in the Shippensburg area at 717.530.3530, Monday - Friday, 8:00 AM to 6:00 PM and Saturday, 8:00 AM to Noon

Text message Phishing, called “SMShing” is phishing that happens via SMS text messages. A criminal sends a text message tricking you into providing financial or personal information or clicking on links that will sneak viruses onto your mobile device.

Do not respond to these messages or click the links in the messages. Please contact our Customer Service Center at 1.888.677.7869 or locally in the Shippensburg area at 717.530.3530, Monday - Friday, 8:00 AM to 6:00 PM and Saturday, 8:00 AM to Noon to report the incident.

Malware is a general term for software that is meant to cause harm. Computer viruses, spyware, adware, and Trojan horses are all examples of malware. The purpose of malware can be something as seemingly harmless (yet annoying) as popping up a window to show you unwanted advertizing, or as dangerous as capturing the keystrokes as you type your internet banking password or internet banking challenge question answers.

Computers become infected with malware through a number of mechanisms – sharing files on USB thumb drives or DVD’s, opening suspicious e-mail attachments, clicking on links in e-mails or visiting websites that are themselves infected with malware. Malware can also arrive with downloaded files, such as music or videos from peer-to-peer file sharing networks (such as Kazaa or BitTorrent), or simply by visiting a website that has been hacked and infected. No longer is it a matter of staying away from “bad” websites. Unfortunately, any website that is not properly secured can be hacked and infected with malware that could infect your PC and you most likely will not receive any warning that malware is being downloaded on to your computer. In most cases, the website owners themselves do not know their sites have fallen victim to dispersing criminal malware.

How do you avoid getting malware? Taking these steps can help limit the chances of infection:

  • Install and use well-known, reputable anti-virus software. Configure the software to update the virus definitions daily and to scan files and your system in real-time. Setting up an additional full system scan on a regular basis is a good practice as well. This software can help in providing a layer of protection when you visit a site that has been hacked and infected. Anti-virus is no longer enough though. If the only measure you employ is anti-virus, you don’t have enough layers of protection to protect you from attacks.
  • Use a firewall. If you are using Windows XP or Vista, enable the Windows Firewall. If you have a Mac, enable the built-in firewall. If you have the means to install a corporate firewall that protects the PC’s within your network that is most certainly recommended as well.
  • Avoid fake anti-malware. Don’t buy anti-malware software advertized in pop-up ads. Legitimate software isn’t sold this way.
  • Don’t open suspicious e-mail attachments or click the links within emails. Infected e-mail attachments and html website links are one of the most popular ways to spread malware. Even if you know the sender of the email, it’s better to verify why they sent you the message before clicking the attachment or links. They may not know they’ve sent you the message.

Cyber criminals disguise their emails to look as though they’re from a legitimate business. Often, they employ some type of scare tactic to entice you to open the email and/or provide account information. For example, emails may state they are from:

  • UPS claiming there is a “problem with your shipment”
  • A Financial Institution claiming there is a “problem with your banking account”
  • The Better Business Bureau stating “A compliant has been filed against you.”
  • Court system stating that “You have been served with a subpoena.”

Other popular emails are ones that claim to show photos or video of current events like natural disasters and major sporting events.

  • Don’t respond to messages that try and scare you in to providing an “Immediate Response”. E-mails stating your account is subject to being closed or stating that you’re required to install new software updates should be reported immediately. If either of these situations were true we would have sent you previous correspondences letting you know of an upcoming change or issue with your account status.
  • Patch your computer regularly. Ensure your applying vendor-distributed patches.
  • Report suspicious behavior. If you cannot access our online banking site, contact us immediately to determine if the site is down for scheduled maintenance or if a fraudster is deliberately locking you out of viewing your account activity.
  • Review your account activity on a regular basis and report suspicious activity.

Money mules are unsuspecting victims who become middlemen for criminals trying to launder stolen funds. Victims are lured by the promise of a new career opportunity making large sums of money for minimal work. Criminals recruit money mules, send them stolen money and then ask the money mules to wire or transfer the money unwittingly to the criminals. Using the money mule masks the criminal's identity.

The money mule may keep a commission for performing the transfer or wire. The victims of these scams may not only have their bank accounts closed and financial reputation ruined, but are often left financially responsible for returning the stolen funds.

Common signs of a money mule scam:

  • Overseas companies requesting money transfer agents in the United States.
  • Opening new bank accounts to receive money from someone you don't know.
  • Accepting large sums of money into your personal bank account for a new job.
  • Transferring or wiring funds out of your personal bank account to people you do not know.

Want More Information?

National Cyber Security Alliance (NCSA)
A nonprofit, public-private partnership focused on promoting cyber security, safety awareness and safe online behavior.

Anti-Phishing Working Group (APWG)
A global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that results from phishing, pharming and email spoofing of all types.

FDIC Consumer Protection Site on Identity Theft & Fraud
Resources provided by the FDIC to educate and protect consumers.

Toggle Service Widget

We're always on the spot

Here are some helpful options