Dear Heritage Oaks Bank Customer,

While we have all heard about or experienced “Phishing” targeting large entities with an Internet presence such as Wells Fargo, Bank of America, eBay and PayPal, we are sorry to report that this form of Internet fraud has now reached our own community.

Within the last 90 days criminals using the internet have conducted two separate “Phishing” expeditions in an effort to gather online banking account login information from our customers.

The first incident occurred a couple of months ago and appeared to be limited in the extent of effort put forth by the originators. The entire incident, including shutting down the website hosting the fraudulent site, blew over within a couple of days.

The second, more recent incident began the morning of Monday, October 2nd and was much more focused and aggressive. The morning began with a “Denial of Service” attack against our public website designed to prevent our customers from confirming the validity of a fraudulent email which was broadcast out claiming backup information had been lost and accounts had been suspended.

Within hours of our first notification of the problem we moved our website to a new internet address and two fraudulent websites set up to defraud our customers had been shut down. At no time during either of these incidents was the Heritage Oaks Bank data network, online banking, telephone banking systems or any customer information compromised.

In both cases a report was filed with the Paso Robles Police Department and an incident report was opened with the Federal Bureau of Investigation.

Heritage Oaks Bank believes strongly in and has committed to maintaining the security of our customer data. The bank has contracted with information security testing agencies to conduct unannounced security tests and validate the security of the network. Heritage Oaks Bank continues to invest in cutting edge security products and practices to meet or exceed industry standards. Heritage Oaks Bank regularly reviews the security testing of its business partners to ensure they also maintain the same high level of security practices. Finally, Heritage Oaks Bank provides information on its website at www.heritageoaksbank.com outlining each of these recent threats and how to protect yourself from these and other scams.

Please remember, Heritage Oaks Bank will never solicit personal or account information from customers by email or by a telephone call placed to you. Any request for such information should be considered highly suspect and either discarded as fraudulent or reported to Heritage Oaks Bank for further investigation. We remind you never to give out your personal identification or account access information in response to an e-mail or to a person who has initiated a call to you. When accessing your on-line banking log in page, we recommend that you either type in the URL each time or add it to your browser’s “Favorites” list. This will insure that you are taken directly to the web site and are not following a possibly fraudulent link.

In the near future, Heritage Oaks Bank will unveil cutting-edge two-way authentication to our on-line banking customers to insure that your internet banking experience with us is as safe as it can possibly be. If you have questions about internet safety or the recent internet attacks against the bank, please visit our website, at www.heritageoaksbank.com

Lawrence P. Ward
President/CEO