Security Info & Fraud Alerts

Security Info

Our security protocols have been time-tested and are widely used throughout the banking industry. The encryption of your ID and password, using Secure Socket Layer (SSL) or HTTPS protocol, occurs automatically when you select "Click to login," and is in place before your information is transferred across the Internet. Protect your personal information. Use a secure internet connection when logging into Online Banking.

Prevent Fraud

Choose strong passwords that are at least 8 characters, contain numbers, lower and upper case letters, and special characters.  Do not use the same passwords between websites and do not share your password with others.

Protect your devices from malware by keeping your software up to date and run updated anti-virus software if appropriate.

Control physical access to your computer or mobile device to prevent unauthorized access to your online accounts, and prevent the possibility of malicious software, such as key loggers or tracking software from being installed. Use a password to lock your computer or mobile device and make sure to lock it when away.

Do not provide personal information by email, text, or phone call. We will never contact you and ask for passwords or personal account information.


See more fraud prevention tips and best practices

Fraud Alerts



Scammers are impersonating First National employees through spoofing and phishing emails to convince bank customers to transfer their money to a newly opened offshore account. First National Bank Alaska does not hold offshore accounts. If someone tells you to provide your account information and move your money for any reason, it’s probably a fraud attempt.

How to protect yourself:

  • Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, links to family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
  • Don’t click on anything in an unsolicited email or text message asking you to update or verify account information. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
  • Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
  • Be careful what you download. Never open an email attachment from someone you don't know, and be wary of email attachments forwarded to you.
  • Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
  • Verify payment and purchase requests in person if possible or by calling the person to make sure it is legitimate. You should verify any change in account number or payment procedures with the person making the request.
  • Be especially wary if the requestor is pressing you to act quickly.

If you get a call, email, or text message from someone you think is trying to scam you, contact your financial institution immediately. Next, contact your local FBI field office and file a complaint with the FBI’s Internet Crime Complaint Center.

BEC Phishing Email January 2024 - Redacted and Red Flags.png




Alaska businesses are experiencing increased fraud involving fake invoices from legitimate vendors whose email systems have been compromised.

How the scheme works:

  1. Employees receive what appears to be an email from a current vendor.
  2.  The sender’s email address appears to be legitimate. The email may contain the sender’s usual signature block, including a company logo, employee name and modified contact information. The email may also contain a fake email thread with internal employees authorizing the change.
  3. The email includes an attached and properly formatted invoice along with a request to change the account number and routing number for upcoming payments.
  4. The email will often indicate that a payment is overdue or due immediately, threatening an immediate consequence.
  5. Employees then pay the fake invoice or change payment information, sending money to the fraudsters, not the legitimate vendor.

How to reduce your fraud risk:

  • Never make payment changes based solely on email requests.
  • Report anything suspicious to local law enforcement and your bank.
  • Follow your company’s established procedures.
  • Always use dual control or validation processes, such as calling a previously known phone number for the vendor to verify the request.
  • Establish multi-factor authentication for any remote access, especially access to send email.
  • Train your employees on how to spot and prevent fraud.



AT&T Data Breach Advisory
Stay vigilant to protect your personal information

AT&T recently announced that 73 million current and former AT&T customers’ non-public personal information (NPPI), including full names, email and mailing addresses, phone numbers, Social Security numbers, birth dates, AT&T account numbers, and passcodes are publicly available on the internet. Be aware of increased identify theft risk due to ease with which fraudsters may access AT&T customers’ NPPI. If you suspect your data may be at risk, protect yourself by taking the following steps:

  • Create a new, complex AT&T account password (include numbers, lowercase and capital letters, and symbols).
  • If you reused your AT&T account password or pin with any other service, update your credentials with those services as soon as possible.
  • Ensure any additional passcodes used with AT&T such as voicemail PIN numbers are not re-used in other services.
  • Expect phishing emails targeting email addresses registered with AT&T and report them to your email provider.
  • Do not respond to suspicious text messages or phone calls.
  • Monitor bank accounts and immediately report any signs of unauthorized activity to your financial institution.
  • Monitor your credit report for fraudulent accounts with a free inquiry at www.annualcreditreport.com.
  • Consider freezing your credit with the major credit agencies unless actively seeking credit such as a loan.
  • Establish new security questions and answers that don’t rely on date of birth or Social Security numbers.

Call the bank immediately at 907-777-4362 or 800-856-4362 to report any suspicious or unusual activity on your First National account.




Fraudsters are calling Alaskans and claiming to be First National fraud department representatives. The scammers are requesting personal details about transactions the bank would not ask about. First National and other legitimate financial institutions will never call to ask a customer for login or PIN information. If you receive a suspicious call, hang up immediately and report the incident.

  • Notify law enforcement by filing a local police report
  • To report fraud related to a First National account call 907-777-4362 or 800-856-4362




The FBI warns of criminals targeting online shoppers and sellers during the holiday season. In 2022, the FBI Internet Crime Complaint Center received reports from nearly 12,000 victims nationally of non-payment or non-delivery scams, resulting in more than $73 million in losses. Criminals use a multitude of methods to entice and target victims intending to purchase or sell an item online.

Follow these tips to protect yourself and your business when shopping or selling online:

  • Think before you click. Do not click on links in an unsolicited email or provide personal or financial information.
  • Ensure websites are secure. A secure URL should begin with “https” rather than “http.”
  • Verify the legitimacy of all parties involved: Look at consumer reviews and social media pages, and check with the Better Business Bureau.
  • Be wary of online transactions that use unconventional payment methods such as wire transfers, virtual currency, gift cards or cash.
  • Check your bank or credit card statement regularly and never save your payment information in online accounts.
  • Limit the use of public Wi-Fi.
  • Ensure that your anti-virus and malware software is current and block pop-up windows.
  • As always, if the deal sounds too good to be true, whether you are buying or selling an item, chances are it is a scam.





Check fraud is costing Alaska businesses millions. The Financial Crimes Enforcement Network reported check fraud nearly doubled in 2022 compared to the previous year. We are seeing our customers and those of other financial institutions victimized by a greater amount of check fraud than ever before. The Anchorage Daily News reported, "Check fraud is back in a big way, fueled by a rise in organized crime that is forcing small businesses and individuals to take additional safety measures..."

Follow these best practices to protect yourself and your business from check fraud:

  • Go digital - Digital payment solutions offer additional protections and help remove the risks of using paper checks.
  • Real-time alerts - Sign up to receive real-time alerts to keep you informed of your account and card activity.
  • Review your accounts - Review transactions and balances daily to help detect unusual or suspicious activity.
  • Report fraud immediately - Reporting fraud in a timely manner can help minimize the impact and may lessen your liability.
  • Use fraud prevention services - Help protect your business from fraud with check fraud prevention solutions such as Positive Pay and Check Block.
  • Review your business practices - Train employees to spot signs of fraud. A customer-friendly but offender-hostile workplace will help prevent fraud from impacting your bottom line.




Alaskans are experiencing a large number of fraud attempts as criminals continue to target consumers and businesses using enhanced tactics.

The recent fraud schemes involve fake caller ID, unexpected text messages, and the hijacking of real email threads from compromised email accounts. Impersonating someone you know or trust, such as an employee, customer, vendor or government agency, the fraudster requests changes to existing payment methods or provides falsified invoices with new deposit account details.

Characteristics of these schemes may include:

  • Targeted emails or calls from a trusted sender
  • Replies on existing email threads
  • New payment methods
  • Change requests to payment accounts
  • An element of urgency or secrecy

How to avoid falling victim to these scams:

  • Do not trust caller ID or the sending email address.
  • Independently verify the requestor’s identity.
  • Always authenticate requests and confirm new payment instructions via a different communication method, such as a known phone number.
  • Do not attempt to verify the emailed instructions by calling a phone number provided in the email or replying to the email. The fraudster will continue pretending to be the person or company you know.
  • Secure external access to employee email with multi-factor authentication.

Always follow established procedures to reduce the risk of loss.



Don’t let fraud ruin your holidays

Be wary of payment requests via email

Criminals are targeting business email accounts to steal contact information and company-branded signature blocks. They use the information to create convincing emails (whether they be legitimate email accounts of victims, spoofed emails, or look-a-like domains) to target accounts payable and/or human resources employees. The scammers will often send falsified invoices or request payments be redirected to illegitimate accounts.

Don’t take the bait! Be cyber smart by following these steps to prevent fraud:

Procedural measures

  • Always follow proper payment handling procedures. Do not accept payment requests outside of established and verified methods.
  • Always use a known phone number to confirm account change requests. Do not call a number provided via email.
  • Handle payments in dual control where transactions are verified before initiation and during approval.
  • Beware of red flags such as false urgency, confidential requests, or unrecognized email domains.
  • Question unusual transactions – it’s better to be safe than sorry.

​​​​​​​Technical measures

  • Utilize multi-factor authentication and shield networks from unauthorized access. Learn more about multi-factor authentication.
  • Regularly update systems, back up important data and test backups.
  • Do not plug external devices into USB ports.

If you suspect you’ve fallen victim to fraud, notify First National immediately and file a detailed complaint through the FBI’s Internet Crime Complaint Center.



Beware: Scammers claiming to be First National fraud department

Fraudsters are calling Alaskans claiming to be First National fraud department representatives. The scammers claim the customer’s card cannot be used until the cardholder’s identity is verified. If you receive a suspicious call, hang up immediately and call your local bank to report the incident. 

First National and other legitimate financial institutions will never call to ask a customer for login information or for the three-digit code on the back of a card. Legitimate calls do not lead with “your card cannot be used until you verify your identity,” which is a sure sign of a scam. Stay vigilant and share this information with fellow Alaskans to help keep others safe from this scam attempt. 



FBI issues healthcare fraud warning

The FBI has reported a string of cyber-attacks where scammers have used stolen healthcare portal credentials to send money to their own accounts. Stay alert and be aware of these potential signs a criminal is trying to gain access to your information:

  • Phishing emails, specifically targeting financial departments of healthcare payment processors.
  • Unwarranted changes in emails and/or custom rules for specific accounts.
  • Requests to reset both passwords and two-factor authentication phone numbers within a short timeframe.
  • Being locked out of payment processor accounts due to failed password recovery attempts.

Learn more about these fraud attempts and how you can protect yourself with information from the FBI.



Beware: Scammers are using fake caller IDs

First National has received reports of scammers making cold calls using fake caller ID and impersonating our fraud department or claiming to be federal agents for various government agencies. The scammers then request personal details or demand payment from potential victims. When you receive a suspicious call – hang up right away and call a known number.

On legitimate outbound fraud verification calls, First National’s fraud team does not ask for security questions. Bankers already know your security questions and will only ask for the answers to your questions, not for the questions themselves. The bank only asks for details about questionable transactions to determine whether or not they were authorized. When bankers ask for answers to security questions, it is to authorize giving out account information, not to validate fraud transactions.

If you receive a call from someone claiming to represent the bank who begins asking for security questions and answers, hang up and call a known number. If there is a particular card product involved, such as a debit or credit card, call the number on the back of the card.



Business Email Compromise fraud on the rise

The FBI’s Internet Crime Complaint Center reported nearly $2.4 billion in losses due to Business Email Compromise (BEC) fraud in 2021. Stay vigilant - do not click on links or open emails from sources you don't know.

While traditional spear phishing methods such as using fake emails to pose as vendors, CEOs, or other trusted managers are still common, fraudsters never stop refining their methods. In 2021, scammers began using compromised account credentials and/or virtual meetings to request fraudulent wire transfers. This new variant on the BEC scheme typically begins with an email compromise of a financial director, such as a CEO or CFO. The fraudsters monitor email communications and gain insight into the organization before using the hacked email account to set up a virtual meeting with unsuspecting employees. During the meeting, the fraudsters may use a profile picture of the CEO (and claim their audio/video isn’t working) before instructing employees to send money via wire transfer.

Protect yourself from fraud with these tips:

  • Ensure purchasing/procurement and payment processes are in dual control
  • Follow established procedures to prevent fraud. Do not accept payment requests outside of normal channels
  • Closely review emails to ensure the sender’s address has not changed
  • Always call to confirm account change requests received via email
  • Always use a known contact number. Do not use phone numbers provided via email
  • Use multi-factor authentication and a strong, unique password to protect your email accounts
  • Beware of requests to join virtual meeting platforms not normally used by the bank
  • Recognize red flags such as requests for secrecy or urgency, or the inability to join audio/video

If you suspect you’ve fallen victim to fraud, notify First National immediately and file a detailed complaint through the FBI’s Internet Crime Complaint Center.