Important Security Alert

Email and Online Fraud

To protect yourself against e-mail and online fraud, be very alert to unsolicited e-mails you receive from companies you know or do business with. Although fraudulent emails can be difficult to recognize, beware of e-mails that:

• Request that you click a link to a spoof web site, one that looks like a real company website, including the real company's graphics and design. Since fraudulent emails may even use exact wording from the real company's website, it's difficult to determine a spoof web site. If you have any doubts, please contact Commerce Bank at 1-800-453-2265 or send an email to mymoney@commercebank.com
• Ask you to give, confirm, or update sensitive personal information, such as Social Security numbers, usernames, passwords, PIN numbers, or account numbers.
• Use Pop-Up windows for entering or confirming personal data (see below for more on pop-up screens on secured web sites).
• Have a sense of urgency to give the information immediately, citing a specific thing that might happen. For example, your account may be closed or temporarily suspended.
• Have spelling errors and/or bad grammar. Intentional spelling errors may allow the email to get through spam filters used by Internet Service Providers (ISPs).

Some people "test" for online fraud by entering incorrect information. If the information is accepted, then they feel they can determine that it's an email fraud. Criminals are now aware that people perform this test, and may not accept the information entered first. The best defense is not to enter any personal information at a website you link to from an unsolicited e-mail.

Fraudulent Screens and Pop-Ups

We are advising customers to be aware of a virus or an attempt to gain account information on secured web sites, including our Online Banking site. This fraudulent act is known as a Trojan Horse program (Download.Ject, which is also known as JS.Scob.Trojan, Scob, and JS.Toofeer) that asks customers to disclose sensitive account information on a pop up screen. The screen attempts to obtain information such as account usernames and passwords, PIN numbers, credit card numbers, ATM codes, etc. This information could potentially be used to perpetrate identity theft or compromise your existing accounts. Please do not enter any information onto this screen (see example below).

In the normal course of business, we would not ask our customers via e-mail or any other means to enter (or record) account information online for any reason. Our best advice is to never provide account information online and do not share your PIN under any circumstance.

If you suspect that the security of your account has been compromised due to the possible disclosure of sensitive or confidential information, please contact our Customer Care Center at 1-800-453-2265 at your earliest convenience.

This is a sample of one type of fraudulent pop-up screen

Important Notice for Online Banking and BankCards Online 06/27/2005 As you may have seen or heard in the news media, there was an information breach at CardSystems Solutions, Inc. Card Systems Solutions is a company hired by retailers to process bankcard transactions made at their businesses and does not work for Commerce Bank, Visa International, or MasterCard International. Commerce Bank actively monitors accounts for potential fraud and will continue to employ fraud detection software to review account transactions. Information like address, date of birth and social security number were not exposed, so we believe there is a low risk of identity theft associated with this situation. In the event there are unauthorized charges on your account, notify us immediately. As long as you notify us promptly after receiving your statement with any unauthorized charges, you will not be held responsible for the fraudulent activity. As always, please review your account transactions carefully and call the number on the back of your card as soon as possible if you notice any unusual activity.