Fraud Center: Recent Articles and Alerts

Below are articles about specific threats and known fraudulent scams being reported. For general information please see "Tips for Avoiding Online Fraud".

E‐mail Scams, Spoofing, Caller ID and Spoofing, Phishing, Texts, and Pop‐ups
Online Security: Protecting Your Information and Identity
Beware of Spam: Bogus Emails Sent to US Postal Service Customers
Better Business Bureau Issues Warning About Utility Bill Payment Scam
Detecting Fake Credit Cards
E-mails that claim to be from the FDIC are reportedly in circulation
FS_ISAC Fraud Advisory for Businesses: Corporate Account Take Over
Email Breach at Epsilon
ATM Skimming
Protecting Yourself


E‐mail Scams, Spoofing, Caller ID and Spoofing, Phishing, Texts, and Pop‐ups

Strategies for identifying and avoiding Email Scams, Email Spoofing, Caller ID Spoofing, Phishing, Text Message Scams and Pop-Up messages on websites.

 


Online Security: Protecting Your Information and Identity

Internet fraud is ever-increasing. Cyber-criminals continue to find new ways to gain access to computers in their attempts to steal your personal information. If they succeed it can result in losses to you and/or your business.

 


BankFIRST is doing its part to protect you from fraud. We urge you to do your part, as well.

Read more about steps you can take to safeguard yourself from fraud by downloading the brochures on this page (provided by The Federal Financial Institutions Examination Council (FFIEC).

In 2012, BankFIRST will also be providing educational seminars in various locations. Check with your nearest financial center location for event dates!
 


Beware of Spam: Bogus Emails Sent to US Postal Service Customers

Some postal customers are receiving bogus e-mails about a package delivery or online postage
charges. The e-mails contain a link or attachment that, when opened, installs a malicious virus
that can steal personal information from your PC.  The e-mails claim to be from the U.S. Postal Service and contain fraudulent information about an attempted or intercepted package delivery or online postage charges. You are instructed to click on a link, open the attachment, or print the label.

But Postal Inspectors warn: Don't do it!

Like most viruses sent by e-mail, clicking on the link or opening the attachment will activate a
virus that can steal information—such as your user name, password, and financial account
information.

What to do? Simply delete the message without taking any further action. The Postal Inspection
Service is working hard to resolve the issue and shut down the malicious program.
If you have questions about a delivery or wish to report spam, please call 1-800-ASK-USPS.


Better Business Bureau Issues Warning About Utility Bill Payment Scam

The BBB has issued a nationwide warning about a new scam claiming that President Obama will pay your utility bills through a new federal program.
Consumers have been contacted through telephone calls, fliers, social media, text messages, and word-of-mouth with claims that the federal government is providing credits or applying payments to utility bills.
To receive the money, scammers claim they need the consumer's Social Security and bank routing number and/or account number. In return, customers are given a fraudulent bank routing number to use when paying their utility bills through an automated service.
The payment service initially ‘accepts’ the payment, but then declines it within a few days when the bank account number is discovered to be fake. The consumer's bill has not been paid, and their personal financial information and Social Security number have been compromised.
The BBB has these tips to avoid becoming a victim of this scam:

  • Never provide your social security number, credit card number or banking information to anyone requesting to anyone who calls you, regardless of whom they claim to be representing.
  • If you receive a call claiming to be your utility company and feel pressured for immediate payment or personal information, hang up the phone and call the customer service number on your utility bill.
  • Never allow anyone into your home to check electrical wiring, natural gas pipes or appliances unless you have scheduled an appointment or have reported a utility problem. Also, ask utility employees for proper identification.
  • Always think safety first. Do not give in to high pressure tactics over the phone for information or in person to get into your home.
  • For more information about identity theft scams, please visit the BBB online.
     

Beware of the Dangers Password Reuse Over Multiple Applications

Many online providers have quite a way to go before they are able to properly secure their users, as evidenced by a recent Yahoo security breach - resulting in the leak of nearly half a million passwords. The breach also highlighted the fact that many people continue to place themselves - and their information - in danger by using the same password to access multiple accounts, according to an analysis of the leaked file published July 12, 2012.

Surprisingly, password reuse is an extremely common reoccurance - even after the same password has been breached previously on another site. This demonstrates that despite the dangers, and even when sites are unrelated, there is a high likelihood of password reuse.  Rates for such reuse are often has high as two-thirds of all users based on data analyzed following a breach.

Security professionals previously urged people to use strong passwords with at least eight characters, no common dictionary words and to use the full character set including uppercase letters, numbers and special characters. This often makes such passwords difficult to remember, leading users—if they followed the rules at all—to recycle passwords across accounts.

With people increasingly using online accounts to store data, security experts have focused on getting users to assign unique passwords to every account.

For companies, it's a difficult problem. They cannot police their employees' password use outside the corporate firewall, so businesses need to make sure that their workers follow the rules necessary to allow secure access. To protect important corporate resources, businesses should require a second factor of authentication, such as a one-time password generated by a keyfob or a smart card.

Strong passwords are also imperative because breached online services tend to scramble users passwords, if not always correctly. LinkedIn, for example, used a hash function to secure its password file, which was stolen and published to the internet in June 2012.  Yet the company did not use a technique, known as salting, to further randomize—and thus, secure—the resulting file.

 


 Fraud Advisory for Businesses: Corporate Account Take Over

Cyber criminals are targeting the financial accounts of owners and employees of small and medium sized businesses, resulting in significant business disruption and substantial monetary losses due to fraudulent transfers from these accounts.

Please consult the Fraud Advisory PDF linked to the right for more information.
 


Detecting Fake Credit Cards

Given the faltering economy and the rise of technology, counterfeit, cloned, altered and forged (CAF) cards are up a reported 12% over last year. Today, we give you a quick law enforcement-level primer on how to detect a fake card beyond just matching ID and verifying the card with the processor.


E-mails that claim to be from the FDIC are reportedly in circulation

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.

The e-mails appear to be sent from various "@fdic.gov" e-mail addresses, such as "subscriptions@fdic.gov," "alert@fdic.gov," or "accounts@fdic.gov."

They have subject lines that read: "FDIC: Your business account" or "FDIC: About Your Business Account."

The e-mails are addressed to "Business Customer" or "Business Owner" and state "We have important information about your bank" or "…financial institution." They then ask recipients to "Please click here to find details."

They conclude with, "This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership."

These e-mails and the link included are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT, under any circumstances, provide any personal financial information through this media.

Financial institutions and consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.


Fraud Advisory for Businesses: Corporate Account Take Over

Cyber criminals are targeting the financial accounts of owners and employees of small and medium sized businesses, resulting in significant business disruption and substantial monetary losses due to fraudulent transfers from these accounts.

Please consult the Fraud Advisory PDF linked to the right for more information.


Email Breach at Epsilon

Attention BankFIRST Customers: Please be aware that there has been a breach at Epsilon Interactive, a company that manages marketing and notification services for a wide variety of companies. The companies that use Epsilon range from US Bank to Disney to Walgreens. While BankFIRST is in no way affiliated with Epsilon Interactive, we want to ensure that our customers are made aware of this situation.

The breach exposed millions of email addresses and names of customers. In addition, the breach may provide contextual information about your relationship with a company (i.e. you fill prescriptions at Walgreens). Spammers can use this context to devise an email that looks legitimate.

To be safe, please exercise additional caution when responding to emails:

• Always be skeptical of any email that is asking for personal or otherwise confidential information
• Keep your Windows operating system up to date with patches
• Ensure that your antivirus software is current


ATM Skimming

Look closely at the ATM machine before inserting your card. See if you can wiggle the slot piece where you insert your card. If so this may indicate a skimming device.

Next, look for a brochure holder or other attachment affixed to or near, the ATM machine. See if there is a small hole on the side facing the card slot that may be a camera lens.

If the ATM area typically does not have brochure holders or other attachments on the machine but one appears, this could be a hint a skimming device is in use.

Shield the keypad with your hand. This can prevent a hidden camera or individuals from capturing your PIN.

Keep your ATM receipts, routinely check your bank balance, and report any unauthorized withdrawals immediately.


Protecting Yourself

In order to protect yourself from wire transfer fraud, there are several things that you will need to keep in mind. One of the most important things is that you should only deal with local people when selling something or taking a payment. If someone is contacting you from overseas, you should forget about doing business with them. If you do business with someone locally, you will be able to go to their bank and make sure that a check has cleared before moving forward. In addition to this, it would most likely be in your best interest to avoid any requests that ask you to wire money.