Recent Scam and Fraud Alerts
Johnson Bank cares about our clients and is providing this information in order to help financial customers become aware of recent fraud alerts.
Alert - Fraudulent/Phishing E-mails Claiming to be from NACHA
Fraudulent Email Claiming to be From the FDIC
The U.S. Small Business Administration Issued a Scam Alert
Heartland Payment Systems Systems Data Compromise
Malware and Bank Fraud
Phishing Attack Uses Pop-up Message on Bank Sites
Cyber Security Basics (.pdf)
Phishing Emails Targeting Online Banking Clients
Lottery Scam
Beware of Bogus IRS Survey Scam
Johnson Bank Phishing Alert 12/2005
IRS Phishing E-mail Scam
Some Privacy Policies are not Private Enough
Credit Card Security Fraud
Debt Elimination Scam
"Phishing" Emails
The Jury Duty Scam – Don’t Become a Victim
View the FDICs Consumer Awareness Training video
Alert - Fraudulent/Phishing E-mails Claiming to be from NACHA
NACHA – The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent e-mail that has the appearance of having been sent from NACHA.
The subject line of the e-mail states: “Rejected ACH Transaction.” The e-mail message may state “The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association.” The e-mail includes a link which redirects the individual to a fake web page which appears like the NACHA Web site and contains a link which is almost certainly executable virus with malware. Do not click on the link. Both the e-mail and the related Web site are fraudulent.
Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
For more information please see the NACHA website at http://www.nacha.org/
Here are some general tips to help protect you from this and similar Phishing attacks:
• Do NOT trust unsolicited email
• Do not reveal personal or financial information over the internet, and do not respond to email solicitations for this information. This includes following links sent in email.
• Be suspicious of unsolicited email messages from individuals asking about employees, or soliciting sensitive client or confidential company information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company. Ask for a reference number and advise the caller that you will contact them at their publicly identified call center number.
• If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including security officers.
• Review antivirus software specific removal guidelines for the malware.
• Keep systems up-to-date with the latest patches and anti-virus signatures.
• Employ the use of a spam filter.
• Create a security-aware culture. This requires the commitment of the executive staff, the involvement of all employees, and effective security policies and procedures for everyone tied to the organization, and a broad awareness and training program.
Fraudulent Email Claiming to be From the FDIC
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.
The subject line of the e-mail states: “check your Bank Deposit Insurance Coverage.” The e-mail tells recipients that, "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets.”
The e-mail then asks recipients to “visit the official FDIC web site and perform the following steps to check your Deposit Insurance Coverage” (a fraudulent link is provided). It then instructs recipients to “download and open your personal FDIC Insurance File to check your Deposit Insurance Coverage.”
This e-mail and associated Web site are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.
The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail. Please see the FDIC web site http://www.fdic.gov/consumers/consumer/alerts/index.html for more information.
SBA Warns of Fraudulent Attempts to Obtain Bank Account Information from Small Businesses
WASHINGTON - The U.S. Small Business Administration issued a scam alert today to small businesses, warning them not to respond to letters falsely claiming to have been sent by the SBA asking for bank account information in order to qualify them for federal tax rebates. Read More...
Heartland Payment Systems Systems Data Compromise
2.9.09 - Johnson Bank received notification that a significant number of Johnson Bank Debit Card accounts may have been affected by a confirmed network intrusion at Heartland Systems. Though this breach occurred outside Johnson Bank, we are proactively communicating to all affected clients by phone and following up by mail. In addition, Johnson Bank Visa cardholders are protected with Visa’s Zero Liability policy and are not responsible for any unauthorized purchases made on their Visa cards. Please contact the Customer Support Center at 888-769-3796 with any additional questions..
Phishing Attack Uses Pop-up Message on Bank Sites
Researchers at security vendor Trusteer have discovered a new phishing method that forces pop-up login messages to appear on legitimate banking Websites. The messages trick users into giving up passwords, account numbers and other sensitive information. Sometimes the messages appear after they have logged into an online banking or other financial website, Trusteer said. Trusteer issued an advisory on their find. The technique is called Session Phishing, and is used after attackers inject malicious code into major browsers. The Trusteer CTO said the method makes phishing attacks more likely to be successful because they try to trick people after they have logged into a legitimate Web site. The CTO said the major browser makers have been notified. Trusteer said the pop-up window sometimes requests the user to retype their username and password because the session has expired, or asks users to complete a customer satisfaction survey or participate in a promotion. Read more...
Phishing Emails Targeting Online Banking Clients
Fraudulent emails are being sent to online banking clients. The scam targets online banking clients by sending emails that appear to be from an official online banking source and is designed to trick the recipient into clicking a link in the e-mail for the purpose of acquiring sensitive data, such as passwords or financial information.
The fraudulent email indicates that the client’s online banking account is about to expire. The client is requested to update or confirm information immediately. Failure to confirm the client’s records may result in the client’s account being suspended. The client is requested to click on the word “here” or a link to update the client’s information.
Never click links or install programs suggested in emails that relate to account activity, even if the email appears to be from an official or familiar source.
Johnson Bank online banking sources will never send client emails containing links to download software or applications or request sensitive data, such as passwords or financial information via an email.
If you receive such an email immediately delete the email and never click on the link or follow the instructions provided.
Lottery Scam
Security has been notified that counterfeit checks bearing Johnson Bank's name are involved in ongoing lottery scams. The targets of the scams have received Final Notification letters indicating that they have won a Consumers Reward Prize in the amount of $38,000.00, $39,500.00, etc. A counterfeit check in the amount of $3,800.00, $3,950.00 etc, accompanies the letter. The check is to be used to cover the taxes or advanced fees associated with the prize. The recipient of the notification letter is requested to deposit the check and make a call to a phone number provided for further clarification and instructions. If you are a recipient of this scam, please fax a copy of the letter and check to Johnson Bank Corporate Security at 262-619-8534. It is recommended that this information is turned over to local law enforcement. Read more details on Lottery Scams.
Johnson Bank Phishing Alert
Recently, we have been alerted about phishing e-mails that have been sent to Johnson Bank clients. These e-mails appear to come from Johnson Bank and attempt to trick clients into believing that their online banking account has been compromised. The e-mail then asks the client to log into the site to verify their account information. The link provided appears as if it comes from Johnson Bank, however, it actually directs clients to a phony Web site. Visitors to this site are then directed to login with their social security and password. Once in, they are asked for personal identification and a credit card number.
Please do not respond to these e-mails. Johnson Bank will never ask you to verify your information through e-mail. If you believe that your personal information has been compromised, please contact the Johnson Bank Customer Support at 888-769-3796.
To ensure your security online you can do the following:
- Always be sure that the site you are on is secure. Check your browser by looking for a closed lock on the lower right hand of the page. A Web site address that begins with https:// is also secure.
- Be wary of unsolicited e-mails or calls asking you to disclose any personal details or card numbers. Keep this information secret. Be wary of disclosing any personal information to someone you don't know. Your bank and the police would never contact you to ask you to disclose PINs or all your password information.
- Always access Internet banking by typing the bank's address into your web browser. Never go to a Web site from a link in an e-mail and enter personal details. If in doubt, contact the bank separately on an advertised number.
IRS Phishing E-mail Scam
E-mail fraudsters are hard at work trying to obtain personal information in order to commit Identity Theft or credit card fraud. The fraudsters have found an easier way to trick people into disclosing their personal/sensitive information by using a U.S. Government Web portal programming flaw. The flaw allows a phisher to redirect URL (Uniform Resource Locators) from the GovBenefits.gov domain to fraudulent Web sites.
The phishing e-mail advises the recipient that the IRS owes them several hundred dollars. The recipient can claim their refund via a Web link that is provided in the email. The e-mail recipient is told in order to avoid being redirected to a bogus site, the recipient should cut and paste the link into their Web browser rather than directly clicking on it.
The link in the e-mail does not take the recipient to a U.S. Government site, but rather a site owned by the fraudster who is anxiously waiting the individual’s social security number, credit card information, and other personal information.
The phishing Web sites are taken down as soon as possible. However, the fraudsters will continue to look and find other security flaws in targeted sites.
Prevent yourself from such an attack:
- Do not open, click on, or cut and paste any unsolicited web links received in emails.
- Contact Johnson Bank immediately if you believe that your financial/account information has been compromised.
Back to top
Some Privacy Policies are not Private Enough
There are organizations on the Internet that offer free services such as e-mail or virus scanning. It is important to be aware that some of these companies have privacy policies that allow them to collect and share personal information about your browsing habits. These companies might also collect secure information from you. In addition, related software may be difficult to uninstall, despite your attempts to do so.
Johnson Bank does not share or sell any customer information to third parties. However, it is important for you to be aware that some of the Internet companies that use technologies to intercept secure information will also have complete access to your personal information. When you accept an agreement with these companies, you are also agreeing that they can share your information with third parties.
What you can do:
1. Always read the contract and privacy policy before agreeing to install any software or use an Internet service.
2. When in doubt, do not accept the agreement.
3. Install spyware programs like AdAware to check your computer for software that collects this type of information.
4. Report suspicious organizations to the Federal Trade Commission.
5. Visit the Federal Trade Commission's identity theft Web site to learn how to minimize your risk of damage from identity theft.
Information about Johnson Bank's Privacy Policy is mailed to our clients annually. In addition, you can read the Johnson Bank Privacy Policy on our Web site.
Credit Card Fraud Alert
Individuals are portraying themselves to be from the credit card Security/Fraud Department are contacting credit card customers to obtain the 3-digit security code listed on the back of the card.
The caller indicates that fraudulent activity has occurred on the customers account. The caller knows the credit card number and other pertinent information, and asks the customer whether the customer authorized a transaction (the transaction never occurred). When the customer responds no, the caller indicates that the transaction will be reversed immediately. To gain the customers trust, the caller tells the customer to call the number on the back of their card and ask for the Security/Fraud Department if the customer has questions. A fictitious control number is given to the customer to provide to the Security/Fraud Department.
The caller then requests the 3-digit security code listed on the back of the credit card next to the calling card number to ensure that the card has not been lost or stolen. Once this information is given out, the caller can begin making fraudulent transactions on the Internet using the credit card number.
Important:
Credit card customers should never give out the 3-digit security code listed on their credit cards unless they have initiated the call or transaction. Anytime a customer receives a phone call or e-mail requesting sensitive credit card information, the customer should end the communication. Then call the 800 number card and request to be connected to the Fraud/Security Department.
Back to top
Debt Elimination Scam
Illegal debt reduction schemes are on the increase. The fraudsters are indicating that customers can have their outstanding debt eliminated through the use of specially prepared legal documents. According to the fraudster, once the documents are completed and presented to the borrower's bank, mortgage company, finance company or other lending institution, the customer's debts will be eliminated. Literature provided by the organizers of the scheme usually question whether or not the customer really has a financial obligation to repay the debt and selectively cites passages from government publications, court decisions, etc. to support the claims. Some literature indicates that this process is "Federal Reserve approved" or approved by another specific government agency.
Debt elimination programs that claim to have the approval of the Federal Reserve or another government agency are totally bogus.
The Federal Reserve does not approve or eliminate debt.
These types of schemes are growing on the Internet. The organizers are charging large up-front fees or commissions based upon the amount of debt. Customers who pay such fees do not have their debts forgiven or reduced, but instead they incur late fees and the risk of foreclosure or other legal action being taken because of non-payment of their loan obligations. The borrower's credit report could also be negatively affected.
If JFG is presented with fraudulent documents as described above, a SAR needs to be filed. Please contact JFG Corporate Security immediately.
Back to top
"Phishing" Emails
Fraudulent e-mails have been sent to many Americans. The e-mails direct recipients to Web sites where they are asked to verify sensitive personal information in order to assist in the fight against terrorism or for some other purpose supposedly required by law. These emails appear to have been sent from government agencies such as the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Securities Investor Protection Corporation and others. The e-mail recipients are directed to Web sites that are similar or clones of official government sites.
Once at the Web site the recipient is requested to update personal information, such as name, account and credit card numbers, passwords, social security numbers and other information. The Web site is bogus.
The name of this scam is "Phishing" (sending a fraudulent email and claiming to be a legitimate company). The con is attempting to gain an individual's personal information in order to commit identity theft.
The Federal Trade Commission developed the following tips that consumers can use to protect themselves for identity theft:
- If you get an e-mail that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the e-mail. Instead, contact the company cited in the e-mail using a telephone number or Web site address you know to be genuine.
- Avoid e-mailing personal and financial information. Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission.
- Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
- Report suspicious activity to the FTC. Send the actual spam to uce@ftc.gov.
If you believe you've been scammed, file your complaint at www.ftc.gov, and then visit the FTC's Identity Theft Web site to learn how to minimize your risk of damage from identity theft.
Back to top
The Jury Duty Scam – Don’t Become a Victim
Scammers have found a new way to commit identity theft by preying on our loyalty as United States citizens.
Here’s how the new scam works: A person claiming to work for the local clerk of courts calls and tells the victims that they have failed to report for jury duty and, as a result, a warrant has been issued for their arrest. The victims protest and rightly explain that they never received the jury duty notification. Then, in order to “verify” that the clerk of courts is talking to the right person, the scammer requests confidential information from the victim.
The scammer may ask for the victim’s Social Security Number, date of birth, credit card numbers (to pay the fine), and other personal information, which is everything the scammer needs to commit identity theft. The jury duty scam has been reported in several states across the country.
This scam works because the victims are caught off guard. Victims are upset because they think they may be arrested. Protecting their confidential information is not at the top of their mind –
victims just want to get the “warrant” dismissed.
Remember, clerk of courts employees will never call you and request your Social Security Number or confidential information. In most cases, the courts follow up with prospective jurors via U.S. mail.
Be cautious: Never provide a caller with your personal or confidential information. The jury scam is just one of the latest attempts to obtain personal information. It does not matter why the scammers are calling (the reasons will change). If you have not initiated the call, do not provide confidential information to the caller.
MEMBER FDIC
|
