Update Regarding Target® Security Breach
Target announced that more personal information than they originally disclosed was removed from their systems during the data compromise of November 27 through December 15, 2013. This additional information included names, mailing addresses, phone numbers, and email addresses for up to 70 million individuals.
This additional information was fraudulently obtained from Target’s information system. Criminals are trying taking advantage by leveraging Phishing (pronounced fishing), text and phone channels to trick people into providing information such as passwords, social security numbers, driver’s license numbers and bank account information.
Some examples of recent scams;
- Automated Vishing calls: Consumers are receiving automated phone calls from a blocked source stating that their payment cards have been blocked. Cardholders are asked to enter their full card number and PIN or CV2 information to reactivate their card. If the calls go unanswered a voicemail message is left instructing the consumer to contact a number to reactivate their account.
- Text Smishing messages: Text messages referencing compromised cards and suspended accounts are typical. A number is provided within the text message for reactivation. Most messages do not reference a particular financial brand name.
- Be wary of claims that a company is updating its records or those that threaten an account will be closed, suspended or restricted if they don’t receive a response.
Never respond to these emails. Always verify the need for this information by calling or writing Farmers State Bank. Do not use a phone number or address provided by those contacting you. Use a legitimate number you know is correct or use the one from your bank statement, employee business card or phone book.
The most important thing to know is that Farmers State Bank does not ask for or verify personal information through an email. If you ever receive an email that asks for this type of information, call the bank to verify its legitimacy with a bank employee. Also just because an e-mail states the sender’s address, it may not be the true origin of the e-mail. The “from” field of an e-mail can be altered easily.
Rest assured, Farmers State Bank has a very sophisticated fraud detection system in place to monitor and protect your debit card transactions.
Please be sure to review your account activity. If you notice fraudulent card purchases, notify us immediately at (217) 285-5616 and you will not be responsible for any loss from your account. You have zero liability on fraudulent purchases made with your card. To report your card lost or stolen after hours, please call (800) 554-8969.
At Farmers State Bank, we have a variety of techniques to help ensure that your financial information is secure. You too should protect yourself by being aware of the things you can do to minimize your risk of being a victim of identity theft or fraud.
Here are some suggested steps you can take to protect yourself:
- Prevent unauthorized people from using your computer or workstation
- Log off your workstation whenever you leave your computer
- Change your passwords often and never share them with anyone
- The same passwords or security challenge questions should never be used for social media, email and online banking access.
- If you notice suspicious activity, report it immediately
- Install some form of internet security software on you PC and keep it up to date
- Be cautious of e-mails that ask you to verify or submit personal information
- Make sure your browser uses the strongest encryption available and be aware of the encryption levels of the sites and applications you use.
Becoming a victim of Identity Theft is rising dramatically. To prevent identity theft before it occurs, consumers should follow these safe practices.
- Do not carry social security cards in a wallet or purse, but rather in a lock box or otherwise safe location
- Carry only credit cards and checkbooks that are needed on a regular basis
- Never carry PINs and passwords in a wallet along with the cards they activate
- Obtain your credit report regularly and make sure everything is normal
- Close accounts that are not needed or used
- Keep a photocopy of all the contents of your wallet in a secure place such as a lock box so they can be reported easily if lost or stolen
- We’ll never e-mail or call you to ask for any personal information as a requirement for getting additional security to manage your accounts online.
If you’ve become a victim of identity theft, report it to the appropriate parties immediately. File a complaint with the Federal Trade Commission (FTC). Call the FTC’s identity theft hotline tollfree at 1 (877)IDTHEFT (438-4338). Additionally, we suggest you call the fraud departments of all three credit bureaus. Ask them to put a “fraud alert” on your file. This tells creditors to call you before they open any more accounts in your name.
The most important thing to know is that Farmers State Bank does not make a practice of asking for or verifying personal information through an email. If you ever receive an email that asks for this type of information, call the bank and verify its legitimacy with a bank employee. Also, just because an e-mail states the sender’s address, it may not be the true origin of the e-mail. The “from” field of an e-mail can be altered easily.
Consumers should also be wary of claims that a company is updating its records or those that threaten an account will be closed, suspended or restricted if they don’t receive a response. Always verify these types of e-mails by calling a number you know to be a legitimate number for that company, not one obtained from the e-mail.
“Phishing” (pronounced fishing) is when criminals use e-mail to try to lure you to fake websites, where you’re asked to disclose confidential financial and personal information, like passwords, credit card accounts numbers or Social Security Numbers.
The most common type of phish is an e-mail threatening some dire consequence if you do not immediately log in and take action.
You should never respond to these emails. Always verify the need for this information by calling or writing the company. You should obtain an address or phone number from a source you know to be correct such as a statement, business card or phone book.
Fraudulent Emails claiming to be from NACHA:
Fraudulent emails claiming to be from the National Automated Clearing House Association (NACHA) continue to occur. These emails, which are similar to the ones previously reported over the past couple of months, make reference to an ACH transfer, payment or transaction and contain a link or attachment that infects the computer with malicious code when clicked on by the recipient. Do not click on any links or open any attachments within the email!
NACHA has reported that these attacks are occurring with greater frequency and increased sophistication. The contents of these fraudulent emails vary, with more recent examples including a counterfeit NACHA logo and the citation of NACHA’s physical mailing address and telephone number.
NACHA does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.
Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. Please forward suspected fraudulent emails appearing to come from NACHA to firstname.lastname@example.org to aid efforts by security experts and law enforcement officials to pursue the perpetrators.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software application security patches are installed and current.
Fraudulent Email Claiming to be from FDIC
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.
The e-mails appear to be sent from various "@fdic.gov" e-mail addresses, such as "email@example.com," "firstname.lastname@example.org," or "email@example.com."
They have various subject lines such as "Update for your banking account," "ACH and Wire transfers disabled," and "Banking security update."
The fraudulent messages state:
Your account ACH and Wire transactions have been temporarily suspended for your Security, due to the expiration of your security version. To download and install the newest Updates, follow this link. As soon as it is set up, your transaction abilities will be fully restored. Best regards, Online security department, Federal Deposit Insurance Corporation."
These e-mails and links are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT install any related files or software updates.
Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact bank customers, nor does the FDIC request bank customers to install software upgrades.
Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC’s Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to firstname.lastname@example.org. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.
For your reference, FDIC Special Alerts may be accessed from the FDIC’s Web site at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.
The following are online resources recommended for information about online fraud and prevention: