Identity Theft

Helping you protect your most valuable asset, Your Identity!

Act Now! To receive your first month FREE, contact a representative at any of our locations near you.

To learn more click here or click on the Integrity Identity Shield.

Click here to download an enrollment form.

 

Protecting Yourself

At Farmers State Bank, we have a variety of techniques to help ensure that your financial information is secure. You too should protect yourself by being aware of the things you can do to minimize your risk of being a victim of identity theft or fraud.

Here are some suggested steps you can take to protect yourself:

• Prevent unauthorized people from using your computer or workstation
• Log off your workstation whenever you leave your computer
• Change your passwords often and never share them with anyone
• The same passwords or security challenge questions should never be used for social media, email and online banking access.
• If you notice suspicious activity, report it immediately
• Install some form of internet security software on you PC and keep it up to date
• Be cautious of e-mails that ask you to verify or submit personal information
• Make sure your browser uses the strongest encryption available and be aware of the encryption levels of the sites and applications you use.

Identity Theft

Becoming a victim of Identity Theft is rising dramatically. To prevent identity theft before it occurs, consumers should follow these safe practices.

• Do not carry social security cards in a wallet or purse, but rather in a lock box or otherwise safe location
• Carry only credit cards and checkbooks that are needed on a regular basis
• Never carry PINs and passwords in a wallet along with the cards they activate
• Obtain your credit report regularly and make sure everything is normal
• Close accounts that are not needed or used
• Keep a photocopy of all the contents of your wallet in a secure place such as a lock box so they can be reported easily if lost or stolen
• We’ll never e-mail or call you to ask for any personal information as a requirement for getting additional security to manage your accounts online.

If you’ve become a victim of identity theft, report it to the appropriate parties immediately. File a complaint with the Federal Trade Commission (FTC). Call the FTC’s identity theft hotline tollfree at 1 (877)IDTHEFT (438-4338). Additionally, we suggest you call the fraud departments of all three credit bureaus. Ask them to put a “fraud alert” on your file. This tells creditors to call you before they open any more accounts in your name.

Equifax 1-800-525-6285
Experian 1-888-397-3742
TransUnion 1-800-680-7289

Phishing Attack in Progress; Please Read Below and Act Accordingly

We have become aware of phishing emails that reference the “eNFact” product which is used to monitor debit card activity. The email directs recipients to click on a link that takes them to a mock site that we presently believe may install malicious software. This may be a serious threat.

Please review the email below and do NOT open it or click on the link it contains.

The phishing attack is contained in a fraudulent email identical or similar to the one that follows:

-----Original Message-----
From: eNFACT Notifications [mailto:noreply@enfactnotifications.com]
Sent: Thursday, January 26, 2012 11:34 AM
To: Recipients
Subject: eNFACT Case #29018

To protect your account, we monitor your ATM and debit card transactions for potentially
fraudulent activity which may include a sudden change in locale (such as when a U.S.-
issued card is used unexpectedly overseas), a sudden string of costly purchases, or any
pattern associated with new fraud trends around the world.

An eNFACT Case was generated for the cardholder below:

Transaction 1 Information:
A charge on 10/23/2011 in the amount of $438.09 in ITALY Transaction Score: 981
Transaction 2 Information:
A charge on 10/23/2011 in the amount of $513.14 in ITALY Transaction Score: 918
Transaction 3 Information:
A charge on 10/22/2011 in the amount of $0.02 at O RANCH Transaction Score: 37

The eNFACT Case is generated when a suspect transaction is detected. If this
transaction was not initiated by you as the credit card holder please follow the steps as
shown at: http://www.efactnotify.com/

Please be sure to complete the Case Resolution Notification (CRN) Form at (http://www.efactnotify.com/).  If you have any questions, or would like additional information pertaining to this Enfact Case, please contact the Card Processing Center at 800-262-2024.

Please act accordingly now.

 If you have received this phishing attack via email, or if you receive it at any time from this point forward:

1. Do not open the email;
2. Do not click on the link contained in the email; clicking on any of the links contained in the email may install malicious software on your system;
3. Delete the email from your “Inbox” and “Sent Items”.
4. Keep the internet security software on your PC up to date.

Account Takeover Threat Resurfaces

There is a new threat in the Account Takeover space. The Ramnit Worm has resurfaced and is reportedly targeting Facebook users.

The Ramnit worm, which successfully defeated two-factor authentication used to protect online banking accounts and corporate networks in 2011, is now targeting Facebook users. This is particularly concerning to the financial community due to the potentially large number of consumer level accounts that could be compromised. Many individuals use the same passwords to access personal email and Facebook accounts as well as for remote access to corporate networks and online banking accounts.

Researchers believe the cybercriminals unleashing Ramnit are targeting Facebook for multiple reasons. A large number of potential victims exist in Facebook, approximately 800 million potential victims worldwide. Additionally, if an individual uses the same password for multiple applications, gaining his/her Facebook credentials may open the door to online banking accounts, remote access to corporate networks, etc.

What should you do?

Do not use the same credentials for social-based services and your financial accounts.
The same passwords or security challenge questions should never be used for social media, email and online banking access.

What is Ramnit?

Ramnit is a worm that can spread to other computers and reproduce itself without being sent through email or a website. Since 2010, Ramnit has altered to include a Zeus variation which targets online banking credentials, particularly those of consumers. This new version has successfully bypassed two-factor authentication, infecting an estimated 800,000 computers since September 2011.

For additional Information Visit:
Seculert – Cyber Threat Management - http://mashable.com/2012/01/06/ramnit/

Trusteer - http://www.trusteer.com/blog/ramnit-evolution-%E2%80%93-worm-financial-malware

Microsoft’s Malware Protection Center - http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fRamnit

Fraudulent Emails

The most important thing to know is that Farmers State Bank does not make a practice of asking for or verifying personal information through an email. If you ever receive an email that asks for this type of information, call the bank and verify its legitimacy with a bank employee. Also, just because an e-mail states the sender’s address, it may not be the true origin of the e-mail. The “from” field of an e-mail can be altered easily.

Consumers should also be wary of claims that a company is updating its records or those that threaten an account will be closed, suspended or restricted if they don’t receive a response. Always verify these types of e-mails by calling a number you know to be a legitimate number for that company, not one obtained from the e-mail.

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that appear to be from the FDIC and contain an infected attachment.
The fraudulent e-mails have addresses such as "no.reply@fdic.gov" or "notify84zma@fdic.gov" on the "From" line. The message appears, with spelling and grammatical errors, as follows:
Subject line: "FDIC notification"
Message body:
"Dear customer,
Your account ACH and WIRE transaction have been temporarily suspended for security reasons due to the expiration of your security version. To download and install the newest installations read the document(pdf) attached below.

As soon as it is setup, you transaction abilities will be fully restored.

Best Regards, Online Security departament, Federal Deposit Insurance Corporation."

The e-mails contain an attachment "FDIC_document.zip" that will likely release malicious software if opened. These e-mails and attachments are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT open the attachment.

Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact consumers, nor does the FDIC request bank customers to install software upgrades.

Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to alert@fdic.gov. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.

For your reference, FDIC Special Alerts may be accessed from the FDIC's website at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

Phishing

“Phishing” (pronounced fishing) is when criminals use e-mail to try to lure you to fake websites, where you’re asked to disclose confidential financial and personal information, like passwords, credit card accounts numbers or Social Security Numbers.

The most common type of phish is an e-mail threatening some dire consequence if you do not immediately log in and take action.

You should never respond to these emails. Always verify the need for this information by calling or writing the company. You should obtain an address or phone number from a source you know to be correct such as a statement, business card or phone book.

Fraud Alerts

Fraudulent Emails claiming to be from NACHA:

Fraudulent emails claiming to be from the National Automated Clearing House Association (NACHA) continue to occur. These emails, which are similar to the ones previously reported over the past couple of months, make reference to an ACH transfer, payment or transaction and contain a link or attachment that infects the computer with malicious code when clicked on by the recipient. Do not click on any links or open any attachments within the email!

NACHA has reported that these attacks are occurring with greater frequency and increased sophistication. The contents of these fraudulent emails vary, with more recent examples including a counterfeit NACHA logo and the citation of NACHA’s physical mailing address and telephone number.

Please Note:

NACHA does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.

Action:

Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. Please forward suspected fraudulent emails appearing to come from NACHA to abuse@nacha.org to aid efforts by security experts and law enforcement officials to pursue the perpetrators.

If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software application security patches are installed and current.

Fraudulent Email Claiming to be from FDIC

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.

The e-mails appear to be sent from various "@fdic.gov" e-mail addresses, such as "protection@fdic.gov," "admin@administration.fdic.gov," or "service@admin.fdic.gov."

They have various subject lines such as "Update for your banking account," "ACH and Wire transfers disabled," and "Banking security update."

The fraudulent messages state:

"Dear clients,

Your account ACH and Wire transactions have been temporarily suspended for your Security, due to the expiration of your security version. To download and install the newest Updates, follow this link. As soon as it is set up, your transaction abilities will be fully restored. Best regards, Online security department, Federal Deposit Insurance Corporation."

These e-mails and links are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT install any related files or software updates.

Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact bank customers, nor does the FDIC request bank customers to install software upgrades.

Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC’s Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to alert@fdic.gov. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.

For your reference, FDIC Special Alerts may be accessed from the FDIC’s Web site at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

Fraudulent Email Claiming to be from EFTPS

There is a new phishing scam on the rise claiming to be from the IRS. The fraudulent emails asserts that an Electronic Federal Tax Payment System (EFTPS) payment has been rejected, that there has been an error with payment, or that payment still needs to be made. The email message then directs the recipient to a fake website for additional information. This is a fraudulent email. Do not open the email or click on any of the links within the message. If you receive this email or one like it claiming to be from EFTPS, forward it to: phishing@irs.gov.

A sample of the fraudulent email is below:

>>> EFTPS Tax Payment 10/13/2010 12:53 AM >>>

Your Federal Tax Payment ID: 01037555 has been rejected.
Return Reason Code R21 - The identification number used in the Company Identification Field is not valid.
Please, check the information and refer to Code R21 to get details about your company payment in transaction contacts section:

http://eftps.gov/R21
In other way forward information to your accountant adviser.

EFTPS:
The Electronic Federal Tax Payment System
PLEASE NOTE: Your tax payment is due regardless of EFTPS online
availability. In case of an emergency, you can always make your tax
payment by calling the EFTPS.

……………………………………………………………………………………………

EFTPS has posted the following message on their website:

Remember! EFTPS values your privacy and security and will never attempt to contact you via e-mail. If you ever receive an e-mail that claims to be from EFTPS or from a sender you do not recognize that mentions a payment made through EFTPS, forward the e-mail to phishing@irs.gov or call the Treasury Inspector General for Tax Administration at 1.800.366.4484.

To help protect against fraudulent activity, Farmers State Bank continues to strongly recommend that you review your Internet security procedures including, but not limited to:

• Ensure that up-to-date antivirus, antispam and antispyware programs are being used.
• Prevention of keylogger, spyware, and phishing attempts with up-to-date programs.
• Use caution and do not open the attachments or download information from unexpected or spam e-mails.

Remember, we will never ask for account information, login ID, or password in e-mail. Protect yourself against online fraud by taking precautions when you receive unsolicited email.

Additional Resources

The following are online resources recommended for information about online fraud and prevention:

Identity Theft Resource Center

eBay Security Center

Anti-Phishing Working Group

U.S. Postal Service

PayPal Security Center

Federal Trade Commission ID Theft resource page