SCAM ALERT FROM THE BETTER BUSINESS BUREAU: Consumers receive fake texts & calls appearing to be from a bank (October 17, 2012)
Consumers prompted to provide personal information
AUSTIN, Texas - Sept. 14, 2012 -- The names of prominent banks, such as Bank of America and Wells Fargo, are fraudulently being used in an attempt to steal consumers personal information. Better Business Bureau reminds consumers to never provide personal information to anyone you do not know.
Consumers are receiving both text messages and phone calls that appear to be from a bank. These texts and phone calls lead consumers to believe there is an issue with their bank account or bank card and immediate action is required.
When called by these scammers, consumers are asked to provide their personal information, such as their Social Security number and bank account information, to "confirm" they are the authorized account holder.
Text messages consumers are receiving provide a number for consumers to call, or a web link. When victims call the number, an automated message claims their debit card has been "limited due to internal security error." It goes on to instruct the consumer to press '1' to avoid debit card suspension. Consumers who do so are directed to enter their 16-digit debit card number.
If you receive a text or call such as these, BBB advises you to:
- Do not give out your personal information.
- If you believe there is an issue with your bank, call them directly.
- Do not respond to the text or click on any links provided.
- Contact your phone provider to block any suspicious numbers the texts or calls are originating from.
- If you have already fallen victim to this scam, contact your financial institution immediately.
To check the reliability of a company and find trustworthy businesses, visit bbb.org.
Fraudulent e-mails claiming to be from the FDIC are in circulation (July 19, 2011)
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.
The e-mails appear to be sent from various "@fdic.gov" e-mail addresses, such as "firstname.lastname@example.org," "email@example.com," or "firstname.lastname@example.org."
They have various subject lines such as "Update for your banking account," "ACH and Wire transfers disabled," and "Banking security update."
The fraudulent messages state:
Your account ACH and Wire transactions have been temporarily suspended for your Security, due to the expiration of your security version. To download and install the newest Updates, follow this link. As soon as it is set up, your transaction abilities will be fully restored. Best regards, Online security department, Federal Deposit Insurance Corporation."
These e-mails and links are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT install any related files or software updates.
Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact bank customers, nor does the FDIC request bank customers to install software upgrades.
Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to email@example.com. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.
For your reference, FDIC Special Alerts may be accessed from the FDIC's Web site at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.
Fraudulent Nacha Emails (May 02, 2011)
The Federal Deposit Insurance Corporation (FDIC) has received reports of a fraudulent e-mail. The FDIC does not issue unsolicited e-mails to consumers or business account holders.
Please consider the intent of this email as an attempt to collect personal or confidential data, or to load malicious software onto end users' computers.
This E-mail And Link Are Fraudulent.
If you should have questions, please contact our Customer Care team at 432.333.9901. Thank you.
Fraudulent Nacha Emails (March 30, 2011)
Several customers have received an email from firstname.lastname@example.org. Although Nacha is a legitimate corporation associated with ACH networks, the emails being sent are not valid and should be deleted if you receive one.
If you should have questions, please contact our Customer Care team at 432.333.9901. Thank you.
Cash Management Users Alert (March 18, 2011)
Because fraud remains at a high level, please make sure that you remember the following:
- NEVER share your tokens or passwords
- Update the virus protection on your computer(s)
- Keep your computer up-to-date with Microsoft patches
- Remember that we will NEVER contact you via phone or email requesting your password. If this occurs, DO NOT tell anyone your password and make sure to call our Customer Care team immediately at 432.333.9901.
For additional preventative measures, please click the link below:
E-mails Containing Malware Sent To Businesses Concerning Their Online Job Postings (January 20, 2011)
Recent FBI analysis reveals that cyber criminals engaging in ACH/wire transfer fraud have targeted businesses by responding via e-mail to employment opportunities posted online.
Recently, more than $150,000 was stolen from a US business via unauthorized wire transfer as a result of an e-mail the business received that contained malware. The malware was embedded in an e-mail response to a job posting the business placed on an employment website and allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company. The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine and two to domestic accounts. The malware was identified as a Bredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan, which is commonly used by cyber criminals to defraud US businesses.
The FBI recommends that potential employers remain vigilant in opening the e-mails of perspective employees. Running a virus scan prior to opening any e-mail attachments may provide an added layer of security against this type of attack. The FBI also recommends that businesses use separate computer systems to conduct financial transactions.
For more information on this type of fraud and prevention tips, please refer to previous Public Service Announcements by clicking the links below:
Anyone who believes they have been a target this type of attack should immediately contact their financial institutions and local FBI office, and promptly report it to the IC3's website at www.IC3.gov. The IC3's complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The IC3 also uses complaint information to identify emerging trends and patterns.
Email Claiming to be from the FDIC (January 10, 2011):
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent email that has the appearance of being sent from the FDIC.
The subject line of the emails state: "Account Insurance from FDIC" or "FDIC Insurance." The email tells recipients that their "account has been denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act." The email goes on to ask recipients to "verify through our IDVerify below," stating that "information will be checked against a federal government database for identity verification." The email says that it is from "Donald E. Powell, Chairman Emeritus FDIC; John D. Hawke, Jr., Comptroller of the Currency; and Michael E. Bartell, Chief Information Officer."
This e-mail and associated website are fraudulent. Recipients should consider the intent of this email as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers and should not click on the link provided.
The FDIC does not issue unsolicited emails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent email.
Fraud Alert (January 6, 2011):
A Security Bank customer was contacted yesterday by the phone number 1-917-555-3321 stating they had won gift cards for previous purchases made. The fraudulent caller stated the last four digits of the card number and the expiration date. It is important to alert our Security Bank Customer Care group at 432.333.9901 as soon as something like this has happened. This is currently an isolated case but it is possible others will be targeted and different phone numbers could be used.
Debit Card Fraud Alert (as of December 21, 2010):
We have been notified that several area bank customers have received calls from an automated system telling them that their debit card has been deactivated and that if they want to reactivate they need to enter their 16 digit card number. This is an attempt at fraud and the phone system will capture the card number once the customer enters it.
Please remember that Security Bank will never call and request you to enter card numbers over the phone and that this is a scam in an attempt to steal your card information. If you have already supplied your card number to the automated call, please call Customer Care at 432.333.9901 to report this immediately.
New Texting Scam! (as of June 8, 2010):
Security has been alerted that numerous people have received a text that reads: "Your dc has been deactivated please call 1-877-600-0224 Credit Union National Ass. to reactivate." Please DO NOT call this number or reply to this text.
We have been notified of a recent scam in which customers and non-customers of SECURITY BANK are being sent an email asking to update their personal information via a link that will take the user to a site that is not SECURITY BANK's site. Please know that SECURITY BANK will never send you an email asking for your personal information. If you receive an email asking you to provide personal and/or sensitive information, do not click on any link and do not send the information. Even if the website and/or email appear genuine - do not continue.
False FDIC Failed Bank Alert
We have been notified of a current email scam in which customers may receive an email claiming it is an alert from the FDIC. This email indicates that your bank has been named on the FDIC's failed banks list and asks you to click a link to download and open your personal FDIC Insurance File to check your deposit insurance coverage.
This email is fraudulent and most likely attempts to install malicious software on your computer if you click the link. If you receive one of these messages, please delete it immediately.
For a copy of the valid list of FDIC failed banks, please go to www.fdic.gov/bank/individual/failed/banklist.html.