The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.
The e-mails appear to be sent from various "@fdic.gov" e-mail addresses, such as "email@example.com," "firstname.lastname@example.org," or "email@example.com."
They have various subject lines such as "Update for your banking account," "ACH and Wire transfers disabled," and "Banking security update."
The fraudulent messages state:
Your account ACH and Wire transactions have been temporarily suspended for your Security, due to the expiration of your security version. To download and install the newest Updates, follow this link. As soon as it is set up, your transaction abilities will be fully restored. Best regards, Online security department, Federal Deposit Insurance Corporation."
These e-mails and links are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT install any related files or software updates.
Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact bank customers, nor does the FDIC request bank customers to install software upgrades.
Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to firstname.lastname@example.org. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.
For your reference, FDIC Special Alerts may be accessed from the FDIC's Web site at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.
Sandra L Thompson
Division of Risk Management Supervision
NOTE: As a security precaution, the FDIC does not post to its Web site electronic images of fraudulent items that have been counterfeited. This is to avoid attempts by others to use these instruments to facilitate additional fraud. Financial institutions can view images of the fraudulent items using the FDIC's free, secure Web site, FDICconnect. (See more information about FDICconnect at http://www.fdic.gov/news/news/financial/2006/fil06032.html.) Printed copies of each Special Alert and its attachment(s) may also be obtained from the FDIC's Public Information Center (telephone: 1-877-275-3342 or 703-562-2200; fax: 703-562-2296; or e-mail: email@example.com).
Please click this link to view our Privacy Notice
Identity Theft Awareness
Identity theft involves acquiring key pieces of your identifiable information, such as your name, address, date of birth, social security number, or mother's maiden name in order to commit fraud. With this information, a thief can do such things as take over your financial accounts, open new bank accounts, purchase automobiles, apply for loans, credit cards, and social security benefits, rent apartments, and establish services with utility and phone companies.
Ways Identity Thieves Can Acquire Your Information
- stealing your wallet, purse or checkbook
- removing mail from your mailbox, either incoming or outgoing
- dumpster diving – going through your trash
- phishing – obtaining information by email scams or fraudulent websites
- hacking – illegally gaining access to computer systems with personal or financial data
- pretext calling – using false pretenses to obtain information via telephone
More on Phishing
When consumers receive emails requesting updated billing or personal information that seems legitimate, often it isn't. Some emails are designed to trick you into revealing your private information, such as your social security number, bank account number, or debit card number. This practice is known as "phishing".
To make these emails seem more realistic, the "phisher" often disguises himself under the logo of a known company or under the name of a trusted source such as the FDIC, a bank or an internet service provider.
If you get an email that warns you one of your accounts will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead report the suspicious activity to the company where you maintain the account and the Federal Trade Commission immediately at 1-877-ID-THEFT.
Next, review and verify credit card and bank statements as soon as you receive them. Report any suspicious activity through the Federal Trade Commission website www.consumer.gov or call 1-877-ID-THEFT. Internet fraud complaints can be filed with the FBI.
How to Protect Yourself from Identity Theft
Two key areas to protect yourself from Identity Theft are:
Protect your phone
- Don't give out financial information or other personal information such as your social security number over the telephone unless you initiated the call and you know with whom you are dealing.
- If you receive any telephone inquiries, such as asking you to confirm or verify your bank account information, contact the bank and speak with an employee to confirm that the call is legitimate.
- To prohibit telemarketers from calling you, register your home and cell phone numbers with the Federal Do Not Call Registry by calling 1-888-382-1222 or www.donotcall.gov.
Protect your Personal Information
- Never routinely carry important documents such as social security cards, passports, or birth certificates in your purse or wallet. Keep important documents in a safe place at home or in a safe deposit box at the bank. Only carry them when you need them.
- Don't write your personal identification numbers (PIN) down. Instead, memorize them. Refrain from printing your social security number or credit card numbers on your checks.
- Promptly notify the bank and other creditors when you have a change of address. Contact creditors if your regular monthly or quarterly bills do not arrive when expected.
- Shred any receipts, financial statements, documents, bank statements and credit card bills prior to disposing of them. This includes pre-approved credit offers as well.
- Report lost or stolen checks immediately by calling 618-244-3000 so we can stop payment on the checks. Don't leave new check orders in your mailbox for extended periods of time and verify new deliveries have not been tampered with.
- Notify us promptly if your Visa debit card has been lost or stolen. Contact the main office at 618-244-3000.
- Protect your new, current and canceled checks. Always store checks in a safe place. When canceled checks have reached maximum retention, shred them prior to disposing of them.
- Review bills carefully. If they include suspicious items, investigate them immediately to head off any possible fraud before it occurs. Also, as much as you hate to receive bills in the mail, be sure they are arriving on time. If not, contact the company to find out why. Someone may have put a false change of address notice on you to divert your personal information to another address for his or her access.
- Never leave your checkbook, wallet or other personal information unprotected--even when you are at home. Workmen, contract laborers you may engage, or others that enter your house should not be able to gain access to your personal or financial information.
- Reconcile your banking statement immediately to assure your account activity is correct. Contact your local Community First Bank if any unauthorized transactions have occurred. Consider signing up for online banking as you will be able to monitor activity on your accounts 24x7 anywhere an internet connection is available.
- Review your credit report from the three major agencies at least annually to confirm there were no unauthorized credit inquiries made or accounts opened in your name. As part of the Federal Fair Credit Reporting Act, you are entitled to an annual free credit report from each of the three nationwide consumer reporting agencies through www.annualcreditreport.com or by calling 1-877-322-8228. You can obtain a copy of your credit report at any time for a small fee through these three major credit bureaus.
Major Credit Reporting Agencies
Equifax 1-800-525-6285 www.equifax.com
Experian 1-888-397-3742 www.experian.com
TransUnion 1-800-680-7289 www.tuc.com
Actions to Take if Your Identity Is Stolen
1. Immediately contact your bank and credit card providers by calling the phone number listed on your statements.
2. Contact the Federal Trade Commission (FTC) by one of the following methods:
- Internet – www.consumer.gov
- Phone – 1-877-ID-THEFT (438-4338)
- Mail – Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Ave., NW, Washington, D.C. 20580
- The FTC is the clearinghouse for identity theft complaints and provides an ID Theft Affidavit which you should complete as soon as possible after you become aware of the fraud. Completing this affidavit can help protect you from responsibility for fraudulent charges on your accounts.
3. Contact the fraud division of the three major credit reporting agencies and request that a "fraud alert" be placed in your file. Ask that no new credit be granted without your approval. Request a copy of your credit report.
Fraud Division of Major Credit Reporting Agencies
4. Cancel all accounts that have fraudulent activity or are at risk.
5. Contact your local law enforcement agency.
6. If your mail has been stolen, contact the U.S. Postal Service.
7. Keep detailed records of all events once you ascertain that your identity has been stolen. Include names, telephone numbers, and the date and time you made contact with individuals or companies requesting assistance in recovering your good name.
Email and Website Fraud Awareness
Some customers may receive email messages that appear to be from Community First Bank that request confidential personal information. These email messages are disguised to look like a Community First Bank message, but are not.
Community First Bank does not solicit confidential customer information this way. These messages are fraudulent and they are not from the bank. If you happen to get one, do not respond to it.
If you have already responded to one of these messages, or have logged on to a site that appeared to be Community First Bank's online site after following a link in one of these, please call the bank immediately at 1-618-244-3000.
Con artists and scams are an unpleasant fact of life, and to criminals the Internet is just another way to take advantage of the unsuspecting. While electronic fraud has become a real problem in recent years, a little knowledge is all you need to protect yourself and your identity.
What You Need to Know
Electronic fraud is just like any other type of fraud, it's a criminal pretending to be someone they're not. In the electronic world, this can mean emails with forged addresses or websites that are designed to resemble legitimate businesses. These false solicitations always have one thing in common, they ask you to provide personal information, often by asking you to "update your account information" by providing social security numbers, credit card numbers, or other information. Once they have this information, it is easy for an experienced criminal to create a false identity for himself, using your name, and your credit.
While the technology behind these crimes is complex, preventing them is easy. Never give out sensitive personal information online unless you're absolutely certain you can trust the site, and never send out sensitive information in an email.
All electronic contact with Community First Bank, where we request sensitive account information, is done either from our SecureMessage contact site or inside the secure message feature of Community First Bank's Online Banking. If you are uncomfortable with transmitting any financial data online you always have the option to contact us by phone or visit your local Community First Bank.
Avoid Electronic Fraud
Keep these simple rules in mind and you will be better equipped to protect yourself.
- Never send sensitive personal or financial information through email.
- Don't follow links in an email asking for sensitive personal or account information, even if it looks like the source is one you know.
- Ask questions. If you're suspicious, call the company that the email appears to be from and ask if it is legitimate.
- Install anti-virus software on your computer and keep it up-to-date. Anti-virus programs help protect your computer against most viruses, worms and Trojans that can infect your computer. Most anti-virus software companies provide updates from their websites. Some of the most popular programs are: McAfee VirusScan and Symantec's Norton AntiVirus.
- Download and use a pop-up blocker from a legitimate source. Some pop-up ads could contain viruses or other harmful software that can record your keystrokes or relay information to another source.
- Equip your computer with either a software firewall or a hardware firewall. A firewall will allow you to limit unauthorized access to your computer.
- Keep your computer operating system, Web browser, and security settings up-to-date. Security patches and updates are usually available from the software vendor's websites. Scan your computer for spyware regularly. Spyware is a computer program which can be installed on personal computers, usually without your permission, which may collect information about your website activity and send it back to another source.
- Only keep your internet connection active when you are using it.
- Turn off your computer when you are not using it.
- Never share your PIN, account number, or password.
- Do not open email attachments unless you can trust the source.
- Never access sensitive information from Internet cafes, public libraries, etc.
You can read more about electronic fraud or report suspicious email activity at the Federal Trade Commission website www.consumer.gov.
Online Security Awareness
Community First Bank is committed to protecting the security of our customer's personal information, including when it is transmitted online. Therefore, Community First's online banking and other online services utilize advanced internet security technology to protect your personal financial information against unauthorized access. We will never request personal information via e-mail or pop-up windows. Even with the bank's robust security system in place, there are additional steps you can take to further protect your financial and personal information.
User ID and Password
To access certain online services, you have been assigned a unique user ID and password that is for your use only. Your user ID and password are designed to protect you by confirming your identity to the computer network systems. To prevent unauthorized access to your accounts, it is very important to keep your user ID and password confidential.
Here are some steps to take to protect your user ID and password:
- Do not write down your password and tape it to your computer monitor, the bottom of your keyboard, under your mouse pad, or any other place near your computer.
- Change your password periodically (monthly or quarterly).
- Change your password immediately if it becomes known, or you suspect it is known, by anyone else.
- Never give your password to anyone over the phone, regardless of the circumstances.
Selecting Strong Passwords
The objective when creating a strong password is to make it as difficult as possible for anyone to make an educated guess about what you have selected, yet, it should be developed in a manner that makes it simple to remember without writing it down.
Words to avoid when creating passwords:
Do not use your (or any family member's) name, nickname, or initials in any form (forwards or backwards spelling).
Do not use your User ID in any form.
Do not use other information that can be easily obtained about you. This includes birth dates, telephone numbers, license plate numbers, social security numbers, street addresses, or the brand of automobile you drive, etc.
Do not use all the same character (i.e. 444444) or consecutive keys on a keyboard (i.e. QWERTY).
Do not use words that would appear in a dictionary (English or other), as they can be easily compromised by password cracking programs that use electronic dictionaries.
Tips for Choosing Good Passwords
Develop a method of creating passwords that makes it easier for you to remember. You want to avoid writing it down.
You can use a line in a favorite song, poem, or movie and select the first letter of each word to create your password. Also include at least one number. For example, "The early bird catches the worm" becomes the password 1TEBCTW.
Use a word that you can easily remember, but remove the vowels and replace them with numbers. For example, the word Summer becomes the password S2MM3R.
Always log off the system after you have completed your business. As an added level of protection, Community First Bank's online banking has a timeout feature that automatically terminates your session after an extended period of inactivity.
For additional protection, access to Community First Bank's online banking will be denied or locked after three unsuccessful login attempts.
Encryption is the process where information is transformed or coded into a form that is unreadable to anyone except those who possess the decryption key. This process prohibits unauthorized individuals from intercepting and viewing the information and is also referred to as a "secure session".
You can tell your online session with Community First Bank is secure through the following:
- An unbroken key or a locked padlock icon will appear at the bottom of your browser screen.
- The website address at the top of your browser screen will change from "http" to "https".
- You will be required to utilize a User ID and password to gain access to the site.
Firewalls are an additional security mechanism the bank uses to protect your account information. A firewall acts as a barrier between the Internet and the bank's internal network system, permitting only specific traffic to pass in and out.
Email transmitted across the Internet is normally not protected and may be intercepted and viewed by others. You should, therefore, refrain from sending any confidential or private information via email to Community First Bank. We will not ask you to send confidential information to us via email, such as your user ID, password, account numbers or social security number.
Community First Bank utilizes the most up-to-date technology to protect our internal systems and your personal financial information from computer viruses. Malicious viruses can sometimes be used to gain access to your personal computer. For protection of your personal system, Community First recommends you implement the following:
- Purchase and install antivirus software such as McAfee's VirusScan or Symantec's Norton AntiVirus to detect and eliminate potential viruses on your computer. For more information on virus detection software, visit McAfee Security or Symantec websites.
- Consider purchasing antivirus software that automatically scans for virus updates whenever you go online. If your software does not have this feature, update your antivirus software at least weekly by contacting your antivirus vendor to obtain the most current antivirus signature files.
- Do not open email attachments or downloaded files without first saving them to your hard disk (C: drive). Your antivirus software should be configured to scan each file when it is saved and when it is opened.
- Never open email attachments from individuals you do not know – simply delete them.
- Use caution with email attachments, even if you know the sender. If you were not expecting the message or if you have any suspicions, contact the sender and confirm that they did indeed send the message.
Malware Frequently Asked Questions
Malware is an attempt to trick you by popping up fraudulent login screens in order to acquire sensitive data such as your username, password, challenge questions or other information. A new version of malware targets online banking customers and primarily uses false login windows, or anything that looks different on a login window. These could be signs that your computer has been affected by malware. As a general precaution, it is best to close all other browser sessions and tabs before logging into a banking session.
1. What is malware?
Malware is a general term that refers to any kind of computer software designed to infiltrate or damage a computer system without the owner's knowledge or consent. The word Malware is derived from the words malicious and software. Malware includes computer viruses, worms, Trojan horses, spyware and many other malicious and unwanted software types.
2. How does malware occur?
Malware can infect your computer through many ways, including pop-up messages that ask you to download things, infected websites, links in web pages or emails, and many other methods that can sometimes be invisible to you. Malware is often used in conjunction with a phishing scam.
3. What are the impacts of malware?
Malware, at a minimum, is a nuisance, sometimes displaying unwanted advertising or using your computer to send spam. At its worst, malware has the potential to steal personal and financial information ranging from browsing habits to email address lists to online banking passwords and even identity theft.
4. How can I protect my computer from malware?
While there is no single fool-proof method, keeping your anti-virus software up to date and running and your operating systems and applications updated with the latest patches from the manufacturers will certainly help. Other common suggestions include exercising extreme caution with email links and attachments, using firewalls to protect information on your personal computer, and watching for login windows or messages that appear strange or different which could be a sign that your computer has been affected with malware.
5. What should I do if I am affected?
First and foremost, you should contact your anti-virus software support line for assistance. Take the steps as recommended by them and always remain vigilant to the risks malware, phishing and other suspicious activities can create.