At FCNB, we strive to keep you informed of issues affecting the banking world. Please take the time to read the important articles to protect your privacy, your identity and your assets.
Unbottling the Soda Phish
A recent phishing scam discovered by INKY researchers is an example of how well-known name brands can be used to deceive unsuspecting users. This scam begins with a seemingly harmless email from an employee at PepsiCo requesting a quote to purchase something your organization is selling and includes a malicious file attachment disguised as a Request for Quote (RFQ). An RFQ is a simple way for an organization to ask different suppliers how much they would charge for a specific good or service.
In this phishing attempt, these cybercriminals spoof the email address to appear as if it’s from PepsiCo. They even use an actual PepsiCo employee’s name in some cases. The email uses common business terms to be more convincing. It also has a sense of urgency, threatening a consequence if you don’t quickly respond. This urgency and the recognition of the PepsiCo brand increase the likelihood that you’ll take the bait.
Follow the tips below to stay safe from similar scams:
Avoid opening attachments or clicking links from unsolicited emails.
One of the fastest growing white-collar crimes is identity theft, which occurs when an identity thief gains access to and uses an individual’s personal identifying information without his or her knowledge to commit fraud or theft. You can protect your privacy and minimize your risk of becoming a victim of identity theft by taking the following steps:
Personal Identifying Information
Credit, Debit and ATM Cards
Bank Account and Credit Card Statements
Telephone and Internet Solicitations
PINs and Passwords
Wallets and Purses
Call us immediately at (573) 466-4180 if you believe that you are a victim of identity theft involving one of your FCNB accounts.
Identity theft is one of today’s fastest growing crimes. It occurs when someone steals your personal information and identification. They may open credit card accounts, apply for loans, rent apartments and purchase phone services – all in your name. In many cases, they request address changes so you never see the bills for their activity. These impersonators spend your money as quickly as possible. Most victims never know it until they apply for a loan or receive a call from a collection agency. Clearing your name and erasing the effects of identity theft can be a nightmare and take a great deal of time. You can spend months or even years re-establishing your creditworthiness.
Here are some helpful tips to avoid becoming a victim of identity theft:
Steps to take if you become a victim of identity theft:
Corporate Account Takeover is the business equivalent of personal identity theft. Hackers, backed by professional criminal organizations, are targeting small and medium businesses to obtain access to their web banking credentials or remote control of their computers. These hackers will then drain the deposit and credit lines of the compromised bank accounts, funneling the funds through mules that quickly redirect the monies overseas into hackers’ accounts.
As a business owner, you need an understanding of how to take proactive steps and avoid, or at least minimize, most threats.
Call us immediately at (573) 466-4180 if you believe that your FCNB account has been compromised.
Under a federal law enacted by Congress, every consumer in the United States can now obtain one free credit report every 12 months from each of the three major credit bureaus. Previously, consumers who wanted to obtain their credit report from any of the three major credit bureaus (Equifax, Experian or TransUnion) had to pay for each report. Only those consumers whose loan applications were rejected or who were victims of identity theft could obtain their credit reports for free.
You can obtain your free credit reports by mail, by phone or online from a service that is run jointly by the three credit bureaus. If you order your credit report online, you must print it or save it to your computer, or it will be unavailable once you leave the screen. The free program applies only to the credit report itself. Credit scores are not included in the free credit report but they can be purchased from the credit bureaus for a fee.
Experts strongly recommend that consumers obtain their free credit reports each year and review them for completeness and accuracy to learn about their credit, check for errors in their credit information, and detect identity theft. If something is wrong on a credit report, you can dispute it directly with the credit bureau. When a dispute is filed, the credit bureau has 45 days to respond to the consumer.
You can obtain your free credit reports as follows:
By phone: (877) 322-8228
By mail: Credit Report Request Service
P.O. Box 105281
Atlanta, GA 30348-5281
Protect yourself from Internet and email scams by keeping your private information secure.
At FCNB, your privacy is very important to us. That’s why we want to let you know about an email scam on the Internet called “phishing” (pronounced “fishing”) a technique fraudsters use to lure online consumers to fake corporate Web sites through links sent via email.
The message in the email often warns consumers that their account will be closed if their information is not updated or “verified.” The links within the email are often pointed to Web forms that ask for bank account information, such as routing numbers, account numbers, PIN numbers, passwords and Social Security numbers.
It is FCNB’s policy to not send or request confidential account information through email because it is not a secure form of communication. You should never enter private, personal information in a form that was sent to you by email.
Here are a few ways you can protect yourself from Internet and email fraud (phishing):
FCNB will NEVER request a customer’s personal information (bank card number, account number, social security number, personal identification number or password) through email or by phone. If you should ever receive an email or phone call requesting your personal, confidential information that appears to be from FCNB, DO NOT respond and contact the Bank immediately at (573) 466-4180.
Social Engineering is a technique used to obtain or attempt to obtain secure information by tricking an individual into revealing the information.
Social engineering is normally quite successful, because most targets (or victims) want to trust people and provide as much help as possible.
Victims of social engineering typically have no idea they have been conned out of useful information or have been tricked into performing a particular task.
The easiest way to breach security is to obtain credentials and the easiest way to get that information is to ask someone for it.
The basic goal of social engineering is to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt and compromise computer systems.
What you should do
In the lottery scam, you receive an email notification claiming that you have won an international lottery (Jamaican Lottery, Spanish Lottery, etc.). To claim your winnings, you must contact the claims agent, typically via an email address that is most often from a free provider (e.g., Yahoo, Hotmail, etc.). The agent then sends you a claim form to verify your identity. You must then return the form with your personal details, along with copies of your passport and/or driver’s license to “verify your true identity.” The fraudsters now have enough information to duplicate your identity. In addition, to claim the winnings, you are required to wire funds to the fraudsters to cover the transaction, insurance, tax and legal fees associated with receiving their winnings. The victims are required to transfer the money requested via Western Union. You are now out the funds that you have wired to the fraudsters, and the fraudsters have your personal identification to continue to commit fraud.
The Nigerian Purchase Scam is another form of fraud that is becoming widespread in auction sites and on business’ ecommerce Web sites. A buyer will bid on or seek to purchase big-ticket goods (e.g., cars, boats, etc.) from the Web site. The buyer will “accidentally” overpay the seller, stating they “wanted to make sure there were enough funds for shipping.” The buyer will then ask the seller to deposit the check and refund the amount of the overpayment. The seller will deposit the counterfeit check and send the overpayment to the buyer prior to the check clearing through the international banking system. The seller is out the funds equal to the overpayment. In addition, the seller could be down the value of the shipped goods if those are sent at the same time.
To protect yourself, always be careful when transacting with unknown parties. If you question the legitimacy of a buyer, talk with your branch representative to determine the best way to validate the check and funds prior to shipping any goods or providing a refund for the overpayment.
You get an email or a letter in the mail from a “mystery shopping company” often the name of the company sounds official. Usually there is a check included or a promise to send a check. They tell you to cash the check and complete an assignment at a major retail store. Then they tell you to take the rest of the money that you didn’t spend and send it to another mystery shopper via Western Union. The only problem is that’s not a mystery shopper, that’s the scammer! The check sent to you was not legitimate, but the bank won’t realize it for at least a week. When the check is returned as fraudulent, you become responsible for the charges. Meanwhile, you just sent money to the scammer via Western Union and you’re left holding the bag.
If you receive an email or letter in the mail saying you won a lottery and they send you a check or if you sell something on eBay and the buyer pays with a check, you may think you can just take the check to your bank and cash it.
Unfortunately, you can’t. What’s worse, if you cash it in most states, you may be assisting a criminal in passing a counterfeit check, money laundering or worse. Blank checks are stolen every day from individual mailboxes, homes, businesses and even banks. Counterfeiters and scammers use these checks to create scams and frauds.
What can you do?
If you receive a check in the mail that you are not expecting, DO NOT CASH IT. You should call the issuing bank directly to verify that the account is valid and the check is real.
If you are the victim of a counterfeit check cashing scam, email the FDIC’s Special Activities Section at: email@example.com
If you believe you may have fallen victim to this type of scam and wish to report it, please file a complaint with the U.S. government Internet Crime Complaint Center at: http://www.ic3.gov
or contact them at:
FDIC’s Cyber Fraud and Financial Crimes Section
550 17th St., NW, Room F-4040,
Washington, D.C. 20429