Date: December 20, 2013
** Target Compromise **
Active Compromise Investigation
A financial institution has reported that ACH fraud has occurred on an account that participated in the Target Red Card program. Target Red Cards are linked to member's accounts and work like a check by drawing funds from a customer's checking account via ACH. While there is no guarantee that this fraud is directly associated with the Target compromise, it is highly suspicious.
Recommended Actions and Precautions
• If you have a Target Red Card you need to watch your accounts closely for unauthorized ACH transactions. • Customers with questions about their Red Cards can call Target. o In U.S. call: 1.888.755.5856 o From outside the U.S. call Collect 1.612.307.8622
WARNING TO OUR CUSTOMERS
August 22, 2012
Over the course of the last few weeks, residents throughout Tampa Bay have been the target of phone and text message scams in an attempt to acquire personal financial information.
With the use of automated technology, scammer target financial institutions with a large market share in densely populated areas with the hopes that someone will respond and inadvertently provide their personal information.
No reputable financial institution would contact you by phone, text message or e-mail and ask fo your confidential information.
For you security, we offer these tips to help protect you:
- Never respond to a phone call, e-mail or text message which ask you to provide confidential information, such as an account number, credit or debit card number, credit card validation code (CVC), Personal Identification Number (PIN) or Social Security Number.
- Never open an e-mail which seems suspicious. It may contain a virus or spyware for stealing passwords and account information, or have links to a fraudulent website.
FDIC Hit by New Phishing Attack
Fraudulent E-mail Sent Out to Customers
June 3, 2011
The Federal Deposit Insurance Corp. has fallen victim to another phishing attack, according to an e-mail alert sent out to customers.
The fake e-mail, coming from "email@example.com" with the subject line: "FDIC: Your business account," is the second scheme in a month launched by cyberhackers feigning to be from the FDIC. [See Phishing Scheme Uses FDIC.]
This newest attack entices consumers to click a link for details about "important information from your financial institution."
The FDIC warns consumers to consider the e-mails fraudulent.
Fraudulent FDIC Emails Consumer Alert
January 12, 2011
The FDIC has issued a Consumer Alert concerning fraudulent emails that appear to have been sent from Donald E. Powell, Chairman Emeritus FDIC; John D. Hawke, Jr., Comptroller of the Currency; and Michael E. Bartell, Chief Information Officer, FDIC. The subject line of the e-mails reads: “Account Insurance from FDIC” or “FDIC Insurance” and tells recipients that their “account has been denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act.” Recipients are asked to click on a link to verify personal information which will be checked against a federal government database for identity verification. Of course the link is fraudulent, either divulging the personal information to criminals or loading malware on the victim's computer.
Foreclosure Prevention Tool Kit http://www.fdic.gov/consumers/loans/prevention/toolkit.html
This link provides quick access to several resources to help homeowners prevent unnecessary foreclosures and stop foreclosure “rescue” scams that promise false hope to consumers at risk of losing their homes
Information on fake check scams and how to spot them – click here
District Attorney Vance Announces 36 Indictments In Massive Bank Fraud And Identity Theft Case
Posted: September 30, 2010
Cases are Part of an International Cybercrime Ring Under Investigation by the Manhattan District Attorney’s Office and Federal Agencies
Manhattan District Attorney Cyrus R. Vance, Jr., today announced the indictments of 36 individuals for their participation in several large-scale international identity theft and cybercrime rings that stole more than $860,000 from 34 separate corporate and individual victims in the United States. The defendants, foreign students who were in the United States on Exchange Visitor Visas, are charged with opening bank accounts at JP Morgan Chase Bank and other financial institutions in New York County and elsewhere, for the purpose of receiving fraudulent transfers from identity theft victims’ bank accounts. In addition to these indictments, the District Attorney’s Office previously arrested and charged 19 individuals with related crimes. Today’s announcement was made together with the U.S. Attorney for the Southern District of New York, who announced indictments of an additional 34 individuals.
“This advanced cybercrime scheme is a disturbing example of organized crime in the 21st Century – high tech and widespread,” said District Attorney Vance. “These criminals stole from ordinary citizens and businesses using a keyboard—not a gun. The masterminds used social networking sites and other methods to recruit students into their criminal enterprise. The far-reaching results of this investigation to date represent successful cooperation among city, state, federal and foreign law enforcement officials, who worked together for a common goal—to identify and prosecute individuals who commit fraud against New Yorkers and the rest of the nation.”
Of the 36 defendants, who are from the Russian Federation, Ukraine, Kazakhstan and Belarus, all have been indicted on charges of Identity Theft in the First Degree. Thirty-two have also been indicted on charges of Grand Larceny in the Third Degree; three have been indicted on charges of Attempted Grand Larceny in the Third Degree; and one has been indicted on all three charges in addition to Attempted Grand Larceny in the Second Degree. The crimes charged in the indictments occurred between July 19, 2010 and September 15, 2010.
Manhattan U.S. Attorney Preet Bharara said: “The electronic age brings with it many benefits, but also many challenges for law enforcement and our financial institutions. As today’s arrests show, the modern, high-tech bank heist does not require a gun, a mask, a note, or a getaway car. It requires only the Internet and ingenuity. And it can be accomplished in the blink of an eye, with just a click of the mouse. But today's coordinated operation demonstrates that these 21st Century bank robbers are not completely anonymous, and are not invulnerable. Working with our colleagues here and abroad, we will continue to attack this threat at every level, and bring cyber criminals to swift and certain justice.”
The Manhattan District Attorney’s Office and the New York City Police Department initiated an investigation into fraudulent bank transactions in earlier this year. The District Attorney’s Office subsequently collaborated with federal law enforcements agencies to investigate evidence of related criminal activity. According to the indictments announced today, the investigation revealed that individuals from the Russian Federation, Ukraine, Kazakhstan and Belarus had obtained J-1 visas to come the United States and were recruited through social networking sites and newspaper advertisements to open bank accounts in United States banks for fraudulent purposes.
The victims’ bank account information was obtained through the use of “malware,” which was surreptitiously planted in victims’ computers enabling accomplices overseas to steal personal identification information relating to the victims’ bank accounts. This information was then used to fraudulently transfer money from the victims’ bank accounts into the bank accounts set up by these defendants. Ultimately, the defendants withdrew or attempted to withdraw the money from their accounts in order to provide a portion of these funds to their accomplices.
Using this method, these 36 defendants stole more than $868,000 from a total of 34 individual and corporate identity theft victims. (See a diagram of the bank fraud and identity theft operation.) The 19 previously arrested defendants stole from at least 14 individual accounts a total of approximately $100,000.
District Attorney Vance offered these tips that consumers can take to protect themselves, in addition to regularly changing their passwords:
1. Make certain your anti-virust software is up to date.
2. Be wary of responding to emails from unknown or unexpected senders, or unusual government addresses.
3. Have network administrators perform regular audits of active programs that are reporting dates to outside sources.
4. Install state-of-the-art firewalls.
5. Have your hard drive checked by a professional and replace it if necessary.
 The charges contained in the indictments are merely allegations, and the defendants are presumed innocent unless and until proven guilty.
Additional news available at: www.manhattanda.org
Posted: September 11, 2009
Reports of SMiShing attacks (also known as text phishing), have impacted cardholders of financial institutions located primarily in the eastern region of the U.S.
SmiShing is a type of social engineering that uses cell phone text messages to persuade victims to provide personal information such as card number, CVV2, and PINs. The text message may contain either a website address or more commonly, a phone number that connects to an automated voice response system, which then asks for personal information.
The following are examples of SMiShing messages recently sent to cardholders:
Text message originating from either notice@jpecu or message@cccu:
ABC CU- has- deactivated-your-Debit_card. To-reactivate-contact:210957XXXX
This is an automated message from ABC Bank. Your ATM card has been suspended. To reactivate call urgent at 1-866-215-XXXX
Text message originating from firstname.lastname@example.org:
email@example.com/VISA. (Card Blocked) Alert. For more information please call 1-877-269-XXXX.
Although we may ask for personal information to confirm identification such as the cardholder’s name, date of birth and/or last four digits of a social security number, we will never ask for CVV2 or a PIN.
Attorney General: Beware of Visa E-mail
Posted: April 9, 2009 11:33 AM EDT
Kansas Attorney General Steve Six is warning about a new e-mail scam that looks like its from credit-card company VISA. The e-mails claim to be from VISA and highlights the "verified by VISA" fraud-protection program.
The e-mail says all VISA customers will be required to enroll in the program or they won't be allowed to make on-line purchases. A form is attached asking for the customer’s credit card information. The e-mail is a scam.
The Attorney General says, while the "verified by VISA" program is legitimate, it is NOT a requirement for VISA card holders. Six also says that VISA will not contact customers by e-mail, or ask for any personal information by e-mail or phone.
If you have received a similar e-mail, you can contact the Attorney General's Consumer Protection Division at 1-800-432-2310.