|
Current Security Alerts
Remember: Never provide personal or confidential information - always protect yourself and your accounts!
April 2: Global Payment, Inc. Breach
You may have recently read about the Global Payments, Inc. card breach and have some questions about how this might affect you. Global Payments, Inc. is a card processor for debit, credit and gift cards. While the full details are yet to be disclosed, what is known is that this company was breached by criminals earlier this year and are working to determine what card information was stolen. First Merchants wants you to be aware that:
- First Merchants was not breached, but Global Payments, Inc. was breached. Global Payments, Inc. is one of the large companies that handles card processing for MasterCard and Visa regardless of who issued the cards.
- We are aware of the situation with Global Payments, Inc. and the situation is being monitored.
- As we become aware of any First Merchants debit cards that are potentially compromised, we will replace them using our normal processes.
- Any First Merchants credit cards identified as potentially compromised will be replaced. If you have specific concerns regarding your First Merchants credit card, contact Elan at 1.800.558.3424.
Additionally, any time a large breach like this occurs everyone should be mindful of scams that occur as a result:
- Criminals normally begin sending phishing emails and other social engineering schemes such as phone calls, texts and physical letters to attempt to convince you that you were compromised and need to respond and provide them confidential information that they should already have. Do not respond to unsolicited requests for your information.
- Closely monitor your accounts on all your credit and debit cards for fraudulent activity. Report suspecious activty to your financial institution or card distributor.
- Monitor your free credit reports at annualcreditreport.com to ensure no one is taking credit out in your name.
March 20: Phishing Phone Call Alert
There are reports that fraudulent phone calls are being made by criminals that are recordings purporting to be from First Merchants. This is a common phone phishing scam that the criminals use in which the pose as a financial institution. The phone call is normally a recording that directs the recipient to press a number (usually 1) and provide information regarding their debit cards and potentially other information.
Be aware that this is fraudulent. No financial institution is going to make an unsolicited phone call requesting your confidential information. If you receive one, hang up the phone. If they have received the call and provided your card information or any other account information, contact Customer Service at your financial institution so the appropriate steps can be taken to protect your accounts.
February 28, 2012: OCC Scam Alert
Fictitious correspondence, allegedly issued by the OCC regarding funds purportedly under the control of the Office of the Comptroller of the Currency (OCC) and other government entities, is in circulation. People have received the correspondence by email, fax and postal mail.
Any document claming that the OCC is involved in holding any funds for the benefit of any individual or entity is fraudulent. The OCC does not participate in the transfer of funds for or on behalf of, individuals, business enterprises or governmental entities. The communication may indicate that the funds are being held by the OCC, the U.S. Department of Homeland Security or the U.S. Department of Justice because of the need for payment of a revenue charge to the IRS.
The communication also attempts to elicit funds from the receiver and to gather confidential information.
The OCC recommends the following minimum action if you receive unexpected communication such as this:
- Contact the OCC directly to verify the legitimacy of the communications through the following methods:
email – occalertresponses@occ.treas.gov
Mail – OCC Special Supervision Division, 250 E St SW; Mail Stop 2-7, Washington, DC 20219
Fax – 202-874-5214
Phone – Special Supervision Division 202-874-4450
- Contact state and/or local law enforcement
- File a complaint at the ic3.gov if the communication appears to be fraudulent and was received by e-mail or from the Internet
- File a complaint with the U.S. Postal Inspector Service. 888-877-7644
For more information, visit occ.gov.
February 28, 2012: FBI Warning - New Variation on Telephone Collection Scam Related to Delinquent Payday Loans
The Internet Crime Complaint Center (IC3) continues to receive complaints from victims of payday loan telephone collection scams. The typical payday loan scam involves a caller who claims the victim is delinquent on a payday loan and must make payment to avoid legal consequences.
Callers pose as representatives of the FBI, “Federal Legislative Department,” various law firms, or other legitimate-sounding agencies and claim to be collecting debts for companies such as United Cash Advance, U.S. Cash Advance, U.S. Cash Net, or other Internet check-cashing services. The fraudsters relentlessly call the victim’s home, cell phone, and place of employment in attempts to obtain payment. The callers refuse to provide information regarding the alleged payday loan or any documentation and become verbally abusive when questioned.
The IC3 has observed variations of this scam in which the caller tells the victim that there are outstanding warrants for the victim’s arrest. The caller claims that the basis of the warrants is non-payment of the underlying loan and/or hacking. If it’s the latter, the caller tells the victim that he or she is wanted for hacking into a business’ computer system to steal customer information. The caller will then demand payment via debit/credit card; in other cases, the caller further instructs victims to obtain a prepaid card to cover the payment.
The high-pressure collection tactics used by the fraudsters have also evolved. In one recent complaint, a person posed as a process server and appeared at the victim’s job. In another instance, a phony process server came to a victim’s home. In both cases, after claiming to be serving a court summons, the alleged process server said the victim could avoid going to court if he or she provided a debit card number for repayment of the loan.
If you are contacted by someone who is trying to collect a debt that you do not owe, you should:
- Contact your local law enforcement agencies if you feel you are in immediate danger;
- Contact your bank(s) and credit card companies;
- Contact the three major credit bureaus and request an alert be put on your file;
- If you have received a legitimate loan and want to verify that you do not have any outstanding obligation, contact the loan company directly;
- File a complaint at IC3.gov.
- Information from
www.fbi.gov/scams-safety/e-scams
January 30, 2012: Fraudulent Email Balance Requests
The FBI has released a fraud alert involving email intrusions to facilitate wire transfers to foreign countries. This expands on the current alert in this section, dated January 24, 2012. The characteristics of the fraud are:
- A business or consumer’s email account is compromised. Normally this would be done by malware on a PC owned by the business or consumer or instances in which the customer has answered a fraudulent fax from a credit agency. The criminals are also creating fake email addresses that are just slightly different than the customer’s real email address.
- The financial institution, broker/dealer, credit union or other institution receives an email that appears to be from the business or consumer requesting their account balance.
- If the request is responded to with the balance amount, a fraudulent wire transfer is requested. Many times the request is by email, but there have been reports in which the request has come in as a fax as well.
- The FBI has seen fraudulent wire requests range from $17,500 to $183,000.
- The criminals are able to produce documents by copying the customer’s signature from other documents obtained via fraudulent faxes or compromised email or PC accounts.
What do you need to do?
- Follow best practices to protect yourself and your confidential information.
- If you receive an unsolicited fax, email or even a text or phone call from an organization requesting your confidential information, it is not real and you should not respond to it.
- If you think it is real, call the company and verify, but do NOT call the phone number listed on the request, look up the number from other sources.
- If you believe you are a victim of cyber crime, contact your local FBI field office or file a complaint online at IC3.gov
January 24, 2012: Fraudulent Equifax Request for Information
Be aware of fraud activity involving a physical fax that appears to be from Equifax, the credit agency. The fraud occurs through these steps:
- The fax tells the recipient that Equifax needs their bank account number, fax number to their banking center and other information.
- The fax then instructs them to sign the form and fax it back to them.
- The criminal then takes the information, copies and pastes the signature onto a fake wire request that is faxed to the person’s bank hoping the bank will process the request.
What do you need to do? If you receive an unsolicited fax, email or even a text or phone call from Equifax or other organization requesting your confidential information, it is not real and you should not respond to it.
January 17, 2012: Website Blackouts Protesting Web Piracy Legislation
You may have heard about bills in the U.S. Senate and Congress intended to protect intellectual property and jobs named, respectively, the Protect Intellectual Property Act (PIPA) and Stop Online Piracy Act (SOPA).
Opponents argue that provisions in the bills allow websites to be identified as violators and blocked without due process, curtailing free speech and jeopardizing the future of some web-based businesses. In protest, several companies are planning a day-long blackout of their websites on Wednesday, January 18. The most prominent website so far is Wikipedia.
There is a potential for phishing emails over the next few days trying to direct you to information or to access alternative websites. You can be certain that they will all be fake and should be immediately deleted.
January 17, 2012: Zappos Online Shoe Store Breach
Zappos announced that a breach was discovered and 24 million accounts have been compromised of information including names, email addresses, billing and shipping addresses, phone numbers, the last four digits of credit cards and encrypted passwords.
If you are a customer of Zappos, go to their website for more information and read other news reports about it.
Criminals normally use the information to send targeted phishing email, phone calls, texts, etcetera, since they have your contact information and can fashion convincing lies to trick you. Be on your guard and don’t trust those unexpected emails.
January 6, 2012: Trusteer Warns of New Malware Strain
Trusteer is alerting consumers to a new strain of the malware SpyEye Trojan that attempts to make it difficult to detect fraud by masking what you see. The best protection is to implement layers of controls to prevent malware infection of your PC(s). Everyone is encouraged to take the appropriate steps to prevent infection of your PC's and to check your accounts often (daily is recommended) from different sources such as other PC's, ATM's or your banking center. For tips and best practices for protecting yourself and your business, click on one of the "Prevent Fraud" links on the right side of this web page.
November 21, 2011: Washington WARNING Phishing Scams on the Rise
The American Bankers Association is warning consumers not to fall victim to a sudden increase in phishing scams that have been reported in states around the country.
According to reports, perpetrators are using automated dialers, text messages or e-mails to misinform consumers that their accounts have been closed due to fraud. Consumers are then prompted to enter in their card information, including expiration number and three-digit CV code on the back of the card, in order to reactivate their accounts. Those who respond to these inquires run the potential risk of having their information used to fraudulently purchase goods, and services or to obtain credit. Just delete the e-mail and call your bank if you have a concern. Look up the phone number yourself, do not call any phone numbers on the e-mail, text or from the dialer.
November 17, 2011: Multiple Phishing Scam Alerts
The OCC (Office of the Comptroller of the Currency) has released the following alerts. Both alerts are referring to phishing scams. If you receive these, be assured that they are fraud attempts and should be deleted or destroyed.
The first alert regards a fraudulent website: helpwithmybank.com. This website will attempt to install malware on your PC. The legitimate site is helpwithmybank.gov. When someone clicks the link or tries to access helpwithmybank.com, the malware is installed and then they are redirected to helpwithmybank.gov in an effort to trick the person to thinking everything is fine. Any communication that directs you to the fraudulent website should be deleted.
The second alert is regarding a physical letter and potential e-mail is being circulated to various financial institutions that purports to be from PNC bank and is a bank comfort letter. The letter is for the benefit of Nigerian National Petroleum Corporation. The letter references a purported contract with a potential reference number of OZ/NNPC/BLCO/AUG11 relative to Oznomics. This letter or any other document relative to this matter is not a genuine bank document, has not been authorized by PNC Bank, N.A., or any of its affiliates (together or individually, PNC), and is not a legal, valid, or binding obligation of PNC. Destroy the physical letter and delete any electronic communications.
October 6, 2011: and School District ACH Fraud Alert
The Indiana Bankers Association has learned of an issue regarding ACH Fraudulent activity that we want to make you aware of. According to the Indiana State Board of Accounts, there have been a series of Fraudulent ACH transactions against various Municipality and School accounts throughout the state over the past few months.
In talking with the Board of Accounts, it seems there is a foreign cartel that is preying on these accounts. They have used various methods of transaction initiation including (1) electronic requests via the proper channels of the bank; (2) recreating checks of the accountholder; (3) and fax requests containing appropriate but forged "authorized" signatures. The amount of each transaction has varied, but some have been nearly six figures, either individually or aggregately.
Ensure you are following best practices with your online banking log on credentials and have in place processes to protect all your information from physical fraud as well.
September 1, 2011: Phishing Email Alert
The FDIC has released a warning to be aware of phishing emails purportedly from the FDIC. The email is alerting the reader that their ACH or Wire transaction has been temporarily suspended for security reasons and they need to download and install the newest security version. If the link is clicked, it proceeds to infect the readers PC. Currently the emails come from no.replay and notify84zma both ending with @fdic.gov but these can and probably will be changed by the criminals. These emails are not real, the FDIC would not send this type of email out and the email should be deleted.
|
|
