Fraud Alerts from Federated Bank

At Federated Bank, your safety and security is our number one priority. There are a number of ways to help guard against unauthorized use of your account and protect your identity. We also provide you information on when and how the bank would contact you. Understanding the different ways in which fraudsters attempt to victimize people via cyber threats will help you avoid becoming a victim. Stay informed on the latest fraud threats by reading below:

Phishing and Spoofing

You may have experienced or read about incidents of unsolicited email messages masquerading as legitimate companies that trick recipients into divulging personal and financial information. These “phishing” (also called “spoofing”) emails lure you to fake websites. These websites may look like legitimate companies or government agencies that may ask you to disclose confidential, financial and personal information, like passwords, credit card account numbers or social security numbers.

The information below is intended to help you become more aware of the ways in which criminals are attempting to obtain your information and how to protect yourself from becoming a victim.

Malware

Malware, short for “malicious software,” includes viruses and spyware, a type of malware, which can be installed on your computer, phone, or mobile device without your consent. Malware can be used to steal personal information, send spam, and commit fraud. It can download itself during your Online Banking session in an attempt to steal your sensitive data. As mobile devices have become more frequent targets of malware, there are now anti-malware programs available specifically for cell phones and other mobile devices.

Email Fraud

Email and website fraud, often referred to as “phishing” or “spoofing,” involves a criminal sending you an email or pop-up advertisement that claims to be from a legitimate company or organization that you deal with. The email may instruct you to update or validate your account information, including Social Security number and passwords. The most common type of “phish” is an email that threatens dire consequences or states the information is needed urgently if you do not take immediate action to get you to respond quickly.

Typically, you are instructed to respond via email or you are directed to a phony website that looks like the site of the legitimate business. By following the email instructions, you are unknowingly providing your personal information to a criminal, not to the legitimate company. The information is then used to transfer money, make payments, and commit other illegal acts.

You should never respond or reply to e-mail that:

• Uses a general greeting and does not identify you by name.
• Contains typographical or grammatical errors.
• Requires you to enter personal information directly into the e-mail or submit that information some other way.
• Threatens to close or suspend your account if you do not take immediate action by providing personal information.
• Solicits your participation in a survey where you are asked to enter personal information.
• States that your account has been compromised or that there has been third-party activity on your account and requests you to enter or confirm your account information.
• States that there are unauthorized charges on your account and requests your account information.
• Asks you to enter your User ID, password or account numbers into an e-mail or non-secure webpage.
• Asks you to confirm, verify, or refresh your account, credit card, or billing information.

Federated Bank will NEVER ask you for any private information (such as account numbers, passwords, social security numbers, etc.) through an unsolicited email. You should never send personal identification numbers or confidential information by email as it is not a secure method of contact.

Fraudulent Websites

Often used in conjunction with email fraud schemes, online criminals will direct you to a fraudulent website that resembles the site of a legitimate company or organization. In many cases, there is no easy way to tell that you are on a phony website because the URL address will be very similar to that of the legitimate business. The address of the phony website may use a common misspelling of the company’s name or may add a symbol, number or word before or after the name. Therefore, even if you do not receive an email directing you to the phony site, you may end up at the phony site simply by mistyping the address of the legitimate site.

Current Fraud Alerts Being Attempted by Criminals:

Confirm Email Address, Account Information or Identity
In many fraudulent email scams, you are requested to confirm your email address, account information or your identity for one of many reasons, including:

New Account Registration
Change in email address or password
Account information has been amended
Numerous login attempts-account restricted
Your account was accessed by one or more foreign IP addresses
The email provides a link to what appears to be a Pacific Trust Bank site but is really a fraudulent Web site. This is an attempt to steal your personal information or download spyware. These emails are fraudulent. Pacific Trust will NEVER send you an email REQUESTING confidential account or personal information.

Service Deactivation Threat
Fraudulent emails often circulate claiming some account services will be deactivated or deleted. It asks you to sign in to a fraudulent Web site to renew these services in an attempt to steal your personal information.

Virus Alert-Install Software Update
Another fraudulent email claims “our” firewall has determined that emails containing worm copies are being sent from your computer. It asks that you install updates for worm elimination and “your computer restoring.” A file is attached and may be named something like “Update-KB1218-w86exe”. This email or any like it are NOT from Federated Bank. This is a scam. Any action taken as a result of such an email could compromise your computer. Federated Bank will NEVER send you an email requesting the download of software.

“Account Manager” Scam
One email and the Web scam offers to let you become an “Account Manager” or “Transfer Agent” for a third party, usually someone in an African or ex-Soviet bloc country.

Scammers try to solicit you through an email or an advertisement on the Web, offering to let you “work from home” and be an Account Manager or “Money Transfer Agent” for them, thus letting you “earn” commissions (usually 5%) for your trouble. They then transfer money OUT of an unsuspecting person’s account and into yours. Once the money is in your account, they ask you to send it to them via Western Union.

Counterfeit Cashier’s Check Scam
In response to a listing on an Internet auction or other site, a buyer (often from a foreign country) purchases the item and sends you a cashier’s check for a lot more than the agreed-upon selling price. The buyer then asks you to wire the excess funds back. Within a week, the bank is notified that the check is a worthless counterfeit and you are out thousands of dollars. In these scams, the cashier’s checks are excellent counterfeits and very difficult to spot.

In another twist to this scam, the buyer requests your bank account and routing numbers so that he or she may wire funds to your account. Do NOT give your account numbers to anyone.

Million Dollar Sweepstakes or Windfall Scam
In another widespread scheme, a person receives an unsolicited letter, email or fax from an “official” in a foreign government offering to share a multimillion dollar windfall in “over-invoiced contract funds.”

The “official” claims to need your bank account number and other personal information to transfer the money out of his country. And he will also “need” up-front cash from you to bribe other officials. You could lose the entire contents of your checking account. Beware!

A recent variation on this scam is a letter that contains a fraudulent credit card (or a large denomination Visa or MasterCard gift card) that is supposed to serve as your windfall “winnings” in a drawing or other contest. But you must first provide the scammer with confirmation of your identification information, and the letter may also ask for you to provide money up front in order for you to “activate” the fake card and get your prize.

Remember – If it’s too good to be true, IT IS!

Fraudulent E-Mails Claiming to Be From the FDIC
E-mails fraudulently claiming to be from the FDIC are attempting to trick recipients into installing unknown software on personal computers. These e-mails falsely indicate that recipients should download and open a “personal FDIC insurance file” to check their deposit insurance coverage. The “insurance file” may actually be a form of spyware or malicious code and may collect personal or confidential information.

The Federal Deposit Insurance Corporation (FDIC) has become aware of e-mails appearing to be sent from the FDIC that are asking recipients to download and open a “personal FDIC insurance file” to check their deposit insurance coverage. These e-mails are fraudulent and were not sent by the FDIC. The FDIC is attempting to identify the source of the e-mails and disrupt the transmission.

Currently, the subject line of the fraudulent e-mails includes the wording “check your Bank Deposit Insurance Coverage.” The e-mails state: “You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets.”

The e-mails ask recipients to “visit the official FDIC website” by clicking on a hyperlink provided, which appears to be related to the FDIC and directs recipients to a fraudulent Web site. The Web site includes hyperlinks that appear to open forms. However, it is believed that clicking on the hyperlinks will cause an unknown executable file to be downloaded. While the FDIC is working with the United States Computer Emergency Readiness Team (US-CERT) to determine the exact effects of the executable file, recipients should consider the intent of the software as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to online banking services or to conduct identity theft. Financial institutions and consumers should NOT access the Web site or download the executable files provided on the Web site.

Visa®/MasterCard® Security Code Scam
In this scam, the caller claims to work for the fraud department at Visa or MasterCard and tells you his badge number. He then asks if you recently purchased an anti-telemarketing device for $500. When you say “no,” he tells you that his fraud department has been watching that company. He offers to block the charge. Because he has secured your name, credit card number and expiration date from a charge receipt, he is convincing when he provides you with this information to verify.

What he does not know-and wants you to divulge-is the three-digit security code on the back of your card. Without it, he cannot use your credit card number to shop on many sites on the Internet. Don’t give out your code. Hang up.

To begin with, credit card companies-such as Visa and MasterCard-are not the credit card issuer. Financial institutions-such as banks and credit unions-issue credit cards. And credit card companies DO NOT call cardholders asking to disclose any information about their cards.

Sound advice:

If you ever get an email, phone call or letter supposedly from the Bank asking for you to provide or verify your personal identification or bank account information, or asking you for up-front money to claim a windfall – it is a scam or an attempt at identity theft.

When in doubt, don’t respond to the email address or phone number contained in the request – Instead call us at (815) 268-7676

Call the 24×7 Fraud Hotline: 1-800-554-8969 to report a lost or stolen card.

Unauthorized Transactions for Consumers
Notify Federated Bank immediately if you believe your Card or Personal Identification Number (PIN), or both, has been lost, stolen or used to complete an Electronic Fund Transfer (EFT) without your permission. Examples of EFT transactions are: ATM withdrawals and transfers, POS purchases made with your debit or ATM card, online banking payments, and online transfers. These claims will be investigated and handled in accordance with our internal guidelines regarding reimbursement of fraudulent transactions.

More ATM and Card Protection Tips

• Be cautious and always pay attention to your surroundings when using your credit, debit, or ATM card at an ATM or any device in which you swipe your card to make a payment (commonly referred to as Point of Sale device).
• When entering in your PIN, hide it from view so others nearby cannot see it.
• Do not use an ATM or Point of Sale (POS) device if you notice suspicious individuals or possible tampering of the machine or device, including scratches, marks, and adhesive or tape residues.
• Report any suspicious or fraudulent activity immediately to the owner of the ATM or POS device or local law enforcement.
• Be suspicious if a store employee takes your card out of your sight in order to process the transaction, or asks you to swipe your card through more than one machine.
• Monitor your account or credit card statements for unusual or unauthorized transactions.

What is Card Skimming?
Card skimming is the illegal copying of information from the magnetic strip of a credit, debit, or ATM card. Skimming devices can be placed on or near an ATM or POS device and can be difficult to spot. Following are some pointers on recognizing if skimming is taking place:

• The devices used are smaller than a deck of cars and are often fastened in close proximity to or over the top of an ATM’s factory-installed cared reader or POS device.
• Inspect the front of the ATM or POS device for unusual or non-standard appearance. Scratches, marks, and adhesive or tape residues could be indicators of tampering. Pay particular attention to all of the of the touch and action points. (e.g. keypad, customer card entry slot, lighting diffusers)
• Inspect all customer-facing areas of the ATM or POS device. Look at the card reader entry point, the regions immediately above the consumer display, and the keyboard area for anything unusual.
• If applicable, inspect the vestibule door reader as well and report any signs of tampering or abnormality.