Phishing and Spoofing
You may have experienced or read about incidents of unsolicited email messages masquerading as legitimate companies that trick recipients into divulging personal and financial information. These "phishing" (also called "spoofing") emails lure you to fake websites. These websites may look like legitimate companies or government agencies that may ask you to disclose confidential, financial and personal information, like passwords, credit card account numbers or social security numbers.
The information below is intended to help you become more aware of the ways in which criminals are attempting to obtain your information and how to protect yourself from becoming a victim.
Email and website fraud, often referred to as "phishing" or "spoofing," involves a criminal sending you an email or pop-up advertisement that claims to be from a legitimate company or organization that you deal with. The email may instruct you to update or validate your account information, including Social Security number and passwords. The most common type of "phish" is an email that threatens dire consequences or states the information is needed urgently if you do not take immediate action to get you to respond quickly.
Typically, you are instructed to respond via email or you are directed to a phony website that looks like the site of the legitimate business. By following the email instructions, you are unknowingly providing your personal information to a criminal, not to the legitimate company. The information is then used to transfer money, make payments, and commit other illegal acts.
You should never respond or reply to e-mail that:
Federated Bank will NEVER ask you for any private information (such as account numbers, passwords, social security numbers, etc.) through an unsolicited email. You should never send personal identification numbers or confidential information by email as it is not a secure method of contact.
Often used in conjunction with email fraud schemes, online criminals will direct you to a fraudulent website that resembles the site of a legitimate company or organization. In many cases, there is no easy way to tell that you are on a phony website because the URL address will be very similar to that of the legitimate business. The address of the phony website may use a common misspelling of the company's name or may add a symbol, number or word before or after the name. Therefore, even if you do not receive an email directing you to the phony site, you may end up at the phony site simply by mistyping the address of the legitimate site.
Confirm Email Address, Account Information or Identity
In many fraudulent email scams, you are requested to confirm your email address, account information or your identity for one of many reasons, including:
New account registration
Change in email address or password
Account information has been amended
Numerous login attempts-account restricted
Your account was accessed by one or more foreign IP addresses
The email provides a link to what appears to be a Pacific Trust Bank site but is really a fraudulent Web site. This is an attempt to steal your personal information or download spyware. These emails are fraudulent. Pacific Trust will NEVER send you an email REQUESTING confidential account or personal information.
Service Deactivation Threat
Fraudulent emails often circulate claiming some account services will be deactivated or deleted. It asks you to sign in to a fraudulent Web site to renew these services in an attempt to steal your personal information.
Virus Alert-Install Software Update
Another fraudulent email claims "our" firewall has determined that emails containing worm copies are being sent from your computer. It asks that you install updates for worm elimination and "your computer restoring." A file is attached and may be named something like "Update-KB1218-w86exe". This email or any like it are NOT from Federated Bank. This is a scam. Any action taken as a result of such an email could compromise your computer. Federated Bank will NEVER send you an email requesting the download of software.
"Account Manager" Scam
One email and the Web scam offers to let you become an "Account Manager" or "Transfer Agent" for a third party, usually someone in an African or ex-Soviet bloc country.
Scammers try to solicit you through an email or an advertisement on the Web, offering to let you "work from home" and be an Account Manager or "Money Transfer Agent" for them, thus letting you "earn" commissions (usually 5%) for your trouble. They then transfer money OUT of an unsuspecting person's account and into yours. Once the money is in your account, they ask you to send it to them via Western Union.
Counterfeit Cashier's Check Scam
In response to a listing on an Internet auction or other site, a buyer (often from a foreign country) purchases the item and sends you a cashier's check for a lot more than the agreed-upon selling price. The buyer then asks you to wire the excess funds back. Within a week, the bank is notified that the check is a worthless counterfeit and you are out thousands of dollars. In these scams, the cashier's checks are excellent counterfeits and very difficult to spot.
In another twist to this scam, the buyer requests your bank account and routing numbers so that he or she may wire funds to your account. Do NOT give your account numbers to anyone.
Million Dollar Sweepstakes or Windfall Scam
In another widespread scheme, a person receives an unsolicited letter, email or fax from an "official" in a foreign government offering to share a multimillion dollar windfall in "over-invoiced contract funds."
The "official" claims to need your bank account number and other personal information to transfer the money out of his country. And he will also "need" up-front cash from you to bribe other officials. You could lose the entire contents of your checking account. Beware!
A recent variation on this scam is a letter that contains a fraudulent credit card (or a large denomination Visa or MasterCard gift card) that is supposed to serve as your windfall "winnings" in a drawing or other contest. But you must first provide the scammer with confirmation of your identification information, and the letter may also ask for you to provide money up front in order for you to "activate" the fake card and get your prize.
Remember - If it's too good to be true, IT IS!
Fraudulent E-Mails Claiming to Be From the FDIC
E-mails fraudulently claiming to be from the FDIC are attempting to trick recipients into installing unknown software on personal computers. These e-mails falsely indicate that recipients should download and open a "personal FDIC insurance file" to check their deposit insurance coverage. The "insurance file" may actually be a form of spyware or malicious code and may collect personal or confidential information.
The Federal Deposit Insurance Corporation (FDIC) has become aware of e-mails appearing to be sent from the FDIC that are asking recipients to download and open a "personal FDIC insurance file" to check their deposit insurance coverage. These e-mails are fraudulent and were not sent by the FDIC. The FDIC is attempting to identify the source of the e-mails and disrupt the transmission.
Currently, the subject line of the fraudulent e-mails includes the wording "check your Bank Deposit Insurance Coverage." The e-mails state: "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets."
The e-mails ask recipients to "visit the official FDIC website" by clicking on a hyperlink provided, which appears to be related to the FDIC and directs recipients to a fraudulent Web site. The Web site includes hyperlinks that appear to open forms. However, it is believed that clicking on the hyperlinks will cause an unknown executable file to be downloaded. While the FDIC is working with the United States Computer Emergency Readiness Team (US-CERT) to determine the exact effects of the executable file, recipients should consider the intent of the software as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to online banking services or to conduct identity theft. Financial institutions and consumers should NOT access the Web site or download the executable files provided on the Web site.
Visa®/MasterCard® Security Code Scam
In this scam, the caller claims to work for the fraud department at Visa or MasterCard and tells you his badge number. He then asks if you recently purchased an anti-telemarketing device for $500. When you say "no," he tells you that his fraud department has been watching that company. He offers to block the charge. Because he has secured your name, credit card number and expiration date from a charge receipt, he is convincing when he provides you with this information to verify.
What he does not know-and wants you to divulge-is the three-digit security code on the back of your card. Without it, he cannot use your credit card number to shop on many sites on the Internet. Don't give out your code. Hang up.
To begin with, credit card companies-such as Visa and MasterCard-are not the credit card issuer. Financial institutions-such as banks and credit unions-issue credit cards. And credit card companies DO NOT call cardholders asking to disclose any information about their cards.
If you ever get an email, phone call or letter supposedly from the Bank asking for you to provide or verify your personal identification or bank account information, or asking you for up-front money to claim a windfall - it is a scam or an attempt at identity theft.
When in doubt, don't respond to the email address or phone number contained in the request - Instead call us at (815) 268-7676
Call the 24x7 Fraud Hotline: 1-800-554-8969 to report a lost or stolen card.