Security Alerts - Please check back often
Fake AT&T wireless bill links to malware.
Large outbreaks of phony AT&T wireless e-mails have been distributed. The e-mails describe very large balances ($943), that are sure to get aggravated customers clicking on the included links. Every link in the e-mail leads to a different compromised site with malware hidden inside. The pattern is: legitimate domain / recurring set of random letters / index.html. The index.html file tries to exploit at least the following known vulnerabilities: Libtiff integer overflow in Adobe Reader and Acrobat — CVE-2010-0188; and Help Center URL Validation Vulnerability — CVE-2010-1885. Source: http://www.net-security.org/malware_news.php?id=2057 (link removed)
ALWAYS REMEMBER THIS TIMELESS ADVICE: IF IT SOUNDS TOO GOOD TO BE TRUE, IT PROBABLY IS.
Recently on social networking Web sites, such as Facebook, Twitter, etc., online merchants have been targeting consumers with e-mails, pop-ups, and advertisements for free trial offers of products like diet pills, teeth whiteners, vitamins, credit monitoring, etc. When consumers enroll for these offers, they are required to give a debit or credit card number agreeing to be billed and receive similar products and services. Many times, the unaware consumer has agreed to be charged for those other products and services. Put a stop to needless charges to your debit or credit card. Approach each of these offers with caution. If the free-trial you are interested in requires a debit or credit card number, the first thing you should do is thoroughly read the fine print and carefully consider the offer.
Fake FDIC ACH / Wire e-mail. Embedded link takes you to fake website that load Malware to your PC.
From: Nufojudu [mailto:email@example.com]
Sent: Monday, December 19, 2011 3:06 AM
Subject: You are required to update your security system!
Each depositor insured to at least $250,000 per insured bank
Due to the introduction of our new security system, which is aimed at reducing the number of cases of wire fraud, all the ACH and WIRE transactions on your account have been suspended until you update your security version in compliance with our new requirements.. In order to restore your ability to make transactions, you are required to install a special security software. Please use the link below http://www.fdic.gov(link removed) to read the instructions for the installation of the latest se curity version.
We apologize for causing you inconveniences by this measure.
Please do not hesitate to contact us in case of any problems.
Federal Deposit Insurance Corporation
Fake credit card offer to get personal information. Please note website URL's never actually go to orchardbank.com
From: Orchard Bank Credit Card [mailto:firstname.lastname@example.org]
Sent: Tuesday, December 20, 2011 10:49 AM
To: xxxxxxx xxxxxxx
Subject: An Orchard Bank(R) credit card offer!
The Orchard Bank(R) MasterCard(R) is loaded with credit-building features to help you build credit.Opportunity to build credit with monthly reporting to the 3 major credit bureaus, Manage your account online 24/7, Option to receive email or text message alerts to stay on track, Online bill pay at no charge.
You can take the first step to improving your credit with an Orchard Bank(R) MasterCard(R).
Our process allows you to get an offer for one of our cards, even if your history is less than perfect.
Best of all, our no-risk inquiry means we can offer you a credit card in as little as 30 seconds, with no negative impact to your credit score.
Start here to find out what we can offer you.
Get Started Now. http://bobsled1.whartumist.com/3549b779598b57a94216211cc75981efe394b7c(link removed)
This message is a solicitation for an Orchard Bank Credit Card Account.
It is our goal to offer you the credit card that best fits your credit profile based on your consumer
credit report and other information you provide us. You may be offered a secured or unsecured car.
which will be disclosed before your application is processed.MasterCard and the MasterCard brand mark are registered
trademarks of MasterCard International Incorporated.
The Orchard Bank MasterCard is issued by HSBC Bank Nevada, N.A. and is serviced by its affiliate, HSBC Card Services Inc.
ABOUT THIS MESSAGE
This email was sent to:
If you do not wish to receive future emails about credit card products available from HSBC Bank Nevada, N.A., you may
We maintain strict security standards and procedures to prevent unauthorized access to information about you.
HSBC Card Services will never contact you by email or otherwise to ask you to validate personal information such as
your Login ID,
password or account numbers. If you receive such a request please notify us:
HSBC Bank Nevada, N.A. is committed to safeguarding your privacy online. If you would like more details, please visit
our Privacy and Security Information at orchardbank.com.HSBC Card Services, Inc.
1441 Schilling Place
Salinas, CA 93912
P.O. Box 398835
Miami Beach, Florida 33139
Copyright HSBC Finance Corporation. 2011. All Rights Reserved.
Privacy and Security
Phishing/Malware Emails saying from Visa with attached zip file containing Malware
From: Visa Security Department [mailto:email@example.com]
Sent: Friday, December 09, 2011 3:31 AM
To: xxxxxxx xxxxxxx
Cc: xxxxxxxx.com; xxxxxxxxxx.com; xxxxxxxxxxxs.com
Subject: Your credit card has been blocked for security reasons
Attachment: Credit-Card Reactivation Form 20112KFGLG4L9CI4R.zip
For security reasons, your credit card has been blocked.
As a result of unusual activity, we see that someone has used
your credit card without your permission, for your protection, we
blocked the credit card.
Your case ID Number: UD1Y30AZUKK4S
To reactivate your card, download the attached form and follow
the step to update the information contained in your credit card.
Note: Failure to verify the records will result in suspension of
your credit card.
Your safety and our responsibility to you .. thanks
Customer Service Support.
Phishing/Malware Emails saying from DHL Express with attached file containing Malware
***As lots of people are ordering gifts online, so this one is easy to miss!
From: DHL Express [mailto:firstname.lastname@example.org]
Sent: Wednesday, December 07, 2011 8:02 AM
To: xxxxx xxxxxx
Cc: xxxxxxxxxx.com; email@example.com;
Attachment: ????? Not sure of name as my system removed the attachment as malware.
Subject: Re: DHL Parcel Tracking Notification 7342329467743827
DHL Express Tracking Notification: Wed, 7 Dec 2011 10:01:36 -0500
Custom Reference: 0830-65HO4OH3E0Z
Tracking Number: D3TAPGF309L-5357
Pickup Date: Wed, 7 Dec 2011 10:01:36 -0500
Wed, 7 Dec 2011 10:01:36 -0500 - Processing complete
PLEASE REFER TO ATTACHED FILE FOR DETAILED INFORMATION.
Shipment status may also be obtained from our Internet site in USA under http://track.dhl-usa.com(link removed) or Globally under http://www.dhl.com/track(link removed)
Please do not reply to this email. This is an automated application used only for sending proactive notifications
Thanks in advance,
DHL Express International
Phishing/Malware Emails saying from Equifax
Sent: Tuesday, November 08, 2011 11:38 AM
To: First National Bank of the Rockies
Subject: RE: A fraudulent e-mail different from the one shown on your web site
Equifax Corporate Security has received notice that customers have received fraudulent emails claiming to be from Equifax. These emails state that attached is the credit report requested from Equifax and if there are any problems with the credit report to contact Equifax. There is a reference number of 000012-91273771 (or other reference numbers may be used) in the subject line of the email and a .pdf file is attached.
It has been determined that this attachment contains malware. This email is not from Equifax and Equifax does not send credit reports via email. If you receive this email, please do not open the attachment and delete the email. If you have opened the attachment, it is a zero day threat and will not be discovered with regular anti-virus. Please immediately contact your technical support team for assistance.
Thanks - Equifax Security
New FDIC Phishing Attack
November 30, 2011 - Customers of Community South have reported that they have received the email below that appears to be from the FDIC. Recipients should consider the email an attempt to collect personal or confidential information, or to load malicious software onto a user's computer. Therefore, recipients are advised NOT to click on the link. Instead, recipients should delete the email from their computer.
Sent: Wednesday, November 30, 2011 4:50 AM
Subject: FDIC: About your business account
Federal Deposit Insurance Corporation (FDIC) Logo
Dear Business Owner,
We have important information about your bank.
Please click here to see further details.
This includes information on the acquiring bank (if applicable), how your accounts and loans are affected,
and how vendors can file claims against the receivership
Questions for FDIC?
Federal Insurance Company 3501 Fairfax Drive Arlington VA 22226 877-275-3342
E-mail received with no Attachments
Fraudulent E-mails Regarding Wire Transfers
November 16, 2011 - Customers of Community South have reported that they have received the email below that appears to be from Community South. Recipients should consider the email an attempt to collect personal or confidential information, or to load malicious software onto a user's computer. Therefore, recipients are advised NOT to click on the link. Instead, recipients should forward the email to firstname.lastname@example.org and then delete the email from their computer.
Sent: Tuesday, November 15, 2011 1:29 PM
Subject: Wire Transfer Confirmation
Dear Bank Account Operator,
I regret to inform you that Wire transfer initiated by you or on your behalf was hold by us.
Current transaction status: Pending
Please review transaction details as soon as possible.
Text Messaging Scam Re-Surfaces
October 30, 2011 -- Banks across the nation have reported an increase in a cell phone text-messaging scam. Consumers have reported receiving a text message on their cell phone that their credit card/debit card/cell phone service has or will be deactivated and they need to text back (or call a number and verify) account and PIN information.? Of course if they do, they soon find their account has been hit by criminals.
Community South will never ask for personal information in a text message or an email.
Victims of this scam should file a police report and contact their cell phone provider. They may also file a complaint with the Federal Trade Commission at www.FTC.gov http://www.FTC.gov(link removed)
Possible skimming scam Loveland, Colorado
October 19th 2011 - The authorities are investigating a possible skimming scam that may have occurred at the King Soopers in Loveland, Colorado. Banks have reported fraud with counterfeit cards occurring in California, Michigan, New York, Florida and South Carolina. If you have the Premium Fris Product, it is recommended that banks write a rule to block signature debit transactions in the states listed. Your customers will still be able to utilize their cards in those states for any PIN transactions.
E-mails with malware attachments that claim to be from the FDIC
September 1, 2011 - The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that appear to be from the FDIC and contain an infected attachment.
The fraudulent e-mails have addresses such as "email@example.com " or "firstname.lastname@example.org " on the "From" line. The message appears, with spelling and grammatical errors, as follows:
Subject line: "FDIC notification"
Your account ACH and WIRE transaction have been temporarily suspended for security reasons due to the expiration of your security version. To download and install the newest installations read the document(pdf) attached below.
As soon as it is setup, you transaction abilities will be fully restored.
Best Regards, Online Security departament, Federal Deposit Insurance Corporation."
The e-mails contain an attachment "FDIC_document.zip" that will likely release malicious software if opened. These e-mails and attachments are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT open the attachment.
Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact consumers, nor does the FDIC request bank customers to install software upgrades.
Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to email@example.com . Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at .
For your reference, FDIC Special Alerts may be accessed from the FDIC's website at www.fdic.gov/news/news/SpecialAlert/2011/index.html(link removed)
New FDIC Phishing Attack
August 23, 2011 - The Federal Deposit Insurance Corporation (FDIC) has fallen victim to yet another phishing attack, this time through fake e-mails that urge business owners to click links purporting to provide FDIC information about their financial institutions.
Fraudulent e-mails are being sent from firstname.lastname@example.org with the subject line: "FDIC: Your business account."
In a consumer alert e-mail, the FDIC says the recent scheme's wording varies slightly from other FDIC-targeted scams. Some e-mails begin with "Dear Business Owner," instead of "Dear Business Customer." The e-mails also say, "We have important news regarding your bank," instead of, "We have important news regarding your financial institution." Fake e-mails are also coming from email@example.com.
The fraudulent e-mails go on to say that business accounts and loans might be affected by acquiring-bank relationships, offering vendors information about how they can file claims against the receivership.
The FDIC does not issue unsolicited e-mails to consumers or business account holders.
Phishing Scam Targets IRS
August 23, 2011 - Phishing e-mails, feigning to be from the Internal Revenue Service, are reportedly targeting consumers with claims that tax accounts have been locked and require immediate action to reopen.
The e-mails, which appear to come from info firstname.lastname@example.org and support email@example.com, according to other news accounts http://www.bankinfosecurity.com(link removed) are the latest in a round of phishing attacks aimed at the IRS.
The e-mails reportedly are not so sophisticated, often containing numerous typos.
When reached for comment, the IRS would not discuss this specific attack, but did provide a link to a list http://www.irs.gov/newsroom(link removed) of known e-mail scams targeting consumers under the guise of the IRS.
"The IRS does not send unsolicited e-mail to taxpayers either about their tax accounts or requesting sensitive personal and financial information," the IRS states.
In this most recent case, the phishy e-mails ask recipients to fill out and mail an attached notification back to the IRS, along with accompanying documents, such as copies of U.S.- or state-issued photo I.D.s.
Similar phishing attacks reported to the IRS have been more traditional, including malicious links and/or attachments rather than also asking consumers to mail personally identifiable information to a physical address.
Fraudulent Emails Claiming to be from the FDIC
July 19, 2011 - Recently the Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.
The e-mails appear to be sent from various "@fdic.gov" e-mail addresses, such as "firstname.lastname@example.org, " "email@example.com," or "firstname.lastname@example.org."
They have various subject lines such as "Update for your banking account," "ACH and Wire transfers disabled," and "Banking security update."
The fraudulent messages state:
Your account ACH and Wire transactions have been temporarily suspended for your Security, due to
the expiration of your security version. To download and install the newest Updates, follow this link.
As soon as it is set up, your transaction abilities will be fully restored. Best regards, Online
security department, Federal Deposit Insurance Corporation."
These e-mails and links are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT install any related files or software updates.
Be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact bank customers, nor does the FDIC request bank customers to install software upgrades.
Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to email@example.com. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp(link removed)