Social Security Scam
The Social Security Administration has issued a warning: Beware of e-mails that look as if they come from the agency and have the subject line “Cost-of-Living for 2007 update.” The body of the e-mail says, “NOTE: We now need you to update your personal information.” The e-mail says Social Security “will be forced to suspend your account indefinitely” if you don’t comply. If you click on the link in the e-mail, you will be taken to a web site designed to look like the SSA’s home page. You will be asked to provide your Social Security number, bank account numbers and credit card account information.
This is “phishing,” an Internet scam in which con artists try to steal your identity, then your money. If you get this e-mail, report it to Social Security at (800) 269-0271. To be safe, don’t even open it. Don’t open any e-mail purporting to be from Social Security. SSA corresponds with recipients only by regular mail and never sends out unsolicited e-mails.
Credit Card Fraud Alert
Individuals are portraying themselves to be from the credit card Security/Fraud Department are contacting credit card customers to obtain the 3-digit security code listed on the back of the card.
The caller indicates that fraudulent activity has occurred on the customers account. The caller knows the credit card number and other pertinent information, and asks the customer whether the customer authorized a transaction (the transaction never occurred). When the customer responds no, the caller indicates that the transaction will be reversed immediately. To gain the customers trust, the caller tells the customer to call the number on the back of their card and ask for the Security/Fraud Department if the customer has questions. A fictitious control number is given to the customer to provide to the Security/Fraud Department.
The caller then requests the 3-digit security code listed on the back of the credit card next to the calling card number to ensure that the card has not been lost or stolen. Once this information is given out, the caller can begin making fraudulent transactions on the Internet using the credit card number.
Important: Credit card customers should never give out the 3-digit security code listed on their credit cards unless they have initiated the call or transaction. Anytime a customer receives a phone call or e-mail requesting sensitive credit card information, the customer should end the communication. Then call the 800 number card and request to be connected to the Fraud/Security Department.
The Jury Duty Scam
Scammers have found a new way to commit identity theft by preying on our loyalty as United States citizens.
Here’s how the new scam works: A person claiming to work for the local clerk of courts calls and tells the victims that they have failed to report for jury duty and, as a result, a warrant has been issued for their arrest. The victims protest and rightly explain that they never received the jury duty notification. Then, in order to “verify” that the clerk of courts is talking to the right person, the scammer requests confidential information from the victim.
The scammer may ask for the victim’s Social Security Number, date of birth, credit card numbers (to pay the fine), and other personal information, which is everything the scammer needs to commit identity theft. The jury duty scam has been reported in several states across the country.
This scam works because the victims are caught off guard. Victims are upset because they think they may be arrested. Protecting their confidential information is not at the top of their mind — victims just want to get the “warrant” dismissed.
Remember, clerk of courts employees will never call you and request your Social Security Number or confidential information. In most cases, the courts follow up with prospective jurors via U.S. mail.
Be cautious: Never provide a caller with your personal or confidential information. The jury scam is just one of the latest attempts to obtain personal information. It does not matter why the scammers are calling (the reasons will change). If you have not initiated the call, do not provide confidential information to the caller
Debt Elimination Scam
Illegal debt reduction schemes are on the increase. The fraudsters are indicating that customers can have their outstanding debt eliminated through the use of specially prepared legal documents. According to the fraudster, once the documents are completed and presented to the borrower’s bank, mortgage company, finance company or other lending institution, the customer’s debts will be eliminated. Literature provided by the organizers of the scheme usually question whether or not the customer really has a financial obligation to repay the debt and selectively cites passages from government publications, court decisions, etc. to support the claims. Some literature indicates that this process is “Federal Reserve approved” or approved by another specific government agency. Debt elimination programs that claim to have the approval of the Federal Reserve or another government agency are totally bogus.
The Federal Reserve does not approve or eliminate debt. These types of schemes are growing on the Internet. The organizers are charging large up-front fees or commissions based upon the amount of debt. Customers who pay such fees do not have their debts forgiven or reduced, but instead they incur late fees and the risk of foreclosure or other legal action being taken because of non-payment of their loan obligations. The borrower’s credit report could also be negatively affected.
IRS Phishing E-mail Scam
E-mail fraudsters are hard at work trying to obtain personal information in order to commit Identity Theft or credit card fraud. The fraudsters have found an easier way to trick people into disclosing their personal/sensitive information by using a U.S. Government Web portal programming flaw. The flaw allows a phisher to redirect URL (Uniform Resource Locators) from the GovBenefits.gov domain to fraudulent Web sites.
The phishing e-mail advises the recipient that the IRS owes them several hundred dollars. The recipient can claim their refund via a Web link that is provided in the email. The e-mail recipient is told in order to avoid being redirected to a bogus site, the recipient should cut and paste the link into their Web browser rather than directly clicking on it.
The link in the e-mail does not take the recipient to a U.S. Government site, but rather a site owned by the fraudster who is anxiously waiting the individual’s social security number, credit card information, and other personal information.
The phishing Web sites are taken down as soon as possible. However, the fraudsters will continue to look and find other security flaws in targeted sites.
Prevent yourself from such an attack: – Do not open, click on, or cut and paste any unsolicited web links received in emails. – Contact FIRST FEDERAL Savings Bank immediately if you believe that your financial/account information has been compromised.
Some Privacy Policies are not Private Enough
There are organizations on the Internet that offer free services such as e-mail or virus scanning. It is important to be aware that some of these companies have privacy policies that allow them to collect and share personal information about your browsing habits. These companies might also collect secure information from you. In addition, related software may be difficult to uninstall, despite your attempts to do so.
FIRST FEDERAL does not share or sell any customer information to third parties. However, it is important for you to be aware that some of the Internet companies that use technologies to intercept secure information will also have complete access to your personal information. When you accept an agreement with these companies, you are also agreeing that they can share your information with third parties.
What you can do:
2. When in doubt, do not accept the agreement.
3. Install spyware programs like AdAware to check your computer for software that collects this type of information.
4. Report suspicious organizations to the Federal Trade Commission.
“Pharming” is the practice of redirecting Internet domain name requests to false Web sites in order to capture personal information, which may later be used to commit fraud and identity theft. For example, an Internet banking customer, who routinely logs in to his or her online banking Web site, may be redirected to an illegitimate Web instead of accessing his or her bank’s Web Site. FIRST FEDERAL has steps in place to combat the art of “pharming” from happening to you.
Pharming Can Occur In Four Different Ways:
Static domain name spoofing: The “pharmer” (the person or entity committing the fraud) attempts to take advantage of slight misspellings in domain names to trick users into inadvertently visiting the pharmer’s Web site. For example, a pharmer may redirect a user to anybnk.com instead of anybank.com, the site the user intented to access.
Malicious software (Malware): Viruses and “Trojans” (latent malicious code or devices that secretly capture data) on a consumer’s personal computer may intercept the user’s request to visit a particular site such as anybank.com , and redirect the user to the site that the pharmer has set up.
Domain hijacking: A hacker may steal or hijack a company’s legitimate Web site, allowing the hacker to redirect all legitimate traffic to an illegitimate site. Domain names generally can be hijacked in two ways:
- Domain slamming:
By submitting domain transfer requests, a domain is switched from one registrar to another. The account holder at the new registrar can alter routing instructions to point to a different, illegitimate server.
- Domain expiration:
Domain names are leased for fixed periods. Failure to manage the leasing process properly could result in a legitimate ownership transfer. In this instance, trade name laws usually must be invoked to recover lost domains.
DNS poisoning: The most dangerous instance of pharming may be domain name server (DNS) poisoning. Domain name servers are similiar to Internet road map guides. When an individual enters www.anybank.com into his or her browser, Domain Name Servers on the Internet translate the phrase anybank.com into an Internet protocol (IP) address, which provides routing directions. After the DNS server provides this address information, the user’s connection request is routed to anybank.com. Local DNS servers can’t be “poisoned” to send users to a web site other than the one that was requested. This poisoning can occur as a result of misconfiguration, network vulnerabilities or malware installed on the server.
There are 13 root DNS servers for the entire Internet, which are closely protected and controlled. Most requests are directed by the local DNS server before they reach a root DNS server. However, if a hacker were to penetrate one or moreof these root servers, the Internet could be severely compromised.
Detection and Prevention
Consumers can take these steps to prevent pharming attacks:
- Digital certificates:
Legitimate Web servers can differentiate themselves from illegitimate sites by using digital certificates. Web sites using certificate authentication are more difficult to spoof. Consumers can use the certificate as a tool to determine whether a site is trustworthy.
FIRST FEDERAL recommends Internet banking customers install current versions of virus detection software, firewalls and spyware scanning tools to reduce computer infections, and should stress the importance of regularly updating these tools to combat new threats.
If suspect you have been a victim of pharming, please contact FIRST FEDERAL Web Technical Support Services at 262-542-4448 as soon as possible.
Don’t Get Hooked by Phishing Scams
If you find a request for personal information in your inbox, you may think it’s safe to click and comply, especially if the e-mail displays a familiar logo and convincing words and graphics. Better think again. Chances are this seemingly authentic message camouflages a “phishing” excursion angling to hook your identity.
Phishing, also called “carding” or “brand spoofing,” is a serious Internet scam that trolls for your personal data by luring you to a replica of a well-known website. (The “ph” is a carryover from so-called “phone phreaking” attacks on the early 1970′s telephone systems.)
The high-tech swindle begins with an unsolicited, but official-looking, e-mail that frequently uses scare tactics to reel in a reponse. It may, for example, threaten to close your bank account inless you verify some of your information. The e-mail will likely include a link that’s a dead ringer for your bank’s website address. But click that link and enter a password or account number, and you could be giving an Internet swindler free rein to your life savings.
How FIRST FEDERAL Protects You
At FIRST FEDERAL, we’re aware of such scams, and because your privacy and account security are important to us, we maintain strict safeguards to help keep your data out of the phishing nets. You should know that FIRST FEDERAL does not:
- Send any e-mail that asks for your personal account information.
- Ask for your password in an e-mail or request it via the phone or U.S. mail.
- E-mail sensitive information to you.
- Make any address or account changes without mailing a confirmation of your request. If you receive a notice about a change you did not initiate, contact FIRST FEDERAL right away.
- Display a pop-up warning or pop-up security alert when you log on if you’ve kept your Web browser up to date. If you do encounter a log-on caution message, click “No” and call FIRST FEDERAL Web Technical Support Services at (262) 542-4448. Please note: A security alert could indicate that either the date on your computer is incorrect or you are using an older version of the Microsoft Internet Explorer browser.
How You can Protect Yourself
While FIRST FEDERAL does its best to protect you, you also share responsibilty for maintaining secure account information. The following precautions will help you outsmart the phishing scam:
- To access FIRST FEDERAL’S website, type our address (www.firstfederalwisconsin.com) in the Web browser address field, and bookmark it. Always use this bookmark to enter our site.
- Before submitting your access id and password, make sure your browser displays the FIRST FEDERAL website.
- Log off the website when you complete a transaction, and close your browser. This will help prevent anyone else from accessing your account.
- Be wary of any e-mail declaring your account in jeopardy or asking for personal information. Don’t reply to the e-mail, click any links in the e-mail, or open any attachments. Report these incidents to FIRST FEDERAL immediately, using an address or phone number you know to be accurate.
- Make sure your Web browser is up to date. (Windows users can go to Windows Update to stay current)
- Choose a password that includes both letters and numbers. Avoid predictable words or dates, and change the password often.
- Never share your password or user name. And never store them on a computer.
- Be vigilant. Review your account regularly, and report and discrepancies.
- Deleting a suspicious e-mail with its look-alike links, accessing a site via an address you type in, and keeping your system up to date may be the best ways to prevent an Internet phisher from landing another big catch. For more information about identity theft, visit the Federal Trade Commission’s website.