ABA Warns Bankers about Fraudulent E-Mail
06/07/2011 - ABA’s name is being used in a new phishing e-mail, the association learned yesterday. The e-mail informs recipients that the ABA eLearning portal database has been compromised and instructs them to reset their user name and password using an enclosed link.
The e-mail is fraudulent, and recipients should not click on the link.
While phishing for personal financial information has been a long-standing practice, criminals are increasingly phishing for access to other corporate accounts in an attempt to steal passwords and other account identifiers.
ABA is working to identify the source of the e-mails and to disrupt them. Anyone who encounters this or a similar “phish” is asked to contact ABA. For more information, contact ABA's Tom Ladenburg.
IRS Scam: Phishing by Fax
03/30/2011 - Scammers typically kick into high gear during tax season in the United States, which tends to bring with it a spike in phishing attacks that spoof the Internal Revenue Service. Take, for example, a new scam making the rounds via email, which warns of discrepancies on the recipient’s income tax return and requests that personal information be sent via fax to a toll-free number.
A new phishing campaign that began sometime in the last 24 hours is made to look like it was sent from "firstname.lastname@example.org", and urges recipients to fill out, print, and fax an attached PDF tax form. From the scam email:
"This is in reference to your 2010 U.S. Individual Income Tax Return we seem to have some discrepancies with your filing. If you have already filed for your 2010 tax refund please get hold of a new form 1040 and mail it to the Department of the Treasury in your region.
If for any reason you have not yet filed for your 2010 Individual
Income Tax Return please print out the attached PDF form, fill it and
fax it to the IRS data center on (866) 513-7982 within 24 hours.
This has no bearing on your 2010 U.S. Individual Income Tax Return,
this to update our data and survey while we prepare to close the 2010
tax filing season.
That 866- phone number is currently returning a fast-busy signal, which suggests either that a lot of people are falling for this scam, or that anti-scammers are speed-dialing the number in a bid to prevent would-be victims from faxing in their forms. My guess is that this scam is tied to some kind of automated service that scans faxes and then emails the phishers copies of the scanned images.
It’s worth noting that the data requested in this bogus IRS form
includes the Social Security number, e-File PIN and adjusted gross income, all of which are crucial pieces of information that the IRS uses to authenticate taxpayers.
The IRS has been careful to note that while it may conduct follow-up correspondence with taxpayers via email if the taxpayer chooses to communicate that way, it will never reach out to taxpayers via email. Consumers can report any tax-related phishing scams to email@example.com
Fraudulent Emails Claiming to be from NACHA
03/29/2011 - NACHA, the Electronic Payments Association has received reports that individuals and/or companies continue to receive fraudulent emails that have the appearance of having been sent from NACHA. These emails vary in content and appear to be transmitted from email addresses associated with the NACHA domain (@nacha.org). Some bear the name of fictitious NACHA employees and/or departments.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.
Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.
Always use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software application security patches are installed and current.
Vishing Fraud Attack
02/02/2011 - SHAZAM has seen an increase in vishing fraud reports since 12:00 p.m. CT yesterday, February 1, 2011. Multiple reports have been from cardholders receiving automated and live telephone calls demanding account information. In at least one case, a message was left on a cardholder’s telephone, asking the cardholder to call back a toll-free telephone number to enter account information.
Unlike previous vishing attacks that follow a single source point or method of operation, these reports have varied widely. Some calls have referenced “Visa® debit” or MasterCard® debit”; some have referenced “your SHAZAM debit card”; and others have made no reference to an organization. Again, some have included recorded messages while others have had a live operator or callback option. One trend SHAZAM has noticed is some calls listing a “spoofed” caller identification number of 1402.
These calls are fraudulent and have not been authorized by SHAZAM. Your institution may be contacted if your cardholders begin to be targeted. Please educate your customers about the fraudulent nature of these telephone calls and inform them not to release information. If your cardholders have released information because of receiving one of these calls, take appropriate action by hot carding their accounts.
If you have any questions, please contact SHAZAM Client Support at (800) 537-5427 (option 2).
E-mails fraudulently claiming to be from the FDIC
01/12/2011 - The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that "in cooperation with the Department of Homeland Security, federal, state and local governments…" the FDIC has withdrawn deposit insurance from the recipient's account "due to account activity that violates the Patriot Act." It further states deposit insurance will remain suspended until identity and account information can be verified using a system called "IDVerify." If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient's computer.
This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.
The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to firstname.lastname@example.org