CURRENT ANNOUNCEMENTS AS OF 3/09/12:
IMPORTANT INFORMATION REGARDING NACHA EMAILS 2/15/2012
Please be aware of fraudulent emails appearing to come from NACHA. These emails may state that an ACH file or entry has been rejected by the Electronic Payments Association and that the customer should click on the attachment to open the document which supposedly will tell them the nature of the reject. DO NOT OPEN THE ATTACHMENT.
Please see the below from the NACHA website:
FRAUDULENT EMAILS…Be Aware That:
- NACHA does not process nor otherwise touch the ACH transactions that flow via the ACH Network nor between financial institutions and their customers.
- NACHA does not send communications of any type to persons or organizations about individual ACH transactions that they originate or receive. If you or your customer has received a communication of this nature that purports to come from NACHA, it is fraudulent.
- NACHA is the industry trade association that manages the development, administration, and governance of the ACH Network, the backbone for the electronic movement of money and data.
- The ACH Network serves as a safe, secure, reliable network for direct consumer, business, and government payments, and annually facilitates billions of payments such as Direct Deposit and Direct Payment.
- These incidents are occurring with greater frequency and increased sophistication. Perpetrators are conducting similar phishing attacks in which they are sending fraudulent emails that claim to be from the Federal Reserve Bank, IRS, other federal agencies, as well as commercial financial institutions, other payment organizations, technology companies, and businesses.
In the past few days, there has been an increased number of reported phishing attempts targeting Internet Banking. The phishing has had these tendencies:
• The login process is modified by adding a Web page stating that computer cannot be identified, and that the user is required to enter credit card information to continue.
• The page that requests the user data does appear to originate from our Internet Banking site with the correct URL and certificate information. However, this page is generated by malware installed on the local computer and not from the Internet Banking site. Villa Grove State Bank's Internet Banking servers remain secure.
• This malware was most likely installed from an opened e-mail attachment or a compromised website viewed on the infected computers of the customers using Internet Banking.
Villa Grove State Bank's Internet Banking will not ask you to enter personal or account information during the login process or for any Internet Banking pages where the information requested is not relevant to the transaction. You should not enter sensitive data if you are prompted to do so. Also, any system accessing Internet Banking should have anti-virus and anti-malware installed and the software definitions kept up-to-date.
If you have any questions please contact Internet Banking Support at 217-832-2631.
Fraudulent Email Consumer Alert
The FDIC has issued a Consumer Alert regarding fraudulent emails that have the appearance of being sent from the FDIC and entice the recipients to take a survey to have $50 credited to their account.
Jargon Watch: "...ishing" Things
If you have ever read or heard about phishing, smishing and vishing and wandered what they meant, here are a few definitions:
- Phishing - an email that claims to be from a legitimate source that attempts to have the reader provide confidential personal information. These messages could be attempts to gain bank account or credit card information, Internet banking logon information, etc.
- Spear Phishing - Targeted phishing emails. In phishing, a large number of emails are sent and many recipients have no relationship with the supposed source. Spear phishing, on the other hand, is targeted and may be sent to just customers of a bank, or employees in a department. The email may appear to be from the bank, or from Human Resources, as examples. One variant of spear phishing is Whaling, which is an attack targeted to executives such as the CEO, CIO, COO, etc. (the "big phish" in an organization).
- Smishing - phishing with text messages and cell phones. "SMiShing" is a compound of phishing and "SMS" text messaging.
- Vishing - phishing using a voice message. Voice phISHING often uses Voice over Internet Protocol (VOIP) to make calls at no cost that are harder to trace. A message is left with a telephone number to return the call. When targets call the number, feeling safer because they initiated the call, a voice response system will ask for the same confidential personal information described above.
- Pharming - the use of a fraudulent or spoofed website that appears to be one of a legitimate business, to obtain and record user logon information and other confidential personal information. Domain Name Servers (DNS) can be hacked, redirecting web traffic from a legitimate site to the spoofed site. A phishing email may also link to the pharmed website.
- In-Session Phishing - interrupts a web browsing session with a pop-up window. Users see the pop-up and believe it is associated with the site they are on. Of course they are asked to re-enter confidential personal information. If your users have infected computers, entering a username and password on your Internet banking site would trigger the pop-up window, sending the data to the thieves.
FYI - The word "phishing" comes from the analogy that Internet scammers are using email lures to fish for passwords and financial data from the sea of Internet users. The term was coined in 1996 by hackers who were stealing AOL Internet accounts by scamming passwords from unsuspecting users. Since hackers have a tendency to replace "f" with "ph," the term phishing was coined.
REMAIN VIGILANT WHEN USING THE INTERNET & EMAIL
Every day, we are alerted to new email phishing scams and spoofed websites. Please open emails and visit websites with caution. The FDIC has recently released a special alert concerning phishing emails that appear to be from the Federal Reserve Bank. These emails are fraudulent. Please observe the following helpful hints:
- Villa Grove State Bank will never contact you by email or phone requesting your information.
- Never give out your bank account information, debit or credit card numbers, or social security number to anyone in an email or over the phone unless you initiated the call.
- Always keep your bank & personal information close at hand and shred any unwanted mail.
- Keep passwords secure and change them often.
- Reconcile your bank statements monthly and examine your credit cards statements carefully.
If you have received a suspicious email or phone call, please do not hesitate to give us a call at (217) 832-2631. We would be glad to help you determine the authenticity of the solicitation and provide you with a feeling of security and confidence.