Internet Alerts from FNCB

Suspicious Telephone Calls Claiming to Be From the FNCB

SUBJECT: Suspicious Telephone Calls Claiming to Be From the FNCB

Summary: Suspicious telephone calls claiming to be from FNCB employees are being reported. These calls appear to be illegal schemes to steal money or collect sensitive personal information, such as bank account numbers

First National Community Bank has received numerous reports of suspicious telephone calls where the caller claims to represent FNCB and is calling about wire transmissions to or from their accounts.

These suspicious telephone calls are fraudulent. Recipients should consider them as an attempt to steal money or collect personal identifying information.

If a caller demonstrates that he or she has the recipient's sensitive personal information, such as Social Security number, date of birth, and bank account numbers, the recipient may be the victim of identity theft and should review his or her credit reports for signs of possible fraud. The individual should also consider placing a "fraud alert" on his or her credit reports. This can be done by contacting one of the three consumer reporting companies listed below. Only one of the three companies needs to be contacted. That company is required to contact the other two, which will place an alert on their versions of the report.

• TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, California 92834-6790
• Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, Georgia 30374-0241
• Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9554, Allen, Texas 75013

If you have any questions about the authenticity of the person calling you, please call FNCB directly at 1-877-TRY-FNCB.

Fraudulent Correspondence and Phone Calls

FinCEN Reminds the Public to be Wary of Fraudulent Correspondence and Phone Calls. Click HERE to learn more.

Phishing Attack in Progress; Please Read Below and Act Accordingly

We have become aware that some of our clients, and some organizations that are not our clients, are receiving phishing emails that references the “eNFact” product. The email directs recipients to click on a link that takes them to a mock-CNS site that we presently believe may install malicious software. This may be a serious threat.

Please alert your organization about this issue, and direct recipients of the attached email NOT to open it or, if they do, NOT to click on the link.

The phishing attack is contained in a fraudulent email identical or similar to the one that follows:

-----Original Message-----

From: eNFACT Notifications [mailto:noreply@enfactnotifications.com]
Sent: Thursday, January 26, 2012 11:34 AM
To: Recipients Subject: eNFACT Case #29018

To protect your account, we monitor your ATM and debit card transactions for potentially fraudulent activity which may include a sudden change in locale (such as when a U.S.-issued card is used unexpectedly overseas), a sudden string of costly purchases, or any pattern associated with new fraud trends around the world.

An eNFACT Case was generated for the cardholder below:

Transaction 1 Information:
A charge on 10/23/2011 in the amount of $438.09 in ITALY Transaction Score: 981

Transaction 2 Information:
A charge on 10/23/2011 in the amount of $513.14 in ITALY Transaction Score: 918

Transaction 3 Information:
A charge on 10/22/2011 in the amount of $0.02 at O RANCH Transaction Score: 37

The eNFACT Case is generated when a suspect transaction is detected. If this transaction was not initiated by you as the credit card holder please follow the steps as shown at : http://www.efactnotify.com/

Please be sure to complete the Case Resolution Notification (CRN) Form at (http://www.efactnotify.com/) . If you have any questions, or would like additional information pertaining to this eNFACT Case, please contact the Card Processing Center at 800-262-2024.

Please act accordingly now.

If you have received this phishing attack via email, or if you receive it at any time from this point forward:

1. Do not open the email

2. Do not click on the link contained in the email; clicking on any of the links contained in the email may install malicious software on your system

3. If a link is clicked, your organization’s Information Security personnel should immediately take your system off of the network

4. Report the email to your organization’s Information Security personnel;

5. Delete the email from your “Inbox” and “Sent Items; and

6. If you have inadvertently clicked on the link please notify your local helpdesk for assistance As Soon As Possible.

At this time there is no evidence or indication that systems in our organization have been affected.

We are taking three steps to help you protect yourself. First, we have asked the hosting provider of the phishing site to take it down, although we are presently unsure whether our request will be honored. Second, we are reporting this to our regulatory authorities, whose engagement may help us get the attention of both the phishing site’s hosting provider and law enforcement. Third, we are researching the potentially malicious payload the phishing site could install, and will provide you with information you may be able to use to limit infection in your own environment.

We will issue further communication as soon as we have substantive progress to share.

Important Update: Changes in FDIC Deposit Insurance Coverage

Click HERE to learn more.

Privacy of Customer Information

The information age challenges businesses to embrace technology while preserving trust.

• Banks use new technology to make their products and services more convenient. At the same time, banks must ensure their policies and practices are in sync with customers’ expectation of privacy.
• Banks protect customer privacy because their future depends on it. Customer trust is our most valuable asset. That’s why we are committed to continuing our tradition of safeguarding confidential financial information.
• Technology and information help deliver consumer conveniences like: consolidated statements; a single 800 number for customer service on all accounts; discounts on products; direct deposit; “frequent flyer” miles; and more personalized products and services.

Current law offers strong privacy protections.

• Federal law has required banks and other financial institutions to annually disclose privacy policies since 2001. The disclosures are mailed to all customers and explain how the institution manages customer information – mainly, if it shares information with outside companies and why the information is shared.
• Consumers may opt out of having their information shared with affiliate institutions/companies and non-affiliated third parties for marketing purposes. Consumers should contact their financial institution for more information.
• While opting out may restrict the manner in which your information is shared, customers who do opt-out may not be able to avail themselves of new products or services being offered by their financial institution.

Consumers can make smart choices to keep their personal information private.

• Consumers who read the disclosures put themselves in the driver’s seat to control how their information is used. A customer can opt out of information sharing at any time and there is no deadline. If you did not receive a privacy notice in the mail, or if it was accidentally thrown away, contact your bank and request another.
• Banks use a combination of safeguards to protect your information, such as employee training and accountability, strict privacy policies, rigorous security standards, encryption and fraud detection. You can help maintain your privacy by taking precautions to protect account and PIN numbers.

Background:

Recent data breaches have led consumers and lawmakers to take a closer look at the security practices of businesses that collect personal information, including banks. Unlike other businesses that have experienced data breaches, banks have a regulatory system in place to protect consumers’ information and notify them if a breach occurs. (See Data Security, page 49 and Identity Fraud, page 77 for more information).

Tips for safeguarding your information:

• Don’t give your Social Security number or other personal credit information to anyone who contacts you by phone or email.
• Tear up or shred receipts, bank statements and unused credit card offers before throwing them away.
• Keep an eye out for any missing mail.
• Don’t mail bills from your own mailbox with the flag up.
• Review your monthly accounts regularly for any unauthorized charges.
• Order copies of your credit report once a year to ensure accuracy.
• Do business with companies you know are reputable, particularly when conducting transactions online.
• When conducting business online, make sure your browser’s padlock or key icon is active.
• Don’t open email from unknown sources. Use virus detection software.
• Protect your PIN numbers (don’t carry them in your wallet!) and passwords; use a combination of letters and numbers for your passwords and change them periodically.
• Report any suspected fraud to your bank and the fraud units of the three credit reporting agencies immediately. The fraud unit numbers are:
  TransUnion (800) 680-7289
  Experian (888) 397-3742
  Equifax (800) 525-6285

Other helpful information:

• Although many consumers appreciate the convenience and customer service of general direct mail, some have a specific preference not to receive offers of pre-approved financing or credit. To “opt out” of receiving such offers, call (888) 5 OPT OUT. This service is offered jointly by the three credit agencies.
• To reduce unwanted telephone solicitations, register on the FTC’s Do-Not-Call list. Call 1-888-382-1222 or visit www.donotcall.gov.
• The Direct Marketing Association offers services to help reduce the number of unwanted mail and telephone solicitations. To join their mail preference service, mail your name, home address and signature to: Mail Preference Service, Direct Marketing Association, P.O. Box 9008, Farmingdale, NY 11735-9008. To reduce unsolicited telephone solicitations, send your name, home address and home telephone number and signature to: Telephone Preference Service, Direct Marketing Association, P.O. Box 9014, Farmingdale, NY 11735-9014.

Fraudulent “FDIC Notification” E-Mails with Attachment

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that appear to be from the FDIC and contain an infected attachment.

The fraudulent e-mails have addresses such as "no.reply@fdic.gov" or "notify84zma@fdic.gov" on the “From” line. The message appears, with spelling and grammatical errors, as follows:

Subject line: "FDIC notification"

Message body:

"Dear customer,
 Your account ACH and WIRE transaction have been temporarily suspended for security reasons due to the expiration of your security version. To download and install the newest installations read the document(pdf) attached below.
 As soon as it is setup, you transaction abilities will be fully restored.
 Best Regards, Online Security departament, Federal Deposit Insurance Corporation."

The e-mails contain an attachment "FDIC_document.zip" that will likely release malicious software if opened. These e-mails and attachments are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers. Recipients should NOT open the attachment.

Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact consumers, nor does the FDIC request bank customers to install software upgrades.

Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC’s Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to alert@fdic.gov. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.

For your reference, FDIC Special Alerts may be accessed from the FDIC’s website at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

Sandra L. Thompson
Director
Division of Risk Management Supervision

Attachment Paper copies of FDIC Special Alerts may be obtained through the FDIC's Public Information Center, 1-877-275-3342 or 703-562-2200.

Distribution: FDIC-Supervised Banks (Commercial and Savings)

Avoiding 'Card Skimming' at ATMs and Other Money Machines

Be wary when you use automated teller machines (ATMs) and other payment processing machines. Thieves may be using high-tech tools in scams to capture your account information to steal your money.

These scams, known as "card skimming," involve attaching devices to money machines that read the information on your debit and credit cards when you swipe them. When combined with a nearby concealed camera to record your personal identification number (PIN), the thieves can get everything they need to drain your account or to make unauthorized purchases. In addition to using the information directly, thieves may sell your information to others.

ATMs and automated payment machines in airports, convenience stores, hotel lobbies, and other well-traveled, public places may be most vulnerable to thieves who may think these machines are not regularly inspected by the machine owners. However, card skimming may take place at any ATM or card processing machine, including those on bank premises. As technology makes these devices smaller and more powerful, the risk of card skimming grows.

How High-Tech Thieves Operate

Thieves have many ways to steal your account information. They may attach a card skimmer that looks and acts like a genuine part of the ATM or other type of money machine. The device may be a simple, curved plastic sheath over the card slot. The skimmer reads the magnetic strip or computer chip on your card and transmits your account information to the thieves or saves the information until the skimmer is retrieved.

Thieves may also use a wireless camera concealed nearby in a box holding brochures or in a light fixture. The camera photographs or videotapes your fingers as they enter your PIN on a keypad or screen. Like a card skimmer, the camera can transmit images instantly or save them until the thieves retrieve the camera later. A camera and card skimmer can be used together.

Safeguarding Your Personal Bank Account Information

To help protect you, banks and retailers take measures to minimize the risk of fraudulent use of your debit or credit card, particularly when those purchases are made by telephone or online.

Before approving telephone purchases, retailers typically confirm your identity by asking for personal information. They may ask for your address, the last four digits of your social security number, or answers to security questions you created when you set up your account. Retailers also may ask for the three-digit security code printed on the front or back of your debit or credit card. To protect your online transaction from electronic fraud, many commercial Web sites require you to unscramble a word or a number displayed as a fuzzy or distorted image that is difficult for software to read.

Protecting Yourself With Common Sense Security Measures

Ultimately, you must protect yourself against thieves and the tools they use to access your accounts to steal from you. To protect yourself, follow these common-sense precautions.

• Walk away from an ATM if you notice someone watching you or if you sense something wrong with the machine; immediately report your suspicions to the company operating the machine or a nearby law enforcement officer.
• Before using an ATM, examine nearby objects that might conceal a camera; check the card slot for a plastic sheath before inserting your card.
• Never keep a written copy of your PIN in your wallet or purse as it could be stolen; instead memorize your PIN and keep a paper record hidden at home.
• When entering your PIN, stand close to the machine and hold your hand over the keypad or screen to make it more difficult for a person or camera to watch you.
• Beware of strangers offering to help you with an ATM that appears disabled and notify someone responsible for the security of the machine.
• Regularly review your account statements, either online or on paper, and check for unauthorized withdrawals and purchases. If you find one, immediately contact your bank or credit card provider, as this will limit your financial liability for fraudulent charges.
• Federal laws limit your liability from debit and credit card fraud. Two federal laws, in particular, protect you.

The Truth in Lending Act generally limits your liability to $50 for any unauthorized use of your credit card. However, you are not responsible for unauthorized charges on your account—if you report a lost or stolen credit card before the card is used. Also, you are not responsible if the fraud results from someone using your credit card number alone rather than your credit card.

The Electronic Fund Transfer Act also limits your liability for unauthorized use of your debit or ATM cards—if you quickly report the lost or stolen card. You are not held responsible for unauthorized charges if you report the fraud before unauthorized transactions are made. If unauthorized transactions occur before you report your card missing or compromised, your liability depends on how quickly you report the loss.

Additional Information

The Federal Trade Commission provides more information on what to do if your card is lost or stolen in its fact sheet "Credit, ATM and Debit Cards: What to Do if They’re Lost or Stolen," at www.ftc.gov/bcp/edu/pubs/consumer/credit/cre04.shtm.

The Office of the Comptroller of the Currency has answers about what to do about unauthorized charges and other banking issues at HelpWithMyBank.gov.

Fraudulent E-Mails Claiming to Be From the FDIC

Summary: E-mails that claim to be from the FDIC are reportedly in circulation.

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.

The e-mails appear to be sent from various "@fdic.gov" e-mail addresses, such as "subscriptions@fdic.gov," "alert@fdic.gov," or "accounts@fdic.gov."

They have subject lines that read: "FDIC: Your business account" or "FDIC: About Your Business Account."

The e-mails are addressed to "Business Customer" or "Business Owner" and state "We have important information about your bank" or "…financial institution." They then ask recipients to "Please click here to find details."

They conclude with, "This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership."

These e-mails and the link included are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT, under any circumstances, provide any personal financial information through this media.

Financial institutions and consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.

For your reference, FDIC Special Alerts may be accessed from the FDIC's Website at www.fdic.gov/news/news/Special Alert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through email, please visit www.fdic.gov/about/subscriptions/index.html.

Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.

Fraudulent E-Mails Claiming to Be From the FDIC

Summary: E-mails fraudulently claiming to be from the FDIC are attempting to get recipients to click on a link, which may ask them to provide sensitive personal information. These e-mails falsely indicate that FDIC deposit insurance is suspended until the requested customer information is provided.

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The email informs the recipient that "in cooperation with the Department of Homeland Security, federal, state and local governments…" the FDIC has withdrawn deposit insurance from the recipient's account "due to account activity that violates the Patriot Act." It further states deposit insurance will remain suspended until identity and account information can be verified using a system called "IDVerify." If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient's computer.

This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.

The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

For your reference, FDIC Special Alerts may be accessed from the FDIC’s Web site at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

Suspicious Telephone Calls Claiming to Be From the FDIC

SUBJECT: Suspicious Telephone Calls Claiming to Be From the FDIC

Summary: Suspicious telephone calls claiming to be from FDIC employees are being reported. These calls appear to be illegal schemes to steal money or collect sensitive personal information, such as bank account numbers

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of suspicious telephone calls where the caller claims to represent the FDIC and is calling regarding the collection of an outstanding debt.

To date, the callers have alleged that the call recipient is delinquent in payment of a loan that was applied for over the Internet or made through a payday lender. The loan may or may not actually exist. The caller attempts to authenticate the claim by providing sensitive personal information, such as name, Social Security number, and date of birth, supposedly taken from the loan application. The recipient is then strongly urged to make a payment over the phone to "avoid a lawsuit and possible arrest." In some instances, the caller is said to sound aggressive and threatening.

These suspicious telephone calls are fraudulent. Recipients should consider them as an attempt to steal money or collect personal identifying information. The FDIC generally does not initiate unsolicited telephone calls to consumers and is not involved with the collection of debts on behalf of operating lenders and financial institutions.

If a caller demonstrates that he or she has the recipient's sensitive personal information, such as Social Security number, date of birth, and bank account numbers, the recipient may be the victim of identity theft and should review his or her credit reports for signs of possible fraud. The individual should also consider placing a "fraud alert" on his or her credit reports. This can be done by contacting one of the three consumer reporting companies listed below. Only one of the three companies needs to be contacted. That company is required to contact the other two, which will place an alert on their versions of the report.

• TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, California 92834-6790
• Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, Georgia 30374-0241
• Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9554, Allen, Texas 75013

Information about counterfeit items, cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F-3054, Washington, D.C. 20429, or transmitted electronically to alert@fdic.gov. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.

For your reference, FDIC Special Alerts may be accessed from the FDIC,s website at www.fdic.gov/news/news/SpecialAlert/2010/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

Sandra L. Thompson
Director
Division of Supervision and Consumer Protection
Distribution: FDIC-Supervised Banks (Commercial and Savings)