Fraud Alerts

Fraud Advisory for Businesses:

Corporate Account Take Overs -- What are they and how does it happen?

***CONSUMER ALERT***

NOTICE FROM STATE OF IDAHO ATTORNEY GENERAL

LAWRENCE WASDEN

Epsilon Marketing data breach requires extra email caution (Boise) - Attorney General Lawrence Wasden issued a consumer alert today regarding the March 30th data breach at Epsilon Marketing, an Irving, Texas-based email marketing firm. According to Epsilon, hackers accessed its corporate clients' records, which contained consumers' names and email addresses. With more than 2,500 clients, Epsilon sends over 40 billion marketing emails annually. Law enforcement and Epsilon security are investigating the breach. Idaho consumers likely have received emails already from one or more of Epsilon's affected clients, warning of the breach. These warning emails, which will continue as more affected clients are identified, inform consumers of what occurred and remind consumers that companies will never ask for the consumer's password or financial information in an email. "The biggest risk from this data breach is that the thieves, now in possession of your name, email address, and business relationships, could send phishing emails. These emails will look like they came from a bank or retailer with whom you do business," Attorney General Lawrence Wasden said. "Be very cautious about clicking on links in emails and never log into your account from an emailed link. Never email passwords, financial information, or other personal identifying information to anyone and always conduct financial transactions on secure websites." Consumers who receive a phishing attempt because of the Epsilon data breach can report it to the U.S. Secret Service by emailing phishing-report@us.cert.gov. If consumers have questions or concerns about the data breach, Epsilon asks that they contact Sarah Branam at 303-410-5369 or at sbranam@epsilon.com. Consumers also can contact the affected companies directly with questions and concerns. If consumers lose money due to an email scam, they can file a complaint with the Internet Crime Complaint Center at www.ic3.gov/default.aspx or the Federal Trade Commission at www.ftc.gov.

Consumers should monitor their credit reports for suspicious activity and can obtain a free copy of their report from the three major credit reporting agencies every year.

ﾠ

WARNING: E-mails Containing Malware Sent To Businesses Concerning Their Online Job Postings

Prepared by the Internet Crime Complaint Center (IC3)

January 19, 2011

Recent FBI analysis reveals that cyber criminals engaging in ACH/wire transfer fraud have targeted businesses by responding via e-mail to employment opportunities posted online.

Recently, more than $150,000 was stolen from a US business via unauthorized wire transfer as a result of an e-mail the business received that contained malware. The malware was embedded in an e-mail response to a job posting the business placed on an employment website and allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company. The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine and two to domestic accounts. The malware was identified as a Bredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan, which is commonly used by cyber criminals to defraud US businesses.

The FBI recommends that potential employers remain vigilant in opening the e-mails of perspective employees. Running a virus scan prior to opening any e-mail attachments may provide an added layer of security against this type of attack. The FBI also recommends that businesses use separate computer systems to conduct financial transactions.

For more information on this type of fraud and prevention tips, please refer to previous Public Service Announcements by accessing the links below:

* http://www.ic3.gov/media/2010/CorpateAccountTakeOver.pdf

* http://www.ic3.gov/media/2010/WorkAtHome.pdf

* http://www.ic3.gov/media/2009/091103.aspx

Anyone who believes they have been a target of this type of attack should immediately contact their financial institutions and local FBI office, and promptly report it to the IC3's website at www.IC3.gov. The IC3's complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The IC3 also uses complaint information to identify emerging trends and patterns.

WARNING-PHONE SCAM: Please be aware that there have been several D.L. Evans Bank customers receiving phone calls with a recording telling them that their debit or ATM card has been suspended due to excessive use. The recording asks the bank customer to verify their full 16 digit card number. Some customers have received messages that their debit card has been compromised and to please verify their full 16 digit card number. These calls are a fraudulent attempt to gain your card information. The bank already has your card information and would never use a recording to request your card information over the phone. If you have additional questions regarding this scam feel free to contact your local branch.

WARNING-EMAIL SCAM: If you receive the following email DELETE immediately DO NOT click on the link attached. This is not from D.L. Evans Bank.

Dear bank account holder,

The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:

Unauthorized ACH Transaction Report

FDIC Phishing Scams

The FDIC warns consumers about a type of fraud called "phishing." The term "phishing" – as in fishing for confidential information - refers to a scam that encompasses fraudulently obtaining and using an individual's personal or financial information. This is how it works:

1. A consumer receives an e-mail which appears to originate from a financial institution, government agency, or other well-known/reputable entity.

2. The message describes an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message.

3. The provided link appears to be the Web site of the financial institution, government agency or other well-known/reputable entity, but in "phishing" scams, the Web site belongs to the fraudster/scammer.

Once inside the fraudulent Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth. When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity.

Since January 23, 2004, criminals have been using the FDIC's name and reputation to perpetrate various "phishing" schemes. It is important to note that the FDIC will never ask for personal or confidential information in this manner. See the FDIC Privacy Policy for further information.

If you suspect an e-mail or Web site is fraudulent, please report this information to the real bank, company or government agency, using a phone number or e-mail address from a reliable source. Example: If your bank's Web page looks different or unusual, contact the institution directly to confirm that you haven't landed on a copycat Web site set up by criminals. Also, contact the Internet Crime Complaint Center (www.ic3.gov), a partnership between the FBI and the National White Collar Crime Center.

If you suspect that you have been a victim of identity theft, perhaps because you submitted personal information in response to a suspicious, unsolicited e-mail or you see unauthorized charges on your credit card, immediately contact your financial institution and, if necessary, close existing accounts and open new ones. Also contact the police and request a copy of any police report or case number for later reference. In addition, call the three major credit bureaus (Equifax at 800-525-6285, Experian at 888-397-3742 and TransUnion at 800-680-7289) to request that a fraud alert be placed on your credit report.

Other Fraud Alerts:

Here is a roundup of the 6 predominant types of fraud that businesses and consumers need to watch out for:

1. ATM Skimming

Skimming devices have been around for years. This is how thieves can steal your credit and debit card numbers by using a special electronic storage device. The thief will attach a skimming device over the slot where you place your ATM card to withdrawal funds from an ATM machine. When you go to make a withdrawal, the skimming device records the information off of the magnetic strip on the back of your card. Thieves have even gone so far as to place hidden cameras on or near the ATM machine to record the PIN number as you enter it in to complete your transaction. The best way to identify a skimming device is to become familiar with the ATM(s) you use on a regular basis. The face of most ATM machines are flat and do not have protruding parts. If it appears that something has been placed over the card slot report it immediately. Skimming devices have also been used at gas stations where you can pay at the pump.

2. Electronic Transfers Fraud

Businesses suffer when fraudsters penetrate and pilfer accounts via hacking into electronic transactions. The attacks against small and medium size businesses sky rocketed in late 2009, so much so that the FBI and American Bankers Association is urging business owners to use one computer to handle online banking activities and yet another entirely to surf the web and for email. This approach, while blunt, is the best way to prevent malicious software from infecting the computer and makes it much harder to manipulate electronic transfers.

Why target small and medium sized businesses? Most small and medium size businesses do not have the resources to employ a full time IT person. Many do not have sufficient fire walls in place to protect against malicious software from penetrating their system. Yet these businesses use on-line payment and payroll systems to conduct most of their business transactions.

3. Variations on Phishing Schemes

Scammers 'Phish' for your personal information in a variety of ways, but most commonly through fraudulent emails claiming to be from your bank or another institution that already has your personal details, asking you to confirm these details.

Vishing: Phishing but by phone (voice). Scammers call you and try to con you into releasing personal information, including account numbers, social security numbers, etc.

Smishing: The newest form of Phishing. (The name is derived from "SMS- shing"). SMS stands for short message service. Smishing uses cell phone text messages to deliver the "bait" to get you to divulge your personal information. It usually is in the form of a message from your "bank" stating that your ATM card has been suspended. When you call the "bank" you are asked to give your ATM card number, pin number and security codes from the back of your card.

4. Check Fraud

It seems that everyone is using debit and check cards these days, and although paper check volumes are continuing to fall, the dollar losses to check fraud continue to rise. The reason? Fraudsters continue to get away with the following common scams:

Lottery Scam: You are notified you have won a lottery or sweepstakes but you never bought a lottery ticket or entered a sweepstakes drawing.

Secret Shopper Scam: You are contacted via email or respond to an ad in the paper to become a secret shopper. You receive payment up front and are asked to secret shop a Western Union where you will send excess funds back to your secret shop employer.

Overpayment Scam: You are selling goods in the paper or on the internet and receive a check for more than the amount you are asking.

In all of these instances, the victim is notified that they have won something, are being hired or that they have a buyer. The victim receives a check and is asked to return a portion of the payment, usually via wire or Western Union for taxes, insurance or because the payment excess was made in error and money is owed back to the sender. Once you deposit their check and send the funds back, their check comes back to your bank as fraudulent and you are out the money. Often times these thieves are using the account numbers and checks of other unsuspecting victims who have had their account numbers or identities stolen.

5. Online Applications

The ease of customer applications over the web comes with another set of headaches: Application fraud, which experts see as a growing area for criminals. The ease of online account opening makes it easy for criminals to take over your accounts or steal your identity. The easiest way to avoid this type of fraud is to research the companies you are choosing to do business with prior to completing any forms online. If the company is contacting you, do not respond or complete applications within their email format. Contacting your local better business bureau is an easy way to get information about a company you are planning to do business with.

6. Prepaid Cards

The gift card market has always been a target for criminals. The purchase of prepaid cards with stolen credit cards is an optimal way for criminals to get their hands on what they really want—cash.

Another more recent scam is where criminals will steal prepaid cards from the j-hooks at retail stores, chemically wash off the printed card number, emboss the card with information from a stolen card and erase the information on the magnetic strip. Any store cashier would then have to process the transaction manually and can be manipulated by the criminal to push the transaction through.

7. Computer Trojans

Recently criminals have launched a major e-mail campaign to deploy the infamous ZeuS Trojan e-mail, which will send spam messages -- some disguised as fraud alerts from the Internal Revenue Service, Twitter account hijack warnings and salacious Youtube.com videos.

The fraudulent IRS e-mail uses the verbiage "Notice of Underreported Income" as the Subject Line and encourages the recipient to click a link to review their tax statement. All of the latest e-mails use a variety of URL shortening services.

It is critical that when you receive an email that appears to be PHISHING that you do NOT click on the link. It can download viruses, trojans, spyware, etc.

It is critical that you have up to date anti-virus, anti-spam and anti-spyware programs installed on your computer.

If you have any questions about financial scams or Phishing please contact your local branch for more information.

8. Fake Pop Up Messages

The FBI has released a press release regarding fake pop-up messages telling users their computer is infected with a virus. Please see the link below for more information:

http://www.fbi.gov/page2/july10/scareware_070910.html