Fraud Protection & Prevention

IMPORTANT DEBIT CARD FRAUD PREVENTION ALERT

March 17, 2014

Security First National Bank wanted to warn everyone about a fraud attempt situation we became aware of with cardholders nationwide. There are apparently robocalls being made to consumers, attempting to obtain their card information. The calls advise that their "card has been disrupted", and to continue the cardholder must enter their full card number.

Please note that, when our fraud center contacts a customer to review transactions, there are no robocalls made and the caller will not ask for the cardholder's information since they would already have it.

Please be aware that you should NEVER give your card information and pin out over the phone.

To learn more about protecting yourself from financial scams and fraud you can read these related articles:

 

Tech Support Scams: Part 2

First Published: January 3, 2014 by Nicole Vincent Fleming, Consumer Education Specialist via Federal Trade Commission

They’re baaaack!

No, not poltergeists. Scammers. And they want your last penny.

We’ve written before about tech support scams — where a caller claims that your computer has a terrible virus and needs immediate attention. The scammer asks for remote access and then charges you for “fixing” a problem that wasn’t there.

Now, they’re working the phones again, and they claim that if you paid for tech support services, they can get you a refund. We’ve heard about several variations of this scam:

  • They might ask if you were happy with the service. If you say no (and you probably will), they claim they can get you a refund.
  • Or they might say that the company is going out of business and providing refunds to people who already paid.

Once they’ve got you hooked, they claim that they need your bank or credit card account number to process the refund.

They might say that you need to create a Western Union account to receive the money. They may even offer to help you fill out the necessary forms — if you give them remote access to your computer. But instead of transferring money to your account, the scammer withdraws money from your account.

So, what can you do if you paid for bogus tech support services?

  • File a complaint at ftc.gov/complaint.
  • If you paid with a credit card, call your credit card company and ask them to reverse the charges.
  • Hang up on callers who offer a refund in exchange for your bank or credit card account number or a Western Union account.

 

Return To Top



Avoiding Debt-Relief Scams

First Published: December 17, 2013 by Bridget Small, Consumer Education Specialist, FTC

If you’re looking for a way to manage your debt, the last thing you need is to get ripped off by a company that promises to help. According to the Federal Trade Commission, that’s what happened to people who paid hundreds of dollars each to Southeast Trust, LLC. The company contacted people through illegal robocalls and claimed it was a non-profit group that could get them credit card interest rates as low as zero percent. The FTC recently got a $2.7 million judgment against the company and banned it from making illegal robocalls and providing debt- and mortgage-relief services.

There are signs that a company that promises to help you manage your debt may not be on the up and up. Avoid any organization that:

  • charges fees before it settles your debts
  • guarantees it can make your unsecured debt go away
  • tells you it can stop all debt collection calls and lawsuits
  • won’t send you free information about its services unless you provide personal and financial information, like your credit card and bank account numbers

You can work on managing your debt by talking with a credit counseling organization. A reputable credit-counseling agency should send you free information about its services without requiring you to give details about your situation or pay any money before they provide services.

And by the way, about those robocalls? If you hear a recorded sales message and you haven't given your written permission to get calls from the company on the other end, the call is illegal, and the pitch may be a scam. Hang up. Don't press 1 to speak to a live operator or press any other number. If you do, you’ll just get more robocalls.

Return To Top



New Fraud & Scam Warnings

Information provided by The Federal Bureau of Investigation

CryptoLocker Ransomware Encrypts Users' Files

10/28/13—The FBI is aware of a file encrypting Ransomware known as CryptoLocker. Businesses are receiving e-mails with alleged customer complaints containing an attachment that when opened, appears as a window and is in fact a malware downloader. This downloader then downloads and installs the actual CryptoLocker malware.

The verbiage in the window states that important files have been encrypted using a unique public key generated for the computer. To decrypt the files, you need to obtain the private key. A copy of the private key is located on a remote server that will destroy the key after the specified time shown in the window. The attackers demand a ransom of $300 to be paid in order to decrypt the files.

Unfortunately, once the encryption of the files is complete, decryption is not feasible. To obtain the file specific Advanced Encryption Standard (AES) key to decrypt a file, you need the private RSA key (an algorithm for public key cryptography) corresponding to the RSA public key generated for the victim’s system by the command and control server. However, this key never leaves the command and control server, putting it out of reach of everyone except the attacker. The recommended solution is to scrub your hard drive and restore encrypted files from a backup.

As with any virus or malware, the way to avoid it is with safe browsing and e-mail habits. Specifically, in this case, be wary of e-mail from senders you don’t know and never open or download an attachment unless you’re sure you know what it is and that it’s safe. Be especially wary of unexpected e-mail from postal/package services and dispute notifications.

If you have been a victim of an Internet scam, please file a complaint at www.ic3.gov.

Return To Top



Citadel Malware Continues to Deliver Reveton Ransomware in Attempts to Extort Money

07/27/13—The FBI’s Internet Crime Complaint Center (IC3) and the Department of Homeland Security (DHS) have recently received complaints regarding a ransomware campaign using the name of DHS to extort money from unsuspecting victims.

In May 2012, the IC3 posted an alert about the Citadel malware platform used to deliver ransomware known as Reveton. The ransomware directs victims to a download website, at which time it is installed on their computers. Ransomware is used to intimidate victims into paying a fine to “unlock” their computers. The ransomware has been called “FBI Ransomware” because it frequently uses the FBI’s name, but similar ransomware campaigns have used the names of other law enforcement agencies such as DHS and IC3.

As in other variations, the ransomware using the name of DHS produces a warning that accuses victims of violating various U.S. laws and locks their computers. To unlock their computers and avoid legal issues, victims are told they must pay a $300 fine via a prepaid money card.

This is not a legitimate communication from law enforcement, but rather is an attempt to extort money from the victim. If you have received this or something similar, do not follow the instructions in the warning, and do not attempt to pay the fine.

It is suggested that you:

  • Contact a reputable computer expert to assist with removing the malware.
  • File a complaint at www.IC3.gov.
  • Keep operating systems and legitimate antivirus and antispyware software updated.

Return To Top