Security Alert eNFACT Phishing Scam
 
 
Security Center 
 

SECURITY ALERT - January 26, 2012

Phishing Attack in Progress; Please Read Below and Act Accordingly

We have become aware that some of our customers are receiving phishing emails that references the "eNFact" product. The email directs recipients to click on a link that takes them to a mock-Fiserv site that we presently believe may install malicious software. This may be a serious threat.

Please DO NOT open any emails containing this information and DO NOT to click on the link.

The phishing attack is contained in a fraudulent email identical or similar to the one that follows:

-----Original Message-----

From: eNFACT Notifications [mailto:noreply@enfactnotifications.com]

Sent: Thursday, January 26, 2012 11:34 AM

To: Recipients

Subject: eNFACT Case #29018

To protect your account, we monitor your ATM and debit card transactions for potentially fraudulent activity which may include a sudden change in locale (such as when a U.S.-issued card is used unexpectedly overseas), a sudden string of costly purchases, or any pattern associated with new fraud trends around the world.

An eNFACT Case was generated for the cardholder below:

  • Transaction 1 Information:
  • A charge on 10/23/2011 in the amount of $438.09 in ITALY Transaction Score: 981
  • Transaction 2 Information:
  • A charge on 10/23/2011 in the amount of $513.14 in ITALY Transaction Score: 918
  • Transaction 3 Information:
  • A charge on 10/22/2011 in the amount of $0.02 at O RANCH Transaction Score: 37

The eNFACT Case is generated when a suspect transaction is detected. If this transaction was not initiated by you as the credit card holder please follow the steps as shown at : http://www.efactnotify.com/

Please be sure to complete the Case Resolution Notification (CRN) Form at (http://www.efactnotify.com/) . If you have any questions, or would like additional information pertaining to this eNFACT Case, please contact the Card Processing Center at 800-262-2024. 12:000045 | ALERT 12005

If you have received this phishing attack email, or if you receive it at any time from this point forward:

1. Do not open the email;

2. Do not click on the link contained in the email; clicking on any of the links contained in the email may install malicious software on your system;

3. If a link is clicked, please notify the bank immediately

4. Delete the email from your "Inbox" and "Sent Items"

If you receive a suspicious email message requesting personal or specific account information please report it to us at info@mechanics-coop.com or call 1-888-MECHANICS (632-4264).

Thank you
 

Telephone Scams  |  Phishing  |   Spyware   |   Identity Theft  |  Lost ATM Card

Over the past few years, some of our customers may have received email from malicious individuals or groups posing as legitimate financial service companies, insurance companies, and other entities such as the FDIC.  These individuals attempt to trick users into revealing personal information such as Credit Card Numbers, Personal Identification Numbers (PINs), Social Security Numbers and Passwords.

These individuals use this information to perpetrate fraud and financial crimes against individuals and by the time the victim realizes it, it is too late. You should be aware that:

Mechanics Cooperative Bank will never send unsolicited email or other type of communication request asking you to verify any of your personal or financial information.  We will never send a link to our website through email without telling you first or without you requesting us to do so.

If you receive a suspicious request from us please report it to us at: info@mechanics-coop.com

If you believe that you gave out sensitive information regarding your accounts please call us immediately at 508-823-7744.

TELEPHONE SCAMS

Industry reports are being received, of a telephone scam involving fraudsters attempting to obtain personal information from cardholders. 
 
Although no incidents have been reported from our cardholders, we should be informed of these scams and whenever possible, reinforce positive, safe behavior through discussions with our customers.
 
The details are as follows:

 Event Characteristics

Cardholders have received computer-generated calls claiming to be from their financial institution.  The calls claim their accounts have been frozen and then direct the cardholder to call a toll-free number to leave their debit card information in order to reactivate any cards. The toll-free number includes a recorded message that asks the customer to key their account number, card expiration date, and PIN.

 Recommendations

 Cardholder awareness is key in combating fraud. Should our cardholders receive any questionable calls, please make sure they do not provide their personal information.  In addition, you may want to share the following tips and/or characteristics of a fraudulent call with our cardholders:
  • Make sure you [i.e. cardholder] initiate the contact, and the institution verifies your identity with questions only you would know.
  • To verify whether a call is legitimate, call your bank or visit its website, using phone numbers or internet addresses from your bank statement or account documentation. Do not call back a number provided over the phone or click on a link in an email.
  • Most communications will include something that will concern or excite the victim.
  • If you have been the victim of a scam, file a complaint at local law enforcement.
  • Notify your financial institution.

Back to Top

PHISHING

How Not To Get Hooked by a "Phishing" Scam
Courtesy of OnGuardOnline.gov

"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."

"During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."

Have you received email with a similar message? It's a scam called "phishing" — and it involves Internet fraudsters who send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims.

According to OnGuard Online, phishers send an email or pop-up message that claims to be from a business or organization that you may deal with - for example, an Internet service provider (ISP), bank, online payment service, or even a government agency. The message may ask you to "update," "validate," or "confirm" your account information. Some phishing emails threaten a dire consequence if you don't respond. The messages direct you to a website that looks just like a legitimate organization's site. But it isn't. It's a bogus site whose sole purpose is to trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

OnGuard Online suggests these tips to help you avoid getting hooked by a phishing scam:

  • If you get an email or pop-up message that asks for personal or financial information, do not reply. And don't click on the link in the message, either. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address yourself. In any case, don't cut and paste the link from the message into your Internet browser — phishers can make links look like they go to one place, but that actually send you to a different site.
     
  • Use anti-virus software and a firewall, and keep them up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.

    Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.

    A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It's especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or Linux) or browsers (like Internet Explorer or Netscape) also may offer free software "patches" to close holes in the system that hackers or phishers could exploit.
     
  • Don't email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's website, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a website that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
     
  • Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
     
  • Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer's security.
     
  • Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems. You also may report phishing email to reportphishing@antiphishing.org. The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
     
  • If you believe you've been scammed, file your complaint at ftc.gov, and then visit the FTC's Identity Theft website at www.consumer.gov/idtheft.  Victims of phishing can become victims of identity theft. While you can't entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk. If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit bureaus. See www.annualcreditreport.com for details on ordering a free annual credit report.

Back to Top

SPYWARE

Spyware Quick Facts
Courtesy of OnGuardOnline.gov

Spyware is software installed on your computer without your consent to monitor or control your computer use. Clues that spyware is on a computer include a barrage of pop-up ads, a browser that takes you to sites you don't want, unexpected toolbars or icons on your computer screen, keys that don't work, random error messages, and sluggish performance when opening programs or saving files.

To lower your risk of spyware infections:

  • Update your operating system and Web browser software, and set your browser security high enough to detect unauthorized downloads.
     
  • Use anti-virus software and a firewall, and keep them up-to-date.
     
  • Download free software only from sites you know and trust. Enticing free software downloads frequently bundle other software, including spyware.
     
  • Don't click on links inside pop-up windows.
     
  • Don't click on links in spam that claim to offer anti-spyware software; you may unintentionally be installing spyware.
     
  • Consider using anti-spyware software.

Just when you thought you were Web savvy, one more privacy, security, and functionality issue crops up — spyware. Installed on your computer without your consent, spyware software monitors or controls your computer use. It may be used to send you pop-up ads, redirect your computer to websites, monitor your Internet surfing, or record your keystrokes, which, in turn, could lead to identity theft.

Many experienced Web users have learned how to recognize spyware, avoid it, and delete it. According to OnGuard Online, all computer users should get wise to the signs that spyware has been installed on their machines, and then take the appropriate steps to delete it.

Back to Top

IDENTITY THEFT

Identity Theft
Courtesy of OnGuardOnline.gov

What To Do If Your Personal Information Has Been Compromised

The bottom line for online threats like phishing, spyware, and hackers is identity theft. ID theft occurs when someone uses your name, Social Security number, credit card number or other personal information without your permission to commit fraud or other crimes. That’s why it’s important to protect your personal information.

If your personal information is accidentally disclosed or deliberately stolen, taking certain steps quickly can minimize the potential for the theft of your identity.

If the Stolen Information Includes Your Financial Accounts

Close compromised credit card accounts immediately. Consult with your financial institution about whether to close bank or brokerage accounts immediately or first change your passwords and have the institution monitor for possible fraud. Place passwords on any new accounts that you open. Avoid using your mother's maiden name, your birth date, the last four digits of your Social Security number (SSN) or your phone number, or a series of consecutive numbers.

If the Stolen Information Includes Your Social Security Number

Call the toll-free fraud number of any one of the three nationwide consumer reporting companies and place an initial fraud alert on your credit reports. This alert can help stop someone from opening new credit accounts in your name.

Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241

Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 2002, Allen, TX 75013

TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

An initial fraud alert stays on your credit report for 90 days. When you place this alert on your credit report with one nationwide consumer reporting company, you'll get information about ordering one free credit report from each of the companies. It's prudent to wait about a month after your information was stolen before you order your report. That's because suspicious activity may not show up right away. Once you get your reports, review them for suspicious activity, like inquiries from companies you didn't contact, accounts you didn't open, and debts on your accounts that you can't explain. Check that information — like your SSN, address(es), name or initials, and employers — is correct.

If the Stolen Information Includes Your Driver's License or Other Government-Issued Identification

Contact the agencies that issued the documents and follow their procedures to cancel a document and get a replacement. Ask the agency to “flag” your file to keep anyone else from getting a license or another identification document in your name.

Once you've taken these precautions, watch for signs that your information is being misused. For example, you may not get certain bills or other mail on time. Follow up with creditors if your bills don't arrive on time. A missing bill could mean an identity thief has taken over your account and changed your billing address to cover his tracks. Other signs include:

  • receiving credit cards that you didn't apply for;
     
  • being denied credit, or being offered less favorable credit terms, like a high interest rate, for no apparent reason; and
     
  • getting calls or letters from debt collectors or businesses about merchandise or services you didn't buy.

Continue to read your financial account statements promptly and carefully, and to monitor your credit reports every few months in the first year of the theft, and once a year thereafter. For more information on getting your credit reports free once a year or buying additional reports, read Your Access to Free Credit Reports.

If your information has been misused, file a report about your identity theft with the police, and file a complaint with the Federal Trade Commission at www.consumer.gov/idtheft.  Read Take Charge: Fighting Back Against Identity Theft for detailed information on other steps to take in the wake of identity theft.

Back to Top

LOST ATM CARD

Have you lost your ATM or Debit card?  If so, please call 1.800.554.8969.

Back to Top

 
 
 

 

Contact Us   |   Member FDIC   |   Member SIF   |   Equal Housing Lender   |   Privacy Statement

NMLS# 421820

Copyright © 2011 Mechanics Cooperative Bank. All Rights Reserved.
Mechanics Cooperative Bank reserves the right to monitor and store the information that it receives.