 |
 |
 |
Your financial security is one of Fox Chase Bank's primary concerns. We strive to keep your personal identity and your banking assets safe and secure. Yet, we need your help too. The information in this section is provided to help you do your part in securing your personal identity and your banking assets. Check back often, to get the latest news and to learn tips for protecting yourself and your finances.
In addition to the security alerts below, here are some useful links from the Federal Trade Commission's website which provide detailed information to help you deter, detect, and defend against identity theft.
FTC's Online Privacy & Security Site
SECURITY ALERTS
February 2013
US Airlines Scam: This scam arrives in the mail and, oftentimes, includes a letter notification and a voucher check. The letter alerts you that the enclosed voucher can be redeemed for 2 round trip airlines tickets.
Although these letters may look legitimate, they are not. The phony name "US Airlines" is supposed to resemble the real "United Airlines" or "US Airways". The letters are NOT from a real airline. Additionally, what appears to be a check is not and should not be deposited into your bank account. This is a phishing scam attempting to acquire your personal information.
Click here to view a copy of the scam.
December 2012
'Project Mayhem' hacks accounting software. Researchers December 6 unleashed proof-of-concept code that would allow an attacker to basically write himself a check from the victim organization's account. The Python-based tool is just one example of the type of advanced financial fraud that could be perpetrated against accounting applications and databases, according to SecureState researchers, who at Black Hat Abu Dhabi demonstrated their tool and findings on threats to accounting software. They focused their efforts on Microsoft's Dynamics Great Plains application, but they said the same types of attacks could also be aimed at other accounting packages. No vulnerabilities were discovered or exploited in the Microsoft product. The Mayhem script detects that the Microsoft software is running, and creates a backdoor for the attacker to remotely make SQL queries and commit all types of financial fraud. ?It doesn't even need to install a traditional piece of [trojan] backdoor malware like? most financial fraud malware does today, said the manager of SecureState's penetration testing team. ?We compare it with a banking Trojan that hijacks [automated clearing house] ACH and wire transfers without the user's knowledge, but this time we're looking at the accounting system instead of the online banking session,? he said. Microsoft's accounting program is not the only potential victim. The manager said the same concept could be applied to MAS 90, Peachtree, Oracle, and SAP.
Source: http://www.darkreading.com/database-security/167901020/security/application-security/240144003/project-mayhem-hacks-accounting-software.html
September 2012
Recent IRS Scam
If you receive an email, similar to the one below, from the IRS please delete it immediately and do not click on the links:
Dear business owners,
Due to the alterations in the taxation policies that have been recently ratified, IRS informs that LLC, C-Corporations and S-Corporations have to validate their EIN in order to confirm their actual status. You have 14-day period in order to examine all the changes and make necessary amendments. We are sorry to cause inconvenience.
For the details please refer to:
https://www.irs.gov/ClientArea.aspx?u=46D187CEC
Sincerely yours,
Grover Foley Internal Revenue Service Representative
If you have any doubt about the authenticity of a website, do not provide any personal information. If you believe you have been the victim of a Phishing attempt or are unsure about the authenticity of any correspondence related to a Fox Chase Bank service please contact us immediately at customercare@foxchasebank.com or call 866-369-2427 option 1.
The Hidden Dangers of QR Codes...
Those black and white squares you see in ads may look harmless, but lurking behind the quick response code is the very real possibility of a malicious attack.
More than 30%of QR code readers in the Google Play app store are malicious, according to the Chief Technology Officer at database security company GreenSQL.
Oftentimes, companies do not generate their own QR codes and use a third party that lets them generate the codes through their system. Even if the original link was legitimate the ownership of the original link can be manipulated and forwarded to a site where malware can attack the smartphone.
What can you do to protect yourself? Make sure the link inside the QR code is under the company's domain such as foxchasebank.com. This will make it much harder for a fraudster to manipulate or hack in.
August 2012
Fraudsters are becoming increasingly more sophisticated in their cyber-crime schemes. The newest threat is called Citadel. Cyber-criminals using Citadel can hijack a computer with "drive-by downloads" - which are websites that automatically install malware that overtakes a computer. Once launched the malware locks the computer and displays a message that the user has violated a federal law. Oftentimes the message appears to be from the FBI, stating that a user has visited a website with illegal content.
In order to unlock the computer the user is asked to pay a fine to a government agency. This fine is a scam and an attempt to capture personal information, online banking credentials, credit card info or other personal information.
To help mitigate such threats all customers should download Fox Chase Bank's Trusteer Rapport security solution. Trusteer creates a secure connection between a computer and Fox Chase Bank's online banking system. In addition, the solution will protect access to other designated websites, alerting you to any fake websites, as well as guard your log-in credentials from being stolen by an unauthorized party.
April 2012
On April 10, 2012 in a Consumer Alert, the Federal Deposit Insurance Corporation (FDIC) advised that it has received numerous reports of a fraudulent e-mail that has the appearance of being sent from Publishers Clearing House with reference to FDIC.
The e-mail informs the recipients that they have won a large cash prize, but requires a "Check Insurance Certificate from FDIC." The message states that FDIC will be "requesting a fee of $1,000.00" to provide the "Check Insurance Certificate." A phone number and e-mail address are provided to obtain instructions on how to send the requested fee.
The e-mail is fraudulent and was not sent by FDIC or Publishers Clearing House. Recipients should consider this to be an attempt to steal money or collect personal or confidential information.
March 2012
WARNING: Fraudulent email
If you receive an email similar to the one shown below, please be aware that it is a scam. Do not click on any of the links in the email and delete it immediately. Please always be cautious of links that appear in emails and of emails referring to passwords and personal information.
Dear User,
This notification is mailed to you concerning your online banking user password has been expired.
Create a new user password by following these steps:
1. Log into your online banking by our secure link for Expired Password and entering the temporary password below. Your temporary password is: cn34R%vnjerFD
2. You will then be prompted to change your password.
This temporary password will expire in 24 hours.
February 2012
Warning from the OCC
Fictitious correspondence, allegedly issued by the Office of the Comptroller of the Currency (OCC) regarding funds purportedly under the control of the OCC and other government entities, is in circulation. Correspondence may be distributed via e-mail, fax, or postal mail.
Any document claiming that the OCC is involved in holding any funds for the benefit of any individual or entity is fraudulent. The OCC does not participate in the transfer of funds for, or on behalf of, individuals, business enterprises, or governmental entities.
The letters may indicate that funds are being held by the OCC, the U.S. Department of Homeland Security, or the U.S. Department of Justice because of the need for payment of a 0.059 percent revenue charge to the U.S. Internal Revenue Service.
The correspondence in question contains forged signatures of actual OCC officials. In addition, the material contains a fictitious mailing address that is not associated with the OCC.
Before responding in any manner to any proposal supposedly issued by the OCC that requests personal information or personal account information, or that requires the payment of any fee in connection with the proposal, you should take steps to verify that the proposal is legitimate. At a minimum, the OCC recommends that you
FTC Offers Warning, Advice on Tax-Related Identity Theft
Did you know that your Social Security number can help an identity thief get a job, or the tax refund that should be yours?
The Federal Trade Commission, the nation's consumer protection agency, cautions that thieves can use a stolen Social Security number to apply for a job or file for a tax refund under a false identity. The FTC advises that, if you think this has happened to you, or if you get an Internal Revenue Service notice indicating a problem, contact the IRS immediately for help with your tax return, any refund, and protecting your IRS account from identity theft in the future.
The FTC also recommends three steps to minimize the potential damage from identity theft: Put a fraud alert on your credit reports Review your credit reports Create an identity theft report by filing an identity theft complaint with the FTC and filing a police report. Read the FTC's Tax-Related Identity Theft to learn how to uncover and deal with this problem, how to avoid phishing scams, and how to contact the IRS. For more information, visit the FTC's identity theft website.
December 2011
WARNING: New Security Threats and Scams
One of our top priorities at Fox Chase Bank is to ensure that your information and banking data are secure and private. Periodically we will send you alerts, such as this email, to remind you of being cautious when using the Internet and online banking tools. It is important to always be vigilant when using online banking. Acquiring a business's private log-in information and using this information to access accounts is a popular scam for fraudsters.
Recently we have become aware of a scam in which fraudsters attempt to access your accounts after producing a "Please wait" screen on your computer immediately after you log in to online banking. After entering your credentials to log-in to Fox Chase Bank's online banking portal you should never receive a "Please Wait" screen. This message is a strong indication that your computer has been infected by malware. While you are "waiting", fraudsters can take over the connection and conduct any transaction that the compromised user is allowed to make. Such malware can also monitor your keystrokes and steal your credentials allowing them access to your online banking accounts. If you do experience a "Please Wait" screen or any other unusual behavior, please contact our ebanking services group immediately at 866-369-2427 x5.
In addition, there is a new spam campaign in which email messages purport to be from the Better Business Bureau. The email states that they have received a complaint about your company and that you can find out additional information by clicking on the link in the email. This is a scam. These links and attachments can contain the malware that is installed on your PC.
If you believe you have been the victim of a fraud attempt or are unsure about the authenticity of any correspondence related to a Fox Chase Bank service please contact us immediately at customercare@foxchasebank.com or call 866-369-2427.
FBI Warns of New Fraud Scam
The Federal Bureau of investigation (FBI) has issued a warning about a new corporate account takeover virus. In a corporate account takeover, cyber thieves gain access to, and control of, business bank accounts by stealing the company's valid on-line credentials and initiating ACH or wire transfers. The new Zeus malware variant now being used, called Gameover, is able to defeat several forms of dual factor authentication, says the FBI. Once the malware is installed on the customers' computers, fraudsters can monitor key strokes and the online banking sites that the infected PC's visit. To help protect you and your business, the FBI suggests you be vigilant of suspicious emails and never click on links or open attachments in emails that are suspicious. These links and attachments contain the malware that is installed on the customers' PC's. Recently, in the case of Gameover attacks, emails purportedly from NACHA (the electronic payments association) contained malicious links. NACHA does not typically send emails directly to consumers or businesses and direct emails from organizations such as NACHA should raise a red flag.
If you believe you have been the victim of a fraud attempt or are unsure about the authenticity of any correspondence related to a Fox Chase Bank service please contact us immediately at customercare@foxchasebank.com or call 866-369-2427.
