All business banking customers should be aware that there is a concerted effort by cyber criminals to gain unauthorized access to your business accounts. This is done using Malware (i.e Spyware, Key Loggers, Trojan, Virus) illegally installed on your company’s computer system. This is done in a number of ways the most prominent of which is through fraudulent email (see FDIC warnings below) that directs you to a website that will install malicious software (Malware) onto your computer. This malicious software will then steal your user id, password and security questions. The fraudster then uses the stolen account access credentials to request fraudulent funds transfer transactions.
It is very important that your IT department or IT service provider maintain your business banking computers with up to date security to include:
- Latest Microsoft Security Patches
- Up to date Malware Detection Software (Virus, Spyware, etc)
- Latest Adobe Software Security Updates
It is also recommended that you specify a specific computer for your online banking that is well protected and not used for general internet activity. Furthermore your company may want to investigate the use of the following security software which has been gaining significant nationwide usage for online banking security. Bancorp Bank is not affiliated with this company nor has any business interest.
Recent FDIC & NACHA Notices:
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC. The FDIC does not issue unsolicited e-mails to consumers or business account holders.
The e-mails appear to be sent from various "@fdic.gov" e-mail addresses, such as "email@example.com," "firstname.lastname@example.org," "email@example.com," or firstname.lastname@example.org.
The e-mails have subject lines, such as: "FDIC: Your business account;" "FDIC: About your business account;" "Insurance coverage of your business account;" or something similar.
The e-mails are addressed to "Dear Business Owner," and state, "We have important news regarding your bank." They then ask recipients to "Please click here to find details." They conclude with, "This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership."
This e-mail and link are fraudulent. Recipients the intent of this e-mail is an attempt to collect confidential information and to load malicious software onto your business computers. You should not click on the link provided.
Federal Deposit Insurance Corporation (FDIC) has also received numerous reports of a fraudulent e-mail that appears to be sent from "email@example.com" and have subject line that reads: "Changes in FDIC security requirements."
The e-mails are addressed to "Dear Client," and state, "Your account ACH and Wire transactions have been temporarily suspended for your Security, due to the expiration of your security version. To download and install the newest Updates, follow this link security." A hyperlink is then provided. They conclude with, "As soon as it is set up, your transaction abilities will be fully restored. Best regards, Online security department, Federal Deposit Insurance Corporation"
The following address is provided at the bottom of the message:
"FDIC Public Information Center
3501 North Fairfax Drive, Room E-1002.Section 515. Arlington, VA 22226
Fax Number: (703) 562-2296 Email Address: firstname.lastname@example.org"
This e-mail and link are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should not click on the link provided.
Fraudulent Emails Appearing to Come from NACHA:
- NACHA does not send communications of any type to persons or organizations about individual ACH transactions that they originate or receive. If you or your customer has received a communication of this nature that purports to come from NACHA, it is fraudulent.
- NACHA does not process nor otherwise touch the ACH transactions that flow via the ACH Network nor between financial institutions and their customers.
- NACHA is the industry trade association that manages the development, administration, and governance of the ACH Network, the backbone for the electronic movement of money and data.
- The ACH Network serves as a safe, secure, reliable network for direct consumer, business, and government payments, and annually facilitates billions of payments such as Direct Deposit and Direct Payment.
- These incidents are occurring with greater frequency and increased sophistication. Perpetrators are conducting similar phishing attacks in which they are sending fraudulent emails that claim to be from the Federal Reserve Bank, IRS, other federal agencies, as well as commercial financial institutions, other payment organizations, technology companies, and businesses.