Staying Safe Online
Avoiding online financial fraud
In recent weeks, customers have reported receiving an increasing number of fraudulent emails purporting to be from legitimate government agencies and credible institutions or companies with which they may do business. The perpetrators use these emails to attempt to obtain personal or financial information by appearing to be from a legitimate source. The emails often describe an urgent reason that you must verify or re-submit personal or confidential information by responding in electronic format via a link provided in the email.
To protect against these scams, often called "phishing," we suggest that you take the following precautions.
1. Keep your computer operating system up-to-date.
2. Install anti-virus software and anti-spyware software. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software can help protect you from inadvertently accepting such unwanted files.
3. Install a firewall on your computer. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It is especially important to run a firewall if you have a broadband connection.
4. Do not reply if you get an email or pop-up mesage that asks for personal or financial information. Legimiate companies and govenment agencies do not ask for this information via email. Always beware of any message that asks for your personal information or messages that refer you to a web page asking for these details.
- Never enter your password after following a link in an email that you don't trust. It is always better to go directly to the site using a trusted bookmark.
- Never send your password via email.
- Only sign into your account when you are 100% certain you are on the real site.
5. Be cautious about opening attachments or downloading files from unfamiliar sources. These files can contain viruses or other software that can weaken your computer's security.
6. Report to Grandpoint any suspicious emails you receive that request your financial information.
Sources: Federal Trade Commission, Google
"Deter-Detect-Defend: Avoid ID Theft"
Federal Trade Commission brochure with tips to avoid having your personal information stolen by identity thieves View
Current "Phishing" Email Scams
- Federal Deposit Insurance Corporation
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent emails that have the appearance of being sent from the Publishers Clearing House that make reference to the FDIC. The emails inform the recipient that he or she is the winner of a large cash prize and instructs them to obtain a "Check Insurance Certificate from FDIC." The emails state the FDIC will be "requesting a fee of $1,000.000" to provide the "Check Insurance Certificate." The emails state that the recipient is to write to the FDIC via email for instructions on how to send the requested fee. A fraudulent phone number and email are provided. The FDIC does not issue anything called a "Check Insurance Certificate." These emails are fraudulent.
- FedEx Invoice Phishing Scam
This is an email phishing scam that appears to be a FedEx invoice. The following subject lines may appear in the email: FEDEX Invoice Order ####; FEDEX Shipment Status NR####; You need to get a parcel Order ####; Undeliverable: Your package is available for pickup; Your package is available for pickup; FW: You need to get a parcel Order ####; Delivery Error NR-####; FEDEX Tracking Order NR-####; FEDEX Invoice copy NR-####. The email includes a bogus .ZIP attachment intended to encourage the user to open the attachment.
- "eNFACT Case #xxxx"
This is an email phishing scam that appears as a notification of fraudulent ATM and debit card transactions. The email includes a fraudulent link that encourages the recipient to attempt to login and/or reset their credentials which allows the perpetrator to obtain password information and possibly deploy malware. This scam has occurred nationwide, Here is an example of the email text: "To protect your account, we monitor your ATM and debit card transactions for potentially fraudulent activity which may include a sudden change in locale (such as when a U.S.-issued card is used unexpectedly overseas), a sudden string of costly purchases, or any pattern associated with new fraud trends around the world. An eNFACT Case was generated for the cardholder below."
- Federal Deposit Insurance Corporation (FDIC)
The Federal Deposit Insurance Corporation has received numerous reports of a fraudulent email that has the appearance of being sent from the FDIC. The emails appear to be sent from various "@fdic.gov" email addresses, such as insurance@fdic.gov, subscriptions@fdic.gov, alert@fdic.gov, or accounts@fdic.gov." The subject lines include "FDIC: Your business acount," "FDIC: About your business acount," and "Insurance coverage of your business account." The emails are addressed to "Dear Business Owner," and state, "We have important news regarding your bank." They then ask recipients to "Please click here to find details." They conclude with, "This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership." This email and link are fraudulent.
- Electronic Payments Association
The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA claiming to be from the "Electronic Payments Association." In one example received by a Grandpoint client, the email states that, "The ACH transaction recently sent from your checking account (by you or any other person), was rejected by the other financial institution." The email includes a link to a "Transaction Report." Clicking the link would likely deposit malware on the recipient's computer. NACHA does not process or touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.
- Internal Revenue Service
Several customers have recently received emails purportedly from the IRS ("irs.gov") claiming that the recipient's recently deposited tax payment had been rejected and instructing the recipient to click on a link for more details. Clicking the link deposited Trojan malware software on the recipient's computer.
- Federal Deposit Insurance Corporation (FDIC)
The FDIC is warning consumers, businesses and financial institutions to be aware of fraudulent emails allegedly from the Federal Reserve Bank. The fraudulent emails claim that a phishing attack has affected the Fedwire system and that restrictions are in place. The emails further instruct recipients to click on links within the email for additional information. The fraudulent emails have included these names in the "From" line: "Bank System Administration," "System Administration" and "Federal Reserve Bank."
- Federal Deposit Insurance Corporation (FDIC)
The FDIC has received numerous reports of fraudulent email that has the appearance of being sent from the FDIC. The email appears to be sent from a "Fdic.gov Alert Service [mailto:subscriptions@fdic.gov]" email address and has a subject line that reads, "SA-28-2011: Counterfeit Cashier's Checks Alert." The email attempts to trick recipients into clicking on a link directing recipients to a fraudulent website.
- Federal Reserve Bank of New York
The Federal Reserve Bank of New York is aware of continuous scams that use fictitious email and web addresses purporting to be official Federal Reserve addresses. Emails are sent to individuals regarding fictitious lottery winnings, bogus bank accounts and/or collateral that are claimed to be at the Federal Reserve Bank of New York.
