Bad Guys Use Text Messaging to Attack Bank Accounts
Posted 9/14/2009
In today’s world of technology it seems that new terms are created everyday to describe the latest electronic criminal activity. Today is no different. A new form of attack that has come to be known as “SMiShing” (because it uses SMS text messaging) has emerged, and community banks and credit unions are the prime targets. Below is a description of a typical “SMiShing” attack. Please keep in mind that Branson Bank will NOT notify you of a suspicious ATM, Debit, or Credit Card activity via text messaging. If you receive an automated text message purporting to be from Branson Bank, requesting that you call a number, do not call the number in the text message. Instead, please call the main Branson Bank number, 417-334-9696, and ask for Operations in order to notify us of the event.
Here is an example of a currently common “SMiShing” attack:
________________________________________________________________________
"Notice - this is an automated message from (your bank), your ATM card has been suspended. To reactivate call urgent at 866-###-####."
In many cases, the SMiShing message will show that it came from "5000" instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, and not sent from another cell phone.
This information is then used to duplicate credit/debit/ATM cards. The system could also be used to direct your call to an official sounding electronic telephone system where you are asked to enter your account numbers, or even usernames and passwords to online banking.
________________________________________________________________________
Please know that the security of your information is always number one on our priority list. We will continue to do our best to help customers stay abreast of best practice measures for keeping their information secure as we continue to offer new and exciting products that move into new areas of accessibility and convenience for our customers. Your best defense is staying informed.
Sincerely,
Your Branson Bank Team
Keep Your Banking Website Login Information Safe
From The Newest Attack
Hackers have found a new way to obtain customer's banking website log in information. The new hack is especially wicked because it doesn't matter if you have security software or not. Antivirus software cannot stop this from happening. Here is the deal:
A customer may visit their banking website and log in and do their business as usual. After they are done, they may continue to browse. If they land on a hacked website, the website sends a message to the people who wrote the malicious code. The user's temporary internet files folder is examined and if a recent banking website login is found, a pop-up appears that looks as though it is from your bank indicating that your session has expired and re-authentication is required. Many banks actually do request reauthentication once a login has expired, so this appears very legitimate. Once the customer "re-authenticates" his login info is passed directly to the hackers and the account is compromised.
There are a couple of ways to help protect yourself from this attack.
1. The Best Way -DO NOT reauthenticate to the banking website via any pop-up, even if you think it may be a legitimate request. Instead, close your browser and return the bank website and log back in from their main website.
2. When leaving your banking website, be certain to click Log Off instead of simply X-ing out of your browser. This closes the session.
3. When you are doing banking online, have only one browser window or tab open at a time. When you are finished, log off of your banking website, and close the browser. You can open a new browser window if you plan to do any further web browsing.
Remember, anti-virus software cannot stop this attack, because no malicious program is ever loaded onto your computer. The malicious software is actually located on the remote website. Please keep this in mind when using online banking, and help educate others about the issue.
New Virus Alert! More Info
Fraudulent Cashier's Checks
Branson Bank has become aware of a Mystery Shopper scam distributing fraudulent cashier's checks purported to be from Branson Bank. We are not taking part in any such program and these checks ARE NOT valid checks issued by Branson Bank.
The fraudulent cashier's checks, thus far, have been identified in the amount of $4998.00, with the Branson Bank logo in the upper left-hand corner.
We are requesting that you contact your State Attorney General's Office and the US Postal Inspector to report if you have received any of these checks.
Phishing Scams More Info
Customer Fraud Notification
Branson Bank has become aware of several unauthorized debit card transactions impacting local area residents. It is the policy of Branson Bank to move quickly to properly protect our customers from these incidents.
Branson Bank’s network and systems are monitored continuously and have in no way been compromised. Rather, this fraudulent activity is believed to be originating from the debit card transaction processing company of certain area businesses.
In an effort to decrease the potential for debit card fraud encountered by our customers, we will be temporarily lowering customer signature based and non-PIN transaction daily limits to $400 (previously $1,000). ATM cash withdrawal limits will remain at $500 per day.
We are also implementing a new debit card monitoring and tracking system at this time. This new system will identify unusual transactions and notify customers for verification. If the activity is not authorized, the transactions will be blocked.
As always, we ask that you regularly monitor all of your accounts and notify the bank promptly if anything unusual if noticed. This can be done easily via your Freedom online banking account as well as Branson Bank’s telephone banking system.
To protect against unauthorized use of your debit card during online transactions, we're urging our customers to sign up for MasterCard® SecureCode.
Please do not hesitate to contact us with any questions at (417) 334-9696.
Additional Information:
What change is occurring to Branson Bank Debit Cards and why?
Due to actual and potential debit card fraud, Branson Bank is taking immediate steps to help customers and the bank to decrease fraudulent transactions. System wide maintenance will be occurring on all active Branson Bank debit cards to reflect the changes in the signature based authorization level.
What are the transactions levels being reduced to?
New daily transaction levels will be limited to $400 per day which is a decrease from $1,000 previously. ATM limits of $500 will remain the same. Should temporary increases be needed, please contact Branson Bank and a temporary increase can be granted.
Is this change temporary or permanent?
The reduction in transaction limits is expected to be temporary at this time. When the bank believes that the excessive fraud risk has subsided, additional new limits will be considered.
Can a change be completed without prior regulatory notice to the customer?
Typically, any change for consumer accounts require a 30-day prior notice, but due to the unique situation with actual and potential fraudulent check card transactions occurring, the FDIC and Missouri Division of Finance have provided guidance on how to proceed. Due to the excessive amount of fraudulent activity the regulators have granted that the changes be implemented immediately without 30 day prior notification.
I have additional questions, who should I contact?
Any additional questions can be directed to customer support representatives at any of our locations. Please feel free to contact us at (417)334-9696. Reference Debit Cards and your call will be routed properly.
As always, we at Branson Bank are committed to providing our customers the best support and service possible. Thank you for choosing Branson Bank!
An Equal Housing Lender. Member FDIC.