• Home
|
• Contact Us

Consumer Protection

Smashing Attack

Recent Computer Fraud

News Articles

Consumer Protection Disclosure

Smishing Attack

We have been notified by two institutions today that they have cardholders that have experienced PIN-based fraud. So far, it looks as though the fraud is a result of “smishing” in which cardholders receive a text message asking them to contact their specific institution and providing them a phone number. When the cardholder calls, they get a welcome message and then they are asked to enter their card number, PIN number and expiration date.
Once the criminals have this information, they can produce counterfeit cards and knowing the PIN number, they can perform ATM withdrawals. $400.00 withdrawals seem to be the criminal preference right now.

The phone numbers involved in the smishing attack are as follows:

888.444.2820
877.286.9280
518.770.7061
904.298.6019
201.254.2160

This is all the information we have at this time, but we wanted to get it out to everyone. Please let your customers know that you, as an institution, would never solicit this type of information and they should never provide anyone their PIN number.

 

Recent Computer Fraud

It seems like everyday we hear about some form of fraud, whether it’s Identity Theft or some sort of Hacker.  Financial institutions continually see the latest attempts and schemes when it comes to IT related fraud.     

The key point that needs to be made before you read any further is that First State Bank and our computer service provider devote countless resources and dollars to protect your information and your identity to the fullest.  We take this matter very seriously, and do everything to ensure appropriate safeguards are in place.       

The purpose of this article is to inform you of the types of things we are seeing in hopes that you will be aware of them in your day-to-day computer, internet, and email activities.  Bank personnel have attended training to be aware of these different scenarios, but you also need to be aware so you can help protect your information.  With Fraud loss in the U.S. over the past few years ranging in the hundreds-of-billions of dollar range, it’s important to always take time to evaluate unusual or unexpected IT activity. Logic and common sense will be your best tools of defense.    

Listed below are some definitions of what we have encountered this year on the computer side. These can all be a result of clicking an advertisement on a web site (coupons for free meals is a common one), opening that enticing attachment in your email or clicking that link to change your password on FaceBook. The slide shows, the spiritual wishes, the movies; the lists goes on and on all have potential of being malicious. We have seen them all.

Adware:  Adware (or spyware) is a small program that is designed to show advertisements (in various form and degrees of intrusiveness) on your computer. It often reports personal information back to its owners. As a result your sense of privacy can be violated.    

Backdoor:  A backdoor is a small malicious program that is used to gain access to a computer by bypassing the computer access security mechanisms. It gives the attacker almost unlimited rights. While it can be used to spy on a user, it is mainly used to install other malware on the system.    

Malware:  A generic name for all types of malicious programs: adware, backdoors, rogues, trojans, viruses and worms.    

Rogue:  A rogue program is a malicious program that is disguised, for instance, as trustworthy anti-spyware programs or registry cleaners. But these programs are only put on the market to scare you into buying these programs because they make exaggerated claims about the safety of your computer or, worse still, give erroneous scan results or put their own malware in your system.  

Trojan:  A trojan (or Trojan horse) is a small malicious program that pretends to have a particular function, but that only shows its real purpose after execution and that purpose is often destructive. Trojans cannot multiply themselves, which differentiates them from viruses and worms.    

Virus:  A virus is a small malicious program that multiplies and is capable to attach itself to other programs after being executed. It then causes an infection and causes various degrees of damage to your computer.    

Worm:  A worm is often characterized as a malicious application that will use a host machine to infect other machines. Therefore worms can create enormous damage on networks with multiple computers.  

Hopefully this information will help you to protect yourself as you continue to enjoy the benefits the internet and email can provide.  Just be aware of these things, keep an eye opened, and let your common sense be your guide.  If you receive anything suspicious, do not open it.  Just delete it.  Another thing you can do is keep your antivirus software updated, as these programs have the tools to clean up and remove many unwanted viruses, etc.

News Articles

Important Information Regarding a Recent "Vishing" Scam

We have received information about a new type of fraud, called “Vishing.” This sort of activity is a form of social engineering over the phone system and/or cellular phone using text messaging in order to manipulate the customer to give access to private personal and financial information. Here is how it works:

1.   The fraudster configures a phone dialer to call phone numbers in a given region or accesses a legitimate voice messaging company with a list of phone numbers stolen from a financial institution.
2.  When the customer answers the call, an automated recording, often generated with a text to speech synthesizer, is played to alert the consumer that their credit card has had fraudulent activity or that their bank account has had unusual activity. The message instructs the consumer to call the following phone number immediately. The same phone number is often shown in the spoofed caller ID and given the same name as the financial company they are pretending to represent.
3.  When the customer calls the number, it is answered by automated instructions to enter their credit card number or bank account number on the key pad.
4.  Once the consumer enters their credit card number or bank account number, the visher has the information necessary to make fraudulent use of the card or to access the account.
5.  The call is often used to harvest additional details such as security PIN, expiration date, date of birth, etc.

First State Bank will never ask our customers for PIN or account number information via the phone, email, or text message. If you have any questions, or believe you have been a victim of this sort of fraud, please contact us.

Important Information Regarding First State Bank's Online Bill Pay

December 18, 2008 - First State Bank received the following notice from iPay Technolgies, our online bill payment provider:

"It was recently announced that Checkfree’s website was compromised two weeks ago.  As a result, Checkfree is attempting to notify the customers of their online bill payment service that their personal computers may have been infected. iPay Technologies has received communications from iPay bank clients whose bill pay subscribers have received emails from Checkfree.  This is likely the result of the individual enrolling for service with a bank or credit union using Checkfree for online bill pay or a direct enrollment through MyCheckfree.com. T he email communication, however, is very vague and does not name the bank by name, but is only signed “Bill Pay Customer Service”.  This has caused confusion for the subscriber who actively uses (iPay bank client's) online bill payment service through iPay."

"Be assured that iPay Technologies takes the security of our systems very seriously.  These email notifications are not coming from iPay, and our systems have not been compromised.  Below is a description of the controls iPay has in place in order to prevent such a compromise. We hope this information reassures you that iPay has your best interests in mind, and we work hard each and every day to insure that your information is secure:

1.  iPay Technologies has completely disabled the ability to make DNS changes over the Internet with our DNS registrar, so any unauthorized Internet based changes cannot occur.   
2.  iPay authorized DNS changes require an out of band dual factor authentication (dual call-in and call-back).  
3.  iPay has an independent 3rd party service test our web pages every 15 minutes 24X7 in an automated fashion and page out to several members of the iPay IT and management team in the case that our pages are not available. 
4.  iPay believes that we have the appropriate safeguards in place to protect the interests of our clients and all stakeholders."

First State Bank reviews information from iPay on a periodic basis to ensure that our customers' information is kept secure. 

Don't Be An Identity Theft Victim This Holiday Season (From the ABA Bank Risk News)

The Identity Theft Resource Center, based in San Diego, offers these tips on how to avoid having your identity stolen:

1. Never carry your Social Security card or its number unless you really need it, such as for a job interview.

2. Watch for the timely arrival of monthly statements, bills and any other item that usually comes in the mail.

3. Mail your bills inside the post office, rather than trying to stuff them in an already full mail box out on the sidewalk.

4. While talking on your cell phone, don’t share your account numbers where other people can hear you.

5. Keep an eye on your credit card at all times -- don’t let a clerk or accomplice distract you while it could be swiped through a second scanner that secretly records your information.

6. Keep track of all credit card receipts and shred any you don’t need.

7. Shred any documents you don’t need that contain bar codes, account numbers or other sensitive data.

Consumer Protection Disclosure

First State Bank is pleased and honored that you have chosen to do business with us. Because of your choice to do business with us, we have a heightened obligation to ensure that the information you provide to us, and the business that you transact with or through us remains private and confidential. First State Bank believes that customer privacy and confidentiality can be strictly maintained even though we must necessarily contract with suppliers and vendors to provide our customers an array of financial products, which they want and need to accomplish their goals. The way we do this is described in this Privacy Statement. If you have any questions regarding this Privacy Statement, please feel free to contact an Officer of First State Bank.

Customer Information

In our normal course of business, we collect, retain, and use information about customers for specific business purposes, and to enable First State Bank to better serve the financial needs of its customers In addition to the information you provide to us, or which becomes known to us through normal financial transactions, we also retain general statistical information form other sources, such as credit reports and public records. In certain instances, we may also obtain information from financial institutions with which a new customer has done business in the past. We use all of this information to protect, maintain, and administer your accounts, records and funds; to comply with the laws and regulations which govern bank operations, and to better understand and server our customers in this community with financial services that are wanted and desired.

Employee Access to Information

As with any business, employees of First State Bank necessarily learn, and have access to information about our customers. Because we value your trust so highly, our employees' access to customer information is authorized for business purposes only, based upon that employee's duties and job description, and upon that employee's need to know such information to competently and thoroughly do their job. We educate our employees, and ask them to maintain a heightened awareness of the importance of confidentiality and privacy. If a customer's confidentiality or privacy is ever breached by an employee, you can be assured that First States Bank will take immediate and appropriate disciplinary measures.

Restriction on Disclosure of Information to Non-Affiliated Parties

We do not reveal customer information about you or your accounts, to any person or party not affiliated with First State Bank, unless:

1. You, the customer, request or authorize.
2. The information is provided to help complete a transaction initiated by our customer.
3. We are legally permitted or required to do so. It is not uncommon for banks to receive subpoenas, garnishment notices, or other judicial orders requiring banks to turn over customer information, and in some instances, funds. We also report information to reputable credit reporting agencies.
4. In the future, if we ever feel that it is necessary or beneficial to share non-public personal information with unassociated parties, in order to provide a product or service to our customers, you will be notified and given the opportunity to "opt-out". If you elect to opt-out, no information about you will be provided to unassociated third parties.

Sharing Information with Service Providers

In order for First State Bank to provide the quality of service that we strive to provide, and to fully and completely serve our customers by providing an array of financial products and services, it is necessary for First State Bank to contract with vendors or suppliers to support our products, services or process documents. We are very selective in choosing these vendors and suppliers. When we enter into contractual relationships with these parties, they are contractually bound and required to adhere to strict standards requiring security and confidentiality of customer information. They are not allowed to release such information, or use any information for their own purposes.

Disclosure of Non-Financial Information

First State Bank will not, under any circumstances, sell the names, addresses or other nonfinancial information about our customers to any third party, nor will First State Bank accept any form of benefit or gain in exchange for disclosing customer names, addresses, or other nonfinancial information to any third party or marketing organization.

Accuracy of Information

If you ever believe that any of our records contain inaccurate or incomplete information about you, we encourage you to immediately contact us at 307-322-5222, in Wheatland, or 307-532-5600, in Torrington. We will immediately investigate your concerns and correct any inaccuracies as quickly as possible.

About Children's Online Privacy

The Children's Online Privacy Protection Act(COPPA) was passed to give parents increased control over what information is collected from their children online and how such information is used. The law applies to websites and services directed to, and which knowingly collect information from, children under the age of 13. Cornhusker Bank's websites and online services are not directed to children under the age of 13, nor is information knowingly collected from them. For additional information on COPPA protections, visit the Federal Trade Commission's website at www.ftc.gov/privacy/privacyinitiatives/childrens. For further information, the Federal Government has created a Web site, Kidz Privacy, aimed at educating both parents and children about the dangers of the Internet and how to browse safely.