CLEAR SKY ACCOUNTS: Brought to you by Chesapeake Bank Chesapeake Bank

Home

Login

Apply

Checking

Savings

CDs

CDs

Security Center

FAQ

e-Tools

Resources

Contact

Security Center

Alerts

 

Security Center Alert: We are distributing this because we have received multi...Tuesday December 20, 2011Security Center Alert:
We are distributing this because we have received multiple reports of people receiving emails claiming to be from NACHA and/or the IRS at work and at home.
Please remember that:
• NACHA will not email you requesting you click a link or submit any personal information
• The IRS will not email you requesting you click a link or submit any personal information
• Christmas is a great time of year for scam emails showing Ebay, retailers, banks, and PARTICULARLY “e-cards”. If you don’t know who it’s from, delete it! Even known senders could have had their computers compromised.
So Merry Christmas and be careful of holiday (and other) scams!

 

Security Center Alert: ALERT: Scam Email Claims It’s from BBB 11/23/2011 Bette...Tuesday November 29, 2011Security Center Alert: ALERT: Scam Email Claims It’s from BBB
11/23/2011
Better Business Bureau is issuing an urgent SCAM alert cautioning businesses and consumers about an email that is purporting to be from a bbb.org email address about a recently filed complaint. The email contains a dangerous attachment regarding a complaint and appears to direct recipients to the BBB website. This is a scam - BBB does not send complaints as attachments via email.
The email appears to come from a fake BBB employee claiming that the recipient needs to review this matter and advise the BBB of their position. From there, the email appears to direct the recipient to the BBB website, but actually directs them to an outside link. This email is fraudulent and does not originate from BBB. The email attachment and link are malicious and we are strongly advising to not open or click them.
Should you receive such an email, please disregard its message, and report any information received to BBB’s Scam Source, and then delete it. If you have clicked on the link, immediately do a virus scan.
BBB is NOT sending the email!
11/21/2011
BBB of Utah is warning businesses and consumers regarding an email which is made to appear as if it was sent by BBB of Utah. This email contains an attachment regarding a complaint. The email is a fake. Please do not open any attachments and disregard this email. The email is fraudulent and does not originate from BBB. The email attachment may contain malicious content and should be deleted from your computer immediately. Please note that BBB does not send complaints as attachments via email and strongly advises you to be careful when opening attachments even if you know the sender. The BBB is working diligently to shutdown the malicious activity and will continue to do so until the threat is contained.
The Better Business Bureau of Utah is a 501 (c)(6) not-for-profit corporation serving the entire state of Utah. The organization is funded primarily by membership dues from more than 2,800 local business and professional firms. The BBB promotes integrity, consumer confidence and business ethics through business self-regulation in the local marketplace. Services provided by the BBB include reliability reports on companies and charitable organizations, general monitoring of advertising in the marketplace, dispute resolution services, and consumer/business education programs. All services are provided at no cost to the public, with the occasional exception of arbitration. Visit www.utah.bbb.org or call 801-892-6009.

Utah BBB Home - Consumer and Business Reviews, Reports, Ratings, Complaints and Accredited Business.
utah.bbb.org
Utah BBB Home - Consumer and Business Reviews, Reports, Ratings, Complaints and Accredited Business - Utah BBB

 

Friday September 2, 2011
Security Center Alert - Fraudulent FDIC emails
FDIC Issues Special Alert on Fraudulent E-Mails With Infected Attachment The FDIC yesterday issued a special alert on fraudulent e-mails that appear to be sent from the agency and contain an infected attachment...

 

Friday September 2, 2011
Security Center Alert - Phishing Schemes
As summer draws to a close, banking institutions and their customers face a new wave of targeted phishing attacks - and industry experts predict these incidents will only increase in the months ahead...

July 14, 2011

Reports of Fraudulent Fedwire E-Mail Messages

Some consumers have reported receiving fraudulent e-mail messages from the Federal Reserve Wire Network that reference a wire transaction and instruct the recipient to click on a link beginning with federalreserve.gov. These e-mails were not sent by the Federal Reserve Banks. The Federal Reserve Banks deliver payment status information to our financial institution customers via our trusted channels, and do not communicate this information directly to consumers. Financial institutions are advised to follow information security best practices, and to advise their customers not to click on the links contained in these types of e-mails and to delete them immediately.

 

June 23, 2011

Beware of e-Mail Scams about Electronic Federal Tax Payments

The IRS does not send unsolicited e-mail to taxpayers either about their tax accounts or requesting sensitive personal and financial information.

Nevertheless, taxpayers do receive e-mails claiming to come from the IRS, sometimes containing a real or made-up employee name, address and similar information to make an e-mail seem credible.

These e-mails usually are scams whose purpose is to obtain personal and financial information — such as name, Social Security number, bank account and credit card or even PIN numbers — from taxpayers which can be used by the scammers to commit identity theft. Identity thieves use the data to empty the victim’s financial accounts, run up charges on the victim’s existing credit cards, apply for new loans, credit cards, services or benefits in the victim’s name, file fraudulent tax returns and more.

Typically, IRS-impersonation scam e-mails state that the IRS needs certain personal and financial information to process a tax return, tax payment or refund. They may claim the e-mail recipient is being audited. They may mention specific monetary amounts or genuine programs, such as the Electronic Federal Tax Payment System (EFTPS), to add credible detail to the scam. The e-mails often contain links or attachments to what appears to be the IRS web site or an IRS form. However genuine in appearance, these phonies are designed to elicit the information the scammers are looking for.

Alternatively, a link in a scam e-mail may download malicious software onto the taxpayer's computer when clicked. The software is often designed to search out and send back to the scammer personal and financial information contained on the taxpayer's computer or obtained through keystrokes that the scammer can use to commit identity theft.

Unsolicited e-mails claiming to be from the IRS or an IRS-related component, such as EFTPS , should be reported to phishing@irs.gov.

For more information on consumer scams, see Protect Your Personal Information and Suspicious e-Mails and Identity Theft.

 

June 6, 2011

Phishing Scheme Uses FDIC

The Federal Deposit Insurance Corp. has received numerous reports from business owners about fraudulent e-mails that purport to be from the FDIC. The e-mail appears to be sent from alert@fdic.gov and includes the subject line: FDIC: Your business account.

According to the FDIC, the e-mail, addressed to "Business Owners," reads: "We have important information about your bank. Please click here to see information. ... This includes information on the acquiring bank [if applicable], how your accounts and loans are affected and how vendors can file claims against the receivership."

The FDIC is quick to point out that it does not issue unsolicited e-mails to consumers or business accountholders. But the scheme is yet another example of how phishers are perfecting their techniques, by taking advantage of trusted sources such as the FDIC, and preying on the fears of business owners during a time of continual bank failures and ACH/wire fraud incidents. [See China Wire Fraud: Warning to Banks].

In March, fraudsters even used NACHA - The Electronic Payments Authority to veil phishing e-mails to consumers. George Tubin, a fraud analyst at TowerGroup, said the NACHA scheme did not make much sense, since most consumers don't know what NACHA is, but the scheme must have been relatively fruitful, he says. "This has been going on for a while." NACHA first reported suspicious e-mail activity connected with its name last July.

It's also not the first time the FDIC has been used as the guise for a socially engineered attack. Last September, a phone-based vishing attack hit consumers, claiming to be from the FDIC. During that scheme, vishers told consumers they were delinquent in loan payments that had been applied for over the Internet or made through a payday lender. The loans may or may have not even existed, giving the vishers opportunity to collect personal information to confirm the authenticity of the loans. Recipients of the calls said the vishers requested everything from Social Security numbers to dates of birth.

May 4, 2011

Be Alert When Checking News About Osama Bin Laden

A quick note to keep up with current events. Every person on the planet (ok not everyone but I bet the number is more than 90%) wants to see the infamous pictures of Osama bin Laden in deceased status. Hackers know this and are already embedding exploits on the Web to take advantage of those unsuspecting, click-happy browsers (especially on Facebook). They couldn't even wait for the official pictures to be released, they are using known fake images, but that's not going to stop the casual browser for clicking the link.

Once the official pictures are released, those bad apples will undoubtedly update their exploits to use the real images. If you really want to see the pictures, make sure you do it from an official site (e.g., CNN, Fox, Drudge, MSNBC, etc.), don't click on banners or ads or pop-ups offering up the shocking video or pictures.

Here's a site that details out some of the examples of the exploit here: http://nakedsecurity.sophos.com/2011/05/02/osama-bin-laden-death-video-scam-spreads-virally-on-facebook/.

These are only a few examples and you can be certain there are many more. There will likely be thousands of variants out there in the coming days, weeks, and months. Be advised.

Official government site discussing the phishing attack warning http://www.us-cert.gov/current/#osama_bin_laden_s_death

April 19, 2011

NACHA PHISHING ALERT - EMAIL CLAIMING TO BE FROM NACHA
NACHA – The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA and signed by a non-existent NACHA employee. Specifically, this email claims to be from the "Electronic Payments Association" and appears to be coming from the email address "payments@nacha.org." See a sample of the email below.

Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.

NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.

If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.

Always use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software applications security patches are installed and current.
Additional information and guidance on phishing is available from the Federal Deposit Insurance Corporation (FDIC).
Be alert for different variations of fraudulent emails.

= = = = = Sample Email = = = = = =
From:payments@nacha.org [mailto:payments@nacha.org]
Sent: Tuesday, February 22, 2011 7:32 AM
To: Doe, John
Subject: ACH transaction rejected

The ACH transaction, recently sent from your checking account (by you or any other person), was cancelled by the Electronic Payments Association.

Please click here to view report
Otto Tobin,
Risk Manager

= = = = = = = = = = = =

March 28, 2011

Reports of Fraudulent Fedwire E-mail Messages
Some consumers have reported receiving fraudulent e-mail messages from the "Federal Reserve Wire Network" that reference a wire transaction and instruct the recipient to click on a link beginning with "federalreserve.gov." These e-mails were not sent by the Federal Reserve Banks. The Federal Reserve Banks deliver payment status information to our financial institution customers via our trusted channels, and do not communicate this information directly to consumers. Financial institutions are advised to follow information security best practices, and to advise their customers not to click on the links contained in these types of e-mails and to delete them immediately.

January 12, 2011

Summary: E-mails fraudulently claiming to be from the FDIC are attempting to get recipients to click on a link, which may ask them to provide sensitive personal information. These e-mails falsely indicate that FDIC deposit insurance is suspended until the requested customer information is provided.

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that "in cooperation with the Department of Homeland Security, federal, state and local governments…" the FDIC has withdrawn deposit insurance from the recipient's account "due to account activity that violates the Patriot Act." It further states deposit insurance will remain suspended until identity and account information can be verified using a system called "IDVerify." If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient's computer.

This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.

The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

For your reference, FDIC Special Alerts may be accessed from the FDIC's Web site at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

October 5, 2010

Notice the Green address bar at the top of your login window! This is an added security measure put in place to protect your online banking activity. This signifies that your Online Banking is using an EV SSL Certificate, a proven defense mechanism against phishing scams. You may find out more info by contacting Chesapeake Bank at 877-436-9032 or by clicking here.

July 23, 2010

NACHA Phishing Alert: Email claiming to be from NACHA reported
 
NACHA – The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent e-mail that has the appearance of having been sent from NACHA.
The subject line of the e-mail states: “Unauthorized ACH Transaction.” The e-mail includes a link that redirects the individual to a fake Web page and contains a link which is almost certainly an executable virus with malware. Do not click on the link. Both the e-mail and the related website are fraudulent.  
Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.  
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.  
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated.  
Ensure that the computer operating systems and common software applications security patches are installed and current.  
Be alert for different variations of fraudulent e-mails.

June 8, 2010

Account Scam

We have received several reports regarding fraudulent calls to our customers.  The call was from an automated system asking to re-activate your ATM/Debit Card and asking for an account number.  Chesapeake Bank would not use an automated system to call our customers.  We would not call our customers and ask them for their information.

If you have given someone your account information over the phone, please call us immediately at 877-257-7594.

May 12, 2010

Mail Forwarding Scam

Having mail stolen from your mailbox is among everyone’s greatest fears. It can leave one feeling completely violated and vulnerable. A recent article on the KRQE.com website highlights the fact that identity thieves are becoming environmentally and economically conscientious. Instead of wasting gas by making a trip to yours and others mailboxes, they simply have the postal service deliver your mail directly to them.
How It Works:

You may receive a notice from the U.S. Postal Service informing you that your mail is about to be forwarded to another location. The problem is that it wasn’t you that requested the forwarding change of address.

Identity thieves in New Mexico are now scanning residential phone books and choosing several random names and addresses. With this information, an identity thief will fill out a change of address form, just like the ones an individual who has moved would submit. If the attempt to forward your mail is successful, your mail will be directed to a new postal address, often out-of-state. Once the address has been successfully changed, fake documents such as driver’s licenses can be obtained, credit card information stolen, and other personally identifiable information gleaned. Often times this information is sold to illegal immigrants in attempts to establish legal residency and obtain jobs.
Your Defense:

When a Forwarding Change of Address Order Form is submitted, the U.S. Postal Service will send a confirmation notice informing you that your mail is about to be forwarded to your new address. If you receive one of these notices and did not request the change of address, contact your local U.S. Postal Service office immediately and notify them that the forwarding address in question is not yours, and that they should put a halt to the forwarding of any of your mail. Also, you should contact all companies that send regular scheduled bills or statements (e.g. banks/credit unions, credit card, auto loan, utility, phone, etc.). And of course, you should contact the local police and file a police report.

You will have 7 – 10 days from the time the change of address form was submitted before the forwarding takes effect. The quicker you act, the safer your mail will be.

Read more on the U.S. Postal Service Change of Address Frequently Asked Questions.

If you believe your identity has been stolen, call 866.SMART68 today.

 


 

 

Click here to view archived fraud alerts
Member FDIC    © 2011, Chesapeake Bank. All rights reserved.     CLICK HERE FOR NEW FDIC RULES