Keeping your assets and information safe is First American Bank’s #1 priority.
Providing peace of mind for your financial activities is top of the list as well. Dedicated to providing the highest level of security available, we instill cutting edge security precautions in every aspect of your banking experience. We also offer resources to help you manage your identity protection.
Core elements of our information security program include: eStatementssm, MasterCard SecureCode®, out-of-norm debit card transaction verification, multifactor authentication, highest level of encryption (128-bit), privacy practices and fraud alerts.
Knowledge is protection. First American Bank is resolved to helping you combat fraud by raising awareness and sharing best practices. Below you will find summaries of on-going fraud schemes along with tips and recommendations.
Fraudulent Text Messages
Debit Card Scam
Fraudulent SBA Loan Assistance Offers
Visa/MasterCard Telephone Scam
ABA alert: Malware and Money Mule Scheme
Fraudulent Letter - Fake Check Scam
Fake Check Scams
Social Networking and Identity Theft
Grandparent ("Emergency") Scam
In-Session Phishing Scam
Fake Want Ads Use ABA Name in Phishing Scam
Bank Failures - Merger Scams
Fake Error Message Scam
Card Deactivation Scams
Mortgage Foreclosure Rescue Scams
Commercial Account Scams
Clients may be receiving text messages which warn that their card/account has been blocked and request they click on a web link. The link opens up a webpage that asks for the client's mobile banking username and password. The text and the website may look legitimate, but they are not. This is a fraudulent text message attempting to compromise your online user credentials and/or gain access to other identifiable information. If you receive this unsolicited text message, do not reply or click on the web link and delete immediately.
If you did click on the link and enter your information, please let us know IMMEDIATELY so we can prevent any risk to your account and or debit card.
First American Bank will never send you unsolicited text messages or ask for personal information via text or email. If you are concerned about the safety of your accounts or clicked on the link in the text message, please contact your local branch immediately. To locate a phone number, click the LOCATIONS link at the top of our home page.
You can protect your accounts from this phishing scam and other types of fraud by enrolling in Shazam Bolt$, a free service offered by First American Bank through Shazam. Shazam Bolt$ allows you to establish settings for potential fraudulent activity and alerts you when those events occur. You can set this up on your PC by visiting https://bolts.shazam.net/ or on your mobile device by downloading the app from the Apple Apps store or Google Play store. If you need help, contact your branch banker.
Follow these tips to avoid becoming a victim of cyber fraud:
-As always, we recommend that you review your statements frequently for any potentially fraudulent transactions.
A major online security vulnerability known as “Heartbleed” has opened up a window to let attackers steal information such as user names, passwords and the private keys sites use to encrypt and decrypt sensitive data.
First American Bank has tested its systems and determined that its web site, online and mobile banking applications are not vulnerable to the so-called “Heartbleed” attack. Customers’ personal and financial information are secure on First American Bank’s systems.
First American Bank must also caution customers that while our systems are secure, they need to take necessary precautions with their own personal computers and mobile devices to avoid potential attacks. An individual personal computer could become infected with a virus that compromises the transfer of confidential information.
First American Bank takes the security of its customers’ information very seriously and constantly monitors its systems for potential vulnerabilities. We actively maintain security programs that meet or exceed regulatory requirements and industry standards to ensure the protection of our web sites and applications as well as our customers’ information.
While there’s no indication of compromise, changing your password is advised when there is a known vulnerability of this type, impacting so many services across the internet. We recommend that our customers periodically change their passwords and use a unique password for each site.
Many First American Bank customers have reported receiving automated phone calls informing them that their debit or credit card may be blocked, locked, held or compromised. The message asks them to press 1 and then provide their entire 16-digit card number.
IMPORTANT NOTE: First American Bank will never call asking for your debit or credit card number or any other sensitive information associated with your card. Our card partner, Shazam, who monitors card transactions for fraud on our behalf, may call you but will only request verification of specific transactions. They will never ask for sensitive information or card numbers.
If you have a concern about this or you believe you may have erroneously disclosed personal financial details, please contact your First American Bank branch immediately. To locate a phone number, click the LOCATIONS link at the top of our home page.
You can protect your accounts from this phishing scam and other types of fraud by enrolling in Shazam Bolt$, a free service offered by First American Bank through Shazam. Shazam Bolt$ allows you to establish settings for potential fraudulent activity and alerts you when those events occur. You can set this up on your PC by visiting https://bolts.shazam.net/ShazamWebPortal/index.php or on your mobile device by downloading the app from the Apple Apps store or Google Play store. If you need help, contact your branch banker.
Criminals have launched a major email campaign to spread the infamous ZeuS Trojan email, which will send spam messages disguised as fraud alerts from the Internal Revenue Service (IRS). The subject line of the fraudulent IRS email may include the verbiage, "Notice of Underreported Income". It will encourage recipient's to click on hyperlink's--possibly to "review your tax statement."
The fraudsters are also utilizing Twitter account hijack warnings, or lewd Youtube videos to entrap unwary users.
Tips: Do not open emails from sources you do not know; do not click on links.
Many of our customers are receiving automated phone calls warning them their debit card may be shut off if they do not provide their number to the caller to enable more investigation. In one variation, a debit card breach was mentioned.
Important note: First American Bank will never call asking for debit card numbers or other sensitive information associated with your debit card.
Tips: Anyone who is concerned that they have erroneously disclosed their personal financial details should contact their bank immediately.
The U.S. Small Business Administration (SBA) cautions small businesses to be wary of firms contacting them with offers of help in obtaining a loan, grant, or other federal funds from SBA. Complaints lodged regarding scams, abusive marketing practices and exorbitant fees include:
Tips: Small businesses can receive free assistance in person, by calling one of SBA's district office, or via their website: www.SBA.gov. They can also request free or reasonably priced help from Small Business Development Centers, Women's Business Centers, Veterans Business Outreach Centers and SCORE Chapters. Go to the SBA website for location and contact information for these resources.
If you do select a for-profit service provider, ask for references and check them out with trusted colleagues or resources such as the Better Business Bureau. Clearly understand and document the fee and when it will be levied, your responsibilities and the services you will receive.
The SBA Office of the Inspector General will investigate all complaints received. Anyone with knowledge of a misrepresentation regarding SBA programs is encouraged to contact them via their toll-free hotline at 1-800-767-0385 or submit an onlne report by going to their website and clicking the link for "report fraud waste or abuse".
Back to Top
In this telephone scam currently sweeping the Midwest, fraudsters try to get you to divulge your secure credit card information. The typical scam works like this:
A very professional-sounding individual calls, offers their name and badge number etc. and claims to be from the security department of your credit card company. Your card has been "flagged for an unusual purchase pattern"; you are asked to verify you made a purchase for "$000.00" at "XYZ" company. When you say, "no" you did not make that purchase, they may confide they have been watching this company — but they will take immediate steps to ensure you are credited this amount before your next statement. You may even be given a confirmation number to use when calling to check the status of this fraud claim.
Making it an even more believable scenario, the caller has your address, which you are asked to verify. You are not asked for the number on the front of your card, in fact the crook may read that off to you as well, furthering the belief you are dealing with a legitimate Visa or MasterCard staff member.
In this fraud, the target data is the three digit security code (CVC2 or CVV2 codes) found on the back of your card. After getting their hands on credit card numbers (often through dumpster-diving for discarded receipts or statements) all the identity thieves need to charge purchases to your account via the telephone or Internet is this last piece of information.
This scam is not new — it's been exploited since MasterCard started putting CVC2 security codes on its cards in 1997 (Visa started using CVV2 codes in 2001). Both companies strongly stress they will not ask a cardholder to disclose security codes or provide any information verifying physical possession of a card.
Tips: If you are asked to provide any number information, hang up and call the telephone number on the back or your credit card — or call your banker for assistance.
Important note: This credit card scam is different from the First American Bank practice of protecting you from unauthorized use of your ATM/debit card. When we authorize you to be contacted by a fraud specialist after a possibly suspicious transaction, they will simply ask you to verify a specific recent purchase. Learn more.
The American Bankers Association warns of an increase in fraudulent schemes involving malware attached to victims' computers, along with the recruitment of individuals to receive and transmit unauthorized funds.
How the scam works.
The scam attacks two different victims:
Money mule schemes can take many different forms, but most involve receiving unauthorized EFTs into a deposit account and then withdrawing the funds or forwarding them to another party via another EFT. Because EFTs are often made immediately available by the receiving institution, funds may be removed and wire transferred overseas before the fraud is detected.
How can you avoid becoming involved in these scams?
Tips: Anyone who is concerned that they have erroneously disclosed their personal financial details or has received funds into their accounts that they think could be a money mule scam should contact their banker immediately.
Claiming to represent the American Bankers Association (ABA), fraudsters are distributing letters instructing people to call a phone number to find out how to collect a prize. When called they trick the individual into revealing personal financial information.
Fraudulent sweepstakes are just one of many scams aimed at stealing personal information. Identity thieves have posed as representatives of banks, Internet service providers, and government agencies to get people to reveal their Social Security Number, mother's maiden name, account numbers, and other identifying information.
Tips: Be cautious about providing personal or financial information to anyone you do not know. Do not give out personal information on the phone, through the mail, or on the Internet unless you have initiated the contact, and are sure you know who you’re dealing with.
Note: First American Bank will never ask for private information by email or unsecured website.
Many of the fake ABA prize letters also contain fraudulent checks. They appear to be signed by ABA or ABD Federal Credit Union, however any financial institution may be targeted.
Tips: One way to confirm you are dealing with a legitimate organization is to check their website — however it’s important to type its URL in the address line yourself. Do not cut and paste it from a message sent to you which can be altered to redirect you to an unsafe site.
Millions of consumers are being tricked into accepting genuine-looking checks and money orders and wiring money to fraudsters. The Consumer Federation of America (CFA) has launched a national campaign to combat this fraud. CFA is a non-profit association of 300 pro-consumer groups — including the American Bankers Association of whom First American Bank is a member.
Common fake check scams:
The checks or money orders are fake. You’re out the money.
Per federal law financial institutions must give consumers timely access to money from deposited checks or money orders. Although funds are made available, that does not guarantee the deposited check or money order is good. The depositor is liable for repaying the financial institution if checks or money orders cashed or deposited are counterfeit.
Online social networking can be a great way to exchange ideas, information, photos and games — but remember, putting your personal information online comes with risks. A new popular game on Twitter has been determined to also be a new fraud scheme. To play, individuals are asked to post their “porn name”— a combination of your first pet’s name and the street you grew up on, or your mother’s maiden name.
Now think about the answers to your security questions for your online accounts…more than likely, at least one of them is your pet's name, your mother's maiden name, or the street you grew up on. If you played the game, you just shared that information with millions of people on Twitter.
How the scam works
With the information you just provided, fraudsters, alleging to be you, contact various websites claiming they forgot their login information. When “you” are asked to answer your security questions, the crooks use your Twitter porn name information and are granted access to your accounts.
Important note: If you have unwittingly shared your passwords or answers to your security questions, quickly change these passwords and security questions on your accounts.
The more information you provide about yourself online, including posts and live chats on social networking sites, the easier it is for people to use these details to commit fraud.
Your best protection:
Do not reveal too much information in your social networking. Control who can access your online information.
Social networking sites build themselves on a culture of trust. Do not get caught up in the moment. Always think before you respond. Keep your personal information safe.
Con artists are defrauding seniors out of hundreds, even thousands, of dollars by posing as their grandchildren in need of help.
In the “Grandparent” or “Emergency” scam, a grandparent receives a phone call from a fraudster claiming to be his or her grandchild needing money immediately. The crisis often involves a car accident, stranding, medical treatment, or funds required to pay bail. The caller frequently asks for secrecy so the caller does not “get into more trouble”.
Con artists can get names and family information from the Internet through family blogs, genealogy websites, social networking sites and online newspapers — and can often manage a believable impersonation. In other cases, the grandparent is tricked into revealing the grandchild’s name.
Wanting to help their grandchild, the grandparent sends money electronically, usually via a money transfer. Funds sent by wire transfer are hard to track and usually are not recoverable by law enforcement or banking officials.
Fraudsters pressure people to wire money through commercial money transfer companies like Western Union and Money Gram because wiring money is the same as sending cash.
The chances of recovering the money are slim to none. Con artists use these services so they can get your money before you realize you’ve been cheated. Victims often don’t realize they’ve been swindled until days later, when they speak to their grandchild who knows nothing about the phone call. By then, the money is not only long gone, but irretrievable.
Never provide your bank or credit card numbers to any caller for any reason. If you have initiated a transaction, for example a telephone or Internet purchase with a reputable firm, it is all right to provide your card information to complete your business.
A new phishing technique tricks users into providing confidential information after they have logged onto secure websites. In-session Phishing inserts legitimate-looking pop-up messages that request passwords, account numbers etc., purportedly on behalf of the trusted website.
The malicious program detects other sites the user is visiting, and will only attempt to trick a user already logged into a secure website. It then presents a reason for victims to type in their credentials again, for example, claiming the online banking session is about to time out.
How the scam works
A user legitimately logs onto a secure site and authenticates. Having finished their business the individual leaves the bank website open and opens another browser tab. If they encounter a website that has been infected with the malicious code, a pop-up supposedly from the bank or secure site that’s still open, prompts the user to enter his login etc. again. Additional lures include pop-ups of online surveys or mini-flash games. For the attack to work, three conditions must be met: the user must stay logged into the secure site while simultaneously opening the second; the second site must be infected, and the user needs to act on the prompt.
“Phishing” scams are not just limited to the Internet. A new phishing scheme uses the American Banker’s Association’s (ABA) name to trick the unwary into disclosing confidential security information relative to their savings and checking accounts.
Ads seeking to hire survey takers to evaluate local banks (similar to mystery shopping) are placed in local newspapers. Applicants receive a package of papers (that appears to be from ABA) including the detailed survey and list of bank branches. The survey takers are instructed to open an account with their assigned bank(s) using their own money, then forward the completed survey, along with account and security information, to an address in South Carolina. Individuals who follow the instructions quickly lose any money that they deposited into that account.
Scammers are taking advantage of the unrest in the financial world to elicit personal information.
According to the Federal Trade Commission (FTC), fraudsters distribute e-mails that appear to be from the financial institution that recently acquired your mortgage, bank or savings and loan — trying to capture credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. The message may ask you to update, validate, or confirm account information.
You are then directed to a website that looks like your new financial institution or lender. Instead, it is a bogus site set up to trick you into revealing personal information.
*Phishing occurs when fraudulent e-mails purportedly from a well-known company ask you to provide, update or confirm confidential information.
Criminals are draining funds from the accounts of small to mid-sized businesses by using fake error messages from what looks like banks’ websites.
Antifraud safeguards include one-time use passwords, such as a number generated by fobs or tokens that expire upon use. Fraudsters circumvent these security measures by installing a data-stealing program on a business owner’s computer. When a victim whose PC is infected with this malware attempts to log in at a banking site that requires two-factor authentication, the scammer modifies the display of the bank site in the victim’s browser.
The fraudster sends the victim a fake error message with an alert saying “please allow 15 to 30 minutes for your request to be synchronized with our server.” While the victim waits, the criminal quickly uses the one-time code to log in as the victim and drain the account.
The scams are extremely well-targeted, warns Brian Krebs in his Washington Post column, “Security Fix”. The e-mails resemble official correspondence and often include the victim’s name and employer. In one recent incident, thousands of e-mails impersonating the U.S. Tax Court were distributed.
Important note: Please beware of error messages at bank sites. If you own or work at a small to mid-sized business, and are presented with an error message about data synchronization or site maintenance when attempting to access your company’s bank account online, contact your bank as soon as possible.
*The 404 or “not found” error message is an HTTP standard response code that indicates the user was able to communicate with the server, but either the server could not find what was requested, or it was configured not to fulfill the request and not reveal the reason why.
Many people are receiving a variation of the following message:
Irregular activity has been detected on your ATM/Check Card. For your protection, future authorizations have been suspended, and your card has been deactivated. To re-activate your ATM/Check Card, call the (24 hour) Activation Center: (xxx) xxx-xxxx.
Important note: This Card Deactivation Scam is different from the First American Bank practice of protecting you from unauthorized use of your ATM/debit card. When we authorize you to be contacted by a fraud specialist after a possibly suspicious transaction, they will simply ask you to verify a specific recent purchase. Click the Fraud Prevention tab above to learn more.
They will never ask for your PIN number or any other account information. You will not be told your card has been deactivated. As in all financial situations, should you have any concerns or questions, please contact First American Bank.
According to the Federal Trade Commission, firms engaged in foreclosure rescue scams promise consumers a way out, typically for a few thousand dollars. Although there are many varieties of mortgage foreclosure rescue fraud, the common theme is a promise that the consumers’ homes will be permanently saved from the pending foreclosure. Most victims not only end up still losing their home, but also the money they paid to the scammers.
In many cases, the fraudster directs the homeowner to have no further contact with the loan servicer — even though in some instances the servicers will agree to modifications to avoid foreclosure.
In addition, most consumers report they are unable to reach anyone at the fraudulent company to ascertain how the process is going or to complain.
The Mortgage Rescue Fraud Act of 2007 provides homeowners with the following protection:
The Better Business Bureau (BBB) has issued a warning to homeowners that it has received complaints from victims of foreclosure rescue schemes from almost all 50 states. According to BBB reports, individuals whose homes are listed for foreclosure are increasingly being contacted directly. Fraudsters also advertise on the Internet, in local newspapers, with posters on telephone poles, bus stops and flyers distributed door to door.
If you, or someone you know, are in foreclosure, or behind in mortgage payments and facing possible foreclosure, the attorney general recommends:
The Better Business Bureau adds these tips:
One of the greatest risks to our customers in today’s banking environment is a fraud loss connected with accepting a counterfeit check in a scam. These scams originated years ago, many in Nigeria, and were directed primarily to individuals. They have evolved considerably and are on the increase.
Recently, businesses being targeted are those attempting to sell something over the Internet. We’ve seen a surge in fraud aimed at businesses which have large dollar equipment for sale over the Internet.
Businesses will typically be dealing with a client they have not met personally. Those conducting dealings outside the United States are more susceptible.
As always, First American Bank is always there to help their clients with any security questions or issues.
Whaling — is a more refined phishing scam aimed at the rich and powerful.
In this scam, criminals research the names and e-mail addresses of top executives — often freely available on the Internet. The subsequent e-mails distributed lure these executives into clicking on a link to a Website where malware* is immediately downloaded onto the executive’s computer. *Malware (a blending of the words malicious and software) is software designed to infiltrate or damage a computer system without the owner's informed consent.
One such e-mail sent to thousands of high-ranking executives claims the recipient has been subpoenaed by the United States District Court in San Diego to appear in a grand jury civil case. When the executive clicks on a link purporting to be a copy of the entire subpoena, he/she unwittingly downloads software that sends data to a remote computer.
Another version claims to be from the Better Business Bureau alerting the executives to a complaint filed against their company and posted on a website. Yet another scam claims to have information about an invoice.
While the sender’s address may look legitimate, the post office they are sending from often is not disguised. This can be seen if you look at the header information.
Phishing occurs when fraudulent e-mails, appearing to come from a well-known company, ask the recipient to provide, update or confirm confidential information.
First American Bank has received a warning from Equifax regarding current email phishing attempts aimed at businesses.
Equifax is a credit reporting agency utilized by First American Bank to obtain credit reports for loan applicants and to report loan payment history. Phishing attempts have been made on companies that utilize the online delivery channel with Equifax. The companies have reported receiving emails, that appear to be from Equifax, requesting their Company ID, User ID and Password. Equifax would never ask for this information. This is a scam. These emails have not been sent from Equifax. If you receive a similar email, disregard it and do not respond.
Tax and IRS scams:
Change to tax law e-mail scam:
People who operate businesses and accountants are the primary targets here. Individuals are told they can download information regarding changes to the tax law by clicking on links leading to publications. When the individuals click on these links, software is installed on their computer leading to their information being compromised.
Remember: Be very cautious about providing your personal or financial information to anyone you do not know.
Note: First American Bank will never ask for private information by email or unsecured Website.
How to spot Phishing:
Steps to avoid being Phished:
If you think you've been Phished:
Vishing, a term coined from combining “voice” and “phishing”, exploits the public’s trust in landline telephone services.
Similar to phishing, the fraudster sends an e-mail indicating the recipient’s bank needs to update certain information. The e-mail cunningly references phishing and identity theft. The twist comes when “for security purposes” the individual is directed to call “one of our personal bankers” at a provided toll free number. When the individual calls, thinking they are updating the information on their accounts, they actually provide their private information directly to the fraudster.
Vishing is typically used to steal credit card numbers or other information used in identity theft schemes. It is very hard for legal authorities to monitor or trace Vishing.
Smishing is derived from combining SMS (protocol used to transmit text messages via cell phones) and the more familiar “phishing”.
Almost identical to the phishing scam which uses e-mail, this new tactic exploits mobile banking. The fraudster, disguised as a financial institution, sends a text message requesting personal information such as account numbers or passwords.
Alternately, some messages warn the consumer will be charged unless they take action to cancel
a supposed order by going to a web site. When visited, the site downloads a “Trojan horse” that then steals credit card numbers and other private information.
Some of the new smishing techniques include mobile spyware that once downloaded to a phone can eavesdrop on conversations.
Treat your cell phone with the same level of concern you apply to your website.
You want the safest, most reliable process for accessing your financial information. eStatementssm (electronic statements) allow you to view and reconcile your accounts more quickly. You’re in total control — you say where; you say when. Intercepting or rerouting your mail is a common fraud tactic. eStatementssm eliminate the worry of lost or stolen statements.
To sign up to receive your account statements electronically instead of the traditional paper statement, simply login to online banking and follow the steps. We highly recommend all our customers take advantage of this free service. eStatementssm will simplify your life, help the environment — and provide an extra level of security.
Your protection continues with MasterCard SecureCode®
We have enhanced security to your debit card by participating in the MasterCard SecureCode® program. This free online security service guards you against unauthorized use of your MasterCard when shopping online at participating merchants. It is just like entering your PIN at an ATM.
Click here to register.
Most participating merchants display the MasterCard SecureCode® logo on their site. If the merchant is not a SecureCode® participant, you will simply use your card as you have been doing.
Click here for more MasterCard SecureCode® frequently asked questions.
Added protection for your ATM/debit card
If a questionable transaction is detected on your card, you will be contacted by the bank, or a fraud specialist (third party vendor) calling on our behalf, to verify the transaction in question. For example: while you’re at the neighborhood grocery buying a few staples, you simultaneously make a purchase in Europe. Not only is this unlikely — it’s impossible.
If the transaction is valid, no action is taken. If you confirm the transaction as fraudulent, we immediately eliminate the card’s access to your account, making it impossible for the card to be used for further unauthorized transactions. By identifying our customers’ general spending patterns, and watching for transactions that appear out of the ordinary, we reduce your risk of fraud.
Important: All information is kept strictly confidential. You will always be contacted by phone. That is why it is critical we have your current telephone numbers on file. If we are unable to make timely contact with you, your ability to use your debit card will be impeded. We don’t want you experiencing such an inconvenience! For your security, no one at First American Bank, including fraud specialists working on our behalf, will ever send a text message to your cell phone, or email you regarding potentially fraudulent transactions.
To update your contact information, or if you have questions about this system, please contact your personal or business banker.
First American Bank’s website utilizes 128-bit encryption to secure your confidential account information. When data is sent, it is scrambled so it cannot be understood by unauthorized people. The data is then unscrambled when it is received by First American Bank personnel.
First American Bank promises to respect your privacy, keep your information secure and use your information responsibly. If you have a concern about our privacy practices, please contact your personal or business banker. To view the full statement, click here.
Identity thieves prey on the uninformed and unsuspecting. Knowledge is protection. First American Bank is dedicated to raising awareness of identity theft and fraud. Our website is updated regularly to keep you advised of prevalent scams. Click here to visit the Federal Trade Commission.
First American bank is dedicated to helping you reduce your risk of being victimized. Identity theft is the fastest-growing white-collar crime and can rob you of your money…your credit…and your good name. Are you doing everything you can to protect your identity? Test yourself with our ID Theft Quiz.
As you make travel plans, take into consideration these tips for protecting your identity while traveling.
Before You Leave
During Your Travel
Click here for a handy tool to take with you on your travels, just in case!
"Corporate account takeover" is when cyber-thieves gain control of a business' bank account by stealing the business' valid online banking credentials. Although there are several methods being employed to steal credentials, the most prevalent involves malware that infects a business' computer workstations and laptops.
A business can become infected with malware via infected documents attached to an e-mail or a link contained within an e-mail that connects to an infected web site. In addition, malware can be downloaded to users' workstations and laptops by visiting legitimate websites - especially social networking sites - and clicking on the documents, videos or photos posted there. This malware can also spread across a business' internal network.
The malware installs key logging software on the computer, which allows the perpetrator to capture a user's credentials as they are entered at the financial institution's web site. Sophisticated versions of this malware can even capture token-generated passwords, alter the display of the financial institution's web site to the user, and/or display a fake web page indicating that the financial institution's web site is down. In this last case, the perpetrator can access the business' account online without the possibility that the real user will log in to the web site.
Once installed, the malware provides the information that enables the cyber-thieves to impersonate the business in online banking sessions. To the financial institution, the credentials look just like the
legitimate user. The perpetrator has access to and can review the account details of the business, including account activity and patterns, and ACH and wire transfer origination parameters (such as file size and frequency limits, and Standard Entry Class (SEC) Codes).
The cyber-thieves use the sessions to initiate funds transfers, by ACH or wire transfer, to the bank accounts of associates within the U.S. These accounts may be newly opened by accomplices or unwitting "money mules" for the express purpose of receiving and laundering these funds. The accomplices or mules withdraw the entire balances shortly after receiving the money, and then send the funds overseas via over-the-counter wire transfer or other common money transfer services.
The cyber-thieves appear to be targeting small- to medium-sized businesses, as well as smaller government agencies and nonprofits, for several reasons:
This is for information purposes and is not intended to provide legal advice. The guidance included is not an exhaustive list of actions and security threats change constantly.
Sources: NACHA and the Financial Services-Information Sharing and Analysis Center
To report a lost or stolen ATM/debit card during business hours, immediately call your First American Bank location.
To report a lost or stolen ATM Card outside of business hours:
To report identity theft to the nationwide consumer reporting companies:
Additional tips for avoiding identity theft:
Order your free credit report once per year, using one of the following methods:
For more information on protecting yourself from identity theft, visit the Identity Theft section of the First American Bank online Education Center. The Federal Trade Commision is also a valuable resource.