Target Data Breach Leads to Phishing Scams
STAR Bank is warning customers not to fall victim to phishing scams related to the Target data breach. Phishing attacks use spoofed e-mails and fraudulent websites designed to fool recipients into divulging personal financial data. By hijacking the trusted brands of banks, online retailers and credit card companies, phishers are able to convince recipients to respond to them.
“Victims of the Target data breach are particularly vulnerable right now to phishing,” says Jeremy Vance, STAR Security Officer. “These criminals are capable of sending very legitimate looking e-mails. The most important thing for customers to remember is that STAR Bank will never ask you for personal information in an e-mail.”
To avoid becoming the victim of a phishing scam, STAR offers the following tips:
For information on protecting yourself online, visit ABA’s consumer section on phishing at aba.com/consumers/pages/phishing.aspx.
New Details released by Target regardling data breach investigation
From corporate.target.com - "As part of Target’s ongoing forensic investigation, it has been determined that certain guest information—separate from the payment card data previously disclosed—was taken from Target. This theft is not a new breach, but was uncovered as part of the ongoing investigation. At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals.
Much of this data is partial in nature, but in cases where Target has an email address, we will attempt to contact affected guests. This communication will be informational, including tips to guard against consumer scams. Target will not ask those guests to provide any personal information as part of that communication. In addition, guests can find the tips at Target.com/databreach, along with updated information in the Data Breach FAQs to help answer questions and provide additional resources.
“I know that it is frustrating for our guests to learn that this information was taken and we are sorry they are having to endure this,” said Gregg Steinhafel, chairman, president and chief executive officer. “Our guests expect more from us and deserve better. And I want them to know that understanding and sharing the facts is important to me and the entire Target team.”
Guests will have zero liability for the cost of any fraudulent charges arising from the breach. To provide further peace of mind, Target is offering one year of free credit monitoring and identity theft protection to all Target guests who shopped our U.S stores. Guests will have three months to enroll in the program. Additional details will be shared next week.
We remain focused on addressing our guests' and team members' questions and concerns about the data breach. Please continue to check the Data Breach Issues Hub for updates as additional information becomes available."
STAR customers may be susceptible to consumer scams (phishing) due to the release of postal addresses, email addresses and phone numbers.
Fraudulent automated phone calls (Vishing)
STAR's Security Department has received numerous reports of customers in our markets receiving phone calls indicating their MasterCard has been deactivated. They are asked to type their card number during the automated call to reactivate.
If you received this call, please hang up and do NOT provide them with your debit information. If you already received the call and released this information, please contact a STAR Customer Service representative immediately at 888-395-2447 to close your card, as it has now been compromised.
Vishing in Northeast Indiana
STAR's Security Department has received numerous reports of customers in our Fort Wayne region receiving phone calls indicating their card has been frozen. They are asked to type their card number during the automated call to reactivate.
If you received this call, please hang up and do NOT provide them with your debit or credit card informaiton. If you already received the call and released this information, please contact a STAR Customer Service representative immediately at 888-395-2447 to close your card, as it has now been compromised.
Fictitious Text Messages
STAR's Security Department has received reports that several customers today have received the following text message:
STAR ALERT: Your CARD starting with 5109 has been DEACTIVATED. Please call 765-319-0414.
STAR does not send text messages to our customers regarding deactivation of cards. If you received this message, please delete the text and do NOT call the number listed. If you already received the text and called the number, please contact a STAR Customer Service representative immediately at 888-395-2447 to close your card, as it has now been compromised.
Fictitious Wire Transfer Email
STAR's Security Department has received report of another email phishing attempt. The following email below is NOT from STAR. If you receive the email, please delete it. DO NOT click on any of the links. If you click the link, it will attempt to download malware that will steal your online banking username and password. Fraudulent withdrawals may follow. You will need to have the malware removed by your anti-malware software provider or a professional computer technician.
Subject: RE: Your Wire Transfer
Wire Transfer was canceled by the other financial institution.
FED NR: 9064623309RE884931
Wire Transfer Report: View
Federal Reserve Wire Network
Fictitious NACHA Email
Another wave of fictitious NACHA email messages are being sent to customers. These fictitious messages are used to trick the recipient in clicking on the "details" causing a virus to install on their computer. An example of the fictitious email message is below:
If you received this email, just delete it and there is no harm. If you clicked on the link, then you will need to have your PC cleaned of a possible virus. For more information, contact STAR Security.
FAKE Gmail Change Notifications
DHS is reporting today, that, once again, Google users are being targeted with emails reportedly coming from Google Team, confirming a bogus reconvery e-mail update. The threat of permanent account suspension is designed to trigger panic in Gmail users and make them follow the offered link. The link's destination is a page made to look like Gmail's login page, set up to harvest the users' login credentials for their Gmail and, potentially, their other Google accounts.
Google's ability to allow users to use the same username and password for a variety of Google services makes for an extremely user-friendly experience, but it also makes the impact of a compromise of these login credentials much greater.
As part of good security practice, we advise never to follow links included in unsolicited emails and to make sure to always access the legitimate page by typing in the correct URLs. If you have any questions or concerns, please contact STAR Customer Service at 888-395-2447.
FAKE AT&T Wireless Bills
DHS is reporting the distribution of large numbers of phony AT&T wireless emails over the last couple days. The emails describe very large balances ($943 in the example below), that are designed to lure aggravated customers to click on the included links. Those links lead to several compromised websites containing hidden malware.
Recipients who are unsure whether the email they have received is genuine or not (the malicious version is a very accurate copy) should contact AT&T to verify the statement or check using their online account management tools. Additionally, recipients can mous-eover the links to verify the website URL. Genuine emails from AT&T will include AT&T website links (www.att.com). The "att.com" link should be the same in both places that it appears in a legitimate email message - unlike the malicious version which uses two very different URLs. The pattern used for the fake links is: non-at&t domain / recurring set of random letters / index.html. The index.html file tries to launch the malware exploit.
If you are not and AT&T subscriber, simply delete the message. Contact STAR Customer Service at 888-395-2447 if you have any questions.
FAKE AUTOMATED CALLS REGARDING ACTIVITY ON DEBIT/CREDIT CARDS
Numerous customers have started to receive fraudulent automated calls regarding activity on their debit/credit cards. The message instructs the listener to press 1 to enter their 16 digit card number to reactiviate their card. Sometimes an originating number shows on caller ID and sometimes not. These calls are not originated by STAR. Please do not disclose your card number to avoid any fradulent activity. STAR customers debit cards are not at risk or compromised as long as you do not type in your card number. If you accidentally provided this information to the vishing calls, please contact STAR customer service immediately at 888-395-2447.
FICTITIOUS HARLAND CLARKE EMAIL MESSAGES
On Wednesday, March 7th, the Corporate Security Group of Harland Clark Holdings Corp. became aware that multiple Harland Clarke and Harland Financial Solutions clients has received an email from a sender fraudulently claiming to be the iReports Data Warehouse. This fraudulent email is NOT originating from any Harland Clarke Holdings business. It appears to be part of a malicious and isolated phishing spam attack.
We advise all customers who have received a fraudulent email from www.harlandclarkes.com (with an 's') to delete it immediately. Please do not click any links given by the fraudulent emails, as they contain malicious software; opening it could risk you dowloading a virus.
FBI: BEWARE OF "GAMEOVER" BANK-ACCOUNT-STEALING MALWARE
The Federal Bureau of Investigation (FBI) released an advisory to warn Internet users of a new phishing campaign that relies on fake emails coming from legitimate organizations to spread a piece of malware called Gameover. The malicious emails may come from the National Automated Clearing House Association (NACHA), the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC) and they [have] an attachment that carries a newer variant of ZeuS, the infamous Trojan designed to target bank account credentials. Typically, the unsolicited emails warn the recipient on a problem with his bank account or a financial transaction issue. The notifications contain a link that points to a phony website storing the Gameover malware which almost immediately infects the victim's device with the purpose of stealing banking information. [HSEC-1.8; Date: 9 January 2012; Source: http://news.softpedia.com/news/FBI-Beware-of-Gameover-Bank-Account-Stealing-Malware-245186.shtml