You may have recently heard or read news reports about the “Heartbleed Bug”, which affects the technology used to encrypt sensitive information (this technology is referred to as OpenSSL). The “Heartbleed Bug” allowed criminals to access personal data, such as usernames, passwords, credit/debit card numbers, and emails from infected websites. This vulnerability prompted many companies to publicly recommend that consumers change their passwords on all websites they visit to conduct personal business, including financial institutions and retail sales sites.
Many financial institutions, like STAR, use OpenSSL to secure your web credentials, evidenced by the padlock symbol in the address bar of the website when your access starfinancial.com. However, we want to assure you that the version of OpenSSL used by STAR’s online banking was never vulnerable to the Heartbleed Bug at any point, and your – and our customers’ - information remains secure.
However, as a matter of general security, STAR always recommends that you change your passwords on a regular basis. For more information about protecting yourself against fraud, please visit www.starfinancial.com/security-center.
UPDATE: PHISHING SCAM
STAR Financial Bank has warned numerous times about “phishing” and “vishing” scams in which crooks send automated calls, emails and texts claiming to be from STAR Financial Bank, asking customers to submit or verify confidential information such as debit card numbers. Below is additional information regarding yesterday’s phishing attack:
If you did respond to the automated call or text and provided your information, please contact STAR Customer Service at 1-888-395-2447 immediately.
Again, if you ever receive this sort of call, text or e-mail appearing to be from STAR Financial Bank and asking you to “enroll” or provide information, you should assume that it is fraudulent.
FAKE AUTOMATED CALLS & TEXTS REGARDING STAR ATM/DEBIT CARDS
STAR's Security Department has received numerous reports of customers and non-customers receiving fake automated calls and text messages indicating that their STAR ATM/Debit card has been block and to call (907) 341-4761.
If you call this number, it says "Thank you for calling STAR Financial Bank." This message is NOT from STAR. These types of vishing attacks are on the rise, and the techniques are becoming very sophisticated.
Please follow these precautions:
If you have already received the fraudulent message and provided your card information, please contact STAR Customer Service immediately at 888.395.2447.
FAKE AUTOMATED CALLS REGARDING MASTERCARD® DEBIT CARDS
Numerous customers have started to receive fraudulent automated calls regarding their STAR Mastercard® debit cards. Sometimes an originating number shows on caller ID and sometimes not. These calls are not originated by STAR. Please do not disclose your card number to avoid any fradulent activity. STAR customers debit cards are not at risk or compromised as long as you do not provide your information. If you accidentally provided this information to the vishing calls, please contact STAR customer service immediately at 888-395-2447.
Target Data Breach Leads to Phishing Scams
STAR Bank is warning customers not to fall victim to phishing scams related to the Target data breach. Phishing attacks use spoofed e-mails and fraudulent websites designed to fool recipients into divulging personal financial data. By hijacking the trusted brands of banks, online retailers and credit card companies, phishers are able to convince recipients to respond to them.
“Victims of the Target data breach are particularly vulnerable right now to phishing,” says Jeremy Vance, STAR Security Officer. “These criminals are capable of sending very legitimate looking e-mails. The most important thing for customers to remember is that STAR Bank will never ask you for personal information in an e-mail.”
To avoid becoming the victim of a phishing scam, STAR offers the following tips:
For information on protecting yourself online, visit ABA’s consumer section on phishing at aba.com/consumers/pages/phishing.aspx.
New Details released by Target regardling data breach investigation
From corporate.target.com - "As part of Target’s ongoing forensic investigation, it has been determined that certain guest information—separate from the payment card data previously disclosed—was taken from Target. This theft is not a new breach, but was uncovered as part of the ongoing investigation. At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals.
Much of this data is partial in nature, but in cases where Target has an email address, we will attempt to contact affected guests. This communication will be informational, including tips to guard against consumer scams. Target will not ask those guests to provide any personal information as part of that communication. In addition, guests can find the tips at Target.com/databreach, along with updated information in the Data Breach FAQs to help answer questions and provide additional resources.
“I know that it is frustrating for our guests to learn that this information was taken and we are sorry they are having to endure this,” said Gregg Steinhafel, chairman, president and chief executive officer. “Our guests expect more from us and deserve better. And I want them to know that understanding and sharing the facts is important to me and the entire Target team.”
Guests will have zero liability for the cost of any fraudulent charges arising from the breach. To provide further peace of mind, Target is offering one year of free credit monitoring and identity theft protection to all Target guests who shopped our U.S stores. Guests will have three months to enroll in the program. Additional details will be shared next week.
We remain focused on addressing our guests' and team members' questions and concerns about the data breach. Please continue to check the Data Breach Issues Hub for updates as additional information becomes available."
STAR customers may be susceptible to consumer scams (phishing) due to the release of postal addresses, email addresses and phone numbers.
Fraudulent automated phone calls (Vishing)
STAR's Security Department has received numerous reports of customers in our markets receiving phone calls indicating their MasterCard has been deactivated. They are asked to type their card number during the automated call to reactivate.
If you received this call, please hang up and do NOT provide them with your debit information. If you already received the call and released this information, please contact a STAR Customer Service representative immediately at 888-395-2447 to close your card, as it has now been compromised.
Vishing in Northeast Indiana
STAR's Security Department has received numerous reports of customers in our Fort Wayne region receiving phone calls indicating their card has been frozen. They are asked to type their card number during the automated call to reactivate.
If you received this call, please hang up and do NOT provide them with your debit or credit card informaiton. If you already received the call and released this information, please contact a STAR Customer Service representative immediately at 888-395-2447 to close your card, as it has now been compromised.
Fictitious Text Messages
STAR's Security Department has received reports that several customers today have received the following text message:
STAR ALERT: Your CARD starting with 5109 has been DEACTIVATED. Please call 765-319-0414.
STAR does not send text messages to our customers regarding deactivation of cards. If you received this message, please delete the text and do NOT call the number listed. If you already received the text and called the number, please contact a STAR Customer Service representative immediately at 888-395-2447 to close your card, as it has now been compromised.
Fictitious Wire Transfer Email
STAR's Security Department has received report of another email phishing attempt. The following email below is NOT from STAR. If you receive the email, please delete it. DO NOT click on any of the links. If you click the link, it will attempt to download malware that will steal your online banking username and password. Fraudulent withdrawals may follow. You will need to have the malware removed by your anti-malware software provider or a professional computer technician.
Subject: RE: Your Wire Transfer
Wire Transfer was canceled by the other financial institution.
FED NR: 9064623309RE884931
Wire Transfer Report: View
Federal Reserve Wire Network