Fraud Alert

State Bank & Trust Company encourages all customers to be vigilant in defeating phishing, vishing, SMiShing and other kinds of fraud attempts.  In an effort to keep you informed of recent scams, please see the FRAUD ALERTS and TIPS below:

FRAUD ALERT 01/14/11:  Visa/Mastercard Telephone Credit Card Scam

State Bank & Trust Company has recently learned of the newest form of fraud regarding the VISA and MASTERCARD Telephone Credit Card Scam.  This scheme is victimizing many people because they provide YOU with all the information, except for the piece they want.  The callers do not ask for your card number because they already have it. 

For example, the scam works like this:

Person calling says – “This is (name), and I'm calling from the Security and Fraud Department at VISA. My Badge number is 12460.  Your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a marketing company based in Arizona ?”  When you say 'No', the caller continues with, “then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?” You say 'yes'. 

The caller continues – “I will be starting a Fraud Investigation. If you have any questions, you should call the 1- 800 number listed on the back of your card (1-800-VISA) and ask for Security. You will need to refer to this Control Number.” The caller then gives you a 6 digit number. “Do you need me to read it again?”

Here's the IMPORTANT part on how the scam works - The caller then says, “I need to verify you are in possession of your card.”  He'll ask you to 'turn your card over and look for some numbers.' There are 7 numbers; the first 4 are part of your card number, the last 3 are the Security Numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card.  The caller will ask you to read the last 3 numbers to him. After you tell the caller the 3 numbers, he'll say, “That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card.  Do you have any other questions?”

After you say no, the caller then thanks you and states, “Don't hesitate to call back if you do,” and hangs up. You actually say very little, and they never ask for or tell you the card number.  What the scammers want is the 3-digit PIN number on the back of the card - Don't give it to them!  Instead, tell them you'll call VISA or MASTERCARD directly for verification of their conversation.

VISA and MASTERCARD say they will never ask for anything on the card as they already know the information since they issued the card.  If you give the scammers your 3 Digit PIN Number, you think you're receiving a credit; however, by the time you get your statement you'll see charges for purchases you didn't make, and by then it's almost too late and/or more difficult to actually file a fraud report.

Should this scam happen to you, DO NOT give the callers any information and make sure to file a police report right away.  It appears this is a very active scam, and evidently quite successful. 

FRAUD ALERT 09/10/10:  Distribution of Virus E-mail
Please be advised that there is an e-mail currently being circulated throughout the internet that contains a link to a virus.  The link is designated to look like a link to a PDF document.  Because it is a link, it will not be caught by e-mail filters.  The subject heading is generally "here you have".  If you recieve the infected e-mail, delete the message immediately without clicking the link.  If anyone clicks on the link, the virus may send messages to contacts within their address book immediately.

FRAUD ALERT 07/22/10:  Fraudulent IRS e-mail circulating
SBT has learned that criminals have launched a major e-mail campaign to deploy the infamous ZeuS Trojan e-mail, which will send spam messages disguised as fraud alerts from the Internal Revenue Service (IRS), Twitter account hijack warnings, or salacious Youtube.com videos.

The fraudulent IRS e-mail uses the verbiage "Notice of Underreported Income" as the Subject Line and encourages the recipient to click a hyperlink to review their tax statement. All of the latest e-mails use a variety of URL shortening services. 

As a reminder, you should NEVER open the attachments or download information from unexpected or spam e-mails!  Contact SBT if you think you've been a victim of fraud.

FRAUD ALERT 03/05/10:  Don't Get Ripped Off!
If you can answer YES to any of the following questions, you could be involved in FRAUD or about to be SCAMMED!  Tell branch personnel immediately!

• Is the CHECK from an item you sold on the Internet, such as a car, boat, jewelry, etc.?
• Is the amount of the CHECK more than the item's selling price?
• Did you receive the CHECK via an overnight delivery service?
• Is the CHECK connected to communicating with someone by email?
• Is the CHECK drawn on a business or indivual account that is different from the person buying your item or product?
• Have you been informed that you were the winner of a LOTTERY, such as Canadian, Australian, El Gordo, or El Mundo, that you did not enter?
• Have you been instructed to either "WIRE", "SEND" or "SHIP" MONEY as soon as possible, to a large U.S. city or to another country such as Canada, England, or Nigeria?
• Have you been asked to PAY money to receive a deposit from another country such as Canada, England, or Nigeria?
• Are you receiveing PAY or a COMISSION for facilitating money transfers through your account?
• Did you respond to an email requesting you to CONFIRM, UPDATE, or PROVIDE your account information?

FRAUD ALERT 01/26/10:  Be Cautious About Giving Info to Census Workers
With the U.S. Census process beginning, the Better Business Bureau (BBB) advises people to be cooperative, but cautious, so as not to become a victim of fraud or identity theft.

The first phase of the 2010 U.S. Census is under way as workers have begun verifying the addresses of households across the country.  Eventually, more than 140,000 U.S. Census workers will count every person in the United States and will gather information about every person living at each address including name, age, gender, race and other relevant data.

The big question is - HOW DO YOU TELL THE DIFFERENCE BETWEEN A U.S. CENSUS WORKER AND A CON ARTIST?  BBB offers the following advice:

• If a U.S. Census worker knocks on your door, they will have a badge, a handheld device, a Census Bureau canvas bag and a confidentiality notice.  Ask to see their identification and their badge before answering their questions.  However, you should never invite anyone you don't know into your home.
• Census workers are currently only knocking on doors to verify address information.  DO NOT give your Social Security number, credit card or banking information to anyone, even if they claim they need it for the U.S. Census.  REMEMBER, NO MATTER WHAT THEY ASK, YOU REALLY ONLY NEED TO TELL THEM HOW MANY PEOPLE LIVE AT YOUR ADDRESS.
• While the Census Bureau might ask for basic financial information, such as a salary range, YOU DON'T HAVE TO ANSWER ANYTHING AT ALL ABOUT YOUR FINANCIAL SITUATION.  The Census Bureau will NOT ask for Social Security, bank account, or credit card information, nor will they solicit donations.  Anyone asking for that information is NOT with the Census Bureau.
• Eventually, Census workers may contact you by telephone, mail or in person at your home.  However, the Census Bureau will NOT contact you by email, so be on the lookout for email scams impersonating the Census.  Never click on a link or open any attachments in an email that are supposedly from the U.S. Census Bureau.

For more advice on avoiding identity theft and fraud, visit www.bbb.org.

FRAUD ALERT 12/08/09:  FDIC Phishing Scam Strikes More Banks, Iowa Bank Customers Hit in Latest Flurry
For the second time in recent months, bank customers have been sent phishing emails purporting to be from the Federal Deposit Insurance Corp. (FDIC).

Residents in Palo Alto County, IA area have been warned by their banks of the email scam. The FDIC also on Thursday sent out an alert about the scam to all security officers.

The e-mail claims that the financial institution is on a list of banks that are "failing" and that the FDIC is taking control of that institution's assets. The e-mail then instructs the recipient to click on a link that supposedly takes the recipient to the FDIC website, when in reality the website is actually fake. When recipients click on the fake FDIC website, they are prompted to enter sensitive information such as account numbers for checking and savings accounts.

This latest alert comes after a similar phishing attack was reported against banking customers in late October, asking recipients to check the amount of insurance their bank had with the FDIC's Deposit Insurance Fund.

"The criminals, knowing that people trust the FDIC name, have duplicated the official logo and seal in fraudulent letters, forms, certificates and other correspondence," according to the FDIC alert. "In some cases, recipients were asked to complete fraudulent forms and return them by fax or e-mail. In other cases, recipients were asked to remit funds via check or wire transfer service

The FDIC says institutions are encouraged to inform customers that fraud artists may use the names of the FDIC and other government agencies and to take appropriate precautions.

FRAUD ALERT 12/03/09:  The Federal Deposit Insurance Corporation (FDIC) is reminding financial institutions, businesses and consumers that fraudulent correspondence claiming to be from the FDIC continues to be mailed, faxed and e-mailed in the United States and other countries. The correspondence uses various techniques to gain the trust of recipients in hopes they will provide sensitive personal information, including bank account numbers, which can be used to steal money and other assets. Recipients should NOT, under any circumstances, respond to the fraudulent requests.

The criminals, knowing that people trust the FDIC name, have duplicated the official logo and seal in fraudulent letters, forms, certificates and other correspondence. Recent examples have included invoices, bills, transfer forms, guarantees, endorsements, and confirmations of stock and investment purchases. In some cases, recipients were asked to complete fraudulent forms and return them by fax or e-mail. In other cases, recipients were asked to remit funds via check or wire transfer service.

The FDIC rarely sends unsolicited bills or other similar documents to financial institutions, businesses and consumers. In particular, the FDIC does not send unsolicited correspondence asking for sensitive personal information, including bank account information. Anyone receiving such correspondence should contact the FDIC immediately by calling toll-free at 1-877-ASK-FDIC (1-877-275-3342) or by e-mailing to alert@fdic.gov. Do not use contact information listed for the FDIC in the correspondence because it is likely to be falsified.

Information about counterfeit items, cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F-3054, Washington, D.C. 20429, or transmitted electronically to alert@fdic.gov. Questions related to fraudulent correspondence, deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.

For your reference, FDIC Special Alerts may be accessed from the FDIC's website at www.fdic.gov/news/news/SpecialAlert/2009/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

FRAUD ALERT 12/01/09:   A recent vishing attack is affecting Iowa financial institutions. The attack consists of automated telephone calls made to customers' cellular telephones, claiming to originate from Visa® security. The automated call demands that customers enter information, such as their primary account number (PAN), card expiration date, or card verification value (CVV2), immediately through their touchtone telephones to prevent account deactivation.  If you receive a call like this, hang up and do not provide any personal information!

TIPS TO PROTECT YOUR IDENTITY

Never give your personal information to people that you don’t know and trust.

Don’t be taken by email (phishing), voice (vishing) or text message (smishing) scams asking for your personal or financial information.

Know who you are dealing with before providing personal information to mail order, telephone or internet merchants.

Keep your passwords secure and always shred documents containing sensitive information.

Review your bank statement monthly and your credit report annually.

Card Safety:  Debit cards are safe to use, but don’t just make a leap of faith when it comes to buying goods or services from mail order, telephone, or Internet merchants you don’t know. Be sure to ask questions when doing business with a new merchant and only give them your account numbers when you know the business to be reputable. Remember, if the offer sounds too good to be true, it probably is.

Online Shopping:  When shopping online, be aware of ways to avoid undue risk and know how to keep your personal information safe and secure. Be protected when shopping online by looking for the secure site verification. Never give your private information to anyone online you do not trust. All your passwords should be kept secret from outside parties and it is a good idea to print or file receipts and/or confirmation numbers of all online transactions for your records.

IF YOU BECOME A VICTIM OF IDENTITY THEFT:

Contact your financial institution(s) immediately.
State Bank & Trust Company
(319) 352-6000, or toll-free at (888) 367-5500

Contact the three national credit bureaus to report the identity theft and request a “fraud alert.”
Equifax                    (800) 525-6285        www.equifax.com 
Experian                  (888) EXPERIAN        www.experian.com 
TransUnion              (800) 680-7289        www.transunion.com 

File a police report.

Contact the fraud departments of creditors.

File a complaint with the Federal Trade Commission. (FTC)

Take other appropriate actions, depending on your identity theft situation (ie: contact the Social Security Administration office to report suspected Social Security number theft, file a report with the U.S. Postal Inspection Service if your mail has been stolen, etc.).

For more information, visit www.consumer.gov/idtheft.

KINDS OF ATTACK EXPLAINED

Phishing:  “Phishing” is an email scam involving fraudsters who present themselves as legitimate businesses in an effort to trick you into divulging your Social Security number, account numbers, passwords, and other sensitive personal data. Hiding behind the anonymity of the Internet, they send out official looking emails pretending to be financial institutions, credit card companies, online service providers, or retailers, etc. They try to convince you there is an immediate need to update your financial or personal information.

Vishing:  “Vishing” is a type of phishing attack that is most often facilitated over the telephone system.  The term is a combination of “voice” and “phishing”.

SMiShing:  “SMiShing” is a type of phishing attack using SMS (Short Message Service), which is the technology used for text messages on cell phones.  The term is derived from “SMS phishing”.

Pharming:  “Pharming” is the name for an activity where a hacker acquires access to your computer for the purpose of redirecting web traffic to another site. This internet crime seeks to obtain passwords, usernames and other access credentials to ultimately gain knowledge of private personal data such as PIN and account numbers.