Using compromised business email accounts, criminals attempt to identify customer, vendor, and employee email information from the email history. Criminals then impersonate the owner of the compromised email account and attempt to exploit and defraud the email contacts by sending emails containing fraudulent invoices or payment instructions. In many cases, the criminals are requesting that the recipients send payments via wire transfer.
To help prevent financial loss, we recommend that you review your current internal business practices and strengthen any weaknesses you find. Strong payment verification controls could save your business from sending unauthorized payments, which often result in financial losses. Learn more.
If you have received what appears to be a Bank of American Fork cashier’s check, contact us at 800-815-BANK to find out if it’s genuine. For more information on avoiding cashier’s check fraud, see OCC website advisories.
We would like to inform you about updates to Bank of American Fork's free IBM Trusteer Rapport product and its protection against Dyre malware, which has been reported as a recent computer threat.
Dyre is a piece of financial targeted malware, that is a malicious program illegally installed on infected computers, that uses an attack technique that redirects infected online users to a fraudulent website served by the malware – a copycat website of the financial website. The user "logs in" to the site, submits their online banking login credentials and extra information required to make a transaction. The login information is instantly forwarded to a fraudster. The fraudsters use these details to log in to the real financial institution website from the customers computer in an unseen, parallel session to conduct an account takeover attack.
Bank of American Fork provides the IBM Security Trusteer Rapport free of change which will help provide online users protection from this malware. The malware installation is prevented on devices on which Trusteer Rapport is installed. If the malware is already installed on the device, Trusteer Rapport will remove the malware. Learn more and install Trusteer Rapport.
Bank of American Fork also deploys a number of other security measures to help online users determine the authenticity of our website. In the address bar of your web browser you may have noticed a green bar containing our name. We provide an Extended Validation security certificate to help online visitors confirm our website. In online banking we also provide a watermark, which is a unique security image, to help online users confirm they are logging in to the actual online banking website.
If you have any online security related question, please contact customer service at 1-800-815-2265. We also invite you to learn more about online security recommendations we have placed our website.
On September 8, 2014, home improvement retailer, The Home Depot, confirmed that it’s payment data systems had been breached. The company released a statement on September 8, 2014 confirming the breach:
“We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue,” said Frank Blake, chairman and CEO. “We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It’s important to emphasize that no customers will be responsible for fraudulent charges to their accounts.”
The official statement went on to mention that they would also offer affected customers complimentary consumer identity protection service.
The dates for the breached data are currently being reported as April 2014 to September 2014. Bank of American Fork is actively working with VISA® to contact card customers that have been impacted by The Home Depot compromise to replace affected cards. If you have questions or concerns, please contact Bank of American Fork Customer Service @ 801-642-3456 or 1 800-815-BANK (2265) toll free to request a new card today.
In August the Albertsons Super Market Chain and its security provider SUPERVALU reported that they were investigating a possible card data breach at a number of its locations. Upon further investigation, it has been reported that customers who used their debit or credit card at Albertsons stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah were impacted. In addition, ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; Jewel-Osco stores in Iowa, Illinois and Indiana; and Shaw's and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island were all impacted by this incident.
The company released a statement on August 15, 2014 confirming the breach, "..At Albertsons, nothing is more important to us than your trust. Our team works hard to earn that trust through offering great value, service and quality products.
These days, we know you are also concerned about the security of your payment card data, and we work hard to protect it. Unfortunately, like many other retailers over the past few years, Albertsons has recently learned of an unlawful intrusion to obtain credit and debit card payment information in some of its stores. The appropriate federal law enforcement authorities have been notified, and Albertsons is working closely with its third party IT services provider, SUPERVALU, to better understand the nature and scope of the incident. Third-party data forensics experts are supporting an ongoing investigation. It has not yet been determined whether any cardholder data was in fact stolen, and currently we have no evidence of any misuse of customer payment information.
Importantly, Albertsons believes that the intrusion has been contained and is confident that its customers can safely use their credit and debit cards in its stores.”
Albertsons went on to mention that they would also offer affected customers a complimentary 12 month consumer identity protection service. For the link to the service and for the company’s full statement, please click on the link provided below.
The dates for the breached data are June 22, 2014 to July 17, 2014. Bank of American Fork is actively contacting card customers that may have been impacted by the Albertsons/SuperValu compromise to replace cards. If you have questions or concerns, please contact Bank of American Fork Customer Service @ 801-642-3456 or 1 800-815-BANK (2265) toll free to request a new card today.
Albertson’s website notice
PF CHANGS & PEI WEI COMPROMISE: In June, the PF Chang’s restaurant chain (including their casual dining restaurant Pei Wei) reported that they were the victims of a security breach that resulted in the theft of thousands of customers’ credit and debit card information from restaurants across the country. The company released a statement recently confirming the breach that states “On Tuesday, June 10, P.F. Chang’s learned of a security compromise that involves credit and debit card data reportedly stolen from some of our restaurants. Immediately, we initiated an investigation with the United States Secret Service and a team of third-party forensics experts to understand the nature and scope of the incident, and while the investigation is still ongoing, we have concluded that data has been compromised.”
The compromise dates for the breach are yet to be confirmed but are estimated to be within the first several months of 2014. Bank of American Fork is actively contacting card customers that may have been impacted by the PF Chang’s / Pei Wei compromise to replace cards. If you used your debit or credit card during the months mentioned above, have questions or concerns, or would like to request a replacement card, please contact Bank of American Fork Customer Service @ 801-642-3456 or 1 800-815-BANK (2265) toll free, or come into your local branch today.
MICHAELS COMPROMISE: In January, Michaels Companies Inc reported that they were investigating a possible card data breach (Fraud Today Alert 2014-003). The biggest home decor and crafts retailer in the US, has announced that 2 separate 8 month long security breaches have exposed 3 million card numbers.
The company released a statement recently confirming a breach that states "After weeks of analysis, the Company discovered evidence confirming that systems of Michaels stores in the United States and its subsidiary, Aaron Brothers, were attacked by criminals using highly sophisticated malware that had not been encountered previously by either of the security firms,".
The dates for the Michaels'data breach was May 8, 2013 to January 27, 2014. The dates for the Aaron Bothers data breach is June 26th, 2013 to February 27, 2014. Please note that not all retail locations were impacted by this compromise. Bank of American Fork is actively contacting card customers that may have been impacted by the Michaels compromise to replace cards. If you have questions or concerns, please contact Bank of American Fork Customer Service @ 801-642-3456 or 1 800-815-BANK (2265) toll free to request a new card today.
Michaels' website notice
TARGET COMPROMISE: If you used your Bank of American Fork Debit or Credit card at a Target store anytime between November 27th – December 15, 2013 Target has confirmed that your card number has been compromised as part of their nationwide card compromise that recently affected more than 40 million cards. To protect your account against future possible fraudulent transactions, please contact Bank of American Fork Customer Service @ 801-642-3456 or 1 800-815-BANK (2265) to request a new card today.
The FBI reminds holiday shoppers to beware of cyber criminals who are out to steal money and personal information. Scammers use many techniques to defraud consumers, from phishing emails offering too good to be true deals on brand-name merchandise to offering quick cash to victims who will re-ship packages to additional destinations. Previously reported scams are still being executed today.
They suggest when shopping online to use reputable sites because often consumers are shown specials on the web, or even in email offers, that look too good to be true. These sites are used to capture personally identifiable information, including credit card numbers, addresses and phone numbers to make fraudulent transactions. In an FBI November 26, 2013 public service announcement they state, "It’s best to shop on sites with which you are familiar and that have an established reputation as trusted online retailers" referencing the MRC, a nonprofit that supports and promotes operational excellence for fraud, payments and risk professionals within eCommerce.
Some additional tips provided by the FBI to avoid becoming a victim of cyber fraud:
The FBI warns that hackers are using a form of malware, called Citadel, to hijack victims' computers. Computers are infected by visiting infected websites. The malware is reportedly automatically installed after visiting an infected website and the computer is then taken over. Once the loaded malware may freeze the computer and request money to remove the freeze or display a notice indicating that the infected user's computer was used illegally to access illegal sites and that they are required to pay a fine to the U.S. Department of Justice.
Infected individuals are asked to make payments to unfreeze their computers via prepaid money card service. This is of course a crime benefiting online fraudsters. If you believe you have been infected the FBI warns that this form of malware is difficult to remove and may even linger on computers to attempt to capture online usernames and passwords to financial websites. They recommend you work with a computer expert to remove this malware if you are infected.
If you have any questions about online banking security, please contact Bank of American Fork customer service at 1-800-815-BANK (2265).
Bank of American Fork has received a notice from our online banking service provider that they have seen an increased activity with a malware screen takeover that is targeting online banking users with tokens. This particular malware (malicious computer virus) will prompt an infected user to input account and/or token data, which then results in another screen prompt indicating that the user will be unable to access their online banking for 24-hours while maintenance is performed. This allows online fraudsters to take over the computer session and to commit financial fraud.
A similar variant reportedly provides the infected user with a screen pop up asking for several pieces of personal information, including a phone number. Upon completing the questions, the infected user receives a phone call immediately from a caller claiming to be a bank employee letting them know the system will be down for maintenance as well.
Our service provider has recommended customers request IP restrict to block such attempts. Bank of American Fork has additionally posted security recommendations on our website for protecting both yourself and your business online.
If you believe you have been infected with malware or if you have any questions about online banking security, please contact customer service at 1-800-815-BANK (2265).