EQUIFAX CYBERSECURITY ALERT!
You may have heard about the Equifax cybersecurity incident which could impact a very large number of consumers. As always, we recommend that you monitor your account activity and contact your bank representative immediately at 518-758-7101 if you see any activity that you did not initiate.
We also recommend that you use the resources provided by Equifax. You may find those resources by visiting www.EquifaxSecurity2017.com or by calling 1-866-447-7559. The Equifax contact center is open every day, including weekends from 7am - 1am.
You may also visit the Federal Trade Commission website at https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do?utm_source=govdelivery for more information.
ALERT: Kinderhook Bank Mobile and Tablet Apps ... Don’t be fooled by fakes!
Don’t be fooled by rogue app stores that provide downloads of potentially malicious or infected apps. Kinderhook Bank Mobile and Tablet apps are only available from the App StoreTM or Google PlayTM websites. Downloading apps from any other site could pose security risks to your personal banking information. If you have any questions, don’t hesitate to contact us at 518.758.7101 or visit any branch location.
Warning: Fictitious Correspondence Regarding the Release of Funds Supposedly Under the Control of the Office of the Comptroller of the Currency
Fictitious correspondence, allegedly issued by the Office of the Comptroller of the Currency (OCC) regarding funds purportedly under the control of the OCC and possibly other government entities, is in circulation. Correspondence may be distributed via e-mail, fax, or postal mail. Any document claiming that the OCC is involved in holding any funds for the benefit of any individual or entity is fraudulent. The OCC does not participate in the transfer of funds for, or on behalf of, individuals, business enterprises, or governmental entities. The correspondence may indicate that funds are being held by a specific financial institution and that the recipient is required to pay a “Clean Bill of Records Certificate (C.B.R.C.)” fee before the funds are released to the beneficiary.
E-mails being sent in regard to this scam appear to be sent from officials at the OCC, but they are not. The e-mail address used in the electronic correspondence may be from [firstname.lastname@example.org]. This material is being sent to consumers in an attempt to elicit funds from them and to gather personal information to be used in possible future identification theft.
Before responding in any manner to any proposal supposedly issued by the OCC that requests personal information or personal account information, or that requires the payment of any fee in connection with the proposal, recipients should take steps to verify that the proposal is legitimate. At a minimum, the OCC recommends that consumers:
- Contact the OCC directly to verify the legitimacy of the proposal (1) via e-mail at email@example.com; (2) by mail to the OCC’s Special Supervision Division, 400 7th St. SW, Suite 3E-218, MS 8E-12, Washington, DC 20219; (3) via fax to (571) 293-4925; or (4) by calling the Special Supervision Division at (202) 649-6450.
- Contact state or local law enforcement.
- File a complaint with the Internet Crime Complaint Center at www.ic3.gov if the proposal appears to be fraudulent and was received via e-mail or the Internet.
- File a complaint with the U.S. Postal Inspection Service by telephone at (888) 877-7644; by mail at U.S. Postal Inspection Service, Office of Inspector General, Operations Support Group, 222 S. Riverside Plaza, Suite 1250, Chicago, IL 60606-6100; or via the online complaint form at https://postalinspectors.uspis.gov/forms/MailFraudComplaint.aspx, if the proposal appears to be fraudulent and was delivered through the U.S. Postal Service.
Warning: Debit Card Scam Alert
Kinderhook Bank has been informed that some customers have received automated phone calls telling them that their debit card has been suspended and are being asked to provide their card information (card number, expiration, PIN) to reactivate it. The Bank will never contact customers and request this type of information. If you are contacted, DO NOT give out any card information and please contact Card Services at (518)758-7101 as soon as possible.
Warning: Text Message Scam Alert
We have been notified that some customers and employees are receiving a phony text message as follows:
(Urgent Notification.) Call: 302-223-4547
When they call the number, a computerized female voice welcomes you to "24 hours banking system" and advised that your debit card has been "limited". You are then asked for your 16-digit card number, your 4-digit expiration date (MMYY) and your 4-digit PIN number.
Please be advised that this is a SCAM and is not being sent by Kinderhook Bank. If you feel you have been scammed with this text message, please notify us immediately by calling 518-758-7101 and ask for Card Services to take immediate action.
Warning: Social Security Scam
As people make the switch from receiving a check for Federal Benefits like Social Security, to electronic payment or direct deposit, scammers are trying to take advantage and steal personal information...don't be fooled! Recently calls are being made from scammers saying they are from Medicare. They are trying to confirm that you are a QMB (Qualified Medicare Beneficiary) by giving you your name, phone number, routing number, and partial account number (last four digits). They also appear to know the expected date of the next Social Security payment and are attempting to verify the whole account number and customer's date of birth. According to Social Security, they then use this information to contact SSA and attempt to change the information to get payment put on a pre-paid debit card which is then sent to the scammer. DO NOT GIVE OUT OR CONFIRM ANY PERSONAL ACCOUNT INFORMATION OVER THE PHONE TO ANYONE. Individuals can block access to internet or telephone changes to information on file with the Social Security Administration at www.socialsecurity.gov/blockaccess.
New Phishing EMail Scheme
Fiserv, our systems provider, has become aware of a new phishing email scheme that is working its way across the Internet involving emails that references the “eNFact” fraud monitoring product. The email directs recipients to click on a link that takes them to a mock-Fiserv site that may initiate an installation of malicious software; this website is in no way associated with Fiserv or the eNFact product. Fiserv has shared this information with Kinderhook Bank and instructed that if you have received this phishing attack via email, or if you receive it at any time from this point forward:
1. Do not open the email;
2. Do not click on the link contained in the email; clicking on any of the links contained in the email may install malicious software on your system;
3. If a link is clicked, your organization’s Information Security personnel should immediately take your system off of the network;
4. Report the email to your organization’s Information Security personnel;
5. Delete the email from your “Inbox” and “Sent Items; and
6. If you have inadvertently clicked on the link please notify your local helpdesk for assistance as soon as possible.
At this time there is no evidence or indication that any of the Fiserv systems have been affected.
Fiserv is taking three steps. They have asked the hosting provider of the phishing site to take it down, although they are presently unsure whether our request will be honored. Second, FISERV has reported this to the regulatory authorities, whose engagement may help them get the attention of both the phishing site’s hosting provider and law enforcement. Third, they are researching the potentially malicious payload the phishing site could install, and will provide us with more information you may be able to use to limit infection in your own environment and will issue further communications as soon as they have info to share.
NUBK.com Email Fraud
There are fraudulent emails circulating that appear to be from Kinderhook Bank's Accounting Dept and/or Sales Dept that request the recipient verify account information. Please be assured that Kinderhook Bank will never send an email to a customer asking for account information or verification of any kind. If you receive this type of email, do not respond with any information. It is important that you regularly monitor your personal bank accounts and always use a secure method of verifying any personal information. By clicking the Contact Us form on www.yourkindofbank.com, you can safely communicate with Kinderhook Bank staff for answers to any account questions or concerns. Or, you can reach us directly at (518) 758-7101.
Masquerading Web site - "helpwithmybank.com"
The Office of the Comptroller of the Currency (OCC) has been informed that the above-mentioned Web site, “helpwithmybank.com,” is attempting to masquerade as the legitimate Web site, “helpwithmybank.gov,” and contains potentially damaging malware. The illegitimate site redirects the user to the legitimate site “helpwithmybank.gov” in an attempt to convince users that they are connecting to a legitimate site. Attempts to connect to the fake Web site could expose the user to harmful malware.
Any information that you may have concerning this matter should be brought to the attention of:
|Mail:||Office of the Comptroller of the Currency
Enforcement & Compliance Division, MS 8-10
250 E St. SW, Washington, DC 20219
Phishing - NACHA – The Electronic Payments Association
NACHA has received reports that individuals and/or companies continue to receive fraudulent emails that have the appearance of having been sent from NACHA. These emails vary in content and appear to be transmitted from email addresses associated with the NACHA domain (@nacha.org). Some bear the name of fictitious NACHA employees and/or departments.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.
Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computeroperating systems and common software application security patches are installed and current.
FTC Consumer Alert
How Not to Get Hooked by a 'Phishing' Scam
Internet scammers casting about for people's financial information have a new way to lure unsuspecting victims: They go "phishing". Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.
According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with - for example, your Internet Service Provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to "update" or "validate" your account information. It might threaten some dire consequence if you don't respond. The message directs you to a Web site that looks just like a legitimate organization's site, but it isn't. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.
The FTC, the nation's consumer protection agency, suggests these tips to help you avoid getting hooked by a phishing scam:
- If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address. In any case, don't cut and paste the link in the message.
- Don't email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's Web site, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a website that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
- Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
- Use anti-virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Antivirus software and a firewall can protect you from inadvertently accepting such unwanted files. Antivirus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It's especially important to run a firewall if you have a broadband connection. Finally, your operating system (like Windows or Linux) may offer free software "patches" to close holes in the system that hackers or phishers could exploit.
- Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
- Report suspicious activity to the FTC. If you get spam that is phishing for information, contact https://www.ftccomplaintassistant.gov. If you believe you've been scammed, file your complaint at www.ftc.gov, and then visit the FTC's Identity Theft Web site at http://www.ftc.gov/idtheft to learn how to minimize your risk of damage from ID theft. Visit www.ftc.gov/spam to learn other ways to avoid email scams and deal with deceptive spam. The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues , visit http://www.ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.
Protect Yourself From Identity Theft
Think of how many times a day you share your personal information. You may write a check at the local grocery store, apply for a credit card, make a call on your cell phone, charge tickets to a Milwaukee Bucks game, mail your tax return or buy Midwest Express tickets over the Internet.
With each transaction, you share your personal information: your bank and credit card account numbers, your income, your social security number, your name, address and phone number.
In 1998, Congress passed a law making identity theft a federal crime. The U.S. Secret Service, FBI and U.S. Postal Inspection Service investigate violations of the Act. Persons accused of identity theft are prosecuted by the Department of Justice.
Wisconsin also has passed legislation making identity theft a felony, and criminals there have been convicted of the crime.
Consumer complaints about identity theft continue to grow. More than 40 percent of all complaints filed with the U.S. Federal Trade Commission last year were for identity theft.
Unless you live your life in a bubble, you can't prevent the stealing of your personal information, but you can minimize the risks of this crime happening to you by following these suggestions:
- Never divulge information about your social security number, credit card number, account passwords and other personal information unless you initiate contact with a person or company you know and trust.
- Don't carry around more checks, credit cards and other bank items than you really need. Don't carry your social security number in your wallet, and be sure to pick passwords and PINs (Personal Identification Numbers) that will be tough for someone to figure out. Don't write your social security number on your check.
- Protect your incoming and outgoing mail, especially envelopes that may contain checks, credit card applications or other information valuable to a fraud artist. Deposit outgoing mail, especially something containing personal financial information in the official Post Office collection boxes, hand it to the mail carrier, or take it to the local post office instead of leaving it in your home mailbox.
- Before discarding credit card applications, cancelled checks, bank statements or other information useful to an identity thief, tear them up as best you can, preferably by using a paper shredder.
- Safely store extra checks, credit cards and documents that list your social security number.
- Contact your financial institution immediately if you lose your checkbook or bank credit card, if there is a discrepancy in your records, or if you notice something suspicious such as a missing payment or unauthorized withdrawals.
- If your credit card bill doesn't arrive on time, contact your credit card company. This could be a sign that someone has stolen your account information, changed your address and is making large charges in your name from another location.
- Once a year check your credit record with the three major credit bureaus. To order your report, call the following toll-free numbers; Equifax: 800-685-1111 Experian: 888-397-3742 Trans Union: 800-888-4213
If you are a victim of identity theft, take the following steps:
- Contact the fraud departments of each of the three major credit bureaus and request a "fraud alert" be placed on your file and no new credit be granted without your approval.
- Close any accounts that have been fraudulently accessed or opened.
- File a local police report and get a copy of the report to your bank, credit card company or others that may need proof of the crime.
The Federal Trade Commission (FTC) is the federal clearinghouse for complaints by victims of identity theft. Although the FTC does not have the authority to bring criminal cases, it can assist victims by providing information to help resolve problems that can result from identity theft. Should you find yourself a victim of identity theft, you can file a complaint with the FTC by calling toll-free 1-877-ID-THEFT (438-4338).
Most of us assume that thieves are only interested in the cash in our wallet or purse, when in many cases, they are more interested in access to sensitive information that can be used to steal our identity. Use caution and don't be the next victim of identity theft or other financial fraud.
|| TOP ||