Dangerous IRS Spam Run in Circulation
Security researchers warn of a new IRS-themed spam campaigns which takes advantage of the tax filing period to distribute a variant of the infamous ZeuS banking trojan. The rogue emails bear a subject of "Your Federal Tax Payment Notice sn######" (where # is a digit) and have forged headers to appear as they originate from an IRS address.
The message within advises recipients that their tax return filing was rejected by the Electronic Federal Tax Payment System (EFTPS) and asks them to correct the error. "Urgent Report! Your Federal Tax Payment ID: ######## has been rejected. Return Reason Code R21 - The identification number used in the Company Identification Field is not valid. "Please, check the attached information and refer to Code R21 to get details about your company payment in transaction contacts section," the message reads. The attached file is called IRS-TAX-Notification-printing-form-SN######.zip and contains a variant of the ZeuS crimware that has a very low detection rate on Virus Total.
If you have received this email or one similar to it contact Iowa State Bank immediately.
Iowa State Bank has learned that criminals launched a major e-mail campaign to deploy the infamous ZeuS Trojan e-mail, which will send spam messages disguised as fraud alerts from the Internal Revenue Service (IRS), Twitter account hijack warnings, or salacious Youtube.com videos.
The fraudulent IRS e-mail uses the verbiage "Notice of Underreported Income" as the subject line and encourages the recipient to click a hyperlink to review their tax statement. All of the latest e-mails usa a variety of URL shortening services.
Fraudulent Correspondence Claiming To Be From The FDIC
Summary: Fraudulent correspondence bearing the FDIC’s name continues to be mailed, faxed and e-mailed. This correspondence is being used in illegal schemes to collect sensitive personal information, such as bank account numbers, and to steal money and other assets.
The Federal Deposit Insurance Corporation (FDIC) is reminding financial institutions, businesses and consumers that fraudulent correspondence claiming to be from the FDIC continues to be mailed, faxed and e-mailed in the United States and other countries. The correspondence uses various techniques to gain the trust of recipients in hopes they will provide sensitive personal information, including bank account numbers that can be used to steal money and other assets. Recipients should NOT, under any circumstances, respond to the fraudulent requests. Institutions also are encouraged to inform customers that fraud artists may use the names of the FDIC and other government agencies and to take appropriate precautions.
The criminals, knowing that people trust the FDIC name, have duplicated the official logo and seal in fraudulent letters, forms, certificates and other correspondence. Recent examples have included invoices, bills, transfer forms, guarantees, endorsements, and confirmations of stock and investment purchases. In some cases, recipients were asked to complete fraudulent forms and return them by fax or e-mail. In other cases, recipients were asked to remit funds via check or wire transfer service.
The FDIC rarely sends unsolicited bills or other similar documents to financial institutions, businesses and consumers. In particular, the FDIC does not send unsolicited correspondence asking for sensitive personal information, including bank account information. Anyone receiving such correspondence should contact the FDIC immediately by calling toll-free at 1-877-ASK-FDIC (1-877-275-3342) or by e-mailing to firstname.lastname@example.org. Do not use contact information listed for the FDIC in the correspondence because it is likely to be falsified.
Information about counterfeit items, cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC’s Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F-3054, Washington, D.C. 20429, or transmitted electronically to email@example.com. Questions related to fraudulent correspondence, deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp
For your reference, FDIC Special Alerts may be accessed from the FDIC’s website at www.fdic.gov/news/news/SpecialAlert/2009/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.
Iowa State Bank customers receiving fraudulent telephone calls
Iowa State Bank has been alerted to a resurgence of a "vishing" fraud attack that is targeting our debit card customers. The attack consists of an automated telephone call in which a prerecorded voice advises the recipient that the call is on behalf of SHAZAM and that the cardholder must "reactivate" his or her card by entering information immediately. These calls are fraudulent and have not been authorized by Iowa State Bank or SHAZAM.
Iowa State Bank will never contact our customers to request or verify account numbers, personal identification number (PIN), usernames, or passwords.
The following are a few steps to help you prevent the loss of non-public personal information:
- Never provide any personal or company information in any form to an unsolicited caller.
- If someone does call asking for information, tell the caller you are uncomfortable providing this information over the phone and you will call Customer Support to resolve the issue. Then quickly end the call and contact our Customer Support area at 515-288-0111 to report the incident.
- As with phone calls, never respond to any unsolicited request for information that comes through your e-mail; no matter how valid it may appear.
- Never provide confidential information through e-mail or unsecured Web sites.
- Shred all paperwork containing confidential information.
- Review your credit report at least once a year for fraudulent activity.
As part of Iowa State Bank’s commitment to customer service excellence, we keep your contact information strictly confidential. Again, please remember that we will NOT contact you to ask for personal information such as account number, personal identification number (PIN), usernames or passwords.
As a valued Iowa State Bank customer, it's important for you to know that the security of your personal information is our number one priority.
There are many e-mail scams and frauds on the Internet today. Some e-mail frauds try to look like official bank communications. Here's how you can be sure that any electronic communication you receive is from Iowa State Bank;
Iowa State Bank will never ask for passwords, account numbers, or sensitive personal information via e-mail.
Iowa State Bank maintains a strict privacy and information security policy.
If you receive an e-mail that appears to be from Iowa State Bank that requests personal and sensitive information, do not reply to the email and contact us immediately at 515-288-0111.
Fake Check Scams
What is a fake check scam?
It is a fast-growing fraud that could cost you thousands of dollars. There are a number of different scams, but they all begin with someone you don’t know issuing you a realistic-looking check, cashier’s check, traveler’s check, or money order and asking you to deposit or cash it and send them money in return.
What are the warning signs?
New variations of these fake check scams are popping up all the time, but following are a few of the most prevalent.
You are befriended by someone on the internet who asks you to cash a check as a favor.
You are selling something on the internet or in a classified ad and the buyer sends you a check for more than the sales price.
You are hired to work from home and part of your job is to deposit checks to an account you’ve been asked to open.
You receive a check as an “advance” on a lottery or sweepstakes you have never entered or an inheritance from a relative you do not know.
You are asked to wire transfer money acting as a “secret shopper.”
If it sounds too good to be true, be assured it is!
How do I know if the check I have received is legitimate?
Federal regulations require banks to grant access to deposited funds sooner than they can typically be collected. It can take weeks for a fake check to be returned unpaid. Do not rely on funds availability as a determination of the check’s legitimacy. If you receive a check you are unsure about, bring it to any of our branch locations or call 515-288-0111 for Customer Support. A bank employee can help you determine the legitimacy of a check.
What is my responsibility if I am scammed?
You are in the best position to determine the risk of accepting a check or money order because you have dealt with the person who issued it. Deposited items returned unpaid are the obligation of the account holder. The National Consumers League reports the average person loses between $3,000-4,000 on a fake check scam. In addition to losing money, your account could be closed and you could even be charged if law enforcement authorities think you knew the check or money order was counterfeit.
Where should I report a fake check scam?
You may report the scam to Iowa State Bank by either stopping into any of our branch locations or calling 515-288-0111 for Customer Support. You may also report fake check scams directly to the Iowa Attorney General, Tom Miller, at 888-777-4590 or www.IowaAttorneyGeneral.org.
ABA Warns Bankers about Fraudulent E-Mail
ABA’s name is being used in a new phishing e-mail, the association learned. The e-mail informs recipients that an “unauthorized transaction” has been charged to their account using their bank card. The amount of the transaction is listed, and recipients are asked to click on a link to review the transaction.The e-mail is fraudulent, and recipients should not click on the link.
While phishing for personal financial information has been a long-standing practice, criminals are increasingly phishing for access to corporate, small-business and governmental accounts, and they are using that access to withdraw large sums of money from them. Clicking on links in such e-mails could enable the fraudsters to download malicious software into victims’ computers and steal passwords and other account identifiers.
ABA is working with law enforcement to identify the source of the e-mails and to disrupt them. ABA also is encouraging banks to warn their customers -- especially business customers -- to beware of similar phishing schemes. For more information, contact ABA’s Don Rhodes at firstname.lastname@example.org.