Alerts you need to know about.
For your convenience, here is some information on specific types of scams and fraud of which you should be aware.
Android Vulnerability Fraud Alert
Android users should be aware of a vulnerability in the Android operating system that has recently been announced. It’s called “Stagefright.” This vulnerability could allow a fraudster to send an Android phone or other Android based MMS-capable device a text message that can take over the device without the user’s knowledge – even if the user doesn’t view the message. Patches for “Stagefright” have been released, and it is up to the device manufacturers and wireless carriers to push these updates out. This process has already begun for some device models. Older devices may be more vulnerable than newer ones and, according to Google, there is technology on Android devices of 4.0 and higher that should prevent “Stagefright” takeover,. We strongly encourage Android users to contact their mobile carrier about a fix for “Stagefright.” Additionally, some devices have a setting “Automatically retrieve MMS” that the user can disable in order to prevent any malicious text messages from being automatically retrieved. The message would still run, however, if it was clicked on. Disabling the setting would also affect all text message retrievals.
UPDATE: Since the Android vulnerability named “Stagefright” was announced, additional major security issues with Android have been identified. The new flaw discovered by IBM researchers exists in Android versions 4.3-5. and a patch is available, but it is up to phone service providers to decide when and if to deploy it. Android users should look to their device providers to begin issuing security patches on a more regular basis and should adopt the habit of applying those patches on a timely basis.
Unexpected Delivery Fraud
In other cities, some residents have been scammed following a phone call from "Express Couriers" asking if they would be home to receive a delivery. The caller says that the delivery will arrive in roughly an hour. At that time, a uniformed delivery man arrives with a beautiful basket of flowers and wine. (These deliveries have occurred at various times of the year, not just during the holiday season.)
In one specific situation, the recipient was intrigued by the gift and asked who had sent it. The delivery man said he didn’t know, but that a card would arrive separately. He then went on to explain that, because the gift contained an alcoholic beverage, there was a $3.50 "delivery charge" required, as proof the package had been delivered to an adult, and not just left on the doorstep.
This sounded reasonable, so the recipient offered cash. The delivery man then said that the company couldn’t accept cash and required payment by credit or debit card in order to properly account for everything. The recipient provided a card, and swiped it through a mobile card machine that looked much like the machines UPS and FedEx carry. The delivery man then asked that the PIN be entered, and requested the security code from the back of the card. A receipt was even printed out.
Over four days following the delivery, some $4,000 was withdrawn from the recipient’s account using various ATM machines. When the card was swiped, the "mobile payment machine” evidently downloaded all the information from it. With that - and the PIN and security code provided by the recipient - they had everything necessary to create a dummy card.
This sort of scam may have minor variations, but the key lesson is to never give out card information unless it is related to a purchase you made or you know who the gift is from.
Online Security Vulnerability Alert
In the past week an online security vulnerability has been discovered, that has the potential to compromise the computers of account holders accessing the Internet via outdated browsers, such as Internet Explorer versions 5 and 6. The vulnerability has been named 'POODLE' and breaks the SSL (secure sockets layer) feature which encrypts your information on the Internet. In our commitment to your security, and in keeping with industry standards, American Bank will no longer support such browsers, effective late Wednesday, October 22nd.
Because of the vulnerabilities, if you currently utilize Internet Explorer versions 5 or 6, please take steps to update your browser, or consider installing an alternate web browser such as Google Chrome or Mozilla Firefox to minimize any negative impact.
You can find additional information about updating your browser including download links in our Security Center: https://www.americanbank.com/security-center/security-browser-info#UpdateYourBrowser.
Russian Hackers News Alert
We are aware of the news reports that Russian hackers are rumored to have stolen 1.2 billion user log-on credentials. There is little known regarding the Internet sites that have presumably been compromised. American Bank has multiple layers of security and detection systems to protect against such attacks, and we have no report or other indication causing us to suspect that any of our Internet banking services have been victimized. As a security best practice, we encourage you to not register your computer or mobile device with Bank OnLine, so a secure access code is required each time you log in. See additional secure computing practices at https://www.americanbank.com/security-center/stay-protected.
Malicious Internet Advertising Fraud Alert
Please be aware that malicious Internet advertising is being triggered when the user of an infected PC visits bank websites and online banking sites. This ad malware turns key words into fraudulent links with messages and pop-ups offering a reward for completing a survey, recommending you pull a credit report and/or prompting you to update some software - all with the purpose of identity theft. While on AmericanBank.com or American Bank’s Bank OnLine, if you are presented with any such notifications, pop-up’s or advertisements from “Ad by dieal4me” (that’s not a typo), your computer has been infected. This malware may be modified over time, and “dieal4me” may change to another name or be removed completely. Contact us if you feel your computer has been infected and we will disable your Bank OnLine service for your protection until you have successfully removed the malware.
We encourage you to ensure your antivirus software comes from a reputable antivirus vendor, is up-to-date with the most recent version and malware signatures, and is running on your PC(s) or Mac(s). Run full system scans periodically. Conduct your Internet browsing at reputable sites, search the web to be sure the freeware you're about to download is safe, and be especially cautious about installing optional freebies offered with other software. As always, use caution in clicking on links from unsolicited e mail and examine the URLs of your search engine results to make sure they are reputable sites before clicking on them. You can read more about how to stay protected throughout our Security Center: https://www.americanbank.com/security-center/stay-protected.
Merchant Services - Fraudulent EMV Equipment Calls
In October 2015, U.S. merchants who have not adopted credit/debit card equipment that can read the electronic EMV chip embedded in cards will become liable for fraudulent transactions that occur on EMV cards. Fraudsters are using this change as an opportunity to call or email merchants with a ruse that lulls them into divulging credit/debit card reader and account information, thus compromising their accounts. Please be aware that American Bank will contact our Merchant Services customers directly to discuss and schedule deployment of EMV-enabled credit/debit card equipment on a timely basis. As a reminder, never disclose your merchant ID or account number information to anyone over the phone or by email.
Mobile Device Security Alert
06/20/2014 - Security experts have identified malware that is infecting Android mobile devices. The mobile devices are infected when the user follows a link contained in an unsolicited text message. The malware looks for specific mobile banking apps, and then locks up the mobile device demanding money to unlock it. Although this malware only affects Android mobile devices at this time, and does not target American Bank, variants may develop over time targeting other mobile device types and any mobile banking app. We strongly recommend you avoid following links in email and text messages, and recommend you consider adding anti-malware to your mobile device. This malware is called Svpeng. For more information, use your preferred search engine to find a known news source with information on this latest malware.
Internet Explorer Security Alert
Update: On May 1, Microsoft issued a fix for the Internet Explorer vulnerability, including a solution for Microsoft Windows XP users. Please ensure you apply this fix before you use Internet Explorer. We recommend you use a current version of an alternate browser such as Chrome, Firefox or Safari until the fix that Microsoft has release has been applied. You can learn more about the fix and download it directly from Microsoft’s website at http://support.microsoft.com/kb/2965111.
On April 28th, security experts announced the discovery of a bug in Internet Explorer versions 6 through 11. Microsoft has not yet released a fix for this critical vulnerability. We strongly recommend that our customer’s avoid using Internet Explorer until an official update is available from Microsoft. The bug leaves all versions of Internet Explorer open to potential attacks and hackers have already used the flaw to launch “limited, targeted attacks” according to Microsoft. As with many attacks, hackers can start with methods like convincing users to click on fake websites. From there, the glitch could allow attackers to run malicious software on the user's computer -- and even gain the same level of access to the computer as the real user. You can learn more on Microsoft’s website at: https://technet.microsoft.com/en-US/library/security/2963983.
Heartbleed Internet Bug
American Bank is aware of the “Heartbleed” Internet bug. We have been in communication with our Bank OnLine and other electronic banking services providers to ensure that their systems are secure and have determined that our online banking environment was not vulnerable to this bug at any point.
We always recommend that you change your passwords periodically, even when there has been no indication that your log in information could be subject to compromise.
Please visit our Security Center to learn more facts and tips for secure and trouble free e-banking.
Internet Security Alert: XXII Olympic Winter Games
02/07/14 - Cyber criminals may use the XXII Olympic Winter Games as a lure in spam, phishing or infected flash drives to infect unsuspecting individuals' PCs or mobile devices to gain access to personally identifiable information, online banking credentials, and/or credit/debit card information. Everyone should be cautious regarding links in emails, websites and other channels promoting the sale of Olympic-related merchandise or offering special online coverage. Always be certain you are connecting to well-known and trusted merchant websites for purchasing goods online, and access well-known media outlets for Olympic games news and online coverage.
Fraud Alert: Debit Card Phone Calls
Updated 11/25/2013 - A number of customers have reported receiving automated phone calls identified as coming from American Bank, informing them that their debit card has been blocked or closed.
The call asks customers to press 1 to speak with American Bank security, to enter their debit card number or PIN in order to reactivate the card, or to call a number and provide information to unblock or reactivate the card. Variations on these scenarios have also been reported, and customers of other financial institutions in the area have been targeted as well.
While American Bank’s debit card fraud prevention system could legitimately initiate a phone call or text message to debit card holders regarding suspicious activity on their debit cards, card holders will never be asked for their card number, PIN or account number if the call is legitimate.
Should you receive any kind of phone call, text message or e-mail asking you to provide information about your bank accounts or cards, do not respond. These messages are not from American Bank or any service associated with the bank, and the people contacting you are seeking your personal account information in order to commit fraud. Giving out your account or card information jeopardizes your account and could lead to you becoming the victim of identity theft as well.
If you have received a phone call similar to the circumstances described above and have provided the caller with any information related to your accounts or cards, please contact Customer Service immediately so that appropriate action can be taken to protect your account.
Phishing Alert: Fraudulent Texts and Phone Calls
08/09/12 - We have been notified of a phishing attempt taking place in which debit card users are receiving text messages or phone calls indicating their debit card has been blocked. The card holder is prompted to enter the card number to unblock it or requested to call a number and provide information to unblock the card. These calls and/or texts are not from American Bank. Should you receive such a call or text, do not call the number or respond to the message in any way. If you have received a call or text and responded by giving out information related to your card, please contact Customer Service immediately to close your card.
Never give your card number, PIN, account numbers, or other sensitive information to anyone.
Better Business Bureau Issues Nationwide Scam Warning
07/06/2012 - The Better Business Bureau (BBB) has issued a nationwide warning about a new scam claiming that President Obama will pay consumers’ utility bills through a new federal program.
Consumers have been contacted through telephone calls, fliers, social media and text messages, and other means with claims that President Obama is providing credits or applying payments to utility bills.
To receive the money, scammers claim they need the consumer's Social Security Number, and bank routing number and/or account number. In return, customers are given a fraudulent bank routing number to use in order to pay their utility bills through an automated (telephone) service.
The payment service initially ‘accepts’ the payment but then declines it within a few days when the banking information is discovered to be invalid. The consumer’s bill has not been paid and his/her Social Security Number (SSN) and personal financial information have been compromised.
The BBB offers tips to consumers to avoid becoming a victim of this scam, and additional information on identify theft scams. NACHA maintains a Fraud & Phishing Resource area on www.nacha.org.
If you have any questions or suspect suspicious activity, please contact Customer Service.
Phishing Alert: Fraudulent Emails Claiming to be from NACHA
3/31/2011 - The Electronic Payments Association has received reports that individuals and/or companies continue to receive fraudulent e-mails that have the appearance of having been sent from NACHA. These e-mails vary in content and appear to be transmitted from email addresses associated with the NACHA domain (@nacha.org). Some bear the name of fictitious NACHA employees and/or departments.
NACHA itself does not process or touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.
Be aware that phishing e-mails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
Please contact Customer Service if you have questions or concerns.
Telephone Fraud Alert: Your American Bank Check Card
1/27/2011 - We have become aware that some American Bank customers are receiving phone calls notifying them that their Check Card has been deactivated. The recorded message instructs the customer to call a 1-800 number or Press 1 to reactivate the card. These calls are not from American Bank. Should you receive such a call, do not call the number or respond to the message in any way. Never provide card information to unsolicited callers. These types of calls are an attempt to obtain card information from various banks and customers to be used in fraudulent activity. If you have received a call and responded by giving out information related to your card, please contact Customer Service immediately to close your card.
If you are the recipient of one of these calls and can provide us with the phone number from which the call came, along with the name of your phone service carrier, it would be helpful to us in investigating the fraud. Please contact Customer Service with the information.
EFTPS Phishing Scam
A fraudulent e-mail has been circulating with the subject line "LAST NOTICE: Your EFTPS Tax Payment has been rejected." The e-mail gives a return reason code and provides a link to a purported eftps.gov website.
If you receive an e-mail with a subject line similar to the one above, do not open the e-mail or click on any links. Disregard the e-mail and if possible, mark it as Junk Mail and delete it. Do not reply to the e-mail.
EFTPS will never attempt to contact you via e-mail. If you ever receive an e-mail that claims to be from EFTPS or from a sender you do not recognize that mentions a payment made through EFTPS, call the Treasury Inspector General for Tax Administration at (800) 366-4484.
Helpful Hints on Minimizing Fraud, Theft and Embezzlement in Your Business
Fraud committed against bank accounts continues to increase. It is occurring in many ways, and as sophisticated computer technology continues to become more readily attainable and affordable for the average person, fraud will increase even more.
You can protect yourself and your company by educating yourself on what to look for, by having strong internal controls, policies and procedures in place to make it more difficult for fraud to occur, and by training your employees and yourself to be extra vigilant.
To help you, see the attached list of tips on minimizing your potential fraud risk. In addition to these tips, one of your best lines of defense is to routinely and promptly review your bank statements, looking for unusual or unauthorized transactions.
To maximize your protection, you should carefully review the terms of the bank's deposit agreement, paying particular attention to your responsibilities for reviewing statements and notifying the bank of unauthorized items.
If you have questions about your account agreement with us, or about establishing good internal controls to help prevent fraud, we'd be glad to visit with you. Just call any of our Cash Management specialists at (361) 653-5080 and they will set up an appointment to come by at a time convenient for you.
Increased Debit Card Fraud
Across the country, banks and their customers are experiencing significant increases in fraudulent debit card activity. This includes customers of American Bank.
We work closely with MasterCard® and our card processor to monitor card activity and identify new methods for protecting your accounts from fraud. We want you to be aware of a new anti-fraud measure we've recently implemented that may impact your Check Card usage.
- When a clear and active pattern of fraudulent activity is identified, we will block certain types of transactions and/or transactions originating from particular countries, states, and/or merchants.
- The blocks will be removed and added as fraud patterns change.
- The blocks can apply to transactions in person, by phone, or via the Internet.
- The blocks could cause legitimate transactions to be declined.
- The blocks will typically not affect PIN based transactions.
If you experience a declined Check Card transaction, contact Customer Service. If your transaction is blocked because of these anti-fraud measures, we can remove the block for your Check Card, provided you can answer security questions about your account that only you should know.
Removal of your Check Card from the block will be effective only through December 31 of the calendar year in which it is removed. If you wish to continue to have your Check Card removed from the block, a new request must be made by calling Customer Service at the beginning of each subsequent calendar year. We apologize for any inconvenience this may cause, but feel the current fraud environment warrants the added protection for our customers' accounts.
If you are traveling outside of your usual purchasing area, please notify American Bank Customer Service in order to reduce the risk of your card being blocked for suspected fraud.
Should you detect suspicious activity related to your Check Card, contact Customer Service immediately. If you have questions, we will be glad to visit with you.
Community Bank Scams
There has been a recent increase in phishing scams that are targeting Texas community banks. These scams involve multiple methods of contacting bank customers including telephone calls from an automated system, e-mails, and text messages. The messages usually direct the recipients to call either a toll-free or local number because their account has supposedly been compromised. Once the victim calls the number they are asked to provide specific information about their debit cards or accounts. This information is then used to remove funds from the victim’s account.
Never give your card, PIN, account numbers, or other sensitive information to anyone - even if it appears to be legitimate. If you are ever solicited by someone claiming to be from American Bank asking for this information, please do not give them the information and contact us immediately to report the scam, or you can report a potential phishing attempt to your area branch.