Fraudulent E-Mails

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.

The e-mails appear to be sent from various "@fdic.gov" e-mail addresses, such as "protection@fdic.gov," "admin@administration.fdic.gov," or "service@admin.fdic.gov."

They have various subject lines such as "Update for your banking account," "ACH and Wire transfers disabled," and "Banking security update."

The fraudulent messages state:

"Dear clients,

Your account ACH and Wire transactions have been temporarily suspended for your Security, due to the expiration of your security version. To download and install the newest Updates, follow this link. As soon as it is set up, your transaction abilities will be fully restored. Best regards, Online security department, Federal Deposit Insurance Corporation."

These e-mails and links are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT install any related files or software updates.

Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact bank customers, nor does the FDIC request bank customers to install software upgrades.

Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to alert@fdic.gov. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.

For your reference, FDIC Special Alerts may be accessed from the FDIC's Web site at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

E-mail Claiming to Be From the FDIC

Information Security

FDIC Warns of Fraudulent E-mails

On April 30, 2010 in a Consumer Alert, the Federal Deposit Insurance Corporation (FDIC) advised institutions and consumers that it has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.

The subject line of the e-mail states: "Just for your time." The e-mail tells recipients that, "The Federal Deposit Insurance Corporation Online department kindly asks you to take part in our quick and easy 5 questions survey." It attempts to entice recipients to take the "survey" by telling them "In return we will credit $50.00 to your account - Just for your time!" The e-mail then directs recipients to click on a link to take the survey.

This e-mail and associated web site are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information or to load malicious software onto computers.

The FDIC does not send unsolicited e-mail to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.

The Federal Deposit Insurance Corporation (FDIC) has also received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.

The subject line of the e-mail states: "check your Bank Deposit Insurance Coverage." The e-mail tells recipients that, "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets."

The e-mail then asks recipients to "visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage" (a fraudulent link is provided). It then instructs recipients to "download and open your personal FDIC Insurance File to check your Deposit Insurance Coverage."

This e-mail and associated Web site are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.

The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail. The email typically has an embedded link for the recipient to click on which some have reported as downloading malware. This is a classic phishing scam.

This information can also be found at the following link: http://www.fdic.gov/consumers/consumer/alerts/index.html

My ID Score

My ID Score is a free public service that gives you a new way to quickly assess your risk of identity theft. Get an instant reading on whether you are at low, medium or high risk of Identity Theft by following the link: www.MyIDScore.com

GET YOUR FREE CREDIT REPORT NOW

One of the best ways to keep fraudsters from using your personal information to commit identity theft is to register for your free annual credit report. You can request a free report on an annual basis from each of the three national consumer credit reporting agencies. Review the information carefully and report any issues that concern you to the reporting agency.

Follow the link here to get your free credit report.

Visit: www.annualcreditreport.com

Debit Card Phishing Scam

We have been made aware that cardholders are receiving phone calls from an automated voice service (AVS) stating that there is an issue with their debit card. At this time the calls are only occurring in PA. The recording asks the cardholder to provide personal information over the phone.

Please note that this is a Phishing Scam and you should disconnect and not provide any information to the AVS.

If you did enter personal information to this AVS please contact Hyperion Bank immediately at our main number - (215) 789-4200 - so that we may close your account and reissue your card to avoid future fraud.

Security Alert

Hyperion Bank was recently notified by MasterCard that an illegal data intrusion into Heartland Payment Systems' computer network may have resulted in the theft of some of our customers' debit card numbers. The intrusion affected merchants that use Heartland's service in the United States.

Some Hyperion Bank customers are affected and have been notified. However, it is important to note that a security breach of this nature involved card information only. No personal information linked to card numbers, such as Social Security numbers, PIN numbers, checking account numbers or cardholders' mailing addresses were compromised.

You can visit Heartland Payment System's website at www.2008breach.com for more information. If you suspect any fraudulent activity on your debit card, you should immediately cal the 1-800 number listed on the back of your card(s).

When "Most Popular" Isn't A Good Thing: Worst Passwords of the Year – And How to Fix Them

SplashData Reveals Its '25 Worst Passwords of the Year' List For 2011, With 'Password' (Yes, That's Right) and '123456' Topping the List

LOS GATOS, CA (Monday, November 21, 2011) – If you're one of those people who thought it was clever to use "password" as your password, it's time to wisen up and make a change. Switching the "o" to a zero to make it "passw0rd"? Not much better. Both are on the list of the 25 most common passwords used on the Internet this year, according to SplashData, a well-known provider of password management applications.

Other common passwords include simple numerical choices like "123456," common names like "ashley" and "michael," and patterns based on the layout of the keyboard like "qwerty" and "qazwsx." There are also some minor mysteries, like the unusual popularity of "monkey" and "shadow." With an increasing number of sites requiring more complex passwords, some letter and number combinations like "abc123" and "trustno1" are being used more often.

In an effort to encourage adoption of stronger passwords, SplashData, a leading provider of password software for more than 10 years, today released its "25 Worst Passwords of the Year" list for 2011. According to SplashData, the most common passwords on the web are:

  • password
  • 123456
  • 12345678
  • qwerty
  • abc123
  • monkey
  • 1234567
  • letmein
  • trustno1
  • dragon
  • baseball
  • 111111
  • iloveyou
  • master
  • sunshine
  • ashley
  • bailey
  • passw0rd
  • shadow
  • 123123
  • 654321
  • superman
  • qazwsx
  • michael
  • football

SplashData's top 25 list was compiled from files containing millions of stolen passwords posted online by hackers, according to CEO Morgan Slain. He advised that if consumers or businesses are using any of the passwords in the list, their passwords should be changed immediately.

"Hackers," Slain said, "can easily break into many accounts just by repeatedly trying common passwords. Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft," Slain said. "What you don't want is a password that is easily guessable. If you have a password that is short or common or a word in the dictionary, it's like leaving your door open for identity thieves."

Even though thieves have more sophisticated hacking tools at their disposal today than ever before, they still tend to prefer easy targets, Slain said. "Just a little bit more sophistication in choosing passwords will go a long way toward making you safer online."

SplashData suggests making passwords more secure with these tips:

Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, "eat cake at 8!" or "car_park_city?"

Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, and financial services. Use different passwords for each new website or service you sign up for.

Having trouble remembering all those different passwords? Try using a password manager application that organizes and protects passwords and can automatically log you into websites. There are numerous applications available, but choose one with a strong track record of reliability and security like SplashID Safe, which has a 10 year history and over 1 million users. SplashID Safe has versions available for Windows and Mac as well as smartphones and tablet devices.

"It's easy to start making your passwords better," Slain said. "Start now; make it a resolution to keep it up and your whole life online will safer and more secure in 2012."

About SplashData, Inc.

SplashData has been a leading developer of productivity and security applications for over 10 years. The company's applications and services have millions of users worldwide and include SplashID Safe, SplashMoney, SplashShopper, SplashTravel, SplashNotes, File Magic, Flight Tracker, Birthdays, and Holiday. SplashData's applications are available at www.splashdata.com and on major smartphone app stores, including Apple's iTunes App Store, Android Market, and BlackBerry App World. SplashData was founded in 2000 and is based in Los Gatos, CA.

Identity Theft and Phishing

A recent study estimates that Identity Theft will victimize more than ten million Americans this year! Don't let it happen to you.

Unfortunately, phishing is now a well-established approach to ID theft. It occurs when a perpetrator posing as a legitimate financial organization uses email to retrieve personal and financial data.

Pharming occurs when an email purporting to be from a known organization carries a computer virus that infects a victim's computer in one of two ways. One sends the victim, who types in a legitimate domain name, to a bogus site. The other records keystroke information and transmits it to a criminal who then uses the data to access the account.

Some suggestions on how to avoid becoming a victim of phishing or pharming:

  1. Never click on links in email text
  2. Be suspicious of any email that does not end with a .com domain name
  3. Ensure that the web site is secure
  4. Update Internet browsers and Windows operating systems
  5. Never act upon any email or pop-up ad that asks for personal or financial information
  6. Review bank and credit card statements immediately
  7. Report suspicious activity to your bank
  8. Report suspicious activity to the Federal Trade Commission

This problem is not going away, nor is there any foolproof solution for it. If you have any doubts whatsoever, contact us immediately.

We will never ask for your personal information in any email we send.

Password Security

Don't use the same password for everything. Avoid using family member, partner, pet and sports idol and team names. In fact, avoid using words that can be found in the dictionary. Don't use your login or user name in your password. Although most consumers create passwords that are easy for us to remember, that makes it easy for the bad guys too.

Use a combination of letters in upper and lower case with numbers and symbols placed between the letters. Make your password at least eight characters. (A 15 character password is 33 thousand times stronger that an eight character password). Never share your password with anyone. And never enter your password on a computer you do not control (public facilities). Change your password frequently (about every month or so).

Internet Security

Don't leave your computer on overnight.

Connect only to trusted websites that you know. Avoid downloading information from sites you do not know.

Be sure when exchanging secure information that the lock displayed at the bottom of your PC screen is in the locked position.

Be certain to get security updates to your system.

Never leave your laptop unattended. Never place your laptop with checked baggage when traveling. Do not leave your laptop in your hotel room, car, conference room or restaurant. Don't use a computer bag to carry your laptop (it's like hanging out a sign to thieves). Keep your laptop's serial number in a separate, safe location in case you need to file a report with police. Always be aware of your surroundings when traveling, don't be a target for 'snatch & run' criminals.

WHAT IS SKIMMING?

Thieves use a device that can capture the magnetic-stripe and keypad information (when you input your PIN (Personal Identification Number) at ATMS, gas pumps or retailers. Then they take cash from your bank account.

PROTECT YOURSELF

Signature based debit card transactions offer you a higher level of security.

We recommend that you always say "credit" when asked by the merchant and sign for your purchases. Saying 'credit' doesn't mean you are using a 'credit card'. It's just the processing method your transaction will use. The funds are automatically deducted from your checking account. Signature based in-store, mail, phone and Internet transactions enjoy the added benefits of MasterCard's Zero Liability protection from unauthorized purchases.

If you require cash back (an amount over the purchase amount and available only at some merchants), you must say 'debit' and enter your PIN (Personal Identification Number) on a keypad.

The funds are still automatically deducted from your checking account. When you enter your PIN, shield the keypad so no one sees what you enter.

If you use your debit card at gas pumps (which are notorious for skimming) choose the screen prompt that identifies it as a credit card, so that you don't have to enter your PIN.

Use ATMs at banks. Thieves have to attach a skimming device to an ATM and then retrieve the device. It's much easier for them at a non-bank ATM.

Sign your card immediately upon receipt.

When using your card always keep it in your sight.

Safeguard your account number and never keep you card and PIN in the same location.

Do not give your PIN to anyone. If you feel it may have been compromised, contact us immediately have your PIN changed.

Always obtain merchant receipts and destroy carbon copies.

Monitor your bank statements regularly. If you suspect you are the victim of fraudulent charges, contact the bank immediately at 215-789-4200.

Notice of Changes in Temporary FDIC Insurance Coverage for Transaction Accounts