The FDIC said that it has received reports of fraudulent emails that appear to be from the agency. The emails appear to be sent from FDIC email addresses and have subject lines such as “Update for your banking account,” “ACH and Wire transfers disabled,” and “Banking security update.” The emails and links were not sent by the FDIC and seek to collect personal or confidential information or to load malicious software. The FDIC does not directly contact bank customers or request bank customers to install software upgrades. Read more: http://www.fdic.gov/news/news/SpecialAlert/2011/sa11021.html
Security Information Archive
FDIC Releases Alert on Fraudulent Emails
Wednesday, July 20th, 2011Fraudulent E-Mail Alert
Friday, June 3rd, 2011Special Alert
SUBJECT: Fraudulent E-Mails Claiming to Be From the FDIC Summary: E-mails that claim to be from the FDIC are reportedly in circulation. The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC. The e-mails appear to be sent from various “@fdic.gov” e-mail addresses, such as “subscriptions@fdic.gov,” “alert@fdic.gov,” or “accounts@fdic.gov.” They have subject lines that read: “FDIC: Your business account” or “FDIC: About Your Business Account.”
The e-mails are addressed to “Business Customer” or “Business Owner” and state “We have important information about your bank” or “…financial institution.” They then ask recipients to “Please click here to find details.” They conclude with, “This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership.”
These e-mails and the link included are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT, under any circumstances, provide any personal financial information through this media. Financial institutions and consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.
For your reference, FDIC Special Alerts may be accessed from the FDIC’s Website at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through email, please visit www.fdic.gov/about/subscriptions/index.html. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.
Sandra L. Thompson Director Division of Supervision and Consumer Protection
Your Financial Records: What to Toss and When
Friday, April 15th, 2011
Bank statements, credit card bills, canceled checks and other documents can be useful for tax purposes, as proof of a transaction or payment, or for other reasons. But how long should you keep them?
FDIC Consumer News can’t tell you when it’s safe to throw away financial documents. One thing to remember, though, is that federal tax rules require you to have receipts and other records that support items on a return for as long as the IRS can assess you additional tax.
“In very general terms, because the IRS has about six years to assess additional tax if you underreported your income by more than 25 percent, many tax advisors recommend holding all tax records for about seven years, building in extra time for any unforeseen delays in processing your return,” said Rick Cywinski, an FDIC tax policy manager. He also noted that the tax period is unlimited if the IRS suspects fraud.
With tax considerations in mind, here are suggestions that may be reasonable for many people.
Credit card and bank account statements: Save those with no tax significance for about a year, but those with tax significance should be saved for seven years.
Canceled checks: Those unrelated to anything you claimed on your income tax form and not needed to show you’ve paid a bill or debt probably can be destroyed after you’ve verified that your bank statement is correct. But canceled checks that support your tax returns, such as charitable contributions or tax payments, probably should be held for seven years.
And, you may want to keep indefinitely any canceled checks and related receipts or documents for a home purchase or sale, renovations or other improvements to a property you own. But once a home has been sold and another seven years have passed, checks related to renovations or improvements can be destroyed.
Of course, many banks no longer send cancelled checks, although they may provide copies of the originals. “You can keep the copies of your tax-related checks if you get them from your bank, but if you don’t get copies with your statement, you have some options,” said Evelyn Manley, a Senior Consumer Affairs Specialist at the FDIC.
“The most conservative approach is to order copies of important checks soon after your statement arrives,” she said. “Another is to keep the information on your bank statement to order copies if you’re audited in the future because, in general, banks that do not return original checks to customers are required to keep copies of checks for seven years.”
Also, she said, if you keep records electronically, be sure to back up your data. You can store it in various ways (on CDs, flash drives and so on), but as old technology is no longer supported, you will need to transfer your old data to new media. Another option is to research different companies that provide backup storage online, either free or for a small charge.
Deposit, ATM, credit card and debit card receipts: Save them until the transaction appears on your statement and you’ve verified that the information is accurate. You may make an exception for receipts for expensive items. If they are under warranty or you have to file an insurance claim, the receipt may be helpful.
Finally, before tossing away any document that contains a Social Security number, bank account number or other personal information (especially financial information), shred it to avoid becoming a victim of identity theft.
For additional guidance on what records to toss and when, ask your accountant, attorney or another trusted advisor.
Alert…Were you affected by Epsilon data breach?
Tuesday, April 5th, 2011Note: This incident does not directly involve First Savings online activity, and none of our customer data has been compromised. We are not a client of the online marketing company involved in the breach. However, it is likely that many of First Savings customers could be impacted by this incident, if they have online accounts with any of the other merchants or financial institutions involved.
This short update on the Epsilon breach was published April 5, 2010 by CNET, a respected online technology review site. It contains good basic information on the breach and some good suggested precautions for consumers who feel they may have been impacted.
The list of customers affected by the Epsilon database breach continues to grow.
The breach, which took place last week but was announced over the weekend, compromised the e-mail addresses and some names belonging to the customers of many major U.S. companies that outsource their marketing and e-mail communications to Epsilon.
The company said Monday that 2 percent of the companies it counts as clients are affected by the security breach. There is no official list of affected companies that’s available, and a company spokesperson said Epsilon cannot release the names of its clients. Epsilon is in the midst of conducting an investigation of what led to the security breach.
The list of Epsilon clients whose customer e-mail addresses were stolen is not complete, and is likely to grow. But so far Target, Kroger, TiVo, US Bank, JPMorgan Chase, Capital One, Citi, Home Shopping Network, Ameriprise Financial, LL Bean Visa Card, McKinsey & Company, Ritz-Carlton Rewards, Marriott Rewards, New York & Company, Brookstone, Walgreens, The College Board, Disney Destinations, and Best Buy have notified their own customers about the breach. Hilton Hotels and Ethan Allen are also said to be affected.
Here are some tips on what to do if you did receive an e-mail from one of the companies above or if you believe one of them does have your e-mail or name, and what could happen next.
How do you know if you’re affected?
If you’ve ever given your e-mail address to any of the above companies, you probably are.
What will happen?
Most of the companies that are talking about it say the information that was stolen is limited to e-mail addresses and possibly names. Credit card companies and banks like Chase and Capital One say they do not believe any financial information was compromised.
But a bunch of e-mail addresses in the wrong hands means what’s likely to result is a rise in phishing scams. “Phishing” is an attempt to use e-mail to try to get you to reveal more personal information about yourself. This can include usernames, passwords, Social Security numbers, or account numbers.
Many times phishers are simply guessing and will pick a company that a broad group of people does business with, like PayPal, or a government entity, like the IRS. The threat in the Epsilon case is now whoever gets access to these lists of e-mail addresses knows exactly what companies count you as a customer. That means phishing attempts can be much more targeted and therefore potentially harder to spot because they can masquerade as being from a bank or company such as the ones listed above.
What should you do about it?
Do not open e-mail from someone you don’t know. That’s pretty simple. But you’ll also need to be extra vigilant now that phishers may know specifically where you shop, what airline you fly, or where you bank. Look at the e-mail address–if it’s purportedly from one of the companies above but ends in something other than .com, especially an international domain like .uk, that’s a good indication it’s a scam since most phishing attempts originate outside the U.S. Also be on the lookout for spelling errors in the e-mail address, URL, or body of the e-mail, or e-mails whose tone sounds particularly urgent.
If you do open the e-mail, don’t click any links. A common phishing practice is to ask people to click a link to update their personal information.
If in doubt, call the company
If you get an e-mail from one of the companies listed above asking for any information, and you’re unsure if it’s legitimate, you can always call them. Many retailers affected by the Epsilon breach are notifying their customers now that they would never ask for sensitive information via e-mail.
Read more:
http://news.cnet.com/8301-31021_3-20050555-260.html#ixzz1IeXIHmfN
FDIC Issues Consumer Phishing Alert
Thursday, January 13th, 2011Federal Deposit Insurance Corporation
550 17th Street NW, Washington, D.C. 20429-9990 Division of Supervision and Consumer Protection
SA-10-2011
January 12, 2011
SPECIAL ALERT
SUBJECT: Consumer Alert
Summary: E-mails fraudulently claiming to be from the FDIC are attempting to get recipients to click on a link, which may ask them to provide sensitive personal information. These e-mails falsely indicate that FDIC deposit insurance is suspended until the requested customer information is provided.
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that “in cooperation with the Department of Homeland Security, federal, state and local governments…” the FDIC has withdrawn deposit insurance from the recipient’s account “due to account activity that violates the Patriot Act.” It further states deposit insurance will remain suspended until identity and account information can be verified using a system called “IDVerify.” If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient’s computer.
This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.
The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.
For your reference, FDIC Special Alerts may be accessed from the FDIC’s Web site at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.
Sandra L. Thompson
Director
Division of Supervision and Consumer Protection
Distribution: FDIC-Supervised Banks (Commercial and Savings)
Note: Paper copies of FDIC Special Alerts may be obtained through the FDIC’s Public Information Center, 877-275-3342 or 703-562-2200.
