Business Fraud Alerts
“Heartbleed Bug” Vulnerability
Bryn Mawr Trust uses multiple layers of security to protect our client’s information. One of those layers involves finding andmitigating issues, known as vulnerabilities. Please keep in mind that vulnerabilities do not automatically indicate the loss or theft of information, just the possibility.
You may have heard about a new vulnerability the “Heartbleed Bug”. Once Bryn Mawr Trust became aware of the new vulnerability we conducted an in-depth review of our networks and contacted our third-party vendors to confirm that their systems were secure. This review process is ongoing and we are waiting on our vendors to complete their analysis and make available the results and any concerns. Bryn Mawr Trust will continue to monitor communications from our vendors and quickly address any future identified issues. In addition, Bryn Mawr Trust monitors both the network and bank accounts on a continuous basis forunusual behavior and has procedures in place to address any issues.
Please direct any questions or concerns to our call center: 610-525-1700
For more information about the Heartbleed Bug, please click on the link provided by the security Company, Codenomicon’s — www.heartbleed.com
Smishing Scam entitled “BMTC Alert” 484-639-3924.
Please be advised there is a Smishing (Short Message Service) or Text Message Scam affecting Bryn Mawr Trust Company clients. The message is entitled “BMTC Alert”. The message indicates
that a client’s card has been disabled and directs them to call a phone number that is NOT associated with the Bryn Mawr Trust Company. This message is not authentic and it is recommended that you delete the message and disregard the request to call the phone number. The Bryn Mawr Trust Company will never contact you via SMS or text messages to address problems with your credit, debit, or ATM card,or with any of your accounts with the Bank. Should you have any questions, please contact us immediately at 610-525-1700. — Fraud Prevention Team
New FBI Alert on Phishing Scam
With the holiday shopping season upon us, the FBI Denver Cyber Squad would like to advise citizens of a new spear phishing campaign involving personal and business bank accounts, financial institutions, money mules, and jewelry stores. The campaign involves a variant of the “Zeus” malware called “Gameover.” The spam campaign is pretending to be legitimate e-mails from
the National Automated Clearing House Association (NACHA), advising the user there was a problem with the ACH transaction at their bank and it was not processed. Once they click on the link they are infected with the Zeus or Gameover malware, which is able to key log as well as steal their online banking credentials, defeating several forms of two factor authentication.
After the accounts are compromised, the perpetrators conduct a Distributed Denial of Service (DDoS) attack on the financial institution. The belief is the DDoS is used to deflect attention from the wire transfers as well to make them unable to reverse the transactions (if found). A portion of the wire transfers (not all) are being transmitted directly to high-end jewelry stores, wherein the money mule comes to the actual store to pick up his $100K in jewels (or whatever dollar amount was wired).
Investigation has shown the perpetrators contact the high-end jeweler requesitng to purchase previous stones and high-end watches. The perpetrators advise they will wire the money to the jeweler’s account and someone will come to pick up the merchandise. The next day, a money mule arrives at the store, the jeweler confirms the money has been transferred or is listed as “;ending” and releases the merchandise to the mule. Later on, the transaction is reversed or cancelled (if the financial institution caught the fraud in time) and the jeweler is out whatever jewels the money mule was able to obtain.
The FBI in Denver is asking all consumers to be cautious of opening communications from senders that would not normally send you e-mail or are not from the normal sender e-mail address.
E-mails that claim to be from the FDIC are reportedly in circulation.
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.
The e-mails appear to be sent from various “@fdic.gov” e-mail addresses, such as “email@example.com,” “firstname.lastname@example.org,” or “email@example.com.” They have subject lines that read: “FDIC: Your business account” or “FDIC: About Your Business Account.” The e-mails are addressed to “Business Customer” or “Business Owner” and state “We have important information about your bank” or “…financial institution.” They then ask recipients to “Please click here to find details.”
They conclude with, “This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership.”
These e-mails and the link included are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT, under any circumstances, provide any personal financial information through this media.
Financial institutions and consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.
For your reference, FDIC Special Alerts may be accessed from the FDIC’s Website at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through email, please visit www.fdic.gov/about/subscriptions/index.html.
Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.
ACH Fraud: Tips for Prevention
7 Tips for Secure Transactions
Start with a Dedicated Computer, Then Monitor Closely
To help avoid malware-enabled wire and ACH fraud, here are seven tips for financial institutions to share with their customers:
1. Use a Dedicated Machine
Computers are relatively inexpensive; use a separate dedicated machine for all of your online financial transactions. If multiple people need transaction access, each person must have an additional, separate computer – or leverage terminal services to create a system of clients and dumb terminals.
2. Segregate it from the Network
This dedicated machine must not be part of a Windows domain, Utilize a Local Administrator account that can operate on the account access information. This avoids the “Clampi effect” of one compromised machine leading to a fully infiltrated network where miscreants can more easily steal sensitive account information.
3. Turn off Computer When Not in Use
As trivial as this sounds, shut the machine down when it is not in use; this can limit your exposure – many of the modern worms/trojans exploit vulnerabilities in the Windows Operating System, and contrary to popular belief do not require the user to have taken any actions such as opening emails or visiting malicious websites.
4. Monitor Traffic
Implement firewall/proxy instrumentation on both your ingress and egress points, monitoring and logging all traffic to/from your machine to ensure unauthorized access is denied no matter from what point it is initiated. The machine should be used for financial transactions only; all non-business essential network traffic should be denied to/from this machine.
5. Regulate Changes
Implement a change management process for any work that is to be done on machines performing financial transactions (this should include any changes to proxy or firewall settings that could impact these machines). Changes must require multiple party approvals. Convenience is not an acceptable reason to open access.
6. Think Virtual
Virtualized environments are another option employees can leverage; the solution can work for multiple employees, or employees who travel and who need to perform financial functions on the road. Again, computers are cheap; use a netbook or comparable alternative dedicated exclusively to financial transactions.
7. Mind Your Media
Leverage dedicated, bootable media (CD/DVD/USB…) when performing financial transactions. One could even go a step further and remove the ability to write to the hard drive, so that nothing can actually be stored on the machine, other than the core operating system and key applications.
Source: Rodney Joffe, Senior Technologist at Neustar, Inc., a Sterling, VA-based security firm.
The Clearing House Has Received Information Regarding a Phishing Alert From NACHA:
NACHA — The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA and signed by a non-existent NACHA employee. Specifically, this email claims to be from the “Electronic Payments Association” and appears to be coming from the email address “firstname.lastname@example.org.”
See a sample of the email below.
Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.
Always use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software applications security patches are installed and current.
Be alert for different variations of fraudulent emails.
If you have any questions, please contact:
Senior Director, Communications & Marketing
Scott Lang, AAP
Senior Vice President, Association Services
THIS IS A SAMPLE OF THE FRAUDULENT EMAIL:
From: email@example.com [mailto:firstname.lastname@example.org]
Sent: Tuesday, February 22, 2011 7:32 AM
To: Doe, John
Subject: ACH transaction rejected
The ACH transaction, recently sent from your checking account (by you or any other person), was cancelled by the Electronic Payments Association.
Please click here to view report
Business Fraud Alert from the FDIC
The Federal Deposit Insurance Corporation is aware of an increased number of fraudulent EFT transactions resulting from compromised login credentials.
The Federal Deposit Insurance Corporation (FDIC) is alerting financial institutions that provide Web-based payment origination services for business customers to increased reports of fraudulent
EFT transactions resulting from compromised login credentials. Over the past year, the FDIC has detected an increase in the number of reports and the amount of losses resulting from unauthorized EFTs, such as automated clearing house (ACH) and wire transfers. In most of these cases, the fraudulent transfers were made from business customers whose online business banking software credentials were compromised.
Web-based commercial EFT origination applications are being targeted by malicious software,including Trojan horse programs, key loggers and other spoofing techniques, designed to circumvent
online authentication methods. Illicitly obtained credentials can be used to initiate fraudulent ACH transactions and wire transfers, and take over commercial accounts. These types of malicious code, or “crimeware,” can infect business customers’ computers when the customer is visiting a Web site or opening an e-mail attachment. Some types of crimeware are difficult to detect because of how they are installed and because they can lie dormant until the targeted online banking session login is initiated. These attacks could result in monetary losses to financial institutions and their business customers if not detected quickly.
It is important to actively monitor your accounts to make sure you have not been the victim of this fraudulent activity.
E-mails Containing Malware Sent To Businesses Concerning Their Online Job Postings
Recent FBI analysis reveals that cyber criminals engaging in ACH/wire transfer fraud have targeted businesses by responding via e-mail to employment opportunities posted online.
Recently, more than $150,000 was stolen from a US business via unauthorized wire transfer as a result of an e-mail the business received that contained malware. The malware was embedded in
an e-mail response to a job posting the business placed on an employment website and allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company. The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine and two to domestic accounts. The malware was identified as a Bredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan, which is commonly used by cyber criminals to defraud US businesses.
The FBI recommends that potential employers remain vigilant in opening the e-mails of perspective employees. Running a virus scan prior to opening any e-mail attachments may provide an added layer of security against this type of attack. The FBI also recommends that businesses use separate computer systems to conduct financial transactions.
Reporting Fraud or Suspicious Activity
If you think you have received a fraudulent email, notice suspicious account activity or have concerns about other questionable activity contact us immediately at email@example.com.
For inquires or service requests call us at 610-525-1700.