Smishing Scam entitled “BMTC Alert” 484-639-3924.
Please be advised there is a Smishing (Short Message Service) or Text Message Scam affecting
Bryn Mawr Trust Company clients. The message is entitled “BMTC Alert”.
The message indicates
that a client’s card has been disabled and directs them to call a phone number that is NOT associated
with the Bryn Mawr Trust Company.
This message is not authentic and it is recommended that you
delete the message and disregard the request to call the phone number. The Bryn Mawr Trust Company
will never contact you via SMS or text messages to address problems with your credit, debit, or
ATM card,or with any of your accounts with the Bank.
Should you have any questions, please
contact us immediately at 610-525-1700.
— Fraud Prevention Team
New FBI Alert on Phishing Scam
With the holiday shopping season upon us, the FBI Denver Cyber Squad would like to advise citizens
of a new spear phishing campaign involving personal and business bank accounts, financial
institutions, money mules, and jewelry stores. The campaign involves a variant of the "Zeus"
malware called "Gameover." The spam campaign is pretending to be legitimate e-mails from
the National Automated Clearing House Association (NACHA), advising the user there was a
problem with the ACH transaction at their bank and it was not processed. Once they click on
the link they are infected with the Zeus or Gameover malware, which is able to key log as well
as steal their online banking credentials, defeating several forms of two factor authentication.
After the accounts are compromised, the perpetrators conduct a Distributed Denial of Service (DDoS)
attack on the financial institution. The belief is the DDoS is used to deflect attention from the wire
transfers as well to make them unable to reverse the transactions (if found). A portion of the wire
transfers (not all) are being transmitted directly to high-end jewelry stores, wherein the money mule
comes to the actual store to pick up his $100K in jewels (or whatever dollar amount was wired).
Investigation has shown the perpetrators contact the high-end jeweler requesitng to purchase previous
stones and high-end watches. The perpetrators advise they will wire the money to the jeweler's account
and someone will come to pick up the merchandise. The next day, a money mule arrives at the store,
the jeweler confirms the money has been transferred or is listed as ";ending" and releases the merchandise
to the mule. Later on, the transaction is reversed or cancelled (if the financial institution caught the fraud
in time) and the jeweler is out whatever jewels the money mule was able to obtain.
The FBI in Denver is asking all consumers to be cautious of opening communications from senders that
would not normally send you e-mail or are not from the
normal sender e-mail address.
E-mails that claim to be from the FDIC are reportedly in circulation.
The Federal Deposit Insurance Corporation (FDIC) has received numerous
reports of fraudulent e-mails that have the appearance of being from the
The e-mails appear to be sent from various "@fdic.gov" e-mail addresses,
such as "firstname.lastname@example.org," "email@example.com," or "firstname.lastname@example.org."
They have subject lines that read: "FDIC: Your business account" or "FDIC:
About Your Business Account."
The e-mails are addressed to "Business Customer" or "Business Owner" and
state "We have important information about your bank" or "…financial
institution." They then ask recipients to "Please click here to find
They conclude with, "This includes information on the acquiring bank (if
applicable), how your accounts and loans are affected, and how vendors can
file claims against the receivership."
These e-mails and the link included are fraudulent and were not sent by the
FDIC. Recipients should consider the intent of these e-mails as an attempt
to collect personal or confidential information, or to load malicious
software onto end users' computers. Recipients should NOT access the link
provided within the body of the e-mails and should NOT, under any
circumstances, provide any personal financial information through this
Financial institutions and consumers should be aware that other subject
lines and modifications to the e-mails may occur over time. The FDIC does
not directly contact consumers in this manner nor does the FDIC request
personal financial information from consumers.
For your reference, FDIC Special Alerts may be accessed from the FDIC's
Website at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn
how to automatically receive FDIC Special Alerts through email, please
Questions related to federal deposit insurance or consumer issues should be
submitted to the FDIC using an online form that can be accessed at
ACH Fraud: Tips for Prevention
7 Tips for Secure Transactions
Start with a Dedicated Computer, Then Monitor Closely
To help avoid malware-enabled wire and ACH fraud, here are seven tips for financial
institutions to share with their customers:
1. Use a Dedicated Machine
Computers are relatively inexpensive; use a separate dedicated machine for all of your online financial
transactions. If multiple people need transaction access, each person must have an additional,
separate computer – or leverage terminal services to create a system of clients and dumb terminals.
2. Segregate it from the Network
This dedicated machine must not be part of a Windows domain, Utilize a Local Administrator account
that can operate on the account access information. This avoids the “Clampi effect" of one compromised
machine leading to a fully infiltrated network where miscreants can more easily steal sensitive account
3. Turn off Computer When Not in Use
As trivial as this sounds, shut the machine down when it is not in use; this can limit your exposure –
many of the modern worms/trojans exploit vulnerabilities in the Windows Operating System, and contrary
to popular belief do not require the user to have taken any actions such as opening emails or visiting
4. Monitor Traffic
Implement firewall/proxy instrumentation on both your ingress and egress points, monitoring and logging
all traffic to/from your machine to ensure unauthorized access is denied no matter from what point it is
initiated. The machine should be used for financial transactions only; all non-business essential network
traffic should be denied to/from this machine.
5. Regulate Changes
Implement a change management process for any work that is to be done on machines performing
financial transactions (this should include any changes to proxy or firewall settings that could impact
these machines). Changes must require multiple party approvals. Convenience is not an acceptable
reason to open access.
6. Think Virtual
Virtualized environments are another option employees can leverage; the solution can work for multiple
employees, or employees who travel and who need to perform financial functions on the road. Again,
computers are cheap; use a netbook or comparable alternative dedicated exclusively to financial
7. Mind Your Media
Leverage dedicated, bootable media (CD/DVD/USB…) when performing financial transactions. One
could even go a step further and remove the ability to write to the hard drive, so that nothing can
actually be stored on the machine, other than the core operating system and key applications.
Source: Rodney Joffe, Senior Technologist at Neustar, Inc., a Sterling, VA-based security firm.
The Clearing House Has Received Information Regarding a Phishing Alert From NACHA:
NACHA — The Electronic Payments Association has received reports that individuals and/or companies
have received a fraudulent email that has the appearance of having been sent from NACHA and signed
by a non-existent NACHA employee. Specifically, this email claims to be from the “Electronic Payments
Association” and appears to be coming from the email address “email@example.com.”
See a sample of the email below.
Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious
code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties
or from parties with whom you do not normally communicate, or that appear to be known but are suspicious
or otherwise unusual.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and
financial institutions. NACHA does not send communications to individuals or organizations about individual
ACH transactions that they originate or receive.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus
specialist to remove malicious code or re-install a clean image of the computer system.
Always use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software applications security patches
are installed and current.
Be alert for different variations of fraudulent emails.
If you have any questions, please contact:
Senior Director, Communications & Marketing
Scott Lang, AAP
Senior Vice President, Association Services
THIS IS A SAMPLE OF THE FRAUDULENT EMAIL:
From: firstname.lastname@example.org [mailto:email@example.com]
Sent: Tuesday, February 22, 2011 7:32 AM
To: Doe, John
Subject: ACH transaction rejected
The ACH transaction, recently sent from your checking account (by you or any other person),
was cancelled by the Electronic Payments Association.
Please click here to view report
Business Fraud Alert from the FDIC
The Federal Deposit Insurance Corporation is aware of an increased number of fraudulent EFT
transactions resulting from compromised login credentials.
The Federal Deposit Insurance Corporation (FDIC) is alerting financial institutions that provide
Web-based payment origination services for business customers to increased reports of fraudulent
EFT transactions resulting from compromised login credentials. Over the past year, the FDIC has
detected an increase in the number of reports and the amount of losses resulting from unauthorized
EFTs, such as automated clearing house (ACH) and wire transfers. In most of these cases, the
fraudulent transfers were made from business customers whose online business banking software
credentials were compromised.
Web-based commercial EFT origination applications are being targeted by malicious software,
including Trojan horse programs, key loggers and other spoofing techniques, designed to circumvent
online authentication methods. Illicitly obtained credentials can be used to initiate fraudulent ACH
transactions and wire transfers, and take over commercial accounts. These types of malicious code,
or "crimeware," can infect business customers' computers when the customer is visiting a Web site
or opening an e-mail attachment. Some types of crimeware are difficult to detect because of how they
are installed and because they can lie dormant until the targeted online banking session login is initiated.
These attacks could result in monetary losses to financial institutions and their business customers
if not detected quickly.
It is important to actively monitor your accounts to make sure you have not been the victim of this
E-mails Containing Malware Sent To Businesses Concerning Their Online Job Postings
Recent FBI analysis reveals that cyber criminals engaging in ACH/wire transfer fraud have targeted
businesses by responding via e-mail to employment opportunities posted online.
Recently, more than $150,000 was stolen from a US business via unauthorized wire transfer as a
result of an e-mail the business received that contained malware. The malware was embedded in
an e-mail response to a job posting the business placed on an employment website and allowed the
attacker to obtain the online banking credentials of the person who was authorized to conduct financial
transactions within the company. The malicious actor changed the account settings to allow the sending
of wire transfers, one to the Ukraine and two to domestic accounts. The malware was identified as a
Bredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan, which is commonly
used by cyber criminals to defraud US businesses.
The FBI recommends that potential employers remain vigilant in opening the e-mails of perspective
employees. Running a virus scan prior to opening any e-mail attachments may provide an added layer
of security against this type of attack. The FBI also recommends that businesses use separate computer
systems to conduct financial transactions.
Reporting Fraud or Suspicious Activity
If you think you have received a fraudulent email, notice suspicious account activity or have concerns
about other questionable activity contact us immediately at firstname.lastname@example.org.
For inquires or service requests call us at 610-525-1700.