Smishing Scam entitled “BMTC Alert” 484-639-3924.
Please be advised there is a Smishing (Short Message Service) or Text Message Scam affecting
Bryn Mawr Trust Company clients. The message is entitled “BMTC Alert”.
The message indicates
that a client’s card has been disabled and directs them to call a phone number that is NOT associated
with the Bryn Mawr Trust Company.
This message is not authentic and it is recommended that you
delete the message and disregard the request to call the phone number. The Bryn Mawr Trust Company
will never contact you via SMS or text messages to address problems with your credit, debit, or
ATM card,or with any of your accounts with the Bank.
Should you have any questions, please
contact us immediately at 610-525-1700.
— Fraud Prevention Team
New FBI Alert on Phishing Scam
With the holiday shopping season upon us, the FBI Denver Cyber Squad would like to advise citizens
of a new spear phishing campaign involving personal and business bank accounts, financial
institutions, money mules, and jewelry stores. The campaign involves a variant of the "Zeus"
malware called "Gameover." The spam campaign is pretending to be legitimate e-mails from
the National Automated Clearing House Association (NACHA), advising the user there was a
problem with the ACH transaction at their bank and it was not processed. Once they click on
the link they are infected with the Zeus or Gameover malware, which is able to key log as well
as steal their online banking credentials, defeating several forms of two factor authentication.
After the accounts are compromised, the perpetrators conduct a Distributed Denial of Service (DDoS)
attack on the financial institution. The belief is the DDoS is used to deflect attention from the wire
transfers as well to make them unable to reverse the transactions (if found). A portion of the wire
transfers (not all) are being transmitted directly to high-end jewelry stores, wherein the money mule
comes to the actual store to pick up his $100K in jewels (or whatever dollar amount was wired).
Investigation has shown the perpetrators contact the high-end jeweler requesitng to purchase previous
stones and high-end watches. The perpetrators advise they will wire the money to the jeweler's account
and someone will come to pick up the merchandise. The next day, a money mule arrives at the store,
the jeweler confirms the money has been transferred or is listed as ";ending" and releases the merchandise
to the mule. Later on, the transaction is reversed or cancelled (if the financial institution caught the fraud
in time) and the jeweler is out whatever jewels the money mule was able to obtain.
The FBI in Denver is asking all consumers to be cautious of opening communications from senders that
would not normally send you e-mail or are not from the normal sender e-mail address.
FBI Advisory : An increasing level of
unsolicited spam and malicious e-mails.
The Internet Crime Complaint Center (IC3) urges computer users to not open unsolicited (spam)
e-mails, including clicking links contained within those messages. Even if the sender is familiar,
the public should exercise due diligence. Computer owners must ensure they have up-to-date firewall
and anti-virus software running on their machines to detect and deflect malicious software.
The IC3 recommends the public do the following:
• Adjust the privacy settings on social networking sites you frequent to make it more difficult for
people you know and do not know to post content to your page. Even a “friend” can unknowingly pass
on multimedia that’s actually malicious software.
• Do not agree to download software to view videos. These applications can infect your computer.
Read e-mails you receive carefully. Fraudulent messages often feature misspellings, poor grammar,
and nonstandard English.
• Report e-mails you receive that purport to be from the FBI. Criminals often use the FBI’s name
and seal to add legitimacy to their fraudulent schemes. In fact, the FBI does not send unsolicited
e-mails to the public. Should you receive unsolicited messages that feature the FBI’s name, seal,
or that reference a division or unit within the FBI or an individual employee, report it to the
Internet Crime Complaint Center at www.ic3.gov.
The Clearing House Has Received Information Regarding a Phishing Alert From NACHA:
NACHA — The Electronic Payments Association has received reports that individuals and/or companies
have received a fraudulent email that has the appearance of having been sent from NACHA and signed
by a non-existent NACHA employee. Specifically, this email claims to be from the “Electronic Payments
Association” and appears to be coming from the email address “firstname.lastname@example.org.”
See a sample of the email below.
Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious
code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties
or from parties with whom you do not normally communicate, or that appear to be known but are suspicious
or otherwise unusual.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and
financial institutions. NACHA does not send communications to individuals or organizations about individual
ACH transactions that they originate or receive.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus
specialist to remove malicious code or re-install a clean image of the computer system.
Always use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software applications security patches
are installed and current.
Be alert for different variations of fraudulent emails.
If you have any questions, please contact:
Senior Director, Communications & Marketing
Scott Lang, AAP
Senior Vice President, Association Services
THIS IS A SAMPLE OF THE FRAUDULENT EMAIL:
From: email@example.com [mailto:firstname.lastname@example.org]
Sent: Tuesday, February 22, 2011 7:32 AM
To: Doe, John
Subject: ACH transaction rejected
The ACH transaction, recently sent from your checking account (by you or any other person),
was cancelled by the Electronic Payments Association.
Please click here to view report
Security Alert from FDIC - Emails Fraudulently claiming to be from the FDIC
A variety of e-mails fraudulently claiming to be from FDIC have been reported.
Be on the lookout for either of these.
Phony "IDVerify" Link
These e-mails are attempting to get recipients to click on a link, which may ask them to provide
sensitive personal information. They falsely indicate that FDIC deposit insurance is suspended
until the requested customer information is provided.
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers
who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs
the recipient that "in cooperation with the Department of Homeland Security, federal, state and local
governments…" the FDIC has withdrawn deposit insurance from the recipient's account "due to
account activity that violates the Patriot Act." It further states deposit insurance will remain suspended
until identity and account information can be verified using a system called "IDVerify." If consumers
go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential
information, or malicious software may be loaded onto the recipient's computer.
This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information
from consumers. Financial institutions and consumers should NOT access the link provided within the
body of the e-mail and should NOT under any circumstances provide any personal information
through this media.
Phony "Attachment" with Malicious Software
These e-mails also appear to be from FDIC and contain an infected attachment.
They have addresses
such as "no.reply@FDIC.gov" or "notify84zma@FDIC.gov"
on the "From" line. The message appears
with spelling and grammatical errors, as follows:
Your account ACH and WIRE transaction have been
temporarily suspended for security reasons due to the expiration of your
security version. To download and install the newest installations
document (pdf) attached below.
As soon as it is setup, you transaction abilities will be fully restored.
Online Security department, Federal Deposit
These e- mails may be modified over time with other subject lines, sender names, and narratives.
But the fact remains, the FDIC DOES NOT directly contact consumers, nor does the FDIC request bank
customers to install software upgrades.
The e-mails contain an attachment "FDIC document.zip" that will likely release malicious software if
opened. These e-mails and attachments are fraudulent and were not sent by the FDIC. Recipients
should consider these e-mails as an attempt to collect personal or confidential information, or to upload
malicious software onto end users'
computers. Do not open the attachment.
Additionally, information about similar fraudulent attempts can be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, CH-11034, 3501 North Fairfax Drive, Arlington, Virginia 22226, or transmitted electronically to "alert@FDIC.gov.
Important Notice: ABA Warns of Fraudulent Emails
The American Bankers Association has been alerted that someone or a group of individuals
sending emails purporting to be from ABA are actually part of a scam commonly known as phishing.
These con artists are sending emails asking people to click on a link for more information -- a popular
technique to get financial information from the email recipient.
Phishing for financial information has been a long-standing practice. However, criminals are increasingly
phishing for access to corporate, small business and government accounts and using that access
to withdraw large sums of money from those accounts. Clicking on the link could enable fraudsters to
download malicious software on to victims’ computers and steal bank passwords and other account
The emails inform recipients that an “unauthorized transaction” has been charged to their account
using their “bank card.” The amount of the transactions is typically between $3,000 and $7,000.
ABA would never contact a consumer and ask for financial information.
ABA is working with law enforcement to identify the source of the emails and to disrupt them.
ABA offers the following advice to consumers, business and government organizations:
Never give out financial information in response to an unsolicited phone call, fax or email, no matter
how official it may seem. If you are uncertain, call your financial institution or the organization that is
purportedly contacting you using a phone number you know is safe.
If you have already responded to this type of call or email by providing financial information,
contact your financial institution immediately to protect your account;
Be extremely cautious about clicking on links within unsolicited emails. When in doubt, contact
the organization purportedly sending the email.
Inform the ABA about fraudulent phone calls and emails that use ABA’s name by sending an email
The American Bankers Association brings together banks of all sizes and charters into one association.
ABA works to enhance the competitiveness of the nation's banking industry and strengthen America’s
economy and communities. Its members – the majority of which are banks with less than $125 million
in assets – represent over 95 percent of the industry’s $13.5 trillion in assets and employ over
2 million men and women.
FBI Fraud Advisory Information
Fraud Advisory for Consumers Involvement in Criminal Activity through Work from Home Scams
Consumers continue to lose money from work-from-home scams that assist cyber criminals move stolen
funds. Worse yet, due to their deliberate or unknowing participation in the scams, these individuals may
face criminal charges. Work-from-home scam victims are often recruited by organized cyber criminals
through newspaper ads, online employment services, unsolicited emails or “spam”, and social networking
sites advertising work-from-home opportunities. Once recruited, however, rather than becoming an
employee of a legitimate business, the consumer is actually a “mule” for cyber criminals who use the
consumer’s or other victim's accounts to steal and launder money. In addition, the consumer’s own
identity or account may be compromised by the cyber criminals.
Example of a Work-From-Home Scheme:
• An individual applies for a position as a rebate or payments processor through an online job site or
through an unsolicited email.
• As a new employee, the individual is asked to provide his/her bank account information to his/her
employer or to establish a new account using information provided by the employer.
• Funds are deposited into the account that the employee is instructed to wire to a third (often international)
account. The employee is instructed to deduct a percentage of the wired amount as their commission.
• However, rather than processing rebates or processing payments, the individual is actually participating
in a criminal activity by laundering stolen funds through his/her own account or a newly established account.
In February 2010, the U.S. Federal Trade Commission (FTC) coordinated with state law enforcement
officials and other federal agencies to announce a sweeping crack down on job and work-from-home
fraud schemes fueled by the economic downturn. Individuals who are knowing or unknowing participants
in this type of scheme could be prosecuted.
• Be wary of work-from-home opportunities. Research the legitimacy of the company through the Better
Business Bureau (for US-based companies) or WHOIS/Domain Tools (for international companies)
before providing personal or account information and/or agreeing to work for them. In addition,
TrustedSource.org can help you identify companies that may be maliciously sending spam based on
the volume of email sent from their Internet Protocol (IP) addresses. See also the FTC’s recommendations.
• Be cautious about any opportunities offering the chance to work from home with very little work or
prior experience. Remember: if it looks too good to be true, it usually is.
• Never pay for the privilege of working for an employer. Be suspicious of opportunities that require
you to pay for things up front, such as supplies and other materials.
• Never give your bank account details to anyone unless you know and trust them.
• If you think you may be a victim of one of these scams, contact your financial institution immediately.
Report any suspicious work-from-home offers or activities to the Internet Crime Complaint Center (IC3)7
For more information, visit:
• PhishBucket.org, a nonprofit organization dedicated to protecting job seekers from fraudulent job offers.
• OnGuardOnline.org. Sponsored by the FTC, this site provides practical tips from the federal government
and the technology industry to help you be on guard against Internet fraud, secure your computer,
and protect your personal information.
• Better Business Bureau, http://www.bbb.org/us/article/work-at-home-schemes-408.
Important Notice: New Phishing and Telephone Scams Being Perpetrated!
Please be aware that Bryn Mawr Trust will never ask you to verify confidential information by e-mail
or by telephone. To ensure that you do not divulge confidential information to unauthorized individuals,
we urge you not to respond to any e-mail or telephone request that asks you to provide your confidential
personal information. To learn more about how you can prevent Identity Theft Click here or call our
Customer Service Center at 610-525-1700, Monday through Friday from 7:30 a.m. to 6:00 p.m. or
e-mail us at email@example.com if you have any questions concerning your account(s) and/or the
Internet Banking system.
A Fedwire Phishing Scheme is also being perpetrated which involves fraudulent emails claiming to be
from the Federal Reserve Bank that warn of a phishing attack on the Fedwire system.
Reporting Fraud or Suspicious Activity
If you think you have received a fraudulent email, notice suspicious account activity or have concerns
about other questionable activity contact us immediately at firstname.lastname@example.org.
For inquires or service requests call us at 610-525-1700.