These U.S. government agencies are good sources of information on fraud alerts:
February 1 - E-mail Claiming to be from the FDIC
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being sent from the FDIC. The e-mails are addressed to the attention of the "Accounting Department" and meant to notify recipients that the "ACH and WIRE transactions" are being blocked until "a special security software" is installed. It instructs recipients to go to a Web site for instructions on how to download the necessary files by clicking on a hyper-link provided.
This e-mail and link are fraudulent. The FDIC does not issue unsolicited e-mails to consumers or business account holders. If you receive such an e-mail delete it and do not click on the link. Learn more about recognizing phishing attempts.
June 8 - LinkedIn Passwords Compromised
There are reports that the social networking site LinkedIn has suffered a security breach resulting in the compromise of some users' passwords. This could give the hackers access to users' profiles and e-mail information. It is recommended that if you have a LinkedIn account you immediately change your password and if you have used that password elsewhere (e.g. online banking, shopping sites, etc.) to also change those passwords. There is a possibility of phishing or malicious e-mails resulting from this breach (e.g. LinkedIn invites from people you don't know) or offers to "verify" if your password was leaked. Do not respond to these e-mails, or click on the links. Read more about phishing and how to spot it.
February 24 - Fraudulent OCC Correspondence
The Office of the Comptroller of the Currency (OCC) is warning the public of fraudulent e-mails, faxes and letters being sent in a phishing attempt to gather personal and account information.
The correspondence has the appearance of coming from the OCC, the U.S. Department of Homeland Security, or the U.S. Department of Justice. It indicates that funds are being held for the individual or business by the OCC because of the need for payment of a 0.059 percent revenue charge to the U.S. Internal Revenue Service. It contains forged signatures of actual OCC officials and a fictitious mailing address.
If you receive a correspondence such as this do not respond. If you feel it may be legitimate, contact the OCC directly to verify at firstname.lastname@example.org or by calling the Special Supervision Division at (202) 874-4450.
February 16 - Tax Season Phishing Scams and Malware
As tax deadlines draw near there is often an increase in the number of tax related phishing scams and malware. Customers are reminded to remain cautious when receiving unsolicited email that could be part of a potential phishing scam or malware campaign. Some common tax time themes in fraudulent e-mails (but not all) are:
- Information that refers to a tax refund
- Warnings about unreported or under-reported income
- Offers to assist in filing for a refund
- Details about fake e-file websites
These messages may even appear to be from the IRS and often ask users to submit personal information via email or to follow a link to a website that requests personal information or contains malicious code. To protect yourself from these types of phishing scams and malware campaigns:
- Do not respond to request for personal information from an unsolicited e-mail
- Maintain up-to-date antivirus software
- Refer to the IRS website for information and samples of known scams
- Learn more about recognizing phishing scams and protecting yourself from malware.
January 27 - Fraudulent ACH E-mails
We have received reports of fraudulent e-mails being received that have the appearance of having been sent from NACHA (the National Automated Clearing House Association).
The e-mail claims to be from the "Electronics Payment Association" and appears to be coming from an e-mail address "@nacha.org." It says it is in regard to a rejected ACH transfer from your account and contains a link to a report with more information. The link contains a virus that when clicked on can infect your computer.
If you receive such an e-mail do not click on the link. Instead, you should forward the e-mail claiming to be from NACHA to email@example.com and then immediately delete the e-mail. NACHA does not process the ACH transactions that flow between organizations and financial institutions and will never contact individuals or organizations about individual ACH or Wire transactions. Learn more about recognizing phishing attempts.
December 20 - LinkedIn Phishing E-mails
There has been a recent increase in the number of phishing e-mails being sent to LinkedIn users. The e-mails can come in several forms including invitations from people you don't recognize and ACH transaction alerts. Clicking on links in the e-mail will take you to a phishing site where you will be asked to provide sensitive information or a virus/malware will attempt to download to your computer. By passing the mouse over the links (do not click on it) the phishing link is revealed as not being part of LinkedIn.
If you receive a suspicious e-mail from LinkedIn delete the e-mail and do not click on the links. As a reminder, Rabobank will never initiate a request for sensitive information (e.g. Social Security number, account number, etc.) through unsecured means such as telephone, text message or e-mail.