Security Bulletins & Alerts
The Federal Deposit Insurance Corporation (FDIC) announced new resources today to educate bank customers about appropriate steps they can take to help avoid fraud and other cyber threats when banking online or on their mobile devices. The information is being issued in advance of National Consumer Protection Week, March 6-12.
.As part of an ongoing effort to highlight safe online banking strategies, the FDIC released two new cybersecurity brochures today aimed at consumers and business customers of financial institutions. The brochures include tips to help users protect and maintain their computer systems and data. In addition to expanded cybersecurity information available online, the FDIC also released a special edition of the quarterly newsletter FDIC Consumer News featuring precautions consumers can take at home and when banking remotely using laptops, desktops, smartphones, and other mobile devices.
.While federally insured financial institutions are required to have vigorous information security programs to safeguard financial data, financial institution customers and businesses also need to know how to steer clear of potential fraudulent situations. The FDIC is using National Consumer Protection Week as an opportunity to remind bank customers about taking appropriate cybersecurity precautions. "As financial institution customers rely more and more on computers, smartphones, and tablets for banking, it is important that they learn how to help protect themselves and their data," FDIC Chairman Martin J. Gruenberg said.
.National Consumer Protection Week is a campaign coordinated by federal agencies, state governments, consumer organizations, and local consumer protection authorities offering tips and information to help consumers better protect themselves. To learn more about National Consumer Protection Week and other resources from the FDIC, visit https://www.fdic.gov/ncpw.
.New EMV Card Email Phishing Scam – October 5, 2015
There’s good news for credit and debit card users. Card issuers and retailers are in the process of switching over to cards with micro-chip technology (EMV Cards) that offer better fraud protection than traditional cards with a magnetic swipe. Card Issuers, including RCB, are sending users new cards and retailers are installing new terminals.
.While the change-over is taking place, new email phishing scams have cropped up. They are attempting to take advantage of consumers who may be waiting for a new chip card to arrive. Be aware of emails that say they are from your bank – or from any bank – that ask for personal information or for you to click on a link.
.Reading Cooperative Bank will not be contacting you by email with respect to your new EMV Card, and we never ask for personal information in an email.
.You can read more about the new cards and related phishing scams in this article: Beware of new smart chip credit card scams. If you have any questions at all, we're here to help. Give us a call or send us an email at email@example.com.
.Information on Phishing Scams - July 9, 2015
Here, you come first. From time-to-time we want to tell you about things you can do to help keep your accounts with us safe and sound.
.Have you heard of "phishing?" Phishing is an email fraud method where someone attempts to obtain financial or other confidential information, like an account number or online username and password. Often this is done with an email that's cleverly drafted to appear as though it's coming from your bank or another trusted source.
.Here are some important things to remember that will ensure the safety and security of your RCB accounts:
.Debit Card Fraud Alert - June 16, 2015
Due to an increase in fraudulent activity, debit card transactions of $100 or more at pharmacies in Massachusetts have been temporarily restricted to PIN only.
.When using your RCB debit card at pharmacies, you will need to select "debit" and complete the transaction using your PIN if the transaction amount is $100 or more. Signature based transactions, those processed by using the "credit" option, will not be processed.
.We are monitoring the situation and will remove this restriction as fraudulent activity diminishes. We appreciate your patience and understanding. A Banking Specialist can be reached at 781-942-5000 during business hours. Should you have any further questions you can email us at firstname.lastname@example.org.
.FREAK Vulnerability Uncovered - March 2, 2015
A new vulnerability was uncovered on March 2, 2015 dubbed FREAK. RCB’s customers can be assured that our online banking system is secure and does not allow for the use of EXPORT ciphers which the FREAK (Factoring attack on RSA-EXPORT Keys) vulnerability uses to attack websites.
.RCB encourages all customers to update vulnerable browsers when available.
.If you have any questions, RCB Banking Specialists can be reached at 781-942-5000 during business hours. You can also e-mail us at email@example.com.
.For more information visit: freakattack.com or computerworld.com
.Home Depot Security Breach - September 20, 2014
The national retailer Home Depot announced a security breach that could potentially impact Reading Cooperative Bank customers who made debit card purchases in Home Depot stores between April and September 2014. If you have any questions, RCB Banking Specialists can be reached at 781-942-5000 during business hours. You can also e-mail us at firstname.lastname@example.org.
.For your information, Home Depot has Safety Tips here.
.Phone Scam Reported - July 30, 2014
Please remember RCB employees will never contact you and ask for your PIN information over the phone. A few institutions have reported an active vishing (voice phishing) scam. Residents of the area are receiving an automated phone call claiming their debit card has been breached/locked. The person is instructed to enter their debit card number, PIN, and sometimes other sensitive information. This is a scam that has occurred in the New England area in the recent past. The fraudsters will cast a wide net, calling as many households as possible in an effort to trick as many people as possible into giving up their information. If you have any questions please contact a Banking Specialist at 781-942-5000.
.Email Phishing Scam Reported - July 16, 2014
Please be mindful of emails, telephone calls or text messages which ask for any personal data or banking information, like account numbers, card numbers or PINs. Remember that RCB will never contact you demanding that you provide information via a link, and will not threaten suspension or closure of an account or account access.
.It has come to our attention that the following email scam is currently being circulated. Please note that it did not come from Reading Cooperative Bank.
We hereby inform you that all ATM card holders are mandated to upgrade their card details on QuickTeller safer Platform. The process will enhance easy online usage inline with cashless policy. Click here to visit the upgrade page. If you have any problem clicking the link above please download the Quickteller platform attached to this message and fill in your card details correctly. Failure to comply will result to permanent ATM card suspension.
.RCB’s Customers Safe - April 9, 2014
RCB’s customers can be assured that our online banking system utilizes a SSL encryption and decryption environment that is NOT vulnerable to this Heartbleed bug.
.Yesterday, a serious vulnerability, dubbed the "Heartbleed Bug", was uncovered and publicly disclosed by security researchers. When exploited, this vulnerability enables an attacker to trick a system into revealing chunks of data residing in its memory. This attack can lead to a server leaking usernames/passwords and other sensitive data. Many well-known sites have been reported as vulnerable to attack. Reading Cooperative Bank customers are not at risk.
.Additional information about the vulnerability can be found here: www.heartbleed.com
.SMSishing Scam Reported - March 27, 2014
There is an active SMSishing (Phishing with Text Messages to cell phones) attack going on in the area. People are receiving the text message below and when you call the number they ask for your Debit Card information.
.The message reads: "Savings Bank ALERT: Your CheckCARD has been temporarily *DEACTIVATED*. Please call Card Services 24hrs line (508)439-6600" If you have given out this information, please contact a RCB Banking Specialist at 781-942-5000 during business hours. Or you can e-mail us at email@example.com.
.Phone Scam Reported - March 7, 2014
Please remember RCB employees will never contact you and ask for your PIN information over the phone. A few institutions have reported an active vishing (voice phishing) scam. Residents of the area are receiving an automated phone call claiming their debit card has been breached. The person is instructed to enter their debit card number, PIN, and sometimes other sensitive information. This is a scam that has occurred in the New England area in the recent past. The fraudsters will cast a wide net, calling as many households as possible in an effort to trick as many people as possible into giving up their information. If you have any questions please contact a Banking Specialist at 781-942-5000.
.Target Security Breach - December 19, 2013
The national retailer Target announced a security breach that could potentially impact Reading Cooperative Bank customers who made debit card purchases in Target stores from Nov. 27th to Dec. 15th.
.Target reports that the card information that was involved in this incident includes:
.Reading Cooperative Bank has not received specific information that any of our customers have been impacted. While we assure you that we are monitoring the situation closely, we strongly encourage you to review your account and report any suspicious or questionable transactions to us immediately.
.If you have any questions, RCB Banking Specialists can be reached at 781-942-5000 during business hours. You can also e-mail us at firstname.lastname@example.org.
.For your information, Target’s official press release can be found here.
.Fraud Alert Telephone Scam Reported - December 13, 2013
Please be aware that some customers are experiencing an attempted telephone fraud. The call is automated and states that your debit card is blocked and they need your bank information in to unblock it. The call is from an 888 number asking for your visa/mastercard number and pin and saying they are calling on behalf of your bank - but they never mention RCB by name.
.This "scam" has been going on throughout the country for the past 1-2 years
.RCB does not use automated dialers, and these phone calls are not from us.
.Should you have any further questions you can email us at email@example.com.
.Bankers Report Seniors Targeted in Shut Down Scam - October 11, 2013
Please be aware that some of our banks are reporting that their customers are experiencing an attempted fraud, possibly related to the government shutdown.
.Seniors in Massachusetts are receiving phone calls and being told that their Medicare direct deposits will be stopped unless they supply their personal bank information for verification. This phishing fraud may be effective because of concerns about a possible government default stopping their payments.
.We suggest that you remind your customers that your bank does not need to verify any account information, and that they should report any such suspicious requests to your bank immediately upon receiving such a phone call or an email. Should you have any further questions you can email us at firstname.lastname@example.org.
.Debit Card Transactions in FL, TX and CA PIN Only - August 6, 2013
Due to fraud trends, debit card transactions at certain merchants in Florida, Texas and California have been migrated to PIN only. When using your RCB debit card at supermarkets, grocery stores, service stations, self-service gas pumps, fast food restaurants, discount stores, department stores and variety stores, you will need to select "debit" and complete the transaction using your PIN. Signature based transactions, those processed by using the "credit" option, will not be processed. A Banking Specialist can be reached at 781-942-5000 during business hours. Should you have any further questions you can email us at email@example.com.
.Publisher Clearing House Check Scam - May 28, 2013
A new lottery scam is making its way around the local area. The "winning item" arrives in the mail and looks to be from Publishers Clearing House and SunTrust Bank. The check indicates that it is an "official check" however SunTrust has confirmed the items are fraudulent.
.Fraudulent International Wire Schemes - April 16, 2013
Bankers'Bank has received several reports of fraudulent international wire schemes targeting their customers. These incidents involve wire transfers being sent to Jamaican nationals in response to purported lottery claims. These are fraudulent schemes. There is NO such contest. The schemes often prey on the elderly. The scam appears to have originated in Maine, moved to New Hampshire, Vermont, and now Massachusetts. Typically, the scammer will tell the victim that they have won millions in an overseas lottery, but need them to wire from a few hundred dollars to several thousand dollars to cover expenses. The scammer will be specific in providing wire instructions to the victim including the purpose of payment which is usually personal in nature. Successful attempts lead to more requests for money. Unsuccessful attempts can lead to threats or belligerent and aggressive behavior. Please review all foreign wire requests thoroughly to ensure the legitimacy of the transaction. Ask for the purpose of payment, especially for even dollar wire requests for Jamaica. We all want to help keep our customers money safe.
.Debit Card Transactions in FL, TX and CA PIN Only - March 6, 2013
Florida has been added to the list of states limited to PIN-based purchases and ATM transactions only.
.As of March 6 all customers who had fraud on their account have been notified with a personal call from a bank employee or in an email stating that they will be receiving a new card. For more details please read below: Fraud Alert - March 6, 2013
.Our Card Processor has notiﬁed its financial institutions that a local retailer has experienced a breach in security; we have notified customers who used their card at this establishment and will be reissuing cards to those customers.
.In addition our processor has advised us that fraudulent items are being processed in the states of Florida, California and Texas using this information.To protect our customers we have limited all card transactions to PIN-based purchases only in Florida, Texas and California. Please be aware that this may affect online purchases. We will reinstate the use of credit purchases as soon as we have re-issued all compromised cards and are conﬁdent that the retailer has remedied the malware situation.
.We will continue to monitor the situation and will update you will more information as it becomes available. A banking specialist can be reached at 781-942-5000 during business hours should you have any further questions or you can email us at firstname.lastname@example.org. Restriction lifted as of April 1, 2013.
.Fraud Alert - March 6, 2013
Our Card Processor has just notified its financial institutions that a local retailer has experienced a breach in security; we are in the process of notifying any customer who used their card at this establishment and will be reissuing cards to those customers.
.In addition our processor has advised us that fraudulent items are being processed in the states of Florida, California and Texas using this information. To protect our customers we have limited all card transactions to PIN-based purchases only in Florida, Texas and California. Please be aware that this may affect online purchases. We will reinstate the use of credit purchases as soon as we have re-issued all compromised cards and are confident that the retailer has remedied the malware situation.
.Again, we are in the process of contacting all affected parties and will continue to monitor the situation. A banking specialist can be reached at 781-942-5000 during business hours should you have any further questions or you can email us at email@example.com
.Check overpayment scams
What is a check overpayment scam?
If you are selling something over the internet or through the classifieds, you may be targeted by a check overpayment scam. You might receive an offer from a potential buyer (often quite generous) and accept it. The scammer then sends you a check, but the check is for more money than the agreed price. The scammer will invent an excuse for the overpayment. For example, the scammer might tell you that the extra money is meant to cover the fees of an agent or extra shipping costs.
.The scammer might just say that it was a mistake they made when they wrote the check. The scammer will then ask you to refund the excess amount—usually through an online banking transfer or a wire transfer (such as Western Union). The scammer is hoping that you will do this before you discover that their check has bounced. You will have lost the money you paid into their account, and if you have already sent the item you were selling, you will lose this as well. At the very least, the scammer will have wasted your time and prevented you from accepting any legitimate offers.
.Requests for your account information ('phishing' scams)
Phishing emails are fake emails usually pretending to be from banks or other financial institutions. They make up some reason for you to give your account details and then use these details to steal your money. What is phishing?
'Phishing' refers to emails that trick people into giving out their personal and banking information. These emails seem to come from legitimate businesses, normally banks or other financial institutions. The scammers are generally trying to get information like your bank account numbers, passwords and credit card numbers. This information is then used to steal your money. Phishing messages and emails often look genuine. They seem to come from a financial institution or other company and they use what looks to be genuine internet addresses. They often copy an institution's logo and message format. This is very easy to do. It is common for phishing messages to contain links to a website that is a convincing fake of the real company's home page. The website that the scammer's email links to will have an address (URL) that is similar to but not the same as the real bank or financial institution's site. For example, if the genuine site is at "www.boston.com", the scammer may use an address like "www.boston.com.log107.biz" or "www.phoneybank.com/boston.com.au/login".
.'Nigerian 419' scams
You are promised huge rewards if you help someone transfer money out of their country by paying fees or giving them your bank account details. A 'Nigerian' scam is a form of upfront payment or money transfer scam. They are called Nigerian scams because the first wave of them came from Nigeria, but they can come from anywhere in the world. The '4-1-9' part of the name comes from the section of Nigeria's Criminal Code which outlaws the practice. The scammers usually contact you by email or letter and offer you a share in a large sum of money that they want to transfer out of their country. They may tell you about money trapped in central banks during civil wars or coups, often in countries currently in the news. Or they may tell you about massive inheritances that are difficult to access because of government restrictions or taxes in the scammer's country. Scammers ask you to pay money or give them your bank account details to help them transfer the money. You are then asked to pay fees, charges or taxes to help release or transfer the money out of the country through your bank. These 'fees' may even start out as quite small amounts. If paid, the scammer makes up new fees that require payment before you can receive your 'reward'. They will keep making up these excuses until they think they have got all the money they can out of you. You will never be sent the money that was promised.
.Phony fraud alerts
Scammers pretend to be from your bank or financial institution and tell you that there is a problem with your account. They ask for your account details to protect your money, but then use these details to steal your money. What is a phony fraud alert? A phony fraud alert is similar to a phishing scam. It can come in the form of an email or a phone call claiming to be from your bank or financial institution. The scammer will usually tell you that your credit card or account has been cancelled because it was involved in criminal activity, or because they suspect your card or details have been stolen. This is a trick to get you to give them your account details. You will be told that a suspicious transaction has recently occurred on your account, perhaps a large purchase in a foreign country. You will be told that if you did not authorize the transaction, you need to take immediate action as your credit card details have been stolen.
.The scammer will ask you to confirm your credit card or account details so the 'bank' can 'investigate'. If you receive an email, it may ask you to visit a website to confirm your credit card details or to find out more information on the supposed 'fraud' to your account./In some variations of this scam, the scammer may already have your credit card number (that they have stolen previously), and may even quote this to you. They will then ask you to confirm that you are the cardholder by telling them the 3 or 4 digit security number printed on the card. If the scammers have this number, they can use your card to buy things over the internet or phone.
.These phony fraud investigations are used to steal your banking details so the scammers can use your account. They work by lowering your guard with the phony fraud alert. They hope that you panic and do what they suggest to fix the 'problem'. They are particularly tricky to spot because real banks and credit unions often do contact people if there has been suspicious activity on their account.
Card skimming is the illegal copying of information from the magnetic strip of a credit or ATM card. This can create a fake or 'cloned' card with your details on it. What is card skimming? 'Card skimming' is the illegal copying of information from the magnetic strip of a credit or ATM card. It is a more direct version of a phishing scam. The scammers try to steal your details so they can access your accounts. Once scammers have skimmed your card, they can create a fake or 'cloned' card with your details on it. The scammer is then able to run up charges on your account. Card skimming is also a way for scammers to steal your identity (your personal details) and use it to commit identity fraud. By stealing your personal details and account numbers the scammer may be able to borrow money or take out loans in your name.
.Contact us at firstname.lastname@example.org