Spacer Image

Current Alerts

  • Fraudulent Automated Texts

Federal agencies are reporting fraudulent automated texts being broadcast that warn consumers to call certain numbers to reactivate their payment cards.

 Text messages do not reference a particular issuing brand but they may vaguely refer to a credit union or bank.

Denali State Bank does not send text messages for card activation.  Do not call the number listed.  Call Customer Service at 907-458-4236 with details so we may pass the information along to law enforcement.


  • Heartbleed Bug information

A highly publicized vulnerability has been much talked about of late. In a nutshell, the “Heartbleed Bug” affects OpenSSL (Secure Socket Layer), which is at the heart of internet security. OpenSSL is used to encrypt data transactions online, and is often indicated by the padlock you see in the browser. This bug allows attackers to retrieve sensitive information such as usernames, passwords and credit card details from systems running the affected versions of the software.

The security of your information is important to us. We have assessed our systems and determined that we are not vulnerable to this bug. HOWEVER, some precautions you can take to protect yourself are frequent password changes, update your PCs anti-virus software, avoid suspect websites, and ignore/delete emails from unknown entities.


  • A message for our customers about the Target compromise: 

We want to assure you that we are aware of the reported incident at Target impacting some credit and debit cardholders who used their cards at Target stores between November 27 and December 15, 2013.

 Protecting customer and account information is a top priority and we take it very seriously. We have rigorous fraud systems in place that actively monitor our customers' accounts for suspicious activity. If we suspect fraud, we will contact you to confirm the fraud, then close your card and reopen it with a new account number.

We encourage you to monitor your accounts and if you notice any activity that you do not recognize, you should call us or the number on the back of your card as soon as possible. 

If you have any questions or concerns, please contact us via customerservice@denalistatebank.com or 907-458-4236.

 Frequently Asked Questions

Was my data compromised?
Target is reporting that some credit and debit cards used at Target stores between November 27 and December 15 were compromised. If you did not use your card at a Target store during this timeframe, we do not have reason to believe your card was compromised. We continuously monitor for fraud and if we notice any irregular activity we will individually notify the customer.

What should I do?
Whether you're notified or not, it's always a good idea to check your credit report and be aware of any suspicious activity on all of your accounts.

Has the security breach been fixed?
Yes. Target is working with Visa and MasterCard and law enforcement to ensure no further information is exposed.

 What are the chances that I become a victim of identity theft as a result of this incident?
We were informed that there wasn't significant personally identifying information stolen, such as Social Security numbers or addresses, so we believe that the risk of identity theft is greatly reduced. However, it's always a good idea to check your credit report regularly for incorrect information. In fact, you're entitled to one free copy of your credit report every year at www.annualcreditreport.com or by calling (877) 322–8228


  •    July 18, 2013:  Ransomware Purporting to be From the FBI is Targeting OS X Mac Users. 

Ransomware is used to intimidate victims into paying a fine to “unlock” their computers. Paying the fine does nothing to solve the problem with the computer; do not follow the ransomware instructions. The ransomware has been called “FBI Ransomware” because it uses the FBI’s name. 

The newest version of ransomware targets OS X Mac users. This new version is not a malware; it appears as a webpage that uses JavaScript to load numerous iframes (browser windows) and requires victims to close each iframe. The cyber criminals anticipate victims will pay the requested ransom before realizing all iframes need to be closed. 

The ransomware is pushed to victims’ computers when they browse common websites, specifically when they query popular search terms. Once the web browser is exploited, the victims’ computer displays a pop-up warning that appears to be from the FBI. Cyber criminals use “FBI.gov” within the URL to make the warning appear more legitimate. 

As the FBI saw in 2012, the warning accuses victims of violating various U.S. laws and locks their computer. To unlock the computer and avoid legal issues, victims are told they must pay a $300 fine via a prepaid money card. Attempts to close the warning page results in additional messages that reappear each time victims try to close their web browser. 

The simplest way to remove the ransomware’s iframes is by clicking on the Safari menu and choosing “reset Safari,” make sure all check boxes are selected, or hold down the Shift key while relaunching Safari. This will prevent Safari from reopening windows and tabs from the previous session. Victims can also disable the reopening feature across OS X from the General pane of System Preferences. 

Ransomware messages are an attempt to extort money. If you have received a ransomware message do not follow payment instructions.


  • FBI Warns that Alaskans Targeted in Texting Scam

  If you receive a text message on your cell phone stating that your Debit or Credit card has been de-activated and to call a 907 number in order to re-activate it, do not call the numbers provided in the text.  These texts are attempts to provide fraudsters with the card information necessary to perform fraudulent transactions.

Instead, delete the message and call the number on the back of your card or the listed phone number for the financial institution that issued your card or, if Denali State Bank issued your card, call the Customer Service department at 907-458-4236. And remember to never provide passwords or Personal Identification Numbers (PINs).


  •  June 11, 2012:  LinkedIn Password Hashes Exposed 

Attack Details: Earlier today rumors began circulating that a member of a Russian forum had posted the password hashes for 6.5 million LinkedIn users. When you create a password for a website or service, typically the password itself is not stored. Instead the password is run through an encryption algorithm, and the encrypted version of the password, called a “hash”, is stored. Although the hash itself is more secure than a plaintext password it is still vulnerable to being reverse engineered. This is especially true if the password is based on a regular dictionary word and does not contain capitalization, numbers, or special characters. Although LinkedIn has yet to verify that a breach has occurred on their systems, multiple security researchers have confirmed the legitimacy of the posted hashes. 

 
Countermeasures: LinkedIn has recommended that users update their passwords as soon as possible.


  • April 5, 2012:  Fraudulent Utility Bill E-mail 

The IC3 has received over 40 complaints since May 2011 reporting the receipt of an unsolicited e-mail purportedly from a specified utility company. The e-mail stated the recipient had a new bill which needed to be paid, and the bill was attached to the e-mail. The recipient was instructed to click on the attachment to view their bill. The attachment contained a zip file with a computer virus. The e-mail concluded by stating the recipient received the e-mail message, because he/she receives e-bills from this utility company. Many of the recipients are located in areas of the United States that do not use this utility company as their electric provider.


  • Businesses Targeted With E-mail Purportedly from the Better Business Bureau (BBB) 

 The IC3 has received several complaints from businesses regarding an e-mail, purportedly from the BBB, which states the BBB has received a complaint from a customer regarding their business. The recipient is asked to review the complaint attached to the e-mail and respond to the BBB. The file attached to the e-mail contains a virus. 

In one complaint received by the IC3, a business claimed their computer was infected with a virus after opening the attachment in the e-mail they received. As a result, the business lost nearly $100,000 when fraudsters successfully wired money from the company's bank account after the virus enabled them to capture passwords and other important banking information.

ALERT
Malicious Complaint E-mail Claiming It's From BBB

Better Business Bureau is issuing an urgent SCAM alert cautioning businesses and consumers about an email that looks like it is from BBB, with the subject line "Complaint from your customers." This e-mail is fraudulent; ignore its contents and delete it immediately. If you have already clicked on a link in the e-mail, run a full virus scan of your computer. 

 The e-mails have return addresses that BBB does not use (one example is riskmanager@bbb.org) and it is signed with the address of the Council of Better Business Bureaus, the national office of the BBB system. The e-mail contains a link to a non-BBB web site. Do NOT click on the link. 

BBB is working with law enforcement to determine its source and stop the fraudulent campaign. 


  •   1/29/12 Your ATM or Debit Card Could Be At Risk

 We have received reports of email notifications from what appears to be a service that monitors ATM and debit card transactions for potentially fraudulent activity.  The email warns there may be transactions conducted against the card at overseas locations.

As a reminder to keep all of your information secure: 

  1. Never reply to or click on any links provided in unsolicited emails.    
  2. Do not open attachments included with unsolicited email 
  3. Never give out sensitive personal information online or over the phone in response to an unsolicited request. 

 For more information on protecting your information, please see the “Security” tab on www.denalistatebank.com


  • Fraudulent "FDIC notification" Emails Circulating

 The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that appear to be from the FDIC and contain an infected attachment.

The fraudulent e-mails have addresses such as "no.reply@fdic.gov" or "notify84zma@fdic.gov" on the "From" line. The message appears, with spelling and grammatical errors, as follows:

Subject line: "FDIC notification"

Message body:

"Dear customer,
Your account ACH and WIRE transaction have been temporarily suspended for security reasons due to the expiration of your security version. To download and install the newest installations read the document(pdf) attached below.

As soon as it is setup, you transaction abilities will be fully restored.

Best Regards, Online Security departament, Federal Deposit Insurance Corporation."

The e-mails contain an attachment "FDIC_document.zip" that will likely release malicious software if opened. These e-mails and attachments are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT open the attachment.

Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact consumers, nor does the FDIC request bank customers to install software upgrades.

Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to alert@fdic.gov. 


  • Malicious Software Features Usama bin Laden Links to Ensnare Unsuspecting Computer Users  

The FBI today warns computer users to exercise caution when they receive e-mails that purport to show photos or videos of Usama bin Laden's recent death. This content could be a virus that could damage your computer. This malicious software or "malware" can embed itself in computers and spread to users' contact lists, thereby infecting the systems of associates, friends and family members. These viruses are often programmed to steal your personally identifiable information.

The Internet Crime Complaint Center (IC3) urges computer users to not open unsolicited (spam) e-mails, including clicking links contained within those messages. Even if the sender is familiar, the public should exercise due diligence. Computer owners must ensure they have up-to-date firewall and anti-virus software running on their machines to detect and deflect malicious software.

 The IC3 recommends the public do the following:

 Adjust the privacy settings on social networking sites you frequent to make it more difficult for people you know and do not know to post content to your page. Even a "friend" can unknowingly pass on multimedia that's actually malicious software.

 Do not agree to download software to view videos. These applications can infect your computer. 

  • Read e-mails you receive carefully. Fraudulent messages often feature misspellings, poor grammar and nonstandard English.
  • Report e-mails you receive that purport to be from the FBI. Criminals often use the FBI's name and seal to add legitimacy to their fraudulent schemes. In fact, the FBI does not send unsolicited e-mails to the public. Should you receive unsolicited messages that feature the FBI's name, seal or that reference a division or unit within the FBI or an individual employee, report it to the Internet Crime Complaint Center at www.ic3.gov.


Phishing Alert: Email Claiming to be from the "Electronic Payments Association" – February 22, 2011

 

 NACHA — The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA and signed by a non-existent NACHA employee. Specifically, this email claims to be from the “Electronic Payments Association” and appears to be coming from the email address “payments@nacha.org.” See a sample of the email below.

Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.  

 NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive. 

 If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. 

  Always use anti-virus software and ensure that the virus signatures are automatically updated.

  Ensure that the computer operating systems and common software applications security patches are installed and current.

  Be alert for different variations of fraudulent emails.  

      


  • Internet Crime Complaint Center's (IC3) Scam Alerts

This report, which is based upon information from law enforcement and complaints submitted to the IC3, details recent cyber crime trends and new twists to previously-existing cyber scams.

Romance Scammers Claiming Affiliation With The IC3
 

The IC3 has received several complaints regarding a romance scam originating via a dating website. Generally, in romance scams, the subject claims to be out of the country for a business trip and in need of money. The subject asks potential victims to wire funds for various reasons including paying for a hotel, returning to the states, or paying for a lawyer. 

Recently, the scammers have added a layer of supposed law enforcement involvement in an attempt to convince the victim the scam is legitimate. In one such IC3 complaint, the "investigator" says he is using his private e-mail because the IC3 database is under maintenance. To convince the victim to wire the requested funds, he claims to be assigned to the case and assures the victim that the subject has been "interrogated and investigated" and that he is a safe, "legit business man."

  Other complainants reported having difficulty canceling their membership to the particular dating site, which reportedly offers a "3-day free membership" for their service. The membership is reportedly "automatically" renewed after the three days unless canceled. Complainants reported that the website renewed their membership and charged their credit card over $59 despite the complainant's attempts to cancel the membership. Some complainants said the company did not answer their clls, e-mails, or voice mail messages, while others claimed the company admitted the "error" and offered them free service, but refused to refund the charges.  Phishing E-mail Claims "Your Federal Tax Payment Was Rejected" 

In October 2010, articles were posted online warning consumers about phishing e-mails purportedly from the Electronic Federal Tax Payment System (EFTPS) claiming the recipient's federal tax payment was rejected. The IC3 has received over 150 complaints reporting this matter. Although different versions of this spam campaign exist, many complainants reported that the e-mails they received were titled "LAST NOTICE: Your Federal Tax Payment has been rejected." E-mails stated, "the problem is that system doesn't process your company ID on holidays and we moved your tax payment batch to a waiting list." Recipients were then directed to click on the link provided to obtain more details about their company's status and tax payment batch file. Some complainants reportedly use the electronic system to pay their estimated quarterly taxes, so the e-mail appeared relevant. 

Other related phishing e-mails claimed, "the identification number used in the Company Identification Field is not valid." Recipients were directed to visit hxxp://eftps.gov/r21 and "check the information and refer to Code R21 to get details about your company payment in transaction contacts section."

A recent complaint filed with the IC3 reported the same type of phishing e-mail except this time, the e-mail directed the recipient to open an attachment contained in the e-mail. The e-mail was titled "Your Federal Tax Payment Notice." Like the others, it claimed, "the identification number used in the Company Identification Field is not valid." To entice the recipient to open the attachment, the e-mail stated, "check the attached information and refer to Code R21 to get details about your company payment in transaction contacts section."


  • Telephone Scam Offering Virus Removal Services To Gain Remote Access To Victims' Computers

 The IC3 has received several complaints from victims who reported a telephone scam in which the caller purports to be an employee of a major online company, which develops, manufactures, and supports software along with other products and services. Victims reported that a caller with an Indian accent claimed their computers were infected with viruses. The caller advised the victims they were sending the viruses to others via the Internet, and instructed victims to go to websites such as hxxp://www.irssupport.net, hxxp://www.go4support.org, hxxp://www.teche4pc.com, and hxxp://www.ammyy.com. When the victims navigated to one of the websites, they were further instructed to click on live support or live connect for assistance in removing the viruses. Some victims were instructed to download a program once they were on the hxxp://www.ammyy.com website. After the victim clicked on the link or downloaded the program, the caller gained control of the victim's computer. Victims watched as the caller explored personal files, pointing out files that were infected. Some victims reportedly believe the caller copied their files and obtained their personal information. In some cases, the caller tried to sell the victims' software. Many victims reported loud background noise during the call, indicating a possible boiler room-type operation. Some victims reported the scam to the online software company. The company has an alert on their website warning consumers about this matter.

Quicklinks
Privacy Policy | Security | Calculators | Site Map | Contact Us | EOE | Locations

Spacer Image