Federal agencies are reporting fraudulent automated texts being broadcast that warn consumers to call certain numbers to reactivate their payment cards.
Text messages do not reference a particular issuing brand but they may vaguely refer to a credit union or bank.
Denali State Bank does not send text messages for card activation. Do not call the number listed. Call Customer Service at 907-458-4236 with details so we may pass the information along to law enforcement.
A highly publicized vulnerability has been much talked about of late. In a nutshell, the “Heartbleed Bug” affects OpenSSL (Secure Socket Layer), which is at the heart of internet security. OpenSSL is used to encrypt data transactions online, and is often indicated by the padlock you see in the browser. This bug allows attackers to retrieve sensitive information such as usernames, passwords and credit card details from systems running the affected versions of the software.
The security of your information is important to us. We have assessed our systems and determined that we are not vulnerable to this bug. HOWEVER, some precautions you can take to protect yourself are frequent password changes, update your PCs anti-virus software, avoid suspect websites, and ignore/delete emails from unknown entities.
We want to assure you that we are aware of the reported incident at Target impacting some credit and debit cardholders who used their cards at Target stores between November 27 and December 15, 2013.
Protecting customer and account information is a top priority and we take it very seriously. We have rigorous fraud systems in place that actively monitor our customers' accounts for suspicious activity. If we suspect fraud, we will contact you to confirm the fraud, then close your card and reopen it with a new account number.
We encourage you to monitor your accounts and if you notice any activity that you do not recognize, you should call us or the number on the back of your card as soon as possible.
If you have any questions or concerns, please contact us via firstname.lastname@example.org or 907-458-4236.
Frequently Asked Questions
What should I do?
Has the security breach been fixed?
What are the chances that I become a victim of identity theft as a result of this incident?
Ransomware is used to intimidate victims into paying a fine to “unlock” their computers. Paying the fine does nothing to solve the problem with the computer; do not follow the ransomware instructions. The ransomware has been called “FBI Ransomware” because it uses the FBI’s name.
The ransomware is pushed to victims’ computers when they browse common websites, specifically when they query popular search terms. Once the web browser is exploited, the victims’ computer displays a pop-up warning that appears to be from the FBI. Cyber criminals use “FBI.gov” within the URL to make the warning appear more legitimate.
As the FBI saw in 2012, the warning accuses victims of violating various U.S. laws and locks their computer. To unlock the computer and avoid legal issues, victims are told they must pay a $300 fine via a prepaid money card. Attempts to close the warning page results in additional messages that reappear each time victims try to close their web browser.
The simplest way to remove the ransomware’s iframes is by clicking on the Safari menu and choosing “reset Safari,” make sure all check boxes are selected, or hold down the Shift key while relaunching Safari. This will prevent Safari from reopening windows and tabs from the previous session. Victims can also disable the reopening feature across OS X from the General pane of System Preferences.
Ransomware messages are an attempt to extort money. If you have received a ransomware message do not follow payment instructions.
If you receive a text message on your cell phone stating that your Debit or Credit card has been de-activated and to call a 907 number in order to re-activate it, do not call the numbers provided in the text. These texts are attempts to provide fraudsters with the card information necessary to perform fraudulent transactions.
Instead, delete the message and call the number on the back of your card or the listed phone number for the financial institution that issued your card or, if Denali State Bank issued your card, call the Customer Service department at 907-458-4236. And remember to never provide passwords or Personal Identification Numbers (PINs).
Attack Details: Earlier today rumors began circulating that a member of a Russian forum had posted the password hashes for 6.5 million LinkedIn users. When you create a password for a website or service, typically the password itself is not stored. Instead the password is run through an encryption algorithm, and the encrypted version of the password, called a “hash”, is stored. Although the hash itself is more secure than a plaintext password it is still vulnerable to being reverse engineered. This is especially true if the password is based on a regular dictionary word and does not contain capitalization, numbers, or special characters. Although LinkedIn has yet to verify that a breach has occurred on their systems, multiple security researchers have confirmed the legitimacy of the posted hashes.
The IC3 has received over 40 complaints since May 2011 reporting the receipt of an unsolicited e-mail purportedly from a specified utility company. The e-mail stated the recipient had a new bill which needed to be paid, and the bill was attached to the e-mail. The recipient was instructed to click on the attachment to view their bill. The attachment contained a zip file with a computer virus. The e-mail concluded by stating the recipient received the e-mail message, because he/she receives e-bills from this utility company. Many of the recipients are located in areas of the United States that do not use this utility company as their electric provider.
The IC3 has received several complaints from businesses regarding an e-mail, purportedly from the BBB, which states the BBB has received a complaint from a customer regarding their business. The recipient is asked to review the complaint attached to the e-mail and respond to the BBB. The file attached to the e-mail contains a virus.
In one complaint received by the IC3, a business claimed their computer was infected with a virus after opening the attachment in the e-mail they received. As a result, the business lost nearly $100,000 when fraudsters successfully wired money from the company's bank account after the virus enabled them to capture passwords and other important banking information.
Better Business Bureau is issuing an urgent SCAM alert cautioning businesses and consumers about an email that looks like it is from BBB, with the subject line "Complaint from your customers." This e-mail is fraudulent; ignore its contents and delete it immediately. If you have already clicked on a link in the e-mail, run a full virus scan of your computer.
The e-mails have return addresses that BBB does not use (one example is email@example.com) and it is signed with the address of the Council of Better Business Bureaus, the national office of the BBB system. The e-mail contains a link to a non-BBB web site. Do NOT click on the link.
BBB is working with law enforcement to determine its source and stop the fraudulent campaign.
We have received reports of email notifications from what appears to be a service that monitors ATM and debit card transactions for potentially fraudulent activity. The email warns there may be transactions conducted against the card at overseas locations.
For more information on protecting your information, please see the “Security” tab on www.denalistatebank.com.
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that appear to be from the FDIC and contain an infected attachment.
The FBI today warns computer users to exercise caution when they receive e-mails that purport to show photos or videos of Usama bin Laden's recent death. This content could be a virus that could damage your computer. This malicious software or "malware" can embed itself in computers and spread to users' contact lists, thereby infecting the systems of associates, friends and family members. These viruses are often programmed to steal your personally identifiable information.
The Internet Crime Complaint Center (IC3) urges computer users to not open unsolicited (spam) e-mails, including clicking links contained within those messages. Even if the sender is familiar, the public should exercise due diligence. Computer owners must ensure they have up-to-date firewall and anti-virus software running on their machines to detect and deflect malicious software.
The IC3 recommends the public do the following:
Adjust the privacy settings on social networking sites you frequent to make it more difficult for people you know and do not know to post content to your page. Even a "friend" can unknowingly pass on multimedia that's actually malicious software.
Do not agree to download software to view videos. These applications can infect your computer.
Phishing Alert: Email Claiming to be from the "Electronic Payments Association" – February 22, 2011
NACHA — The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA and signed by a non-existent NACHA employee. Specifically, this email claims to be from the “Electronic Payments Association” and appears to be coming from the email address “firstname.lastname@example.org.” See a sample of the email below.
Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.
Always use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software applications security patches are installed and current.
Be alert for different variations of fraudulent emails.
This report, which is based upon information from law enforcement and complaints submitted to the IC3, details recent cyber crime trends and new twists to previously-existing cyber scams.
The IC3 has received several complaints regarding a romance scam originating via a dating website. Generally, in romance scams, the subject claims to be out of the country for a business trip and in need of money. The subject asks potential victims to wire funds for various reasons including paying for a hotel, returning to the states, or paying for a lawyer.
Recently, the scammers have added a layer of supposed law enforcement involvement in an attempt to convince the victim the scam is legitimate. In one such IC3 complaint, the "investigator" says he is using his private e-mail because the IC3 database is under maintenance. To convince the victim to wire the requested funds, he claims to be assigned to the case and assures the victim that the subject has been "interrogated and investigated" and that he is a safe, "legit business man."
Other complainants reported having difficulty canceling their membership to the particular dating site, which reportedly offers a "3-day free membership" for their service. The membership is reportedly "automatically" renewed after the three days unless canceled. Complainants reported that the website renewed their membership and charged their credit card over $59 despite the complainant's attempts to cancel the membership. Some complainants said the company did not answer their clls, e-mails, or voice mail messages, while others claimed the company admitted the "error" and offered them free service, but refused to refund the charges. Phishing E-mail Claims "Your Federal Tax Payment Was Rejected"
In October 2010, articles were posted online warning consumers about phishing e-mails purportedly from the Electronic Federal Tax Payment System (EFTPS) claiming the recipient's federal tax payment was rejected. The IC3 has received over 150 complaints reporting this matter. Although different versions of this spam campaign exist, many complainants reported that the e-mails they received were titled "LAST NOTICE: Your Federal Tax Payment has been rejected." E-mails stated, "the problem is that system doesn't process your company ID on holidays and we moved your tax payment batch to a waiting list." Recipients were then directed to click on the link provided to obtain more details about their company's status and tax payment batch file. Some complainants reportedly use the electronic system to pay their estimated quarterly taxes, so the e-mail appeared relevant.
Other related phishing e-mails claimed, "the identification number used in the Company Identification Field is not valid." Recipients were directed to visit and "check the information and refer to Code R21 to get details about your company payment in transaction contacts section."
A recent complaint filed with the IC3 reported the same type of phishing e-mail except this time, the e-mail directed the recipient to open an attachment contained in the e-mail. The e-mail was titled "Your Federal Tax Payment Notice." Like the others, it claimed, "the identification number used in the Company Identification Field is not valid." To entice the recipient to open the attachment, the e-mail stated, "check the attached information and refer to Code R21 to get details about your company payment in transaction contacts section."
The IC3 has received several complaints from victims who reported a telephone scam in which the caller purports to be an employee of a major online company, which develops, manufactures, and supports software along with other products and services. Victims reported that a caller with an Indian accent claimed their computers were infected with viruses. The caller advised the victims they were sending the viruses to others via the Internet, and instructed victims to go to websites such as , , , and . When the victims navigated to one of the websites, they were further instructed to click on live support or live connect for assistance in removing the viruses. Some victims were instructed to download a program once they were on the website. After the victim clicked on the link or downloaded the program, the caller gained control of the victim's computer. Victims watched as the caller explored personal files, pointing out files that were infected. Some victims reportedly believe the caller copied their files and obtained their personal information. In some cases, the caller tried to sell the victims' software. Many victims reported loud background noise during the call, indicating a possible boiler room-type operation. Some victims reported the scam to the online software company. The company has an alert on their website warning consumers about this matter.
|Home||Member FDIC | Equal Housing Lender|