The Internet Crime Complaint Center (IC3) has recently received reports regarding a scam that baits individuals into intimate online conversations and then extorting them for financial gain. The scam was initiated after the victims met someone online, such as on a dating site, and were asked to connect via a specific online social network. Shortly after, the conversations became sexual in nature. Later, victims received text messages, either containing their names, asking if it was them or containing a statement that indicated their names were posted on a particular website. The victims were provided a link to a page on the website that claimed they were a “cheater.” Photos of the victims and their telephone numbers were also posted. There was an option to view and buy the posted conversations for $9. Victims were also given the option to have their names and conversations removed for $99. Some were even told that once the payment was made, the information would be removed within an hour and the website would not allow anyone to post anything pertaining to the victims’ names again. However, reports do not indicate that the information was ever removed. 

The Internet Crime Complaint Center (IC3) has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out e-mail. A link within these advertisements leads to a website that is designed to push Loozfon on the user’s device. The malicious application steals contact details from the user’s address book and the infected device’s phone number.

FinFisher is a spyware capable of taking over the components of a mobile device. When installed the mobile device can be remotely controlled and monitored no matter where the Target is located. FinFisher can be easily transmitted to a smartphone when the user visits a specific web link or opens a text message masquerading as a system update.

Loozfon and FinFisher are just two examples of malware used by criminals to lure users into compromising their devices.

Safety tips to protect your mobile device:

• When purchasing a smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device.
• Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft.
• With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application.
• Review and understand the permissions you are giving when you download applications.
• Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity.
• Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.
• Be aware of applications that enable geo-location. The application will track the user’s location anywhere. This application can be used for marketing, but can also be used by malicious actors, raising concerns of assisting a possible stalker and/or burglaries.
• Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device. Anytime an application or service runs in “unrestricted” or “system” level within an operation system, it allows any compromise to take full control of the device.
• Do not allow your device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and a legitimate server.
• If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.
• Smartphones require updates to run applications and firmware. If users neglect this, it increases the risk of having their device hacked or compromised.
• Avoid clicking on or otherwise downloading software or links from unknown sources.
• Use the same precautions on your mobile phone as you would on your computer when using the Internet.

The Financial Fraud Enforcement Task Force maintains a wide list of resources and information dedicated to helping find and report suspected cases of financial fraud. 

What is the Financial Fraud Enforcement Task Force?

President Obama established the Financial Fraud Enforcement Task Force in November 2009 to hold accountable those who helped bring about the last financial crisis as well as those who would attempt to take advantage of the efforts at economic recovery.

The task force is improving efforts across the government and with state and local partners to investigate and prosecute significant financial crimes, ensure just and effective punishment for those who perpetrate financial crimes, recover proceeds for victims and address financial discrimination in the lending and financial markets.

With more than 20 federal agencies, 94 US Attorneys Offices and state and local partners, it’s the broadest coalition of law enforcement, investigatory and regulatory agencies ever assembled to combat fraud. 

Visit www.stopfraud.gov to learn how to protect yourself and to report fraudulent activities.

(Note: link is to third party site not controlled or monitor by Bank of Ann Arbor.)

New email claims to be from FDIC, threatens users confidential and personal data. A fraudulent e-mail purporting to be from the Federal Deposit Insurance Corporation (FDIC) offering cash in return for survey information could obtain access to personal and confidential information. The FDIC issued a warning to computer users that it has received numerous reports of fraudulent e-mails that have the appearance of having been sent by the FDIC. The e-mail contains a subject line “Survey Code: STJSPNUPUT.” It reads “you have been chosen by the FDIC to take part in our quick and easy 5 question survey. In response, will credit $100 dollars to your account just for your time.” The FDIC is warning consumers not to click on the link provided in the e-mail, as it is intended to obtain personal information or load malicious software onto users’ computers.

Bank of Ann Arbor offers you a variety of convenient ways to access your accounts. For each, we take the greatest care to ensure that all of our platforms maintain the same high level of security and integrity, from our ATM network to Online Banking to Mobile Banking itself. 

How do we keep your information secure? 

The same industry standards we have always employed to keep Online Banking secure extend to our Mobile Banking application as well. 

• Username and password to confirm your identity and ensure the privacy of each Mobile Banking session you conduct 

• Personal security question to further guard against identity theft 

• Firewalls - to protect our programs from any unauthorized or malicious intrusion 

• Encryption - to protect the transmission of data including customer account information and the integrity of all transactions 

Banking in secure sessions

Each mobile banking session begins only after you establish your identity via unique, encrypted password and security question. These are required every time you log in. Your session automatically ends when you exit the application, and it will automatically time out if you get sidetracked. 

Things you can do to protect yourself 

• Download the app from reputable sources only - such as iTunes® App Store, AndroidTM Market. 

• Use your phone's built-in lock function - set a password-protect for start-up or time-out.

• Protect your password - do not reveal it to anyone. 

• Protect your phone - from viruses and malware just like you do for your computer by installing mobile security software.

• Memorize your password - don't keep it stored or written anywhere. 

• Never leave your mobile device unattended - while using the Bank of Ann Arbor mobile app or any other mobile activity. 

• Never use public Wi-Fi – when accessing online and mobile banking.

• Log out - completely when you complete a mobile banking session.

Secure management of your money (and the personal information required to process your transactions) is at the very foundation of our business. Whether you access your accounts via teller, drive-up, telephone, Internet, or mobile device, Bank of Ann Arbor protects you with the highest security measures available. 

Each year millions of senior citizens are victimized by financial fraud or theft of money, property or valuable personal information. Often, an adult child or other relative is responsible. Other situations may involve trusted individuals such as caregivers, legal guardians, investment advisors or new “friends.” And because the types of abuse may differ widely, it’s important to take a variety of precautions. Here are suggestions for protecting yourself and your loved ones:

Choose an advisor carefully. If you’re considering hiring a new broker, attorney, accountant or other professional, even someone recommended by a friend or relative, it’s best to independently look into that person’s background and reputation before investing money or paying for services. For example, you can confirm that this person is properly registered or licensed and has a clean record with regulators and other consumers. When in doubt about how to research this information, ask your state Attorney General’s office or local consumer protection agency for guidance.

Make sure you not only understand the role an advisor will be playing, but trust that this individual will do what’s best for you and your finances. Don’t be afraid to ask questions or say no. After all, it’s your money!

Be careful with powers of attorney. At some point, you may want to have a power of attorney, a legal document that authorizes another person to transact business on your behalf. While powers of attorney can be very helpful, be careful who you name as your representative. “Powers of attorney can be easily misused because they allow the appointed person to step into your shoes and do everything you can do, including taking money from your account and borrowing money in your name,” warned Debi Hodes, an FDIC Consumer Affairs Specialist. “This is a matter to discuss with a lawyer who should prepare or review the document for you.”

Protect your personal financial information. Never give out your bank account numbers, Social Security numbers, PINs (personal identification numbers), passwords or other sensitive information unless you initiate the contact. These requests may come from an unsolicited phone caller, letter writer, e-mailer or a person who shows up at your door. Be especially wary of someone who congratulates you about winning a (bogus) prize or lottery but first demands payment for taxes or other fees.

Also, keep your checkbook, account statements, and other sensitive information in a safe place. And shred paper documents containing sensitive information that is no longer needed.

Closely monitor your credit card and bank account activity. Review your account statements as soon as you receive them and look for unauthorized or suspicious transactions, which should be reported to your bank immediately.

Take your time when deciding on a major financial decision or investment. Make sure you understand the transaction and ask questions if you don’t. If you need to, ask a lawyer or financial advisor to help you understand the documents and discuss what’s best for you. “Walk away from anyone who says you must make a decision or otherwise do something right now,” said Hodes.

Be aware of scams involving reverse mortgages. These loans enable homeowners age 62 or older to borrow money from the equity in their homes. However, reverse mortgages can be complex products with a variety of risks and costs, and there are many reports of schemes by unscrupulous individuals using deceptive offers and high-pressure tactics to steer senior citizens into using the funds from a reverse mortgage for inappropriate or costly loans or investments. For guidance on the responsible use of a reverse mortgage, including how to locate a lender or a housing counselor approved by the U.S. Department of Housing and Urban Development’s Federal Housing Administration, start at www.hud.gov/offices/hsg/sfh/hecm/rmtopten.cfm or call 1-800-569-4287.

Finally, here are additional tips:

• Beware of callers asking for money or information. If you’d like to reduce the number of telemarketing calls you receive, consider signing up for the national Do Not Call Registry (call 1-888-382-1222 or visit www.donotcall.gov). If you are on this list, be suspicious of calls from any company or organization that you have reason to believe is not eligible to contact you under the registry’s rules.
• Don’t comply with requests from strangers to deposit a check into your account (perhaps as part of an Internet sale) and wire some or all of it back. “If you send the money and the check is counterfeit, you may be held responsible by your financial institution for the losses,” said Michael Benardo, Chief of the FDIC’s Cyber-Fraud and Financial Crimes Section.
• If you use social media, many security experts advise against posting the names of relatives and anyone’s home address, full date of birth and daily activities because those can be valuable to a thief. “A scam on the rise involves con artists who look for personal information on the Internet that they can use to call or e-mail an elderly person and pretend to be a relative in distress — such as a grandchild being injured, in jail or lost in a foreign country — and needing money sent fast, without telling anyone else in the family,” added Benardo. “They may also represent themselves as a lawyer or law enforcement agent needing money to help your relative.”

To learn more about common frauds targeting seniors, start at the FBI’s Web page at www.fbi.gov/scams-safety/fraud/seniors. For more guidance on protecting against a variety of schemes, see back issues of FDIC Consumer News (online at www.fdic.gov/consumernews) and visit www.mymoney.gov/category/topics/scams/-fraud.html. 

This article from FDIC's Winter 2012 Consumer News.

Strong, hard-to-guess passwords are essential to safely accessing your accounts, whether Online Banking or your favorite shopping site.  You may have used the same passwords for years without thinking about the real protection they are giving your accounts.

This password tester from Microsoft provides a quick check to see if the passwords you use are sophisticated (or strong) enough to thwart potential hackers.  While having a strong password won't guarantee protection, it's good to understand how to create strong passwords.

This third party link is provided for your convenience and information. Bank of Ann Arbor does not endorse or sponsor this information and is not responsible for its content.

An official looking email comes from Twitter.  It warns that another is saying bad things about you or your business. Or some other warning to entice you to click on the link. Don't.  These are very likely scams seeking to lure you to a site to install malware or gain access to information on your computer.

Always log on to your Twitter or social media accounts directly at the site, not by following links sent to you.

The malware is appropriately called “Gameover” because once it’s on your computer, it can steal usernames and passwords and defeat common methods of user authentication employed by financial institutions. And once the crooks get into your bank account, it’s definitely “game over.”

How the scheme works: Typically, you receive an unsolicited e-mail from NACHA, the Federal Reserve, or the FDIC telling you that there’s a problem with your bank account or a recent ACH transaction. (ACH stands for Automated Clearing House, a network for a wide variety of financial transactions in the U.S.) The sender has included a link in the e-mail for you that will supposedly help you resolve whatever the issue is. Unfortunately, the link goes to a phony website, and once you’re there, you inadvertently download the Gameover malware, which promptly infects your computer and steals your banking information.

Read this story to learn more about the Gameover malware scam.

Please contact us at (734)662-1600 if you think you may have fallen victim to this scheme.

(Note: link is to third party site, www.fbi.gov. Bank of Ann Arbor does not control and is not responsible information on this site. This link is provided as a convenience.)