We are committed to helping our clients protect themselves against identity theft and account fraud. Communication is often the key in preventing and minimizing fraud. Please refer to this page often for updates on the latest fraud alerts.
Microsoft Support for Windows Server 2003 Ending
6/23/15 – Microsoft announced that it will end support for Windows Server 2003 on July 14, 2015. This means that those businesses still using that operating system will no longer receive crucial security patches that help protect against viruses, spyware and malicious software. Computers using the old software will still work; however, the risk of viruses and other malicious attacks increases and could result in significant loss of data, business assets, and confidential documents.
Criminals Continue to Defraud Using Ransomware Schemes
06/23/15 – The FBI continues to warn individuals and businesses of ransomware schemes that may cost victims between $200 and $10,000. The fraud begins when the victim clicks on an infected advertisement, email, attachment, or visits an infected website. Once the device is infected, files become encrypted and the thieves demand payment to unlock files. Tips to protect yourself from these schemes can be read here.
Business E-mail Compromise Defrauds U.S. Businesses
6/19/15 – Banks and law enforcement agencies are reporting an increase in wire transfer fraud against U.S. businesses through a scam referred to as “Business E-mail Compromise.” Most incidents involve e-mail compromises of a business’s CEO/CFO where a fraudulent e-mail is sent to an employee with the ability to conduct wire transfers. Similar compromises are noted with e-mail accounts of vendors/suppliers where bank account information is falsely modified. Tips to mitigate this type of wire transfer fraud can be viewed in this Fraud Alert, which are similar best practices that Bank of Central Florida reminds clients to utilize.
Microsoft XP Support Ending
4/3/14 - IMPORTANT MESSAGE: Do not let your computer go unprotected. On April 8, 2014, technical support and security updates for Microsoft Windows XP will no longer be available. Updates can fix bugs, add new features, or solve security problems. Bank of Central Florida highly advises that clients migrate to a current supported operating system if using Windows XP. Please read the official Microsoft announcement at this link:
After April 8, 2014 there will be a substantial security risk if using Windows XP such as viruses, phishing attacks, or malicious software that can steal or damage computer business and personal information. Even browsing the Internet after April 8 will become more risky without an updated system. Cybercriminals will work to take advantage of businesses and people running software that no longer has updates available to repair vulnerabilities. This could lead to cybercriminals with the ability to conduct fraudulent banking transactions and identity theft, among other malicious activity. You will still be able to access Online Banking at this time, but you will be better protected with a newer version of Windows so you can receive regular security updates to protect your computer from harm. Please visit the Client Protection tab of the Bank of Central Florida website to learn more about protecting your computer systems.
FBI Warning on "Man-in-the-Email" Scams
12/4/2013 – The FBI is warning businesses and consumers of "man-in-the-email" scams. Fraudsters may intercept legitimate e-mails between the businesses and their suppliers and then spoof subsequent e-mails impersonating each company to the other. The business thinks they are sending money to the supply partner when in reality the funds are being sent directly to the bank accounts managed by the attackers. Although the latest attacks have occurred to businesses on the West Coast, they soon will likely spread to other parts of the country. The FBI scam release and tips on reducing this type of fraud can be viewed here.
Cyber Criminals Continue to Spear-Phish Attacks
6/25/2013 – The FBI has seen an increase in criminals who use spear-phishing attacks to target multiple industry sectors. These attacks allow criminals to access private computer networks. They exploit that access to create fake identities, steal intellectual property, and compromise financial credentials to steal money from victims' accounts. Often, the e-mails contain accurate information about victims obtained via a previous intrusion or from data posted on social networking sites, blogs, or other websites. This information adds a veneer of legitimacy to the message, increasing the chances the victims will open the e-mail and respond as directed. Recent attacks have convinced victims that software or credentials they use to access specific websites needs to be updated. The e-mail contains a link for completing the update. If victims click the link, they are taken to a fraudulent website through which malicious software (malware) harvests details such as the victim's usernames and passwords, bank account details, credit card numbers, and other personal information. To avoid becoming a victim, keep in mind that online businesses, including banks and merchants, typically will not ask for personal information, such as usernames and passwords, via e-mail. When in doubt either call the company directly or open your computer's Internet browser and type the known website's address. Don't use the telephone number contained in the e-mail, which is likely to be fraudulent as well. In general, avoid following links sent in e-mails, especially when the sender is someone you do not know or appears to be from a business advising that your account information needs to be updated. If you believe you may have fallen victim to a spear-phishing attack, file a complaint with the FBI's Internet Crime Complaint Center here.
Phishing Alert: FBI Warns of Malware in Attempt to Extort Money
8/17/12 – The FBI released an where the IC3 has been made aware of a new Citadel malware platform used to deliver ransomware named Reveton. The ransomware lures the victim to a drive-by download website, at which time the ransomware is installed on the user’s computer. Once installed, the computer freezes and a screen is displayed warning the user they have violated United States federal law. The message further declares the user’s IP address has been identified by the Federal Bureau of Investigation as visiting websites that feature child pornography and other illegal content. To unlock the computer, the user is instructed to pay a fine to the U.S. Department of Justice using a prepaid money card service. In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud. If you have received this or something similar, do not follow payment instructions. Infected computers may not operate normally. Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain malware can capture personal information such as user names, passwords, and credit card numbers through keystroke logging programs. If your computer is infected, you may need to contact a local computer expert for assistance to remove the malware.
Phishing Alert: Fraudulent E-mails Claiming to be from NACHA
5/15/2011 – The National Automated Clearing House Association (NACHA) continues to receive reports that individuals and/or companies have received fraudulent e-mail that has the appearance of having been sent from NACHA. These e-mails vary in content and format, and appear to be transmitted from e-mail addresses associated with the NACHA domain (@nacha.org). The spoofed e-mail addresses include: email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, and email@example.com. Some bear the name of fictitious NACHA employees and/or departments.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals and organizations about individual ACH transactions that they originate or receive. NACHA has requested that you please forward fraudulent e-mails claiming to be from NACHA to firstname.lastname@example.org. The links in these fraudulent e-mails are directed to web pages that host malicious code and software. Do not follow web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove the malicious code or re-install a clean image of the computer system.
= = = = = Sample Phishing E-Mail = = = = =
From: email@example.com [mailto:firstname.lastname@example.org]
Sent: Sunday, May 15, 2011 7:32 AM
To: Doe, John
Subject: ACH transaction rejected
The ACH transfer (ID: 65388185980), recently sent from your checking account (by you or any other person), was cancelled by the Electronic Payments Association [or "other financial institution"].
Please click here to view report.
= = = = = = = = = = = = = = = = = =