Fraud Alerts

We are committed to helping our clients protect themselves against identity theft and account fraud. Communication is often the key in preventing and minimizing fraud. Please refer to this page often for updates on the latest fraud alerts. 

Home Depot Data Breach

9/12/14 – Home Depot recently disclosed a possible breach of their payment systems.  Please realize our clients’ security is a top priority, and we are taking all necessary steps to protect your financial information.  If the Bank receives notification that your debit card was compromised, you will be contacted by your private banking officer and provided written communication.   For more information on the Home Depot breach, please click here.   We encourage you to take advantage of the free credit monitoring Home Depot is offering to any customer who has used a payment card at a Home Depot store from April 2014 through September 2014.  Additionally, we strongly recommend any clients who have used debit and credit cards at Home Depot during this timeframe to review account statements and monitor account activity online and through mobile apps, when utilized.  Should you identify any unauthorized debit card charges or have questions on the breach, feel free to contact your private banking officer.

Microsoft XP Support Ending

4/3/14 - IMPORTANT MESSAGE:  Do not let your computer go unprotected.  On April 8, 2014, technical support and security updates for Microsoft Windows XP will no longer be available.  Updates can fix bugs, add new features, or solve security problems.  Bank of Central Florida highly advises that clients migrate to a current supported operating system if using Windows XP.  Please read the official Microsoft announcement at this link:

http://www.microsoft.com/en-us/windows/enterprise/end-of-support.aspx

After April 8, 2014 there will be a substantial security risk if using Windows XP such as viruses, phishing attacks, or malicious software that can steal or damage computer business and personal information.  Even browsing the Internet after April 8 will become more risky without an updated system.  Cybercriminals will work to take advantage of businesses and people running software that no longer has updates available to repair vulnerabilities.  This could lead to cybercriminals with the ability to conduct fraudulent banking transactions and identity theft, among other malicious activity.  You will still be able to access Online Banking at this time, but you will be better protected with a newer version of Windows so you can receive regular security updates to protect your computer from harm.  Please visit the Client Protection tab of the Bank of Central Florida website to learn more about protecting your computer systems.

Target Breach-Update

12/26/13 - The Bank has identified and attempted to personally communicate with all cardholders affected by the recently announced Target data breach. Although additional fraud monitoring processes could be used at the onset, the risk of fraudulent activity to our client's account would continue until the card number is expired or no longer active; therefore, the Bank felt that to proactively block and reissue debit cards to all affected cardholders was the best option to protect our clients.

Details for our clients with Target (Debit) REDcard:

Based on the information we have received to date, these are the important points to consider relative to the Target REDcard (debit card).

Magstripe data was compromised from all cards used within Target stores (not online).

The magstripe contains the Target REDcard account number. It does NOT contain the DDA number. Based on information received to date, the DDA account number has not been breached.

The Target REDcard operates with a combination of the magstripe and PIN at the POS. Information we have received so far indicates that the PIN was not compromised. Therefore, the REDcard debit card should NOT be subject to subsequent fraudulent use, as it requires a PIN for any transaction.

Should the card magstripe data and PIN be found to be compromised, please note that the card cannot be used at an ATM or another store - only Target stores, thereby limiting any potential fraud to a Target store location.

As an additional precaution Target REDcard holders may consider changing their Target REDcard PIN. To change a REDcard PIN, cardholders would need to create an online account by enrolling at Target.com/RCAM.

Answers to frequently asked questions published by Target on the data breach can be viewed here.

FBI Warning on "Man-in-the-Email" Scams

12/4/2013 – The FBI is warning businesses and consumers of "man-in-the-email" scams.  Fraudsters may intercept legitimate e-mails between the businesses and their suppliers and then spoof subsequent e-mails impersonating each company to the other. The business thinks they are sending money to the supply partner when in reality the funds are being sent directly to the bank accounts managed by the attackers. Although the latest attacks have occurred to businesses on the West Coast, they soon will likely spread to other parts of the country. The FBI scam release and tips on reducing this type of fraud can be viewed here

Cyber Criminals Continue to Spear-Phish Attacks

6/25/2013 – The FBI has seen an increase in criminals who use spear-phishing attacks to target multiple industry sectors.  These attacks allow criminals to access private computer networks.  They exploit that access to create fake identities, steal intellectual property, and compromise financial credentials to steal money from victims' accounts.  Often, the e-mails contain accurate information about victims obtained via a previous intrusion or from data posted on social networking sites, blogs, or other websites.  This information adds a veneer of legitimacy to the message, increasing the chances the victims will open the e-mail and respond as directed. Recent attacks have convinced victims that software or credentials they use to access specific websites needs to be updated.  The e-mail contains a link for completing the update.  If victims click the link, they are taken to a fraudulent website through which malicious software (malware) harvests details such as the victim's usernames and passwords, bank account details, credit card numbers, and other personal information.  To avoid becoming a victim, keep in mind that online businesses, including banks and merchants, typically will not ask for personal information, such as usernames and passwords, via e-mail.  When in doubt either call the company directly or open your computer's Internet browser and type the known website's address.  Don't use the telephone number contained in the e-mail, which is likely to be fraudulent as well.  In general, avoid following links sent in e-mails, especially when the sender is someone you do not know or appears to be from a business advising that your account information needs to be updated.  If you believe you may have fallen victim to a spear-phishing attack, file a complaint with the FBI's Internet Crime Complaint Center here.

Reports of DHS-Themed Ransomware

3/21/2013 – The United States Computer Emergency Readiness Team (US-CERT) has received reports of apparent Department of Homeland Security (DHS) ransomware occurring in the wild. Users who are being targeted by the ransomware receive an email message claiming that use of their computer has been suspended and that the user must pay  a fine to unlock it.  The ransomware falsely claims to be from the U.S. Department of Homeland Security and the National Cyber Security Division. Users who are infected with the malware should consult with a reputable security expert to assist in removing the malware, or perform a clean reinstallation of their operating system after formatting their computer's hard drive. Other preventative measures to protect from phishing scams and malware can be accessed here.

E-mail Claiming to Be From the FDIC

1/30/2013 – The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being sent from the FDIC. While the e-mails exhibit variations in the "From" and "Subject" lines, the messages are similar. The fraudulent e-mails are addressed to the attention of the “Accounting Department” and meant to notify recipients that “ACH and WIRE transactions” are being blocked until “a special security software” is installed. They then instruct recipients to go to a Web site for instructions on how to download the necessary files by clicking on a hyper-link provided (Note: the Web site addresses (URL) vary widely). This e-mail and link are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should not click on the link provided. The FDIC does not issue unsolicited e-mails to consumers or business account holders.

Phishing Alert: FBI Warns of Malware in Attempt to Extort Money

8/17/12 – The FBI released an where the IC3 has been made aware of a new Citadel malware platform used to deliver ransomware named Reveton. The ransomware lures the victim to a drive-by download website, at which time the ransomware is installed on the user’s computer. Once installed, the computer freezes and a screen is displayed warning the user they have violated United States federal law. The message further declares the user’s IP address has been identified by the Federal Bureau of Investigation as visiting websites that feature child pornography and other illegal content. To unlock the computer, the user is instructed to pay a fine to the U.S. Department of Justice using a prepaid money card service. In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud. If you have received this or something similar, do not follow payment instructions. Infected computers may not operate normally. Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background.  Certain malware can capture personal information such as user names, passwords, and credit card numbers through keystroke logging programs. If your computer is infected, you may need to contact a local computer expert for assistance to remove the malware. 

Phishing Alert: E-mails Claiming to be from the BBB

11/23/2011 – The Better Business Bureau is issuing an urgent SCAM alert cautioning businesses and consumers about an email that is purporting to be from a bbb.org email address about a recently filed complaint. The email contains a dangerous attachment regarding a complaint and appears to direct recipients to the BBB website. This is a scam – BBB does not send complaints as attachments via email. The email appears to come from a fake BBB employee claiming that the recipient needs to review this matter and advise the BBB of their position. From there, the email appears to direct the recipient to the BBB website, but actually directs them to an outside link. This email is fraudulent and does not originate from the BBB. The email attachment and link are malicious and it is strongly advised to not open or click them. Should you receive such an email, please disregard its message, and report any information received to BBB’s Scam Source, and then delete it. If you have clicked on the link, immediately do a virus scan.

Phishing Alert: Fraudulent E-mails Claiming to be from NACHA

5/15/2011 – The National Automated Clearing House Association (NACHA) continues to receive reports that individuals and/or companies have received fraudulent e-mail that has the appearance of having been sent from NACHA. These e-mails vary in content and format, and appear to be transmitted from e-mail addresses associated with the NACHA domain (@nacha.org). The spoofed e-mail addresses include: ach@nacha.org, admin@nacha.org, alert@nacha.org, info@nacha.org, payment@nacha.org, transactions@nacha.org, and transfers@nacha.org. Some bear the name of fictitious NACHA employees and/or departments.

NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals and organizations about individual ACH transactions that they originate or receive. NACHA has requested that you please forward fraudulent e-mails claiming to be from NACHA to abuse@nacha.org. The links in these fraudulent e-mails are directed to web pages that host malicious code and software. Do not follow web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove the malicious code or re-install a clean image of the computer system.

= = = = = Sample Phishing E-Mail = = = = =
From: payment@nacha.org [mailto:payment@nacha.org]
Sent: Sunday, May 15, 2011 7:32 AM
To: Doe, John
Subject: ACH transaction rejected

The ACH transfer (ID: 65388185980), recently sent from your checking account (by you or any other person), was cancelled by the Electronic Payments Association [or "other financial institution"].

Please click here to view report.
---------------------------------------------------
Otto Tobin,
Risk Manager
= = = = = = = = = = = = = = = = = =