E-Mail & Internet Fraud

Keep Your Personal Information Safe

E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open (and possibly respond to) their fraudulent solicitations.

It’s often hard to detect fraudulent e-mails because the e-mail address of the sender appears genuine (even the design and graphics). However, there are often signs to assist you in ascertaining whether an e-mail is fraudulent.

E-mails asking you to provide any personal data should always be suspect. NEVER reply to unsolicited e-mails from anyone, regardless of whether or not you have legitimate business with them. If you have questions regarding your account, call the company direct, or start with a clean Web browser, type in the company’s name and contact them directly. Do not click on any links provided in the text.

The Federal Bureau of Investigation hosts a very informative site where you can learn about some of the newest E-Scams and Warnings. This site also provides a link to report E-Scam attempts.

Requests for information on your Mission Valley Bank Cash Management and Internet Banking sites are secured with SSL technology. To confirm you are on a secured site, there should be a “padlock” icon at the bottom of your screen. You can click on the padlock or other secure identifier, such as the VeriSign logo. The Internet page’s security information can then be viewed so you can make sure the certificate for the site is authentic and valid.

Federal Trade Commission Warns of Official-Sounding Calls about an Email Hack

May 5, 2016

April  2016 -- by Andrew Johnson Division of Consumer and Business Education, FTC

There’s a new twist on tech-support scams — you know, the one where crooks try to get access to your computer or sensitive information by offering to “fix” a computer problem that doesn’t actually exist. Lately, we’ve heard reports that people are getting calls from someone claiming to be from the Global Privacy Enforcement Network. Their claim? That your email account has been hacked and is sending fraudulent messages. They say they’ll have to take legal action against you, unless you let them fix the problem right away.

If you raise questions, the scammers turn up the pressure – but they’ve also given out phone numbers of actual Federal Trade Commission staff (who have been surprised to get calls). The scammers also have sent people to the actual website for the Global Privacy Enforcement Network. (It’s a real thing: it’s an organization that helps governments work together on cross-border privacy cooperation.)

Here are few things to remember if you get any kind of tech-support call, no matter who they say they are:

  • Don’t give control of your computer to anyone who calls you offering to “fix” your computer.
  • Never give out or confirm your financial or sensitive information to anyone who contacts you.
  • Getting pressure to act immediately? That’s a sure sign of a scam. Hang up.
  • If you have concerns, contact your security software company directly. Use contact information you know is right, not what the caller gives you.

Read on to learn more about tech-support scams and government imposter scams. And, if you spot a scam, tell the FTC.

IRS Alerts Payroll & HR Professionals to Phishing Scheme Involving W-2s

March 29, 2016

WASHINGTON — The Internal Revenue Service today issued an alert to payroll and human resources professionals to beware of an emerging phishing email scheme that purports to be from company executives and requests personal information on employees.

The IRS has learned this scheme — part of the surge in phishing emails seen this year — already has claimed several victims as payroll and human resources offices mistakenly email payroll data including Forms W-2 that contain Social Security numbers and other personally identifiable information to cybercriminals posing as company executives.


Turbo Tax Scam Final

October 30, 2015

FDIC Alert

FTC Warns Small Businesses: Don’t Open Email Falsely Claiming to be from Federal Trade Commision

March 3, 2014

Warning Sign 03 03 14The Federal Trade Commission is warning small businesses that an email with a subject line “NOTIFICATION OF CONSUMER COMPLAINT” is not from the FTC. The email falsely states that a complaint has been filed with the agency against their company. The FTC advises recipients not to click on any of the links or attachments with the email. Clicking on the links may install a virus or other spyware on the computer.  (more…)

Tips for Small Businesses to Combat Fraud

September 25, 2013

Cybercriminals are targeting small businesses with increasingly sophisticated attacks. Criminals use spoofed emails, malicious software and online social networks to obtain login credentials to businesses’ accounts, transfer funds fromi Stock Hacker w laptop the accounts and steal private information, a fraud referred to as “corporate account takeover.”

Combating account takeover is a shared responsibility between businesses and financial institutions. Bankers can explain the safeguards small businesses need and the numerous programs available that help ensure fund transfers, payroll requests and withdrawals are legitimate and accurate. Companies should train employees about safe internet use and the warning signs of this fraud, because they are the first line of defense.

As part of National Cyber Security Awareness Month coming in October, Mission Valley Bank offers small businesses these tips to help prevent account takeover: (more…)

What is a DDoS Attack and How Might it Affect You?

May 1, 2013

You may have heard or read in the news recently that an increasing number of banks across the country are experiencing attacks on their websites called a Distributed Denial of Service – or DDoS – attacks. While Mission Valley Bank has not been among the banks affected, we wanted to take this opportunity to share a little information regarding what a DDoS is and how it could affect you.

A DDoS attack occurs when a bank’s website is intentionally flooded with an extremely high volume of electronic traffic. This flood of traffic simply crowds out legitimate customers trying to use the bank’s website. While these attacks can significantly slow down (even temporarily disable) a bank’s website, they have not involved any form of data breach. 


Frauds Target Small Businesses: Don’t Be a Victim

May 16, 2012

While large firms may have sophisticated technology and staff dedicated to thwarting crime, many small businesses don’t — and scammers know this. Here are ways to protect yourself:

Be on guard against inside jobs. This includes employee theft or misuse of cash, merchandise or equipment as well as fraud. "Minimize risks through steps such as pre-employment background checks, automated inventory tracking systems, audits, and clearly outlined policies for personal use of computers and other business equipment," said Luke W. Reynolds, Chief of the FDIC’s Outreach and Program Development Section. "Also, carefully select who handles revenue from customers, pays the bills and reviews account statements. And, ensure that there are procedures in place to detect and deter fraud." (more…)

Banking trojan hijacks SSL connections

July 3, 2011

Security researchers from Symantec warn of a new banking trojan capable of hijacking the SSL connections between browsers and online banking sites in a way that is hard to spot.

Variants of this malware, which Symantec detects as Trojan.Tatanarg, have been in circulation since last October, but its code is believed to be based on an older threat called W32.Spamuzle.

The trojan has a modular architecture, with separate components handling different tasks, and the functionality of most banking malware.

It can inject rogue HTML code into pages (man-in-the-browser attacks), disrupt antivirus software, uninstall other banking trojans and enable Windows remote access.

It also features a backdoor component through which attackers can issue commands to control the infected computers.

However, the most interesting functionality of this trojan is its ability to function as a proxy between browsers and SSL-secured websites.

This is achived by hijacking the legit SSL connection and establishing a new one on the browser end using a self-signed certificate.

Alerts are blocked and exceptions are added automatically in the browser making the attack almost transparent to users.

The HTTPS prefix is present, as is the padlock indicating a SSL connection. The only way for the user to realize he's not using his bank's certificate would be to manually check the issuer.

Tatanarg is one of several banking trojans that appeared since the crackdown on ZeuS-based cyberfraud operations last year. It seems that unhappy with the heat, criminal gangs have begun developing their own custom malware.

They also try to come up with innovative attack methods. Just last week, Trusteer reported about a trojan dubbed OddJob which forces browsers to keep sessions open after users think they successfuly logged out.

Users are advised to always keep their antivirus programs up to date to ensure they have the latest protection available. Also, if possible, online banking should be performed from a dedicated computer or a live cd.

FDIC Special Alert: Email claiming to be from FDIC

April 29, 2011

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.

The e-mail appears to be sent from "alert@fdic.gov" and includes a subject line that states: "FDIC: Your business account."

The e-mail is addressed to "Business Owners" and states "We have important information about your bank. Please click here to see information." It then states, "This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership."

This e-mail and link are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should not click on the link provided.

The FDIC does not issue unsolicited e-mails to consumers or business account holders.

FDIC Special Alert: Email claiming to be from FDIC

March 11, 2011

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.

The e-mail appears to be sent from "accounts@fdic.gov" and includes a subject line that states: "About your business account."

The e-mail is addressed to "Business Customers" and states "We have important information about insurance coverage of your business accounts." It then asks recipients to "Please click here to view details" and includes a hyper link to a Web site.

The e-mail says that it is from "Alyssa Williams, FDIC Insurance."

This e-mail and link are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should not click on the link provided.

The FDIC does not issue unsolicited e-mails to consumers or business account holders

NACHA Phishing Alert: Email Claiming to be from NACHA

July 22, 2010

The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA. See sample below.

The subject line of the email states: “Unauthorized ACH Transaction.” The email includes a link that redirects the individual to a fake Web page and contains a link that is almost certainly an executable virus with malware. Do not click on the link. Both the email and the related website are fraudulent.

Be aware that phishing emails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.

NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.

If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.

Always use anti-virus software and ensure that the virus signatures are automatically updated.

Ensure that the computer operating systems and common software applications security patches are installed and current.

Be alert for different variations of fraudulent emails.

= = = = = Sample Email = = = = = =

From: Information
Sent: Thursday, July 22, 2010 8:27 AM
To: Doe, John
Subject: Unauthorized ACH Transaction

Dear bank account holder,

The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:

Unauthorized ACH Transaction Report


Copyright ©2009 by NACHA - The Electronic Payments Association

= = = = = = = = = = = = = = = = = = =

IMPORTANT: If you are a customer of Mission Valley Bank and have already responded to a suspicious e-mail, and provided any personal or sensitive information, please contact us immediately at (818) 394-2300.