October 27, 2009

Scam alert: Fraudulent e-mails claiming to be from the FDIC

The Federal Deposit Insurance Corporation (FDIC) has become aware of e-mails appearing to be sent from the FDIC that are asking recipients to download and open a "personal FDIC insurance file" to check their deposit insurance coverage. These e-mails are fraudulent and were not sent by the FDIC. The FDIC is attempting to identify the source of the e-mails and disrupt the transmission.

Currently, the subject line of the fraudulent e-mails includes the wording "check your Bank Deposit Insurance Coverage." The e-mails state: "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets."

The e-mails ask recipients to "visit the official FDIC website" by clicking on a hyperlink provided, which appears to be related to the FDIC and directs recipients to a fraudulent website. The website includes hyperlinks that appear to open forms. However, it is believed that clicking on the hyperlinks will cause an unknown executable file to be downloaded.

While the FDIC is working with the United States Computer Emergency Readiness Team (US-CERT) to determine the exact effects of the executable file, recipients should consider the intent of the software as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to online banking services or to conduct identity theft. Do NOT access the website provided in the email or download the executable files provided on the website.

October 16, 2009

Malicious code spreading via IRS scam

The federal government has received reports of malicious code circulating via spam email messages related to the IRS. This fake IRS/Zeus campaign has been ongoing for several weeks. The attacks arrive via an unsolicited email message and may contain a subject line of "Notice of Underreported Income." These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code, including the Zeus Trojan. The Zeus Trojan poses significant threat to the security of your private information. It is targeted at stealing sensitive data, and it is especially targeted at banks and online banking credentials.

How to avoid becoming a victim of scams

• Never open an attachment from an unknown sender. Be wary of unsolicited attachments, even from people you know. Just because an email message looks like it came from your mom, grandma, or boss doesn't mean that it did. Many viruses can "spoof" the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it's legitimate before opening any attachments.
• Think before you click. One click to a compromised web site can introduce spy ware to your machine. Click with caution.
• Practice Safe Searching. Four out of five web sessions start with a search. Fraudsters know this. Be careful with the words you search with. Some search terms are riskier then others. Examples of these search terms can be found at the McAfee Security Advice Center at http://home.mcafee.com/AdviceCenter/Default.aspx?id=ad_sfs

Additional helpful info

Below are some additional links provided by the Department of Homeland Security's Computer Emergency Readiness Team and the IRS.

Review the How to Report and Identify Phishing, E-mail Scams and Bogus IRS Web Sites document on the IRS website.

Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.

Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

March 11th, 2009

Fraudulent phone calls regarding your Umpqua Bank Debit Card and(or) Credit Card

A number of our customers in southern Oregon have received a phone call or phone message from someone claiming to be with Umpqua Bank. This person has claimed that the customer’s debit card or credit card has been compromised and blocked. The phone message contains a phone number for customers to call to reactivate their card or asks them to “press 1” to reactivate their card. This phone call asks for the card holder's card number, PIN, expiration date, and 3-digit number from the back of the card.

These calls are not coming from Umpqua Bank or our third party processors. If you receive such a call, do not respond. Report it by calling us at 1-866-4UMPQUA (1-866-486-7782). We will never call you requesting your card number, PIN, expiration date, or 3-digit number.

If you or someone you know did indeed respond and provide information, contact us immediately at 1-866-4UMPQUA (1-866-486-7782).

To learn more about how to protect yourself, click here.

October 29, 2008

Phishing scams involving financial institutions in the news.

The Federal Deposit Insurance Corporation (FDIC) is warning consumers, businesses and financial institutions to be aware of fraudulent e-mails allegedly from, or related to, financial institutions that have been the subject of recent news stories. Phishing e-mails often incorporate aspects of high-profile news stories – such as bank mergers, acquisitions and failures – to create a sense of urgency and legitimacy for requesting information or action.

These types of fraudulent e-mails may request recipients to verify computer logon credentials, update personal information, or activate new online security features. The fraudulent e-mails may include a link that directs the recipient to a fraudulent or "spoofed" Web site that looks similar to the subject institution's legitimate Web site. Once there, users may be prompted to provide information about online banking credentials or other personal and confidential information that could be used to gain unauthorized access to online banking services or perpetrate identity theft.

These spoofed Web sites may also direct the user to download software updates or digital certificates, which may actually be malicious code or software attempting to collect online banking credentials or other personal and confidential information. Consumers, businesses and financial institutions should be wary of unsolicited e-mails purportedly from financial institutions recently in the news and take the following precautions:

• Do not follow Web links in unsolicited e-mails from apparent financial institutions. Instead, use Web browser bookmarks or type your institution's Web address into the browser address bar when accessing your bank's Web site or online banking services.
• Always use anti-virus software and ensure the virus signatures are automatically updated. Ensure the computer operating system and common software applications are up-to-date with security patches installed>
• Do not open unsolicited or unexpected e-mail attachments claiming to be from a financial institution because of the risk of malicious code or software. As a precaution, call the financial institution using an appropriate telephone number, such as one from an account statement, to validate the e-mail and attached file before opening any attachment.
• Be aware that phishing e-mails frequently use new and innovative ways to trick recipients into providing logon credentials and confidential information or into unleashing malicious code.
• Regularly review financial account statements and immediately report any discrepancies to your institution.
• Be mindful that financial institutions generally deliver notices to consumers in writing about changes in account terms and conditions unless the consumer previously agreed to receive the notice electronically.

For additional information about safe online banking and avoiding online scams, visit http://www.fdic.gov/consumers/consumer/guard/.

For your reference, FDIC Special Alerts may be accessed from the FDIC's Web site at www.fdic.gov/news/news/SpecialAlert/2008/index.html. To learn how to automatically receive FDIC Special Alerts via e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

Monday, August 25th

Fraudulent phone calls regarding your Umpqua Bank Debit Card

A number of our customers in southern Oregon have received a phone call or phone message from someone claiming to be with Umpqua Bank. This person has claimed that the customer’s debit card has been compromised and blocked. The phone message contains a phone number for customers to call to reactivate their card or asks them to “press 1” to reactivate their card. This phone call asks for the card holder's card number, PIN, expiration date, and 3-digit number from the back of the card.

These calls are not coming from Umpqua Bank or our third party processors. If you receive such a call, do not respond. Report it by calling us at 1-866-4UMPQUA (1-866-486-7782). We will never call you requesting your card number, PIN, expiration date, or 3-digit number.

If you or someone you know did indeed respond and provide information, contact us immediately at 1-866-4UMPQUA (1-866-486-7782).

To learn more about how to protect yourself, click here.