First for You. Looking out for
your safety first.
Stay Secure, Save Paper, and Save Time with this paperless option.
» Learn More
We want you to be safe. That's why we have created this special section on our site to help alert you to any threats you need to be aware of. As always, if you have a concern or question, don't hesitate to Contact Us.
Below are some recent scams and warnings.
6/2/17 - Kmart Breach
Community First Bank recently got notification from Kmart stores regarding a data breach that involved their payment systems. Kmart has not yet reported how many of their 735 stores were affected or the timeframe of the breach. Based on the current investigation, no personal identifying information was compromised, however they do believe credit and debit card numbers were. There is no evidence that kmart.com or Sears customers were impacted. The notice that we received did state that all the Kmart stores were EMV “chip and pin” enabled making the ability to create counterfeit cards very limited.
If you are wondering if your card has been compromised, please pay extra attention to your statements and account activity. Contact us if you notice any unusual activity on your account. Please contact your local branch if you have any additional questions.
10/7/15 - VISA & Master Card Scam
There is a new scam going around involving VISA & Master Card.
A person calls you claiming to be a VISA or Master Card fraud center representative and will then give you their badge number. They explain that your card has been flagged for unusual activity and will list a transaction in the $400-$500 range with a weird company name. When you say no, the “rep” will tell you that that they will issue a credit and start a fraud investigation. While they are issuing the “credit” they will ask questions like your address, name and the 3 digit code on the back of the card.
In cases like this they have all the information except the 3 digit code on the back, which is what they are attempting to get with this phone call, by giving this to them, you’ve given them everything they need to access and use the card. They will not ask for the card number because they already have it.
Our fraud center, does call, text and email our customers when their cards have been flagged because unusual activity. When Falcon calls you it is always an automated phone call and you have the option to talk to an agent but they will be verified by your ZIP CODE. Falcon will NOT ask for card number, expiration date, CVV or any personal information. We do encourage that you respond to the call, text or email but if you don’t feel comfortable you can always call us. Also, if you are traveling, let us know so we can put a message on your account. If you have changed phone numbers or email addresses, please update that with us so we can contact you.
Obviously this scam is geared more towards the credit card side of things, but we always need to be on alert.
04/09/15 12:00PM - Dyre Wolf Malware
Cyber Risk: A study by IBM warns of a cyber attack known as “Dyre Wolf” that installs malware by tricking users into clicking on a malicious email. The malware monitors activity and waits for users to log into a bank website. Dyre Wolf then produces a pop-up warning indicating the website is having technical problems and to call a help center. Attackers answer the phone pretending to be bank representatives and attempt to get the customer’s password. Once they have the password, they transfer money out of the account. For more detail click here.
04/18/14 9:28AM - Michaels Data Breach
Arts and crafts retailer Michaels has now confirmed its stores were hit by a data breach that potentially compromised account information for 3 million payment cards.
The breach, which involved "criminals using highly sophisticated malware" potentially affected about 2.6 million cards used at Michaels stores from May 8, 2013, through Jan. 27, 2014. The malware attack also affected Michaels' Aaron Brothers stores, where approximately 400,000 cards were potentially affected from June 26, 2013, through Feb. 27, 2014, the company said in an April 17 statement.
Michaels says breached systems contained certain payment card information, such as payment card numbers and expiration dates, for its customers. There is no evidence that other customer personal information, such as name, address or PIN, was at risk, the company says.
For a detailed list of stores affected, click here
Community First Bank recommends that you check your balance frequently by calling FirstLine at 608-375-4900 or through FirstNet on-line banking at www.cfbank.com and report any unauthorized transactions as soon as possible. If you feel it is likely that your card has been compromised, you may deactivate the card by calling any Community First Bank office during normal office hours, by calling our after-hours support number or by logging into your FirstNet Banking account and choosing OPTIONS/ATM CARD. You will find more information about all of these options here: https://www.cfbank.com/Information-Center/Lost-Stolen-Card
Update: 04/15/14 9:00AM - Heartbleed Vulnerability
Over the past few days Community First Bank has conducted an extensive review of 42 internal and external assets and resources that could potentially be affected by the Heartbleed vulnerability. All assets and resources were verified NOT to be affected or have been mitigated at this time. As a precaution it is recommended that all of your internet based account passwords (not just banking) be changed once any affected sites have acknowledged they are not affected or have remediated the vulnerability. The following link while not official and not all inclusive, is a good resource for determining affected sites and user action required.
List of sites affected.
Information Systems Officer
April 11, 2014
The Heartbleed Bug is an encryption flaw affecting the Internet and is a security threat to your passwords and other information. The bug has affected many popular websites and services and could have exposed your sensitive account information, such as passwords and credit card numbers. To protect yourself it is a good policy to change your passwords as a precautionary measure.
“Consumers are protected from unauthorized transactions by their banks despite the far-reaching effects of the Heartbleed Bug. Banks use many different systems to protect customers’ information including rigorous security standards, encryption, and fraud detection software". Rose Oswald Poels, president/CEO of the Wisconsin Bankers Association.
Financial institutions in Wisconsin are examining their systems with a fine-toothed comb and are applying security patches and updating encryption keys where needed. In many cases, internet banking applications are not impacted by this bug. Most financial institutions have a layer of security that prevents this type of exploitation while others don’t even use OpenSSl so this vulnerability isn’t an issue for them.
We do encourage consumers to be vigilant and review their accounts. Any unusual activity should be reported to their bank as soon as possible.
Consumers need to also be aware of phishing scams that may try take advantage of the typical security concerns that could arise with news of the Heartbleed Bug. Do not respond to emails with links claiming that your account is in jeopardy. If you do have concerns with any service provider due to the Heartbleed Bug, WBA encourages you to contact those businesses directly to avoid becoming a victim of a scam.”
View a list of possible affected sites here:
List of sites affected.
January 16, 2014
We have been made aware of a phone scam active in our service area. This scam involves a phone call from someone claiming to be a computer technician. The phony technician indicates there are problems with the victim's computer that require immediate attention. He/she then attempts to gain remote access to the computer and installs malware or other malicious programs on it. Additionally, he/she may ask for credit card or bank account information to pay for these services. Legitimate computer companies will not contact you unsolicited to assist with these types of issues.
If at any time you have concerns that your account credentials or any banking related information has been compromised please contact Community First Bank immediately. Any questions or concerns can be directed to the Electronic Banking Department at Community First Bank 608-375-4117 or by email at email@example.com.
Important Security Reminders:
- Do not provide personal information over the phone or via email.
- Contact your financial institutions and credit card companies immediately if someone has gained access to your account information.
- Do not allow anyone access to your computer who you do not know and trust, particularly if you did not initiate the contact.
- Keep anti-virus and anti-malware software current and turn on computer firewalls.
- Contact a reputable computer professional for assistance if your computer has been infected.
- Regularly check your credit report.
TARGET BREACH UPDATE:
Target Breach: 70 Million Affected
Attack Compromised E-Mail Addresses, Other PII
Visit the Bank Info Security Website for more information related to this incident. for updated information on the breach, and keep checking Target’s website as they continue to add more information.
Update on the Target Breach
December 31, 2013
Community First Bank puts you first when it comes to securing your financial information. Since the Target breach, CFB was proactive in contacting all affected card holders via telephone in an attempt to notify victims of the breach. These card holders have also received a follow up letter explaining the card re-issue process. All cards that were compromised from the Target breach were reordered on Dec. 23rd and are expected to be delivered the week of January 6th. Please be mindful that your new card is on its way.
For further information regarding the Target breach and FAQ’s please visit Target’s website
for more information related to this incident.
As a reminder never share your personal or financial information with anyone or on any online resource. Have a banking question? Call 1-800-485-2871
Target Stores Card Compromise Information
December 20. 2013
Target confirmed that up to 40 million customers' credit and debit cards could be affected by a massive security breach after thieves gained access to private card information used at its stores from November 27 – December 15, 2013.
The breach affected all cards, including Target store brand cards and major card brands such as Visa and MasterCard.
Community First Bank recommends that you check your balance frequently by calling FirstLine at 608-375-4900 or through FirstNet on-line banking at www.cfbank.com and report any unauthorized transactions as soon as possible. If you feel it is likely that your card has been compromised, you may deactivate the card by calling any Community First Bank office during normal office hours, by calling our after-hours support number or by logging into your FirstNet Banking account and choosing OPTIONS/ATM CARD. You will find more information about all of these options on our website at https://www.cfbank.com/Information-Center/Lost-Stolen-Card
Internet Banking/First Net Phishing Emails
0ctober 17, 2012
We have been made aware of phishing emails that may currently be circulating. If you receive one of these emails do NOT click on any links within the document. It is recommended that you permanently delete the email. Following are brief descriptions of these fraudulent communications:
Emails appear to be coming from the Federal Reserve Information System regarding an "Immediate Transfer completed". These emails are fraudulent and contain links that appear to route the recipients to further information regarding the transfer.
Emails appear to be coming from a NetTeller email address such as; firstname.lastname@example.org with the subject line of NetTeller Watch Notice. These are bogus emails trying to get recipients to click on the embedded access link.
Fraudsters use many variations of these emails to try to trick recipients to click on links to attempt to capture personal information or infect the users computer. Please be suspect anytime you receive an email from an unknown source or a suspicious email that appears to be from a known source that is unexpected.
If at anytime you have concerns that your account credentials or other banking related information has been compromised please contact Community First Bank immediately. Any questions or concerns can be directed to me or any member of the Electronic Banking Department at Community First Bank 608-375-4117 or by email at email@example.com.
Electronic Banking Officer
Community First Bank
925 Wisconsin Ave.
P.O. Box 307
Boscobel, WI 53805-0307
Better Business Bureau Issues Nationwide Scam Warning
From: NACHA Member Communications &nnbsp;
7/23/12 - Subsequent communications may be issued by NACHA on this topic as
additional details become available.
The BBB has issued a nationwide warning about a new scam claiming that President Obama will pay consumers' utility bills through a new federal program.
Consumers have been contacted through telephone calls, fliers, social media and text messages, and other means with claims that President Obama is providing credits or applying payments to utility bills.
To receive the money, scammers claim they need the consumer's Social Security Number, and bank routing number and/or account number. In return, customers are given a fraudulent bank routing number to use in order to pay their utility bills through an automated (telephone) service.
The payment service initially 'accepts' the payment but then declines it within a few days when the banking information is discovered to be invalid. The consumer's bill has not been paid and his/her SSN and personal financial information have been compromised.
The BBB offers tips to consumers to avoid becoming a victim of this scam, and additional information on identify theft scams. NACHA maintains a Fraud & Phishing Resource area on www.nacha.org.
U.S. Law Firms Continue to be the Target of Counterfeit Check Scheme
03/12/12—The IC3 continues to receive reports of counterfeit check schemes targeting U.S. law firms. The scammers contact lawyers via e-mail, claiming to be overseas and requesting legal representation in collecting a debt from third parties located in the U.S. The law firms receive a retainer agreement and a check payable to the law firm. The firms are instructed to deposit the check, take out retainer fees, and wire the remaining funds to banks in China, Korea, Ireland, or Canada. After the funds are wired overseas, the checks are determined to be counterfeit.
In a slight variation of the scheme’s execution, the victim law firm receives an e-mail from what appears to be an attorney located in another state requesting assistance for a client. The client needs aid in collecting a debt from a company located in the victim law firm’s state. In some cases, the name of the referring attorney and the debtor company used in the e-mail were verified as legitimate entities and were being used as part of the scheme. The law firm receives a signed retainer agreement and a check made payable to the law firm from the alleged debtor. The client instructs the law firm to deposit the check and to wire the funds, minus all fees, to an overseas bank account. The law firm discovers after the funds are wired that the check is counterfeit.
Law firms should use caution when engaging in transactions with parties who are handling their business solely via e-mail, particularly those parties claiming to reside overseas. Attorneys who agree to represent a client in circumstances similar to those described above should consider incorporating a provision into their retainer agreement that allows the attorney to hold funds received from a debtor for a sufficient period of time to verify the validity of the check.
New Variation on Telephone Collection Scam Related to Delinquent Payday Loans
02/21/12—The Internet Crime Complaint Center (IC3) continues to receive complaints from victims of payday loan telephone collection scams. As previously reported in December 2010, the typical payday loan scam involves a caller who claims the victim is delinquent on a payday loan and must make payment to avoid legal consequences.
Callers pose as representatives of the FBI, “Federal Legislative Department,” various law firms, or other legitimate-sounding agencies and claim to be collecting debts for companies such as United Cash Advance, U.S. Cash Advance, U.S. Cash Net, or other Internet check-cashing services. The fraudsters relentlessly call the victim’s home, cell phone, and place of employment in attempts to obtain payment. The callers refuse to provide information regarding the alleged payday loan or any documentation and become verbally abusive when questioned.
The IC3 has observed variations of this scam in which the caller tells the victim that there are outstanding warrants for the victim’s arrest. The caller claims that the basis of the warrants is non-payment of the underlying loan and/or hacking. If it’s the latter, the caller tells the victim that he or she is wanted for hacking into a business’ computer system to steal customer information. The caller will then demand payment via debit/credit card; in other cases, the caller further instructs victims to obtain a prepaid card to cover the payment.
The high-pressure collection tactics used by the fraudsters have also evolved. In one recent complaint, a person posed as a process server and appeared at the victim’s job. In another instance, a phony process server came to a victim’s home. In both cases, after claiming to be serving a court summons, the alleged process server said the victim could avoid going to court if he or she provided a debit card number for repayment of the loan.
If you are contacted by someone who is trying to collect a debt that you do not owe, you should:
- Contact your local law enforcement agencies if you feel you are in immediate danger;
- Contact your bank(s) and credit card companies;
- Contact the three major credit bureaus and request an alert be put on your file;
- If you have received a legitimate loan and want to verify that you do not have any outstanding obligation, contact the loan company directly;
E-mail Claiming to Be From the FDIC - February 15, 2012
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being sent from the FDIC.
While the e-mails exhibit variations in the "From" and "Subject" lines, the messages are similar. The fraudulent e-mails are meant to notify recipients that “Your ACH and Wire transaction abilities have been temporarily withhold for your security, because your security version expired.”
They then instruct recipients to “Please download and install the updated installations” by clicking on a hyper-link provided (Note: the Web site addresses (URL) vary widely).
Finally, most of the e-mails then state, “As soon as you have installed it, your account transactions will be completely reinstated.”
Timeshare Marketing Scams
01/25/12—Timeshare owners across the country are being scammed out of millions of dollars by unscrupulous companies that promise to sell or rent the unsuspecting victims’ timeshares. In the typical scam, timeshare owners receive unexpected or uninvited telephone calls or e-mails from criminals posing as sales representatives for a timeshare resale company. The representative promises a quick sale, often within 60-90 days. The sales representatives often use high-pressure sales tactics to add a sense of urgency to the deal. Some victims have reported that sales representatives pressured them by claiming there was a buyer waiting in the wings, either on the other line or even present in the office.
Timeshare owners who agree to sell are told that they must pay an upfront fee to cover anything from listing and advertising fees to closing costs. Many victims have provided credit cards to pay the fees ranging from a few hundred to a few thousand dollars. Once the fee is paid, timeshare owners report that the company becomes evasive—calls go unanswered, numbers are disconnected, and websites are inaccessible.
In some cases, timeshare owners who have been defrauded by a timeshare sales scheme have been subsequently contacted by an unscrupulous timeshare fraud recovery company as well. The representative from the recovery company promises assistance in recovering money lost in the sales scam. Some recovery companies require an up-front fee for services rendered, while others promise no fees will be paid unless a refund is obtained for the timeshare owner. The IC3 has identified some instances where people involved with the recovery company also have a connection to the resale company, raising the possibility that timeshare owners are being scammed twice by the same people.
If you are contacted by someone offering to sell or rent your timeshare, the IC3 recommends using caution. Listed below are tips you can use to avoid becoming a victim of a timeshare scheme:
- Be wary if a company asks you for up-front fees to sell or rent your timeshare.
- Read the fine print of any sales contract or rental agreement provided.
- Check with the Better Business Bureau to ensure the company is reputable.