First for You. Looking out for
your safety first.
Stay Secure, Save Paper, and Save Time with this paperless option.
» Learn More
Community First Bank is committed to helping you keep your personal account information safe and secure. Community First Bank will never send unsolicited emails asking clients to provide, update, or verify personal or account information, such as passwords, Social Security numbers, PINs, credit or Check Card numbers, or other confidential information.
FRAUD: Unauthorized Access of Card Data at the Wilderness Resorts in Wisconsin and Tennessee
Please be aware of the recent announcement made pertaining to unauthorized access to the point of sale system that is used to process transactions for Wilderness Resorts in Wisconsin. Below is an excerpt from a press release:
This notice pertains to any customer who used a credit card or debit card at the Wilderness Resorts in Wisconsin or Tennessee from December 12, 2008 to May 25, 2011. In advance, Vacationland Vendors apologies for any inconvenience that you may experience from the circumstances described below
Vacationland Vendors recently discovered that an unauthorized person wrongfully accessed certain parts of the point of sales systems that Vacationland Vendors uses to process credit and debit transactions at the Wilderness Resorts. Based upon its investigation to date, Vacationland Vendors reasonably believes that a computer hacker improperly acquired credit card and debit information. This incident did not involve an internal security issue within the Wilderness Resort. Vacationland Vendors has learned that other businesses just like its’ own have been affected by this computer hacker.
Vacationland Vendors has moved swiftly to address this unfortunate incident and is working with an outside consultant to ensure that its point of sale systems are secure and protected from any further intrusions.
If you have used your credit card or debit card at the Wilderness Resort locations from December 12, 2008 through May 25, 2011, please consider taking the following immediate steps in order to prevent the unauthorized and unlawful use of your personal information:
- Watch for any unusual activity on your bank statements, credit card account or suspicious items on your bills.
- Contact any of your credit card issuers, banks or credit unions, and inform them of this incident.
- Place a fraud alert on your consumer credit file. A fraud alert instructs creditor to watch for unusual or suspicious activity in your accounts, and provides creditors with notice to contact you separately before approving an extension of credit. To place a fraud alert, free of charge, contact one of the three national credit reporting agencies listed below. You do not need to contact all three; rather, the agency that you contact will forward the fraud alert to the other two agencies on your behalf.
Atlanta, GA 30348-5069
Fullerton, CA 92834
PHISHING: Scammers pretend to be fraud investigative agents for Visa and MasterCard in order to obtain credit card security codes
Phishing refers to online, telephone and e-mail scams that attempt to trick consumers into revealing personal information, such as check and credit card account numbers, Social Security numbers, or bank account passwords.
We have received reports of people being called from the "Security and Fraud Department at VISA". They say your card may have been compromised, and proceed to give you the information about your card, including the issuing bank, all or part of the credit card number and maybe even the last 4 digits of your social security number. The only piece of information they ask you to confirm is the 3-digit security code on the back of the card "to confirm that you are in possession of the card...."
Credit card companies will NEVER ask you to read them ANY information off of your card. This is just a reminder to never give out any identifying information over the phone, in an email, or on a website to someone who is asking you to confirm an account, or credit card information. If you think you have been tricked into giving that information, you should initiate a call to the credit card issuers and inform them of the incident. You may need to cancel that card and have a new one re-issued.
FRAUD: FDIC Issues Special Alert on Fraudulent E-Mails With Infected Attachment
The FDIC issued a special alert on fraudulent e-mails that appear to be sent from the agency and contain an infected attachment. The bogus e-mails have addresses on the 'From" line such as "email@example.com" or "firstname.lastname@example.org"; inform recipients that their "account ACH and WIRE transaction have been temporarily suspended for security reasons"; and contain spelling and grammatical errors. The e-mails' attachment -- "FDIC_document.zip" -- is likely to release malicious software if opened, the FDIC said.
Special Alert: SA-21-2011: Fraudulent "ACH and Wire transfers" E-Mails
E-Mails Summary: Fraudulent e-mails claiming to be from the FDIC are in circulation. The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.
The e-mails appear to be sent from various "@fdic.gov" e-mail addresses, such as "email@example.com," "firstname.lastname@example.org," or "email@example.com."
They have various subject lines such as "Update for your banking account," "ACH and Wire transfers disabled," and "Banking security update." The fraudulent messages state:
"Dear clients, Your account ACH and Wire transactions have been temporarily suspended for your Security, due to the expiration of your security version. To download and install the newest Updates, follow this link. As soon as it is set up, your transaction abilities will be fully restored. Best regards, Online security department, Federal Deposit Insurance Corporation."
These e-mails and links are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT install any related files or software updates.
Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact bank customers, nor does the FDIC request bank customers to install software upgrades.
Date: 06/20/11 4:45 PM
We have received notification of numerous fraudulent emails appearing to be from NACHA and the Federal Reserve. These emails are similar in nature regarding rejected or canceled transactions. DO NOT CLICK ON THE LINK provided in the email. Community First Bank, any government, or private entity does not send this type of information via e-mail. If you have clicked on this link, please contact us immediately so we can take
precautions to protect your account for possible intrusions.
Date: 06/17/2011 03:17 PM
Subject: Fraudulent Email from NACHA
We have received information regarding fraudulent emails that appear to be coming from NACHA. The email is in reference to a Canceled Payment. It is saying there is a cancelled payment and to click the link to view the transaction. A copy of what the email looks like is below.
Please do not click on the attachment in the email. If you have already clicked the link, please notify us immediately at 608-375-4117 and ask for Kim Barto or Deb Hines.
Please know that if there is a problem with an ACH transaction, Community First Bank will notify you via fax and or phone call. Also, please be aware of any emails with attachments that are coming from unknown sources as this could be harmful to your computer.
If you have any questions, please feel free to call us.
SAMPLE OF EMAIL TEXT:
Transaction ID: 3453266565444333333
Reason for rejection View details in the report below
Transaction report report_3453266565444333333.pdf
13450 Sunrise Valley Drive, Suite 100 Herndon, VA 20171 (703) 561-1100
2011 NACHA - The Electronic Payments Association
June 3, 2011
SUMMARY: E-mails that claim to be from the FDIC are reportedly in circulation.
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.
The e-mails appear to be sent from various "@fdic.gov" e-mail addresses, such as firstname.lastname@example.org," "email@example.com," or "firstname.lastname@example.org."
They have subject lines that read: "FDIC: Your business account" or "FDIC: About Your Business Account." The e-mails are addressed to "Business Customer" or "Business Owner" and state "We have important information about your bank" or ".financial institution." They then ask recipients to "Please click here to find details." They conclude with, "This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership."
These e-mails and the link included are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT, under any circumstances, provide any personal financial information through this media.
Financial institutions and consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.
There appears to be a phishing email going around stating there is an unauthorized ACH transaction and to click on the link to view the report. DO NOT CLICK ON THE LINK IN THE EMAIL FROM NACHA. Community First Bank does not send this type of information via e-mail. If you have clicked on this link, please contact us immediately so we can take precautions to protect your account for possible intrusions.
Here is a sample of the email.
= = = = = Sample Email = = = = = =
Sent: Tuesday, February 22, 2011 7:32 AM
To: Doe, John
Subject: ACH transaction rejected
The ACH transaction, recently sent from your checking account (by you or any other person), was cancelled by the Electronic Payments Association.
Please click here to view report
= = = = = = = = = = = = = = = = =
E-mails fraudulently claiming to be from the FDIC are attempting to get recipients to click on a link, which may ask them to provide sensitive personal information. These e-mails falsely indicate that FDIC deposit insurance is suspended until the requested customer information is provided.
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that "in cooperation with the Department of Homeland Security, federal, state and local governments…" the FDIC has withdrawn deposit insurance from the recipient's account "due to account activity that violates the Patriot Act." It further states deposit insurance will remain suspended until identity and account information can be verified using a system called "IDVerify." If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient's computer.
This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.
2010 Alert Archive