Farmers & Merchants Bank logo
  HomeAbout UsNewsCommercials
search

|

Phishing, Vhishing and Smishing

The following scams have been reported:

Active Text Phishing Targeting F&M Bank – November 18, 2013
F&M Bank has received reports of customers and non-customers receiving text messages claiming to be from F&M Bank. The text messages are from a variety of 562 area code numbers and ask the recipient to call (850) 677-3020. The text message either says that they need to contact the Security Department to activate their card or that they have been selected to receive an ‘Achieve Card’ from F&M Bank. Please be advised that these are not legitimate messages from F&M Bank. Do not call the number or provide any sensitive information back to the text message. If you receive a suspicious text message, please report it to information.security@fmb.com.*

NACHA fraud:
The National Automated Clearing House Association (NACHA) has warned of a phishing attempt against them. Random individuals and/or companies may have received a falsified e-mail with the subject title "Rejected ACH Transaction." This e-mail appears to be from NACHA - The Electronic Payments Association telling them that there is a problem with an ACH transaction they have originated. The e-mail includes a link which redirects the individual to a phony web page that appears like the NACHA website and contains a link which is most likely an executable virus. Please alert any financial institution of any questionable email claiming to be from NACHA.

Fraudulent E-Mails Claiming to Be From the FDIC:
The Federal Deposit Insurance Corporation (FDIC) has warned of e-mails that appear to be sent from the FDIC that ask recipients to download and open a "personal FDIC insurance file" to check their deposit insurance coverage. These e-mails are fraudulent and were not sent by the FDIC. The FDIC is attempting to identify the source of the e-mails and disrupt the transmission.

Currently, the subject line of the fraudulent e-mails includes the wording "check your Bank Deposit Insurance Coverage." The e-mails state: "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets."

The e-mails ask recipients to "visit the official FDIC website" by clicking on a hyperlink provided, which appears to be related to the FDIC and directs recipients to a fraudulent Web site. The Web site includes hyperlinks that appear to open forms. However, it is believed that clicking on the hyperlinks will cause an unknown executable file to be downloaded. While the FDIC is working with the United States Computer Emergency Readiness Team (US-CERT) to determine the exact effects of the executable file, recipients should consider the intent of the software as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to online banking services or to conduct identity theft. Financial institutions and consumers should NOT access the Web site or download the executable files provided on the Web site.

Information about counterfeit items, cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F-3054, Washington, D.C. 20429, or transmitted electronically to alert@fdic.gov. Information related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp

leaving site

By clicking the button below, you are navigating to a third party website not maintained by F&M Bank. The third party is solely responsible for the content of its website including its privacy policy and the products and service it offers. If you do not wish to proceed, you can close this box to return to the F&M Bank website.
.

For your reference, FDIC Special Alerts may be accessed from the FDIC's website at http://www.fdic.gov/news/news/SpecialAlert/2009/index.html
leaving site

By clicking the button below, you are navigating to a third party website not maintained by F&M Bank. The third party is solely responsible for the content of its website including its privacy policy and the products and service it offers. If you do not wish to proceed, you can close this box to return to the F&M Bank website.
. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit http://www.fdic.gov/about/subscriptions/index.html
leaving site

By clicking the button below, you are navigating to a third party website not maintained by F&M Bank. The third party is solely responsible for the content of its website including its privacy policy and the products and service it offers. If you do not wish to proceed, you can close this box to return to the F&M Bank website.
.


Types of Scams:

Phishing
Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal consumer's personal identity data and financial account credentials. Social engineering schemes use spoofed e-mails purporting to be from legitimate businesses and agencies to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as usernames and passwords. Technical subterfuge schemes plant crime ware onto PCs to steal credentials directly, often using systems to intercept consumers online account user names and passwords and to corrupt local navigational infrastructures to misdirect consumers to counterfeit websites (or authentic websites through phisher controlled proxies used to monitor and intercept consumers keystrokes).

• Phishing (sometimes called carding or brand spoofing) uses e-mail messages that purport to come from legitimate businesses that one might have dealings with such as:

• banks such as Citibank

• online organizations such as eBay and PayPal

• Internet service providers such as AOL, MSN, Yahoo and EarthLink

• online retailers such as Best Buy

• insurance agencies

• The messages may look quite authentic

• They feature corporate logos and formats similar to the ones used for legitimate messages.

• Typically, they ask for verification of certain information, such as account numbers and passwords, allegedly for auditing purposes or Security concerns of the account.

Vhishing
Also called "VoIP phishing," it is the voice counterpart to phishing. Instead of being directed by e-mail to a Web site, an e-mail message asks the user to make a telephone call. The call triggers a voice response system that asks for the user's credit card number. The initial bait can also be a telephone call with a recording that instructs the user to phone an 800 number.

In either case, because people are used to entering credit card numbers over the phone, this technique can be effective. Voice over IP (VoIP) is used for vhishing because caller IDs can be spoofed and the entire operation can be brought up and taken down in a short time, compared to a real telephone line.

Smishing
Similar to phishing, smishing uses cell phone text messages to deliver the "bait" to get you to divulge your personal information. The "hook" (the method used to actually "capture" your information) in the text message may be a web site URL, however it has become more common to see a phone number that connects to automated voice response system.

The smishing message usually contains something that wants your "immediate attention", some examples include "We're confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order on this URL: www.?????.com."; "(Name of popular online bank) is confirming that you have purchased a $1500 computer from (name of popular computer company). Visit www.?????.com if you did not make this online purchase."; and "(Name of a financial institution): Your account has been suspended. Call ###.###.#### immediately to reactivate." The "hook" will be a legitimate looking web site that asks you to "confirm" (enter) your personal financial information, such as your credit/debit card number, CVV code (on the back of your credit card), your ATM card PIN, SSN, e-mail address, and other personal information. If the "hook" is a phone number, it normally directs to a legitimate sounding automated voice response system, similar to the voice response systems used by many financial institutions, which will ask for the same personal information.

This is an example of a (complete) smishing message in current circulation: "Notice - this is an automated message from (a local credit union), your ATM card has been suspended. To reactivate call urgent at 866-###-####."

In many cases, the smishing message will show that it came from "5000" instead of displaying an actual phone number or from a company domain. This usually indicates the SMS message was sent via e-mail to the cell phone, and not sent from another cell phone.

This information is then used to credit duplicate credit/debit/ATM cards. There are documented cases where information entered on a fraudulent web site (used in a phishing, smishing, or vishing attack) was used to create a credit or debit card that was used halfway around the world.
All F&M Bank Certificates of Deposit are subject to penalties for early withdrawal.
Money Market accounts are limited to six withdrawals or transfers to another account of yours or to a third party by means of a preauthorized or automatic transfer or telephone order or instruction, computer transfer, or by check, draft, debit card or similar order to a third party. Exceeding these limitations may result in transfer of your account to one that pays no interest. A separate application and agreement are required for an ATM card, Online Banking, and Bill Pay privileges. Other transaction limitations or account fees may apply. Refer to the account agreements for details.
Applications limited to California residents only. Credit card applicant(s) require a personal deposit account relationship with F&M. All credit card programs require credit approval. Full details about these programs are provided when you apply and additional information is provided when you become a cardholder. Coverage is underwritten and administered by companies affiliated with Visa USA Inc. Certain coverage conditions, restrictions, limitations and exclusions apply.
Home equity lines of credit are available for both primary residence and second home locations. The plan has a variable rate feature. The index is the prime rate as published in the Wall Street Journal with a minimum floor rate of 4.750%. Maximum combined loan to value is 55.00% with line amounts available up to $500,000. All loans require credit approval. Terms and conditions may vary. Consult your tax advisor regarding deductibility of interest.
All loans require credit approval. Terms and conditions may vary.
Please be advised that without the loan number and signature, there may be a delay in processing your request.
All loans require a separate application and credit approval.
Business interest on checking accounts is available to sole proprietors and non-profit entities only. Other transaction or account fees may apply. Refer to the account agreements for details.
Savings accounts are limited to six pre-arranged withdrawals per statement cycle. Other transaction limitations or account fees may apply. Refer to the account agreements for details.
Credit card applicant(s) require a business deposit account relationship with F&M.  All credit card programs require credit approval.  Full program details are provided when you apply and additional information is provided when you become a cardholder. Coverage is underwritten and administered by companies affiliated with Visa USA Inc. Certain coverage conditions, restrictions, limitations and exclusions apply.
All loans are subject to credit approval.
Online Banking requires a Business Checking account. A separate application and agreement are required for Online Banking, Cash Management Services, or Bill Pay privileges. Other transaction or account fees may apply. Refer to the account agreements for details.
Savings accounts are limited to six pre-arranged withdrawals per statement cycle. A separate application and agreement are required for Online Banking and Bill Pay privileges. Transactions initiated between the hours of 3:00 PM and 12:00 AM PST on weekends or holidays will be processed the next business day. Other transaction limitations or account fees may apply. Refer to the account agreements for details.
Online Banking requires a Business or Personal account with F&M Bank. A separate application and agreement are required for Online Banking, Cash Management, and Bill Pay services. Transfers between accounts will be processed immediately if requested by 6pm. All other transactions initiated between the hours of 3:00 PM and 12:00 AM PST on weekends or holidays will be processed the next business day. Other transaction limitations or account fees may apply. Refer to the account agreements for details.
Some exclusions may apply.
The following Privacy Notice applies to Farmers & Merchants Bank customers only.
Since email is not a secure method of communication, please do not send any sensitive information (e.g. Social Security or account numbers) via email. If you need to include sensitive information in your communication to us, please contact us by phone.
Subject to credit approval, certain restrictions and limitations may apply.
No Closing Costs to the consumer for lines of $250,000.00 or less on refinance transactions. Loan amounts over $250,000.00 and all purchase transactions, third party or related origination costs to be paid by Borrower.