As a Union Savings Bank customer, you should know that we will never ask you to provide personal or financial information, including by phone, e-mail or any other form of correspondence.
We have been advised that a rash of Loan Modification/Foreclosure scams have surfaced from the ongoing housing crisis. These so-called foreclosure rescue companies or foreclosure assistance firms claim they can help you save your home if you are in financial distress.
Here is how the scam works
The scam artist sends personalized letters or emails to homeowners. They also purchase ads/commercials on the Internet, on television, or in the newspaper, posters on telephone poles, median strips and at bus stops, or flyers or business cards at your front door.
The scam artists use simple and straight-forward messages, such as: “Stop Foreclosure Now!” or “We guarantee to stop your foreclosure.” in their advertisements.
Here are some Red flags that should make you stop and think as well as avoid:
Guarantees to stop the foreclosure process – no matter what your circumstances
Instructs you not to contact your lender, lawyer, or credit or housing counselor
Collects a fee before providing you with any services
Accepts payment only by cashier’s check or wire transfer
Encourages you to lease your home so you can buy it back over time
Tells you to make your mortgage payments directly to it, rather than your lender
Tells you to transfer your property deed or title to it
Offers to buy your house for cash at a fixed price that is not set by the housing market at the time of sale
Offers to fill out paperwork for you
Pressures you to sign paperwork you haven’t had a chance to read thoroughly or that you don’t understand.
If you think you’ve been a victim of foreclosure fraud, contact:
Federal Trade Commission
Your state Attorney General
Your local Better Business Bureau
Remember never give out your personal information if you are the least bit suspicious of the request. When in doubt, call the company to verify that the information request is legitimate. As reminder, Union Savings Bank will never ask you to provide your banking information via email. We will always contact you through approved secure communication channels.
ZeuS Trojan Email Malware Campaign(June 2010)
Dear Valued Customer,
We have been advised that a new malicious email malware campaign called “Zeus Trojan” is currently being circulated by criminal organizations. These email spam messages are disguised as fraud alerts from the Internal Revenue Service, Twitter account hijack warnings and salacious Youtube.com videos.
The fake IRS e-mails contain the subject line "Notice of Underreported Income" and encourage the recipient to click a link to review their tax statement. All of the latest e-mails use a variety of URL shortening services. For example, this shortened link…
hxxp://qurl.com/zv9j7 (this is an example and not the real shortened URL)
….when clicked reverts to:
hxxp://www.irs.gov.vrddr.ru/fraud_application/directory/statement.php?tid=00000143073750US (this is an example and not the real shortened URL)
….which takes the user to one of dozens of identical Web pages that spoof the IRS and
encourage visitors to download and review their tax statement. By clicking on
the link the user unknowingly is adding malware to their computers.
Always be alert when any company asks you to provide confidential personal information. Do not click on attachments included in unsolicited e-mails, especially those that encourage you to act quickly. Examine the request closely, and look for indicators that an email may be fraudulent in nature. When in doubt about a suspicious email, never open the email and any attachments without first contacting the company to verify the legitimacy of the request.
You should also contact your Internet Service Provider so they may block suspicious messages from your e-mail inbox. To learn more about how to control and manage your incoming e-mails, please refer to your Internet Service Providers’ online resources. You may also visit the Federal Trade Commission’s web site on spam at http://www.ftc.gov/spam.
Also, note that the IRS has stated emphatically that it does not communicate with citizens via e-mail.>
Automated Phone Phishing Scam for Bank Card Information(March 2010)
We have been notified by several customers who indicated they have recently received “automated” phone calls. In all instances, the automated system stated that their bank card was deactivated due to fraudulent activity on their account by a third party and in order to re-activate it they must call back and enter their bank card and pin information.
Union Savings Bank would never initiate an automated call such as this and we suspect it is a fraudulent attempt to obtain confidential information.
Please remember that it is important to safeguard your personal financial information, and should you receive a call that seems suspicious hang up! Report such calls to Union Savings Bank by calling our Client Services Department locally at 203.830.4200 or toll-free at 1.866.872.1866; and to the FCC (Federal Communications Commission), which has jurisdiction over telephone communications. To File a Complaint – Go to the complaint section of the FCC Web site at: http://esupport.fcc.gov/complaints.htm.
And if you do respond to a call by providing account information, like the examples above, contact Union Savings Bank immediately to close any accounts and/or cancel any cards.
Spear Phishing Alert (February 2010)
Over the past several months there has been a significant increase in funds transfer fraud that has involved exploiting the valid online banking of small- and medium-sized businesses. In the most usual situation, the targeted business receives a “spear phishing” email which either contains an infected attachment, or directs the recipient to an infected Web site.
When recipients open the attachment or visit the Web site, malware is installed on their computer that harvests their business or corporate bank account log-in information. “Money mules” serve as a conduit between the business bank account and the hacker’s bank account. In most cases, the funds disappear into a foreign bank account too quickly for the cyber-theft trail to be detected.
Many types of spear-phishing have been used by criminal groups including messages impersonating the Better Business Bureau, US Court System, IRS and UPS to name a few. The fraud is carried out when the fraudster creates another user account from the stolen credentials or directly initiates a funds transfer masquerading as the legitimate user. The consequences of these intrusions can be disastrous as funds will seldom, if ever, be recovered.
Every business is responsible for the security, safety and integrity of their computer systems. We have listed below some recommendations for limiting the exposure to unauthorized funds transfers:
Reconcile all banking transactions on a daily basis.
Initiate ACH payments under dual control with a transaction originator and a separate transaction authorizer.
The originator and authorizer should never use the same computer.
Separate users that can create payment templates from those that can submit transactions.
Carry out all online banking activities from a stand alone, hardened and completely locked down computer system from which e-mail and Web browsing are not possible.
Be suspicious of e-mails purporting to be from a financial institution, government department or other agencies, especially those asking for your banking information.
Be cautious when opening file attachments or clicking on web links in suspicious emails as your system could be exposed to malicious code that could hijack their computer.
Install a dedicated, actively managed firewall.
Never share user names or passwords.
If fraud is suspected, contact the bank immediately and cease all activity from the computer systems that may be compromised. If the fraud is identified, contact the local police and the local FBI field office.
Remember, we will never ask you to provide your banking information via email. Please call the Corporate Services Department at 830-6927 or 830-6923 with any questions or concerns or to discuss any changes to privileges or permissions in the iLink or any business banking system.
VISA® Fraud (August 2009)
Visa has notified Union Savings Bank that a number of fraudulent transactions have occurred in 23 foreign countries. In order to safeguard your Visa Check Card, we are asking you to contact our Client Service Center during normal business hours at 1-866-872-1866 if you are scheduled to travel outside the United States and want to use your Check Card.
For your convenience, listed below are the foreign countries in which fraudulent transactions have occurred: Brazil, Bulgaria, Canada, Cyprus, France, Germany, India, Israel, Italy, Japan, Korea (democratic People’s Republic of), Luxembourg, Malaysia, Mexico, Philippines, Saint Kitts & Nevis, South Africa, Spain, Sweden, Thailand, Turkey, United Arab Emirates and United Kingdom
Fraudulent Phone Calls (August 2009)
Over the past few weeks Union Savings Bank customers have been receiving phone calls from individuals identifying themselves as Union Savings Bank representatives, asking for information about the customer’s debit/ATM card (card number, PIN number, etc.) In some cases, the caller claims the card has been suspended. These are not calls originating from Union Savings Bank, and we believe they are fraudulent.
E-Mail Scam (June 2009)
Dear Valued Customer,
Verified by Visa, a program which provides additional security for Visa cardholders making online purchases, confirmed yesterday that it had been targeted by a Phishing E-Mail Scam.
Phishing is a scam where the perpetrator sends out legitimate-looking e-mails that appear to be from a well-known or trusted company in an effort to “phish” or gather personal and/or financial information from you.
Union Savings Bank will never email you to ask personal information. Always be alert when any company asks you to provide confidential personal information. Examine the request closely, and look for indicators that an email may be fraudulent in nature:
• The email does not include a contact phone number • The email contains threatening language • Email contains typographical or spelling errors • Email comes from an email address other than the company referenced
Never give out your personal information if you are the least bit suspicious of the request. When in doubt, call the company to verify that the information request is legitimate.
The email below is an example of the type of correspondence that was in circulation yesterday until Visa was made aware of the problem and took action to bring down the bogus website Fraudulent indicators in this Verified by Visa example include:
• The email references a service of Visa yet the sender is an email address other than Visa (commonwe.com) • There is no contact phone number • The email contains threatening language such as “If you do not do so you will not be able to shop online with your visa card”
From: Verified By Visa Subject: You have one new message To: janedoe@acme.com Date: Monday, June 1, 2009, 3:42 PM Dear Visa Card user,
In addition to our other ways of preventing, detecting, and resolving fraud, we offer Verified by Visa, a free, simple-to-use and free service that confirms your identity with an extra password when you make an online transaction.
Since May 01 2009 we require all our customers to enroll their visa cards in the Verified by Visa program. If you do not do so you will not be able to shop online with your visa card.
This is a reminder to activate the Verified by Visa feature for your card as soon as possible.
Please download the form attached to this email and open it in a web browser. Once opened, you will be provided with steps to activate the Verified by Visa feature.
We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you. We apologize for any inconvenience.
