Security Alerts

Email Fraud Alert - June 9, 2010

First National Bank wants you to be aware of an email-based scam that attempts to collect confidential and financial information. These scams are often referred to as "phishing."

A phishing email has been sent out that fraudulently states that your account is being blocked and that you are required to update or verify your account information by clicking a link that takes you to a fake login site. Do not click the link in the email as the website you are taken to is not a First National Bank website, but rather a fraudulent website made to look like the Online Banking login page.

First National Bank does not:

• Send emails regarding account deactivation, account lockouts, or other problems.
• Send emails asking you to provide, update or verify your personal, business, account or other confidential information.

What to Do if you entered information on the Fraudulent Site:

If you have entered personal information after clicking on the link or suspect fraudulent behavior, please call us immediately at (215) 860-9100 or contact your local branch. If you have received a fraudulent email, please forward it to onlinebankingmanager@fnbn.com. Please do not remove the original subject line, or change the email in any way when you forward it to us.

First National Bank Public Website Defaced - May 5, 2010

Between approximately 7:30 pm and 10:00 pm on Wednesday, May 5th our public website that is hosted at our Internet service provider was defaced by a hacker. The website displayed a message that said "Hacked By GhoST61" and a picture of the first President of Turkey. This did not infect our secure online banking server which is housed at the bank. Customers saw the "hacked" message after they exited from Online Banking and were directed back to our public website or by visit our public website directly. There was no account information compromised during the incident as the secure server which contains that information was not penetrated. Likewise the screen that customers saw did not indicate that there is anything wrong with their computers. The defacing did not transmit a virus or any malicious software onto any customer's computer.

We apologize for the concern and inconvenience that this caused our customers. If you have any further questions, feel free to contact the Online Banking Manager at 215-579-3415.

Haitian Earthquake Relief Scams - January 14, 2010

The Federal Bureau of Investigation has posted a warning regarding possible Haitian earthquake relief scams. The FBI reminds internet users who receive appeals to donate money in the aftermath of Tuesday’s earthquake in Haiti to apply a critical eye and do their due diligence before responding to those requests. Past tragedies and natural disasters have prompted individuals with criminal intent to solicit contributions purportedly for a charitable organization and/or a good cause. Therefore, before making a donation of any kind, consumers should adhere to certain guidelines, to include the following:

• Do not respond to any unsolicited (spam) incoming e-mails, including clicking links contained within those messages.
• Be skeptical of individuals representing themselves as surviving victims or officials asking for donations via e-mail or social networking sites.
• Verify the legitimacy of nonprofit organizations by utilizing various Internet-based resources that may assist in confirming the group’s existence and its nonprofit status rather than following a purported link to the site.
• Be cautious of e-mails that claim to show pictures of the disaster areas in attached files because the files may contain viruses.
• Only open attachments from known senders. Make contributions directly to known organizations rather than relying on others to make the donation on your behalf to ensure contributions are received and used for intended purposes.
• Do not give your personal or financial information to anyone who solicits contributions: Providing such information may compromise your identity and make you vulnerable to identity theft.

Anyone who has received an e-mail referencing the above information or anyone who may have been a victim of this or a similar incident should notify the IC3 via www.ic3.gov.

Social Security Sending Corrected Benefit Notices - December 2009

The Social Security Administration earlier this month mailed notices that contained incorrect January 2010 payment dates. These erroneous notices went to about 6 million beneficiaries who receive their payments on either the second, third, or fourth Wednesday of each month, and are part of the annual benefit notices that go to 52 million Social Security beneficiaries. In the notice the payment date is incorrectly shown as one week before what the actual date of payment will be. The other information in the notice, including the payment amount, is correct. Social Security is sending a letter explaining the error to beneficiaries who received the incorrect one as soon as possible.

"We apologize for the inconvenience and confusion these incorrect notices will cause," said Michael J. Astrue, Commissioner of Social Security. "The problem was caused by an unfortunate human error. We are correcting the misinformation as quickly as possible, and we are reviewing our processes closely to prevent this type of mistake from happening in the future. People receiving Social Security benefits in January 2010 should know that their payment will arrive on the same payment day that it has arrived in the past."

Fraudulent E-mail Claiming to Be From the FDIC – October 26, 2009

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.

The subject line of the e-mail states: "check your Bank Deposit Insurance Coverage." The e-mail tells recipients that, "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets.”

The e-mail then asks recipients to "visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage" (a fraudulent link is provided). It then instructs recipients to “download and open your personal FDIC Insurance File to check your Deposit Insurance Coverage.”

This e-mail and associated Web site are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.

The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.

Lottery Scam

There have been several reports of customers receiving an email saying that they have won a prize from "Yahoo Awards Center". This is simply a newer twist on the traditional "lottery scam".

Click here to see a copy of the email.

A typical lottery scam begins with an unexpected email notification that "You have won!" a large sum of money in a lottery. The recipient of the message — the target of the scam — is usually told to keep the notice secret, "to avoid disqualification that may arise from double claim". After contacting the agent, the target of the scam will be asked to pay "processing fees" or "transfer charges" so that the winnings can be distributed, but will never receive any lottery payment. Despite what the email says, the message is not from Yahoo.

Remember: Unless someone has bought a ticket, they cannot have won a prize. There are no such things as "email" draws or any other lottery where "no tickets were sold". This is simply another invention by scammers to make the victim believe that they have won.

New Text Message Scam

Customers have reported getting text messages from someone claiming to be from the bank. The test message requests that personal banking information be texted back to the alleged bank representative. First National Bank does not send text messages to customers. Please do not give out any information via text messaging.

New Credit Card Scam

The callers do not ask for your card number; they already have it. This information is worth reading. By understanding how the VISA & Master Card Telephone Credit Card Scam works, you'll be better prepared to protect yourself.

One of our employees was called on Wednesday from 'VISA', and I was called on Thursday from 'Master Card'.. The scam works like this: Caller: 'This is (name), and I'm calling from the Security and Fraud Department at VISA. My Badge number is 12460. Your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a Marketing company based in ?'

When you say 'No', the caller continues with, 'Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?'

You say 'yes'. The caller continues - 'I will be starting a Fraud investigation. If you have any questions, you should call the 1- 800 number listed on the back of your card (1-800 -VISA) and ask for Security.'

You will need to refer to this Control Number. The caller then gives you a 6 digit number. 'Do you need me to read it again?'

Here's the IMPORTANT part on how the scam works. The caller then says, 'I need to verify you are in possession of your card'. He'll ask you to 'turn your card over and look for some numbers'. There are 7 numbers; the first 4 are part of your card number, the next 3 are the security Numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the 3 numbers to him.  After you tell the caller the 3 numbers, he'll say, 'That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?' After you say No, the caller then thanks you and states, 'Don't hesitate to call back if you do, and hangs up.

You actually say very little, and they never ask for or tell you the Card number.. But after we were called on Wednesday, we called back within 20 minutes to ask a question.. Are we glad we did! The  REAL VISA Security Department told us it was a scam and in the last 15 minutes a new purchase of $497.99 was charged to our card.

Long story - short - we made a real fraud report and closed the VISA account. VISA is reissuing us a new number. What the scammers want is the 3-digit PIN number on the back of the card Don't give it to them. Instead, tell them you'll call VISA or Master card directly for verification of their conversation. The real VISA told us that they will never ask for anything on the card as they already know the information since they issued the card!  If you give the scammers your 3 Digit PIN Number, you think you're receiving a credit. However, by the time you get your statement you'll see charges for purchases you didn't make, and by then it's almost too late and/or more difficult to actually file a fraud report.

Flurry of Spam Targeting the Federal Bureau of Investigation

12/11/08—Consumers continue to be inundated by spam purportedly from the FBI. As with previous spam attacks, the latest versions use the names of several high ranking executives within the FBI and even the IC3 to attempt to defraud consumers.

Many of the spam e-mails currently in circulation claim to be an "official order" from the FBI's Anti-Terrorist and Monetary Crimes Division, from an alleged FBI unit in Nigeria, confirm an inheritance, or contain a lottery notification, all informing recipients they have been named the beneficiary of millions of dollars. To claim the large sum, recipients are instructed to furnish their personally identifiable information (PII) and are often threatened with some type of penalty, such as prosecution, if they fail to do so. Specific PII information requested includes, but is not limited to, the recipient's name, banking information, telephone number, and a copy of their passport.

The spam e-mail allegedly from the IC3 states that the recipient has extorted money and will be given a limited amount of time to refund the money or face prosecution.

Do not respond. These e-mails are a hoax.

The FBI does not send unsolicited e-mails of this nature. FBI executives are briefed on numerous investigations but do not personally contact consumers regarding such matters. In addition, the IC3 does not send threatening letters to consumers demanding payments for Internet crimes.

Consumers should not respond to any unsolicited e-mails or click on any embedded links associated with such e-mails, as they may contain viruses or malware.

It is imperative consumers guard their PII. Providing your PII will compromise your identity.

If you have been a victim of Internet crime, please file a complaint at www.ic3.gov.

Fraudulent Lottery Scams

First National Bank advises you that there is another lottery scheme out there using our information. A sample of the check is below. Names and addresses have been changed or marked out to protect identities. Please be advised that these checks are counterfeit and should not be negotiated. We do not have any relationship with lotteries of this type.

IRS Warns of New E-Mail and Telephone Scams Using the IRS Name

Some people have received phone calls about the economic stimulus payments, in which the caller impersonates an IRS employee. The caller asks the taxpayer for their Social Security and bank account numbers, claiming that the IRS needs the information to complete the processing of the taxayer's payment. In reality, the IRS uses the information contained on the taxpayer's tax return to process stimulus payments, rather than contacting taxpayers by phone or e-mail.

An e-mail claiming to come from the IRS about the "2008 Economic Stimulus Refund" tells recipients to click on a link to fill out a form, apparently for direct deposit of the payment into their bank account. This appears to be an identity theft scheme to obtain recipients' personal and financial information so the scammers can clean out their victims' financial accounts. In reality, taxpayers do not have to fill out a separate form to get a stimulus payment or have it directly deposited; all they had to do was file a tax return and provide direct deposit information on the return.

FBI Warns of Rise in Phone-Based Scams

New threat: Phishing attempts that ask the victim to call their bank to reactivate a credit card, then provide a false phone number.

With consumers finally getting wise to phishing attacks, scammers are hitting the phones.

The U.S. Federal Bureau of Investigation's Internet Crime Complaint Center (IC3) warned Thursday that so-called "vishing" attacks are on the rise. These are scams where criminals send an e-mail or text message to a victim, saying there has been a security problem and the victim needs to call his or her bank to reactivate a credit or debit card.

"Upon calling the telephone number, the recipient is greeted with 'Welcome to the bank of ...' and then [is] requested to enter their card number in order to resolve a pending security issue," the IC3 said in its alert.

In the past few years, inexpensive VoIP (Voice over Internet Protocol) technology and open-source call-center software has made it inexpensive for scammers to set up phony call centers, paving the way for these new types of scams. Security experts say that vishing can be more effective than traditional phishing techniques -- which direct victims to fake Web sites -- because the voice-based attacks have not been as widely publicized.

A new vishing scam involves sending text messages to cell phones, instructing victims to contact the fake online bank to renew their accounts, the IC3 said.

Those who are unsure whether they have been targeted by this scam should look up the bank's phone number and call the bank directly, the IC3 advises.

Operated in partnership with the FBI and the National White Collar Crime Center, the IC3 is a clearing house for Internet crime complaints.

Pretext Calling and Identity Theft.

Pretext calling is a fraudulent means of obtaining an individual's personal information. Pretext callers may contact financial institution employees, posing as their customers, in order to access customers' personal account information. These callers may also contact consumers at home, posing as employees from a financial institution. Information obtained from pretext calling may be sold to debt collection services, attorneys, and private investigators for use in court proceedings. Identity thieves may also engage in pretext calling to obtain personal information for use in creating fraudulent accounts.

Steps you should take to protect yourself against identity theft and pretext calling include:

Do not give personal information, such as account numbers or social security numbers, over the telephone, through the mail, or over the Internet unless you initiated the contact or know with whom you are dealing.

Store personal information in a safe place and tear up old credit card receipts, ATM receipts, old account statements, and unused credit card offers before throwing them away.

Protect your PINs and other passwords. Avoid using easily available information like your mother's maiden name, your birth date, the last four digits or your social security number, your phone number, etc.

Carry only the minimum amount of identifying information and the number of credit cards that you need.

Pay attention to billing cycles and statements. Inquire of the bank if you do not receive a monthly bill; it may mean the bill has been diverted by an identity theif.

Check account statements carefully to ensure all charges, checks, or withdrawals were authorized.

Guard your mail from theft. If you have the type of mailbox with a flag to signal the box contains mail, do not leave bill payment envelopes in your mailbox with the flag up. Instead, deposit them in a post office collection box or at the local post office. Promptly remove incoming mail.

Order copies of your credit report from each of the three major bureaus once a year to ensure they are accurate. (A fee may apply)

If you prefer not to receive pre-approved offers of credit, you can opt out of such offers by calling 1-888-5-OPT OUT.

If you want to remove your name from many national direct mail lists, send your name and address to:

DMA Mail Preference Service
P.O. Box 9008
Farmingdale, NY 11735-9008

If you want to reduce the number of telephone solicitations from many national marketers, send your name, address and telephone number to:

DMA Telephone Preference Service
P.O. Box 9014
Farmingdale, NY 11735-9014

PIN Reversal Hoax at ATMs

There has been information sent via the internet outlining a safety feature at the ATM known as "PIN reversal." This information stated that a cardholder could enter their PIN in reverse order at an ATM to signify a dangerous situation such as a robbery. In turn, this "PIN reversal" should contact police personnel to assist you.

This is FALSE. This PIN reversal technique is not used at any of FNB Newtown's ATMs. Please review the ATM safety tips listed at the bottom of these alerts.

January 2007 - Potential Visa® Check Card Compromise

First National Bank of Newtown has been notified of a potential Visa® Check Card compromise involving a third party retail corporation. To protect our customers, we have made the decision to issue NEW Visa® Check Cards to all of our cardholders who had debit account information that MAY have been part of this compromise. Please review the following for additional information.

First National Bank of Newtown was recently notified that certain card account information may have been compromised at a third party location. This may have included your Visa® debit card account number. Because ensuring your security is top priority for us, we are taking the proactive step of re-issuing your current Visa® debit card.

It is very important that you follow these steps once you receive your new card:

1. Activate your new card immediately by using your PIN number in any ATM or Point of Sale terminal.
2. Destroy your old card.
3. Be sure to contact any merchants you have set up to automatically debit your debit card (health clubs, cellular phone, Internet Service Provider, etc.) as soon as possible to avoid any disruption in service.

This change will not affect your account number or any other accounts linked to your card. If your old debit card was enrolled in our Points 2U program, your new card will automatically be enrolled and your point balance will remain the same.

Your old card will be canceled no later than 02/28/07.

You can protect yourself even further by following these steps:

• Closely monitor your account. Double check monthly statements to ensure they match your records. If you see any discrepancies, please contact First National Bank of Newtown at wwwfnbn.com or (215) 860-9100 during business hours.
• Review your credit reports for accuracy. Call any one of the three credit reporting agencies to receive your free annual credit report.
  • Equifax® - 800-525-6285 - www.equifax.com
  • Experian® - 888-397-3742 - www.experian.com
  • TransUnion® - 800-680-7289 - www.transunion.com

First National Bank of Newtown and Visa take our obligations to protect the security and privacy of our customers very seriously. If you have any questions or concerns, please don't hesitate to give us a call at (215) 860-9100.

Public Warned about SOCIAL SECURITY E-mail Scam

Jo Anne Barnhart, Commissioner of Social Security, and Patrick O'Carroll, Jr., Inspector General of Social Security, issued a warning today about a new email scam that has surfaced recently.

The Agency has received several reports of an email message being circulated with the subject "Cost-of-Living for 2007 update" and purporting to be from the Social Security Administration. The message provides information about the 3.3 percent benefit increase for 2007 and contains the following "NOTE: We now need you to update your personal information. If this is not completed by November 11, 2006, we will be forced to suspend your account indefinitely." The reader is then directed to a website designed to look like Social Security's Internet website.

Once directed to the phony website, the individual is asked to register for a password and to confirm their identity by providing personal information such as the individual's Social Security number, bank account information and credit card information.

Inspector General O'Carroll recommends people always take precautions when giving out personal information. "You should never provide your Social Security number or other personal information over the Internet or by telephone unless you are extremely confident of the source to whom you are providing the information," O'Carroll said.

To report receipt of this email message or other suspicious activity to Social Security's Office of Inspector General, please call the OIG Hotline at 1-800-269-0271. (If you are deaf or hard of hearing, call the OIG TTY number at 1-866-501-2101). A Public Fraud Reporting form is also available online at OIG's website www.socialsecurity.gov/oig.

SSA Press Office 440 Altmeyer Building 6401 Security Blvd. Baltimore, MD 21235 410-965-8904 FAX 410-966-9973

Fraudulent Lottery Scams

First National Bank advises you that there is another lottery schemes out there using our information. A sample of the letters and checks are below. Please be advised that these checks are counterfeit and should not be negotiated. We do not have any such clients and do not have any relationship with lotteries of this type.

Banking Department Urges Caution when Cashing Cashier's Checks
from People You Don't Know

There have been an increasing number of Pennsylvanians reporting that they are being defrauded by counterfeit cashier's checks.

In general, the fraud unfolds like this: A consumer is part of a fairly large financial transaction with someone who generally says that they live outside of the United States. The types of transactions that have been reported include payments for large items purchased through online auctions, deposits for apartments, and fees for nanny services, for example.

The so-called "buyer" sends an official-looking cashier's check to pay for the service. The consumer, then, takes the check to the bank and cashes it.

There are two ways the scam can unfold: In the first, the buyer sends a check for well over the amount of the purchase (with some excuse about why) and asks the consumer to immediately refund the difference once they've cashed the check. In the second, the buyer waits a day or two (but only a very short time) and makes some excuse for canceling the transaction and asks the consumer to wire all of the money back.

A similar scam suggests that the consumer has ''won'' a lottery or other prize but must send some of the proceeds of the check back for some specific reason, like processing or taxes.

The counterfeit cashier's checks are such good reproductions that they're difficult to spot, even by experienced financial professionals. Despite the fact that the consumer's bank cashes the check, it will not be honored when the bank presents it to the ''issuing'' institution for payment. The bank then, requires the consumer to return the funds.

The problem is that, by the time the fraudulent check works its way through the banking system (which can sometimes take more than 30 days), the con-artist has already taken the consumer's money.

You can protect yourself by:

• understanding that when cashing a cashier's check, even though the bank has provided you with the money, you are responsible for the funds until your bank has received the proceeds from the institution which originally issued the check
• being cautious of transactions with people you don't know who purchase items via cashier's check
• avoiding any situation where someone pays more than the purchase price of an item and demands that the extra money be returned
• being suspect of any cashier's check that just shows up in the mail, especially if it has a ''congratulations'' letter attached
• holding any funds provided by cashier's check from someone you don't know for 30 - 45 days before using those fund, especially when you have any sense that the transaction is out of the ordinary

If you believe that you've been the victim of this type of scam, please call the Pennsylvania Attorney General's office at (800) 441-2555, the U.S. Secret Service at (202) 406-5850, or the Pennsylvania Department of Banking at (800) PA BANKS.

FBI Fraud Alert Questionaire

First National Bank encourages you to review this questionaire about Fraud Scams. If you have any questions or can answer yes to any of the questions, please call us at one of our branches. Click here to see the questionaire

Fraudulent Lottery Scams

First National Bank advises you that there are two lottery schemes out there using our information. A sample of the letters and checks are below. Please be advised that these checks are counterfeit and should not be negotiated. We do not have any such clients and do not have any relationship with lotteries of this type.

Jury Duty Scam Leads to Identity Theft

Here's a new twist scammers are using to commit identity theft: the jury duty scam. Here's how it works:  The scammer calls claiming to work for the local court and claims you've failed to report for jury duty. He tells you that a warrant has been issued for your arrest. The victim will often rightly claim they never received the jury duty notification. The scammer then asks the victim for confidential information for "verification" purposes. Specifically, the scammer asks for the victim's Social Security number, birth date, and sometimes even for credit card numbers and other private information -- exactly what the scammer needs to commit identity theft.  So far, this jury duty scam has been reported in Michigan, Ohio, Texas, Arizona, Illinois, Pennsylvania, Minnesota, Oregon and Washington state.

It's easy to see why this works. The victim is clearly caught off guard, and is understandably upset at the prospect of a warrant being issued for his or her arrest. So, the victim is much less likely to be vigilant about protecting their confidential information.  In reality, court workers will never call you to ask for social security numbers and other private information. In fact, most courts follow up via snail mail and rarely, if ever, call prospective jurors.

Action: Never give out your Social Security number, credit card numbers or other personal confidential information when you receive a telephone call  This jury duty scam is the latest in a series of identity theft scams where scammers use the phone to try to get people to reveal their Social Security number, credit card numbers or other personal confidential information.

It doesn't matter *why* they are calling -- all the reasons are just different variants of the same scam.  Protecting yourself is simple: Never give this info out when you receive a phone call.