Security Alerts

** Please be aware that documents from these alerts may contain links that connect you to other websites. First National Bank is not responsible for the content on other sites. Other websites may treat information they learn about you differently.

“Heartbleed” OpenSSL Vulnerability – April 9, 2014

A group of security researchers uncovered a major vulnerability in the encryption technology used by millions of websites. Called “Heartbleed”, it is a security flaw found in OpenSSL, which is used to protect sensitive data such as emails, passwords or credit card data.

The First National Bank of Newtown does NOT use OpenSSL and therefore is not affected by this discovery.

However, it is estimated that nearly two thirds of websites on the Internet use OpenSSL in some way. Any secure information on those sites such as passwords, email addresses, etc. could be compromised.

The First National Bank always recommends that your online banking password is a unique password that you have never used on any other website.

Also, we recommend changing your online banking password on a regular basis.

If you have any questions, please feel free to contact the Online Banking Department at 215-579-3415.

PHISHING SCAM Alert – February 18, 2014

It has been reported to The First National Bank that some of our customers have received the following text message: Due to suspicious activity, your debit card has been temporarily blocked. In order to unlock, PLEASE call us immediately at: 1-713-988-6565. This is a scam. The First National Bank will never text or call you asking for your account information. If you have received one of these calls or texts, please report it to us immediately at 215-860-9100.

Data Breach at a Target® – December 20, 2013

Attention Debit Card Users: As you have seen in the news, there was a data breach at Target® possibly affecting millions of debit and credit card users. The breach occurred from 11/27/13 through 12/15/13. Please check your account transactions. If you see anything unusual please contact our Customer Call Center at: 215-860-6351. First National Bank is working closely with our debit cardholders that were affected. Click here to read an official announcement from Target® on the breach.

Update as of 12/24/13: FNB is in the process of reissuing all debit cards affected by the Target store compromise. New cards should arrive in 7-10 business days. Please continue to check your account transactions. If you see anything unusual, contact our Customer Call Center at: 215-860-6351.

Organized Crime Ring in our Area – October 1, 2012

Please be aware that a group of criminals, commonly referred to as “The Felony Lane Gang” has been active in our area. Originating in Florida, this group preys on purses that have been left unattended in a vehicle. Common areas include, sports events, gyms, cemeteries and elementary schools. After breaking into the vehicle, the gang will facilitate fraud while assuming the identity of the victim. If you become the victim of this crime, please notify us at 215-860-9100.

PHISHING SCAM Alert – February 28, 2012

It has been reported to First National Bank that some of our customers have received cell phone calls or text messages from someone claiming to be from First National Bank. This is a scam. First National Bank will never text or call you asking for your account information. If you have received one of these calls or texts, please report it to us immediately at 215-860-9100.

MASQUERADING WEB SITE Alert – November 17, 2011

The Office of the Comptroller of the Currency (OCC) has been informed that the Web site, “helpwithmybank.com,” is attempting to masquerade as the legitimate Web site, “helpwithmybank.gov,” and contains potentially damaging malware. The illegitimate site redirects the user to the legitimate site “helpwithmybank.gov” in an attempt to convince users that they are connecting to a legitimate site. Attempts to connect to the fake Web site could expose the user to harmful malware.

NACHA Alert – March 31, 2011

NACHA, the not-for-profit Association that governs electronic movement of money and data, like direct deposits and debit card transactions, has issued an alert concerning fraudulent emails. These emails, appearing to be from NACHA may ask for your personal information so that they can steal your identity, or ask you to open an attachment that will place a virus on your computer. Click on the link below to read NACHA‘s statement. If you think you may have become victim to this scheme, please call us today.

http://www.nacha.org/news/newsDetail.cfm/RecentBusinessNewsID/207

Japan Disaster Scams – March 18, 2011

The Pennsylvania Criminal Intelligence Center has issued an alert regarding new Japan Disaster Scams. Please click this link for more information on this alert.

Email Fraud Alert – January 31, 2011

The First wants you to be aware of a phishing scam email that was received by one of our customers. The email directed the customer to visit a malicious site and download and install a piece of software. Below is the text of the email.

Subject: A NOTE FROM FNB 

Due to the recent Malware and Phishing attacks encountered by our
customers, First National Bank has made it mandatory to all Customers
to download the Rapport Software that will help fight against it. 

Our system shows that you have not downloaded the latest version of
this software that was introduced on 17-01-2010. It is your
responsibility to protect your account by installing this new patch as
a precautionary measure. 

If you do not log on to download this software now, First National Bank
will not be liable for any theft that may occur on your account.

If you receive this email, or any email similar to it, please delete it immediately. Do not click any links within the email, and do not reply to it.

The First does not:

  • Send emails regarding account deactivation, account lockouts, or other problems.
  • Send emails asking you to provide, update or verify your personal, business, account or other confidential information.

FDIC Reports Fraudulent E-mails Claiming To Be from Agency – January 13, 2011

The FDIC said that it has received numerous reports from consumers of fraudulent e-mails that appear to have come from the FDIC. The e-mails say that the FDIC in cooperation with the Department of Homeland Security has withdrawn the recipients’ deposit insurance “due to account activity that violates the Patriot Act.”

It says that deposit insurance will remain suspended until identity and account information can be verified using a system called “IDVerify.” If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient’s computer. Financial institutions and consumers should not access the link provided within the body of the e-mail and or provide any personal information through this media. Read FDIC Alert.

Email Fraud Alert – June 9, 2010

The First wants you to be aware of an email-based scam that attempts to collect confidential and financial information. These scams are often referred to as “phishing.”

A phishing email has been sent out that fraudulently states that your account is being blocked and that you are required to update or verify your account information by clicking a link that takes you to a fake login site. Do not click the link in the email as the website you are taken to is not a website of The First, but rather a fraudulent website made to look like the Online Banking login page.

The First does not:

  • Send emails regarding account deactivation, account lockouts, or other problems.
  • Send emails asking you to provide, update or verify your personal, business, account or other confidential information.

What to Do if you entered information on the Fraudulent Site:

If you have entered personal information after clicking on the link or suspect fraudulent behavior, please call us immediately at (215) 860-9100 or contact your local branch. If you have received a fraudulent email, please forward it to onlinebankingmanager@fnbn.com. Please do not remove the original subject line, or change the email in any way when you forward it to us.

The First National Bank and Trust Company of Newtown’s Public Website Defaced – May 5, 2010

Between approximately 7:30 pm and 10:00 pm on Wednesday, May 5th our public website that is hosted at our Internet service provider was defaced by a hacker. The website displayed a message that said “Hacked By GhoST61″ and a picture of the first President of Turkey. This did not infect our secure online banking server which is housed at the bank. Customers saw the “hacked” message after they exited from Online Banking and were directed back to our public website or by visit our public website directly. There was no account information compromised during the incident as the secure server which contains that information was not penetrated. Likewise the screen that customers saw did not indicate that there is anything wrong with their computers. The defacing did not transmit a virus or any malicious software onto any customer’s computer.
We apologize for the concern and inconvenience that this caused our customers. If you have any further questions, feel free to contact the Online Banking Manager at 215-579-3415.

Haitian Earthquake Relief Scams – January 14, 2010

The Federal Bureau of Investigation has posted a warning regarding possible Haitian earthquake relief scams. The FBI reminds internet users who receive appeals to donate money in the aftermath of Tuesday’s earthquake in Haiti to apply a critical eye and do their due diligence before responding to those requests. Past tragedies and natural disasters have prompted individuals with criminal intent to solicit contributions purportedly for a charitable organization and/or a good cause. Therefore, before making a donation of any kind, consumers should adhere to certain guidelines, to include the following:

  • Do not respond to any unsolicited (spam) incoming e-mails, including clicking links contained within those messages.
  • Be skeptical of individuals representing themselves as surviving victims or officials asking for donations via e-mail or social networking sites.
  • Verify the legitimacy of nonprofit organizations by utilizing various Internet-based resources that may assist in confirming the group’s existence and its nonprofit status rather than following a purported link to the site.
  • Be cautious of e-mails that claim to show pictures of the disaster areas in attached files because the files may contain viruses.
  • Only open attachments from known senders. Make contributions directly to known organizations rather than relying on others to make the donation on your behalf to ensure contributions are received and used for intended purposes.
  • Do not give your personal or financial information to anyone who solicits contributions: Providing such information may compromise your identity and make you vulnerable to identity theft.

Anyone who has received an e-mail referencing the above information or anyone who may have been a victim of this or a similar incident should notify the IC3 via www.ic3.gov.

New Text Message Scam

Customers have reported getting text messages from someone claiming to be from the bank. The text message requests that personal banking information be texted back to the alleged bank representative. The First does not send text messages to customers. Please do not give out any information via text messaging.

New Credit Card Scam

The callers do not ask for your card number; they already have it. This information is worth reading. By understanding how the VISA & Master Card Telephone Credit Card Scam works, you’ll be better prepared to protect yourself.

One of our employees was called on Wednesday from ‘VISA’, and I was called on Thursday from ‘Master Card’.. The scam works like this: Caller: ‘This is (name), and I’m calling from the Security and Fraud Department at VISA. My Badge number is 12460. Your card has been flagged for an unusual purchase pattern, and I’m calling to verify. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a Marketing company based in ?’

When you say ‘No’, the caller continues with, ‘Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?’

You say ‘yes’. The caller continues – ‘I will be starting a Fraud investigation. If you have any questions, you should call the 1- 800 number listed on the back of your card (1-800 -VISA) and ask for Security.’

You will need to refer to this Control Number. The caller then gives you a 6 digit number. ‘Do you need me to read it again?’

Here’s the IMPORTANT part on how the scam works. The caller then says, ‘I need to verify you are in possession of your card’. He’ll ask you to ‘turn your card over and look for some numbers’. There are 7 numbers; the first 4 are part of your card number, the next 3 are the security Numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the 3 numbers to him. After you tell the caller the 3 numbers, he’ll say, ‘That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?’ After you say No, the caller then thanks you and states, ‘Don’t hesitate to call back if you do, and hangs up.

You actually say very little, and they never ask for or tell you the Card number.. But after we were called on Wednesday, we called back within 20 minutes to ask a question.. Are we glad we did! The REAL VISA Security Department told us it was a scam and in the last 15 minutes a new purchase of $497.99 was charged to our card.

Long story – short – we made a real fraud report and closed the VISA account. VISA is reissuing us a new number. What the scammers want is the 3-digit PIN number on the back of the card Don’t give it to them. Instead, tell them you’ll call VISA or Master card directly for verification of their conversation. The real VISA told us that they will never ask for anything on the card as they already know the information since they issued the card! If you give the scammers your 3 Digit PIN Number, you think you’re receiving a credit. However, by the time you get your statement you’ll see charges for purchases you didn’t make, and by then it’s almost too late and/or more difficult to actually file a fraud report.

FBI Warns of Rise in Phone-Based Scams

New threat: Phishing attempts that ask the victim to call their bank to reactivate a credit card, then provide a false phone number.
With consumers finally getting wise to phishing attacks, scammers are hitting the phones.

The U.S.. Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) warned Thursday that so-called “vishing” attacks are on the rise. These are scams where criminals send an e-mail or text message to a victim, saying there has been a security problem and the victim needs to call his or her bank to reactivate a credit or debit card.

“Upon calling the telephone number, the recipient is greeted with ‘Welcome to the bank of …’ and then [is] requested to enter their card number in order to resolve a pending security issue,” the IC3 said in its alert.

In the past few years, inexpensive VoIP (Voice over Internet Protocol) technology and open-source call-center software has made it inexpensive for scammers to set up phony call centers, paving the way for these new types of scams. Security experts say that vishing can be more effective than traditional phishing techniques — which direct victims to fake Web sites — because the voice-based attacks have not been as widely publicized.

A new vishing scam involves sending text messages to cell phones, instructing victims to contact the fake online bank to renew their accounts, the IC3 said.

Those who are unsure whether they have been targeted by this scam should look up the bank’s phone number and call the bank directly, the IC3 advises.

Operated in partnership with the FBI and the National White Collar Crime Center, the IC3 is a clearing house for Internet crime complaints.

Pretext Calling and Identity Theft.

Pretext calling is a fraudulent means of obtaining an individual’s personal information. Pretext callers may contact financial institution employees, posing as their customers, in order to access customers’ personal account information. These callers may also contact consumers at home, posing as employees from a financial institution. Information obtained from pretext calling may be sold to debt collection services, attorneys, and private investigators for use in court proceedings. Identity thieves may also engage in pretext calling to obtain personal information for use in creating fraudulent accounts.

Steps you should take to protect yourself against identity theft and pretext calling include:

Do not give personal information, such as account numbers or social security numbers, over the telephone, through the mail, or over the Internet unless you initiated the contact or know with whom you are dealing.

Store personal information in a safe place and tear up old credit card receipts, ATM receipts, old account statements, and unused credit card offers before throwing them away.

Protect your PINs and other passwords. Avoid using easily available information like your mother’s maiden name, your birth date, the last four digits or your social security number, your phone number, etc.

Carry only the minimum amount of identifying information and the number of credit cards that you need.

Pay attention to billing cycles and statements. Inquire of the bank if you do not receive a monthly bill; it may mean the bill has been diverted by an identity thief.

Check account statements carefully to ensure all charges, checks, or withdrawals were authorized.

Guard your mail from theft. If you have the type of mailbox with a flag to signal the box contains mail, do not leave bill payment envelopes in your mailbox with the flag up. Instead, deposit them in a post office collection box or at the local post office. Promptly remove incoming mail.

Order copies of your credit report from each of the three major bureaus once a year to ensure they are accurate. (A fee may apply)
If you prefer not to receive pre-approved offers of credit, you can opt out of such offers by calling 1-888-5-OPT OUT.

If you want to remove your name from many national direct mail lists, send your name and address to:

DMA Mail Preference Service

P.O. Box 9008

Farmingdale, NY 11735-9008

If you want to reduce the number of telephone solicitations from many national marketers, send your name, address and telephone number to:

DMA Telephone Preference Service

P.O. Box 9014

Farmingdale, NY 11735-9014

Banking Department Urges Caution when Cashing Cashier’s Checks from People You Don’t Know

There have been an increasing number of Pennsylvanians reporting that they are being defrauded by counterfeit cashier’s checks.
In general, the fraud unfolds like this: A consumer is part of a fairly large financial transaction with someone who generally says that they live outside of the United States. The types of transactions that have been reported include payments for large items purchased through online auctions, deposits for apartments, and fees for nanny services, for example.

The so-called “buyer” sends an official-looking cashier’s check to pay for the service. The consumer, then, takes the check to the bank and cashes it.

There are two ways the scam can unfold: In the first, the buyer sends a check for well over the amount of the purchase (with some excuse about why) and asks the consumer to immediately refund the difference once they’ve cashed the check. In the second, the buyer waits a day or two (but only a very short time) and makes some excuse for canceling the transaction and asks the consumer to wire all of the money back.

A similar scam suggests that the consumer has ”won” a lottery or other prize but must send some of the proceeds of the check back for some specific reason, like processing or taxes.

The counterfeit cashier’s checks are such good reproductions that they’re difficult to spot, even by experienced financial professionals. Despite the fact that the consumer’s bank cashes the check, it will not be honored when the bank presents it to the ”issuing” institution for payment. The bank then, requires the consumer to return the funds.

The problem is that, by the time the fraudulent check works its way through the banking system (which can sometimes take more than 30 days), the con-artist has already taken the consumer’s money.

You can protect yourself by:

  • understanding that when cashing a cashier’s check, even though the bank has provided you with the money, you are responsible for the funds until your bank has received the proceeds from the institution which originally issued the check
  • being cautious of transactions with people you don’t know who purchase items via cashier’s check
  • avoiding any situation where someone pays more than the purchase price of an item and demands that the extra money be returned
  • being suspect of any cashier’s check that just shows up in the mail, especially if it has a ”congratulations” letter attached
  • holding any funds provided by cashier’s check from someone you don’t know for 30 – 45 days before using those fund, especially when you have any sense that the transaction is out of the ordinary

If you believe that you’ve been the victim of this type of scam, please call the Pennsylvania Attorney General’s office at (800) 441-2555, the U.S. Secret Service at (202) 406-5850, or the Pennsylvania Department of Banking at (800) PA BANKS.

FBI Fraud Alert Questionnaire

The First encourages you to review this questionnaire about Fraud Scams. If you have any questions or can answer yes to any of the questions, please call us at one of our branches. Click here to see the questionnaire.

Fraudulent Emails Requesting Personal Information

Recently, many Americans have received a series of fraudulent e-mails, which direct recipients to websites where they are asked to verify sensitive personal information. The e-mails claim that the individual’s personal information is necessary to assist in the fight against terrorism or for some other purpose supposedly required by law. These e-mails are purportedly sent from several government agencies or include content related to government agencies including the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Securities Investor Protection Corporation and others. The websites to which the email recipients are directed are often very similar to, if not actual clones of official government sites.

The fraudulent e-mails are part of a scam known as “phishing.” Phishing is the fraudulent scheme of sending an e-mail to a user falsely claiming to be a legitimate company. The email attempts to con the user into surrendering private information that could later be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as name, account and credit card numbers, passwords, social security numbers and other information. The Web site, however, is bogus and set up only to steal the user’s information.

As part of the Treasury Department’s efforts to fight identity theft, we want to assure Americans that federal financial agencies do not communicate with consumers by e-mail requesting important personal information such as your name, account numbers, date of birth and social security number.

Consumers can protect themselves from this latest identity theft scam by following these useful tips, which were developed by the Federal Trade Commission:

  • If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or Web site address you know to be genuine.
  • Avoid emailing personal and financial information. Before submitting financial information through a Web site, look for the “lock” icon on the browser’s status bar. It signals that your information is secure during transmission.
  • Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
  • Report suspicious activity to the FTC. Send the actual spam to uce@ftc.gov. If you believe you’ve been scammed, file your complaint at www.ftc.gov, and then visit the FTC‘s identity theft web site (www.ftc.gov/idtheft) to learn how to minimize your risk of damage from identity theft.

The Treasury and federal financial regulators are working hard to combat identity theft including the use of new tools in legislation recently signed by President Bush. But all consumers must take reasonable precautions in the use of their personal financial information in order to help prevent themselves from becoming victims of identity thieves.

ATM Safety Tips: When Using An ATM

  • Be aware of your surroundings, particularly at night.
  • Consider having someone accompany you when using the ATM after dark.
  • If you observe or sense suspicious persons nearby, do not use the ATM at that time. Or, if you are in the middle of a transaction, cancel the transaction. Leave the area and come back another time or use an ATM at another location.
  • If you are approached by any person who asks you to do them a “favor” or tries to draw you into conversation, cancel your transaction and leave the area. Report the incident to us as soon as possible.
  • When using the ATM at night, park close to the ATM in a well-lighted area and always lock your car.
  • If the lights on or around an ATM are not working, don’t use it. Report it to us the next day.
  • If you are using another financial institution’s ATMs and shrubs or trees block the view, select another ATM.
  • If you are using a drive-up ATM, be sure passenger windows and doors are locked.
  • To keep your account information confidential, always take your receipts with you.
  • Don’t display any cash. As soon as you complete the transaction, pocket the money and count it later.
  • Report all crimes to the police immediately.
  • If your card is lost or stolen, report it to us immediately. Call 215-579-3400 Monday-Friday 8:30 am to 5:00 pm or 800-236-2442 after business hours.
  • Be careful not to reveal your secret code (PIN). When you punch it in, use your body to “shield” the keyboard. Don’t carry your personal identification number with your card, and never attach it to your card.
    Copyright © 1992 Bankers’ Hotline.
    Originally appeared in Bankers’ Hotline, Vol. 2, No. 11, 2/92

If you have any questions about these security and fraud alerts, please feel free to contact the bank at 215-860-9100.