eBay Asks 145 Million Users to Change Passwords After Data Breach

alert-resized-600Online commerce giant, eBay, recently asked users to change their passwords after hackers stole encrypted passwords and other personal information, including names, e-mail addresses, physical addresses, phone numbers and dates of birth.

The data breach occurred between late February and early March 2014, according to a press statement posted on the company’s website.

The company stated that Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network. The company is currently working with law enforcement and security experts to investigate the breach and has not noticed any fraudulent activity related to the incident. eBay discovered the breach in early May, meaning it went unnoticed for about a month. The company spent a few weeks investigating the incident before disclosing it to the public.

Here’s what you need to know:

  • The company is asking all of its 145 million active users to change their passwords as a “precautionary measure,” but is not sure how many accounts were compromised in the breach.
  • No financial information, including credit card numbers, were stolen.
  • Paypal information was also safe because it was encrypted and stored on a different network.
  • Users that use their eBay password elsewhere should immediately go change that password on other sites – especially their e-mail.

It is important that users heed eBay’s request to change their passwords because the hackers may eventually be able to break the encryption that secures them.

Don’t wait until it’s too late! Check out First Financial’s ID Theft Protection products – with our Fully Managed Identity Recovery services, you don’t need to worry. A professional Recovery Advocate will do the work on your behalf, based on a plan that you approve. Should you experience an Identity Theft incident, your Recovery Advocate will stick with you all along the way – and will be there for you until your good name is restored and you can try it FREE for 90 days!*

Our ID Theft Protection options may include some of the following services, based on the package you choose to enroll in: Lost Document Replacement, Credit Bureau Monitoring, Score Tracker, and Three-Generation Family Benefit. To learn more about our ID Theft Protection products, click here and enroll today!**

*Available for new enrollments only. After the free trial of 90 days, the member must contact the Credit Union to opt-out of ID Theft Protection or the monthly fee of $4.95 will automatically be deducted out of the base savings account or $8.95 will be deducted out of the First Protection Checking account (depending upon the coverage option selected), on a monthly basis or until the member opts out of the program. **Identity Theft insurance underwritten by subsidiaries or affiliates of Chartis Inc. The description herein is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions.

Article source courtesy of Andrea Peterson of the Washington Post.

Important Alert: Card Cracking Scam Targets Students

scamCash-strapped college students are being recruited to participate in a scam
referred to as “card cracking.” Using ATM/debit cards and PINs willingly provided by the students, fraudsters deposit fraudulent checks to the students’ accounts. The funds are subsequently withdrawn by the fraudsters with the students receiving a portion of the funds for their participation.

Details
The “card cracking” scam was reported to originate in Chicago and generally targeted college students who were recruited through social media sites including Facebook, Instagram and YouTube. Participants were even recruited in-person at college campuses. The sales pitch is to allow the fraudster to deposit a check to a student’s account and withdraw the funds for which the student receives half of the proceeds for agreeing to participate. This scam is now being reported nationwide.

Willing participants provide the fraudsters with their ATM/debit cards and PINs. The fraudsters deposit fraudulent checks (stolen or counterfeit checks) to the student accounts via ATMs and subsequently withdraw the funds. Their proposition is simple: If you provide me with access to your account so I can deposit a check and withdraw the money, I will provide you with half of the proceeds.

After initial contact is made, the scammer arranges to meet up with the student to retrieve the debit card and corresponding PIN. The deposit is made, the money is withdrawn and then the fraudulent checks were subsequently returned unpaid and charged back to the students’ accounts. Following the fraudsters’ instructions, the participants report their ATM/debit card as lost or stolen and that the transactions were fraudulent.

The participants may not be entitled to protection under Regulation E (Reg E) for
unauthorized use of their ATM/debit card since they willingly provided their card to the
fraudsters which contains an exclusion to the definition of unauthorized
electronic fund transfer:

Unauthorized electronic fund transfer means an electronic fund transfer from a consumer’s account initiated by a person other than the consumer without actual authority to initiate the transfer, and from which the consumer receives no benefit. The term does not include an electronic fund transfer initiated by a person who was furnished access to the consumer’s account by the consumer, unless the consumer has notified their financial institution that transfers by that person are no longer authorized.

This is a huge risk – especially for students who may have large amounts going through their accounts from loans, scholarships and tuition reimbursements.

“Even though the students might be considered victims, authorities point out that providing their debit cards to someone else is a crime,” the Sun-Times of Chicago says.

There’s an easy solution: Never share your account information, debit card or PIN! 

Here are some other safety tips you should keep in mind:

  • Always verify the identity of the person trying to obtain personal information.
  • Never give personal information to someone over the phone or via email. Personal information includes: Birth dates, social security numbers, maiden names, addresses, bank account numbers, debit/credit card numbers, PIN numbers, etc.
  • Maintain a record of the phone call or solicitation. Write down the phone number that the person is calling from, the time and date they called, the caller’s name, and reported affiliation. If it was online, save a copy of the email conversation or advertisement.
  • If it sounds too good to be true, it probably is.
  • If you believe you may be a victim of fraud call your local police department so authorities can be alerted to the activity. You can also report email or internet scams to the Internet Crime Complaint Center (IC3) by going online to http://www.ic3.gov.

Check out First Financial’s ID Theft Protection products – with our Fully Managed Identity Recovery services, you don’t need to worry. A professional Recovery Advocate will do the work on your behalf, based on a plan that you approve. Should you experience an Identity Theft incident, your Recovery Advocate will stick with you all along the way – and will be there for you until your good name is restoredTo learn more about our ID Theft Protection products, click here and enroll today!*

Click the links to view more information from the original article sources: Yahoo Finance, Explorer News and CUNA Mutual Group.

*Identity Theft insurance underwritten by subsidiaries or affiliates of Chartis Inc. The description herein is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions.

Important Vishing Scam Alert – March 2014

alert-resized-600Vishing calls originating from (410) 768-7599 are being made via automated dialer to random telephone numbers. Vishing or Voice phishing is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward.

SCAM DETAILS

  • Calls are automated and a recorded message warns that there is a very important matter to discuss that involves a lower interest rate on a credit card. Victims are encouraged to press 1 to speak to a representative.
  • Callers who press 1 are directed to a call center operator/fraudster.
  • The operator who answers the call has a very heavy accent and at no time asks the victim what their name is or where they live. Operators focus on collecting payment card expiration dates and the last 12 digits of the victim’s payment card.
  • Card issuer brands are never mentioned.

BEST PRACTICES

  • Please do not call the potentially fraudulent number. Law enforcement and local communication companies may be in the middle of an investigation that will be compromised if the fraudsters become suspicious.

If you receive any suspicious calls from this phone number, do not call it back – please contact us immediately at 866.750.0100 so we can report the scam. Due to an increase in these vishing scams, it is important to be cautious if you receive any calls from unknown numbers or area codes. If you have any additional questions or concerns, please give us a call or email us at info@firstffcu.com. Thank you for being a valued member of First Financial.

*Article source courtesy of FICO Alert Bulletin 14.03.

A Message for Members Regarding Account Security Following the Target Data Breach

alert-resized-600The recent data breach announced by Target at its stores in the U.S. between November 27 and December 15 has created a high number of inquiries from First Financial members regarding the security of their credit and debit card accounts.

We want to assure members that your accounts with us are monitored 24/7 by an experienced team of security professionals for any suspicious or potentially fraudulent activity. First Financial employs the most advanced fraud detection and prevention technology to guard members’ credit and debit accounts against unauthorized access and use. Here’s a quick update for your peace of mind:

  • We are aware of the accounts that are known to have been used at Target stores on the dates noted above and we are watching the activity on these accounts closely.
  • Our member service contact centers are experiencing unusually high call volume as a result of this breach and the coverage it has received in the media. Unless you see any suspect transactions on your First Financial credit or debit accounts, there is no need to call.
  • If our security team observes any unusual activity on member accounts, we will contact members immediately to determine whether the transaction activity is legitimate and authorized.
  • It is also a good practice for members to keep a watchful eye on their accounts and transactions and look for any unauthorized activity or purchases.

We will continue to monitor all members’ accounts for suspicious activity. If you have any additional questions or concerns, please give us a call at 866.750.0100 or email us at info@firstffcu.com. Thank you for being a valued member of First Financial.

Warning: Record Breaking Phishing Attack Attempts

phishing-scammerResearchers at Kaspersky Lab have documented a drastic increase in the number of web users who have been “subjected” to phishing attacks over the past year, according to a new report.

The Moscow-headquartered security firm found that 37.3 million people faced the prospect of being phished in 2012 to present day, an 87 percent increase over the same period between 2011 and 2012.

In its “The Evolution of Phishing Attacks” study, Kaspersky Lab studied threats faced by roughly 50 million customers running its security products.

For several years, Kaspersky researchers have been warning that phishing is the preferred method of online criminals to steal information and foist malware – almost always with the goal to profit – but the mechanisms to automate the process are becoming even more rapidly automated and commercialized with each passing year.

“The nature of phishing attacks is such that the simplest types can be launched without any major infrastructure investments or in-depth technological research,” the report said. “This situation has led to its own form of commercialization of these types of attacks, and phishing is now being almost industrialized, both by cyber criminals with professional technological skills and IT dilettantes.”

Phishing can be spread in various ways, with most attacks (89 percent) appearing in the browser, versus email (11 percent), the report states.

“Phishers use several different methods to trick their potential victims,” the report said. “In addition to the obvious need to create a detailed copy of a website that will be used to attack the victim, the criminals also prepare their cover story by using similar website URLs, replacing one or several characters in the name of the website, or using recognizable website names in the sub-domains.

“If the delivery channel for a phishing link is email or electronic documents (.doc, .odf, or others), malicious users will often resort to the hyperlink features typically available in most text editors and email clients,” the report added. “In this case, the text of the email or document will display the link to the real site, but the link will actually lead to the website created by the malicious users.”

As expected, popular brands like Google, Amazon and Facebook are common brands that are abused by phishing attacks, as well as banks and other financial institutions, according to the study. Most of the scams targeted users in Russia, the United States, India, Vietnam and the U.K.

Please be sure to monitor your personal information and be cautious of the sites you provide with your financial information. If you notice any fraudulent or suspicious activity on any of your First Financial accounts, contact us by calling 866.750.0100, e-mailing info@firstffcu.com or stopping into any one of our branches.

To protect yourself and your loved ones from identity theft, enroll in First Financial’s new ID Theft Protection products today!  Our products provide you with a professional Recovery Advocate who will do the work on your behalf, based on a plan that you approve. Should you experience an Identity Theft incident, your Recovery Advocate will stick with you all along the way – and will be there for you until your good name is restored. First Financial’s ID Theft Protection products include features such as lost document replacement, credit bureau monitoring, score tracker, and more.  For more details or to get started click here.

*Click here to view the article source.

Firefox 22 Upcoming Changes for Online Banking Users

alert-resized-600Mozilla announced recently that upcoming versions of their Firefox web browser will be changed to block third party cookies.  This will be the default action when you upgrade to the latest versions. This move is similar to the default action of the Safari browser to also block third party cookies. While Firefox has always had the ability to block third party cookies, this change will become a default setting in Firefox 22.

Many electronic financial services sites like First Financial’s online bill pay, require the use of third party cookies to function properly. Please be aware that this change by Mozilla may impact your online banking and bill pay abilities to enroll in or to access First Financial’s sites if/when you upgrade your browser to Firefox 22. The new feature should not immediately interfere with your existing browsing, as you will need to clear your browser’s cookies first for it to take effect.

If access issues arise, you should first manually change your browser privacy settings to allow third party cookies or call us at 866-750-0100 if the problem persists.