Security

Information on Identity Theft- http://www.ftc.gov/bcp/edu/microsites/idtheft/

Security Update!

Malware Targets Bank Accounts- 1/6/2012

Cyber criminals have found yet another way to steal your hard-earned money: a recent phishing scheme involves spam e-mails—purportedly from the National Automated Clearing House Association (NACHA), the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC)—that can infect recipients’ computers with malware and allow access to their bank accounts.

The malware is appropriately called “Gameover” because once it’s on your computer, it can steal usernames and passwords and defeat common methods of user authentication employed by financial institutions. And once the crooks get into your bank account, it’s definitely “game over.”

Gameover is a newer variant of the Zeus malware, which was created several years ago and specifically targeted banking information.

 

Fraudulent E-mail – 12/29/2011

Weymouth Bank has been informed of numerous reports of a fraudulent e-mail that has the appearance of being sent from FDIC. While the e-mail exhibits variations in the "From" and "Subject" lines, the messages are similar. The body of the message reads, "Recent changes in the Federal Deposit Insurance Corporation insurance coverage. During the period from December 31, 2010 to December 31, 2012 all the money in a noninterest-bearing transaction account are fully insured by the Federal Deposit Insurance Corporation. Please note, that this is a temporary measure besides the Federal Deposit Insurance Corporation's general rules. The term "noninterest-bearing transaction account" includes a usual checking account or demand deposit account on which no interest is paid by the insured depository institution."

A hyperlink is provided (the web addresses vary widely) to a site that claims to provide more details of temporary FDIC coverage for transaction accounts. This e-mail and link are fraudulent. This is an attempt to collect personal or confidential information or to load malicious software. Customers are advised to not click on the link provided.


AUTOMATED PHONE MESSAGE ATTACK IN PROGRESS

A Financial Institution reported that they are under an automated message attack. Pre-recorded phone messages are being delivered to random consumers with the warning that their debit cards have been closed. When the consumers call the telephone number provided by the fraudsters they hear a recording that requests a 16-digit card number and PIN.

 

PLEASE CALL US IMMEDIATELY WITH THE PHONE NUMBER AND DO NOT ENTER ANY INFORMATION.

 

As a community bank; we would never use an automated system to contact you, our customer. We would never initiate a call to a customer seeking this type of information. If you do receive any kind of call stating you have a problem with the bank, or any regulator like the FDIC, please get the name and number of the person calling you, hang up and immediately call our security officer at 781-337-8000.

 

 

Updated 07/01/2011

 

Fake IRS spam campaign pushing Zeus bot.There is a large scale spam campaign underway in which attackers use fairly well-crafted e-mails that appear to come from the IRS to infect victims with the Zeus bot. The attack has been ongoing for a couple of weeks and researchers said that although the attackers have taken some precautions to prevent analysis of the sites and malware being used, they also made some key mistakes. The Zeus-laden fake IRS e-mails have been making the rounds since mid-June. The subject line typically says, "Federal Tax payment rejected" or "Your IRS payment rejected", and the sender's address is spoofed to include the irs.gov domain. The body of the e-mails often have some spelling and grammatical errors and include a link to a PDF file. That file directs the victim to a download that will drop the Zeus binary on his or her machine.

 

DATA BREACH AT EPSILON

Epsilon, an online marketing unit of Alliance Data Systems Corp., announced April 1 that an outside intrusion had hacked into some of its customer files. Epsilon sends e-mail campaigns and offers to consumers who register for a company's website or who give their e-mail addresses while shopping. Epsilon sends more than 40 billion e-mails annually and also runs loyalty programs for credit card users.

It is important to know that we do not use any services from Epsilon, nor their parent company Alliance Data Systems.  However, you may have been exposed from a variety of othere shopping and banking sites.

Hackers were able to download the e-mail addresses from the Epsilon Servers.  Please be aware that they may have your e-mail address and you could be targeted for phishing attacks.  As stated below, use caution and never respond to an e-mail that asks for the following information:

 Call the company requesting the information using their published number, not the number that is in the e-mail.  Always protect your non-public information.