Beware the false sense of urgency many phishing attacks cause.

The ongoing PayPal attack sends emails camouflaged as ‘unusual activity’ alerts warning you of suspicious logins from unknown devices. This campaign attempts to gather all your credentials and financial info. The newest phishing attack and how it works is explained here.
The following information is taken from the linked site.

PayPal lists the following signs you can look for to identify phishing messages easier:

• Impersonal, generic greetings are used; such as “Dear user” or “Dear [your email address]”
• Asks you to click on links that take you to a fake website
• Contains unknown attachments
• Conveys a false sense of urgency
• “Your account is about to be suspended,” “You’ve been paid,” or “You have been paid too much” warnings

Customers who have spotted a phishing message in their inbox posing as an official email sent by PayPal are asked to report it as soon as possible by forwarding it spoof@paypal.com and to delete it as soon as possible.

As always, the safest way to get to a site is to write the address of the site manually in the web browser or use a previously created bookmark if available to avoid being redirected to sites designed to collect your info or infect your computer with malware.

It’s human nature to use the shortcuts provided to us. The criminal element is getting better at recognizing that and using it to their advantage.

One of the best things you can do when going to a site where you need to identify yourself, is to type out the URL. Avoid clicking on links in an email or text messages.

If it isn’t already second nature, start building the habit of looking at the URL critically before clicking on a link. Hovering your mouse cursor over a link should show you where the link will take you.

• For the ELGA site, is ELGA spelled correctly?
• Is it where you thought you were going?

Remember: the official URL for the main ELGA website is www.ELGACU.com

If there is anything about the link that feels off to you, don’t click the link and don’t input information about yourself on the site.

Remember that your identity and personal information is valuable and there are those who will try and trick you. Don’t give them the chance.

There appears to be a new phishing attack that uses a spoofed address from JHA (Jack Henry).

A spoofed address means that the sender is forging an
email address usually to pretend it’s from a trusted resource.

This attack includes a zip file that could include ransomware. The current reports say that the email references “Your Online Electricity Bill” but this could change as the attack continues. It could use any common bill payee.

Please use caution when opening any email attachment, especially those that you aren’t expecting. When possible, always go directly to a website to log in and don’t use links inside of emails, which can subtly misdirect you.

Cyber Monday promises a ton of deals for the savvy shopper. Scammers know this and they are ready with emails to flood your inbox with false promises.

Before you click on that amazing deal you see in your inbox, make sure you’re going to a legitimate page. Do this by hovering over the link and looking at the destination URL that shows. It should take you to the main site for that business. Here are two that don’t!

Question the great deals you see to make sure you’re getting what you what from the actual business to stay safe from scams during the holidays and after!

Happy Real Deal Finding!

We have learned of recent phishing emails related to the Target breach. The emails look like they are from Target and play on the fears of the public that they may have had their card compromised. Please proceed with caution if you receive an e-mail from Target. You should NOT OPEN any links that may be included in these emails as that could potentially allow additional access to your personal information. Target plans to post any and all emails to their breach-related site so its customers will know the difference between valid emails and phishing emails.

Special Alert

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that “in cooperation with the Department of Homeland Security, federal, state and local governments…” the FDIC has withdrawn deposit insurance from the recipient’s account “due to account activity that violates the Patriot Act.” It further states deposit insurance will remain suspended until identity and account information can be verified using a system called “IDVerify.” If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient’s computer.

This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.

The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

For your reference, FDIC Special Alerts may be accessed from the FDIC’s Web site at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

Distribution: FDIC-Supervised Banks (Commercial and Savings)

Note: Paper copies of FDIC Special Alerts may be obtained through the FDIC’s Public Information Center, 877-275-3342 or 703-562-2200.