There appears to be a new phishing attack that uses a spoofed address from JHA (Jack Henry).

A spoofed address means that the sender is forging an
email address usually to pretend it’s from a trusted resource.

This attack includes a zip file that could include ransomware. The current reports say that the email references “Your Online Electricity Bill” but this could change as the attack continues. It could use any common bill payee.

Please use caution when opening any email attachment, especially those that you aren’t expecting. When possible, always go directly to a website to log in and don’t use links inside of emails, which can subtly misdirect you.

Cyber Monday promises a ton of deals for the savvy shopper. Scammers know this and they are ready with emails to flood your inbox with false promises.

Before you click on that amazing deal you see in your inbox, make sure you’re going to a legitimate page. Do this by hovering over the link and looking at the destination URL that shows. It should take you to the main site for that business. Here are two that don’t!

Question the great deals you see to make sure you’re getting what you what from the actual business to stay safe from scams during the holidays and after!

Happy Real Deal Finding!

We have learned of recent phishing emails related to the Target breach. The emails look like they are from Target and play on the fears of the public that they may have had their card compromised. Please proceed with caution if you receive an e-mail from Target. You should NOT OPEN any links that may be included in these emails as that could potentially allow additional access to your personal information. Target plans to post any and all emails to their breach-related site so its customers will know the difference between valid emails and phishing emails.

Special Alert

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that “in cooperation with the Department of Homeland Security, federal, state and local governments…” the FDIC has withdrawn deposit insurance from the recipient’s account “due to account activity that violates the Patriot Act.” It further states deposit insurance will remain suspended until identity and account information can be verified using a system called “IDVerify.” If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient’s computer.

This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.

The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

For your reference, FDIC Special Alerts may be accessed from the FDIC’s Web site at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

Distribution: FDIC-Supervised Banks (Commercial and Savings)

Note: Paper copies of FDIC Special Alerts may be obtained through the FDIC’s Public Information Center, 877-275-3342 or 703-562-2200.