We will be CLOSED September 07,2015 in observance of Labor Day

Online Education Center

New Online Scams that Impersonate Government Agencies



11/16/11 Office of the Comptroller of Currency (OCC)

The Office of the Comptroller of the Currency (OCC) has been informed that the above-mentioned Web site, "helpwithmybank.com," is attempting to masquerade as the legitimate Web site, "helpwithmybank.gov," and contains potentially damaging malware. The illegitimate site redirects the user to the legitimate site "helpwithmybank.gov" in an attempt to convince users that they are connecting to a legitimate site. Attempts to connect to the fake Web site could expose the user to harmful malware.

09/15/11 Federal Deposit Insurance Corporation (FDIC)

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a
fraudulent e-mail that has the appearance of being sent from the FDIC.

The e-mails appear to be sent from various "@fdic.gov" e-mail addresses, such as "insurance@fdic.gov," "subscriptions@fdic.gov," "alert@fdic.gov," or accounts@fdic.gov.

The e-mails have subject lines, such as: "FDIC: Your business account;" "FDIC: About your business account;" "Insurance coverage of your business account;" or something similar.

The e-mails are addressed to "Dear Business Owner," and state, "We have important news regarding your bank." They then ask recipients to "Please click here to find details." They conclude with, "This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership."

This e-mail and link are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should not click on the link provided.

The FDIC does not issue unsolicited e-mails to consumers or business account holders.

1/1/12 Scams Involving the Federal Reserve Name

The Federal Reserve Bank of New York is aware of an ongoing scam that involves fraudsters claiming to be from the Federal Reserve (sometimes using the name James Carter) contacting the public through unsolicited phone calls or emails regarding a fictitious $7000 federal grant. In most instances regarding this scam, the fraudsters require the victims to wire a certain sum of money (via Western Union or Moneygram) in order to receive the fictitious grant. The victim is told this money is needed for an application fee, a charitable donation or a processing fee in order for the fictitious grant money to be released. After the victim wires these funds, the victim is contacted again and requested to wire additional money for one final fee in order to receive the fictitious grant money. Of course, the victims will never receive any grant money as this program does not exist.

Please note the Federal Reserve Bank of New York is NOT involved in any federal grant program. We urge the public to remain alert to fraudulent scams involving individuals who purport to be employees of the Federal Reserve Bank of New York. The Federal Reserve Bank of New York does not maintain grant money or any other type of funds / accounts for individuals.

09/13/2012 Fraudulent E-mails in Circulation

This message is to notify you of two fraudulent e-mails in circulation claiming to be from the FDIC. Please consider both to be fraudulent.

The first fraudulent email includes statements pertaining to the Bankruptcy Reform Act of 1978 and the Investor Protection Law under the Securities Act of 1933. The contact information claims to be fdic.gov@execs.com, and the area code of (646) is used is for the Washington Office. The FDIC does not have email addresses @execs.com and (202) is the area code for the Washington Office. A form, which is attached to the cover letter, purports to be an "FDIC Claimant Verification" form. It too is fraudulent.

The second fraudulent email claims to originate at support@fdic.gov and pertains to ACH transactions. The recipient is told that an ACH transaction has not been delivered; the recipient is requested to download the update via a link.

These e-mails are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails as an attempt to steal money or obtain personal or confidential information from the recipient. Recipients should NOT, under any circumstances, send funds as requested or provide any personal financial information. Also, please do not click on the links provided in the fraudulent emails, as this may load malicious software onto end users' computers. As a reminder, the FDIC does not send unsolicited emails to consumers or business account holders.

09/13/2012 Fraudulent E-mails in Circulation

This message is to notify you of two fraudulent e-mails in circulation claiming to be from the FDIC. Please consider both to be fraudulent.

The first fraudulent email includes statements pertaining to the Bankruptcy Reform Act of 1978 and the Investor Protection Law under the Securities Act of 1933. The contact information claims to be fdic.gov@execs.com, and the area code of (646) is used is for the Washington Office. The FDIC does not have email addresses @execs.com and (202) is the area code for the Washington Office. A form, which is attached to the cover letter, purports to be an "FDIC Claimant Verification" form. It too is fraudulent.

The second fraudulent email claims to originate at support@fdic.gov and pertains to ACH transactions. The recipient is told that an ACH transaction has not been delivered; the recipient is requested to download the update via a link.

These e-mails are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails as an attempt to steal money or obtain personal or confidential information from the recipient. Recipients should NOT, under any circumstances, send funds as requested or provide any personal financial information. Also, please do not click on the links provided in the fraudulent emails, as this may load malicious software onto end users' computers. As a reminder, the FDIC does not send unsolicited emails to consumers or business account holders.

04/10/2015 FBI Issues Wire Transfer Scam Alert

The FBI has issued an alert about a fraud scam known as "Business E-mail Compromise" targeting businesses that regularly make wire transfers to foreign companies.

Some victims have reported ransomware cyber-intrusions immediately before a scam starts, the FBI's Internet Crime Complaint Center says in its alert.

The fraudulent wire transfer payments are often sent to foreign banks and may be transferred several times, the FBI says. Banks located in China and Hong Kong are the most commonly reported ending destinations for the fraudulent transfers.

Between October 2013 and December 2014, the FBI's Internet Crime Complaint Center has received complaints from 1,198 U.S. victims and 928 non-U.S. victims of the scam. Total losses for U.S. businesses are $179 million; for businesses outside the U.S., the losses so far have totaled $35 million.

While the scam's tactics aren't new, they have nevertheless proven successful in enabling criminals to steal money, says John Buzzard, manager for products and fraud operations at FICO Card Alert Service. "E-mail compromises work because many business environments today rely so heavily on instant messenger and e-mail communication," he says. "People fall into an 'auto-pilot' mode that desensitizes their perceptions."

Certain variations of this scam have been going on for years, says John LaCour, CEO of online security firm PhishLabs. Those include social engineering attacks on wealth advisers and brokers in which the client is spoofed and the adviser/broker is tricked into sending funds belong to the client.

Variants

The victims of the latest scam include businesses of all sizes that purchase or supply a variety of goods, such as textiles, furniture, food and pharmaceuticals, the FBI says. Fraudsters will typically monitor and study their selected victims before initiating the scam.

In one version of the scam, a business that has a longstanding relationship with a supplier is asked to wire funds for invoice payment to an alternate, fraudulent account, the FBI says. The request is often made by telephone or e-mail. If an e-mail is received, the subject will spoof the e-mail request so it appears similar to a legitimate supplier's account and would take close scrutiny to determine it was fraudulent, according to the FBI.

Another version involves the compromise of e-mail accounts of high-level business executives, such as CFOs or CTOs. The account may be spoofed or hacked, and a request is then made for a wire transfer from the compromised account to a second employee within the company responsible for processing such requests, the FBI says. In some cases, a wire transfer from the compromised account is sent directly to a financial institution with instructions to urgently send funds to another bank.

A third version of the scam starts with an employee's e-mail account getting hacked. Once compromised, the fraudster will send requests to various vendors identified from the employee's contact list for invoice payments to fraudster-controlled bank accounts.

Business E-mail Compromise scams, according to the FBI:

  • Frequently target businesses and personnel using open source e-mail;

  • Often hone in on individuals responsible for handling wire transfers within a business;

  • Use spoofed e-mails to very closely mimicking a legitimate e-mail request;

  • Use fraudulent e-mail requests for a wire transfer that are well-worded, specific to the business being victimized, and do not raise suspicions to the legitimacy of the request.
  • Mitigation Steps

    The best way for organizations to repel these types of attacks is to launch anti-virus programs and deliver education to the workforce about security best practices, FICO's Buzzard says. "Human error plays a significant role on whether these scams proliferate or not," he says.

    Businesses also need to carefully monitor financial transactions, PhishLabs' LaCour says. "Balances should be checked daily, wire transfers must require two parties to be authorized and e-mail messages from executives requesting fund transfers should always be followed up with a telephone call."

    Another important step to prevent these fraud schemes is using biometric authentication to verify the identity of users requesting money transfers, says Avivah Litan, a fraud analyst at Gartner, who has advised clients on the scam. "It's not perfect, but you can get 97 percent plus accuracy rates," she says.

    Organizations can also communicate fund transfer requests using online portals that utilize strong fraud controls, rather than relying on e-mail, chat applications and phone calls, Litan adds.