Dollar Bank is committed to protecting your account and customer information. We will make sure you have what you
need to protect yourself. Sign up for our e-mail alerts and we will send you an alert when new information is posted.
Last Updated on: 10/20/14 4:37 PM
Monster banking Trojan botnet claims 500,000 victims
Date Posted: 10/20/14 4:37 PM
Security researchers have uncovered the infrastructure behind one of largest and most voracious banking Trojan networks uncovered to date.
The Qbot (aka Qakbot) botnet apparently infected 500,000 systems before sniffing "conversations" – including account credentials – for a whopping 800,000 online banking transactions. More than half (59 per cent) of sniffed sessions were reportedly from accounts at five of the largest US banks.
The researchers said online banking credentials for banks in Europe were also targeted by the Russian-speaking cybercrime group behind the scam, which was uncovered by email security outfit Proofpoint
The security firm said the attackers launched the assault from compromised WordPress sites using drive-by-download style attack tactics. Windows XP clients comprised 52 per cent of the infected systems in the cybercrime group’s botnet.
The cybercrime group also made money by selling access to compromised systems to other ne’er do wells. More details on the research can be found in Proofpoint report here
(registration required). ®
Information provided by: The Register - Monster banking Trojan botnet claims 500,000 victims
Dollar Bank offers Truseer Rapport free for all Dollar Bank customers. Trusteer Rapport will protect your computer from financial malware, including this Trojan. Click here to download Trusteer Rapport.
Phishing Scam: Solidwall Bank
Date Updated: 08/11/14 1:49 PM
The Office of the Comptroller of the Currency (OCC) has been informed that an entity titled “Solidwall Bank” is involved in a Web site spoofing and phishing scam. This entity has spoofed the Web site of a legitimate bank in Somerville, Massachusetts. The Solidwall Bank Web site, [www.solidwallf.com], replicates the following text found on the legitimate bank’s Web site in wording and appearance:
Contact Us (Bank Locations)
The Web site [www.solidwallf.com] was established in April 2014 in Lagos, Nigeria, and presents a telephone number of (414) 263-9615, which is an Internet-based telephone number registered to the unauthorized entity.
Consumers are receiving unsolicited e-mails of an urgent nature from the fictitious entity. The e-mails contain a hyperlink to the Solidwall Bank Web site, which is designed to harvest financial and personal information. Anyone receiving e-mails from this entity should not respond but rather report the incident to the following agencies:
Federal Trade Commission (FTC): by telephone at (877) FTC-HELP or, for filing a complaint electronically, via the FTC's Web site
National Consumers League (NCL): by telephone at (202) 835-3323 or by e-mail at National Consumers League (NCL)
. To file a fraud complaint, visit the NCL fraud Web site
Federal Bureau of Investigation Internet Crime Complaint Center (to report scams that may have originated via the Internet). Federal Bureau of Investigation Internet Crime Complaint Center
Additional information concerning this matter that should be brought to the attention of the Office of the Comptroller of the Currency (OCC) may be forwarded to
Mail: Office of the Comptroller of the Currency
Special Supervision Division
400 7th St. SW, Suite 3E-218; MS 8E-12
Washington, DC 20219
Phone: (202) 649-6450
Fax: (571) 293-4925
For additional information regarding phishing fraud, please visit the OCC’s Anti-fraud resources page
Information provided by: OCC Director for Enforcement and Compliance
The Office of the Comptroller of the Currency (OCC) charters and oversees a nationwide system of national banks and federal savings associations and assures that these banking institutions are safe and sound, competitive, and capable of serving the banking needs of their customers in the best possible manner. OCC Press releases and other information
. To receive OCC press releases and issuances by e-mail, click here to subscribe.
E-ZPass drivers warned about Phishing Scam
Date Posted: 07/15/14 3:19 PM
Drivers using the toll service are being targeted in a new scam.
E-ZPass Group, a toll collection program consisting of 25 agencies in 15 states, has issued a warning to customers concerning a Phishing scam that is posing as a collection notice. In a notice to customers,
E-ZPass stated that the messages being reported are not authorized communications, even if a person's account is behind on payments. If that happens to be the case, payment notices are invoiced and sent to the customer directly via the United States Postal Service.
"We advise you not to open or respond to such a message should you receive one," the E-ZPass warning stated.
The emails are coming from compromised WordPress installations, and have been sent in batches since July 8. The messages use the E-ZPass brand's colors (a bold purple that is present on all toll signs in the states were the service is used), and contain a subject related to driving on toll roads.
More than likely, the E-ZPass warning notes, the message is an attempt to steal sensitive information, including usernames, passwords, and financial data.
However, Gary Warner, Chief Technologist and Co-Founder of Malcovery, tested the Phishing emails
and discovered that the links were pointing to malware that will connect the infected host to the ASProx botnet. Based on information he has received, the infected systems are primarily being used for advertising click-fraud.
In order to help detect the scam quicker, E-ZPass singled out the subject lines of "In arrears for driving on toll road" and "Payment for driving on toll road" as recent examples. In his research, Warner also discovered "Indebtedness for driving on toll road" and "Pay for driving on toll road".
The context of the Phishing attack itself is short and to the point:
You have not paid for driving on a toll road. This invoice is sent repeatedly, please service your debt in the shortest possible time.
The invoice can be downloaded here."
Drivers in Indiana, Illinois, New York, New Jersey, Washington, D.C., Massachusetts, and Virginia have received similar warnings, as reports of the Phishing attack spread to each of the states supporting the E-ZPass system, representing some 14 million accounts.
The source of the contact information being used in the scam is unknown. While a data breach somewhere in the EZ-Pass chain of operation is possible, proof of such an incident hasn't turned up.
It's likely the criminals behind the Phishing scheme are sending the emails blindly, waiting to see who falls for the bait. This theory is also backed by the fact that some of those targeted in the Phishing attack are not E-ZPass customers.
"Phishing scams are pervasive and users should always be on the lookout for unexpected communications from organizations they have relationships with," said Chester Wisniewski, Senior Security Advisor for Sophos, when asked his thoughts on the scam.
"It can be tempting to click before you think, but important messages are not typically sent via email. The safest thing to do is go directly to the web site of the organization or pick up the phone if you are unsure.
Information provided by CSO
IBM Trusteer Phishing E-mail Campaign
Date Updated: 05/29/14 4:33 PM
IBM Trusteer has become aware of a phishing e-mail campaign targeting IBM
Trusteer. The campaign started on May 9, 2014.
The fraudulent e-mails appear to come from Trusteer with the sender’s e-mail address
masquerading as email@example.com, an e-mail account that is no longer in use.
These e-mails are part of a spear phishing campaign (spear phishing is a phishing message that appears to come from a trusted source) that uses IBM Trusteer’s brand to distribute a malicious executable file. The emails are addressed directly to recipients containing their full name and e-mail address. The content of the message requests that recipients run the attached file in order to upgrade their IBM Trusteer Rapport software version.
Please note that IBM Trusteer will not distribute Rapport updates as email
In response, IBM Trusteer has already begun rolling out an update that will protect
users from accidentally opening the malicious file. Further recommendations from IBM
Trusteer are as follows:
1. Users who received this email are requested to delete it immediately.
2. Users who may have already launched the attached file should be instructed to
refrain from online banking, and contact IBM Trusteer Support.
Should you have any questions, please do not hesitate to contact Trusteer directly at firstname.lastname@example.org.
Information provided by IBM Trusteer
Telephone Scam Alleging a Relative is in a Financial or Legal Crisis
Date Updated: 05/08/14 3:47 PM
The Internet Crime Complaint Center continues to receive reports of telephone scams involving calls that claim their “relative” is in a legal or financial crisis. These complaints are sometimes referred to as the “Grandparent Scam.” Scammers use scenarios that include claims of a relative being arrested or in a car accident in another country. Scammers often pose as the relative, create a sense of urgency and make a desperate plea for money to victims. It is not unusual for scammers to beg victims not to tell other family members about the situation.
The scammers also impersonate third parties, such as an attorney, law enforcement officer, or some other type of official, such as a U.S. Embassy representative. Once potential victims appear to believe the caller’s story, they are provided instructions to wire money to an individual, often referred to as a bail bondsman, for their relative to be released.
Some complainants have reported the callers claimed to be from countries including, but not limited to: Canada, Mexico, Haiti, Guatemala, and Peru.
Callers often disguise themselves by using telephone numbers generated by free applications or by spoofing their numbers.
If you receive this type of call:
•Resist the pressure to act quickly.
•Verify the information before sending any money by attempting to contact your relative to determine whether or not the call is legitimate.
•Never wire money based on a request made over the phone or in an e-mail, especially to an overseas location. Wiring money is like giving cash—once you send it, you cannot get it back.
Individuals who have fallen victim to this type of scam are encouraged to file a complaint with the Internet Crime Complaint Center
Information provided by Internet Crime Complaint Center (IC3)- April 9, 2014
Homeland Security: Don't use IE due to Bug
Date Posted: 04/30/14 4:17 PM
SAN FRANCISCO — The U.S. Department of Homeland security is advising Americans not to use the Internet Explorer Web browser until a fix is found for a serious security flaw that came to light over the weekend.
The bug was announced on Saturday by FireEye Research Labs, an Internet security software company based in Milpitas, Calif.
"We are currently unaware of a practical solution to this problem," Will Dormann at the CERT division of the Software Engineering Institute at Carnegie Mellon University in Pittsburgh, wrote on Monday.
It recommended that users and administrators "consider employing an alternative Web browser until an official update is available."
The security flaw allows malicious hackers to get around security protections in the Windows operating system. They then can be infected when visiting a compromised website.
Because the hack uses a corrupted Adobe Flash file to attack the victim's computer, users can avoid it by turning off Adobe Flash.
"The attack will not work without Adobe Flash," FireEye said. "Disabling the Flash plugin within IE will prevent the exploit from functioning."
While the bug affects all versions of Internet Explorer 6 through 11 it is currently targeting IE9 and IE10, FireEye stated.
The attacks do not appear to be widespread at this time. Microsoft said it was "aware of limited, targeted attacks that attempt to exploit" the vulnerability.
These are called "watering-hole attacks," said Satnam Narang, a threat researcher with computer security company Symantec in Mountain View, Calif.
Rather than directly reach out to a victim, the hackers inject their code into a "normal, everyday website" that the victim visits, he said. Code hidden on the site then infects their computers.
"It's called a watering-hole attack because if you're a lion, you go to the watering hole because you know that's where the animals go to drink."
FireEye said the hackers exploiting the bug are calling their campaign "Operation Clandestine Fox."
Microsoft confirmed Saturday that it is working to fix the code that allows Internet Explorer versions 6 through 11 to be exploited by the vulnerability. As of Monday morning, no fix had been posted.
Microsoft typically releases security patches on the second Tuesday of each month, what's known as Patch Tuesday. The next one is Tuesday, May 14. Whether the company will release a patch for this vulnerability before that isn't known.
About 55% of PC computers run one of those versions of Internet Explorer, according to the technology research firm NetMarketShare. About 25% run either IE9 or IE10.
Computer users who are running the Windows XP operating system are out of luck. Microsoft discontinued support of the system on April 8.
Symantec is offering XP users tools to protect themselves, which it has made available on its blog.
Information Provided by USA TODAY Homeland Security: Don't use IE due to bug
'Heartbleed' bug causes big security headache on Internet
Date Updated: 04/10/14 3:48 PM
SAN FRANCISCO -- A confounding computer bug called "Heartbleed" is causing major security headaches across the Internet, as websites scramble to fix the problem and Web surfers wonder whether they should change their passwords to prevent theft of their email accounts, credit card numbers and other sensitive information.
The breakdown revealed this week affects a widely used encryption technology that is supposed to protect online accounts for a variety of online communications and electronic commerce.
Security researchers who uncovered the threat are particularly worried about the lapse because it went undetected for more than two years. They fear the possibility that computer hackers may have been secretly exploiting the problem before its discovery. It's also possible that no one took advantage of the flaw before its existence was announced late Monday.
Although there is now a way to close the security hole, there are still plenty of reasons to be concerned, said David Chartier, CEO of Codenomicon. A small team from the Finnish security firm diagnosed Heartbleed while working independently from another Google Inc. researcher who also discovered the threat. "I don't think anyone that had been using this technology is in a position to definitively say they weren't compromised," Mr. Chartier said.
Canada's tax agency isn't taking any chances. Citing the security risks posed by Heartbleed, the Canada Revenue Agency shut off public access to its website "to safeguard the integrity of the information we hold," according to a notice posted on its website Wednesday. The agency said it hopes to re-open its website this weekend. The lockdown comes just three weeks from Canada's April 30 deadline for filing 2013 tax returns.
The U.S. Internal Revenue Service said in a statement Wednesday that it's not affected by the security hole. "The IRS advises taxpayers to continue filing their tax returns as they normally would in advance of the April 15 deadline," the agency said.
TurboTax, the most popular tax preparation software, also issued a statement Wednesday reassuring people that its website is now protected against Heartbleed.
Computer security experts are still advising people to consider changing all their online passwords.
"I would change every password everywhere, because it's possible something was sniffed out," said Wolfgang Kandek, chief technology officer for Qualys, a maker of security-analysis software. "You don't know, because an attack wouldn't have left a distinct footprint."
Google is so confident that it inoculated itself against the Heartbleed bug before any damage could be done that the Mountain View, Calif., company is telling its users they don't have to change the passwords they use to access Gmail, YouTube and other product accounts. More than 425 million Gmail accounts alone have been set up worldwide.
Facebook, which has more than 1.2 billion accountholders, also believes that its online social network has purged the Heartbleed threat. But the Menlo Park, Calif., company encouraged "people to take this opportunity to follow good practices and set up a unique password for your Facebook account that you don't use on other sites."
Online short messaging service Twitter Inc. and e-commerce giant Amazon.com Inc. say their websites weren't exposed to Heartbleed. Ebay Inc., which runs the PayPal payment service as well as online shopping bazaars, says most of its services avoided the bug.
Changing passwords on other online services potentially affected by Heartbleed won't do much good, security experts said, until the problem is patched. The troubleshooting software was released Monday.
So far, very few websites have acknowledged being afflicted by Heartbleed, although the bug is believed to be widespread.
Yahoo Inc. and Google are among the most prominent Internet services to say they have already insulated most of the most popular services from Heartbleed.
At Yahoo, the repairs have been made on a list of services that includes its home page, search engine, email, finance and sport sections, Flickr photo-sharing service and its Tumblr blogging service. In a blog post Wednesday, Google said it had applied the Heartbleed patch on its search engine, Gmail, YouTube, Wallet and Play store for mobile apps and other digital content.
Heartbleed creates an opening in SSL/TLS, an encryption technology marked by the small, closed padlock and "https:" on Web browsers to signify that traffic is secure. The flaw makes it possible to snoop on Internet traffic even if the padlock had been closed. Interlopers could also grab the keys for deciphering encrypted data without the website owners knowing the theft had occurred, according to security researchers.
The problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet.
About two-thirds of Web servers rely on OpenSSL, Mr. Chartier said. That means the information passing through hundreds of thousands of websites could be vulnerable, despite the protection offered by encryptions. Read More
Information provided by: PostGazette.com and Michael Liedtke and Anick Jesdanun / Associated Press
New Apple Security Flaw
Date Updated: 02/26/14 4:16 PM
It is important for all Apple users to keep their operating system updated and to apply current security patches. Recently, it has been recognized that iOS 7.0.6 has been released to patch an SSL security flaw which is issued for iPhones (4 and later), iPod touch (5th generation) and iPad (2nd generation). You are strongly encouraged to update all of your devices with the latest software update.
Currently Apple has not released a patch for the Mac computer.
Please keep your computers and devices patched with the latest security patches to help ensure you are protected.
•For information on the security content of this update, please visit this website: Apple Support
•Please update through iTunes or on the device while connected to a secure wireless network.
Information provided by: Dollar Bank
Fraudulent Correspondence Regarding the Release of Funds
Date Posted: 01/22/14 5:14 PM
Fictitious correspondence, allegedly issued by the Office of the Comptroller of the Currency (OCC) regarding funds purportedly under the control of the OCC and possibly other government entities, is in circulation. Correspondence may be distributed via e-mail, fax, or postal mail.
Any document claiming that the OCC is involved in holding any funds for the benefit of any individual or entity is fraudulent. The OCC does not participate in the transfer of funds for, or on behalf of, individuals, business enterprises, or governmental entities.
The correspondence may indicate that funds are being held by Bank of America and that the recipient will be required to pay a mandatory administrative charge for an issuance of a Capital Currency Control Certificate to release the funds to the beneficiary.
Attached (links below) are copies of the fraudulent documents, which include a solicitation as well as an invoice. This material is being sent to consumers in an attempt to elicit funds from them and to gather personal information to be used in possible future identification theft. Sample Telegram Sample Invoice
The correspondence in question contains the name of a fictitious OCC employee. In addition, the material contains telephone numbers, addresses, and e-mail addresses that are not associated with the OCC or Bank of America.
Before responding in any manner to any proposal supposedly issued by the OCC that requests personal information or personal account information or that requires the payment of any fee in connection with the proposal, recipients should take steps to verify that the proposal is legitimate. At a minimum, the OCC recommends that consumers
A. Contact the OCC directly to verify the legitimacy of the proposal
(1) via e-mail at email@example.com;
(2) by mail to the OCC’s Special Supervision Division, 400 7th Street, SW, Suite 3E-218; MS 8E-12, Washington, D.C. 20219;
(3) via fax to (571) 293-4925; or
(4) by calling the Special Supervision Division at (202) 649-6450.
B. Contact state or local law enforcement.
C. File a complaint with the Internet Crime Complaint Center
if the proposal appears to be fraudulent and was received via e-mail or the Internet.
D. File a complaint with the U.S. Postal Inspection Service by telephone at (888) 877-7644; by mail at U.S. Postal Inspection Service, Office of Inspector General, Operations Support Group, 222 S. Riverside Plaza, Suite 1250, Chicago, IL 60606-6100; or via the Online Complaint Form
if the proposal appears to be fraudulent and was delivered through the U.S. Postal Service.
Information provided by: OCC
Office of the Comptroller of the Currency - Alert 2014-4 Issues Jan 16 2014
Date Updated: 12/11/13 9:04 AM
Neverquest is a virus (trojan) to be aware of. It is a new version of an old trojan, but this version steals your account login information and attempts to access your online accounts from your computer. It might also use your computer and email address to send out spam.
How to protect yourself:
Dollar Bank offers free anti-malware software called Trusteer. Download Trusteer
Customers are strongly encouraged to take advantage of this.
Do not follow unsolicited web links in email messages or submit any information to webpages in links.
Use caution when opening email attachments. Don’t open attachments from senders you don’t know. If you were not expecting an attachment from a sender you do know, verify with them first that they did send you the attachment.
Maintain up-to-date anti-virus software.
Keep your operating system and software up-to-date with the latest patches.
For more details about Neverquest, see Network World
Information provided by: Dollar Bank
Holiday Shopping Tips prepared by the Internet Crime Complaint Ctnr
Date Updated: 12/03/13 3:57 PM
The FBI reminds holiday shoppers to beware of cyber criminals who are out to steal money and personal information. Scammers use many techniques to defraud consumers, from phishing e-mails offering too good to be true deals on brand-name merchandise to offering quick cash to victims who will re-ship packages to additional destinations. Previously reported scams are still being executed today.
While monitoring credit reports on an annual basis and reviewing account statements each month is always a good idea, consumers should keep a particularly watchful eye on their personal credit information at this time of year. Scrutinizing credit card bills for any fraudulent activity can help to minimize victims’ losses. Unrecognizable charges listed on a credit card statement are often the first time consumers realize their personally identifiable information has been stolen.
Bank transactions and correspondence from financial institutions should also be closely reviewed. Bank accounts can often serve as a target for criminals to initiate account takeovers or commit identity theft by creating new accounts in the victims’ name. Consumers should never click on a link embedded in an e-mail from their bank, but rather open a new webpage and manually enter the URL (web address), because phishing scams often start with phony e-mails that feature the bank’s name and logo.
When shopping online, make sure to use reputable sites. Often consumers are shown specials on the web, or even in e-mail offers, that look too good to be true. These sites are used to capture personally identifiable information, including credit card numbers, addresses and phone numbers to make fraudulent transactions. It’s best to shop on sites with which you are familiar and that have an established reputation as trusted online retailers, according to the MRC, a nonprofit that supports and promotes operational excellence for fraud, payments and risk professionals within eCommerce.
If you look for an item or company name through a search engine site, scrutinize the results listed before going to a website. Do not automatically click on the first result, even if it looks identical or similar to the desired result. Many fraudsters go to extreme lengths to have their own website appear ahead of a legitimate company on popular search engines. Their website may be a mirrored version of a popular website, but with a slightly different URL.
Purchases made on these sites could result in one or more of the following consequences: never receiving the item, having your credit card details stolen, or downloading malware/computer virus to your computer. Before clicking on a result in a search engine, inspect the URL of the destination website. Look for any misspellings or extra characters such as a period or comma as these are indicative of fraud. When taken to the payment page of a website, again verify the URL and ensure it is secure by starting with “HTTPS,” not just “HTTP.”
Here are some additional tips you can use to avoid becoming a victim of cyber fraud:
Do not respond to unsolicited (spam) e-mail.
Do not click on links contained within an unsolicited e-mail.
Be cautious of e-mail claiming to contain pictures in attached files; the files may contain viruses. Only open attachments from known senders. Scan the attachments for viruses if possible.
Avoid filling out forms contained in e-mail messages that ask for personal information.
Always compare the link in the e-mail to the link you are actually directed to and determine if they match and will lead you to a legitimate site.
Log on directly to the official website for the business identified in the e-mail instead of “linking” to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.
Contact the actual business that supposedly sent the e-mail to verify that the e-mail is genuine.
If you are requested to act quickly or there is an emergency that requires your attention, it may be a scam. Fraudsters create a sense of urgency to get you to act quickly.
Remember if it looks too good to be true, it probably is.
Finally, check these additional sources to become even more informed on safe online shopping.
Previous Holiday Shopping Tips public service announcements can be viewed on IC3.gov at the following links: http://www.ic3.gov/media/2012/121120.aspx http://www.ic3.gov/media/2011/111121.aspx
US-CERT posted a Holiday Season Phishing Scams and Malware Campaigns release on Nov. 19, 2013, reminding consumers to stay aware of seasonal scams. The entire alert can be viewed at Holiday Season Phishing Scams and Malware Campaigns
To receive the latest information about cyber scams, go to FBI.gov and sign up for e-mail alerts by clicking on the red envelope labeled “get FBI updates.” If you have received a scam e-mail, notify the IC3 by filing a complaint at www.ic3.gov. For more information on e-scams, please visit the FBI's “New E-Scams” and Warnings webpage at http://www.fbi.gov/scams-safety/e-scams
Information provided by:
Public Service Announcement
Prepared by the Internet Crime Complaint Center (IC3)
November 19, 2013
What is a Watering Hole Attack?
Date Updated: 12/05/13 12:38 PM
How do you protect yourself? Patch your browser. Patch your operating system. Run anti-virus. Update your plug-ins. Keep your system up-to-date on all patches, and patch in a timely fashion.
Information provided by: Dollar Bank
Spam E-mails Use FBI Officials' Names
Date Updated: 11/06/13 2:18 PM
The FBI continues to receive reports of spam e-mails that use FBI officials’ names and titles in online fraud schemes. Although there are different variations of these schemes, recipients are typically notified they have received a large sum of money. The latest round of e-mails uses the name of new FBI Director James B. Comey.
Some of the e-mails reported to the Internet Crime Complaint Center continue to use the alleged “Anti Terrorist & Monetary Crimes Division” of the FBI. All e-mails encourage the recipient to send money for various reasons.
Do not respond. These e-mails are a hoax.
Neither government agencies, nor government officials send unsolicited e-mail to members of the public. United States government agencies use the legal process to contact individuals.
The public should not respond to any unsolicited e-mails or click on embedded links in these messages because they may contain viruses or malicious software. If you have received a message that purports to be from the FBI, disregard its instructions and file a complaint at www.IC3.gov.
Information provided by:
Public Service Announcement
Prepared by the Internet Crime Complaint Center (IC3)
September 25, 2013