Consumer Alert:
Do not give out personal information over the phone
July 1, 2008 -- Attorney General Steve Six today reminds Kansans not to give out personal information over the phone or in response to unsolicited e-mails.
Recently, many Kansans have received automated phone calls claiming that their bank account information had been compromised. The automated caller then requests access to personal account information. Consumers should never provide personal information over the phone without first confirming the identity of the caller. Consumers should hang-up and contact their bank directly.
Identity theft occurs when someone steals your personal information and uses it to commit financial fraud or other crimes. Personal information includes your name, address, driver's license number, Social Security number, mother's maiden name, birth date, bank account, credit card, or PIN number.
How to Protect Yourself:
- Never provide personal financial information, including your Social Security number, account numbers or passwords, over the phone or the Internet if you did not initiate the contact.
- Never click on the link provided in an e-mail you believe is fraudulent.
- Do not be intimidated by an e-mail or caller who suggests dire consequences if you do not immediately provide or verify financial information.
- If you believe the contact may be legitimate, contact the financial institution yourself. You can find phone numbers and Web sites on the monthly statements you receive from your financial institution, or you can look the company up in a phone book or on the Internet and contact them directly.
- Never provide your password over the phone or in response to an unsolicited phone or Internet request. A financial institution would never ask you to verify your account information on the phone or online.
- Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving, call your financial institution to find out why. If your financial institution offers electronic account access, periodically review activity online to catch suspicious activity.
- Report suspicious e-mails or calls to the Kansas Office of Attorney General at 1-800-432-2310 or at http://www.ksag.org/.
What to do if you fall victim to identity theft:
- Contact your financial institution immediately and alert it to the situation.
- Call the three major credit bureaus to place a fraud alert on your file, preventing thieves from opening a new account in your name.
o Equifax, 800-525-6285
o Experian, 888-397-374
o TransUnion, 800-680-7289 - Call the security numbers located on the back of your stolen credit cards. These numbers can also be found on your credit card billing statements.
- Report the theft to Attorney General Steve Six's Office at 1-800-432-2310 or at http://www.ksag.org/.
"Vishing attacks"
Posted January 28, 2008
The FBI is warning of a dramatic increase in the number of so-called 'vishing' attacks that entice mobile phone users into giving up personal banking details. Vishing works in much the same way as phishing. An e-mail or text message is sent to a user asking them to call the target bank to reactivate a credit or debit card. When a user calls the telephone number, they are greeted with an authentic sounding message and prompted to enter their card number to resolve the issue. Many users are familiar with similar tactics with e-mails containing links however, this newer scam has the potential to be devastating because of the change in tactics by criminals and the use of a 'real person" on the other end of the phone. The FBI is advising users to look up their bank's phone number and call them directly if they believe they have a question on their account or if they have been a victim of a vishing attack.
FDIC Special Alert: Fraudulent E-Mail Claims to Be From the FDIC
May 4, 2007
The FDIC has received a report of an e-mail, originally sent on September 11, 2006, that has the appearance of being sent from the FDIC. However, instead of a typical phishing e-mail that might ask the recipient to click on a hyperlink to a spoofed Web site, this e-mail appears to deliver malicious software on to the recipient's computer.
After describing the FDIC and deposit insurance, the e-mail describes "a small client utility" that bank customers are asked to install on home and business computers "which is used to open Online Banking sessions." The e-mail goes on to state that "[t}his utility only starts whenever an online session is opened with a Financial Institution insured by the FDIC, thus it will never interfere with any programs installed on your computer. Please help us combat fraud by installing, ProBank on any computer that is used to open an Online Banking session."
The e-mail also asks institutions to "advertise and market the ProBank's existence to employees, suppliers, third-party service providers and customers." It suggests channels, such as "bank newsletters, memoranda, written policy, and internal and external bank Web sites." This e-mail is a fraudulent attempt to obtain personal information from consumers and businesses. Consumers and businesses should NOT click the link provided within the body of the e-mail or install any software on their computer which is unfamiliar.
Additionally, financial institutions should not "advertise and market the ProBank's existence" to anyone as the e-mail suggests.
A Fraud Alert From the FDIC
June 13, 2006
FDIC Consumer Call Centers in Kansas City, Missouri, and Washington, D.C., have begun receiving a large number of complaints by consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that Department of Homeland Security Director Tom Ridge has advised the FDIC to suspend all deposit insurance on the recipient’s bank account due to suspected violations of the USA PATRIOT Act. The e-mail further indicates that deposit insurance will be suspended until personal identity, including bank account information, can be verified.
This e-mail was not sent by the FDIC and is a fraudulent attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.
The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.
Information related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.
For your reference, FDIC Special Alerts may be accessed from the FDIC's Web site at www.fdic.gov/news/news/SpecialAlert/2006/index.html.
To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.
