MetroBank Alerts
Reduce ATM fraud
02/18/2010
Consumer tips to help reduce ATM fraud incidents:1. Be wary of anything about the ATM machine that looks out of the ordinary, such as odd-looking equipment or wires attached to the device.
2. Look for a "no tampering" sign. Crooks often place these to stop anyone curious about a new piece of equipment.
3. Steer clear of a jammed ATM machine that forces you to use another ATM that has a skimmer attached. Often, the criminal will disable other ATMs in the area to draw users to the one that has the skimming device on it.
4. Check your bank accounts regularly to make sure there are no unusual or unauthorized transactions.
5. If you see anything unusual or suspicious around an ATM, or if you find unauthorized ATM transactions on your bank account, immediately notify local law enforcement, as well as your financial institution and/or the establishment where the ATM is located.
6. Always protect your PIN: Don't give the number to anyone, and cover the keypad while you are entering your PIN.
Phishing Alert
11/12/09
Random individuals and/or companies may have received a falsified e-mail with the subject title “Rejected ACH Transaction.” This e-mail appears to be from NACHA – The Electronic Payments Association telling them that there is a problem with an ACH transaction they have originated. The e-mail includes a link which redirects the individual to a fake web page which appears like the NACHA website and contains a link which is almost certainly executable virus with malware. See sample below.IF YOU GET ONE OF THESE EMAILS DO NOT CLICK ON THE LINK! The e-mail did not originate from NACHA and the website does not belong to NACHA. A sample of the phishing email follows:
= = = = = Sample E-mail = = = = = =
From: nacha.org [mailto:report@nacha.org]
Sent: Thursday, November 12, 2009 10:25 AM
To: Doe, John
Subject: Rejected ACH transaction, please review the transaction report
Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:
Unauthorized ACH Transaction Report (this is the how the link is presented in the phishing email)
------------------------------------------------------------------
Again, if you receive one of these emails, do not click on the link in the email! NACHA has put an alert about this phishing attempt on their legitimate website, which can be found at nacha.org. Please also feel free to contact EastPay at 1-800-681-4224 if you have any questions.
Fraudulent FDIC Emails
10/27/09
The Federal Deposit Insurance Corporation (FDIC) has become aware of e-mails appearing to be sent from the FDIC that are asking recipients to download and open a "personal FDIC insurance file" to check their deposit insurance coverage. These e-mails are fraudulent and were not sent by the FDIC. The FDIC is attempting to identify the source of the e-mails and disrupt the transmission.Currently, the subject line of the fraudulent e-mails includes the wording "check your Bank Deposit Insurance Coverage." The e-mails state: "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets."
The e-mails ask recipients to "visit the official FDIC website" by clicking on a hyperlink provided, which appears to be related to the FDIC and directs recipients to a fraudulent Web site. The Web site includes hyperlinks that appear to open forms. However, it is believed that clicking on the hyperlinks will cause an unknown executable file to be downloaded. While the FDIC is working with the United States Computer Emergency Readiness Team (US-CERT) to determine the exact effects of the executable file, recipients should consider the intent of the software as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to online banking services or to conduct identity theft. Financial institutions and consumers should NOT access the Web site or download the executable files provided on the Web site.
Fraudulent ID Theft Emails
09/09/09
We have been made aware of fraudulent emails that are circulating today that are supposedly being sent from different Banks online security department that asks you to verify your Identity. Please remember that banks, credit card companies, and mortgage companies already have your information - they will not send an unsolicited email requesting it. Please delete any emails received that are "phishing" for information.Email Scam Alert
06/17/09
Several people that have reported receiving emails regarding "questionable" credit card transactions. There is a hyperlink at the bottom of the email to click on to verify information. This is a SCAM - do not click on the hyperlink and do not provide any information. Please just delete any emails of this nature.Paper TT&L Payments
06/12/09
Effective 12/31/09 at 2:00 p.m., MetroBank will no longer accept paper TT&L payments. Please see a customer service representative for instructions how to setup telephone or internet based payments.Fraudulent Security Alert Emails
02/25/09
Please be aware of fraudulent emails. We have just been informed of people receiving emails referencing a security alert and redirecting the user to a fraudulent link. The hoster is in the process of taking down the fraudulent site.Thank you.
MetroOnline Banking Department
SBA Warns of SCAM
02/19/09
SBA Warns of Fraudulent Attempts to Obtain Bank Account Information from Small BusinessesWASHINGTON – The U.S. Small Business Administration issued a scam alert today to small businesses, warning them not to respond to letters falsely claiming to have been sent by the SBA asking for bank account information in order to qualify them for federal tax rebates.
The fraudulent letters were sent out with what appears to be an SBA letterhead to small businesses across the country, advising recipients that they may be eligible for a tax rebate under the Economic Stimulus Act, and that SBA is assessing their eligibility for such a rebate. The letter asks the small business to provide the name of its bank and account number.
These letters have not been sent by or authorized by the SBA, and all small businesses are strongly advised not to respond to them.
The scheme is similar in many ways to e-mail scams often referred to as “phishing” that seek personal data and financial account information that enables another party to access and individual’s bank accounts or to engage in identity theft.
The SBA is working with the SBA Office of Inspector General to investigate this matter. The Office of Inspector General asks that anyone who receives such a letter report it to the OIG Fraud Line at 1 (800) 767-0385, or e-mail at OIGHotline@sba.gov.
Heartland Reports Data Security Breach
01/20/09
As reported by the New York Times 01/20/09, Heartland Payment Systems, a major payment processing company, disclosed a data breach on Monday that potentially exposed tens of millions of credit and debit cardholders to the risk of fraud in what could quickly become one of the country’s biggest data compromises.Robert H. B. Baldwin Jr., Heartland’s president and chief financial officer, said that his company believed the card numbers, expiration dates, and in some cases cardholder names were exposed after attacks on its computer systems at the one point where data had been unencrypted.
Once consumers swiped their cards, so-called sniffer software captured that data as Heartland sought authorization from the major payment companies and banks. Customers of Visa, MasterCard, American Express and Discover Financial were all vulnerable.
“We have industry-leading encryption, but the data has to be unencrypted to request the information,” Mr. Baldwin said. “The sniffer was able to grab that authorization data at that point.”
Data thieves introduced the software as early as May, but Heartland did not detect the breach until it was alerted to the activity in late fall. The personal data of 600 million or more cardholders was vulnerable, but data security experts suggested data from far fewer accounts had been extracted. Other confidential information, like personal security codes, is not believed to have been compromised. That might limit damages.
Even so, the Heartland breach could wind up rivaling some of the largest data thefts. In January 2007, the discount retail chain TJX revealed that data on more than 45 million customers had been compromised. And 40 million cardholder accounts were exposed in the 2005 data compromise at a tiny payment processor, CardSystem Solutions.
Avivah Litan, a data security analyst, said that the Heartland breach could result in hundreds of millions in losses and other expenses. “If you add it all up, including legal costs, it could be as much as half a billion dollars in losses — or twice as big as TJX,” she said.
Mr. Baldwin said that Secret Service officials investigating the breach suggested that the thieves involved in the attack might be part of an “international ring of hackers that are introducing breaches at a number of financial institutions.”
The Heartland breach also showed that in spite of the adoption of more stringent standards and tougher oversight by banks and credit card companies, consumers are still vulnerable. All this is happening after credit card companies and merchants spent over $2 billion on establishing the Payment Card Industry standards, Ms. Litan said. “And yet the breaches continue and they get more serious.” Heartland, based in Princeton, N.J., works with about 175,000 small merchants and processes about 100 million transactions a month. It has created a Web site, 2008breach.com, to provide information about the incident. Cardholders are not responsible for unauthorized fraudulent charges.
FDIC Increases Insurance Coverage
12/09/08
With the Federal Deposit Insurance Corporation (FDIC) recent changes, MetroBank continues to welcome all of your deposits! Please know that:• On October 3, 2008, FDIC temporarily increased from $100,000 to $250,000 per depositor through December 31, 2009.
• MetroBank is participating in the FDIC’s Transaction Account Guarantee Program. Under that program, through December 31, 2009, all noninterest- bearing transaction accounts are fully guaranteed by the FDIC for the entire amount in the account. Coverage under the Transaction Account Guarantee Program is in addition to and separate from the coverage available under the FDIC’s general deposit insurance rules. Non-deposit investment accounts (repurchase agreements) are not FDIC insured accounts; therefore, this does not apply to these types of accounts.
• On November 21, 2008, all funds in IOLTA (Interest on Lawyers Trust Accounts) and NOW accounts paying a rate of no more than .50%, are also fully guaranteed by the FDIC with the coverage remaining in effect until December 31, 2009.
How does this affect you?
• You do not have to do anything to receive the higher coverage limits; they are in place as of the dates listed above. MetroBank takes pride in being able to offer you the most protection possible for all your funds.
Feel free to contact any branch regarding FDIC insurance coverage limits, or visit our website at www.metrobankfl.com and select Alerts.
Miami-Dade County:
Dadeland 305.670.0200
Gables Waterway 305.662.1390
Kings Bay 305.256.0099
West Kendall 305.385.3100
Broward County:
Lighthouse Point 954.725.9009
Sunrise 954.748.7070
Notice Regarding Sweep Accounts:
Reclassification sweep accounts for reporting purposes are swept from noninterest-bearing transaction accounts to noninterest-bearing savings account; therefore, these accounts are also guaranteed under the transaction account guarantee program.
11/2008
FDIC warns of Fraudulent Emails
10/28/08
The Federal Deposit Insurance Corporation (FDIC) is warning consumers, businesses and financial institutions to be aware of fraudulent e-mails allegedly from, or related to, financial institutions that have been the subject of recent news stories. Phishing e-mails often incorporate aspects of high-profile news stories – such as bank mergers, acquisitions and failures – to create a sense of urgency and legitimacy for requesting information or action.These types of fraudulent e-mails may request recipients to verify computer logon credentials, update personal information, or activate new online security features. The fraudulent e-mails may include a link that directs the recipient to a fraudulent or "spoofed" Web site that looks similar to the subject institution's legitimate Web site. Once there, users may be prompted to provide information about online banking credentials or other personal and confidential information that could be used to gain unauthorized access to online banking services or perpetrate identity theft. These spoofed Web sites may also direct the user to download software updates or digital certificates, which may actually be malicious code or software attempting to collect online banking credentials or other personal and confidential information.
Consumers, businesses and financial institutions should be wary of unsolicited e-mails purportedly from financial institutions recently in the news and take the following precautions:
Do not follow Web links in unsolicited e-mails from apparent financial institutions. Instead, use Web browser bookmarks or type your institution's Web address into the browser address bar when accessing your bank's Web site or online banking services.
Always use anti-virus software and ensure the virus signatures are automatically updated. Ensure the computer operating system and common software applications are up-to-date with security patches installed.
Do not open unsolicited or unexpected e-mail attachments claiming to be from a financial institution because of the risk of malicious code or software. As a precaution, call the financial institution using an appropriate telephone number, such as one from an account statement, to validate the e-mail and attached file before opening any attachment.
Be aware that phishing e-mails frequently use new and innovative ways to trick recipients into providing logon credentials and confidential information or into unleashing malicious code.
Regularly review financial account statements and immediately report any discrepancies to your institution.
Be mindful that financial institutions generally deliver notices to consumers in writing about changes in account terms and conditions unless the consumer previously agreed to receive the notice electronically.
For additional information about safe online banking and avoiding online scams, visit http://www.fdic.gov/consumers/consumer/guard/.
Equifax Reports Phishing Attempt
Equifax has verified that phishing attempts have been made on some customers using their online delivery portal Equifax ePORT®. "Phishing" or "spoofing" is an e-mail threat where fraudulent e-mails appear from a well-known company and ask you to provide, update or confirm certain confidential information.In this instance, some Equifax ePORT customers have reported receiving e-mails appearing to be from Equifax requesting that they provide Company ID, User ID and Password. Equifax would never ask for this information. These e-mails have not been sent from Equifax and are not legitimate. DO NOT RESPOND TO THEM.
Simply clicking the link in a spoofed e-mail can be dangerous, even if you do not provide the information requested. When in doubt if a message is authentic or not, always contact Equifax to confirm.
If you believe you have responded to a phishing attempt concerning your Equifax ePORT account, please call Equifax at 1-888-592-0008 immediately, or fax them at 770-752-1275.
Advance Loan Fees Scam
The Federal Deposit Insurance Corporation (FDIC) is reminding consumers to be aware of advance fee loan scams. The FDIC has observed a significant increase in the number of unsolicited e-mails ("spam") advertising mortgage refinancing, debt consolidation and elimination, small business loans, and special loan programs for veterans and minorities. While some of these e-mails may advertise legitimate loan programs and lenders, advance fee loan scams are becoming more prevalent.Advance fee loan scams prey on consumers who may be under financial duress and may be seeking quick and easy loan approval and funding. The scam typically involves the lender making false promises to arrange for a loan in return for fees paid upfront by the loan applicant. Scam artists may even design Web sites and online loan applications giving the appearance that the company is legitimate.
Fraudulent logos and letterhead of legitimate financial institutions or government agencies may also appear on documents that are faxed to the loan applicant. Potential borrowers may be asked to provide information through a Web site or be contacted by phone or e-mail by a "representative" who guarantees loan approval as soon as the borrower pays a required fee. The loan applicant may be told that the fees will be used to pay a third party for loan insurance or application processing, or to make the first month's loan payment. The loan applicant may also be told to send or wire transfer money to an individual overseas before receiving the loan proceeds.
In some cases, the loan applicant has been falsely directed to a legitimate financial institution with no knowledge of the transaction. In other cases, the loan applicant is told that the loan request was declined and is asked to forward additional money to qualify for a different loan program.
The following are warning signs that may indicate a loan offer is not legitimate:
The loan approval is "guaranteed." Lenders do not typically guarantee loans before analyzing the applicant's financial condition, credit history and ability to repay.
The loan applicant is required to pay upfront fees to a third party or individual. Loan fees are normally paid to a business after the loan has been approved.
The lender or loan processor may be located outside of the United States.
Fees are requested using a retail wire transfer system. A password is sometimes used by the overseas receiver to pick up the funds in an attempt to hide the true identity of the criminals and make funds more difficult to trace.
Please report any similar situations by following the procedures below:
Internet Crime Complaint Center at http://www.ic3.gov/.
Disaster Recovery
06/23/08
These sites have tip sheets and guides for creating comprehensive business recovery plans:. www.ready.gov - Run by Homeland Security, the site has a section for business disaster planning.
. www.floridadisaster.org - A step-by-step guide to creating a business recovery plan.
. www.sba.gov/services/disasterassistance - Produced by the Small Business Adminstration, the site has links to planning guides.
. www.fema.gov/hazard - Tips and planning guides for all types of disasters.
. www.officedepot.com/getprepared - Checklists, tips, and guides to surviving a disaster.
EEOC Phishing SCAM and Virus
EEOC ALERTS PUBLIC TO E-MAIL 'PHISHING' SCAMFederal Agency Identifies Internet Fraud Being Perpetrated Against Employers
WASHINGTON - The U.S. Equal Employment Opportunity Commission (EEOC) late today notified the business community and general public to a "phishing" e-mail circulating to companies that purports to be from the federal agency regarding a harassment complaint. The bogus e-mail contains a Trojan Horse Virus that is likely to harm a recipient's computer if the user clicks on the referenced web link and/or downloads the attached file.
The phony e-mail to employers -- being circulated under the subject "Harassment Complaint Update For"-- contains links where the respondent can allegedly access details of a fake discrimination claim. The EEOC has reported the issue to appropriate authorities.
The EEOC's policy is to notify an employer of the filing of a charge of employment discrimination using the U.S. Postal System. Because of security concerns, the EEOC does not notify employers of the filing of a charge of discrimination via e-mail. Consequently, if a company receives an e-mail notification which purports to advise the respondent of the filing of a charge of employment discrimination with the EEOC, the federal agency urges users to delete it immediately.
The contents of the phishing e-mail include an EEOC logo under the subject line and contain purported language from the EEOC under a subject heading, "Employer Liability for Harassment." Excerpts of the phishing e-mail are highlighted below:
FROM: Equal Employment Opportunity Commission
SUBJECT: "Harassment Complaint Update For"
This is an automated email that confirms the registration of harassment complaint #number...this harassment complaint can lead to law enforcement action. You can download and print a copy of this complaint to keep for your personal records here...Our staff will keep you updated regarding the status of our investigation...To check the status of your complaint access:
The EEOC enforces federal laws prohibiting employment discrimination. Further information about the EEOC is available on its official web site at www.eeoc.gov.
Cashier's Check Fraud
The consumer advisory "Avoiding Cashier's Check Fraud" is available on the Office of the Comptroller's website at:http://www.occ.treas.gov/ftp/ADVISORY/2007-1.html
