Identity Theft: Reducing the Risk Seminar (October 23, 2008, Foster Bank Kedzie Office Community Hall)

Summary

Fraudulent e-mails are being sent to consumers that claim to be from the FDIC in an attempt to obtain sensitive personal information, including bank account information. These e-mails falsely indicate that consumers can enroll in card insurance to protect against Internet fraud.

The Federal Deposit Insurance Corporation (FDIC) has received numerous notifications from consumers of an e-mail that gives the appearance of being sent from the FDIC. The "From" line of the e-mail displays the name "Federal Deposit Insurance Corporation " and the subject includes the words "Consumer Protection."

Current versions of the fraudulent e-mail state:

"Who is FDIC?

The Federal Deposit Insurance Corporation (FDIC) preserves and promotes public confidence in the U.S. financial system by insuring deposits in banks.

What can FDIC do for you?

Despite the efforts of law enforcement, Identity theft is becoming more sophisticated and the number of new victims is growing. In general, consumers are protected against liability for unauthorized accounts or transactions under federal and state law and by financial industry practices. Identity Theft can affect consumers in many ways, thats [sic] why FDIC is presenting a new card insurance which can restore you up to $500 if you are a victim of internet fraud.

Learn more about Consumer Protection > Card Insurance:
Clicking here will redirect you to a online signup page for this program."

The e-mail requests that recipients click on a hyperlink that is provided. This directs the recipient to a "spoofed" Web page requesting the user to enter personal information to receive $500 of "card insurance." The requested information (name, phone number, Social Security number, address, card number, bank name, card expiration date, card verification code, and electronic signature/ATM PIN) could be used to perpetrate identity theft and gain unauthorized access to bank accounts. Be aware that the appearance of the fraudulent e-mails can be modified and that additional variations are possible.

Consumers should NOT access the link provided within the body of the e-mail and should NOT, under any circumstances, provide any personal financial information through this media.

The FDIC has shut down the fraudulent Web site and is investigating the source of the e-mails. Consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

Information about counterfeit items, cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F-4004, Washington, D.C. 20429, or transmitted electronically to alert@fdic.gov. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.

For your reference, FDIC Special Alerts may be accessed from the FDIC's website at www.fdic.gov/news/news/SpecialAlert/2008/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

Foster Bank has recently become aware of incidents of data bases and/or computers systems, which have involved security breaches. When Foster Bank receives a notice from our debit card processor about a security breach we make every effort to review the situation, including transactions on your account to determine if there are any unusual transactions.

In this day and age of electronics intruders will continue to try and find ways to access or fraudulently obtain financial information. Please be aware that Foster Bank and our partners have a state-of-the art security protection system and are continually updating and monitoring account activity. (We make every effort to protect our customers and their confidential account information). When these situations occur MasterCard® and/or VISA® also do an extensive review of the breach and conduct their own internal investigation, which usually results in no adverse action. However, with all our protections and reviews it is still incumbent upon you, the customer, to review your account transactions periodically for any suspicious transactions. Should you question any transaction, which posts against your account please notify us immediately.

Please call Bonnie Lim at 773.202.4782, or in her absence our bookkeeping department, for immediate attention to your account problem.

The Federal Deposit Insurance Corporation (FDIC) has become aware of letters that appear to be sent from the FDIC to financial institutions in the United States and other countries. The letters instruct the financial institution to deposit an enclosed official or cashier's check into a customer's account. The letters include "DEPOSIT ACCLERATION" directly below the letterhead and display the forged signatures of "Sandra L. Thompson, Director" and "Christopher J. Spoth, Acting Director 2." The letters are fraudulent and were not sent by the FDIC.

To date, the fraudulent letters have included one or more counterfeit official or cashier's checks and state that the FDIC is authorizing the deposit of the instruments as a payment to a customer's deposit account. The letters provide an actual customer's name and account number.

Financial institutions should not deposit the checks enclosed with the fraudulent letters. The FDIC does NOT authorize payments or deposits to customers' accounts and does not play a role in transactions between an open financial institution and its customers. Financial institutions that receive one of the subject letters should recognize that an unauthorized party may have the deposit account information of one of its customers and should consider assisting the customer in closing any compromised accounts and opening new accounts, as necessary.

Information about counterfeit items, cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F- 4004, Washington, D.C. 20429, or transmitted electronically to alert@fdic.gov. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.

For your reference, FDIC Special Alerts may be accessed from the FDIC's website at www.fdic.gov/news/news/SpecialAlert/2007/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

Take the Steps to Protect Yourself from Identity Theft

Thieves and con artists know countless ways to rip people off; so protecting your identity needs to be a high priority.

Identity theft occurs when someone uses your personal information, without your knowledge, to obtain credit cards, phone service and other types of loans. In other words, the thief uses your good credit to go on a spending spree.

To avoid being a victim, consumers need to pay extra attention as they go about their daily routine. Here are tips to protect yourself against the fastest growing crime in America.

Warning Signs. You get bills, credit card statements, calls from businesses or collection agencies, or other notices for debts and purchases you know nothing about.

Consumer’s Best Defense.

- Do not give credit card, Social Security numbers or other personal identifying information to anyone over the phone or in an email unless you contact them first. Legitimate financial institutions never call customers asking for account information. Do not respond to emails or phone calls that warn of dire consequences unless you take action immediately.

- Do not include your Social Security number on your checks and object if printed on student or work IDs that others can see. Do not carry your Social Security card in your wallet.

- Protect your incoming and outgoing mail. Never leave outgoing mail in your mailbox or at your doorway. Instead deposit it in a blue collection box or take it to the post office. Leaving that red flag up on your mailbox can alert thieves that there is something of value in the box.

- To deter thieves from going through your garbage, shred credit card slips, monthly bank statements, loan checks and credit card offers.

- Place your ATM, debit or credit card receipts and bank information in a safe place.

- Never leave your wallet unattended.

- Closely review your credit card bills and bank statements. Report any unauthorized charges immediately.

- Carry only the credit or ID cards that you actually use in your wallet. Limit yourself to only one or two credit cards, a debit card and a few personal checks.

The Federal Deposit Insurance Corporation (FDIC) has become aware of fraudulent e-mails appearing to be from the FDIC. The e-mails ask recipients to click on a hyperlink titled "Take the Corrective Action - Implement the LinkBank System." When accessed, the hyperlink takes the individual to a "spoofed" FDIC Web page. At that point, the individual is directed to provide online banking information, including bank name, username, and password.

The fraudulent e-mails appear in "memo format" and are purportedly from "Russell A. Rau, Assistant Inspector General for Audits." The e-mails include a "Subject" line that states: "Division of Supervision and Consumer Protection's Risk-Focused Compliance Examination Process for [recipient's name inserted] (Report No. 05-038)."

The FDIC does not directly contact consumers in this manner, nor does the FDIC request personal financial information from consumers. Financial institutions and consumers should NOT access the link provided within the body of these e-mails and should NOT, under any circumstances, provide any personal financial information through this medium.

Financial institutions and consumers should be aware that other similar e-mails may be sent that falsely claim to be from the FDIC.

The FDIC is attempting to identify the source of the fraudulent e-mails and disrupt the transmission. Until this is achieved, consumers and financial institutions should notify the FDIC at alert@fdic.gov of any similar attempts to obtain personal financial information.