Fraudsters are persistent in their development of scams to outsmart the current controls put in place to protect you personal information. Below are some recent Fraud Scams.
Equifax Announces Cybersecurity Incident Involving Consumer Information
On September 7, 2017, Equifax announced a cybersecurity incident potentially impacting approximately 143 Million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases.
The information accessed primarily includes names, Social Security numbers, birth dates, addresses, and in some instances, driver's license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.
The company has created a dedicated website to educate those impacted about the risks, and a call center is open from 7am to 1am EST to answer any questions. Equifax will also be providing free credit monitoring services for all those affected. Please click here to read more.
Want more than just free credit monitoring? Click here to learn about Kasasa Protect™.
Wendy's Payment Card Breach
The Wendy's Company updated its customers in a press release on July 7, 2016 regarding malicious cyber activity experienced at some Wendy's restaurants. The Company first reported unusual payment card activity affecting some franchise-owned restaurants in February 2016. Subsequently, on June 9, 2016, the Company reported that an additional malware variant had been identified and disabled.
The company, on behalf of affected franchise locations, is providing information about specific restaurant locations that may have been impacted by these attacks. The Wendy's in Sault Ste. Marie has been identified as possibly impacted.
Click here to read a statement from Todd Penegor, President and CEO of The Wendy's Company.
Old Mission Bank has been notifying customers that used their debit cards at a Wendy's restaurant during the time of the breach. If you have not been contacted yet and think you may have used your card at a Wendy's restaurant from December 2, 2015 through June 9, 2016, please contact us at (906) 635-9910.
IRS Imposter Scams are on the Rise
Click here to read an article by the Federal Trade Commission regarding threatening IRS Imposter phone calls and what to do if you receive one of these calls.
Russian Hackers Might Have Your Info – Now What?
You may have heard about it in the news: reports that Russian hackers have stolen more than a billion unique username and password combinations, and more than 500 million email addresses, grabbed from thousands of websites. What should you do about it?
Click here for more information from the Federal Trade Commission on steps you can take to protect yourself online.
New Threat Against Online Banking
A new type of malware, known as "iBanking," often masquerades as legitimate social networking, banking, or security applications. It is mainly being used to defeat out-of-band security measures employed by banks, intercepting one-time passwords sent through SMS. Any online banking user with an Android based cellular phone could be affected by this. It is important to note that this malware does not impact iPhone or Windows Phone users.
Attackers are using social engineering tactics to lure their victims into downloading and installing "iBanking" on their Android devices. The victim is usually already infected with a financial trojan on their PC, which will generate a pop up message when they visit a banking or social networking website. This pop up will ask them to install a mobile app as an additional security measure.
The user is prompted for their phone number and the device operating system and will then be sent a download link for a fake software by SMS. If the user fails to receive the message for any reason, the attackers also provide a direct link and QR code as alternatives for installing the software. In some cases, the malware is hosted on the attackers' servers. In other cases, it is hosted on reputable third-party marketplaces.
"iBanking" can be configured to look like official software from a range of different banks and social networks. Once it is installed on the phone, the attacker has almost complete access to the handset and can intercept voice and SMS communications.