Security Alerts

BE ON THE LOOKOUT FOR FRAUD: Fraud and scams are more prevalent than ever

• Never log into your online banking because someone told you to.
• Never make a cash withdrawal because someone on the phone or online asked you to.
• Never wire or send funds to someone you have NOT met in person.
• The First will never call, text, or email you asking for your account information, debit card information, login, or password. If you initiated the call, you may be asked to verify confidential information, but never the other way around. If you receive a call from someone claiming to be from The First, hang up and contact us.

IF IT SEEMS SUSPICIOUS OR YOU FEEL UNEASY, STOP! TAKE A MINUTE TO THINK IT THROUGH AND CONTACT SOMEONE TO ASSIST.

WE AT THE FIRST ARE HERE TO HELP.  FEEL FREE TO CALL US AT 215-860-9100.
Our After-Hours Call Center (215-579-3401) is open 3:00-10:00 pm Monday–Friday

We have reports of a phishing scam that has been targeting bank customers. The suspicious text messages claim that your account is on hold. They contain numerous misspellings and punctuation errors. These messages are designed to trick you into revealing personal information or clicking on malicious links.

It’s crucial to stay vigilant and recognize the signs of phishing attempts. One common red flag is the presence of misspellings and grammatical errors in the messages. Legitimate communications from our bank are carefully crafted and thoroughly proofread, so any message containing noticeable errors should raise immediate suspicion.

Your security is our top priority, and we want to ensure that you feel confident and informed when it comes to protecting your financial information. If you receive any suspicious messages, emails, or calls claiming to be from our bank, please do not hesitate to contact your nearest branch immediately.

Remember, never provide personal or sensitive information in response to unsolicited communications, and always verify the legitimacy of any requests before taking action. By staying vigilant and cautious, we can work together to safeguard your accounts and financial well-being.

If you have any concerns or questions regarding the recent phishing scam or any other security-related matters, please don’t hesitate to reach out to us. We’re here to help you navigate through any challenges and ensure a safe banking experience for all our customers.

This post is to inform you of a recent increase in phishing scams targeting our customers. Phishing is a fraudulent attempt to obtain your personal or financial information, such as passwords, account numbers, or credit card details, by pretending to be a legitimate entity. Phishing can occur through email, text message, phone call, or other means.

We urge you to be vigilant and protect yourself from these scams. Here are some tips to help you identify and avoid phishing:

– Do not open or respond to unsolicited emails or text messages that ask you to verify your account, update your information, or claim that there is a problem with your payment.

– Do not click on any links or attachments in suspicious emails or text messages. They may lead you to fake websites that look like ours, but are designed to steal your information.

– Do not provide any personal or financial information over the phone, unless you initiated the call and verified the identity of the person you are speaking to.

– Always check the sender’s address and the URL of the website you are visiting. Make sure they match our official domain name and email address.

– If you receive a phishing email or text message, please report it to us immediately by forwarding it to security@fnbn.com

We take your security seriously and we are working hard to prevent and stop these scams. However, we cannot do it alone. We need your cooperation and awareness to keep your account safe.

Thank you for choosing The First and trusting us with your business.

Tax software vendor Intuit has warned that QuickBooks customers are being targeted in an ongoing series of phishing attacks impersonating the company and trying to lure them with fake account suspension warnings.

Today’s alert comes after Intuit received multiple user reports who received these phishing emails and notified their QuickBooks accounts were suspended following a failed business info review.

“We’re writing to let you know that after conducting a review of your business, we have been unable to verify some information on your account. For that reason, we have put a temporary hold on your account,” the attackers say in the phishing messages while impersonating the QuickBooks support team.

“If you believe that we’ve made a mistake, we’d like to remedy the situation as quickly as possible. To help us effectively revisit your account please complete the below verification form. Once verification has been completed, we will re-review your account within 24-48 hours.”

Clicking the “Complete Verification” button in the phishing email will likely redirect the recipients to a landing phishing site designed to harvest their personal information or infect their systems with malware.

The accounting software maker also added that the sender “is not associated with Intuit, is not an authorized agent of Intuit, nor is their use of Intuit’s brands authorized by Intuit.”

How to make sure you’re not phished

Intuit advises customers who received one of these phishing messages not to click any embedded links or open attachments.

It also recommends deleting them from the inbox to avoid getting infected with malware or sent to some phishing landing page under the attacker’s control that would attempt to harvest the targets’ credentials.

QuickBooks users who have already opened attachments or clicked links after receiving one of these phishing emails should:

1. Delete any downloaded files immediately.
2. Scan their systems using an up-to-date anti-malware solution.
3. Change their passwords.

Intuit also provides detailed info on how customers can protect themselves from phishing attempts on its support website.

Earlier this year, in February, Intuit warned QuickBooks customers they were the targets of a phishing campaign impersonating the company and threatening to delete their accounts.

The First National Bank and Trust Co. of Newtown actively works to reduce the risk of fraud on the Zelle Network®, however, the recent health concerns that have impacted every aspect of our lives have led consumers to increasingly turn to digital payments, enabling fraudsters to hide among the larger volume. These fraudsters are taking advantage of the pandemic, using fear and uncertainty to victimize consumers.

The purpose of this bulletin is to notify you of a social engineering scam that has been observed across multiple social payment applications, including Zelle®, and to remind you of the need for continued vigilance to protect your Zelle® account.

Social Engineering Scam

In one scenario, the consumer receives a text from a fraudster to alert about a suspicious transaction. Upon receiving a response text declining the transaction from the consumer, the fraudster calls the consumer, pretending to be the fraud department of the financial institution. The fraudster gains access to the consumer’s online banking account by requesting the username and one-time password, which is then used to reset the password. Upon gaining access to the online account, the fraudster registers for Zelle® and attempts to send payments.

In most of these cases, our risk models detect the fraud activity and the transactions as high risk. The user then receives a stepped-up authentication request via SMS (text) to authorize the payment. Through social engineering and direct calls, some users are still falling victim to these fraud scams. In these cases, the fraudster calls to convince the consumer to authorize the stepped-up authentication request, so that the consumer can receive a refund from the previously fraudulent transaction. In reality, the consumer is not getting a refund, but is sending the payment to the fraudster.

Remember:

• FNBN will never call you to request information you received via text (SMS) or pressure you to reset your online banking log in password
• Don’t trust caller ID; Caller ID may be modified to show FNBN’s name
• Don’t provide your online banking log in credentials, one-time password, account number or personal information by email or text or phone call. Instead, reach out to FNBN to confirm that the request is legitimate by calling us at 215-860-9100
• Don’t give information over the phone if you receive a call stating that a transaction is canceled, even if the caller claims to be from FNBN. Once again, contact us directly by phone at 215-860-9100 to inquire about the transaction
• Don’t click on links in unsolicited emails or texts
• Don’t give an unsolicited caller remote access to your computer

Customers have reported getting text messages from someone claiming to be from the bank. The text message requests that personal banking information be texted back to the alleged bank representative. The First does not send text messages to customers. Please do not give out any information via text messaging.

The callers do not ask for your card number; they already have it. This information is worth reading. By understanding how the VISA & Master Card Telephone Credit Card Scam works, you’ll be better prepared to protect yourself.

One of our employees was called on Wednesday from ‘VISA’, and I was called on Thursday from ‘Master Card’.. The scam works like this: Caller: ‘This is (name), and I’m calling from the Security and Fraud Department at VISA. My Badge number is 12460. Your card has been flagged for an unusual purchase pattern, and I’m calling to verify. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a Marketing company based in ?’

When you say ‘No’, the caller continues with, ‘Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?’

You say ‘yes’. The caller continues – ‘I will be starting a Fraud investigation. If you have any questions, you should call the 1- 800 number listed on the back of your card (1-800 -VISA) and ask for Security.’

You will need to refer to this Control Number. The caller then gives you a 6 digit number. ‘Do you need me to read it again?’

Here’s the IMPORTANT part on how the scam works. The caller then says, ‘I need to verify you are in possession of your card’. He’ll ask you to ‘turn your card over and look for some numbers’. There are 7 numbers; the first 4 are part of your card number, the next 3 are the security Numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the 3 numbers to him. After you tell the caller the 3 numbers, he’ll say, ‘That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?’ After you say No, the caller then thanks you and states, ‘Don’t hesitate to call back if you do, and hangs up.

You actually say very little, and they never ask for or tell you the Card number.. But after we were called on Wednesday, we called back within 20 minutes to ask a question.. Are we glad we did! The REAL VISA Security Department told us it was a scam and in the last 15 minutes a new purchase of $497.99 was charged to our card.

Long story – short – we made a real fraud report and closed the VISA account. VISA is reissuing us a new number. What the scammers want is the 3-digit PIN number on the back of the card Don’t give it to them. Instead, tell them you’ll call VISA or Master card directly for verification of their conversation. The real VISA told us that they will never ask for anything on the card as they already know the information since they issued the card! If you give the scammers your 3 Digit PIN Number, you think you’re receiving a credit. However, by the time you get your statement you’ll see charges for purchases you didn’t make, and by then it’s almost too late and/or more difficult to actually file a fraud report.

New threat: Phishing attempts that ask the victim to call their bank to reactivate a credit card, then provide a false phone number.

With consumers finally getting wise to phishing attacks, scammers are hitting the phones.

The U.S.. Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) warned Thursday that so-called “vishing” attacks are on the rise. These are scams where criminals send an e-mail or text message to a victim, saying there has been a security problem and the victim needs to call his or her bank to reactivate a credit or debit card.

“Upon calling the telephone number, the recipient is greeted with ‘Welcome to the bank of …’ and then [is] requested to enter their card number in order to resolve a pending security issue,” the IC3 said in its alert.

In the past few years, inexpensive VoIP (Voice over Internet Protocol) technology and open-source call-center software has made it inexpensive for scammers to set up phony call centers, paving the way for these new types of scams. Security experts say that vishing can be more effective than traditional phishing techniques — which direct victims to fake Web sites — because the voice-based attacks have not been as widely publicized.

A new vishing scam involves sending text messages to cell phones, instructing victims to contact the fake online bank to renew their accounts, the IC3 said.

Those who are unsure whether they have been targeted by this scam should look up the bank’s phone number and call the bank directly, the IC3 advises.

Operated in partnership with the FBI and the National White Collar Crime Center, the IC3 is a clearing house for Internet crime complaints.

Pretext calling is a fraudulent means of obtaining an individual’s personal information. Pretext callers may contact financial institution employees, posing as their customers, in order to access customers’ personal account information. These callers may also contact consumers at home, posing as employees from a financial institution. Information obtained from pretext calling may be sold to debt collection services, attorneys, and private investigators for use in court proceedings. Identity thieves may also engage in pretext calling to obtain personal information for use in creating fraudulent accounts.

Steps you should take to protect yourself against identity theft and pretext calling include:

Do not give personal information, such as account numbers or social security numbers, over the telephone, through the mail, or over the Internet unless you initiated the contact or know with whom you are dealing.

Store personal information in a safe place and tear up old credit card receipts, ATM receipts, old account statements, and unused credit card offers before throwing them away.

Protect your PINs and other passwords. Avoid using easily available information like your mother’s maiden name, your birth date, the last four digits or your social security number, your phone number, etc.

Carry only the minimum amount of identifying information and the number of credit cards that you need.

Pay attention to billing cycles and statements. Inquire of the bank if you do not receive a monthly bill; it may mean the bill has been diverted by an identity thief.

Check account statements carefully to ensure all charges, checks, or withdrawals were authorized.

Guard your mail from theft. If you have the type of mailbox with a flag to signal the box contains mail, do not leave bill payment envelopes in your mailbox with the flag up. Instead, deposit them in a post office collection box or at the local post office. Promptly remove incoming mail.

Order copies of your credit report from each of the three major bureaus once a year to ensure they are accurate. (A fee may apply)
If you prefer not to receive pre-approved offers of credit, you can opt out of such offers by calling 1-888-5-OPT OUT.

If you want to remove your name from many national direct mail lists, send your name and address to:

DMA Mail Preference Service

P.O. Box 9008

Farmingdale, NY 11735-9008

If you want to reduce the number of telephone solicitations from many national marketers, send your name, address and telephone number to:

DMA Telephone Preference Service

P.O. Box 9014

Farmingdale, NY 11735-9014

There have been an increasing number of Pennsylvanians reporting that they are being defrauded by counterfeit cashier’s checks.

In general, the fraud unfolds like this: A consumer is part of a fairly large financial transaction with someone who generally says that they live outside of the United States. The types of transactions that have been reported include payments for large items purchased through online auctions, deposits for apartments, and fees for nanny services, for example.

The so-called “buyer” sends an official-looking cashier’s check to pay for the service. The consumer, then, takes the check to the bank and cashes it.

There are two ways the scam can unfold: In the first, the buyer sends a check for well over the amount of the purchase (with some excuse about why) and asks the consumer to immediately refund the difference once they’ve cashed the check. In the second, the buyer waits a day or two (but only a very short time) and makes some excuse for canceling the transaction and asks the consumer to wire all of the money back.

A similar scam suggests that the consumer has ”won” a lottery or other prize but must send some of the proceeds of the check back for some specific reason, like processing or taxes.

The counterfeit cashier’s checks are such good reproductions that they’re difficult to spot, even by experienced financial professionals. Despite the fact that the consumer’s bank cashes the check, it will not be honored when the bank presents it to the ”issuing” institution for payment. The bank then, requires the consumer to return the funds.

The problem is that, by the time the fraudulent check works its way through the banking system (which can sometimes take more than 30 days), the con-artist has already taken the consumer’s money.

You can protect yourself by:

• understanding that when cashing a cashier’s check, even though the bank has provided you with the money, you are responsible for the funds until your bank has received the proceeds from the institution which originally issued the check
• being cautious of transactions with people you don’t know who purchase items via cashier’s check
• avoiding any situation where someone pays more than the purchase price of an item and demands that the extra money be returned
• being suspect of any cashier’s check that just shows up in the mail, especially if it has a ”congratulations” letter attached
• holding any funds provided by cashier’s check from someone you don’t know for 30 – 45 days before using those fund, especially when you have any sense that the transaction is out of the ordinary

If you believe that you’ve been the victim of this type of scam, please call the Pennsylvania Attorney General’s office at (800) 441-2555, the U.S. Secret Service at (202) 406-5850, or the Pennsylvania Department of Banking at (800) PA BANKS.

The First encourages you to review this questionnaire about Fraud Scams. If you have any questions or can answer yes to any of the questions, please call us at one of our branches. Click here to see the questionnaire.

Recently, many Americans have received a series of fraudulent e-mails, which direct recipients to websites where they are asked to verify sensitive personal information. The e-mails claim that the individual’s personal information is necessary to assist in the fight against terrorism or for some other purpose supposedly required by law. These e-mails are purportedly sent from several government agencies or include content related to government agencies including the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Securities Investor Protection Corporation and others. The websites to which the email recipients are directed are often very similar to, if not actual clones of official government sites.

The fraudulent e-mails are part of a scam known as “phishing.” Phishing is the fraudulent scheme of sending an e-mail to a user falsely claiming to be a legitimate company. The email attempts to con the user into surrendering private information that could later be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as name, account and credit card numbers, passwords, social security numbers and other information. The Web site, however, is bogus and set up only to steal the user’s information.

As part of the Treasury Department’s efforts to fight identity theft, we want to assure Americans that federal financial agencies do not communicate with consumers by e-mail requesting important personal information such as your name, account numbers, date of birth and social security number.

Consumers can protect themselves from this latest identity theft scam by following these useful tips, which were developed by the Federal Trade Commission:

• If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or Web site address you know to be genuine.
• Avoid emailing personal and financial information. Before submitting financial information through a Web site, look for the “lock” icon on the browser’s status bar. It signals that your information is secure during transmission.
• Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
• Report suspicious activity to the FTC. Send the actual spam to uce@ftc.gov. If you believe you’ve been scammed, file your complaint at www.ftc.gov, and then visit the FTC‘s identity theft web site (www.ftc.gov/idtheft) to learn how to minimize your risk of damage from identity theft.

The Treasury and federal financial regulators are working hard to combat identity theft including the use of new tools in legislation recently signed by President Bush. But all consumers must take reasonable precautions in the use of their personal financial information in order to help prevent themselves from becoming victims of identity thieves.

• Be aware of your surroundings, particularly at night.
• Consider having someone accompany you when using the ATM after dark.
• If you observe or sense suspicious persons nearby, do not use the ATM at that time. Or, if you are in the middle of a transaction, cancel the transaction. Leave the area and come back another time or use an ATM at another location.
• If you are approached by any person who asks you to do them a “favor” or tries to draw you into conversation, cancel your transaction and leave the area. Report the incident to us as soon as possible.
• When using the ATM at night, park close to the ATM in a well-lighted area and always lock your car.
• If the lights on or around an ATM are not working, don’t use it. Report it to us the next day.
• If you are using another financial institution’s ATMs and shrubs or trees block the view, select another ATM.
• If you are using a drive-up ATM, be sure passenger windows and doors are locked.
• To keep your account information confidential, always take your receipts with you.
• Don’t display any cash. As soon as you complete the transaction, pocket the money and count it later.
• Report all crimes to the police immediately.
• If your card is lost or stolen, report it to us immediately. Call 215-579-3400 Monday-Friday 8:30 am to 5:00 pm or 800-236-2442 after business hours.
• Be careful not to reveal your secret code (PIN). When you punch it in, use your body to “shield” the keyboard. Don’t carry your personal identification number with your card, and never attach it to your card.
  Copyright © 1992 Bankers’ Hotline.
  Originally appeared in Bankers’ Hotline, Vol. 2, No. 11, 2/92

If you have any questions about these security and fraud alerts, please feel free to contact the bank at 215-860-9100.