June 17, 2010
Do not open suspicious emails from the “Internal Revenue Service,” “Twitter” or “YouTube.”
Criminals have launched a major e-mail campaign to deploy the infamous ZeuS Trojan. Watch out for spam messages disguised as legitimate e-mails from the Internal Revenue Service, Twitter and Youtube.com. Do not click on the link in any of these e-mails. Clicking on the links will lead the user to an unsafe webpage or will directly download the ZeuS Trojan virus to the user’s computer. Details about the fraudulent e-mails are below:
Fraudulent “IRS” e-mails
The fake “IRS” e-mails arrive with the subject line “Notice of Underreported Income,” and ask the recipient to click a link to review their tax statement. Do not click on any link in the e-mail. Clicking the link will send users to a website that spoofs the IRS website and encourages users to download their “tax statement,” which is actually the malicious virus.
Fraudulent "Twitter" e-mails
Below are several versions of the fraudulent e-mails from “Twitter.” Do not click on the links.
1.Security breech version:
“Attention! We detected that someone was trying to steal your Twitter account password. We strongly recommend you to download our secure module to protect account! Please click on the link below: ex: http://twitter.com/xxxxxxxx_setup.zip.
2. Pill version:
This version only shows a picture of a man showing "two-thumbs up" surrounded by pills with cheap prices on them.
3.Unread message version:
“You have 1 unread message from Twitter. Please click on the link below or copy and paste the URL into your browser: http://twitter.com/account/=youremail@yourdomain.com”
Sometimes this version is followed up by a salacious picture of a female.
Fraudulent "YouTube" e-mails:
Text of the E-mail:
“The user _____ (varying "user name" for each email) suggests you to become friends on YouTube. Offers and acceptance of offers on friendship simplify tracing of that your friends place in the selected works, add or estimate, and also simplifies video departure by all or to the selected users. To accept or reject this invitation, pass in INBOX”
This text may or may not accompany a salacious picture of a female.
For more information on the ZeuS Trojan e-mail scam, please visit http://krebsonsecurity.com/2010/06/zeus-trojan-attack-spoofs-irs-twitter-youtube/#more-3484
---------------------------------------------------------------------------------------------------
September 15, 2009
Do Not Respond to Text Messages That Request Personal Credit or Debit Card Information
There have been recently received reports of SMiShing attacks (also known as text phishing), which have impacted cardholders of financial institutions located primarily in the eastern region of the U.S.
As you may know, SmiShing is a type of social engineering that uses cell phone text messages to persuade victims to provide personal information such as card number, CVV2, and PINs. The text message may contain either a website address or more commonly, a phone number that connects to an automated voice response system, which then asks for personal information.
The following are examples of SMiShing messages recently sent to cardholders:
1. Text message originating from either notice@jpecu or message@cccu:
"ABC CU- has- deactivated-your-Debit_card. To-reactivate-contact:210957XXXX
This is an automated message from ABC Bank. Your ATM card has been suspended. To reactivate call urgent at 1-866-215-XXXX"
2. Text message originating from sms.alert@visa.com:
"sms.alert@visa.com/VISA. (Card Blocked) Alert. For more information please call 1-877-269-XXXX."
Although Atlantic Capital Bank may ask for personal information (such as the cardholder’s name, date of birth, and/or last four digits of a social security number) to confirm your identification, we will never ask for the number on the back of your debit or credit card (the CVV2) or your PIN.
If you have responded to a text message and given out your Atlantic Capital Bank card information, please notify your Atlantic Capital banker as soon as possible. If it is after hours, please call the card services number(s) directly, then notify your banker the following business day.
Mon-Fri, 8:30am-5pm: Call Atlantic Capital Bank: (404) 995-6050
Evenings and weekends: Credit Card services: (800) 854-7642
Debit Card services: (800) 554-8969
|
