12/01/2011 - ACH "Not Processed" Alert:

With the holiday shopping season upon us, the FBI Denver Cyber Squad would like to advise citizens of a new spear phishing campaign involving personal and business bank accounts, financial institutions, money mules, and jewelry stores. The campaign involves a variant of the “Zeus” malware called “Gameover.” The spam campaign is pretending to be legitimate e-mails from the National Automated Clearing House Association (NACHA), advising the user there was problem with the ACH transaction at their bank and it was not processed. Once they click on the link they are infected with the Zeus or Gameover malware, which is able to key log as well as steal their online banking credentials, defeating several forms of two factor authentication.

After the accounts are compromised, the perpetrators conduct a Distributed Denial of Service (DDoS) attack on the financial institution. The belief is the DDoS is used to deflect attention from the wire transfers as well to make them unable to reverse the transactions (if found). A portion of the wire transfers (not all) are being transmitted directly to high-end jewelry stores, wherein the money mule comes to the actual store to pick up his $100K in jewels (or whatever dollar amount was wired).

Investigation has shown the perpetrators contact the high-end jeweler requesting to purchase precious stones and high-end watches. The perpetrators advise they will wire the money to the jeweler’s account and someone will come to pick up the merchandise. The next day, a money mule arrives at the store, the jeweler confirms the money has been transferred or is listed as “pending” and releases the merchandise to the mule. Later on, the transaction is reversed or cancelled (if the financial institution caught the fraud in time) and the jeweler is out whatever jewels the money mule was able to obtain.

Consumers need to be cautious of opening communications from senders that would not normally send you e-mail or are not from the normal sender e-mail address.

If you receive any such messages, please contact Bank of Pontiac immediately at (815) 844-6155.

9/28/2009 - Text Messaging Scammer Alert: Text Messaging scams targeting banks and credit card companies are on the increase. Messages are sent "en masse" to groups of Cellular phone users asking for account information.  Often these messages tell the person that some bank product that they use has been locked out or disabled.  The user is given a telephone number to either text personal information to, or call an automated system. Please do not reveal any account or personal information to anyone concerning your Bank of Pontiac Accounts. Bank of Pontiac personnel will never call you asking for atm/debit card or online banking account information. If you receive any such messages, please contact Bank of Pontiac immediately at (815) 844-6155.

5/1/2009 - Telephone Scammer Alert: Telephone scams targeting banks and credit card companies are on the increase. Please do not reveal any account or personal information to anyone over the phone concerning your Bank of Pontiac Accounts. Bank of Pontiac personnel will never call you asking for atm/debit card or online banking account information. If you receive any such calls, please contact Bank of Pontiac immediately at (815) 844-6155.