|
 |
 |
 |
 |
|
United States Department of the Treasury Financial Crimes Enforcement Network FinCEN Advisory
Subject:Transactions Involving Nigeria
This Advisory is being issued to inform banks and other financial institutions operating in the United States that Financial Crimes Enforcement Network (FinCEN) Advisory Issue 32, regarding the Federal Republic of Nigeria, is hereby withdrawn.
Since the issuance of Advisory 32, and as reflected in its June 23, 2006 decision, the Financial Action Task Force on Money Laundering has removed Nigeria from its list of countries that are non-cooperative in the fight against money laundering, recognizing the progress Nigeria has made in implementing anti-money laundering reforms. Nigeria has enacted significant reforms to its counter-money laundering system, addressing the deficiencies listed in Advisory 32, and has taken concrete steps to bring these reforms into effect. Because of the enactment of new laws and the beginning of effective implementation, the enhanced scrutiny called for in Advisory 32 with respect to transactions invol
Letters fraudulently claiming to be from the FDIC are requesting that financial institutions deposit official or cashier's checks into customer accounts.
The Federal Deposit Insurance Corporation (FDIC) has become aware of letters that appear to be sent from the FDIC to financial institutions in the United States and other countries. The letters instruct the financial institution to deposit an enclosed official or cashier's check into a customer's account. The letters include "DEPOSIT ACCLERATION" directly below the letterhead and display the forged signatures of "Sandra L. Thompson, Director" and "Christopher J. Spoth, Acting Director 2." The letters are fraudulent and were not sent by the FDIC.
The Office of the Comptroller of the Currency (OCC) has been informed by the Committee on Financial Services of the U.S. House of Representatives that fraudulent correspondence, including e-mails, referring to the Committee and making use of the Committee’s letterhead is in circulation. The communications inform potential victims that they are due to receive large sums of money from an inheritance, but that they must first pay a large fee through lawyers to the Financial Services Committee in order to verify that the funds are not tied to terrorist financing. The Financial Services Committee does not require any person to obtain what the con-artists are calling a “Clean Bill of Record” for receiving inheritance money.
E-mails to financial institution customers that fraudulently claim to be from the FDIC attempt to obtain highly sensitive personal information, including bank account information. These e-mails falsely indicate that consumers can enroll in an "FDIC protection system" to insure bank accounts against certain types of fraudulent activities. The Federal Deposit Insurance Corporation (FDIC) has received numerous notifications from consumers of an e-mail that has the appearance of being sent from the FDIC. The "From" line of the e-mail displays the name "Federal Deposit Insurance Corporation" and the subject includes the phrase "IMPORTANT: Notification of Federal Deposit Insurance Corporation."
In our Letter to Credit Unions #04-CU-12 Phishing Guidance for Credit Union Members, we highlighted the need to educate your membership about phishing activities. As the number and sophistication of phishing scams continues to increase, we would like to emphasize the importance of educating your employees and members on how to avoid phishing scams as well as action you and/or your members may take should they become a victim. Appendix A of this document contains information you may share with your members to help them from becoming a victim of phishing scams. Appendix B contains information you may share with your members who may have become a victim of phishing scams. Background Phishing is a form of social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords, account, credit card details, etc. by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an e-mail or an instant message. Often the message includes a warning regarding a problem related to the recipient’s account and requests the recipient to respond by following a link to a fraudulent website and providing specific confidential information. The format of the e-mail typically includes proprietary logos and branding, such as a “From” line disguised to appear as if the message came from a legitimate sender, and a link to a website or a link to an e-mail address. All of these features are designed to assure the recipient that the e-mail is from a legitimate business source when in fact, the information submitted will be sent to the perpetrator.
Fight Back: What You Can Do about Identity Theft
If you think your identity has been stolen, here's what to do now: Contact the fraud departments of any one of the three major credit bureaus to place a fraud alert on your credit file. The fraud alert requests creditors to contact you before opening any new accounts or making any changes to your existing accounts. As soon as the credit bureau confirms your fraud alert, the other two credit bureaus will be automatically notified to place fraud alerts. Once the alert is placed, you may order a free copy of your credit report from all three major credit bureaus. The special toll-free numbers for the fraud departments are: Equifax at (800) 525-6285, Experian at (888) 397-3742 and Trans Union at (800) 680-7289. Close the accounts that you know or believe have been tampered with or opened fraudulently. Use the ID Theft Affidavit when disputing new unauthorized accounts.
File a police report. Get a copy of the report to submit to your creditors and others that may require proof of the crime.
This guidance identifies risks associated with public Internet instant messaging (IM)1 and how they can be mitigated through an effective management program. Public IM may be used by employees both officially and unofficially in work environments. The use of public IM may expose financial institutions to security, privacy, and legal liability risks because of the ability to download copyrighted files. Technology vendors have released IM products for corporate use that authenticate, encrypt, audit, log and monitor IM communication. These new corporate enterprise products help financial institutions use IM technology in a more secure environment and assist in compliance with applicable laws and regulations.
The FDIC is issuing the attached guidance to financial institutions recommendingan effective spyware prevention and detection program based on an institution’s risk profile. This guidance and the attached informational supplement discuss the risks associated with spywarefrom both a bank and consumer perspective and provide recommendations to mitigate these risks.
Successful frauds tend to be replicated until they no longer work. Financial institutions can help reduce identity theft, including account hijacking, by encouraging information sharing so that identity theft frauds are thwarted sooner. A number of such information-sharing efforts are noteworthy including those sponsored by the Financial Services Information Sharing and Analysis Center (FS-ISAC), the Anti-Phishing Working Group (APWG), the Identity Theft Assistance Corporation (ITAC), and Infragard, in addition to individual financial institution Web sites.
E-mail and Internet-related fraudulent schemes, such as “phishing” (pronounced “fishing”), are being perpetrated with increasing frequency, creativity and intensity. Phishing involves the use of seemingly legitimate e-mail messages and Internet Web sites to deceive consumers into disclosing sensitive information, such as bank account information, Social Security numbers, credit card numbers, passwords, and personal identification numbers (PINs). The perpetrator of the fraudulent e-mail message may use various means to convince the recipient that the message is legitimate and from a trusted source with which the recipient has an established business relationship, such as a bank. Techniques such as a false “from” address or the use of seemingly legitimate bank logos, Web links and graphics may be used to mislead e-mail recipients.
I. INTRODUCTION Purpose and Scope of the Guide This Small-Entity Compliance Guide1 is intended to help financial institutions2 comply with the Interagency Guidelines Establishing Information Security Standards (Security Guidelines).3 The guide summarizes the obligations of financial institutions to protect customer information and illustrates how certain provisions of the Security Guidelines apply to specific situations. The appendix lists resources that may be helpful in assessing risks and designing and implementing information security programs. Although this guide was designed to help financial institutions identify and comply with the requirements of the Security Guidelines, it is not a substitute for the Security Guidelines. Moreover, this guide only addresses obligations of financial institutions under the Security Guidelines and does not address the applicability of any other federal or state laws or regulations that may pertain to policies or practices for protecting customer records and information.
The purpose of this Letter is to provide additional guidance for combating the email schemes discussed in the recently released Letter to Credit Unions #04-CU-05 Fraudulent E-Mail Schemes. In addition, this Letter is intended to raise awareness of the increasingly common Internet fraud called “phishing.” NCUA encourages credit unions to educate their members, strengthen monitoring systems, and enhance response programs to reduce the potential risk of Internet-related fraud schemes to their organization and members. Such schemes may negatively impact your credit union’s reputation, transaction, liquidity, and strategic risks.
The purpose of this Letter is to provide additional guidance for combating the email schemes discussed in the recently released Letter to Credit Unions #04-CU-05 Fraudulent E-Mail Schemes. In addition, this Letter is intended to raise awareness of the increasingly common Internet fraud called "phishing." NCUA encourages credit unions to educate their members, strengthen monitoring systems, and enhance response programs to reduce the potential risk of Internet-related fraud schemes to their organization and members. Such schemes may negatively impact your credit union's reputation, transaction, liquidity, and strategic risks.
The federal bank, thrift and credit union agencies today announced the publication of a brochure with information to help consumers identify and combat a new type of Internet scam known as “phishing.” The term is a play on the word “fishing,” and that’s exactly what Internet thieves are doing – fishing for confidential financial information, such as account numbers and passwords. With enough information, a con artist can run up bills on another person’s credit card or, in the worst case, even steal that person’s identity. In a common type of phishing scam, individuals receive e-mails that appear to come from their financial institution. The e-mail may look authentic, right down to the use of the institution’s logo and marketing slogans. The e-mails often describe a situation that requires immediate attention and then warn that the account will be terminated unless the e-mail recipients verify their account information immediately by clicking on a provided link.
The FDIC has created this webpage to inform and warn consumers about a type of fraud called “phishing.” The term "phishing" – as in fishing for confidential information - refers to a scam that encompasses fraudulently obtaining and using an individual's personal or financial information.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RSS Syndication