Fraud & Security Alerts



October 23, 2014 - We are keeping you safe from a new security threat called POODLE. If you use IE6 or older, you won't be able to access www.bankatfirstnational.com starting November 5th unless you update your browser. Step-by-step instructions are available at this website: https://www.youtube.com/watch?v=5d6bGkp6MsY


Learn more about POODLE

We take your security very seriously and we are taking action to protect you against this latest security threat, and providing these answers to frequently asked questions to help you understand how POODLE could affect you -- not just on our website, but throughout the internet.


If you use Internet Explorer 6 or older, please be sure to refer to the special instruction at the top of this page to ensure you can access our site after November 5th.


What is POODLE?

POODLE is a recently recognized bug within web browsers (i.e., Firefox, Chrome, Internet Explorer, etc.) that could make someone vulnerable to an attack by a cyber-criminal.

Why the name POODLE?

It is a technical acronym that stands for Padding Oracle On Downgraded Legacy Encryption, which describes the vulnerability danger.

How does someone fall victim to a POODLE attack?

The two most likely scenarios are: 1) they are tricked into visiting a malicious website, such as clicking a link within a spam email; 2) they utilize a shared internet gateway, such as a WiFi system at a coffee shop, where a cyber-criminal inserts themselves between the user and the websites they visit. Though, any "man in the middle" attack scenario, such as compromising their home network, could be a gateway to a POODLE attack.

How likely is someone to fall victim to an attack via POODLE?

No one knows for sure. The general consensus among the security industry is this threat is not particularly high. Presently there are no reports of a POODLE attack. It is, at this point, merely a known vulnerability that an attacker could exploit. Keep in mind, there are a lot of methods an attacker could utilize to initiate an attack. Safe web browsing is always recommended to help protect yourself.

How does it actually work?

There are a lot of highly technical explanations available online; here is a high-level summary. Web browsers, websites, and servers use encryption to make online forms and logins safe. These technologies are often updated for improvements and added security. But web browser updates sometimes allow for "backward compatibility," meaning the browser could revert to an earlier version in the event a particular website can't support the update yet. An attacker could force a user's web browser to revert back to a much earlier version of encryption technology that the attacker now knows how to penetrate.


Is my web browser going to create a new update to protect against POODLE?

Yes. All browsers are working on updates. Many industry experts cite late November as a target date, though an exact timeframe may not be available depending on which browser you use. Unless you have selected to not accept automatic updates from your web browser, the update should happen automatically.


What is FNBT doing to protect me against POODLE?

We are deploying a security measure on November 5th that will prevent our website from working when the earlier version of encryption technology is being used. This means that if an attacker uses this POODLE vulnerability while you are visiting our site and forces your browser to use the old encryption technology, our website won't respond.

Does this mean I wouldn't be able to see or visit your website?

Correct. If you were attacked, you wouldn't be able to see our website. This is to prevent the attack from being successful. It would be much better for you to be unable to visit our site temporarily than to allow a cyber-criminal access to your online banking account. In the rare likelihood that this scenario occurs, please contact us and we can help you regain access to our website.

If this is a threat, why are you waiting until November 5th?

The threat isn't especially severe, and there are no reports of POODLE being utilized. Thus we have weighed mitigating factors into our deployment date. First we need to ensure there are no unwanted bugs that occur when deploying this solution. We are always diligent to ensure your security and convenience in using our online channels. We are also giving our account holders that use the browser Internet Explorer 6 the opportunity to see this message and update their browser. Once we deploy this fix, these users will no longer be able to see our website if they do not update.




------------------------------------------------------------------------------------------------------------------

September 12, 2014 - Information Regarding Home Depot and Retail Data Breaches

Despite efforts to protect customers' information, breaches can occur at the point-of-sale.

  • Unfortunately, the Home Depot breach is not the first time banks of all sizes have had to take steps to protect customers as a result of a merchant's data breach.
  • Everyone has a responsibility to protect the integrity of the payments system and not allow events like this to occur. Banks do so, and retailers must as well.
  • All banks, including First National Bank (FNBT), will continue to work with the card networks, law enforcement, and industry associations to better understand the impact of the breach and determine the best strategies to protect their customers.

FNBT is already in the midst of reissuing new debit cards to our customers as we begin our partnership with MasterCard as our FNBT debit card partner. A new card means, that in most cases, your exposure to risk from the Home Depot data breach has been mitigated.

If you don't already have your new MasterCard Debit Card from FNBT, it is in the mail, and you will receive it soon. Once you receive your new debit card, remember to activate as soon as possible. If you have recurring or automatic payments set up on your old debit card, please contact those merchants with your new card number and expiration date to ensure continuous service.

Our customers are protected when these retail point-of-sale breaches happen.

Regardless of where the breach actually occurred, banks are the stewards of the customer financial relationship.

FNBT takes a variety of steps to protect the integrity of our customers' accounts, including:

  • Utilizing state-of-the art monitoring tools to screen for indications of suspicious activity.
  • Blocking and/or reissuing cards for affected accountholders, if we determine your account has been compromised and is at risk.
  • Reimbursing customers for confirmed fraudulent transactions.

There are ways customers can assist to improve their security.

  • Check your account often for suspicious activity – either through Internet banking, phone 800-667-4401, or using mobile banking applications.
  • Enroll in mobile alerting programs to monitor regular or non-standard activity on your accounts. Contact us to learn more about mobile alerts, or if you're currently using mobile banking with FNBT simply text HELP to 99588 to receive a list of all the text commands you may use to get instant information.
  • If you have a reason to suspect fraud, contact us right away by calling 800-667-4401, your log in to online banking and send us a message, or visit a branch.

Other general safety recommendations provided by the American Bankers Association include:

  • Be wary of your surroundings and of other people who may be near you at the ATM or retail point-of-sale.
  • Use your body or hand to "shield" the ATM or point-of-sale keyboard as you enter your PIN. Be wary of those trying to help you, especially when an ATM "eats" your card. They may be trying to steal your card number and PIN.
  • Always take your receipts or transaction records with you and check them against your statements. Report unauthorized transactions immediately.
  • Do not give your personal or financial information to anyone who calls you over the phone or through text and email. Thieves often pose as bank representatives to steal this information; however, banks already have this information and will not request it from you.
  • Keep a record of card numbers, expiration dates and 1-800 numbers for banks so you can contact the issuing bank easily in cases of theft. Do not leave your bank statements, checkbooks, or credit/debit cards lying around the house or on your desk at work. No one should have access to this information but you.
  • Contact the Federal Trade Commission at www.consumer.gov/idtheft, or call the FTC, at 1-877-438-4338, or write to Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, D.C., 20580.
  • Periodically obtain credit reports from each nationwide credit reporting agency. If any information on the credit report appears fraudulent, request that the credit reporting agency delete that information from the credit report file. Under federal law, consumers are entitled to one free copy of their credit report every 12 months from each of the three nationwide credit reporting agencies. Obtain a free copy by going to www.AnnualCreditReport.com or by calling 1-877-322-8228.



-------------------------------------------------------------------------------------------


August 29, 2014 -Important information for Windows XP, Internet Explorer (IE) 7 and IE8 users

As of April 2014 Microsoft no longer supports or provides security updates for Windows XP operating systems. If you are running Windows XP, IE7 or IE8 we recommend that you upgrade your operating system and/or browsers to a newer version. Upgrading to supported software will provide security updates and protection for you, especially when you are accessing online financial information.


FNBT has provided support for its customers that access Online Banking via the Windows XP Operating System and/or IE7 or IE8 for more than 10 years, but in that time technology and the way we use it has changed significantly.


We are committed to combatting fraud by continuously evaluating ways to fortify the integrity of our systems. To protect your online banking experience and allow us to continue to deliver new functionality, FNBT has discontinued Online Banking support for Windows XP and Internet Explorer 7 (IE7) and IE8, in line with Microsoft's own support demise.



What does it mean that my version of Windows or Internet Explorer is no longer supported?

Anytime a software company discontinues support of a product it means that no newer versions or patches of this product will be sent to update the software. Updates are important so that software remains compatible with newer versions of security and usability standards. Especially important with operating system software are security updates.


My computer still works. Why should I be concerned?

Your operating system is your first line of defense in securing your PC and preventing loss of your personal or business information. If your software is not being supported it will be vulnerable to ever evolving hacking and malware techniques.


Is this just a security issue?

Not only is this a security issue, but because of the vulnerability of accessing sites with a computer using an out of date operating system, many secure sites will begin not to allow your computer to access their sites. In addition, your computer will not be able to recognize more advanced security certificates and will be unable to access those sites.


What are the benefits of upgrading my Operating System and browser?

Our system requirements for FirstB2B and FirstNet ensure that you receive the best possible experience and the highest level of security on the Internet. In addition, using the recommended and certified browsers along with approved Operating System means that we can provide support if a technical issue does occur.


What if I use FirstB2B Business Online Banking and I am unable to upgrade my Operating System or browser at my business?

Some companies have IT restrictions in place which prevent users from downloading software. Others have legacy systems which require the use of Windows XP or IE7/IE8. In cases like these, you may be unable to upgrade your browser. As a FirstB2B System Administrator/User, we would ask you to present this webpage to your IT manager for further consideration.


What if I don't upgrade my Operating System (OS) or browser?

If you choose not to upgrade your OS or browser, your FirstB2B or FirstNet Online Banking access will not be blocked in any way, however you will experience the following limitations:

  • While FirstB2B and FirstNet itself are secure, using Windows XP and/or IE7 and IE8 will leave you vulnerable to certain security threats;
  • Future enhancements to FirstB2B and FirstNet will not be tested for Windows XP, IE7, IE8 compatibility, which means they may not function correctly in your browser;
  • We (FNBT) will not be able to provide support for issues related to Windows XP, IE7, IE8 compatibility.

As a result of these limitations, your Online Banking experience on Windows XP and / or IE7, IE8 will likely continue to degrade over time, so we encourage you to upgrade your OS and browser version as soon as possible.


How do I know if I am running Windows XP?

Visit Microsoft's Operating System Check.


How can I upgrade my computer software?

If your current computer meets the system requirements for Windows 7 or Windows 8.1, you can buy Windows 7 or Windows 8.1 from a local retailer or Microsoft Certified Partner. If your computer does not meet system requirements, consider purchasing a new computer.


If you would like to read more detailed information on upgrading your OS or browsers, please click here to visit Microsoft's end-of-support site.


-------------------------------------------------------------------------------------------


April 10, 2014 - Heartbleed Bug


As you may have heard, a major vulnerability was discovered this week in technology that powers encryption across many services on the Internet. We've compiled some Frequently Asked Questions to keep you informed about this issue and what it may mean to you.


What is the Heartbleed Bug?

Heartbleed is a flaw in the programming on secure websites that could put your personal information at risk, including passwords, credit card information and e-mails. The Heartbleed Bug is a defect in encryption technology – called Open SSL – used by most Web servers to secure users' personal or financial information. It is behind many "https" sites that collect personal or financial information. Basically, it provides a secure connection when you are conducting a transaction or sending an e-mail online. Experts discovered the bug recently and warned that cybercriminals could exploit it to access visitors' personal data or to impersonate a website and collect even more information.


Am I affected?

Most active users of the Internet have likely been exposed, since a majority of websites – including Facebook, retail and even government sites – use the Open SSL software. But it is unknown whether any criminals have actually exploited the bug, and several major sites, like Amazon, have already installed patches. Most sites with an address beginning with "https" are vulnerable until the website operator fixes the bug and users change their passwords.


Is my bank account safe?

Yes, consumers are always protected from any unauthorized transactions. We continuously monitor your accounts and use many different systems to protect customers' information including rigorous security standards, encryption, and fraud detection software.

Let us know immediately if you suspect any unusual activity:

  • Call 800-667-4401
  • Log into online banking and send a secure message
  • Contact Us online

What can I do?

It is always Sound Advice to update your bank password every few months. Also, monitor your account regularly and report suspicious transactions to us immediately. Beware of phishing scams – or e-mails with malicious links – that will attempt to get additional sensitive information from you.


What is First National Bank and Trust doing?

Our bank has been working diligently with our technology partners to research the possible impact of the Heartbleed Bug and taking appropriate actions to ensure that it has no impact on our customers. Most Internet banking applications are not impacted by this bug. We have a special layer of security that prevents this type of exploit which doesn't use Open SSL at all.


For additional information on this vulnerability:

http://heartbleed.com/

http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

http://security.stackexchange.com/questions/55116/how-exactly-does-the-openssl-tls-heartbeat-heartbleed-exploit-work


--------------------------------------------------------------------------------------------------

Jan 02, 2014 - Information Regarding Target and Retail Data Breaches


Despite efforts to protect customers' information, breaches can occur at the point-of-sale.

  • Unfortunately, the Target breach is not the first time banks of all sizes have had to take steps to protect customers as a result of a merchant's data breach.
  • Everyone has a responsibility to protect the integrity of the payments system and not allow events like this to occur. Banks do so, and retailers must as well.
  • All banks, including First National Bank (FNBT), will continue to work with the card networks, law enforcement, and industry associations to better understand the impact of the breach and determine the best strategies to protect their customers.

Our customers are protected when these retail point-of-sale breaches happen.

Regardless of where the breach actually occurred, banks are the stewards of the customer financial relationship.

FNBT takes a variety of steps to protect the integrity of our customers' accounts, including:

  • Utilizing state-of-the art monitoring tools to screen for indications of suspicious activity.
  • Blocking and/or reissuing cards for affected accountholders, if we determine your account has been compromised and is at risk.

Reimbursing customers for confirmed fraudulent transactions.

There are ways customers can assist to improve their security.

  • Customers concerned about the Target breach should consult this Washington Post piece listing five key facts about the breach.
  • Check your account often for suspicious activity – either through Internet banking, phone 800-667-4401, or using mobile banking applications.
  • Enroll in mobile alerting programs to monitor regular or non-standard activity on your accounts. Contact us to learn more about mobile alerts.
  • If you have a reason to suspect fraud, contact us right away by calling 800-667-4401, your log in to online banking and send us a message, or visit a branch.


Other general safety recommendations provided by the American Bankers Association include:

  • Be wary of your surroundings and of other people who may be near you at the ATM or retail point-of-sale.
  • Use your body or hand to "shield" the ATM or point-of-sale keyboard as you enter your PIN. Be wary of those trying to help you, especially when an ATM "eats" your card. They may be trying to steal your card number and PIN.
  • Always take your receipts or transaction records with you and check them against your statements. Report unauthorized transactions immediately.
  • Do not give your personal or financial information to anyone who calls you over the phone or through text and email. Thieves often pose as bank representatives to steal this information; however, banks already have this information and will not request it from you.
  • Keep a record of card numbers, expiration dates and 1-800 numbers for banks so you can contact the issuing bank easily in cases of theft. Do not leave your bank statements, checkbooks, or credit/debit cards lying around the house or on your desk at work. No one should have access to this information but you.
  • Contact the Federal Trade Commission at www.consumer.gov/idtheft, or call the FTC, at 1-877-438-4338, or write to Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, D.C., 20580.
  • Periodically obtain credit reports from each nationwide credit reporting agency. If any information on the credit report appears fraudulent, request that the credit reporting agency delete that information from the credit report file. Under federal law, consumers are entitled to one free copy of their credit report every 12 months from each of the three nationwide credit reporting agencies. Obtain a free copy by going to www.AnnualCreditReport.com or by calling 1-877-322-8228.

-------------------------------------------------

December 19, 2013 - We are aware of the recent debit and credit card breach at Target. First National Bank and Trust utilizes premium fraud monitoring tools to protect our customers' transactions. If your account is identified as affected by this compromise, we will reach out to you via mail with the appropriate next steps. Please note that if you are a Target REDcard holder and you have seen suspicious activity, you should contact Target directly. In the meantime, it is always Sound Advice to regularly review your account for suspicious activity. For more information about the breach, please visit Target's website.


------------------------------------------------

February 19, 2013 - The Department of Financial Institutions (DFI) is urging Wisconsin business owners to exercise caution if they receive a request for information from a company called Corporate Records Service. Business owners are being asked to fill out an Annual Minutes Form and submit a fee of $125 to a mail box with a Madison, WI address. Businesses are not required by DFI or any other state agency to complete the form. For more information please read the Wisconsin Satewide Information Center's Daily Bulletin.


------------------------------------------------

November 13, 2012 - We have become aware of a telephone phishing attempt in the area using texting. According to our customer support team, we have had a few calls from customers this afternoon reporting receiving text messages regarding their debit cards. The text has a call back number 1-410-505-5045, which when called instructs the customer to enter their 16 digit debit card number. As a general guideline, be highly suspicious anytime you are requested to provide personal information over the phone if you did not initiate the call or transaction.

It's also a good reminder :

  • Never offer personal or account information over the phone without verifying the caller's identity.
  • If you are uncertain of the identity of a caller, hang up and initiate the call yourself using a known phone number.
  • Do not call any phone number received in a voice message, text message or email asking for personal information. It could lead you to a phony answering system.

For additional information regarding Phishing and Identify Theft visit our online resource center.


If you believe you've been a victim of this or any scam please contact us immediately at 800-667-4401.


------------------------------------------------

January 2012: Fraudulent cashier's checks have been circulating the area. Click here for an example of what to look for to protect yourself from becoming a victim.


---------------------------------------

November 2011: FinCEN has reported that an email appearing to come directly from the 314 Program Office was sent out on or around November 2, 2011.


Please note: the 314 Program Office did not send any type of notification and it is very important that any recipients do not try and access the link within the email or enter any login or password information.


It's always important for users to check for the SSL Certificate sign when access the 314(a) Secure Information Sharing System, and it is also encouraged to verify the internet address bar to make sure it reflects https://www.fincen.gov/314a/


-----------------------------------------


FRAUD ALERT: NACHA has reported a circulation of fraudulent emails that make reference to an ACH transfer, payment, or transaction and contain a link or attachment that infects the computer with malicious code when clicked on by the email recipient.

NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.

Please forward any suspicious emails you receive that appear to come from NACHA to abuse@nacha.org for analysis. Visit www.nacha.org for more information.