Fraud & Security Alerts


April 10, 2014 - Heartbleed Bug


As you may have heard, a major vulnerability was discovered this week in technology that powers encryption across many services on the Internet. We've compiled some Frequently Asked Questions to keep you informed about this issue and what it may mean to you.


What is the Heartbleed Bug?

Heartbleed is a flaw in the programming on secure websites that could put your personal information at risk, including passwords, credit card information and e-mails. The Heartbleed Bug is a defect in encryption technology – called Open SSL – used by most Web servers to secure users' personal or financial information. It is behind many "https" sites that collect personal or financial information. Basically, it provides a secure connection when you are conducting a transaction or sending an e-mail online. Experts discovered the bug recently and warned that cybercriminals could exploit it to access visitors' personal data or to impersonate a website and collect even more information.


Am I affected?

Most active users of the Internet have likely been exposed, since a majority of websites – including Facebook, retail and even government sites – use the Open SSL software. But it is unknown whether any criminals have actually exploited the bug, and several major sites, like Amazon, have already installed patches. Most sites with an address beginning with "https" are vulnerable until the website operator fixes the bug and users change their passwords.


Is my bank account safe?

Yes, consumers are always protected from any unauthorized transactions. We continuously monitor your accounts and use many different systems to protect customers' information including rigorous security standards, encryption, and fraud detection software.

Let us know immediately if you suspect any unusual activity:

  • Call 800-667-4401
  • Log into online banking and send a secure message
  • Contact Us online

What can I do?

It is always Sound Advice to update your bank password every few months. Also, monitor your account regularly and report suspicious transactions to us immediately. Beware of phishing scams – or e-mails with malicious links – that will attempt to get additional sensitive information from you.


What is First National Bank and Trust doing?

Our bank has been working diligently with our technology partners to research the possible impact of the Heartbleed Bug and taking appropriate actions to ensure that it has no impact on our customers. Most Internet banking applications are not impacted by this bug. We have a special layer of security that prevents this type of exploit which doesn't use Open SSL at all.


For additional information on this vulnerability:

http://heartbleed.com/

http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

http://security.stackexchange.com/questions/55116/how-exactly-does-the-openssl-tls-heartbeat-heartbleed-exploit-work


--------------------------------------------------------------------------------------------------

Jan 02, 2014 - Information Regarding Target and Retail Data Breaches


Despite efforts to protect customers' information, breaches can occur at the point-of-sale.

  • Unfortunately, the Target breach is not the first time banks of all sizes have had to take steps to protect customers as a result of a merchant's data breach.
  • Everyone has a responsibility to protect the integrity of the payments system and not allow events like this to occur. Banks do so, and retailers must as well.
  • All banks, including First National Bank (FNBT), will continue to work with the card networks, law enforcement, and industry associations to better understand the impact of the breach and determine the best strategies to protect their customers.

Our customers are protected when these retail point-of-sale breaches happen.

Regardless of where the breach actually occurred, banks are the stewards of the customer financial relationship.

FNBT takes a variety of steps to protect the integrity of our customers' accounts, including:

  • Utilizing state-of-the art monitoring tools to screen for indications of suspicious activity.
  • Blocking and/or reissuing cards for affected accountholders, if we determine your account has been compromised and is at risk.

Reimbursing customers for confirmed fraudulent transactions.

There are ways customers can assist to improve their security.

  • Customers concerned about the Target breach should consult this Washington Post piece listing five key facts about the breach.
  • Check your account often for suspicious activity – either through Internet banking, phone 800-667-4401, or using mobile banking applications.
  • Enroll in mobile alerting programs to monitor regular or non-standard activity on your accounts. Contact us to learn more about mobile alerts.
  • If you have a reason to suspect fraud, contact us right away by calling 800-667-4401, your log in to online banking and send us a message, or visit a branch.


Other general safety recommendations provided by the American Bankers Association include:

  • Be wary of your surroundings and of other people who may be near you at the ATM or retail point-of-sale.
  • Use your body or hand to "shield" the ATM or point-of-sale keyboard as you enter your PIN. Be wary of those trying to help you, especially when an ATM "eats" your card. They may be trying to steal your card number and PIN.
  • Always take your receipts or transaction records with you and check them against your statements. Report unauthorized transactions immediately.
  • Do not give your personal or financial information to anyone who calls you over the phone or through text and email. Thieves often pose as bank representatives to steal this information; however, banks already have this information and will not request it from you.
  • Keep a record of card numbers, expiration dates and 1-800 numbers for banks so you can contact the issuing bank easily in cases of theft. Do not leave your bank statements, checkbooks, or credit/debit cards lying around the house or on your desk at work. No one should have access to this information but you.
  • Contact the Federal Trade Commission at www.consumer.gov/idtheft, or call the FTC, at 1-877-438-4338, or write to Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, D.C., 20580.
  • Periodically obtain credit reports from each nationwide credit reporting agency. If any information on the credit report appears fraudulent, request that the credit reporting agency delete that information from the credit report file. Under federal law, consumers are entitled to one free copy of their credit report every 12 months from each of the three nationwide credit reporting agencies. Obtain a free copy by going to www.AnnualCreditReport.com or by calling 1-877-322-8228.

-------------------------------------------------

December 19, 2013 - We are aware of the recent debit and credit card breach at Target. First National Bank and Trust utilizes premium fraud monitoring tools to protect our customers' transactions. If your account is identified as affected by this compromise, we will reach out to you via mail with the appropriate next steps. Please note that if you are a Target REDcard holder and you have seen suspicious activity, you should contact Target directly. In the meantime, it is always Sound Advice to regularly review your account for suspicious activity. For more information about the breach, please visit Target's website.


------------------------------------------------

February 19, 2013 - The Department of Financial Institutions (DFI) is urging Wisconsin business owners to exercise caution if they receive a request for information from a company called Corporate Records Service. Business owners are being asked to fill out an Annual Minutes Form and submit a fee of $125 to a mail box with a Madison, WI address. Businesses are not required by DFI or any other state agency to complete the form. For more information please read the Wisconsin Satewide Information Center's Daily Bulletin.


------------------------------------------------

November 13, 2012 - We have become aware of a telephone phishing attempt in the area using texting. According to our customer support team, we have had a few calls from customers this afternoon reporting receiving text messages regarding their debit cards. The text has a call back number 1-410-505-5045, which when called instructs the customer to enter their 16 digit debit card number. As a general guideline, be highly suspicious anytime you are requested to provide personal information over the phone if you did not initiate the call or transaction.

It's also a good reminder :

  • Never offer personal or account information over the phone without verifying the caller's identity.
  • If you are uncertain of the identity of a caller, hang up and initiate the call yourself using a known phone number.
  • Do not call any phone number received in a voice message, text message or email asking for personal information. It could lead you to a phony answering system.

For additional information regarding Phishing and Identify Theft visit our online resource center.


If you believe you've been a victim of this or any scam please contact us immediately at 800-667-4401.


------------------------------------------------

January 2012: Fraudulent cashier's checks have been circulating the area. Click here for an example of what to look for to protect yourself from becoming a victim.


---------------------------------------

November 2011: FinCEN has reported that an email appearing to come directly from the 314 Program Office was sent out on or around November 2, 2011.


Please note: the 314 Program Office did not send any type of notification and it is very important that any recipients do not try and access the link within the email or enter any login or password information.


It's always important for users to check for the SSL Certificate sign when access the 314(a) Secure Information Sharing System, and it is also encouraged to verify the internet address bar to make sure it reflects https://www.fincen.gov/314a/


-----------------------------------------


FRAUD ALERT: NACHA has reported a circulation of fraudulent emails that make reference to an ACH transfer, payment, or transaction and contain a link or attachment that infects the computer with malicious code when clicked on by the email recipient.

NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.

Please forward any suspicious emails you receive that appear to come from NACHA to abuse@nacha.org for analysis. Visit www.nacha.org for more information.