Phishing Emails Targeting Online Banking Clients
Lottery Scam
Beware of Bogus IRS Survey Scam
Johnson Bank Phishing Alert 12/2005
IRS Phishing E-mail Scam
Some Privacy Policies are not Private Enough
Credit Card Security Fraud
Debt Elimination Scam
"Phishing" Emails
The Jury Duty Scam – Don’t Become a Victim

View the FDICs Consumer Awareness Training video

Phishing Emails Targeting Online Banking Clients
Fraudulent emails are being sent to online banking clients.  The scam targets online banking clients by sending emails that appear to be from an official online banking source and is designed to trick the recipient into clicking a link in the e-mail for the purpose of acquiring sensitive data, such as passwords or financial information.

The fraudulent email indicates that the client’s online banking account is about to expire. The client is requested to update or confirm information immediately.  Failure to confirm the client’s records may result in the client’s account being suspended.  The client is requested to click on the word “here” or a link to update the client’s information.

Never click links or install programs suggested in emails that relate to account activity, even if the email appears to be from an official or familiar source.

Johnson Bank online banking sources will never send client emails containing links to download software or applications or request sensitive data, such as passwords or financial information via an email.

If you receive such an email immediately delete the email and never click on the link or follow the instructions provided.

Lottery Scam
Security has been notified that counterfeit checks bearing Johnson Bank's name are involved in ongoing lottery scams.  The targets of the scams have received Final Notification letters indicating that they have won a Consumers Reward Prize in the amount of $38,000.00, $39,500.00, etc.  A counterfeit check in the amount of $3,800.00, $3,950.00 etc, accompanies the letter.  The check is to be used to cover the taxes or advanced fees associated with the prize.  The recipient of the notification letter is requested to deposit the check and make a call to a phone number provided for further clarification and instructions. If you are a recipient of this scam, please fax a copy of the letter and check to Johnson Bank Corporate Security at 262-619-8534. It is recommended that this information is turned over to local law enforcement. Read more details on Lottery Scams.

Johnson Bank Phishing Alert
Recently, we have been alerted about phishing e-mails that have been sent to Johnson Bank clients. These e-mails appear to come from Johnson Bank and attempt to trick clients into believing that their online banking account has been compromised. The e-mail then asks the client to log into the site to verify their account information. The link provided appears as if it comes from Johnson Bank, however, it actually directs clients to a phony Web site. Visitors to this site are then directed to login with their social security and password. Once in, they are asked for personal identification and a credit card number.

Please do not respond to these e-mails. Johnson Bank will never ask you to verify your information through e-mail. If you believe that your personal information has been compromised, please contact the Johnson Bank Customer Support at 888-769-3796.

To ensure your security online you can do the following:
- Always be sure that the site you are on is secure. Check your browser by looking for a closed lock on the lower right hand of the page. A Web site address that begins with https:// is also secure.
- Be wary of unsolicited e-mails or calls asking you to disclose any personal details or card numbers. Keep this information secret. Be wary of disclosing any personal information to someone you don't know. Your bank and the police would never contact you to ask you to disclose PINs or all your password information.
- Always access Internet banking by typing the bank's address into your web browser. Never go to a Web site from a link in an e-mail and enter personal details. If in doubt, contact the bank separately on an advertised number.

IRS Phishing E-mail Scam
E-mail fraudsters are hard at work trying to obtain personal information in order to commit Identity Theft or credit card fraud. The fraudsters have found an easier way to trick people into disclosing their personal/sensitive information by using a U.S. Government Web portal programming flaw. The flaw allows a phisher to redirect URL (Uniform Resource Locators) from the GovBenefits.gov domain to fraudulent Web sites.

The phishing e-mail advises the recipient that the IRS owes them several hundred dollars. The recipient can claim their refund via a Web link that is provided in the email. The e-mail recipient is told in order to avoid being redirected to a bogus site, the recipient should cut and paste the link into their Web browser rather than directly clicking on it.

The link in the e-mail does not take the recipient to a U.S. Government site, but rather a site owned by the fraudster who is anxiously waiting the individual’s social security number, credit card information, and other personal information.

The phishing Web sites are taken down as soon as possible. However, the fraudsters will continue to look and find other security flaws in targeted sites.

Prevent yourself from such an attack:
- Do not open, click on, or cut and paste any unsolicited web links received in emails.
- Contact Johnson Bank immediately if you believe that your financial/account information has been compromised.
Back to top

Some Privacy Policies are not Private Enough
There are organizations on the Internet that offer free services such as e-mail or virus scanning. It is important to be aware that some of these companies have privacy policies that allow them to collect and share personal information about your browsing habits. These companies might also collect secure information from you. In addition, related software may be difficult to uninstall, despite your attempts to do so.

Johnson Bank does not share or sell any customer information to third parties. However, it is important for you to be aware that some of the Internet companies that use technologies to intercept secure information will also have complete access to your personal information. When you accept an agreement with these companies, you are also agreeing that they can share your information with third parties.

What you can do:
1. Always read the contract and privacy policy before agreeing to install any software or use an Internet service.
2. When in doubt, do not accept the agreement.
3. Install spyware programs like AdAware to check your computer for software that collects this type of information.
4. Report suspicious organizations to the Federal Trade Commission.
5. Visit the Federal Trade Commission's identity theft Web site to learn how to minimize your risk of damage from identity theft. Information about Johnson Bank's Privacy Policy is mailed to our clients annually. In addition, you can read the Johnson Bank Privacy Policy on our Web site.

Credit Card Fraud Alert
Individuals are portraying themselves to be from the credit card Security/Fraud Department are contacting credit card customers to obtain the 3-digit security code listed on the back of the card.

The caller indicates that fraudulent activity has occurred on the customers account. The caller knows the credit card number and other pertinent information, and asks the customer whether the customer authorized a transaction (the transaction never occurred). When the customer responds no, the caller indicates that the transaction will be reversed immediately. To gain the customers trust, the caller tells the customer to call the number on the back of their card and ask for the Security/Fraud Department if the customer has questions. A fictitious control number is given to the customer to provide to the Security/Fraud Department.

The caller then requests the 3-digit security code listed on the back of the credit card next to the calling card number to ensure that the card has not been lost or stolen. Once this information is given out, the caller can begin making fraudulent transactions on the Internet using the credit card number.

Important:
Credit card customers should never give out the 3-digit security code listed on their credit cards unless they have initiated the call or transaction. Anytime a customer receives a phone call or e-mail requesting sensitive credit card information, the customer should end the communication. Then call the 800 number card and request to be connected to the Fraud/Security Department.
Back to top

The Federal Reserve does not approve or eliminate debt. These types of schemes are growing on the Internet. The organizers are charging large up-front fees or commissions based upon the amount of debt. Customers who pay such fees do not have their debts forgiven or reduced, but instead they incur late fees and the risk of foreclosure or other legal action being taken because of non-payment of their loan obligations. The borrower's credit report could also be negatively affected. If JFG is presented with fraudulent documents as described above, a SAR needs to be filed. Please contact JFG Corporate Security immediately.

Back to top

"Phishing" Emails
Fraudulent e-mails have been sent to many Americans. The e-mails direct recipients to Web sites where they are asked to verify sensitive personal information in order to assist in the fight against terrorism or for some other purpose supposedly required by law. These emails appear to have been sent from government agencies such as the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Securities Investor Protection Corporation and others. The e-mail recipients are directed to Web sites that are similar or clones of official government sites.

Once at the Web site the recipient is requested to update personal information, such as name, account and credit card numbers, passwords, social security numbers and other information. The Web site is bogus. The name of this scam is "Phishing" (sending a fraudulent email and claiming to be a legitimate company). The con is attempting to gain an individual's personal information in order to commit identity theft.

The Federal Trade Commission developed the following tips that consumers can use to protect themselves for identity theft:

• If you get an e-mail that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the e-mail. Instead, contact the company cited in the e-mail using a telephone number or Web site address you know to be genuine.
• Avoid e-mailing personal and financial information. Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission.
• Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
• Report suspicious activity to the FTC. Send the actual spam to uce@ftc.gov.

If you believe you've been scammed, file your complaint at www.ftc.gov, and then visit the FTC's Identity Theft Web site to learn how to minimize your risk of damage from identity theft.

Back to top

The Jury Duty Scam – Don’t Become a Victim

Scammers have found a new way to commit identity theft by preying on our loyalty as United States citizens.

Here’s how the new scam works: A person claiming to work for the local clerk of courts calls and tells the victims that they have failed to report for jury duty and, as a result, a warrant has been issued for their arrest. The victims protest and rightly explain that they never received the jury duty notification. Then, in order to “verify” that the clerk of courts is talking to the right person, the scammer requests confidential information from the victim.

The scammer may ask for the victim’s Social Security Number, date of birth, credit card numbers (to pay the fine), and other personal information, which is everything the scammer needs to commit identity theft. The jury duty scam has been reported in several states across the country.

This scam works because the victims are caught off guard. Victims are upset because they think they may be arrested. Protecting their confidential information is not at the top of their mind –
victims just want to get the “warrant” dismissed.

Remember, clerk of courts employees will never call you and request your Social Security Number or confidential information. In most cases, the courts follow up with prospective jurors via U.S. mail.

Be cautious: Never provide a caller with your personal or confidential information. The jury scam is just one of the latest attempts to obtain personal information. It does not matter why the scammers are calling (the reasons will change). If you have not initiated the call, do not provide confidential information to the caller.

MEMBER FDIC