The Federal Deposit Insurance Corporation (FDIC) has received numerous notifications from consumers of an e-mail that gives the appearance of being sent from the FDIC. The "From" line of the e-mail displays the name "Federal Deposit Insurance Corporation " and the subject includes the words "Consumer Protection."

Current versions of the fraudulent e-mail state:

"Who is FDIC?

The Federal Deposit Insurance Corporation (FDIC) preserves and promotes public confidence in the U.S. financial system by insuring deposits in banks.

What can FDIC do for you?

Despite the efforts of law enforcement, Identity theft is becoming more sophisticated and the number of new victims is growing. In general, consumers are protected against liability for unauthorized accounts or transactions under federal and state law and by financial industry practices. Identity Theft can affect consumers in many ways, thats [sic] why FDIC is presenting a new card insurance which can restore you up to $500 if you are a victim of internet fraud.

Learn more about Consumer Protection > Card Insurance: Clicking here will redirect you to a online signup page for this program."

The e-mail requests that recipients click on a hyperlink that is provided. This directs the recipient to a "spoofed" Web page requesting the user to enter personal information to receive $500 of "card insurance." The requested information (name, phone number, Social Security number, address, card number, bank name, card expiration date, card verification code, and electronic signature/ATM PIN) could be used to perpetrate identity theft and gain unauthorized access to bank accounts. Be aware that the appearance of the fraudulent e-mails can be modified and that additional variations are possible.

Consumers should NOT access the link provided within the body of the e-mail and should NOT, under any circumstances, provide any personal financial information through this media.

The FDIC has shut down the fraudulent Web site and is investigating the source of the e-mails. Consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

The Federal Deposit Insurance Corporation (FDIC), a participant in the Government-Wide Identity Theft Task Force, will provide a direct link to the new, centralized government Web site on identity theft.

The new site, www.idtheft.gov, has now been launched. Initially, the site will provide the Task Force's Strategic Plan. The Plan, which represents the input of 17 Federal agencies, including the FDIC, sets out recommendations to prevent identity theft, to assist identity theft victims in recovering from those crimes, and to prosecute and punish identity theft-related criminals. The taskforce was created by Executive Order to strengthen Federal efforts to protect against identity theft.

The Federal Deposit Insurance Corporation (FDIC) has recently released an on-line multimedia education tool that you can use to learn how to better protect your computers and yourself from identity thieves. The presentation also features actions you can take if your personal information has been compromised. Identity theft continues to be one of the fastest growing crimes in the United States, and has ranked as one of the top consumer concerns for the past several years. Identity theft is evolving in more complicated ways that make it harder for you to protect yourself, and easier for criminals to set up virtual storefronts on the Internet to sell confidential personal information.

Some of the steps outlined in the presentation that you can take to help safeguard your computers and your personal information from identity theft are: never provide personal information in response to an unsolicited telephone or Internet request; never provide a password over the phone or in response to an unsolicited Internet request; review account statements regularly to ensure all charges and transactions are correct; and use a firewall and anti-virus and spyware protection software.

The presentation is on the FDIC's website at www.fdic.gov/consumers/consumer/guard/index.html

Congress created the Federal Deposit Insurance Corporation in 1933 to restore public confidence in the nation's banking system. The FDIC insures deposits at the nation's 8,854 banks and savings associations and it promotes the safety and soundness of these institutions by identifying, monitoring and addressing risks to which they are exposed. The FDIC receives no federal tax dollars – insured financial institutions fund its operations.

It has recently come to our attention that there is a possibility that fraudulent emails claiming to be from Rossville Bank are in circulation. It appears the emails may have a “spoofed” sender address of info@rossvillebank.com and are being mass-mailed with a virus attached. They may also contain the subject line “Your Password” and/or requests to “verify” user ID’s, passwords, account/card numbers, or other sensitive information.

Although info@rossvillebank.com is a legitimate address, these emails do not come from Rossville Bank. We will NEVER email or call to “verify” sensitive information.

We recommend the use of anti-virus and anti-spyware software for personal computers as well as appropriate firewalls to help guard against risks posed by the Internet and email. Never respond to requests for sensitive information received via email or phone without first contacting the sender by an independently verified contact method.

If you receive a suspicious email claiming to be from Rossville Bank, please notify us immediately.

The Internet has become a popular method for both making purchases and managing finances through online banking relationships. While some individuals have taken steps to protect their computers, many firewall and anti-virus software packages do not protect computers from one of the latest threats, spyware.

The term spyware refers to technologies that collect information about a user without his or her knowledge and reports that information to a third party. Certain forms of spyware can intercept sensitive and confidential information about a user, including passwords, credit card numbers and other identifying information.

Spyware is usually installed without a user’s knowledge or permission. However, users may intentionally install spyware without understanding the full ramifications of their actions. A user may be required to accept an End User License Agreement (EULA), which often does not clearly inform the user about the extent or manner in which information is collected. In such cases, the software is installed without the user’s “informed consent.”

Spyware can be installed through the following methods:

· Downloaded with other Internet downloads in a practice called “bundling.” In many cases, all the licensing agreements may be included in one pop-up window that, unless read carefully, may leave the user unaware of “bundled” software.

· Directly downloaded by users who were persuaded that the technology offers a benefit. Some spyware claims to offer increased productivity, virus scanning capabilities or other benefits.

· Installed through an Internet browsing technique called “drive-by downloads.” In this technique, spyware is installed when a user simply visits a Web site. The user may be prompted to accept the download believing it is necessary in order to view the Web page. Another method is to prompt the user to install the program through pop-up windows that remain open, or download the software regardless of the action taken by the user.

· Automatically downloaded when users open or view unsolicited e-mail messages.

Spyware can be difficult to detect and remove because it:

· Does not always appear as a running program in the Window's Task Manager; therefore, the user may be unaware that his or her computer is infected.

· May not include a removal option in the Windows "Add/Remove Programs" function. When such an option is present, the removal process may not eliminate all components, or it may redirect the user to an Internet site to complete the removal. This often results in new or additional infection rather than removal. In addition, some spyware includes a feature to reinstall itself when any portion is deleted.

· May cause a further infestation by installing other spyware programs onto users' computers.

Spyware increases the risk to users by:

· Exploiting security vulnerabilities or settings, changing the computer configuration to relax security settings, or allowing a channel into the user’s computer by circumventing the firewall. The result is that attackers can eavesdrop and intercept sensitive communications by monitoring keystrokes, e-mail and Internet communications. This monitoring may lead to the compromise of sensitive information, including user IDs and passwords.

· Providing attackers the ability to control computers to send unsolicited "junk” e-mail (SPAM) or malicious software (Malware), or to perform denial of service (DoS) attacks against Web sites.

· Draining system resources and productivity and consuming system resources, even when the user is not browsing the Internet, such as when adware results in voluminous unwanted pop-up advertisements.

· Compromising the user's ability to conduct business by disrupting Internet connections as a result of the improper removal of spyware.

· Increasing the incidence of SPAM to e-mail accounts.

· Compromising confidentiality. Certain types of spyware route all Internet communications through their own servers, often without the user's knowledge. This allows a third party to read sensitive Internet communications even when Secure Socket Layer (SSL) or other encryption protocols are used. Other forms of spyware install an application on the user's computer that monitors and records all Internet communications and sends the report back to the originator. Identity thieves may then impersonate the user using the IDs and passwords collected.

· Increasing vulnerability to "phishing" and "pharming" attacks, as some spyware can redirect Internet page requests. Phishing seeks to lure a user to a spoofed Web site using an e-mail that appears to come from a legitimate site. Pharming seeks to redirect a user to a spoofed Web site by introducing false data into a legitimate domain name server (DNS). The spoofed Web sites are set up to collect private customer information, such as account user IDs and passwords.

Computer users should evaluate the risks associated with spyware and seek to mitigate those risks by considering the following:

· Installing and periodically updating anti-spyware, virus protection and firewall software.

· Adjusting browser settings to prompt the user whenever a Web site tries to install a new program or Active-X control.

· Carefully reading all End User Licensing Agreements and avoiding downloading software when licensing agreements are difficult to understand.

· Maintaining patches to operating systems and browsers.

· Not opening e-mail from untrustworthy sources.

· Refrain from using public computers to connect to online banking Web sites.

A fraud scheme speeding across the Internet may cost U.S. residents time, money and a not-so-pleasant chat with bank and law enforcement officials for passing counterfeit postal money orders.

According to U.S. Postal Inspectors, the scam begins when someone needing help to cash phony postal money orders contacts a victim by e-mail, through an Internet chat room or on-line auction site. Once the bogus money orders are cashed, the victim returns the funds via wire transfer, often unaware they have assisted in a federal crime.

Victims are told they can keep some of the money as a gift or payment for their help, officials said. Unsuspecting victims provide their home mailing address to the scam artist – who U.S. Postal Inspectors call “fraudsters” – and are told they will receive a check or postal money order that they should deposit into their own bank account.

“Scams promising quick and easy money are cast by fraudsters,” said Chief Postal Inspector Lee Heath. “These scam artists can easily connect to a sea of strangers through the Internet and dangle promising treats, hoping someone will bite.”

“Don’t take the bait,” Heath added.

Such scams can be coordinated from anywhere in the world, but recently many have been conducted from Nigeria.

“This is another example of our commitment to protecting the mail and our fellow Americans,” said Heath. “Their security is our mission.”

For more information about postal money order security features, visit the U.S. Postal Service Web site at www.usps.com/missingmoneyorders/security.htm

To report a fraud complaint, call the Fraud Complaint Hotline at 1-800-372-8347 or visit the U.S. Postal Inspection Service Web site at www.usps.com/postalinspectors

A message from United States Postal Inspection Service

There’s a new type of Internet piracy called “phishing.” It’s pronounced “fishing,” and that’s exactly what these thieves are doing: “fishing” for your personal financial information. What they want are account numbers, passwords, Social Security numbers, and other confidential information that they can use to loot your checking account or run up bills on your credit cards.

In the worst case, you could find yourself a victim of identity theft. With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even driver’s licenses in your name. They can do damage to your financial history and personal reputation that can take years to unravel. But if you understand how phishing works and how to protect yourself, you can help stop this crime.

In a typical case, you’ll receive an e-mail that appears to come from a reputable company that you recognize and do business with, such as your financial institution. In some cases, the e-mail may appear to come from a government agency, including one of the federal financial institution regulatory agencies. The e-mail will probably warn you of a serious problem that requires your immediate attention. It may use phrases, such as “Immediate attention required,” or “Please contact us immediately about your account.” The e-mail will then encourage you to click on a button to go to the institution’s Web site.

In a phishing scam, you could be redirected to a phony Web site that may look exactly like the real thing. Sometimes, in fact, it may be the company’s actual Web site. In those cases, a pop-up window will quickly appear for the purpose of harvesting your financial information.

In either case, you may be asked to update your account information or to provide information for verification purposes: your Social Security number, your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother’s maiden name or your place of birth. If you provide the requested information, you may find yourself the victim of identity theft.

1. Never provide your personal information in response to an unsolicited request, whether it is over the phone or over the Internet. E-mails and Internet pages created by phishers may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure site. If you did not initiate the communication, you should not provide any information.

2. If you believe the contact may be legitimate, contact the financial institution yourself. You can find phone numbers and Web sites on the monthly statements you receive from your financial institution, or you can look the company up in a phone book or on the Internet. The key is that you should be the one to initiate the contact, using contact information that you have verified yourself.

3. Never provide your password over the phone or in response to an unsolicited Internet request. A financial institution would never ask you to verify your account information online. Thieves armed with this information and your account number can help themselves to your savings.

4. Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving, call your financial institution to find out why. If your financial institution offers electronic account access, periodically review activity online to catch suspicious activity.

• Contact your financial institution immediately and alert it to the situation.

• If you have disclosed sensitive information in a phishing attack, you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name. Here is the contact information for each bureau’s fraud division:

Equifax
800-525-6285
P.O. Box 740250
Atlanta, GA 30374

Experian
888-397-3742
P.O. Box 1017
Allen, TX 75013

TransUnion
800-680-7289
P.O. Box 6790
Fullerton, CA 92634

• Report all suspicious contacts to the Federal Trade Commission through the Internet at www.consumer.gov/idtheft, or by calling 1-877-IDTHEFT.

Never provide personal financial information, including your Social Security number, account numbers or passwords, over the phone or the Internet if you did not initiate the contact. Never click on the link provided in an e-mail you believe is fraudulent. It may contain a virus that can contaminate your computer.

Do not be intimidated by an e-mail or caller who suggests dire consequences if you do not immediately provide or verify financial information. If you believe the contact is legitimate, go to the company’s Web site by typing in the site address directly or using a page you have previously bookmarked, instead of a link provided in the e-mail.

If you fall victim to an attack, act immediately to protect yourself. Alert your financial institution. Place fraud alerts on your credit files. Monitor your credit files and account statements closely.

Report suspicious e-mails or calls to the Federal Trade Commission through the Internet at www.consumer.gov/idtheft or by calling 1-877-IDTHEFT.

A message from the federal bank, thrift
and credit union regulatory agencies

Board of Governors of the Federal Reserve System
Federal Deposit Insurance Corporation
National Credit Union Administration
Office of the Comptroller of the Currency
Office of Thrift Supervision