March 31, 2017 - Fictitious Notification Regarding the Release of Funds Supposedly Under the Control of the Office of the Comptroller of the Currency
Consumers have reported receiving fictitious e-mail messages, allegedly initiated by the Office of the Comptroller of the Currency (OCC), regarding funds purportedly under the control of the OCC. Any communication claiming that the OCC is involved in holding any funds for the benefit of any individual or entity is fraudulent. The OCC does not participate in the transfer of funds for, or on behalf of, individuals, business enterprises, or governmental entities.
Consumers have reported receiving communications that the OCC is holding 25 million euros related to an international funds transfer until a “Capital Currency Control Permit” fee of 25,000 euros is paid. Potential victims have received an “Application for Capital Currency Control Permit,” which requests, among other data, a copy of the individual’s passport as well as bank account information.
Before responding in any manner to any proposal supposedly issued by the OCC that requests personal account information, or that requires the payment of any fee in connection with the proposal, the OCC recommends that consumers:
Contact the OCC directly to verify the legitimacy of the proposal (1) by e-mail at firstname.lastname@example.org; (2) by mail to the OCC’s Special Supervision Division, 400 7th St. SW, Suite 3E-218, MS 8E-12, Washington, DC 20219; (3) by fax to (571) 293-4925; or (4) by calling the Special Supervision Division at (202) 649-6450.
Contact state or local law enforcement.
File a complaint with the Internet Crime Complaint Center if the proposal appears to be fraudulent and was received via e-mail or the Internet.
- File a complaint with the U.S. Postal Inspection Service by telephone at (888) 877-7644; by mail at U.S. Postal Inspection Service, Office of Inspector General, Operations Support Group, 222 S. Riverside Plaza, Suite 1250, Chicago, IL 60606-6100; or by the online complaint form at https://postalinspectors.uspis.gov/forms/MailFraudComplaint.aspx, if the proposal appears to be fraudulent and was delivered through the U.S. Postal Service.
Consumers who have provided bank account information should contact their financial institutions immediately to report the issue and discuss options to protect their account assets. Consumers who have had their personal information compromised should visit the Federal Trade Commission’s website at www.ftc.gov and follow the guidance for identify theft.
Information regarding the subject of this or any other alert that you wish to bring to the attention of the OCC may be sent to email@example.com.
Helpful Security Tips - December 2015
Turn off Bluetooth if you are not using it on your computer or device. Not only does this make it more secure, but it also saves battery life.
Never share your passwords with others, including your supervisor or coworkers. Your password is a secret; it only works if only you know it. If anyone else knows your password, you may be responsible for their actions.
Every plugin or add-on you install in your browser can expose you to more danger. Only install the plugins you need and make sure they are always current. If you no longer need a plugin, disable or remove it from your browser via your browser's plugin preferences.
Only install mobile apps from trusted places, and always double-check the privacy settings to ensure you are not giving away too much information.
A common method cyber criminals use to hack into people's computers is to send them emails with malicious links. People are tricked into opening these links because they appear to come from someone or something they know and trust. If you click on a link, you may be taken to a site that attempts to harvest your information or tries to hack into your computer. Only click on links that you were expecting. Not sure about an email? Call the person to confirm they sent it.
Make sure each of your accounts has a separate, unique password. Can't remember all of your passwords/passphrases? Consider using a password manager to securely store all of them for you.
Review your bank, credit card and financial statements regularly to identify unauthorized activity. This is one of the most effective ways to quickly detect if your bank account, credit card or identity has been compromised.
Be careful: the more information you post online about yourself, the easier it is for a cyber attacker to target you and create custom attacks against you or your organization.
PC Banking Fraud Prevention Best Practices
User ID and Password Guidelines
Create a “strong” password with at least 8 characters that includes a combination of mixed case letters, numbers, and special characters.
Change your password frequently.
Never share username and password information.
Do not use an automatic login feature that save usernames and passwords.
Do not use the same password on all the websites you visit.
Do not use the same passwords at home that you use at work.
Register each computer used to access PC Banking.
Do not use public or other unsecured computers for logging into PC Banking.
Do not conduct online banking over wireless that you don’t own.
Check the last login date/time every time you log in.
Review account balances and transactions regularly (daily) to confirm payment and other transaction data.
Immediately report any suspicious transactions to Clinton National Bank.
View transfer history available through viewing account activity information.
Take advantage of and regularly view system alerts; examples including Email change alerts and password change alerts.
Do not use account numbers, your social security number, or other account or personal information when creating account nicknames or other titles.
Review historical reporting features of your online banking application on a regular basis to confirm payment and other transaction data.
Never leave a computer unattended while using PC Banking.
Tips to Protect Online Payments & Account Data
Take advantage of transaction limits.
When you have completed a transaction, ensure you log off to close the connection with the financial organization's computer.
Required Security Procedures for PC Banking
Do not open e-mail from unknown sources. Be suspicious of e-mails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, PIN codes, and similar information. Opening file attachments or clicking on web links in suspicious e-mails could expose your system to malicious code that could hijack your computer.
- Never respond to a suspicious e-mail or click on any hyperlink embedded in a suspicious e-mail. Call the purported source if you are unsure who sent an e-mail.
- If an e-mail claiming to be from Clinton National Bank seems suspicious, please contact Clinton National Bank.
Clinton National Bank will never ask you to verify username or passwords via an email request.
Install anti-virus and spyware detection software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
- Update all of your computers regularly with the latest versions and patches of both anti-virus and anti-spyware software.
Ensure computers are patched regularly, particularly operating system and key application with security patches.
- Install a dedicated, actively managed firewall, especially if using a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to your network and computers.
- Check your settings and select, at least, a medium level of security for your browsers.
- Be advised that you will never be presented with a maintenance page after entering login credentials. Legitimate maintenance pages are displayed when first reaching the URL and before entering login credentials.
PC Banking does not use pop-up windows to display login messages or errors. They are displayed directly on the login screen.
- If you receive a pop-up window, close it with the X in the corner. Never use any buttons within the window.
PC Banking never displays pop-up messages indicating that you cannot use your current browser.
- PC Banking error messages never include an amount of time to wait before trying to login again.
Being asked repeatedly to enter your password/token code are signs of potentially harmful activity.
- Being asked if your computer was previously registered is a sign of potentially harmful activity.
Protecting Your Security
You are encouraged to monitor your account closely and let us know if you see any unauthorized purchases. If you have not already registered for PC Banking, our free online banking service, which allows you to monitor your account anytime, we recommend you do so. Visit our homepage and click on "Online Banking" to register for this convenient, free service.
In a continuing effort to provide you, our customer, with up-to-date information regarding the safety of your identity and privacy, we have outlined the following best practices.
- Never give out your bank or credit card account number over the telephone to someone who called you.
- Never take money out of the bank and give it to someone you don't know.
- Destroy credit card solicitations you receive in the mail, especially if they have checks attached.
- Never disclose your Social Security number.
- Always review your bank statements for discrepancies.
- Never give out your ATM, debit card, credit card or disclose the PIN number.
- Do not keep your PIN number in the same place you keep your ATM or debit card.
- If you ever feel uncomfortable about any situation involving your money, call the bank or your local police department.
- Remember that banks, insurance companies, investment managers and government agencies will never call you or email you and ask for your account number, PIN number or other non-public information.