Here you'll find recent threats impacting our customers.

It's Scam Time!

May 14, 2013

We haven't written about new scams in GCFlash for quite some time. Not because there haven't been any new techniques reported, but because our tips for avoiding them remain the same.

For the sake of new readers who may not recognize the signs, we'll rehash them at the end of this article. After we discuss a couple of recent trends.

Read more


Updated June 25, 2013

The following alert has been reissued with a twist. The message now includes a password the user is urged to use to unencrypt the file as a ruse to appear more legitimate. Remain on alert for this threat.

April 16, 2013

A fradulent phishing alert has been issued, targeting employees and customers of Fiserv affiliated institutions, including GCF Bank. Recipients are urged to open an attachment that contains a secure .zip file message about what appears to be a case under their investigation. A secure message will never contain a .zip or any other compressed file. DO NOT OPEN the file should you receive this message. Delete it immediately.

Sample of the message follows:

From: Fiserv Secure Notification < >
Subject: Fiserv Secure Email Notification - (Displays Random Alphanumeric Characters)

You have received a secure message

Read your secure message by opening the attachment, Case_RANDOM Alphanumeric

The attached file contains the encrypted message that you have received.

To decrypt the message use the following password - RANDOM Alphanumeric Characters

To read the encrypted message, complete the following steps:
- Double-click the encrypted message file attachment to download the file to your computer.
- Select whether to open the file or save it to your hard drive. Opening the file displays the attachment in a new browser window.
- The message is password-protected, enter your password to open it.

To access from a mobile device, forward this message to to receive a mobile login URL.

If you have concerns about the validity of this message, please contact the sender directly. For questions about secure e-mail encryption service, please contact technical support at 888.850.1048.

2000-2013 Fiserv Secure Systems, Inc. All rights reserved.


January 17, 2013

The Federal Trade Commission (FTC) is warning small businesses that an email with the subject line "Notification of Consumer Complaint" is not from the FTC. The email falsely states that a complaint has been filed with the agency against the business.

The FTC advises recipients not to click on any of the links or attachments with the email. Clicking on the links may install a virus or other spyware on the computer.


September 18, 2012

Recently some card issuers and financial institutions across the industry have experienced an increase in attempts by unknown fraudsters to break the card verification value / card verification code (CVV / CVC) on compromised cards, and thereby to commit card fraud, including ATM fraud. This attempt to commit fraud is commonly known as a "brute force attack". To execute these crimes, email is often used to transport phishing scams and malicious software (malware) to obtain personal information including personal identification numbers (PINs) and to take over legitimate merchant accounts to test the compromised cards. You can help to reduce the likelihood of the success of these attempts to commit fraud by being alert for email that (1) contains unfamiliar or suspicious links or attachments, (2) is unsolicited and/or from an unknown sender, (3) is sent multiple times from different senders, or (4) contains poor grammar or incorrectly spelled words. If you receive email that contains any of these elements or any combination of these elements, you should delete it immediately. Do not open it, click on the links or open any attachment. You should not attempt to reply to the email or forward it to anyone.


Fraudulent E-mail Survey -- April 27, 2012

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being sent from the FDIC.

The e-mail exhibits the "Subject" line: "SURVEY CODE: STJSPNUPUT". The "From" line may exhibit variations; however, the messages are similar.

The email states, "You have been chosen by the FDIC to take part in our quick and easy 5 questions survey. In return we will credit $100 to your account just for your time!" The recipient is then instructed to "Click here to Continue." Recipients should not click on the link provided.

This email and link are fraudulent. Recipients should consider the intent of the email as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. As a reminder, the FDIC does not send unsolicited emails to consumers or business account holders.


We've learned that a group using the names "855LAW5559" and "National Legal Help" is contacting homeowners facing mortgage foreclosure. They inform the recipient that the Office of the Comptroller of the Currency (OCC) has directed their case to the group to approve eligibility to receive $10,000 in grant assistance, and ask for an up front payment to proceed

The OCC is not affiliated with this group, and warns that the program does not appear to be legitimate. It is likely an "up-front-fee scam." Contact your lender if you receive such a letter. They can direct you to legitimate government resources.

Malicious Website Alert

A malicious website containing damaging malware has been identified with the URL "" The site masquerades as the legitimate site at "" Merely connecting to the fake site can be harmful. Pay close attention not to mistake the two sites.


The American Bankers Association has issued a warning to advise consumers of an uptick in phishing, smishing and vishing attacks. The messages ask accountholders to call a specific number to resolve possible compromises of their bank accounts and includes the last four digits of the user's debit card to make it appear legitimate. Those who call the number provided are asked to provide their card's expiration date and CV security code "to confirm the card is in their possession."

Your bank will never email or text you to advise of a compromised account. Should you receive such a message, contact your institution using a phone number already known to you. Never call the number provided in an unsolicited correspondence.


A new FDIC e-mail scam alert was issued on June 6, 2011. This one appears to be sent from various "" email addresses; such as "," "," or ""

The subject line reads "FDIC: Your business account" or "FDIC: About Your Business Account." They're addressed "Business Customer" or "Business Owner" and instruct the reader to click a link for important information about their bank.

It concludes with "This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership." They lead the reader to believe their bank has failed.

The FDIC will never send banking customers an email regarding their relationship with any institution. Any email you receive from them, regardless of the wording, is most likely a scam.


The Electronic Payments Association GCF Bank is a member of, has received reports of individuals and/or companies receiving a fraudulent email which appears to have been sent from NACHA and signed by a non-existent NACHA employee.

Specifically, this email claims to be regarding a canceled ACH Payment from the "Electronic Payments Association" and appears to be coming from the email address "" Please refer to the sample of the email below.

Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Users/customers/consumers should not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you/they do not normally communicate with, or that appear to be known but are suspicious or otherwise unusual.

Further, NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.

Should you or a customer receive an email such as this, it is best to delete it immediately!

From: []
Sent: Tuesday, February 22, 2011 7:32 AM
To: Doe, John
Subject: ACH transaction rejected

The ACH transaction, recently sent from your checking account (by you or any other person), was cancelled by the Electronic Payments Association.

Please click here to view report

Otto Tobin,
Risk Manager


E-mails fraudulently claiming to be from the FDIC are attempting to get recipients to click on a link, which may ask them to provide sensitive personal information. These e-mails falsely indicate that FDIC deposit insurance is suspended until the requested customer information is provided.

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that "in cooperation with the Department of Homeland Security, federal, state and local governments..." the FDIC has withdrawn deposit insurance from the recipient's account "due to account activity that violates the Patriot Act." It further states deposit insurance will remain suspended until identity and account information can be verified using a system called "IDVerify." If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient's computer.

This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.

The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to

For your reference, FDIC Special Alerts may be accessed from the FDIC's Web site.


A new variant of the Zeus Trojan has been reported that targets online banking user names and passwords. The virus hides inside advertisements on legitimate web sites. Once the user clicks, malware is downloaded that lays dormant until the user visits their online bank site. It then captures login credentials and records account details, then proceeds to transfer your money to other bank accounts.

PC users running Windows XP SP3, Vista or 7 have not been affected by this threat, nor have those with the latest anti-virus updates. The security in these products detects the code and stops the download.

Threats have become increasingly more sophisticated, but so has the prevention. Vigilance remains your best defense. If you are using Windows XP SP2 or any version earlier, or don't automatically update your anti-virus software, get the latest product versions now. Configure your products to update automatically to eliminate your risk of becoming a victim.

For more on how cybercriminals manage to hide such malware on legitimate sites, read the July 6, 2010 edition of GCFlash.

Find complete coverage on the Zeus Trojan in the August 17, 2010 issue of GCFlash.


A new scam email has been circulating, informing recipients their ATM card is in the sender's possession and outlining specific steps to retrieve it. View the entire message here. Note the poor grammar and spelling, typical of fraudulent activity. Should you receive this message, do NOT follow the retrieval instructions.


New Development Reported 7-1-10: Increased fraudulent activity detected when cards used at hotels/motels.

Please be advised that GCF Bank has been tracking fraudulent debit card activity since February of this year. We believe the point of compromise is software being used by liquor stores in our geographical location.

At this time, GCF Bank is advising you that using your GCF Bank ATM/Debit card at liquor store, may potentially put your card information at risk of being compromised. While we understand the convenience of using your debit card will be lost when shopping at liquor stores, we feel it is also necessary for us to protect our customers by letting you know it may be safer to use cash at these merchants.

If your card has been used at one of these merchants during the time frame we feel a compromise may have taken place, you will be receiving an email and/or written communication alerting you of this situation, with further information on how GCF Bank will be proceeding and instructions on what steps you need to take.

GCF Bank recommends you monitor your account activity closely and alert us to any potential fraudulent activity as soon as possible. Should you have any questions regarding this activity please feel free to contact the Electronic Banking Dept by phone at (856) 589-6600, extension 300.

Rejected Transaction Email Scam

(11-12-2009) We have just received a Phishing Alert warning about fraudulent emails being sent to random individuals, indicating that there is a problem with an electronic payment (ACH) transaction they have originated. The subject line of the false email reads "Rejected ACH Transaction," and it appears to be from NACHA - The Electronic Payments Association.

The email includes a link that redirects the individual to a fake web page which appears to be the NACHA website. The link is very likely an executable virus with malware.

This email did NOT originate from NACHA and the website is not NACHA's. Do not click on the link.

UPDATED Scam Alert

(9-10-2009) We've been made aware of SMiShing attacks (text phishing) impacting customers of financial institutions in the eastern region. These messages appear to come from your bank and include a phone number to call for more information. The criminals are using (845) 765-9464 to actively collect debit card and PIN information from consumers in the New York/ New Jersey area. Text messages are being delivered to random NY/NJ area consumers with the warning that their debit cards have been closed or somehow compromised. When the consumers call the telephone number they hear a recording that requests a 16-digit card number and PIN. Please do not call this number.

GCF Bank will NEVER contact you in this manner. We will NEVER request your PIN or card number during any communication. If you have unknowingly responded to this type of a message or given your personal information to anyone over the phone, contact us immediately. You may be a victim of fraud.

Concerned about Identity Theft?
So Are We!

(4-30-2009) The recent wave of data center breaches are a major concern. We have the tools to help assure your private information remains that way. Visit our Security Center to learn more about fraud threats. Find tips to prevent fraud and resources for victims.

This short video explains what we're doing to protect our valued customers.


(1-29-2009) GCF Bank has been made aware of a data breach at a card processor by VISA affecting some GCF VISA Debit Cards. If you are experiencing difficulties with your GCF VISA Debit Card, it is possible that your individual card was compromised. Please contact us if you have further questions.


(12-3-2008) Incidents of a telephone scam attempting to obtain debit cardholder information have been reported. Cardholders have received computer-generated calls claiming to be from their financial institution. The calls claim their accounts have been frozen and direct the cardholder to call a toll-free number to leave their debit card information in order to reactivate any cards. The messages instructs the customer to provide their account number, card expiration date and PIN. Do NOT respond to such calls.