Tuesday, March 22, 2011
Your security is important to us. We created our online Security Center to provide you with the latest threat information, scam alerts, prevention tools, victim resources and articles for your online safety. Visit us often.
Our Current Rates:
For a listing of our current deposit and loan rates, click here.
The Tide is Still Rising
No, not the massive tsunami that devastated parts of Japan. While the chaos an event of this magnitude wrought on this country, we're going to talk about a bigger threat yet. This one threatens chaos on a global scale.
You may want to refer to the August 17, 2010 issue of this newsletter for background on the ZeuS Trojan before continuing here. The article was so important that we've made it readily available on our Security Articles web page as well.
The article describes a sophisticated Trojan in use by global organized crime rings. The toolkit to deploy the Trojan is readily through underground Internet sites. At the article's end, I offered this prediction:
"While no incidences have yet been reported, it's only a matter of time before SpyEye dethrones ZeuS as King of Crimeware."
That time has come.
SpyEye gained rapid momentum throughout 2010. Not only had it dethroned ZeuS, but it marked a turning point in the history of cybercrime. Both codes were merged to create "one super Trojan" according to the creator.
Its coder uses two aliases; "Harderman" and "Gribodemon." And he boasted of what was to come to his partners in crime.
According to the RSA Anti-Fraud Command Center, it wasn't just idle chatter. They've analyzed one of the most recent variants of SpyEye and confirmed it is already active in the wild. Their engineers were able to reverse engineer the code and found it does contain an exact code piece that was earlier found in ZeuS.
Typical Internet browsers speed up page delivery time by delivering it from the web server the first time it's accessed. It saves the page on your computer as a "cache" to retrieve more quickly the next time you visit. When you request a web page, you may not always be getting the most current version if it's a site you visit often.
That was a problem for Trojans previous to ZeuS. They relied on their malware to inject code into the web page you were trying to access in order to capture your personal information. Only ZeuS had the ability to inject code into your cached copy. Previous to their merger, SpyEye worked by deleting all cached content before injecting the code into the web page you had requested. It now uses the ZeuS method.
SpyEye is hard to detect. It injects the executable file into a completely different process than previous types of malware, with the Trojan itself residing in a different location using different binary. Even if the code is detected during a virus scan, the executable will not appear related to the Trojan and continue undetected.
January 2011 was the fifth consecutive month where the U.S., UK, Canada, South Korea and Germany were the countries hosting the most phishing attacks. Those originating in the U.S. increased seven percent over the previous month.
Likewise, the U.S. is also the top target, being victim to 56 percent of worldwide mass phishing attacks. The UK comes in a distant second with 23 percent.
Attacks targeting U.S. credit unions increased from eight to 11 percent in January. Nationwide banks remained the same with regional banks showing a three percent decrease.
Attacks of this type are extremely difficult to detect. This makes it all the more important to diligently monitor your accounts and credit history.
Don't wait for your monthly statement to arrive if you can access accounts online. Prompt detection of fraud stops it in its tracks. It's impossible to completely prevent crime but we can limit our risk when exposed. Keep a close eye on your valuables.
Source: RSA Anti-Fraud Command Center
Effective Even Without the Glitter
While Trojans like ZeuS and SpyEye use sophisticated tools for mass phishing attacks, others rely on low tech methods to lure their victims.
Most people know by now that they did not win a lottery they never entered. They recognize pleas from the Nigerian prince who will pay you to convert money from your American account as a scam. They know whether or not their good friends got robbed while traveling Europe, needing money to get home.
Yet enough people still fall victim that the scams continue.
This year alone, on two separate occasions an alert GCF Customer Service Rep (CSR) noticed a bank customer presenting a check for deposit that didn't appear right. Upon questioning their customer further, each learned their customer had been notified they were lottery winners.
The CSRs were both recognized for their attention to detail in detecting and preventing fraud.
The customers weren't quite as happy when they left the bank as when they arrived thinking they hit the jackpot. But they really were winners that day. They avoided a scam that would have cost them every penny in their account.
Another instance saw a woman trying to cash a check drawn on a GCF account. The CSR noticed that the signature on the check did not match the one we had on file. She contacted the account holder to learn her daughter had stolen her check and was trying to do the same with her money.
In all three cases, the training GCF provides to its employees prevented customers from becoming fraud victims.
But what about those times when the transaction isn't conducted in a branch office? What happens with electronic fraud?
One business owner I know found himself in this situation. He designs and installs kitchens rather than working in an office setting. Without easy access to a computer, he conducts business in the traditional fashion rather than electronically.
You may think this would lessen his risk for online fraud. You would be wrong.
This man wrote a check to one of his suppliers for goods received. The supplier was careless about where he left his records. They were discovered by a thief, who now had his account number, routing number and business name.
He had enough information to move $3,000.00 into an account at Capital One. He paid a phone bill, a cellular company and another credit card firm.
At one point, the thief made a small deposit into this man's account to confirm it was still open before drawing out more funds into his Capital One account.
He bilked this man's business account out of nearly $5,000.00 before being detected when his next statement arrived. Without monitoring his account online, it was almost a full month before he knew what was happening.
A large volume of credit card theft still occurs at restaurants. Waiters and waitresses are not large wage earners. Some will supplement their income by stealing credit card numbers.
It's a fairly easy crime to execute. Some will swipe your card on a handheld skimmer while ringing up your tab. Others may use a small camera to capture the numbers. They're paid anywhere from $5 to $10 for each credit card number they capture.
To be clear, a far greater percentage of waiters and waitresses are honest people who earn a living through quality service. Yet it only takes one bad egg to make you a victim.
Online scams and fraud won't disappear anytime soon. Quite the opposite as the web provides a new frontier for villains to ply their trade.
But it also offers the opportunity to catch theft more quickly, reducing whatever risk you may incur.
Sales of existing homes in the U.S. dropped 9.6 percent in February and prices fell to their lowest level since 2002, according to the National Association of Realtors. Economists had expected a drop of only 4 percent to a 5.15 million-unit pace. However, the month over month annual rate in February dropped to 4.88 million units after increasing for three straight months. This was the largest drop since July. The Realtors' group blamed tight credit conditions and home appraisals that were below agreed-upon selling prices.
The Federal Housing Finance Agency (FHFA) purchase only House Price Index (HPI) also showed continued decline in the housing prices. The HPI slipped 0.3 percent in January, following a revised decline of 1.0 percent in December (originally down 0.3 percent). On a year-on-year basis, the FHFA HPI is down 3.9 percent, compared to down 4.1 percent in December. According to the FHFA, home prices continue to be pressured by excess supply and distressed home sales. This index only covers single-family houses with Fannie Mae and Freddie Mac loan information.
It would be nice if we could say that the home sales drop was weather related, but we will have to wait to see what direction those sales, and prices, will head.
GCFlash is a weekly e-mail sent only to its listed customers and associates free of charge. GCFlash informs customers of special product offerings which may be of interest, current interest rates on both deposit and loan products, selected financial news and other financial tidbits. GCFlash is intended to supplement the more comprehensive information listed on the GCF Web site at http://www.gcfbank.com.
For more comprehensive information, visit our Web site at http://www.gcfbank.com or call (856) 589-6600 Ext: 337 (Timothy P. Hand)GCFLASH PRIVACY STATEMENT
GCF maintains your e-mail address in a confidential and secure database along with much of your other account information, such as mailing address and telephone number, etc. Before aggregating our e-mailing list each week, we filter out any duplicates. In most cases, this inhibits the unintended e-mailing of multiple copies of GCFlash to a single e-mail address. However, because these account records are kept by both individual and account, there is a chance members of the same household could each receive a copy of GCFlash or any other transmission at the same e- mail address - resulting in multiple copies. For example, a husband and wife that both have accounts with GCF may both receive a copy because the names are different but listed at the same e-mail address. This is similar to the manner in which each individual may share a common telephone number. To handle this situation, GCF recommends you simply delete any extra copies of GCFlash as this will ensure that ALL individuals receive any future promotional mailings, which might only be targeted or offered to specific accountholders meeting certain criteria. GCF has the capability to suppress customer e-mail addresses so they are omitted from our transmission list. If you would rather have a specific household memberÃ¢â‚¬â„¢s e-mail address suppressed in our electronic database, simply send us a reply, as stated below, and indicate the accountholder for which you would like to have e-mail suppressed. Please keep in mind that this suppression will mean that NO future e-mails are sent, including special promotional offers. If you have any questions about this process or need additional information, please contact us at email@example.com.
If you would like to be removed from this electronic mailing list, please hit reply and place the word REMOVE in the subject line. Please note, removing your name from our electronic mailing list means GCF will send NO FUTURE NEWS or SPECIAL OFFERS.
Banking With Us