Fraud Information Center
National Penn takes the protection of your personal information and assets very seriously. To reduce the risk of online fraud, scams or identity theft, we employ a myriad of smart safeguards ranging from passwords and firewalls to the encryption of confidential banking data. We also believe that one of the best defenses is good consumer education. To help keep you abreast of the most current fraud protection information, check our alerts and informative links below.
Recent News & Alerts
24 February 2015
According to a recent FBI alert, cyber thieves stole nearly $215 million from businesses in the last 14 months using a scam that starts when business executives or employee email accounts are compromised or spoofed. The fraudster is able to steal money with the help of an unwitting accomplice, an employee who is fooled into submitting a wire request. From the perspective of the company’s financial institution, the transaction appears completely legitimate. Even confirmation calls or other out of band authentication will reach the employee who did indeed submit the request.
There are two versions of this scheme:
The first version is an invoice from a supplier or business partner via a spoofed email address. A fraudster compromises the email of a business user employed by their target company, for example, someone in Accounts Payable. They then monitor the email of the business user looking for vendor invoices. Once a legitimate invoice is found, they modify the beneficiary information such as the routing number and account number to which the payment is to be sent. The fraudster then spoofs the vendor’s email, by creating an email address that is so close to the vendor’s email that most people would not catch the change, and submits the invoice to the target company. The invoice is paid based on familiarity of the vendor name and services provided and would not be detected until the actual vendor contacts the company about a missing payment.
The second version is a payment request by an executive whose email account has been compromised. A fraudster compromises the email account of an executive such as the CFO. A wire transfer is then requested from the compromised email account to a second employee within the company who is normally responsible for processing such requests, such as the Controller. A wire is sent to the company’s financial institution and sent out, even after the financial institution’s verification process is completed, which can be, but not limited to a call back to the Controller.
While wire requests are the preferred method of extracting funds, ACH payments requests should not be ignored. Both schemes hinge on an email request that appears completely legitimate, either coming from an actual email account or one that is so similar that all but the closets scrutiny would miss the variation.
You can help deter this fraud by evaluating requests that are presented via email.
For example; is the request international, when normally the vendor payment is state side? Does the CFO of the company usually email such wire requests, is this out of the normal pattern of activity for them? If anything at all seems odd while processing the request, contact the person requesting by phone to verify the payment.
Fraudulent Correspondence Attributed to Officials of the
Office of the Comptroller of the Currency
13 November 2014
Fictitious correspondence, allegedly issued by the Office of the Comptroller of the Currency (OCC) regarding funds purportedly under the control of the OCC and possibly other government entities, is in circulation. Correspondence may be distributed via e-mail, fax, or postal mail.
Read more >
Ebola Phishing Scams and Malware Campaigns
17 October 2014
National Penn Bank would like to remind customers to protect against email scams and cyber campaigns using the Ebola virus disease (EVD) as a theme. Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system.
A sample screenshot of this phishing attempt is provided below:
Please remember to use best security practices when reviewing email. Do not open unsolicited emails which contain file attachments, embedded links or URL addresses to websites, as they may contain viruses or malware.
We encourage you to take the following preventative measures to help mitigate the security risks:
- Do not follow unsolicited links and do not open unsolicited email messages.
- Use caution when opening email attachments.
- Use caution when visiting untrusted websites.
Community Health Systems Breach
21 August 2014
National Penn has been notified of a data breach with regards to the Community Health Systems network which operates 206 hospitals across the US.
Hackers have gained access to customer names, social security numbers, physical addresses, birthdays and telephone numbers. Based on the information available at this time it is believed that no bank information has been compromised. For more information on the breach: www.chs.net/media-notice-august-19-2014/
For more information on Identity theft please visit the Federal Trade Commission (FTC) www.ftc.gov/bcp/edu/microsites/idtheft
. The FTC maintains a database of identity theft cases used by law enforcement for investigations, and can advise you on your next steps. The FTC may also be reached at 877.382.4357.
Protecting your Passwords
18 August 2014
Protecting your passwords is one way to keep your identity and your personal information safe while online. Creating complex passwords and changing them regularly are the best ways to combat your passwords being stolen or hacked into.
- Make your passwords long. While 6-8 characters is a recommended setting, using over eight characters is one way to make your password more complex
- Use a combination of letters, numbers and special characters
- Add numbers to the middle of the password instead of the beginning or end.
- Example: Pas123swor!d instead of using Password123!
- Avoid using common terms or easy to guess words. Identifying information such as your date of birth, address or relatives names should only be used when combined with a complex password
- Avoid using the same password for more than one site
- Always keep any written record of passwords in a secure place
- Make changing your passwords a priority. Mark your calendar and change them every three to six months.
How to Tell if You've Been Hacked
2 June 2014
Installing and updating antivirus software can go a long way toward protecting your computer and mobile devices from viruses and malware, but it’s important to remember that hackers are always tinkering with their tactics in order to evade detection. Watch out for these signs that you’ve been hacked. Read more >
24 April 2014
National Penn has been made aware that individuals have been receiving a prerecorded phone call and/or text messages notifying them of a suspended debit card. If you receive a text/phone message stating your debit card has been deactivated or asking to provide the card and PIN number to reactivate it – this is a phishing scam.
For your safety – please do not to call or respond to the text/phone message or provide any account information. Please be mindful that unsolicited calls are often used as a way to evoke emotional reactions leading to the disclosure of personal information. National Penn Bank will never ask you to confirm your account number, PIN, password or any other personal information via email, text or phone calls.
If you are a National Penn Customer and believe you have received a fraudulent email, text or phone call, disclosed confidential information or have any questions or concerns, immediately contact National Penn’s Customer Service at 1.800.822.3321.
Heartbleed Security Flaw
14 April 2014
National Penn is aware of the extensively publicized report regarding a new security flaw dubbed “Heartbleed”. Read more >
First Data Phishing Emails
14 February 2014
First Data has learned of a widespread phishing attack telling recipients that their merchant ID has been locked. The phishing attacks have been by email as described below as well as through unsolicited telephone calls.
Read more >
National Credit Scam
27 January 2014
National Penn has been made aware of customers receiving calls from National Credit informing them that their debit cards are blocked.
Read more >
Internal Revenue Service Phishing Email Campaign
17 January 2014
National Penn Bank is aware of public reports of an active phishing attack via email messages claiming to be from the IRS.
Read more >
Back to Top