Fraud Information Center

National Penn takes the protection of your personal information and assets very seriously. To reduce the risk of online fraud, scams or identity theft, we employ a myriad of smart safeguards ranging from passwords and firewalls to the encryption of confidential banking data. We also believe that one of the best defenses is good consumer education. To help keep you abreast of the most current fraud protection information, check our alerts and informative links below.

Recent News & Alerts

TRAVELING? Keep your electronics safe.
03 June 2015

Here’s how to avoid theft, loss and snooping when you’re on the road when YOU TRAVEL; especially if you are likely bringing a fleet of electronics with you in addition to your toothbrush and eye mask. But remember that smartphones, laptops, tablets—all of them are juicy targets for bad guys. Follow these tips to make sure your devices come home safely.

Protect yourself on public Wi-Fi

Public Wi-Fi hotspots can be dangerous. Using a virtual private network (VPN) on public Wi-Fi hotspots will prevent snooping. If you’re connected to a malicious Wi-Fi hotspot that attempts to funnel you to fake phishing sites, the VPN will bypass all that junk and allow you to browse normally.

Lock everything 

Some people set their laptops and PCs to log them in automatically, without a password. If that’s your usual M.O., change it before you hit the road. Set up a PIN, pattern lock or some authentication that must be entered when you turn on or awaken your device.

Track your tech

Set up device-tracking, remote-locking and remote-wiping features in advance. Also familiarize yourself with the web-based interface for tracking your devices. Features like remote wiping may not be enabled by default, so check those as well. Tracking is tougher with computers. Windows laptops, Chromebooks and Linux PCs don’t come with anything built in. You may want to install PC-tracking software. Windows tablets also lack built-in tracking, so you’ll need to install a third-party utility on these devices as well.

Encrypt all your data

Don’t be the next person who misplaces a laptop with personal information on it. Encryption ensures someone can’t snoop through your stuff if your device is stolen.

Store backups in another location

Proper backups can help you recover data if your device is stolen, broken or lost. One option is to go to the cloud with an online backup service, or back up to an external hard drive. For maxi-mum security use both, and keep backups in multiple locations.

Watch your stuff

Staying secure on the road isn’t just about software features—you also need to stay alert and keep an eye on your stuff in the physical world. Carry your smartphone in your front pocket, not your back one, or in a cross-body bag. Don’t leave devices on a table in a restaurant when you go to the restroom. Keep either your eyes or a hand on them at all times. When you’re not using your laptop, keep it in a bag to make it less of a tar¬get. If you’re staying in a hotel, any devices you aren’t carrying with you should be locked in your room’s safe or tucked into a bag or suitcase (lockable if possible).

OCC AlertFictitious
10 March 2015

Fictitious Correspondence Regarding the Release of Funds Supposedly Under the Control of the Office of the Comptroller of the Currency

Fictitious correspondence, allegedly issued by the Office of the Comptroller of the Currency (OCC) regarding funds purportedly under the control of the OCC and possibly other government entities, is in circulation. Correspondence may be distributed via e-mail, fax, or postal mail.

Any document claiming that the OCC is involved in holding any funds for the benefit of any individual or entity is fraudulent. The OCC does not participate in the transfer of funds for, or on behalf of, individuals, business enterprises, or governmental entities.

The correspondence may indicate that funds are being held by a specific financial institution and that the recipient is required to pay a “Clean Bill of Records Certificate (C.B.R.C.)” fee before the funds are released to the beneficiary.

E-mails being sent in regard to this scam appear to be sent from officials at the OCC, but they are not. The e-mail address used in the electronic correspondence may be from []. This material is being sent to consumers in an attempt to elicit funds from them and to gather personal information to be used in possible future identification theft.

Before responding in any manner to any proposal supposedly issued by the OCC that requests personal information or personal account information, or that requires the payment of any fee in connection with the proposal, recipients should take steps to verify that the proposal is legitimate. At a minimum, the OCC recommends that consumers

  • contact the OCC directly to verify the legitimacy of the proposal
    (1) via email at;
    (2) by mail to the OCC’s Special Supervision Division, 400 7th St. SW,
    Suite 3E-218, MS 8E-12, Washington, DC 20219;
    (3) via fax to 571.293.4925; or
    (4) by calling the Special Supervision Division at 202.649.6450.
  • contact state or local law enforcement.
  • file a complaint with the Internet Crime Complaint Center at if the proposal appears to be fraudulent and was received via e-mail or the Internet.
  • file a complaint with the U.S. Postal Inspection Service by telephone at 888.877.7644; by mail at U.S. Postal Inspection Service, Office of Inspector General, Operations Support Group, 222 S. Riverside Plaza, Suite 1250, Chicago, IL 60606-6100; or via the online complaint form at, if the proposal appears to be fraudulent and was delivered through the U.S. Postal Service.

Information regarding the subject of this or any other alert that you wish to bring to the attention of the OCC may be sent to

FBI Alert
24 February 2015

According to a recent FBI alert, cyber thieves stole nearly $215 million from businesses in the last 14 months using a scam that starts when business executives or employee email accounts are compromised or spoofed. The fraudster is able to steal money with the help of an unwitting accomplice, an employee who is fooled into submitting a wire request. From the perspective of the company’s financial institution, the transaction appears completely legitimate. Even confirmation calls or other out of band authentication will reach the employee who did indeed submit the request.

There are two versions of this scheme:

The first version is an invoice from a supplier or business partner via a spoofed email address. A fraudster compromises the email of a business user employed by their target company, for example, someone in Accounts Payable. They then monitor the email of the business user looking for vendor invoices. Once a legitimate invoice is found, they modify the beneficiary information such as the routing number and account number to which the payment is to be sent. The fraudster then spoofs the vendor’s email, by creating an email address that is so close to the vendor’s email that most people would not catch the change, and submits the invoice to the target company. The invoice is paid based on familiarity of the vendor name and services provided and would not be detected until the actual vendor contacts the company about a missing payment.

The second version is a payment request by an executive whose email account has been compromised. A fraudster compromises the email account of an executive such as the CFO. A wire transfer is then requested from the compromised email account to a second employee within the company who is normally responsible for processing such requests, such as the Controller. A wire is sent to the company’s financial institution and sent out, even after the financial institution’s verification process is completed, which can be, but not limited to a call back to the Controller.

While wire requests are the preferred method of extracting funds, ACH payments requests should not be ignored. Both schemes hinge on an email request that appears completely legitimate, either coming from an actual email account or one that is so similar that all but the closets scrutiny would miss the variation.

You can help deter this fraud by evaluating requests that are presented via email.
For example; is the request international, when normally the vendor payment is state side? Does the CFO of the company usually email such wire requests, is this out of the normal pattern of activity for them? If anything at all seems odd while processing the request, contact the person requesting by phone to verify the payment.

Fraudulent Correspondence Attributed to Officials of the
Office of the Comptroller of the Currency

13 November 2014

Fictitious correspondence, allegedly issued by the Office of the Comptroller of the Currency (OCC) regarding funds purportedly under the control of the OCC and possibly other government entities, is in circulation. Correspondence may be distributed via e-mail, fax, or postal mail.
Read more >

Ebola Phishing Scams and Malware Campaigns
17 October 2014

National Penn Bank would like to remind customers to protect against email scams and cyber campaigns using the Ebola virus disease (EVD) as a theme.  Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system.

A sample screenshot of this phishing attempt is provided below:

Please remember to use best security practices when reviewing email.  Do not open unsolicited emails which contain file attachments, embedded links or URL addresses to websites, as they may contain viruses or malware.

We encourage you to take the following preventative measures to help mitigate the security risks:

  • Do not follow unsolicited links and do not open unsolicited email messages.
  • Use caution when opening email attachments.
  • Use caution when visiting untrusted websites.

Community Health Systems Breach
21 August 2014

National Penn has been notified of a data breach with regards to the Community Health Systems network which operates 206 hospitals across the US.

Hackers have gained access to customer names, social security numbers, physical addresses, birthdays and telephone numbers.  Based on the information available at this time it is believed that no bank information has been compromised. 

For more information on Identity theft please visit the Federal Trade Commission (FTC) The FTC maintains a database of identity theft cases used by law enforcement for investigations, and can advise you on your next steps. The FTC may also be reached at 877.382.4357.

Protecting your Passwords
18 August 2014

Protecting your passwords is one way to keep your identity and your personal information safe while online. Creating complex passwords and changing them regularly are the best ways to combat your passwords being stolen or hacked into.

  • Make your passwords long. While 6-8 characters is a recommended setting, using over eight characters is one way to make your password more complex
  • Use  a combination of letters, numbers and special characters
  • Add numbers to the middle of the password instead of the beginning or end.

Example:  Pas123swor!d instead of using Password123!

  • Avoid using common terms or easy to guess words. Identifying information such as your date of birth, address or relatives names should only be used when combined with a complex password
  • Avoid using the same password for more than one site
  • Always keep any written record of passwords in a secure place
  • Make changing your passwords a priority. Mark your calendar and change them every three to six months.

How to Tell if You've Been Hacked
2 June 2014

Installing and updating antivirus software can go a long way toward protecting your computer and mobile devices from viruses and malware, but it’s important to remember that hackers are always tinkering with their tactics in order to evade detection. Watch out for these signs that you’ve been hacked.  Read more >

Back to Top