Enter your registered email address to have your User ID sent to you.
Please enter your registered email address to have a Password Reset link sent to you.
Enter your registered email address to have your CompanyID sent to you.
Email has been sent.
Email is required.
Email Address does not exist.
Email Sent To:
To get back into your account, follow the instructions we’ve sent to your email address. Remember to check your spam folder for an email from email@example.com. If you still can’t login, contact your administrator.
North Channel Bank GmbH & Co. KG Beschwerdestelle Erthalstraße 1 Bonifaziusturm B 55118 Mainz
Note: Please note that ordinary e-mails sent via the Internet are neither confidential nor secure, can be viewed, intercepted or altered by third parties or even get lost completely. For these reasons, personal or confidential information should never be sent by ordinary e-mails.
One of the latest bank phishing campaigns aimed at Californians has a Canadian twist: The targets are supposed to be customers of the Royal Bank.
Trend Micro said Tuesday in a blog it detected three waves of phishing email totaling 13,000 messages between July 22 and Aug. 8 apparently aimed at Californians who attackers hope are clients of Royal Bank of Canada. Recipients are addressed as “Dear RBC Express customer” plus a name. The message then claims user roles have been updated and asks the recipient to click on an attachment to approve.
Separately, Canadian banks have been alerted to a possible imminent global ATM attack (see below).
The phishing email comes with an HTML file that takes the victim to an exact copy of an RBC site, where their login credentials would be stolen:
That’s assuming a victim notices these things. Trend Micro says usually about four per cent of targets will fall for a phishing scheme.
Greg Young, the vendor’s vice-president of security, said in email the campaigns were broadly based and the targets weren’t necessarily RBC customers.
At press time an RBC spokesperson had not replied to a request for comment.
It isn’t clear how many U.S.-based RBC Express customers there are. RBC has had operations south of the border for decades, including opening an office in Los Angeles in 1961. In 1989 it stopped offering retail banking in the U.S., preferring to concentrate on business banking until 1998 when it bought online bank Security First Network Bank. It later bought Centura Banks and expanded into Florida, Alabama, Georgia and Texas. Then, after being caught in the U.S. financial housing crisis, RBC Bank USA was sold in 2011. RBC said it then restructured its U.S. banking operations to focus on the personal banking needs of Canadian cross-border clients and U.S. clients of its personal wealth management service. In 2015 it returned to offering retail banking services to American customers by buying Los Angeles-based City National Bank.
It isn’t common for the foreign operations or customers of a bank to be targeted by hackers — usually they go after any customer of a financial institution — although they might not have realized RBC Bank is headquartered outside the U.S. One reason might be the attackers have a stolen list of California-based RBC customers and their email addresses. “Normally these campaigns wouldn’t be geographically centered like this,” said Young.
That’s one of the unique elements of this campaign. Another is the use of an HTML attachment and the third is the quality of the phony login page.
Canadian banks aren’t immune to phishing scams. According to spamfighter.com, in 2011 security vendor GFI Labs spotted fraudulent security update messages being sent to RBC customers.
Experts say security awareness education for consumers is the best way to stop from being stung by such a campaign.
(Editor’s note: This story has been updated from the original, which said it wasn’t clear if all the targets of the email werein fact RBC customers)
ATM attack warning
Meanwhile security reporter Brian Krebs said on the weekend that the FBI has quietly alerted banks that criminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours.
UPDATE: India’s Cosmos Bank, based in the western city of Pune, said hackers used malware last weekend to steal customer information from the company’s ATM server, then used that data to clone thousands of Visa and RuPay debit cards and steal the equivalent of US $13.5 million. The debit cards were then used over the weekend in a number of countries including Canada, Hong Kong, and India.
In an interview Aaron Boles, vice-president of communications at the Canadian Bankers Association, said it has also been alerted through the financial industry who relayed the message to member banks. A typical police or intelligence warning wouldn’t have attack details, he said. Instead banks would be told to be vigilant for threats and have all software patched.
Compromising an ATM for big bucks is increasing. In January Europol announced eight people in Romania and Moldova had been arrested following a number of ATM attacks in Europe. The gang allegedly pried open the machines and installed malware that let them empty the ATM of cash.
In 2016, Krebs says, ATMs of the National Bank of Blacksburg, Virginia were emptied of U.S. $2.4 million from customer accounts. According to the New York Times, in 2012 a gang stole US$45 million from thousands of ATMs in 20 countries in a few hours. According to an indictment, it started when hackers infiltrated the system of an unnamed credit-card processing company in India that handles Visa and MasterCard prepaid debit cards. Then they raised the withdrawal limits on five prepaid MasterCard debit accounts issued by a bank in the United Arab Emirates. The debit cards for those five accounts were then cloned multiple times for the gang to use as often as they could.
Boles said while there have been successful individual ATM attacks in Canada where a card-capturing device was surreptitiously attached to a keypad, there hasn’t been a successful cashout strike of the type described by Krebs in the FBI warning. “We still see some (bank or credit card) skimming activity but the alerts are sporadic and localized in nature,” Boles said. Thanks to the introduction here of bank and credit cards with security chips, so far there’s no evidence of criminals being able to clone cards so they can steal cash. Bank and credit cards that are vulnerable to cloning only have magnetic strips on the back. These are still common in the U.S., although they are being replaced with chip and PIN cards.
Still, Boles said, the CBA urges people to cover a keypad when entering a PIN number in case a criminal has been able to install a pinhole camera to record what people punch in.
The interest basis on a consumer loan (under $25,000, non-real estate secured) is documented incorrectly at 30/365 when it is supposed to be 365/365. Would a modification to the note suffice or would this require redisclosure? Should it be redrafted as a new loan?
If the borrower agrees then a modification would suffice. How was the loan disclosed for TIL purposes? Are your disclosed APR and finance charges within tolerances? If not, those violations have to follow the requirements in section 130 of the TILA. A modification will not negate the violation if one exists.
Absa is tight-lipped about its meeting this week with the banking regulator about how the bank handles cyber risks.
Caroline da Silva, head of regulatory strategy at the Financial Sector Conduct Authority (FSCA), told Money that the regulator’s meeting with Absa was the first of a series it will have with all banks. This comes after a “market conduct risk” across the sector was flagged in a retail banking diagnostic, as well as reports from customers, including one from Johannesburg attorney Mark Heyink.
In June last year, Heyink made submissions to the FSCA detailing Absa clients’ allegations of unfair treatment by the bank in dealing with online banking frauds.
Though the meeting with Absa was general, Da Silva said the issues in Heyink’s submission were discussed, including the predominance of Absa clients in cases of online fraud dealt with by the attorney.
In his report to the FSCA, Heyink, acting for 29 Absa customers referred to him by a digital forensic expert and a computer scientist, claimed that the bank had “improperly” held clients liable for losses resulting from online banking fraud and called on the regulator to investigate Absa and the ombud for banking services.
But Da Silva told Money this week that the FSCA is in an “interim position”, without legislation in place yet to regulate the conduct of banks – the Conduct of Financial Institutions Bill was published in December for comment. “We don’t want to wait for that to take action on their conduct, so we’ve drafted a set of conduct standards which will be published for comment before the end of March and will hopefully be in force before the middle of the year.”
On the question of the conduct of the banking ombudsman, Da Silva said the Twin Peaks regulatory model envisages a stronger ombud system, with a chief ombud to look at the independence, governance and decisions made by both statutory and voluntary/industry ombuds.
In October last year, the South African Banking Risk Information Centre released statistics on digital banking crime for the first time, showing that the number of incidents of online fraud had increased by 64% between 2017 and August 2018.
The conduct Heyink reported to the FSCA relates to Absa holding clients responsible for losses when the bank had allegedly:
• No evidence of negligence on the part of its clients;
• Applied incorrect interpretation of the law relating to the client’s assumption of risk;
• Failed to comply with applicable consumer protection legislation; and
• Failed in its duty of care to its customers.
Heyink and the digital experts quoted in the submission also question whether the security measures taken by Absa were appropriate.
Absa, which would not be drawn on the meeting with the FSCA, also declined to respond to these specific allegations.
Ulrich Janse van Rensburg, head of fraud strategy at retail and business banking at Absa, said internet fraud is of “huge concern” to Absa. “It has an adverse impact on the much-needed relationship of trust between Absa and its customers. For this reason, it is entirely in our interest to ensure not only that world-class security measures are in place, but that when fraud is committed, those responsible are apprehended and made to account. And expeditiously so.
“That’s why Absa takes every possible precaution to safeguard our customers’ money and co-operates closely with the SAPS and industry fraud-prevention bodies such as Sabric [South African Banking Risk Information Centre].
“However, we are unfortunately constrained in instances where the customer would have caused vulnerability by divulging their confidential banking details to third parties, very often without intending to do so. Regrettably, this weakness impacts the entire industry, not only Absa.
“Although Absa is ordinarily not liable for the frauds perpetrated on its customers by third parties in the strict legal sense, it recognises that these crimes have a significant personal impact on the victim and for this reason will come to their financial assistance,” Van Rensburg said.
Almost half of Heyink’s 29 clients accepted settlement offers from Absa covering 50% of their losses. The settlement offers, which were valid for seven days only, were confidential, ex gratia and in full and final settlement of claims against the bank.
In his submission to the FSCA, Heyink said that in consultation with clients who accepted such settlements, in every instance the client said they had accepted the settlement under duress. One client said: “We felt we had a gun to our head.”
Clients who did not accept settlements said they also felt Absa was trying to force them to accept the offer.
Absa said that it does not put pressure on clients and a week is reasonable time for a client to decide whether to accept a settlement. But Heyink said that the circumstances under which the offers were made by Absa placed clients in an unfair bargaining position.
A growing scam of people calling and pretended to be from the Social Security Administration (SSA) and try to get your Social Security number or your money is happening. Click here for some examples of what these Social Security scams sound like.
Romance scammers are wooing people on dating apps and social media by lifting photos to create an attractive profile or stealing the identity of someone else. They will take the time to gain trust. Last year, people reported a median loss of $2,600 from romance scams.
Click here for more information from the FTC with ways to avoid romance scams.
Advance Fee Schemes
An advance fee scheme occurs when the victim pays money to someone in anticipation of receiving something of greater value—such as a loan, contract, investment, or gift—and then receives little or nothing in return.
Jury Duty Scam
The phone rings. You pick it up, and the caller identifies himself as an officer of the court. He says you failed to report for jury duty and that a warrant is out for your arrest. You say you never received a notice. To clear it up, the caller says he’ll need some information for “verification purposes”—your birth date, social security number, maybe even a credit card number.
This is when you should hang up the phone. It’s a scam.
“Congratulations! You may receive a certified check for up to $400,000,000 U.S. CASH! One Lump sum! Tax Free! Your odds to WIN are 1-6. Hundreds of U.S. citizens win every week using our secret system! You can win as much as you want!”
Sound too good to be true? That’s because it is. International con artists use lottery scams such as this to defraud Americans out of more than $120 million a year.
What should you know about foreign lotteries? They’re illegal. Federal law prohibits the cross-border sale or purchase of lottery tickets by phone or mail. They’re losing propositions. Foreign lottery scam artists will drain your bank account or steal the money you sent to pay for the tickets, duties, and taxes.
Natural Disaster Fraud
Hurricanes and other natural disasters bring out the best in people, who volunteer to help with cleanup efforts and make charitable contributions to victims. But a disaster also brings out the worst in people—and not just crooks and scam artists. Donate to relief efforts by visiting charitable websites directly. Do not click links in emails, texts or donate via unexpected phone calls. Contact the charity yourself and donate.
Nigerian Letter or “419” Fraud
Nigerian letter frauds combine the threat of impersonation fraud with a variation of an advance fee scheme in which a letter mailed from Nigeria offers the recipient the “opportunity” to share in a percentage of millions of dollars that the author—a self-proclaimed government official—is trying to transfer illegally out of Nigeria. The recipient is encouraged to send information to the author, such as blank letterhead stationery, bank name and account numbers, and other identifying information using a fax number provided in the letter. Some of these letters have also been received via email through the Internet. The scheme relies on convincing a willing victim, who has demonstrated a “propensity for larceny” by responding to the invitation, to send money to the author of the letter in Nigeria in several installments of increasing amounts for a variety of reasons.
If you receive a letter from Nigeria asking you to send personal or banking information, do not reply in any manner. Send the letter to the U.S. Secret Service, your local FBI office, or the U.S. Postal Inspection Service. You can also register a complaint with the Federal Trade Commission’s Complaint Assistant.
If you know someone who is corresponding in one of these schemes, encourage that person to contact the FBI or the U.S. Secret Service as soon as possible.
Be skeptical of individuals representing themselves as Nigerian or foreign government officials asking for your help in placing large sums of money in overseas bank accounts.
Do not believe the promise of large sums of money for your cooperation.
Online Auction Fraud
There are a variety of online auction frauds, but here are some of the more common ones to watch out for:
Overpayment fraud targets the seller. A seller advertises a high-value item—like a car or a computer—on the Internet. A scammer contacts the seller to purchase the item, then sends the seller a counterfeit check or money order for an amount greater than the price of the item. The purchaser asks the seller to deposit the payment, deduct the actual sale price, and then return the difference to the purchaser.
Wire transfer schemes start with fraudulent and misleading ads for the sale of high-value items being posted on well-known online auction sites. When buyers take the bait, they are directed to wire money to the crooks using a money transfer company. Once the money changes hands, the buyer never hears from them again.
Second-chance schemes involve scammers who offer losing bidders of legitimate auctions the opportunity to buy the item(s) they wanted at reduced prices. They usually require that victims send payment through money transfer companies, but then don’t follow through on delivery.
Online Dating Scam
Here’s how the scam usually works. You’re contacted online by someone who appears interested in you. He or she may have a profile you can read or a picture that is emailed to you. For weeks, even months, you may chat back and forth with one another, forming a connection. You may even be sent flowers or other gifts. But eventually, a time will come when your new-found “friend” is going to ask you for money. So you send money…but rest assured the requests won’t stop there. There will be more hardships that only you can help alleviate with your financial gifts. Your friend may also send you checks to cash since he or she is out of the country and can’t cash the checks themselves, or your friend may ask you to forward a package to him or her. In addition to losing your money to someone who had no intention of ever visiting you, you may also have unknowingly taken part in a money laundering scheme by cashing phony checks and sending the money overseas, and by shipping stolen merchandise (the forwarded package).
Reveton is described as drive-by malware because unlike many viruses—which activate when users open a file or attachment—this one can install itself when users simply click on a compromised website. Once infected, the victim’s computer immediately locks, and the monitor displays a screen stating there has been a violation of federal law.
The bogus message goes on to say that the user’s Internet address was identified by the FBI or the Department of Justice’s Computer Crime and Intellectual Property Section as having been associated with child pornography sites or other illegal online activity. To unlock their machines, users are required to pay a fine using a prepaid money card service.
The IC3 (Internet Crime Complaint Center) suggests the following if you become a victim of the Reveton virus:
Do not pay any money or provide any personal information.
Contact a computer professional to remove Reveton and Citadel from your computer.
Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs.
File a complaint and look for updates about the Reveton virus on the IC3 website.
Senior Citizen Fraud
The threat to seniors is growing…and changing. Baby boomers (born between 1946 and 1964) are now the largest segment of our population—about 78 million people. That means that the number of senior citizens is rising. Many younger boomers also have considerable computer skills, so criminals are modifying their targeting techniques—using not only traditional telephone calls and mass mailings, but also online scams like phishing and email spamming.
Below are a few tips to avoid being victimized:
Shred credit card receipts and old bank statements.
Close unused credit card or bank accounts.
Don’t give out personal information via the phone, mail, or Internet unless you initiated the contact.
Never respond to an offer you don’t understand.
Talk over investments with a trusted friend, family member, or financial advisor.
Require all plans and purchases to be in writing.
Don’t pay in advance for services.
Everyone’s seen them—seductive work-at-home opportunities hyped in flyers tacked to telephone poles, in newspaper classifieds, in your email, and all over the web, promising you hundreds or thousands of dollars a week for typing, stuffing envelopes, processing medical billing, etc. And it’s just a phone call or mouse click away…
These opportunities might be tempting during these uncertain economic times, but beware of any offers that promise easy money for minimum effort—many are scams that fill the coffers of criminals.
Below are a few of the most common work-at-home scams:
Advance-fee: Starting a home-based business is easy! Just invest a few hundred dollars in inventory, set-up, and training materials, they say. Of course, if and when the materials do come, they are totally worthless…and you’re stuck with the bill.
Counterfeit check-facilitated “mystery shopper”: You’re sent a hefty check and asked to deposit it into your bank account, then withdraw funds to shop and check out the service of local stores and wire transfer companies. You keep a small amount of the money for your “work,” but then, as instructed, mail or wire the rest to your “employer.” Sound good? One problem: the initial check was phony, and by the time your bank notifies you, your money is long gone and you’re on the hook for the counterfeit check.
Pyramid schemes: You’re hired as a “distributor” and shell out big bucks for promotional materials and product inventories with little value (like get-rich quick pamphlets). You’re promised money for recruiting more distributors, so you talk friends and family into participating. The scheme grows exponentially but then falls apart—the only ones who make a profit are the criminals who started it.
Unknowing involvement in criminal activity: Criminals—often located overseas—sometimes use unwitting victims to advance their operations, steal and launder money, and maintain anonymity. For example, they may “hire” you as a U.S.-based agent to receive and re-ship checks, merchandise, and solicitations to other potential victims…without you realizing it’s all a ruse that leaves no trail back to the crooks.