Beta Bot Malware Blocks Anti-Virus Programs

The FBI is aware of a new type of malware known as Beta Bot. Cyber criminals use Beta Bot to target financial institutions, e-commerce sites, online payment platforms, and social networking sites to steal sensitive data such as log-in credentials and financial information. Beta Bot blocks computer users’ access to security websites and disables anti-virus programs, leaving computers vulnerable to compromise.

Beta Bot infection vectors include an illegitimate but official looking Microsoft Windows message box named “User Account Control” that requests a user’s permission to allow the “Windows Command Processor” to modify the user’s computer settings. If the user complies with the request, the hackers are able to exfiltrate data from the computer. Beta Bot is also spread via USB thumb drives or online via Skype, where it redirects the user to compromised websites.

*Windows Command Process message box
Figure 1, Beta Bot “Windows Command Process” message box

Although Beta Box masquerades as the “User Account Control” message box, it is also able to perform modifications to a user’s computer. If the above pop-up message or a similar prompt appears on your computer and you did not request it or are not making modifications to your system’s configuration, do not authorize “Windows Command Processor” to make any changes.

Remediation strategies for Beta Bot infection include running a full system scan with up-to-date anti-virus software on the infected computer. If Beta Bot blocks access to security sites, download the latest anti-virus updates or a whole new anti-virus program onto an uninfected computer, save it to a USB drive and load and run it on the infected computer. It is advisable to subsequently re-format the USB drive to remove any traces of the malware.

Fraudulent Correspondence Attributed to Officials of the Office of the Comptroller of the Currency

Fictitious correspondence, allegedly issued by the Office of the Comptroller of the Currency (OCC) regarding funds purportedly under the control of the OCC and other government entities, is in circulation. Correspondence may be distributed via e-mail, fax, or postal mail.

Any document claiming that the OCC is involved in holding any funds for the benefit of any individual or entity is fraudulent. The OCC does not participate in the transfer of funds for, or on behalf of, individuals, business enterprises, or governmental entities.

The letters may indicate that funds are being held by Bank of America and that the recipient will be required to pay a mandatory express service charge to have the funds released.

A sample copy of this fraudulent correspondence can be found here, which is being sent to consumers in an attempt to elicit funds from them and to gather personal information to be used in possible future identification theft.

The correspondence in question contains forged signatures of former OCC officials. In addition, the material contains a fictitious e-mail address that is not associated with the OCC.

Before responding in any manner to any proposal supposedly issued by the OCC that requests personal information or personal account information or that requires the payment of any fee in connection with the proposal, the recipient should take steps to verify that the proposal is legitimate. At a minimum, the OCC recommends that consumers

  • contact the OCC directly to verify the legitimacy of the proposal (1) via e-mail at occalertresponses@occ.treas.gov; (2) by mail to the OCC’s Special Supervision Division, 250 E St. SW, Mail Stop 8E-12, Washington, D.C. 20219; (3) via fax to (571) 293-4925; or (4) by calling the Special Supervision Division at (202) 649-6450.
  • contact state or local law enforcement.
  • file a complaint with the Internet Crime Complaint Center at www.ic3.gov if the proposal appears to be fraudulent and was received via e-mail or the Internet.
  • file a complaint with the U.S. Postal Inspection Service by telephone at (888) 877 7644; by mail at U.S. Postal Inspection Service, 222 S. Riverside Plaza, Suite 1250, Chicago, IL 60606-6100; or via the online complaint form at https://postalinspectors.uspis.gov/forms/MailFraudComplaint.aspx, if the proposal appears to be fraudulent and was delivered through the U.S. Postal Service.

Any information regarding the subject of this or any other alert that you wish to bring to the attention of the OCC may be sent to occalertresponses@occ.treas.gov.

 

 

Vishing Scam

We have received reports of phone calls from an unknown telephone number in which an automated message claims that the customer’s debit card has been deactivated, and they are instructed to enter their card number in order to reactivate the card. This is a vishing scam, and customers are advised to hang up the phone immediately. Central National Bank does not use automated messages to contact customers about their accounts. If you have any questions, please call us at 1-888-262-5456.

OCC Issues Alert on Fraudulent Letters

The Office of the Comptroller of the Currency yesterday issued an alert about fraudulent letters — distributed via email, fax, or postal mail — involving funds purportedly under the control of the OCC and other government entities.

“The letters may indicate that funds are being held by the Halifax Bank, London, England, and that the recipient will be required to pay a mandatory express service charge to have the funds released,” the OCC said. The letters are “being sent to consumers in an attempt to elicit funds from them and to gather personal information to be used in possible future identification theft.”

The letters also contain forged signatures of former OCC officials and a fictitious email address. The agency emphasized that any document claiming that the OCC is involved in holding any funds for the benefit of an individual or entity is fraudulent. “The [agency] does not participate in the transfer of funds for, or on behalf of, individuals, business enterprises or governmental entities,” the OCC said.

Read the OCC alert

View an example of the fraudulent letters

Phishing Reminder

During the holiday season, cyber criminals aggressively create new ways to steal money and personal information. Scammers use many techniques to fool potential victims, including conducting email and texting schemes posing as their bank.

Please remember that Central National Bank will not use email or text messages to communicate issues with your debit card or on-line banking. If you receive a suspicious email or text, do not click on any link included in the communication. Instead call the Bank and we will happy to answer questions or concerns.

Phishing Emails Reported

We are receiving reports of phishing emails being sent from what appears to be a NetTeller email address customer _service @cm.netteller.com with the subject line of NetTeller Watch Notice. These are bogus emails trying to get you to click on the embedded NetTeller access link. These emails are NOT coming from NetTeller or Central National Bank. Should you receive an email, DO NOT to clink on the link. Instead, permanently delete the email.

BBB Issues Nationwide Warning

The Better Business Bureau (BBB) has issued a nationwide warning about a new scam claiming that President Obama will pay consumers’ utility bills through a federal program.

How the Scam Works:

Consumers are being contacted via telephone, fliers, social media and text messages and various other means with claims that President Obama is providing credits or applying payment to utility bills.

To receive the money, scammers claim to need the consumer’s Social Security Number (SSN), financial institution routing number and account number. In return, the consumers are given a fraudulent financial institution routing number to use in order to pay their utility bills through an automated telephone service.

The payment service initially seems to accept the payment but then declines it within a few days of finding the banking information to be invalid. The consumer’s bill has not been paid and his/her SSN and personal financial information have been compromised.

Helpful Tips:

The BBB offers the following tips to help consumers avoid becoming victim of this scam:

  • Never provide your SSN, credit card number or banking information to anyone who calls you, regardless of whom they claim to be representing.
  • If you receive a call claiming to be your utility company and feel pressured for immediate payment or personal information, hang up and call the customer service number on your utility bill.
  • Never allow anyone into your home to check electrical wiring, natural gas pipes or appliances unless you have scheduled an appointment or reported a problem. Also, ask the employee for proper identification.
  • Think safety first, always. Do not give in to high pressure tactics for information over the phone or in person.

New Vishing Phone Scam

We have received reports of phone calls from a 206 area code in which an automated message claims that the customer’s debit card has been deactivated, and they are instructed to press 1 to reactivate the card.  This is a vishing scam, and customers are advised to hang up the phone immediately.  Central National Bank does not use automated messages to contact customers about their accounts.  If you have any questions, please call us at 1-888-262-5456.

 

Fraudulent E-Mail Survey

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being sent from the FDIC.

The e-mail exhibits the “Subject” line: “SURVEY CODE: STJSPNUPUT”. The “From” line may exhibit variations; however, the messages are similar.

The email states, “You have been chosen by the FDIC to take part in our quick and easy 5 questions survey. In return we will credit $100 to your account just for your time!” The recipient is then instructed to “Click here to Continue.”Recipients should not click on the link provided.

This email and link are fraudulent. Recipients should consider the intent of the email as an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers. As a reminder, the FDIC does not send unsolicited emails to consumers or business account holders.

New Phishing Scheme

We are receiving reports of phishing emails being sent from what appears to be coming from our online banking service provider with an email address of customer _service @cm.netteller.com with the subject line of NetTeller Watch Notice. These are “Phishing emails” trying to get customers to click on the embedded access link. These emails are not coming from the bank or our online banking service provider. Please be advised that if you receive an email, that you NOT to clink on the link. It is recommended to permanently delete the email.

Just as a reminder Central National Bank nor our service provider would send an unsolicited email requesting you to provide personal information.

If you have questions feel free to contact our Online Services Department at 1-888-262-5456 or email us atinfo@centralnational.com.