A phishing campaign has been observed targeting organizations mostly in the US. The malware being deployed as part of the attack is classified as a banking Trojan. The malware is equipped with a variety of sophisticated evasion and information-stealing capability, as well as propagation functionality and a strong persistence mechanism.
How can I prevent it?
The most common types of fraud schemes will target you through phishing (fake emails), smishing (text messages), and vishing (voice calls). Fraudsters create fraudulent websites, applications, and send emails, SMS messages that include topics like cures for COVID-19, early or expedited economic impact payments, government relief testing locations in your area, and fraudulent medical providers looking to obtain patient information for testing.
Tips for avoiding COVID-19 related fraud schemes:
How to report COVID-19 fraud schemes:
Be aware of government imposters calling or messaging consumers about a special COVID-19 government grant. The callers indicate that it’s necessary to verify the recipient’s identity and may suggest the recipient will receive their stimulus check faster if they share personal details and pay a small "processing fee."
It's important to remember that the IRS will never call and ask consumers to verify payment details. Your stimulus check will be deposited into the direct deposit account previously provided on your tax return, or in the alternative, a paper check will be mailed.
Never give out your bank account number, debit card number, or other personal identifying information to anyone, even if someone claims it’s necessary to receive your stimulus check. If you receive a call, do not engage the caller and just hang up. If you receive text messages or emails claiming that you can get your money faster by sending personal information or clicking links, delete them. Never click on links or attachments from emails in which you are not familiar with the sender. Official stimulus/relief information regarding COVID-19 will never be sent via text/SMS or on any other messaging platforms.
Additionally, be aware of fraudulent stimulus checks received in the mail. Red flags for these fraudulent checks include: a “stimulus check” for an odd amount, especially one with cents, or a check that requires the recipient to verify the check by calling a number or visiting a specific website.
Fraudulent First Horizon text messages and spoofed phone calls appearing to be from First Horizon Customer Service are continuing to target customers. In both instances, the customer’s personal banking information is being requested (e.g., online banking username, password, account number, etc.).
It is essential to remember that First Horizon Bank will never initiate contact with you directly and ask for personal or account information, including requests to verify your identity by texting codes or passwords. However, in situations where you initiate contact with First Horizon’s customer service department, the call center representative may utilize these methods to secure your account and/or verify your identity.
If you receive a text message or phone call regarding this scheme, do not click on the link or hang up immediately. You may check your account via the mobile app, saved website link, or by calling the number on the back of your credit/debit card. If they have clicked on the link or provided sensitive information, contact Customer Service at 800-382-5465.
Please be suspicious if you receive checks in the mail from any organization asking you to be a secret shopper on its behalf. Often these offers are simply fraudsters attempting to find new ways to get their hands on your money.
Here’s an overview of how the scam works:
Bottomline: Do not proceed with any scheme that asks you to deposit checks and then transfer money or purchase gift cards and send card information. These are scams that can cost you hundreds of dollars of your hard earned money
First Horizon Bank customers may be the target of fraud schemes in which a customer is contacted through phone call, email, or text by fraudsters requesting the customer verify personal bank information. A recent scheme involves individuals contacting First Horizon Bank customers using a telephone number spoofed to appear on caller ID as First Horizon Bank’s legitimate Customer Service department phone number. This scheme is an attempt to convince the customer to provide account information, passwords, and in some cases, one-time passcodes that enable takeover of the customer’s account relationship.
It is essential to remember that First Horizon Bank never will contact you directly and ask for your personal or account information that we already have on file. Additionally, we never will ask you to verify your identity by texting codes or passwords to you to confirm who you are. If First Horizon Bank initiates the call, we already will have at hand the information we need.
If you have received a phone call claiming to be from First Horizon Bank and believe you are a victim of fraud or notice potentially suspicious activity on your account, contact Customer Service at 800-382-5465.
A recent fraud scheme targeting construction companies and their vendors involves fraudsters using commercial databases to obtain business identifying information to conduct business email compromise (BEC) fraud.
Fraudsters have been using subscription-based commercial databases to acquire information on commercial construction projects across North America. The acquired database information includes specifics about tens of thousands of construction projects, including key contact information, project costs, bidder lists, plan holder lists, project specifications, and agendas.
BEC fraudsters use this information to register domains similar to legitimate construction company domains that have won job bids and are engaged in ongoing projects. The fraudsters then send an email to the victim company, which includes an attached direct deposit form and instructions to change previously submitted banking information. The new banking information is linked to an account controlled by the fraudster. The victim company then processes the banking information change, and any future invoice payments are made to the altered account.
If you identify any suspicious or fraudulent transactions that involve your First Horizon Bank account, immediately call First Horizon Bank’s Customer Service at 800-382-5465.
A recent article by CNBC.com details a current fraud scheme where fraudsters are targeting businesses’ Human Resources departments through email. The fraudsters impersonate senior executives and attempt to convince human resources personnel to change employee’s bank account and routing information in order to route employees’ paychecks to offshore accounts owned by the criminals.
Additionally, the fraudulent emails often go undetected because it defies many existing red flags for malicious communications. The emails are well-written, cordial, and lack misspellings and grammatical errors that would typically trigger email filters.
Focus your company’s efforts, which may include adjusting email filters to pick up common traits of this type of request and training employees in security best practices. Ask your company’s executives to avoid using their personal emails when sending messages. Companies that have been seen versions of this fraud scheme can report it the FBI’s IC3 tip line.
A recent fraud scheme targeting major US retailers involves fraudsters calling store employees demanding they withdraw the day’s cash sales for transfer to the fraudsters. Employees were instructed to violate defined company security protocols, particularly procedures applying to handling money.
The fraudsters claimed to be a senior representative from the retailer’s distribution center and employees were able to verify the caller’s name as a current employee through their internal company system or by searching the internet. The callers stated there was a FBI investigation into counterfeit money involving the particular store and employees were to withdrawal all of the cash deposits from the store safe and purchase Visa® gift cards and Green Dot® cards to get rid of the alleged counterfeit cash. The card information was provided to the fraudsters and the purchase receipts were placed into the store safes. In one variation of this scheme, the caller claimed to be from the company and was partnering with the FBI or another law enforcement agency on the investigation. The caller in another variation claimed to be an FBI Agent involved in an investigation against the company. The agent threatened the employee with obstruction of justice charges and arrest if they did not comply. In two of the incidents, the fraudsters sent confirmation emails to the store employees’ personal email addresses.
The victims all claimed the fraudsters had American accents. Additionally, spoofed email addresses and phone numbers were used and the requests were made just as stores were closing which contributed to the fraud scheme’s success.
Direct any requests and questions to your FBI Private Sector Coordinator at your local FBI Field Office: https://www.fbi.gov/contact-us/field-offices.
First Horizon Bank is carefully monitoring the Equifax data breach and our customers’ accounts for suspicious activity. Customers can get more information from Equifax at https://www.equifaxsecurity2017.com/. We take our customers’ security seriously. Our security measures are well established and rigorously tested, and, as always, we encourage customers to safeguard their financial information.
Learn more about what you can do to protect yourself.
A phishing scheme targeting First Horizon Bank is being sent through text messages. This scheme is an attempt to get the user to reset their security answers. This information is intercepted and used to take over the account.
If you receive a text message regarding this scheme, do not click on the link. If you have clicked on the link and provided sensitive information, we strongly encourage you to change your password and security questions immediately, using the actual First Horizon Bank website at www.firsthorizon.com or to call Customer Service at (800) 382-5465.
Being able to use your debit card at the gas pump is convenient; however, be cautious of skimming devices embedded onto the card readers. These skimming devices are used to copy account data as well as PINs if used during the transaction. Once the information is captured, your card information can be used to make counterfeit cards to withdraw cash from your account at ATMs or make card purchases.
To minimize your chance of being compromised by debit and credit card skimmers at gas pumps, use the following tips:
If you need to report fraud on your credit or debit card, you can do so by contacting us at 800-382-5465. We are available to assist with card fraud 24 hours a day, 7 days a week.
Elder fraud and financial exploitation is forecasted to become the fastest growing crime in the next 10 years. Sadly, the people exploiting older adults are often family members, caregivers, or other trusted individuals who are handling the financial affairs of a parent, relative, caretaker, or friend.
You can help protect seniors from fraud and exploitation by preventing the abuse and intervene early when the threat is from trusted persons handling financial affairs, fraudsters and theft by staff or intruders.
A variety of things you observe or detect may signal that a senior is a victim of fraud or financial exploitation. Here are a few of the many red flags you may see:
Your top priority should be early recognition, documentation, and reporting. If you feel a senior is being financially abused, report the situation to your nearest branch. All branches have an Elder Fraud and Financial Exploitation brochure available for additional resources and information.
Please be aware of a scheme involving fraudulent e-mails sent to a company’s tax reporting employee(s) purporting to be from the company’s CEO requesting that a “salary review” be conducted on 2015 W-2s.
These e-mail requests have been determined to be fraudulent and should be deleted. Some companies have already provided Social Security numbers of their employees, which would then be used by cyber thieves for identity theft.
With the heightened attention regarding the theft of personal data, we remind our customers to be aware of fraudulent correspondence. Do not provide any sensitive personal information requested through email, text or phone call. Here are some tips we recommend to protect your identity:
Be aware of a recent payday loan scheme that involves operators fraudulently soliciting money from consumers. The operators of this payday loan fraud scheme are using threatening tactics (e.g., lawsuits, asset seizure, arrest) to force consumers into immediately paying debt on loans they never authorized or paid off several years ago. Those perpetrating this scam have obtained identifying information about consumers (e.g., Social Security numbers, addresses, banking information) and will use this in order to appear as a legitimate collection agency.
Numerous consumers also reported their place of employment has been contacted in an attempt to collect “past due” funds.
To avoid becoming a victim or if you believe you are a victim of this scheme, follow these tips:
ACH (Automated Clearing House) is used to process direct deposits, checks, bill payments and cash transfers between businesses and individuals. It can also be a popular way for fraudsters to steal money from unsuspecting consumers. ACH fraud is a scheme that is expected to continue to trend upwards.
To avoid becoming a victim, follow these tips:
If you believe you are a victim of ACH fraud, contact Customer Service at 800-382-5465.
Recently there has been an increase in fraud schemes where customers are being contacted by phone or email to obtain personal information, such as account information (account numbers) and/or identifying information (e.g., social security number, date of birth). Some tactics used include advising you that there is a problem or missing information related to your account and additional information is needed to correct the issue. In some cases, threatening tactics may be used (e.g., criminal pursuit, collection agency referral) to obtain this information. To avoid becoming a victim, follow these tips:
We have the necessary information to conduct business with you and we would not ask you to supply your full account number or card number during a phone call.
If you have received a phone call purporting to be from us and believe you are a victim of fraud or notice suspicious activity on your account, contact Customer Service at 800-382-5465.
Card cracking is a form of fraud where consumers respond to an online solicitation for "easy money" and provide a debit card for withdrawal of fake check deposits. Click here to learn more.
In a recent social media scheme (primarily Facebook), users are being enticed into opening new accounts or using their existing accounts in exchange for merchandise or “fast cash.” The proposal is typically made via a post with pictures of cash or other items encouraging anyone interested to comment for more information. The accounts are ultimately used to conduct transactions involving the deposit of fraudulent checks and subsequent fraudulent card purchases/ATM withdrawals.
Consumers should be aware that participation in this type of scheme is illegal and that you may be held responsible for purchases or cash withdrawals made from the proceeds of a fraudulent check deposit. Such activity could result in account closure and possible criminal prosecution.
If you have any questions or see any posts like this on Facebook or other social media sites, please contact Corporate Security at 901-523-5336.
If you receive an unsolicited offer that promises you something in exchange for money or account information, you should not respond unless you are sure the offer is legitimate. Common scenarios include offers that require an upfront fee, requests to wire funds, a notice that you won a lottery/contest, or a person on a social website who asks for money (e.g., travel money to meet you, emergency cash, medical bills, etc.).
If you receive an offer or request and are unsure if it is legitimate, contact customer service at 800-382-5465. Remember, if it sounds too good to be true, it probably is.
If your business accepts wires and/or sends outgoing wires to or on behalf of customers, beware of a scheme in which hackers can take over a legitimate email address and initiate fraudulent wire requests. (See article "Important Notice: Beware of Recent Email Scheme" below.)
Ensure that your business has procedures in place to verify any wire that is received via email or fax. For example, calling your customer directly using a phone number on file before proceeding with a wire can determine if the customer actually sent the request.
If you become aware that your customer's email has been compromised, advise the customer to contact their email and virus software providers, as their password/account information could have been compromised by a third party.
The First Horizon Family of Companies takes your account security very seriously. Sometimes fraudsters have the ability to take over a customer's email accounts and send requests to bank employees asking for wire transfers or account information. Please be assured that we will never disclose your personal account information or initiate a wire transfer via e-mail.
There are steps you can take to help protect yourself against this scheme, such as:
If you become aware of sensitive information that has been compromised through your email, contact your email and virus software providers, as your password/account information could have been compromised by a third party.