Banking Trojan — a malware designed to collect banking information from victims
A phishing campaign has been observed targeting organizations mostly in the US. The malware being deployed as part of the attack is classified as a banking Trojan. The malware is equipped with a variety of sophisticated evasion and information-stealing capability, as well as propagation functionality and a strong persistence mechanism.
How can I prevent it?
- Refrain from opening attachments or clicking links within emails or texts from senders that seem out of place, or context, or from senders that you do not recognize.
- Consider disabling macro functionality in spreadsheet and documents by default.
- Maintain anti-virus software updates/patches on personal computers.
- Route internet requests through an internet proxy to avoid accessing known malicious websites.
- Use DNS services that block access to known malicious sites.
Be Cautious of COVID-19 Related Fraud Schemes
The most common types of fraud schemes will target you through phishing (fake emails), smishing (text messages), and vishing (voice calls). Fraudsters create fraudulent websites, applications, and send emails, SMS messages that include topics like cures for COVID-19, early or expedited economic impact payments, government relief testing locations in your area, and fraudulent medical providers looking to obtain patient information for testing.
Tips for avoiding COVID-19 related fraud schemes:
- Do not provide your logins, financial data, or other personal information in response to an unsolicited email, social media post, text, or phone call. First Horizon will never email or text you requesting you to call or respond with your account number, PIN or access code.
- Refrain from opening attachments or clicking links within emails or texts from senders that you do not recognize. Scammers use email or text messages to trick you into giving them your personal information.
- Don’t trust your Caller ID. Scammers may pose as government officials or First Horizon employees to steal your personal information. First Horizon will never call you directly and ask to verify your account numbers, password or access code.
- Always validate a person’s organization by calling them back through an official phone number. Don't call phone numbers mentioned in the questionable message.
- Be cautious of messages that are making urgent requests. Fraudsters may emphasize the words "stimulus check" or “stimulus payment” when the official term is economic impact payment.
- Visit websites manually by inputting their domains into your browser.
- Protect your devices (e.g., phone, tablet and computer) with the latest browsers, operating systems and antivirus software.
- Seek news about the virus from verified/legitimate sources.
How to report COVID-19 fraud schemes:
- If you believe you are a victim of fraud, notice potentially suspicious activity on your First Horizon account, and/or have provided personal or banking information, contact Customer Service at (800) 382-5465.
- If you receive unsolicited emails, text messages, or social media attempts to gather information that appear to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EETPS), you should forward it to firstname.lastname@example.org.
- If you receive unsolicited phone calls appearing to originate from the CDC, you can report the calls to the Federal Communications Commission.
Protect Your Business: Business Email Compromise Fraud Targeting Construction Companies
A recent fraud scheme targeting construction companies and their vendors involves fraudsters using commercial databases to obtain business identifying information to conduct business email compromise (BEC) fraud.
Fraudsters have been using subscription-based commercial databases to acquire information on commercial construction projects across North America. The acquired database information includes specifics about tens of thousands of construction projects, including key contact information, project costs, bidder lists, plan holder lists, project specifications, and agendas.
BEC fraudsters use this information to register domains similar to legitimate construction company domains that have won job bids and are engaged in ongoing projects. The fraudsters then send an email to the victim company, which includes an attached direct deposit form and instructions to change previously submitted banking information. The new banking information is linked to an account controlled by the fraudster. The victim company then processes the banking information change, and any future invoice payments are made to the altered account.
The following recommendations are to help prevent BEC fraudulent activity from occurring:
- Confirm requests for transfers of funds by using phone verification as part of a two-factor authentication, and verify/use previously known phone numbers.
- Carefully scrutinize all email requests for transfer of funds.
- Verify changes in vendor payment locations by adding additional two-factor authentication, such as having secondary sign-off by company personnel.
- Color code correspondence emails from employee/internal accounts and non-employee/external accounts using distinct colors, or adjust settings on the email client to attach warning labels to emails originating from outside the organization.
- Create an email rule to flag email communications where the “reply” email address is different from the “from” email address shown.
- Create intrusion detection system (IDS) rules that flag emails containing extensions similar to the victim company (e.g., legitimate email is abc_company.com, the IDS rules would flag fraudulent emails for abc-company.com).
If you identify any suspicious or fraudulent transactions that involve your First Horizon Bank account, immediately call First Horizon Bank’s Customer Service at 800-382-5465.
New Wire Fraud Scam Reroutes Payroll Direct Deposits
A recent article by CNBC.com details a current fraud scheme where fraudsters are targeting businesses’ Human Resources departments through email. The fraudsters impersonate senior executives and attempt to convince human resources personnel to change employee’s bank account and routing information in order to route employees’ paychecks to offshore accounts owned by the criminals.
Additionally, the fraudulent emails often go undetected because it defies many existing red flags for malicious communications. The emails are well-written, cordial, and lack misspellings and grammatical errors that would typically trigger email filters.
Focus your company’s efforts, which may include adjusting email filters to pick up common traits of this type of request and training employees in security best practices. Ask your company’s executives to avoid using their personal emails when sending messages. Companies that have been seen versions of this fraud scheme can report it the FBI’s IC3 tip line.
Protect Your Business: Fraud Targeting the Retail Industry with Claims of FBI Involvement
A recent fraud scheme targeting major US retailers involves fraudsters calling store employees demanding they withdraw the day’s cash sales for transfer to the fraudsters. Employees were instructed to violate defined company security protocols, particularly procedures applying to handling money.
The fraudsters claimed to be a senior representative from the retailer’s distribution center and employees were able to verify the caller’s name as a current employee through their internal company system or by searching the internet. The callers stated there was a FBI investigation into counterfeit money involving the particular store and employees were to withdrawal all of the cash deposits from the store safe and purchase Visa® gift cards and Green Dot® cards to get rid of the alleged counterfeit cash. The card information was provided to the fraudsters and the purchase receipts were placed into the store safes. In one variation of this scheme, the caller claimed to be from the company and was partnering with the FBI or another law enforcement agency on the investigation. The caller in another variation claimed to be an FBI Agent involved in an investigation against the company. The agent threatened the employee with obstruction of justice charges and arrest if they did not comply. In two of the incidents, the fraudsters sent confirmation emails to the store employees’ personal email addresses.
The victims all claimed the fraudsters had American accents. Additionally, spoofed email addresses and phone numbers were used and the requests were made just as stores were closing which contributed to the fraud scheme’s success.
The following indicators suggest activity indicative of criminal intent:
- Threatening criminal prosecution
- Requesting funds via Visa gift cards and Green Dot cards
- Instructing to violate company security protocols
- Instructing to commit criminal activity or actions against standard business operating procedures
- Requesting the use of personal email addresses, phones, and communications instead of company devices for business purposes
- Requesting employees come into the business, alone, just as the stores were closing for the day
Direct any requests and questions to your FBI Private Sector Coordinator at your local FBI Field Office: https://www.fbi.gov/contact-us/field-offices.
Beware of calls claiming to be First Horizon Bank
First Horizon Bank customers may be the target of fraud schemes in which a customer is contacted through phone call, email, or text by fraudsters requesting the customer verify personal bank information. A recent scheme involves individuals contacting First Horizon Bank customers using a telephone number spoofed to appear on caller ID as First Horizon Bank’s legitimate Customer Service department phone number. This scheme is an attempt to convince the customer to provide account information, passwords, and in some cases, one-time passcodes that enable takeover of the customer’s account relationship.
It is essential to remember that First Horizon Bank never will contact you directly and ask for your personal or account information that we already have on file. Additionally, we never will ask you to verify your identity by texting codes or passwords to you to confirm who you are. If First Horizon Bank initiates the call, we already will have at hand the information we need.
If you have received a phone call claiming to be from First Horizon Bank and believe you are a victim of fraud or notice potentially suspicious activity on your account, contact Customer Service at 800-382-5465.
Safeguard your card
First Horizon Bank is committed to providing you with the latest in secure technology for conducting your personal card and/or banking transactions. Protecting your account information is critical in preventing unauthorized access to your account. The following are a few methods criminals may use to obtain your card/banking information:
- Skimming devices that look and feel just like a card reader you use at an ATM or gas pump are inserted into the card reader or snapped over the terminal. These devices read your card data as your card is inserted into the terminal, and have the ability to transmit that data in real-time or store the data for future use.
- Sometimes criminals use hand held devices to skim your card (such as an insert into an IPhone or IPad).
How can I prevent it?
- Before using your card, inspect the terminal you are using. If there are any visible signs of tampering, or the terminal looks out of place, you should not use the machine and report it to the attendee/operator in the store where you are attempting to make the purchase. If you are using an ATM, report it to your bank representative, or call the number on the back of your card for assistance.
- Do not use your PIN at a gas pump when using your debit card. In many cases, criminals have placed a small camera over the PIN reader to capture your PIN as you enter it. If you must use your PIN, cover the PIN pad with your hand to prevent a camera from recording while it’s entered.
- When you have to hand your card over to an attendant or cashier to make a purchase, pay attention to what they are doing with your card. Ask them if possible, to please run your card in your presence.
- If available, always insert your card into the merchant terminal. This is more secure and can prevent your card from being counterfeited.
- When shopping online, be sure to look for the “secure transaction symbols” such as a lock symbol on the lower right of the screen.
- Never give out your card, pin or personal information over the phone unless you initiated the call.
Online Banking Fraud
- Keystroke logging devices can be installed on computers that are available for public use, such as libraries or hotel business centers. They can also be downloaded on your personal computer if you click on a malicious link or attachment you receive in an email.
How can I prevent it?
- Avoid using publicly shared computers to check personal bank accounts.
- Maintain anti-virus software updates/patches on personal computers.
Other Ways to Protect Your Card
- Always use the chip! The encryption technology used in your chip cannot be counterfeited and helps to keep your card information secure.
- Never give out your debit card number, PIN or personal information over the phone unless you initiated the call. Remember, to protect your security, the bank is not going to ask you for your account information and/or your PIN information.
- Use Card Control functionality in Online Banking to restrict usage on your card.
- If you have a First Horizon Bank Visa card, sign up for fraud text alerts to be notified when a suspicious transaction occurs.
Protect Your Business from Wire Transfer & ACH Transaction Fraud
First Horizon Bank has identified an increasing trend involving fraudulent wire transfer and ACH requests initiated by corporate customers. The following are some important steps you can take to reduce fraud risk related to wire transfers and ACH transactions.
- Utilize call-back verification procedures for any email or faxed wire transfer request, particularly if the instructions have changed.
- Changes in an ACH funding request should be verified the same way using call-back verification. Be especially vigilant in initiating ACH funding changes based on email or faxed instructions.
- Never use contact information provided in an email or fax to conduct the call-back verification – always use the phone number listed on the account profile or your business records.
- Regardless of the relationship with the customer or business, always verify each email or fax request.
- Even if multiple requests are received from the same party in a short period of time, each request requires separate verification.
- When conducting call-back verification, speak with the requestor to ensure proper verification. Leaving a voicemail is not considered a proper verification method.
- Be aware of suspicious activity and red flags as it relates to wire transfer and ACH transaction fraud to minimize fraud risk.
If you confirm any suspicious or fraudulent transactions that involve your First Horizon Bank account, (particularly wire transfers or ACH transactions), immediately escalate the situation by calling First Horizon Bank’s Customer Service at 800-382-5465. There is a limited recovery window for these transactions and immediate escalation may prevent further loss.
How we protect you
The First Horizon Family of Companies (First Horizon Bank, First Horizon Advisors, and First Horizon) consider the security of your financial information a top priority. We employ extensive security measures to ensure a safe and reliable online experience for all of our customers.
Password Protection – to gain access to an account or account information, a user must verify his or her identity with a password.
Firewall Protection – all systems are protected with firewalls that limit access to only those services that we needed. In addition, all activity passing through the firewall is documented.
128-Bit Key SSL Encryption – before data is exchanged between the customer and the bank, it is encoded or scrambled with 128-bit key SSL encryption. Secure Socket Layer, or SSL, locks the data so that regardless of the path the data takes as it passes across the internet, it only can be opened by the end user with the proper key or 128-character-long combination to the lock on the data. Upon arriving at the computer that requested the information, the packets are reassembled into the original message.
Fraud Detection – we use cutting-edge technology and trained employees to aid in fraud detection. Additionally, we participate in industry consortiums made up of some of the largest financial institutions in the United States, which allows us to address emerging issues in Internet and email fraud.
Email Alerts – email alerts will let you know when your log-in information has been changed. In the event that you did not initiate that change, we ask that you contact us immediately so we can take the necessary steps to block unauthorized users from your account.Additionally, we request that customers enter at least one mobile phone number or email address (two are suggested) upon setting up a Banking Online account. These email addresses and/or mobile phone numbers can be used to send verification emails or texts anytime you initiate a change to your contact information or select to add a custom Payee in Bill Pay Online.
Voice ID – when you call our customer service center, we can now verify you with just the unique characteristics of your voice. You simply speak and our Voice ID technology authenticates you quickly and securely using an encrypted voiceprint, similar to a fingerprint.
Privacy Notice – a copy of our privacy notice can be found here
Federal Laws and Regulations – Federal laws and regulations protect you from fraudulent credit and debit card usage as well as from unauthorized online banking activity.
Safeguarding your smartphone
With the increasing popularity of smartphones, more and more people are using apps to conduct personal business online – business that often requires the use of sensitive information such as bank account numbers, credit card data, or passwords. While your smartphone can make life simpler, you should also be aware of potential threats to the security of your smartphone and the precautions you can take to keep it secure.There are three areas where smartphone users can potentially fall victim to fraudulent activity. Keep these in mind as you use your smartphone as well as the related tips for preventing fraud.
Lost phones – if you've owned a smartphone for any length of time, chances are you've probably misplaced it, at least temporarily. The danger here is that, if you've made purchases on your phone or, perhaps, conducted banking activities with it, someone who finds or steals your phone may be able to extract sensitive personal information from it.
- Set PINs and passwords on your phone’s home screen to prevent unauthorized access to your phone. Configure it to automatically lock after 5 minutes or less of being idle.
- Wherever possible, use different passwords for each of your important log-ins.
- Don’t modify your smartphone’s security settings, as it can undermine valuable built-in security features.
- Keep your smartphone’s operating software up-to-date by enabling automatic updates from your service provider. You may also want to install trustworthy security apps that allow you to remotely locate and erase all of the data stored on your phone.
- Always report a stolen phone. Wireless providers in conjunction with the Federal Communication Commission (FCC) have established a stolen phone database that will help your provider prevent your phone from being activated without your permission.
App downloads – hackers often use apps to entice smartphone users into downloading malware that can steal information or cause damage to your phone.
- Only install apps from trusted sources. If you have doubts, you can check user reviews, confirm the legitimacy of the app store, and compare it to the app sponsor’s official website.
- You may also want to install security apps that allow you to remotely locate and erase all of the data stored on your phone.
Surfing on open Wi-Fi networks – cybercriminals often use unprotected Wi-Fi hotspots to target people online.
- Avoid public hotspots and instead use protected Wi-Fi from sources you trust or your own mobile wireless connection.
- Ignore pop-ups or prompts to download software. They are often a hacker’s attempt to infect your phone with malware or spyware.
- If you don’t get automatic updates, manually update your smartphone’s security software before you travel. Wi-Fi in airports and hotels can be potentially troublesome if your smartphone is not fully protected with the latest security updates.
Multi-Layered Mobile Banking Security– when you use Mobile Banking, you can be certain that your personal information is protected. Our security measures are delivered in a multi-layered platform that offers you security at each level of your Mobile Banking experience.
At enrollment – you will provide credentials upon first use, and your identity is then verified by answering challenge questions generated by an existing authentication system. Once verified, you can use the device to immediately access mobile banking functionality.
Logging in – initiating a secure session requires two factors of authentication: 1) Your confidential passcode; 2) Confirmation of the correct end user device. Without both, authentication will not occur and log-in is prevented. Our process requires that our Mobile Banking users must have previously proven to the bank that the device being authenticated is in the user’s possession and is authorized for access.
Confirming transactions – our systems periodically present mobile users with step-up challenge questions in response to transfer, payment, and check deposit transactions deemed high risk or suspicious. This safeguard provides you with an extra level of security before a transaction is approved.
Other ways you can protect your information
Here are some steps that you can take to ensure your identity and information are as safe as possible.
- Monitor your accounts frequently. Review your accounts and monthly statements to ensure that all information is correct. Additionally, review your credit report annually. Immediately report any discrepancies.
- Verify the contact. Do not provide confidential information via email, text message, or phone call unless you initiated contact. When responding to requests, use a telephone number or web site address you know to be legitimate.
- Beware of "free" offers. Beware of unsolicited requests for cash or account information in exchange for a prize or gift. Remember, if it sounds too good to be true, it probably is.
- Travel light. Only carry what is necessary in your wallet or purse. Photocopy the front and back of your driver's license, passport, and credit cards and store in a secure place in case they are lost or stolen.
- Protect documents. Keep sensitive documents in a safe place, shred all personal and financial information before discarding, and don’t discard receipts at ATMs and gas pumps.
- Practice password safety. Create a strong password for each online service (10 characters, including mixed case letters, numbers, special characters). Change them frequently and store in a secure place.
- Protect yourself online. Verify use of a secure session (https:// not http://) in the browser when banking online and when making online purchases. Also, look for a lock icon in the browser, which indicates a secure website.
- Beware of shoulder surfers. Be aware of your surroundings when entering your Personal Identification Number (PIN) or any other sensitive information at a point-of-sale terminal, an ATM, or in your computer, phone, etc.
- Delete emails from senders you don't recognize. If you get an email that you think is from a person or company you recognize, use caution when clicking on embedded links. If you are suspicious, type the address into your browser instead of clicking the link.
- Report. Notify your bank immediately if you discover that your checks, debit cards, or credit cards have been lost or stolen. Close accounts that you know or believe have been tampered with.
The First Horizon Family of Companies is committed to providing your company with the latest in secure technology for conducting your business or corporate banking. However, there are some important steps you can take to ensure your own internal security.
- Conduct reconciliation of all banking transactions on a daily basis.
- Initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer.
- Familiarize yourself with our account agreement and with your liability for fraud under the agreement and the Uniform Commercial Code as adopted in the jurisdiction. You can also educate yourself with tips on combating fraud in your business.
- Stay in touch with other businesses to share information regarding suspected fraud activity.
- Immediately escalate any suspicious transactions, particularly ACH or wire transfers. There is a limited recovery window for these transactions and immediate escalation may prevent further loss.
- Employ best practices to secure computer systems including:
- If possible, for businesses that transact high value or large numbers of online transactions, it is recommended that all commercial online banking activities be carried out from a stand-alone, hardened and completely locked down computer system from which e-mail and Web browsing are not possible.
- Be suspicious of e-mails purporting to be from a financial institution, government department or other agency requesting account information, account verification or banking access credentials such as usernames, passwords, PIN codes and similar information. Opening file attachments or clicking on Web links in suspicious emails could expose your system to malicious code that could hijack your computer.
- Install a dedicated, actively managed firewall, especially if you have a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to a network and computers.
- Create a strong password with at least 10 characters that includes a combination of mixed case letters, numbers and special characters.
- Prohibit the use of "shared" usernames and passwords for online banking systems.
- Use a different password for each Web site that is accessed.
- Change the password a few times each year.
- Never share username and password information for online services with third-party providers.
- Limit administrative rights on users' workstations to help prevent the inadvertent downloading of malware or other viruses.
- Install commercial anti-virus and desktop firewall software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
- Ensure virus protection and security software are updated regularly.
- Make certain computers are patched regularly, particularly operating systems and key applications with security patches. It may be possible to sign up for automatic updates for the operating system and many applications.
- Consider installing spyware detection programs.
- Clear the browser cache before starting an online banking session in order to eliminate copies of Web pages that have been stored on the hard drive. How the cache is cleared will depend on the browser and version. This function is generally found in the browser's preferences menu.
- Verify use of a secure session (https not http) in the browser for all online banking.
- Avoid using automatic log-in features that save usernames and passwords for online banking.
- Never leave a computer unattended while using any online banking or investing service.
- Never access bank, brokerage or other financial services information at internet cafes, public libraries, etc. Unauthorized software may have been installed to trap account number and sign on information leaving you vulnerable to possible fraud.
How we protect you online
The First Horizon Family of Companies uses a strong authentication process to protect your sensitive information online. Using an authentication method the user knows (user ID and password) and one the user holds (token) for high-risk transactions, ensures that the right user is accessing our products and systems online.
As we upgrade our online banking platform, we will be deploying more sophisticated security solutions that will detect unusual user behavior and prompt the user for more information before granting access. Unusual behavior includes:
- Accessing the system in timeframes the user typically does not access the system
- Accessing the system from different geographical regions
- Accessing the system from different computers
Our external facing applications are protected from malicious attacks against our servers by firewalls and intrusion detection systems. These solutions not only protect our applications from hackers but also detect any intrusion or hack attempts and alert us.