ATTENTION BANK CUSTOMERS

PLEASE BE ADVISED that we have received several reports of phone calls being made to our customers informing them that their debit card is locked, and to press 1 to receive help to get unlocked. 

THIS IS A SCAM

It is an attempt to steal your information.  Please do not give any information to the people making these calls; just hang up. 

Please contact Laona State Bank if you receive a call like this.

_______________________________________________________________________________________________________________________________________

Dridex Banking Trojan: Worldwide Threat

Phishing Campaign Uses Malware Embedded in Word Documents

Attackers are targeting online banking users' account information worldwide through sophisticated phishing attacks designed to deliver Microsoft Word documents containing malicious macro code known as Dridex.  Dridex is a variant of the Cridex malware, which is also designed to steal personal information. 

Attackers leveraging this new banking malware have dusted off a legacy tactic in which infection occurs through a believable spamming campaign. The new banking Trojan may not be as  significant as other variants because it relies heavily on social engineering to get someone to open an infected file, something that in our modern times of security awareness isn't as successful as it used to be. However, once installed, the malware is just as dangerous as other variants currently out.  Still, accountholders can be fooled through this latest social engineering scheme, so we are continuing to educate our customers about phishing threats.

How It Works
To launch an attack, criminals send a spam message with a Word document attached that contains the Dridex malware. If a user opens the Word document, they must enable the macro feature, which is disabled by default, in order for the malware to be downloaded. Some malicious attachments state that the content will not be visible unless the macro feature is enabled.

Once downloaded, Dridex monitors for activity related to online banking. The malware then performs information theft through such methods as form grabbing, screenshots and site injections.

By collecting online banking data, cyber-attackers can access bank accounts and transfer funds to their own accounts. Like any Trojan infection, Dridex is a highly harmful infection that must be removed upon detection.


   

Effective October 17, 2014, MasterCard is extending its zero liability limitation in the U.S. to include all MasterCard PIN-based and ATM transactions.  This is in addition to coverage already provided on signature debit and credit transactions.  To be covered by the zero liability limitation, the cardholder must promptly report the loss or theft as soon as becoming aware of it.   

 


 What's My FICO Score and Why Does It Matter?

Many adults become aware of their FICO score when applying for a home mortgage or other loan. They may learn that their score is 690 or 740 or 770. But what does it really mean?

FICO is a firm once known as Fair Isaac Company. It specializes in analyzing data to create a financial grade for each potential borrower. The score is used to help banks and other lenders predict how likely it is that a consumer will pay his or her bills on time and be able to handle a mortgage amount or credit line. The score is also a factor in the interest and terms of your loan. 

To create a score ranging from a low of 300 to a high of 850, FICO uses information provided by the three major reporting agencies: Equifax, Experian, and TransUnion. When creating a score, FICO considers the following factors: 

  • Payment history-Have you paid your bills on time? If not, how late were you, and how often were you late? (This factor contributes 35% of your score.)
  • Amounts owed-on each account and how much of your credit limit have you used (Contributes 30% of your score.)
  • Credit history-How long have you had each account? (Contributes 15% of your score.)
  • New credit-How many new accounts or queries have you had? (Contributes 10% of your score.)
  • Types of credit-What types of debt do you have? (Contributes 10% of your score.) 

What does your score mean? 

  • 800 or higher: Flawless (13% of the population have this score.)
  • 750 - 799: Excellent (27%)
  • 700 - 749: Good (18%)
  • 650 - 699: Mediocre (15%)
  • 600 - 650: Not good (12%)
  • 550 - 599: Poor (8%)
  • 500 - 549: Terrible (5%)
  • 499 and below: Worst (2%) 

By now, you may be wondering how to find your FICO score. While you can find your scores based on information from the three major reporting agencies online at www.myfico.com, these are not free. In addition, they may not be the precise scores used by your lender. 

A better value is to request a free credit report from the three major reporting agencies online at www.annualcreditreport.com or by toll-free phone at 877-322-8228. Keep in mind the factors that FICO considers when reviewing your credit reports to get a handle on your approximate score. Also be sure to check these reports annually and inform the agencies if you spot any errors or inaccuracies. 

To learn more about your financial health, visit the Wisconsin Department of Financial Institutions' Financial Wellness Checklist Center at www.wdfi.org/ymm/wellness_checklist.htm.


 Computer Security

Scammers, hackers, and identity thieves are looking to steal your personal information – and your money. But there are steps you can take to protect yourself, like keeping your computer software up-to-date and giving out your personal information only when you have a good reason.

Don’t buy security software in response to unexpected pop-up messages or emails, especially messages that claim to have scanned your computer and found malware. Scammers send messages like these to try to get you to buy worthless software, or worse, to “break and enter” your computer.

Treat Your Personal Information Like Cash

Don’t hand it out to just anyone. Your Social Security number, credit card numbers, and bank and utility account numbers can be used to steal your money or open new accounts in your name. So every time you are asked for your personal information – whether in a web form, an email, a text, or a phone message – think about whether you can really trust the request. In an effort to steal your information, scammers will do everything they can to appear trustworthy.

Check Out Companies to Find out Who You’re Really Dealing With

When you’re online, a little research can save you a lot of money. If you see an ad or an offer that looks good to you, take a moment to check out the compnay behind it.  Type the company or product name into your favorite search engine with terms like “review,” “complaint,” or “scam.” If you find bad reviews, you’ll have to decide if the offer is worth the risk. If you can’t find contact information for the company, take your business elsewhere.

Don’t assume that an ad you see on a reputable site is trustworthy. The fact that a site features an ad for another site doesn’t mean that it endorses the advertised site, or is even familiar with it.

Give Personal Information Over Encrypted Websites Only

If you’re shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for https at the beginning of the web address (the “s” is for secure).

Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, the entire account could be vulnerable. Look for https on every page of the site you’re on, not just where you sign in.

Protect Your Passwords

Here are a few principles for creating strong passwords and keeping them safe:

  • The longer the password, the tougher it is to crack.  Use at least 10 characters; 12 is ideal for most home users.
  • Mix letters, numbers, and special characters.  Try to be unpredictable – don’t use your name, birthdate, or common words. 
  • Don’t use the same password for many accounts.  If it’s stolen from you – or from one of the companies with which you do business – it can be used to take over all your accounts.
  • Don’t share passwords on the phone, in texts or by email.  Legitimate companies will not send you messages asking for your password.  If you get such a message, it’s probably a scam.
  • Keep your passwords in a secure place, out of plain sight.

Back Up Your Files

No system is completely secure. Copy important files onto a removable disc or an external hard drive, and store it in a safe place. If your computer is compromised, you’ll still have access to your files

 

DEBIT CARD USERS


  • Don't carry your PIN in your wallet or purse or write it on your ATM or debit card.
  • Do not give your PIN to ANYONE
  • Never write your PIN on the outside of a deposit slip, an envelope, or other papers that could be easily lost or seen.
  • Carefully check ATM or debit card transactions before you enter the PIN or before you sign the receipt; the funds for this item will be fairly quickly transferred out of your checking or other deposit account.
  • Periodically check your account activity. This is particularly important if you bank online. Compare the current balance and recent withdrawals or transfers to those you've recorded, including your current ATM and debit card withdrawals and purchases and your recent checks. If you notice transactions you didn't make, or if your balance has dropped suddenly without activity by you, immediately report the problem to your card issuer. Someone may have co-opted your account information to commit fraud.