We want you to have a safe banking experience with us. Review the current alerts on scams reported to First Dakota National Bank. If you have a scam to report, please contact us.
Find advice for protecting your business from malicious attacks and data breaches at the Better Business Bureau.
Report Compromised Info Immediately
If you believe your ATM card, Checkcard, PIN, or personal information have been compromised, contact us at First Dakota immediately at 800.486.4712 or 866.546.8273 after bank hours.
How does First Dakota's Fraud Risk Management Program work?
- If our Risk Management team suspects fraud, an Auto Dialer will start the contact process with an email message first, then a text alert. If no response from either of those methods, an automated voice call will be made.
- Our message will never ask for your Social Security #, PIN, account or card number.
- If fraud is confirmed, you will be instructed to contact the financial institution.
- If you cannot be reached, the fraud analyst will place a block on the card and leave a message with the toll-free phone number, so you can contact the Fraud Center.
- If you are in doubt about what our Fraud Center is questioning, please call us directly at 605.665.7432 or 800.486.4712.
External Company Scams and Breaches
VISA or MasterCard Fraud Scams
The scam works like this:
Person calling says, "This is (name), and I'm calling from the Security and Fraud Department at VISA/MasterCard. My badge number is 12460. Your card has been flagged for unusual purchase patterns, and I'm calling to verify. This would be on your VISA/MasterCard, which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a marketing company based in Arizona?"
When you say "no", the caller continues with, "Then we will be issuing a credit to your account. Before your next statement, the credit will be sent to (gives your address); is that correct?" You say "yes".
The caller continues. "I will be starting a fraud Investigation. If you have any questions, you should call the 1-800 number listed on the back of your card (1-800-VISA) and ask for security. You will need to refer to the control number.” The caller then gives you a six-digit number.
Here's the important part on how the scam works. The caller then says, "I need to verify you are in possession of your card." They will ask you to turn your card over and provide the last three numbers. After you tell the caller the three numbers, he'll say, "That is correct. I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?"
After you say no, the caller then thanks you and states, "Don't hesitate to call back if you do," and hangs ups. You actually say very little, and they never ask for or tell you the card number.
What the scammers wants is the 3-digit PIN number on the back of the card. Don’t give it to them. Instead, tell them you'll call VISA or MasterCard directly for verification of their conversation. VISA stated that is a scam and they will never ask for anything on the card as they already know the information since they issued the card. If you give the scammers your three-digit PIN, you are led to believe you're receiving a credit; however, by the time you get your statement, you'll see charges for purchases you didn't make, and by then it's almost too late and/or more difficult to actually file a fraud report.
2/5/18 IRS Issues Warning about Tax Scam Targeting Preparers’ Data
With the 2018 tax filing season kicking off last week, the IRS on Friday issued a warning about an emergent identity theft tax scam that targets tax preparers’ computers and, in some cases, involves depositing funds in victims’ bank accounts. The agency warned that cybercriminals are sending phishing emails to tax preparers that contain malware allowing them to make off with sensitive tax filer data. The fraudsters then use that information to file for fraudulent tax returns. “In a new twist, the fraudulent returns in a few cases used the taxpayers' real bank accounts for the deposit,” the IRS said. “A woman posing as a debt collection agency official then contacted the taxpayers to say a refund was deposited in error and asked the taxpayers to forward the money to her.” The novel approach comes as fraudsters continue modifying their efforts to steal tax refunds. The IRS advised taxpayers who receive a direct deposit refund that they did not request to ask their bank to return the direct deposit to the IRS and to call the IRS to explain why it is being returned. “Keep in mind interest may accrue on the erroneous refund,” the agency added. Read more at IRS.gov.
2/2/18 Equifax New Mobile App
Equifax has rolled out a new mobile application called Lock & Alert. It allows you to lock your Equifax report from your mobile device or computer. You are also able to unlock it quickly and easily, with just a swipe of your finger. Any time you lock or unlock your report you will receive an alert from Equifax on your device. A lock is a mobile version of a freeze, so when you lock your credit report down, no one can pull it. The app is free for life and it will not cost anything to lock or unlock your credit report, you can find out more by visiting www.equifax.com.
9/27/17 Sonic Drive-In
Sonic Drive-In, a U.S. fast-food chain with nearly 3,600 locations across 45 states, has acknowledged a breach affecting an unknown number of store payment systems. The ongoing breach may have led to millions of stolen credit and debit card numbers that are now being sold. Sonic issued the following statement to KrebsOnSecurity: "We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able."
9/8/17 Equifax Discloses Massive Consumer Data Breach
On September 7, 2017 consumer credit reporting bureau Equifax announced a major data breach affecting approximately 143 million Americans. The company said from mid-May through the end of July, criminals exploited an Equifax website vulnerability to access names, Social Security numbers, birth dates, addresses and in some cases driver’s licenses.
Equifax has set up a website to help consumers determine if their information was breached and, if so, to sign up for credit monitoring and identity theft protection offered by TrustedID, an Equifax subsidiary. Equifax has said they will also mail notices to consumers whose credit card numbers or dispute documents were breached. Their website address is www.equifax.com
Based upon the size of this breach, it appears a large percentage of all American consumers’ files may have been impacted. First Dakota National Bank advises all consumers to take the following steps:
- Go to the Equifax website to confirm if your data may have been breached (this site appears to be very busy; we suggest you keep trying, if you receive an error message)
- We suggest you place a fraud alert on your credit report
- Monitor monthly your credit cards and other accounts for unauthorized activity
- Pull yearly a free credit report through www.annualcreditreport.com and view for unauthorized loans or credit card accounts
Fraud alerts only need to be placed with one credit bureau and the information will be reported to the other two. They can be placed directly through the credit bureau’s website or via phone.
If you do this through a website, page down to the option to request a fraud alert. Fraud alerts are only valid for 90 days so we suggest you put a note on your calendar to re-enter it every 90 days. First Dakota National Bank does not endorse any credit monitoring or ID Theft Protection products. Each consumer needs to research available options and make a decision regarding the best option for them. For more information go to Federal Trade Commission at FTC.gov.
7/28/17: Microsoft Scam Twist
We had a customer who received a call from “Microsoft” indicating that she was due a refund from them. She gave the scammers access to her computer and they obtained a checking and savings account number from her. Here is the interesting twist. They told her that she was owed $500 but they accidently gave her $2500 so she would need to send the $2000 back. What they actually did was transfer $2500 from her savings account to her checking account. On the checking account transfer they used “refund” language to make it look as though they made a deposit instead of a transfer. They then asked her to purchase 2000 in Wal-Mart gift cards to return the “overpayment”. At that point she knew it was a scam and came into the bank. She had to have both accounts and her internet banking closed as she had been breached. Fortunately she did not send the money.
6/23/2017: Credit Card Scam
There is a credit card scam going around right now in which an employee of the “Security and Fraud” department of VISA or Mastercard is calling to discuss and confirm a fraudulent transaction. Following a conversation regarding the amount and source of the alleged charge, the security employee will say something to the effect of “In order to confirm that you have the card in your possession, we need you to read the 3 digit number on the back of your card”. Once read to them, the person will confirm that it is correct and terminate the call. This is the piece of information the scammer needs to access that card because they have the rest of the information, and within minutes will have made fraudulent charges. No credit card company will ask for the card number or the 3 digit number on the back of the card. If you receive this call, do not give out the information and terminate the call. If you really want to confirm that there is or is not e fraud on your card, call the 800 number on the back of your card and speak to a customer service rep. If there was fraud, there will be notes on their system and the CSR can assist you.
5/15/17: Ransom Ware Attack
The IT systems of around 40 NHS organizations across the UK have been affected by a ransomware attack. Non-emergency operations have been suspended and ambulances are being diverted as a result of the attack.
Non-health focused organizations around the world are also being affected, including Spanish telecommunications firm Telefonica which reported a serious issue affecting its internal network as a result of a cyberattack earlier today. The strain is called "Wanna Decrypt0r" which asks $300 from victims to decrypt their computer. Bleepingcomputer said: "Whoever is behind this ransomware has invested heavy resources into Wana Decrypt0r's operations. In the few hours this ransomware has been active, it has made many high-profile victims all over the world. According to Avast security researcher Jakub Kroustek, Wana Decrypt0r made over 57,000 victims in just a few hours. Sky News Technology Correspondent Tom Cheshire described the attack as "unprecedented". The ransomware appears to use NSA 0-day ETERNALBLUE and DOUBLEPULSAR exploits which were made public earlier this year by a group calling itself the Shadow Brokers.
Looks like initial infection vector is a phishing/macro email.
According to CrowdStrike's vice president of intelligence Adam Meyers, the initial spread of WannaCry is coming through spam, in which fake invoices, job offers and other lures are being sent out to random email addresses. Within the emails is a .zip file, and once clicked that initiates the WannaCry infection.But the most concerning aspect of WannaCry is its use of the worm-like EternalBlue exploit. "This is a weapon of mass destruction, a WMD of ransomware. Once it gets into an unpatched PC it spreads like wildfire," he told Forbes. "It's going through financials, energy companies, healthcare. It's widespread."Given the malware is scanning the entire internet for vulnerable machines, and as many as 150,000 were deemed open to the Windows vulnerability as of earlier this month, WannaCry ransomware explosion is only expected to get worse over the weekend.
5/4/17: Google warns of email scam that impersonates Google Docs
According to online reports in particular, a detailed user thread on Reddit clicking on an emailed share link, purportedly from a known source, was taking users to a site that asked permission for a fake app calling itself "Google Docs" to access their accounts. If they agreed, the app would then send additional copies of the original email to the users' contacts.
4/20/17: Holiday Inn Parent Confirms Data Breach at Nearly 1,200 Hotels
InterContinental Hotels Group has confirmed that front desk payment terminals in at least 1,181 hotel locations nationwide were breached last fall. Malware that successfully stole payment card data was detected between Sept. 29, 2016, and Dec. 29, 2016, at locations accounting for 30 percent of its mostly franchised locations in the Americas.
IHG properties include Holiday Inn, Holiday Inn Express, InterContinental, Kimpton Hotels, Crowne Plaza, Staybridge Suites and Candlewood Suites. While the impact of the breach on financial institutions is as yet unknown, the figures reported by IHG would make this breach one of the largest hotel company data breaches in recent years. While IHG hotels nationwide were affected, the breach primarily affected Holiday Inns and Holiday Inns Express in rural and suburban areas of the South and the Midwest.
Cybersecurity analyst and reporter Brian Krebs, who first broke news about the breach in December, notes that more IHG hotels may be implicated. "Not all property owners have been anxious to take the company up on [IHG’s offer of outside assistance]," he wrote. "As a consequence, there may be more breached hotel locations yet to be added to the state lookup tool." Read more at ABA Banking Journal.
4/5/17: Lowe's $50 off coupon on Facebook is a scam
A coupon seen on social media offering $50 off at Lowe's for Mothers Day is not legitimate, the company stated."These coupons are not offers extended by Lowe's," said the company in a response on its Facebook page. "It is a scam and Lowe's is unable to honor the coupon."
7/11/16: Wendy’s confirms Data Breach at over 1,000 locations - Both Sioux Falls locations are included in those affected.
The fast-food chain Wendy’s last week confirmed that 1,025 locations—nearly 20 percent of U.S. stores—were part of a major data breach that ran for up to several months in which cyber criminals infected card terminals with malware to steal debit and credit card data. While the impact of the breach on financial institutions is as yet unknown, one financial trade group has said the fraud volumes tied to the Wendy’s breach are greater than those from the widely publicized Target and Home Depot breaches.
Wendy’s said it believes the malware was introduced in the fall of 2015 to restaurants’ systems via the remote access credentials of Wendy’s service providers. The company said the malware used to steal card data at the restaurants had been disabled by early June. However, the breach—which was publicly disclosed by cyber security reporter Brian Krebs in January—was noticed months earlier by issuers and payments industry professionals noting suspicious activity on cards used at Wendy’s locations.
5/1/16: ABA Warns Consumers of “Grandparent Scam”
In observance of Older Americans Month this May, ABA yesterday issued a press release warning consumers of impersonation scams—commonly referred to as “grandparent scams”—where criminals deliberately target older Americans by posing as family members or friends. According to the Federal Trade Commission, more than $42 million was lost to this type of fraud between 2012 and 2014.
ABA encourages consumers to always verify the identity of the caller, ask questions, never give personal information over the phone unless they initiated the call to a trusted party and to trust their instincts and obtain more information before making a financial decision.
“Fraudsters have no problem preying on your goodwill to get inside your wallet,” said Corey Carlisle, executive director of the ABA Foundation. “They’re using social media and internet searches to fabricate convincing stories, so be careful, trust your gut and do your best to confirm who you’re dealing with before sending any money.”
ABA is committed to leading the charge against the financial exploitation of older Americans through its Safe Banking for Seniors campaign.
4/19/16: DoTERRA breach exposes customer info; including SS, DOB, and addresses
DoTERRA International, a Pleasant Grove, Utah-based essential oils distributor, notified the State of California's Attorney General's office that personal information of its customers and wholesale members, or “Wellness Advocates,” was breached.
The breach compromised names, social security numbers, dates of birth, addresses, telephone numbers, email addresses, usernames, passwords, and credit or debit card information – including card numbers, security codes and expiration dates. The bath oils company learned of the breach from its web hosting company, according to a letter CEO David Stirling sent to California's Attorney General.
4/11/16: Watch out for "Microsoft" scam calls to fix your computer
The National Fraud Intelligence Bureau (NFIB) which assesses Action Fraud reports has said that between June 2014 and November 2014 there were over 12,000 reports that were categorized as a Computer Software Service Fraud. Analysis of those reports suggests that callers purport to be from a variety of organizations such as Microsoft, TalkTalk, BT as well as more generic sound organizations such as the 'Windows Technical Department'.
Victims are cold called, usually by phone and told that there is a problem with their computer and for a nominal fee the suspect can fix it. The suspects often claim to be working with Microsoft who have identified that the computer has been infected with a virus and offer an update or fix. The victims are talked through the logon steps in order for the fraudster to gain remote access to the computer. The victims will then often witness the mouse moving and changes being made to the display. They then pay a fee (anything between $100 and $300 has been reported to Action Fraud) and are told the problem has been resolved. Once the initial payment has been processed it is not uncommon for additional larger payments to be debited from the victim's account without their permission. In addition to charging a fee to fix the computer, in some instances programs are also installed that allow the fraudsters unlimited access to the computer without the victim's knowledge. This permits them to have access to information such as personal data as well as view online transactions so that further illegal activity may be carried out.
1/19/16: From the South Dakota Bankers Association
Protective Alert: Please be aware of the following reported by BankWest, Rapid City:
BankWest has had two customers report that their computers have been compromised by a company called Beno Support. The customers responded to a screen pop-up on their computer indicating they have a virus, and they disclosed their bank routing number and account number for a $497 payment to SAFEAPZZ.com for "service protection" for eight years.
Technician name, phone numbers and email accounts associated with this cyber incident are:
Tech Name: Aman
This "computer support" company is not located in the United States and claims to be located in France, the United Kingdom, Australia and SAFEZPZZ is located in London.
1/8/16: Please be aware of the following reported by the South Dakota Bankers Association.
Consumers in eastern South Dakota have been targeted by a phishing scam in a fraudulent attempt to gain access to customer account information. The scammers are targeting all consumers. The scammers have gathered phone lists and are utilizing the list to send out the fraudulent messages using a Financial Institution's name. The email or text requests personal and account information. The scam seeks information similar to below:
Your Debit Card has Been Locked Please click to respond (this leads to the phishing site).
Please call First Dakota immediately if you believe you have fallen victim to fraud.