NVE Bank - Security Alerts

Latest security and fraud alerts:

October 23, 2008
WARNING: PHONE SCAM ALERT
Customers and Non Customers of NVE Bank are receiving calls from entities stating that they are NVE Bank Fraud Dept. or Security Dept. and requesting personal information.

PLEASE DO NOT SUPPLY ANY INFORMATION OVER THE PHONE, UNLESS YOU INITIATED THE CALL. PLEASE CALL YOUR BRANCH IF YOU RECEIVE SUCH A CALL OR FOR MORE INFORMATION! THERE HAS BEEN NO SECURITY BREACH AT NVE BANK, NOR HAS YOUR INFORMATION BEEN COMPROMISED! THIS IS A SCAM!

Please contact customer service, custsvc@nvebank.com or your branch location to report if you have received a phone call requesting personal information.

September 26, 2008
Phishing Email Alert
Please be advised that there is a phishing scam underway that is targeting Business Banking users by sending e-mails that appear to be from official Digital Insight sources (e.g., "Digital Insight Customer Care"). The scam is designed to trick the recipient into clicking a link in the fraudulent e-mail for the purpose of acquiring sensitive data, such as passwords or financial information.

While the primary targets appear to be Business Banking users, other Internet Banking users may also be affected.

Digital Insight systems nor NVE Bank have not been breached in any way. Your information is still safe.
Recipients of these e-mails are not specific to NVE Bank end users. Phishing e-mails can go to anyone that has an e-mail address on the Internet, so it is not the case that someone has a list of your customers.
We are currently working to shut down the sites that these phishing e-mails link to.
Please do not click the link in this particular e-mail. If you are trying to identify the URL for reporting purposes, we recommend that you use your mouse to hover over the link.
Some of the false e-mail addresses that users have reported include:
- tech-support@digitalinsight.com
- support@scfederal.digitalinsight.com
- admin@support.digitalinsight.com
- admin-support@digitalinsight.com
- customer-care@digitalinsight.com
- accounts@digitalinsight.com
- support@update.digitalinsight.com
- administration@digitallnsight.com
While the addresses differ, the body of the e-mail remains relatively consistent ("We inform you that your account is about to expire. It is strongly recommended to update it immediately. Update form is located here. However, failure to confirm your records may result in account suspension.")

Contacting NVE Bank Customer Service (CS):
Please contact customer service, custsvc@nvebank.com or your branch location to report whether you have clicked on the link and submitted your personal or financial information.

July 19, 2008
Phishing Email Alert
Phishing e-mails have been circulating that seems to come from @digitalinsight.com. Examples of the false email addresses that users have reported include:

admin-support@digitalinsight.com
customer-care@digitalinsight.com
accounts@digitalinsight.com
support@update.digitalinsight.com
administration@digitallnsight.com

While the e-mail addresses differ, the body of the email remains relatively consistent ("We inform you that your account is about to expire. It is strongly recommended to update it immediately. Update form is located here. However, failure to confirm your records may result in account suspension.")

Do not follow the instructions in these Phishing e-mails... DO NOT CLICK ON THE LINK. These e-mails are not emanating from Digital Insight nor would Digital Insight ever request you to make such changes to your account.

If you feel you have been a victim of this Phishing scheme, please call one of our branch office locations or 1-866-NVE-Bank.

May 30, 2008
Fraud/Scam Alert
We have received notifications that residents of Northern NJ have been receiving “Vishing” telephone calls impersonating local financial institutions. The automated calls specify local financial institutions and indicate to the consumer that their bank accounts have been frozen. In order to reactivate their accounts(s) the consumer should enter their ATM/Debit card information including card number, expiration date, PIN, and CV2 information from the back of the card.

The calls appear to be made from various telephone numbers. Please do not respond to this request over the telephone. NVE Bank does not initiate contact to its customers and request such information. NVE Bank will never ask for your ATM/Debit card PIN information at anytime.

So far, customers of NVE Bank have not reported any such calls or have been a victim of this scam. Please notify the bank by calling your branch office if you have received such a call or feel that you have been a victim of this scam.

November 14, 2007
Phishing Scam Alert
If you received the email described below, you should not take the action requested. Instead, please delete the email.

Phishing is email fraud where a perpetrator attempts to acquire sensitive information, such as passwords or financial information, by posing as a legitimate, trustworthy business.

You may have received an illegitimate email recently that appears to be sent by Digital Insight with the following specifications:

The “From” email address appears as: digitalinsight@rovenmedia.com.
The “Subject” of the email is Digital Insight: Customer Prize Request Form.
The body of the email includes a link and asks the recipient to go online to request a free gift prize.

The email is not from Digital Insight or NVE Bank. This is a phishing attempt, and you should not take the actions requested in the email. Instead, please delete the email.

If you have questions or need to report a phishing attempt, please contact NVE Bank Customer Service at 1-866-NVE Bank or custsvc@nvebank.com.

November 7 , 2007
Online Banking Fraud Alert
Please be aware that an E-mail from ebanking@E-Services.com is circulating and requesting that you sign in and supply your current bank information. Please note that NVE Bank is not sending this e-mail nor is affiliated in anyway to E-Banking Services.

The text of the email is as follows:

ebanking-services

Dear ebanking-services user,

As part of our security measures, we regularly screen activity in the ebanking system. We recently contacted you after noticing an issue on your account. We requested information from you for the following reason: Our system detected unauthorized use of a bank account linked to ebanking accounts.

Attention for all ebanking-services users! Next page - list of supported banks!

Case ID Number: ebank -1423-155

This is a reminder to log in to ebanking-services as soon as possible.

Be sure to log in securely by hyperlink below. Once you log in, you will be provided with new account design and steps to confirm your account access. We appreciate your understanding as we work to ensure account safety.

Login by clicking here: https://e-services.com/nubi/signin.aspx

We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

Sincerely,
ebanking-services Support Department

Please do not follow the instructions in the E-mail. Disregard and delete the E-mail.

September 29, 2007
NVE Bank is in the process of updating their website. Over the
next couple of days you will see some minor changes in the color of some
fonts and in the color to some title areas. These changes are an effort to
improve consistency through out our website. If you have any questions or
concerns please contact customer services at custsvc@nvebank.com.

Security Alert: August 21, 2007
New Computer Virus May Prompt Online Fraud Attempt
A new computer virus has been identified that may cause a fraudulent message to display on an end user’s computer while they are in the process of paying their bills online. This message attempts to trick users into providing sensitive information such as account numbers and passwords in order to commit fraud.

The fraudulent message is generated from a source outside of NVE Bank’s system, but an end user may be impacted if they have unknowingly infected their computer with the new virus through activities such as illegally trading software, executing files sent via email, or allowing scripts to execute while browsing the Internet.

When an end user whose computer is infected with this virus is using online bill payment, the virus may intercept the browser session and display a fraudulent Web page to the user requesting additional information. This fraudulent Web page appears framed within the bill payment window and prompts the user for sensitive information such as debit card account numbers and passwords. This is an attempt to commit fraud, and the user should not provide the requested information.

NVE Bank and our bill payment provider partners would never ask you for this information in the middle of a bill payment transaction. Any deviations from the documented and expected bill pay system behavior may be attempts to commit fraud.

Again, this particular fraud attempt would only occur if an end user has the virus on their local computer since the fraud attempt is taking place in a browser window that is outside of the NVE Bank system.

If you are using online Bill Payment and a new screen appears out of context asking you to provide sensitive information, do not provide this information.

If you’re in doubt about the validity of a screen, please contact customer service or email custsvc@nvebank.com.

Security Alert: February 9, 2007
The Federal Deposit Insurance Corporation (FDIC) has become aware of e-mails that appear to be sent from ViewPoint Bank Financial Solutions and the FDIC. The e-mail requests the recipient to register for a "SON - Secure Online Network" code to protect against credit card fraud. The e-mail instructs the recipient to click on a hyperlink to initiate "SON" registration in an attempt to acquire the recipient's personal financial information. These e-mails are fraudulent and were not sent by either ViewPoint Bank or the FDIC. Financial institutions and consumers should NOT access the link provided within the body of these e-mails and should NOT, under any circumstances, provide any personal financial information through this media. The FDIC does not directly contact consumers, nor does the FDIC request personal financial information from consumers.

The fraudulent e-mails describe fictitious relationships between the FDIC and VISA, MasterCard, Yahoo, eBay, Amazon.com, and Half.com. The e-mails claim that consumers will receive a 15 percent discount at various Web sites upon completion of the form. These fraudulent e-mails may be modified over time, reflecting different financial institution names or business relationships.

The FDIC is attempting to identify the source of the fraudulent e-mails and disrupt the transmission. Until this is achieved, consumers and financial institutions should notify the FDIC at alert@fdic.gov of any similar attempts to obtain personal financial information. Customers of NVE Bank can send an email to custsvc@nvebank.com also.

Information about counterfeit items, cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F-4004, Washington, D.C. 20429, or transmitted electronically to alert@fdic.gov. Information related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.

For your reference, FDIC Special Alerts may be accessed from the FDIC's Web site at http://www.fdic.gov/news/news/SpecialAlert/2007/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

Security Alert: October 5, 2006
The Federal Deposit Insurance Corporation (FDIC) has become aware of fraudulent e-mails appearing to be from the FDIC. The e-mails ask recipients to click on a hyperlink titled "Take the Corrective Action – Implement the LinkBank System." When accessed, the hyperlink takes the individual to a "spoofed" FDIC Web page. At that point, the individual is directed to provide online banking information, including bank name, username, and password.

The fraudulent e-mails appear in "memo format" and are purportedly from "Russell A. Rau, Assistant Inspector General for Audits." The e-mails include a "Subject" line that states: "Division of Supervision and Consumer Protection's Risk-Focused Compliance Examination Process for [recipient's name inserted] (Report No. 05-038)."

The FDIC does not directly contact consumers in this manner, nor does the FDIC request personal financial information from consumers. Financial institutions and consumers should NOT access the link provided within the body of these e-mails and should NOT, under any circumstances, provide any personal financial information through this medium.

Financial institutions and consumers should be aware that other similar e-mails may be sent that falsely claim to be from the FDIC.

For your reference, FDIC Special Alerts may be accessed from the FDIC's website at www.fdic.gov/news/news/SpecialAlert/2006/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

Security Alert: September 15, 2006
The Federal Deposit Insurance Corporation (FDIC) has become aware of e-mails appearing to be from the FDIC asking recipients to register for a "SON – Secure Online Network" code. The e-mail requests that recipients click on a hyperlink to initiate "SON" registration in an attempt to acquire the recipients' personal financial information. These e-mails are fraudulent and were not sent by the FDIC. Financial institutions and consumers should NOT access the link provided within the body of these e-mails and should NOT, under any circumstances, provide any personal financial information through this media.

The fraudulent e-mails describe a fictitious relationship between the FDIC and GoldLeaf Financial Solutions and suggest that the FDIC collaborated in the development of SON. The e-mails state that "SON":

is "dedicated to protect payment cards against online fraud";
"assigns a unique code to a payment card, therefore replacing random parts of the personal information"; and
is "required for FDIC claims as it is part of the FDIC's new set of standards."

Variations of the e-mails have been reported. For example, at least three different subject lines are currently being used, including "Urgent Notification - Security Reminder," "Online Access Agreement Update," and "SON Registration." Some versions of the fraudulent e-mails include a salutation of "Dear FDIC beneficiary," while other versions include the recipient's name and e-mail address after the word "Dear." Some versions of the e-mails include the recipient's name and mailing address and a statement that "your personal information did not match any SON code." Other subject lines and modifications to the e-mails may occur over time.

Financial institutions and consumers should be aware that other similar e-mails may be sent that falsely claim to be from the FDIC. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.

Security Alert: August 15, 2006
The FDIC has issued a phishing alert concerning an email that appears to be sent by the agency. The name "Federal Deposit Insurance Corporation" appears to be on the "From" line of the bogus email and the subject is, "IMPORTANT: Notification of Federal Deposit Insurance Corporation." The e-mail claims that FDIC has received an application from the receipt's bank to insure their checking or savings account against fraud, phishing, and identity theft. The e-mail instructs the recipient to enroll in "the FDIC protection system" by clicking on a link to a spoofed FDIC web page. The false web page requests such information as Social Security numbers, credit and debit card numbers, bank routing numbers and bank account numbers. FDIC has asked recipients to send the information on any similar attempts to alert@fdic.gov. Customers of NVE Bank can send an email to custsvc@nvebank.com also.

Security Bulletin (January 8, 2006)
Please be advised that there is an email circulating that appears to be from NVE Bank and is requesting that the recipients follow a link to a website and enter their personal information. When recipients arrive at the site in this email they will notice that the URL is not NVEBANK.com or NVEBANKING.com, it is also not a secure site. NVE bank never requests an personal information through email communications. Please use caution whenever you receive a request for personal information by email.

Security Bulletin (December 16, 2004)
There are organizations on the Internet that offer 'free services' such as Internet acceleration or email virus scanning. Some of those organizations have 'privacy policies' that are so loosely defined as to allow them to harvest and share information that is universally considered to be personal and highly sensitive by Internet users. Such organizations ask unwitting end users to configure their browsers to cause all web traffic, including highly sensitive encrypted secure traffic to be decrypted, pass through that organization's servers to be harvested and then continue on to its intended destination. Hence, information that is thought by the end user to be inaccessible to everyone except the intended recipient is collected, and according to liberal privacy policies, may be shared by the intermediaries with unnamed third parties.

We believe such organizations may rely upon the fact that many inexperienced Internet users don't understand the ramifications of such a situation (referred to in information security circles as a 'man-in-the-middle' exploits), or that they will carelessly click through acceptance terms without reading the fine print of the privacy policy. In our opinion, this dangerous situation is made worse by the fact that end users' efforts to uninstall such software on their computers has been designed so that it will often fail, leaving what amounts to a back door by the organization to usurp what are supposed to be private communications in the future.

There are many organizations which we believe follows this sort of business model. These organizations install their own trusted root certificates, so that they can intercept secure (SSL) connections made by the end user machine.

The privacy policy of one popular organization states:

... [Company Name] monitors all of your Internet behavior, including both the normal web browsing you perform, and also the activity you may have through secure sessions, such as when filling a shopping basket or filling out an application form that may contain personal financial and health information...

... We monitor the Internet connections of our users so we can not only accurately and anonymously model the browsing habits of Internet users, but also their shopping, registration, and other interactions as well...

... In addition to the monitoring of your Internet behavior, we may also combine the information that you provide us with information such as credit or prescription information that we obtain from third parties such as consumer preference reporting companies, credit reporting agencies, and prescription benefits managers....

... There are some limited cases in which we share personally identifiable information with third parties. Specifically, we provide personally identifiable information to third parties for the purpose of conducting the secure and confidential matches discussed more fully above....

It is important that Internet Banking users be made aware that those Internet companies that use technologies to intercept encrypted communications have full access to end users' personal information and have publicly stated that they can share users' information with third parties.

Phishing Scam Alert (June 29, 2004)
Following are some guidelines to help prevent you from being the victim of a Phishing Scam. NVE Bank will never solicit any type of personal information via email or unsecured website.

What Can End Users Do to Protect Themselves from Phishing Scams?

Do not trust or act upon unsolicited emails that request personal information such as passwords, credit card numbers, ATM PINs, social security numbers, etc.

Fraudulent emails are typically not personalized with financial institution information.
Fraudulent email often present end users with scenarios of negative consequences if they do not act immediately on the email’s instructions.
Fraudulent email messages often contain flawed English.

Do not fill out forms contained in email messages requesting sensitive information.

Personal information should be provided by calling your financial institution directly or by logging onto their secure web site by typing the URL (web address) into your browser.
Type your financial institution’s URL (web address) into your browser and bookmark it. Use the bookmark derived from hand-typing the address for all subsequent visits to your financial institution’s website.

Keep your web browser patches up to date.

Regularly access your browser’s website to download security patches. Patching your browser regularly will protect you against a variety of software vulnerabilities.

Regularly log in to your online accounts. If you see anything unusual, report it immediately to your financial institution.

Pay close attention to your bank, credit card and debit card statements. If you see anything suspicious, immediately contact your financial institution and the card issuer.

FDIC E-Mail Should Be Considered A Hoax (April 8, 2004)
The Federal Deposit Insurance Corporation (FDIC) has issued a consumer alert regarding bogus E-mails that are being circulated.

This E-mail claims to be from the Federal Deposit Insurance Corporation,
in cooperation with the Department of Homeland Security or that your account is going to be closed due to fraud. It goes on to say that your account has been denied federal deposit insurance coverage as the result of USA Patriot Act violations.

Please be advised that this particular E-mail is a hoax. Your account(s) continue to be covered, up to the maximum allowable amounts, as issued by the Federal Deposit Insurance Corporation.