Banking Accounts,  Wealth Management,  Investments,  Insurance Services,  Mortgages,  Loans

Security Alerts

 

New Security Alert

Past Security Alerts

General Security Tips

HEARTBLEED OPEN SSL BUG - 04/11/14

Please be advised of the following update from Mid Penn Bank regarding the “Heartbleed Bug” as you may have recently heard about in the news.

As you may know, the Heartbleed Bug is a vulnerability in the OpenSSL encryption standard that could allow an attacker access to sensitive information. Our online banking vendor took immediate action to assess and minimize any potential risk to Mid Penn Bank customers.

On the evening of Tuesday, April 8, 2014, our vendor’s intrusion detection systems were updated to alert on attempts to exploit this specific vulnerability. We are pleased to report that our online banking vendor has completed a full review of our online banking system to identify any vulnerability, and since that time, there has not been evidence of any. Even prior to this, there was no evidence that Mid Penn Bank’s online banking system was vulnerable or had been improperly accessed due to this issue.

Mid Penn Bank and our online banking vendor remain committed to providing our customers with the most up-to-date, thorough and vigilant security possible. We will continue to monitor the situation and report any updates to you if necessary. To learn more about this matter, please visit http://heartbleed.com.

 

 TARGET: COMPROMISED DEBIT/CREDIT CARDS - 12/19/13

Merchandise retailer Target has identified unauthorized access to more than 40 million credit/debit cards used at their U.S. stores between November 27 and December 15, 2013. Information that has been compromised includes customer name, credit or debit card number, and the card’s expiration date and CVV (the 3 digit security code on the back).
 
Mid Penn Bank VISA® debit card holders who used their cards at Target during this time period will receive notification from the bank and will be issued new cards by mail. Please be assured that we take fraudulent activity such as this very seriously, and we are taking the necessary precautions to resolve the issue.

To learn more about this incident, please visit Target’s website at  https://corporate.target.com/discover/article/Important-Notice-Unauthorized-access-to-payment-ca

 

TEXT MESSAGE SCAM ALERT - 7/30/12

A text message scam has recently been victimizing customers of financial institutions based in Central Pennsylvania. Customers have been receiving text messages claiming to be from their respective financial institutions. The text message says the customer’s debit card has been deactivated and lists a phone number to call to reactivate the card. Once the customer calls the number, he or she is prompted to enter the card number and PIN. The scammers are using the information to steal all funds from the customer’s account.
 
Please be aware that Mid Penn Bank and other legitimate financial institutions will never ask you for your PIN or password information, and this information should not be shared.  Mid Penn Bank will never send text messages regarding account information. For any important matters concerning your account, we will contact you by phone or postal mail.
 
If you ever receive a text message or phone call asking for confidential information, such as a debit card number, PIN or social security number, please report it to the police immediately.
 
If you have any doubt about the legitimacy of a call or text message, do not respond to it.  You can contact the financial institution in question by calling its listed phone number to validate the origination of the call or text.

 

FRAUDULENT EMAILS CLAIMING TO BE FROM NACHA - 12/8/11

Customers should be aware of the latest fraudulent emails appearing to be sent from NACHA regarding a customer's direct deposit.

NACHA has been the victim of sustained and evolving phishing attacks in which consumers and businesses are receiving emails that appear to come from NACHA. The attacks are occurring with greater frequency and increased sophistication. Perpetrators are sending these fraudulent messages to email addresses globally.
 
These fraudulent emails typically make reference to an ACH transfer, payment, or transaction and contain a link or attachment that infects the computer with malicious code when clicked on by the email recipient. The source addresses and contents of these fraudulent emails vary — with more recent examples purporting to come from actual NACHA employees and/or departments — and often include a counterfeit NACHA logo and the citation of NACHA’s physical mailing address and telephone number.
 
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA will never send communications to persons or organizations about individual ACH transactions that they originate or receive.
 
Customers should never open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom they do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. If you receive a suspected fraudulent email appearing to come from NACHA, please forward the entire e-mail to abuse@nacha.org to aid in NACHA's efforts with security experts and law enforcement officials to pursue the perpetrators.
 
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus definitions are automatically updated. Ensure that the computer operating systems and common software application security patches are installed and current.

 

IMPORTANT ALERT REGARDING YOUR CHECK CARD AND TEXT MESSAGES - 7/29/2011

NACHA has been the victim of sustained and evolving phishing attacks in which consumers and businesses are receiving emails that appear to come from NACHA. The attacks are occurring with greater frequency and increased sophistication. Perpetrators are sending these fraudulent messages to email addresses globally.
 
These fraudulent emails typically make reference to an ACH transfer, payment, or transaction and contain a link or attachment that infects the computer with malicious code when clicked on by the email recipient. The source addresses and contents of these fraudulent emails vary — with more recent examples purporting to come from actual NACHA employees and/or departments — and often include a counterfeit NACHA logo and the citation of NACHA’s physical mailing address and telephone number.
 
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA will never send communications to persons or organizations about individual ACH transactions that they originate or receive.
 
Customers should never open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom they do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. If you receive a suspected fraudulent email appearing to come from NACHA, please forward the entire e-mail to abuse@nacha.org to aid in NACHA's efforts with security experts and law enforcement officials to pursue the perpetrators.
 
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus definitions are automatically updated. Ensure that the computer operating systems and common software application security patches are installed and current.

Customers should be aware of the latest fraudulent emails appearing to be sent from NACHA regarding a customer's direct deposit.

Mid Penn Bank has become aware of text message alerts being sent to cell phone customers.  These alerts read similar to the following:

 MID PENN BANK ALERT:  Your CARD has been DEACTIVATED.  Please contact us at 717-220-0134.  (The phone number may be different, but when you call the phone number, the call goes to a recording that identifies the line as MID PENN BANK'S CARD ACTIVATION SERVICE.)

Mid Penn Bank will NEVER send a text alert to customers regarding a deactivated card!!!!  If you receive a text message regarding your card being deactiviated, DO NOT RESPOND by calling the number in the text alert.  Instead, call the bank. 

These text message alerts are very vague.  They expect you to react because you have a card and do not want it to be deactivated.  The text does not specifically reference whether you have a debit card or a credit card that was "supposedly" deactivated.  These are fraudulent alerts and they are being sent to Mid Penn Bank and non-Mid Penn Bank customers.    

As a reminder, if you EVER believe your check card information has been compromised in any way, immediately call our 24 hour lost/stolen department at 1-800-528-2273 to status your card as compromised.

Always pay attention to every detail.  Text alerts that are vague in detail or have typos, and automated phone recordings that have mispronounciations of common words are a clear sign that they are fraudulent.  Remember, awareness is your best prevention.   When in doubt, always call the Bank first.

 

SPECIAL ALERT FROM FDIC - 7/19/2011

Summary:

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.

The e-mails appear to be sent from various "@fdic.gov" e-mail addresses, such as "protection@fdic.gov," "admin@administration.fdic.gov," or "service@admin.fdic.gov."

They have various subject lines such as "Update for your banking account," "ACH and Wire transfers disabled," and "Banking security update."

The fraudulent messages state:

"Dear clients,

Your account ACH and Wire transactions have been temporarily suspended for your Security, due to the expiration of your security version. To download and install the newest Updates, follow this link. As soon as it is set up, your transaction abilities will be fully restored. Best regards, Online security department, Federal Deposit Insurance Corporation."

These e-mails and links are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT install any related files or software updates.

Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact bank customers, nor does the FDIC request bank customers to install software upgrades.

Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to alert@fdic.gov. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at https://www2.fdic.gov/starsmail/index.asp.

For your reference, FDIC Special Alerts may be accessed from the FDIC's Web site at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html. 

Back to top

CHECK CARD FRAUD OVER TELEPHONE ALERT - 6/16/2011

Mid Penn Bank has received several reports of fraudulent automated telephone calls that have the appearance of being from the card provider.

The phone message states the customer's check card has been deactivated for security reasons, and directs the listener to press '1' to reactivate the card. After pressing '1' the listener is prompted to enter his or her check card information.

These automated telephone calls are fraudulent and are not from Mid Penn Bank. Recipients should consider the intent of these calls as an attempt to collect personal and confidential information. Representatives from Mid Penn Bank will never contact you requesting information already on file at the bank. You should not provide any personal financial information over the telephone to an unknown caller.

Please contact Mid Penn Bank immediately at (717) 896-5398 if you have received this type of call. 

Back to top


IMPORTANT CHECK CARD SECURITY ALERTS

From time to time, Mid Penn Bank receives reports from our debit card customers of "phishing" schemes. With debit cards, phishing schemes typically include automated calls warning customers that their debit card will be closed unless they respond to the message. Callers are then prompted to press certain call options on the automated system and are asked to provide certain account information.

While most customers do NOT provide information, Mid Penn Bank wants to be sure to alert all our customers to NEVER provide ANY type of personal information, regardless of how insignificant it seems. Never enter a zip code, account number, personal identification number (PIN), expiration date, etc. Any information customers provide may be the "missing" piece of data that the phishing scam needs to begin creating fraudulent account transactions.

If you think your debit card information may be compromised, please call our 24-hour Lost/Stolen hotline at 1-800-528-2273 immediately.

Back to top


IMPORTANT ONLINE SECURITY TIPS

Cyber threats have become one of the most serious economic and national security challenges we face. We all have a role to play in securing cyberspace and ensuring the safety of ourselves, our families, and our communities online.

Here are some basic tips to help you stay safe online:

  • Know who you're dealing with online
  • Keep your web browsers and operating system up to date
  • Back up important files
  • Protect your children online
  • Use security software tools as your first line of defense
  • Use strong passwords or strong authentication technology to help protect your personal information
  • Learn what to do if something goes wrong
  • Report suspicious cyber activity to the United States Computer Emergency Readiness Team by clicking here or calling 1-888-282-0870

 For more information and helpful tips, please visit www.staysafeonline.org.

  

Back to top