The Social Security Administration has issued a warning: Beware of e-mails that look as if they come from the agency and have the subject line "Cost-of-Living for 2007 update." The body of the e-mail says, "NOTE: We now need you to update your personal information." The e-mail says Social Security "will be forced to suspend your account indefinitely" if you don't comply. If you click on the link in the e-mail, you will be taken to a web site designed to look like the SSA's home page. You will be asked to provide your Social Security number, bank account numbers and credit card account information.

This is "phishing," an Internet scam in which con artists try to steal your identity, then your money. If you get this e-mail, report it to Social Security at (800) 269-0271. To be safe, don't even open it. Don't open any e-mail purporting to be from Social Security. SSA corresponds with recipients only by regular mail and never sends out unsolicited e-mails.

Individuals are portraying themselves to be from the credit card Security/Fraud Department are contacting credit card customers to obtain the 3-digit security code listed on the back of the card.

The caller indicates that fraudulent activity has occurred on the customers account. The caller knows the credit card number and other pertinent information, and asks the customer whether the customer authorized a transaction (the transaction never occurred). When the customer responds no, the caller indicates that the transaction will be reversed immediately. To gain the customers trust, the caller tells the customer to call the number on the back of their card and ask for the Security/Fraud Department if the customer has questions. A fictitious control number is given to the customer to provide to the Security/Fraud Department.

The caller then requests the 3-digit security code listed on the back of the credit card next to the calling card number to ensure that the card has not been lost or stolen. Once this information is given out, the caller can begin making fraudulent transactions on the Internet using the credit card number.

Important: Credit card customers should never give out the 3-digit security code listed on their credit cards unless they have initiated the call or transaction. Anytime a customer receives a phone call or e-mail requesting sensitive credit card information, the customer should end the communication. Then call the 800 number card and request to be connected to the Fraud/Security Department.

Scammers have found a new way to commit identity theft by preying on our loyalty as United States citizens.

Here’s how the new scam works: A person claiming to work for the local clerk of courts calls and tells the victims that they have failed to report for jury duty and, as a result, a warrant has been issued for their arrest. The victims protest and rightly explain that they never received the jury duty notification. Then, in order to “verify” that the clerk of courts is talking to the right person, the scammer requests confidential information from the victim.

The scammer may ask for the victim’s Social Security Number, date of birth, credit card numbers (to pay the fine), and other personal information, which is everything the scammer needs to commit identity theft. The jury duty scam has been reported in several states across the country.

This scam works because the victims are caught off guard. Victims are upset because they think they may be arrested. Protecting their confidential information is not at the top of their mind – victims just want to get the “warrant” dismissed.

Remember, clerk of courts employees will never call you and request your Social Security Number or confidential information. In most cases, the courts follow up with prospective jurors via U.S. mail.

Be cautious: Never provide a caller with your personal or confidential information. The jury scam is just one of the latest attempts to obtain personal information. It does not matter why the scammers are calling (the reasons will change). If you have not initiated the call, do not provide confidential information to the caller

Illegal debt reduction schemes are on the increase. The fraudsters are indicating that customers can have their outstanding debt eliminated through the use of specially prepared legal documents. According to the fraudster, once the documents are completed and presented to the borrower's bank, mortgage company, finance company or other lending institution, the customer's debts will be eliminated. Literature provided by the organizers of the scheme usually question whether or not the customer really has a financial obligation to repay the debt and selectively cites passages from government publications, court decisions, etc. to support the claims. Some literature indicates that this process is "Federal Reserve approved" or approved by another specific government agency. Debt elimination programs that claim to have the approval of the Federal Reserve or another government agency are totally bogus.

The Federal Reserve does not approve or eliminate debt. These types of schemes are growing on the Internet. The organizers are charging large up-front fees or commissions based upon the amount of debt. Customers who pay such fees do not have their debts forgiven or reduced, but instead they incur late fees and the risk of foreclosure or other legal action being taken because of non-payment of their loan obligations. The borrower's credit report could also be negatively affected.

E-mail fraudsters are hard at work trying to obtain personal information in order to commit Identity Theft or credit card fraud. The fraudsters have found an easier way to trick people into disclosing their personal/sensitive information by using a U.S. Government Web portal programming flaw. The flaw allows a phisher to redirect URL (Uniform Resource Locators) from the GovBenefits.gov domain to fraudulent Web sites.

The phishing e-mail advises the recipient that the IRS owes them several hundred dollars. The recipient can claim their refund via a Web link that is provided in the email. The e-mail recipient is told in order to avoid being redirected to a bogus site, the recipient should cut and paste the link into their Web browser rather than directly clicking on it.

The link in the e-mail does not take the recipient to a U.S. Government site, but rather a site owned by the fraudster who is anxiously waiting the individual’s social security number, credit card information, and other personal information.

The phishing Web sites are taken down as soon as possible. However, the fraudsters will continue to look and find other security flaws in targeted sites.

Prevent yourself from such an attack: - Do not open, click on, or cut and paste any unsolicited web links received in emails. - Contact FIRST FEDERAL Savings Bank immediately if you believe that your financial/account information has been compromised.

There are organizations on the Internet that offer free services such as e-mail or virus scanning. It is important to be aware that some of these companies have privacy policies that allow them to collect and share personal information about your browsing habits. These companies might also collect secure information from you. In addition, related software may be difficult to uninstall, despite your attempts to do so.

FIRST FEDERAL does not share or sell any customer information to third parties. However, it is important for you to be aware that some of the Internet companies that use technologies to intercept secure information will also have complete access to your personal information. When you accept an agreement with these companies, you are also agreeing that they can share your information with third parties.

What you can do:
1. Always read the contract and privacy policy before agreeing to install any software or use an Internet service.
2. When in doubt, do not accept the agreement.
3. Install spyware programs like AdAware to check your computer for software that collects this type of information.
4. Report suspicious organizations to the Federal Trade Commission.
5. Visit the Federal Trade Commission's identity theft Web site to learn how to minimize your risk of damage from identity theft. Information about FIRST FEDERAL'S Privacy Policy is mailed to our clients annually. In addition, you can read FIRST FEDERAL'S Privacy Policy on our Web site.

"Pharming" is the practice of redirecting Internet domain name requests to false Web sites in order to capture personal information, which may later be used to commit fraud and identity theft. For example, an Internet banking customer, who routinely logs in to his or her online banking Web site, may be redirected to an illegitimate Web instead of accessing his or her bank's Web Site. FIRST FEDERAL has steps in place to combat the art of "pharming" from happening to you.

Static domain name spoofing: The "pharmer" (the person or entity committing the fraud) attempts to take advantage of slight misspellings in domain names to trick users into inadvertently visiting the pharmer's Web site. For example, a pharmer may redirect a user to anybnk.com instead of anybank.com, the site the user intented to access.

Malicious software (Malware): Viruses and "Trojans" (latent malicious code or devices that secretly capture data) on a consumer's personal computer may intercept the user's request to visit a particular site such as anybank.com , and redirect the user to the site that the pharmer has set up.

Domain hijacking: A hacker may steal or hijack a company's legitimate Web site, allowing the hacker to redirect all legitimate traffic to an illegitimate site. Domain names generally can be hijacked in two ways:

Consumers can take these steps to prevent pharming attacks:

If you find a request for personal information in your inbox, you may think it's safe to click and comply, especially if the e-mail displays a familiar logo and convincing words and graphics. Better think again. Chances are this seemingly authentic message camouflages a "phishing" excursion angling to hook your identity.

Phishing, also called "carding" or "brand spoofing," is a serious Internet scam that trolls for your personal data by luring you to a replica of a well-known website. (The "ph" is a carryover from so-called "phone phreaking" attacks on the early 1970's telephone systems.)

The high-tech swindle begins with an unsolicited, but official-looking, e-mail that frequently uses scare tactics to reel in a reponse. It may, for example, threaten to close your bank account inless you verify some of your information. The e-mail will likely include a link that's a dead ringer for your bank's website address. But click that link and enter a password or account number, and you could be giving an Internet swindler free rein to your life savings.

At FIRST FEDERAL, we're aware of such scams, and because your privacy and account security are important to us, we maintain strict safeguards to help keep your data out of the phishing nets. You should know that FIRST FEDERAL does not:

While FIRST FEDERAL does its best to protect you, you also share responsibilty for maintaining secure account information. The following precautions will help you outsmart the phishing scam: