Business Security Alerts

Customers have reported receiving fraudulent email


Tri Counties Bank received an alert today that customers have reported receiving fraudulent email messages from the IRS that reference a tax payment transaction and instructs the recipient to click on a link beginning with "tax report". These emails were not sent by the IRS. The IRS delivers payment status information to our financial institution customers via trusted channels, and do not communicate this information directly to customers. Do not to click on the links contained in these types of emails and to delete them immediately.
IRS Security Alert


Consumers have reported receiving fraudulent email


Tri Counties Bank received an alert today that consumers have reported receiving fraudulent email messages from the "Federal Reserve Wire Network" that reference a wire transaction and instruct the recipient to click on a link beginning with “federalreserve.gov” These emails were not sent by the Federal Reserve Banks. The Federal Reserve Banks deliver payment status information to our financial institution customers via trusted channels, and do not communicate this information directly to consumers. Do not to click on the links contained in these types of emails and to delete them immediately.


Phishing Alert - Email Claiming to be from the "Electronic Payments Association"


NACHA — The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA and signed by a non-existent NACHA employee. Specifically, this email claims to be from the “Electronic Payments Association” and appears to be coming from the email address “payments@nacha.org.” See a sample of the email below.

Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.

NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.

If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.

Always use anti-virus software and ensure that the virus signatures are automatically updated.

Ensure that the computer operating systems and common software applications security patches are installed and current.

Be alert for different variations of fraudulent emails.

= = = = = Sample Email = = = = = =
From: payments@nacha.org [mailto:payments@nacha.org]
Sent: Tuesday, February 22, 2011 7:32 AM
To: Doe, John
Subject: ACH transaction rejected
The ACH transaction, recently sent from your checking account (by you or any other person), was cancelled by the Electronic Payments Association.
Please click here to view report
= = = = = = = = = = = = = = = = = = = =

Please contact the following staff with any questions regarding this matter:
Scott Lang, AAP
Senior Vice President, Association Services
703-561-3918
slang@nacha.org
Questions on Phishing?
Call WesPay's ACH experts for help. WesPay ACH Hotline & Helpline:
(415) 373-1200 or (206) 622-7846


Fraudulent Maintenance Notice

tri counties bank has been made aware of an exploit which affects customer’s computers and that prevents them using the eCash product. If you are not able to log into eCash, and we have not notified you of maintenance, please contact 530-879-4241 as soon as possible.

If your computer has been compromised, you will be presented with a maintenance notice stating that you cannot log in. An example of a fraudulent maintenance notice may look like this:
example of phishing error
If you see this message at any time while accessing eCash, stop using this computer and call 530-879-4241 immediately.


Electronic Federal Tax Payment System (EFTPS)

Tri Counties Bank was notified of a phishing scam targeting users of the Electronic Federal Tax Payment System (EFTPS), a free service provided by the U.S. Department of the Treasury. The recent fraudulent format uses an email message that claims to be a rejected tax payment and directs users to a fake website for additional information. If you receive one of these messages claiming to be from the EFTPS or IRS, don't open it or click any link. Call the agency to verify whether they are trying to contact you. Please feel free to contact us at 530-895-7580 if you would like additional information.

Computer Safety Tips

Protecting your information is a priority to Tri Counties Bank. Following these simple steps will help protect your information from hackers. Every computer, which is connected to internet, is at risk from viruses and hackers’ attacks if there are no antivirus software and firewall installed. A computer can be protected with secure passwords, antivirus software, encryption methods, defragmentation, updating operating system regularly, scanning email attachments and controlling internet activities. The major threats to a computer are internet scams, phishing, internet fraud, web worms, virus hoaxes, spyware, Trojan horses, hackers’ attacks, p2p files sharing and internet fraud.

  • Website information - Limit the personal and financial data you send to websites.
  • Online Banking- Designate one PC for online banking only.
  • Antivirus Software - Use it! Download and install the updates every week or two.
  • Personal Firewall Software - Another essential piece of software, especially if you are browsing with a permanent internet connection. A firewall will block incoming connections to your computer thus keeping out hackers.
  • Passwords - Use long, random passwords. Don't store your passwords on your computer.
  • E-mail - Delete spam without opening or reading it Never open an attachment unless you are certain you know who sent it and what it contains.
  • Surfing The Web - Browse the web with cookies disabled. Only allow cookies from web site you will revisit.
  • Encryption - You can protect your data by installing an e-mail and file encryption program.
  • Shut Down - Be sure to turn off your computer when you are not using