Your financial security is one of Fox Chase Bank's primary concerns. We strive to keep your personal identity and your
banking assets safe and secure. Yet, we need your help too. The information in this section is provided to help you do
your part in securing your personal identity and your banking assets. Check back often, to get the latest news, up to date videos and to learn tips for protecting yourself and your finances.
In addition to the security alerts below, here are some useful links from the Federal Trade Commission's website which provide detailed information to help you deter, detect, and defend against identity theft.
Dridex is the latest in a string of online banking viruses and malware. Dridex is related to the malware known as Zeus, designed to help attackers steal users' banking credentials.
Dridex uses an old-fashioned method of attack, using “macros” (electronic instructions that make computers launch into tasks) embedded in Microsoft Word documents.
Dridex works like this: hackers send high-volume email phishing attacks, sometimes appearing to be from trusted companies. The emails contain attachments, typically Microsoft Word documents, which appear to the unsuspecting user to be an invoice or some other financial document. Users click on the document which unleashes malware onto their computers, where it finds files or activity related to online banking and steals online-banking usernames and passwords. Then, through a phony bank website or a fake pop-up window, the attackers trick users into giving additional personal data such as Social Security numbers.
Tips for protecting against Dridex:
- Ensure your spam filters and antivirus software is in place and up to date — These can analyze attachments for signs of viruses or malware.
- Disable “macros” on your personal computing devices
- Continually update security patches when prompted by your computing device to do so
- Never click, open or forward an email that seems at all odd or suspicious. Even if the email looks like it is from a legitimate source, a cyber-criminal may be trying to impersonate a person or company you recognize.
If you believe you have been the victim of a Dridex or are unsure about the authenticity of any correspondence related to a Fox Chase Bank service please contact Customer Care at 866-369-2427 option 1.
Important Debit Card Information
The protection and security of your banking information is our highest priority. We want to share with you some important reminders regarding the use of your Fox Chase Bank Visa Check Card ("debit card"):
BASH Vulnerability Alert
1. Use your PIN for debit card transactions to reduce the risk of fraud: Due to the large number of card data thefts from merchants, such as those at Target & Home Depot, we suggest you enter your PIN (Personal Identification Number) rather than using your signature when making debit card purchases. Should you decide to sign for your transaction and be declined, please try your purchase again using the "debit" button.
2. Planning to Travel? We want your next trip to be as hassle free as possible: To help prevent interrupted service with your Fox Chase Bank debit card, please notify us prior to traveling outside of the tri-state area (PA, NJ, DE). Notifying us will help to ensure your debit card purchases are not blocked by our FraudWatch service. Without notification of your travel usage of your debit card could be blocked for transactions that are different from your normal spending habits. To notify us of your travel plans, simply call Fox Chase Bank Customer Care at 866-369-2427 or visit your local branch before leaving for your trip.
If you have any questions, please do not hesitate to contact Customer Care at 866-369-2427 Monday-Friday 8:00am-6:00pm, Saturday 9:00am-1:00pm. Thank you for banking with Fox Chase Bank.
You may have heard about the Shellshock (BASH) computer systems vulnerability in recent news reports. As with any issue of this type, your security is our top priority at Fox Chase Bank.
- We are aware of the bug
- At the present time we have no reason to believe that there is an impact to our systems, including online or mobile banking
- We are working with our Service Providers to ensure that they are taking the necessary steps to protect confidential information
- We will continue to monitor the situation and will take the necessary steps to mitigate any impact
Any new developments or changes will be promptly posted on this security page of our Fox Chase Bank website. Additionally, you may contact our Customer Care Center Monday through Friday from 8 a.m. to 6 p.m. ET at 1-866-369-2427 or via email at CustomerCare@FoxChaseBank.com
Important Debit Card Information
The protection and security of your personal information is our highest priority. Due to the large number of merchant compromises, such as those at Target & Michaels, our fraud detection software which monitors debit card transactions may require you to enter your PIN (Personal Identification Number) rather than using your signature when making debit card purchases.
“Heartbleed” Bug Information
To help protect you from fraud we may occasionally block signature based transactions at certain merchants or locations inside and outside our service area.
Should your card transaction using your signature be declined, please try your purchase again using “debit” and key in your PIN.
In addition, if you will be traveling, we recommend you notify us regarding the VISA® debit card(s) you plan to use. This travel notification will help to ensure your authorized debit card purchases are not blocked by our Fraudwatch service.
We apologize for any inconvenience this may cause. If you have any questions, please do not hesitate to contact Customer Care at 866-369-2427 Monday-Friday 8:00am-6:00pm, Saturday 9:00am-1:00pm.
Fox Chase Bank takes your online banking security seriously. We are monitoring developments related to the “Heartbleed” computer software bug that you may have heard about. We have analyzed our online banking services and at this time have not uncovered any vulnerabilities related to this bug. Rest assured that we are keeping a close watch on the situation and will keep you updated if we become aware of any additional developments.
As always, please keep in mind the following recommended practices:
- Be sure to use different passwords for the various online sites you may use - especially for online banking.
- Update/change your online banking password regularly.
- Closely monitor all transactions occurring in your Fox Chase Bank accounts by checking your online banking history and/or monthly account statements.
Should you have any questions or see any unusual activity in your accounts, please be sure to contact our Customer Care Center at 866–369–2427 between 8:00 – 6:00 PM on Monday – Friday and 9:00am – 1:00pm on Saturday.
Please be on the alert for a text message from the "Consumer Protections Department." The text reads as follows: "Your ATM card debit has been put on hold. Call Customer Protection Department end follow the steps to resolve this issue."
Please note, this text is not from Fox Chase Bank. Fox Chase Bank will never contact you via text for confidential personal information. If you receive a text similar to the one above, please delete it. If you have concerns, please do not hesitate to contact our Customer Care Center at 866-369-2427.
Recent Security Breaches
Important information concerning recent debit card security breaches
Target Security Breach
Target has reported that an unauthorized party gained access to credit and debit card information recently. Specifically, anyone who paid with any credit or debit card at a Target
store between November 27, 2013 and December 15, 2013 may have had their card information compromised. If you used your Fox Chase Bank Visa Check Card at a Target store during the
period in question, a Fox Chase Bank representative has already been in contact with you.
We are sending you this communication today to warn you about additional scams that may be perpetrated as a result of Target's reported payment card compromise. Target is
instructing their customers:
If you receive a call, text, or email from anyone who says they are from Target asking for your social security number, credit card number, and/or other
personal information, DO NOT PROVIDE IT.
In addition, be wary of scams that may appear to offer some kind of protection but are really trying to get personal information from you. If you have any suspicions about the
authenticity of an email or text, do not click the links in it.
Target has also recommended that customers with any questions or concerns should visit Target.com/PaymentCardResponse
as a resource for official communications that
Target has sent to their customers.
Fox Chase Bank apologizes for any inconvenience that this incident may cause you. If you have questions or concerns, please do not hesitate to call our Customer Care Center at 1-
866-369-2427. Our business hours are Monday through Friday 8:00am to 6:00pm and Saturday from 9:00am to 1:00pm.
Fraud alert: How to prevent holiday-related identity theft
Although identity theft is a year-round problem, fraud prevention experts warn that the holiday season is prime time for this crime.
A recent survey found that 21 percent of online shoppers would provide their mother's maiden name to make a purchase; 14 percent would provide a family member's birthday. And even though the number was small, 2 percent would give out their Social Security number. If identity thieves get this information, they can find other information about you resulting in identity theft.
When registering on an online shopping website, it is recommended that you create a different password than what you have used for any other sensitive online accounts such as online banking, credit card, or websites where you pay a bill. It may cause you an inconvenience, but if thieves steal your password, they may attempt to hack into other website accounts that you have.
Listed below are other ways that identity thieves may try to steal your information:
Bogus websites with screaming deals
Beware of websites that offer popular holiday gifts that are significantly cheaper than everywhere else. Identity thieves will sometimes create these bogus sites. If you buy something, you won't get your merchandise and the crooks will have your card number and other personal information. If you are using a new merchant website for the first time, check the merchant out before you provide any personal information. Determine how long have they been around and whether they are rated by the Better Business Bureau.
Digital greeting cards loaded with merry malware
Identity thieves are also known to send out holiday eCards that are loaded with viruses and other malware. They use social media sites to send infected greeting cards that look like they're from someone you know. Don't click the links in the body of an email alerting you about an eCard and don't open any attachment. You can always check to see if that person really did send you a card. The safest way to get an eCard is to go to the greeting card company's website and enter the greeting card number listed in the email.
Bogus shipping notices
Identity thieves send out bogus shipping alerts designed to look like they're from FedEx, UPS or the U.S. Postal Service. They're hoping you'll click on the link, which loads malware onto your computer or takes you to a phishing website they've created. Only use tracking numbers provided to you in the initial email you get right after you make the purchase. Go to the store's website to track any packages you're expecting.
The Office of the Comptroller of the Currency (OCC) has been informed that an entity entitled AmTrade International Bank is involved in a scheme that involves soliciting consumers for semi-secured credit cards through the U.S. mail. Potential victims receive solicitations and program agreements, which may mention that Credit One Bank, N.A., is connected with the card agreement. Credit One Bank, N.A., has no connection to this entity. The victim is requested to submit a check payment in an amount ranging from $500 to $900 as a deposit to obtain a semi-secured credit card, with the understanding that he or she is entering into a program to rebuild poor credit. The check is cashed, but the victim never receives the anticipated credit card.
This fraudulent entity is purportedly located at 601 NE 11th Street, Suite #418, Fort Lauderdale, Fla. Both the Web site of AmTradeInternational.com and the associated telephone number of (800) 470-1082, which are provided within the AmTrade International Bank correspondence, are no longer in service.
Because of the possibility that variations on this scheme may be used, consumers should use caution when responding to any unsolicited correspondence, especially when an entity is requesting that funds be provided.
US Airlines Scam: This scam arrives in the mail and, oftentimes, includes a letter notification and a voucher check. The letter alerts you that the enclosed voucher can be redeemed for 2 round trip airlines tickets.
Although these letters may look legitimate, they are not. The phony name "US Airlines" is supposed to resemble the real "United Airlines" or "US Airways". The letters are NOT from a real airline. Additionally, what appears to be a check is not and should not be deposited into your bank account. This is a phishing scam attempting to acquire your personal information.
Click here to view a copy of the scam.
'Project Mayhem' hacks accounting software. Researchers December 6 unleashed proof-of-concept code that would allow an attacker to basically write himself a check from the victim organization's account. The Python-based tool is just one example of the type of advanced financial fraud that could be perpetrated against accounting applications and databases, according to SecureState researchers, who at Black Hat Abu Dhabi demonstrated their tool and findings on threats to accounting software. They focused their efforts on Microsoft's Dynamics Great Plains application, but they said the same types of attacks could also be aimed at other accounting packages. No vulnerabilities were discovered or exploited in the Microsoft product. The Mayhem script detects that the Microsoft software is running, and creates a backdoor for the attacker to remotely make SQL queries and commit all types of financial fraud. ?It doesn't even need to install a traditional piece of [trojan] backdoor malware like? most financial fraud malware does today, said the manager of SecureState's penetration testing team. ?We compare it with a banking Trojan that hijacks [automated clearing house] ACH and wire transfers without the user's knowledge, but this time we're looking at the accounting system instead of the online banking session,? he said. Microsoft's accounting program is not the only potential victim. The manager said the same concept could be applied to MAS 90, Peachtree, Oracle, and SAP.
Recent IRS Scam
If you receive an email, similar to the one below, from the IRS please delete it immediately and do not click on the links:
Dear business owners,
Due to the alterations in the taxation policies that have been recently ratified, IRS informs that LLC, C-Corporations and S-Corporations have to validate their EIN in order to confirm their actual status. You have 14-day period in order to examine all the changes and make necessary amendments. We are sorry to cause inconvenience.
For the details please refer to:
Internal Revenue Service Representative
If you have any doubt about the authenticity of a website, do not provide any personal information.
If you believe you have been the victim of a Phishing attempt or are unsure about the authenticity of any correspondence related to a Fox Chase Bank service please contact us immediately at email@example.com or call 866-369-2427 option 1.
The Hidden Dangers of QR Codes...
Those black and white squares you see in ads may look harmless, but lurking behind the quick response code is the very real possibility of a malicious attack.
More than 30%of QR code readers in the Google Play app store are malicious, according to the Chief Technology Officer at database security company GreenSQL.
Oftentimes, companies do not generate their own QR codes and use a third party that lets them generate the codes through their system. Even if the original link was legitimate the ownership of the original link can be manipulated and forwarded to a site where malware can attack the smartphone.
What can you do to protect yourself? Make sure the link inside the QR code is under the company's domain such as foxchasebank.com. This will make it much harder for a fraudster to manipulate or hack in.
Fraudsters are becoming increasingly more sophisticated in their cyber-crime schemes. The newest threat is called Citadel. Cyber-criminals using Citadel can hijack a computer with "drive-by downloads" - which are websites that automatically install malware that overtakes a computer. Once launched the malware locks the computer and displays a message that the user has violated a federal law. Oftentimes the message appears to be from the FBI, stating that a user has visited a website with illegal content.
In order to unlock the computer the user is asked to pay a fine to a government agency. This fine is a scam and an attempt to capture personal information, online banking credentials, credit card info or other personal information.
To help mitigate such threats all customers should download Fox Chase Bank's Trusteer Rapport security solution. Trusteer creates a secure connection between a computer and Fox Chase Bank's online banking system. In addition, the solution will protect access to other designated websites, alerting you to any fake websites, as well as guard your log-in credentials from being stolen by an unauthorized party.
On April 10, 2012 in a Consumer Alert, the Federal Deposit Insurance Corporation (FDIC) advised that it has received numerous reports of a fraudulent e-mail that has the appearance of being sent from Publishers Clearing House with reference to FDIC.
The e-mail informs the recipients that they have won a large cash prize, but requires a "Check Insurance Certificate from FDIC." The message states that FDIC will be "requesting a fee of $1,000.00" to provide the "Check Insurance Certificate." A phone number and e-mail address are provided to obtain instructions on how to send the requested fee.
The e-mail is fraudulent and was not sent by FDIC or Publishers Clearing House. Recipients should consider this to be an attempt to steal money or collect personal or confidential information.
WARNING: Fraudulent email
If you receive an email similar to the one shown below, please be aware that it is a scam. Do not click on any of the links in the email and delete it immediately. Please always be cautious of links that appear in emails and of emails referring to passwords and personal information.
This notification is mailed to you concerning your online banking user password has been expired.
Create a new user password by following these steps:
1. Log into your online banking by our secure link for Expired Password and entering the temporary password below.
Your temporary password is: cn34R%vnjerFD
2. You will then be prompted to change your password.
This temporary password will expire in 24 hours.
Warning from the OCC
Fictitious correspondence, allegedly issued by the Office of the Comptroller of the Currency (OCC) regarding funds purportedly under the control of the OCC and other government entities, is in circulation. Correspondence may be distributed via e-mail, fax, or postal mail.
Any document claiming that the OCC is involved in holding any funds for the benefit of any individual or entity is fraudulent. The OCC does not participate in the transfer of funds for, or on behalf of, individuals, business enterprises, or governmental entities.
The letters may indicate that funds are being held by the OCC, the U.S. Department of Homeland Security, or the U.S. Department of Justice because of the need for payment of a 0.059 percent revenue charge to the U.S. Internal Revenue Service.
The correspondence in question contains forged signatures of actual OCC officials. In addition, the material contains a fictitious mailing address that is not associated with the OCC.
Before responding in any manner to any proposal supposedly issued by the OCC that requests personal information or personal account information, or that requires the payment of any fee in connection with the proposal, you should take steps to verify that the proposal is legitimate. At a minimum, the OCC recommends that you
contact the OCC directly to verify the legitimacy of the proposal (1) via e-mail at firstname.lastname@example.org; (2) by mail to the OCC's Special Supervision Division, 250 E St. SW; Mail Stop 2-7, Washington, DC 20219; (3) via fax to (202) 874-5214; or (4) by calling the Special Supervision Division at (202) 874-4450.
contact state and/or local law enforcement.
file a complaint with the Internet Crime Complaint Center at www.ic3.gov, if the proposal appears to be fraudulent and was received via e-mail or the Internet.
file a complaint with the U.S. Postal Inspector Service by telephone at (888) 877-7644, by mail at U.S. Postal Inspection Service, 222 S. Riverside Plaza, Suite 1250, Chicago, IL 60606-6100, or via online complaint form at: https://postalinspectors.uspis.gov/forms/MailFraudComplaint.aspx, if the proposal appears to be fraudulent and was delivered through the U.S. Postal Service.
FTC Offers Warning, Advice on Tax-Related Identity Theft
Did you know that your Social Security number can help an identity thief get a job, or the tax refund that should be yours?
The Federal Trade Commission, the nation's consumer protection agency, cautions that thieves can use a stolen Social Security number to apply for a job or file for a tax refund under a false identity. The FTC advises that, if you think this has happened to you, or if you get an Internal Revenue Service notice indicating a problem, contact the IRS immediately for help with your tax return, any refund, and protecting your IRS account from identity theft in the future.
The FTC also recommends three steps to minimize the potential damage from identity theft:
Put a fraud alert on your credit reports
Review your credit reports
Create an identity theft report by filing an identity theft complaint with the FTC and filing a police report.
Read the FTC's Tax-Related Identity Theft to learn how to uncover and deal with this problem, how to avoid phishing scams, and how to contact the IRS. For more information, visit the FTC's identity theft website.