Security Alerts

Click on an alert below to read the full story.

February 11, 2015: Fraudulent Phishing Text Message

We have been notified of a phishing attack that has affected several of our customers. Phishing is an attempt to acquire sensitive information such as login IDs, passwords, and debit/credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

Text messages have been sent from online.firstamericanbnk-il@1bn.net stating "(alert) ATM/CARD_ will be _ BLOCKED" as shown below. The text directs the reader to click on a link to a website that is in no way affiliated with First American Bank. These are fraudulent text messages and are not sent by First American Bank. We have notified authorities and have taken action to successfully shut down the fraudulent sites involved in this phishing campaign.

 
Remember that First American Bank, like all legitimate companies, will never ask for your social security number, credit and debit card numbers, PINs, checking account numbers or other personal information in response to emails or text messages.
 
If you have received one of these text messages and entered your information, please call us at (847) 952-3700 as soon as possible so we may take action to protect your account.
 
As a reminder:
  • Never provide your online banking Login ID or password through telephone, email, text message or SMS.
  • Never provide confidential information like your PIN, account number or social security number over the telephone or on a website.
  • Never provide answers to challenge or authentication questions.

June 13, 2014: Fraudulent Website acting as First American Bank

Yesterday we became aware of a website which is deceptively similar to First American Bank’s legitimate website. We believe this website is being used to commit financial crimes and identity theft.
 
The fraudulent site, www.firstambank.net, uses a combination of genuine First American Bank graphics and other content to make the website appear legitimate. Often these sites contain misspellings or grammatical errors. It is a clever attempt to obtain account information as well as personal information from unsuspecting individuals who are directed to that site. We are working to have the website taken down, but it has been resurrected at least once. A copy of the fraudulent website is below.
 
 
To protect yourself from fraudulent websites make sure that your browser’s security filters and privacy settings are properly enabled to detect this type of fraud. These features are designed to warn you if the website you are visiting is impersonating another website or contains threats to your computer. Safari, Google Chrome and Mozilla Firefox enable these features by default. In Internet Explorer, however, the feature, called "SmartScreen Filter", must be enabled by going to Tools >SmartScreen Filter and following the prompts.
 
If you have additional questions about how to protect your information while online, you can visit any of the following U.S. government websites:
Remember that First American Bank, like all legitimate companies, will never ask for your social security number, credit and debit card numbers, PINs, checking account numbers or other personal information in response to emails or text messages.
 
If you have visited this fraudulent site and entered your information, please call us at (847) 952-3700 as soon as possible so we may take action to protect your account.

April 30, 2014: Internet Explorer Bug

Microsoft has acknowledged a security flaw that could put online users at risk. IE versions 6 through 11 have a flaw that may allow a hacker to secretly take over your computer by tricking you to click on malicious links which can take you to a website that looks like a legitimate website.
 
"An attacker would have no ability to force users to visit these [compromised] websites," says Greg Garcia, advisor, Financial Services Information Sharing and Analysis Center. "Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message that takes users to the attacker's website."
 
Click on the following link or copy and paste it into a new web browser for information on how to defend against the bug: http://www.cnet.com/news/microsoft-tells-ie-users-how-to-defend-against-zero-day-bug/
 
Of course an easier solution may be to use a different web browser until Microsoft has published a fix.
 
Update - Microsoft released a Security Update https://support.microsoft.com/kb/2965111

April 10, 2014: OpenSSL Vulnerability

Stories in the press over the last few days highlight a serious vulnerability existing on websites using some versions of Open Secure Sockets Layer Architecture (OpenSSL).
 
OpenSSL is a technology used to secure web connections. The vulnerability is created by a software bug now commonly referred to as Heartbleed. A Heartbleed intrusion can enable access to sensitive information valuable to cyber criminals in order to compromise the website.
 
To protect our customer’s accounts and other sensitive information, First American Bank employs multiple layers of security. Our Information Security Team has reviewed the protections in place and verified that all online banking services through which we enable access to your accounts are not susceptible to this vulnerability. You may continue to use our website www.firstambank.com for online access to your accounts without concern.
 
In addition to our aggressive cyber security protection measures, we advise and encourage our customers to:
  • Change your passwords regularly.
  • Use different and strong passwords for your banking websites. Strong passwords use a minimum of eight characters, upper-case and lower-case letters, numbers and permitted symbols.
  • Do not use the same password for access to all of your banking websites as you use for other internet accounts such as gaming sites, social networks or other sites with controlled access.
  • If you have inadvertently used the same password on your banking sites and at other sites with similarly restricted access, take a moment to change your password now.
  • Protect all your computers, mobile phones and tablets by installing malware detection software for virus detection and firewall protection.
  • Update the operating system of such devices so they are current.
  • Stop using any operating system no longer supported by its manufacturer, such as Microsoft XP and Ubuntu 12.04.
  • Use the most current version of your preferred browser.

February 28, 2014: Taxi Cab Card Compromise

As you’re hearing more and more in the news about the theft of debit and credit card data, we at First American Bank wanted to let you know that we are doing everything we can to ensure our customers are protected and will go to great lengths to do so.
 
We are advising you not to use your First American Bank debit cards (or any other cards) in local taxis. We have become aware of a data breach that occurs when a card is used in Chicago taxis, including American United, Checker, Yellow, and Blue Diamond and others that utilize Taxi Affiliation Services and Dispatch Taxi to process card transactions.
 
We have reported the breach to MasterCard® and have kept them apprised of details as they’ve developed. We have also made repeated attempts to deal directly with Banc of America Merchant Services and Bank of America, the payment processors for the taxis, to discontinue payment processing for the companies suffering this compromise until its source is discovered and remediated. These companies have not shared information about their actions and appear to not have stopped the breach.
 
Since identifying the scheme, we have continuously monitored activity on our customers’ cards. Until the situation is rectified, we will continue to close and reissue cards that have been exposed. This interruption of card services has inconvenienced our customers while they wait for a new card. This can be particularly problematic for customers who are traveling. We believe strongly that the sanctity of our customer’s ability to access their funds without such risk of interruption is a bed rock principle in customer service, and we do so only in cases of extreme risk.
 
We have submitted a complaint to the City of Chicago Department of Business Affairs and Consumer Protection to get its help to stop the fraud, and have shared the information we have with the appropriate authorities. We ask that you not use your card in taxis until we can advise you that this criminal activity has been stopped.
 
As always, please monitor your account for any suspicious activity and report it right away to (847) 952-3700. Make sure we have your most current email and phone numbers on file so that we can contact you immediately in the event of another breach. Thank you for choosing First American Bank. We appreciate your business.

February 19, 2014: Fraudulent Vishing Phone Calls

We have been notified of a vishing attack that has affected several of our customers. A vishing attack is an attempt to extract confidential information through deception or trickery via telephone.
 
Phone calls have been made through an automated telephone dialing service stating that their debit card has been deactivated and they will need to enter the full card number to reactivate their card. It then repeats the card number back incorrectly and asks them to re-enter the number. These are fraudulent telephone calls and not sent by First American Bank.
 
If you have received one of these calls and entered your information, please call us at (847) 952-3700 as soon as possible so we may take action to protect your account.
 
We will never ask you for your debit card number over the telephone or through email. If you’re not sure if it’s a valid request, hang-up and call us to verify.
 
As a reminder:
  • Never provide your online banking Login ID or password through telephone or email.
  • Never provide confidential information like your PIN, account number or social security number over the telephone or on a website.
  • Never provide answers to challenge or authentication questions.
  • If you receive a suspicious email requesting confidential information, delete it right away. The sender could be trying to download malware to your computer.
Please make sure that we have your most current email address and telephone number should we need to contact you regarding possible fraud.

Contact Us

 

Report fraud or suspicious activity
847-952-3700
 
 
Report a lost or stolen debit card
847-952-3700
 
 
Report suspicious emails, phone or text messages
Email This Page