Alert for Consumers and Business Customers
Online banking customers of U.S. financial institutions are being targeted by a Zeus Trojan that is exploiting two trusted credit card security programs. This version of Zeus attempts to trick online banking customers into surrendering their personal and credit/debit card data by claiming new FDIC rules require that they enroll in either the Verified by Visa or MasterCard SecureCode program to protect their accounts.
After users have initiated a secure online banking session, the Zeus Trojan injects into the browser a facsimile of the familiar Verified by Visa and MasterCard SecureCode enrollment screen (see below). It then prompts users to enter their social security number, credit or debit card number, expiration date, and PIN or CSV code.
It is important to note that if a user receives this message their computer is already infected with the Zeus Trojan and must be scanned and thoroughly cleaned before accessing any web sites that may ask for personal information and/or require a user ID and password, such as an online banking site. As a reminder, never provide personal or financial information online or on the telephone unless you initiated the contact and know the party with whom you’re dealing.
The information gathered by Zeus is used by fraudsters to commit ‘card not present’ transactions with retailers that employ Verified by Visa and SecureCode protection. This stolen data allows criminals to impersonate their victims and register with these programs to ensure fraudulent transactions elude fraud detection systems.
As a reminder, it is important to review your bank statements regularly to ensure all of the transactions listed are legitimate. Contact Fifth Third immediately with any discrepancies you find on your statement.
Customers who supplied any personal data should call a Fifth Third Customer Service Professional at 1-800-676-5869 immediately.
Resources
Please be advised that the following links are not sponsored by Fifth Third Bank, nor do we provide any representations as to the accuracy of the information provided by the organizations. It is your decision as to whether or not to utilize these resources.
Reputable Online Resources Available Regarding Home Computer Security:
- http://www.cert.org/homeusers/HomeComputerSecurity/
- http://www.cert.org/tech_tips/home_networks.html
Reputable Anti-Virus Companies Offering Virus Removal Services:
- http://us.mcafee.com/virusInfo/default.asp?id=vrt
- http://www.symantec.com/norton/security_response/removaltools.jsp
Note: Please be aware that there is Malware out there that will not be detected by the standard anti-virus or anti-spyware tools, even if they are up to date. If you are experiencing fraud and running a standard anti-virus tool that is not detecting anything, we would strongly recommend that you have a qualified security analyst perform a more in-depth forensic analysis of the PC to ensure there are no rootkits or other such Malware running on it.
Alert for Business Customers Only
Mozilla Firefox users infected with the Zeus Trojan are getting a message that appears to be from Fifth Third Direct, but is not. The message indicates the user’s current Mozilla Firefox browser is not certified with Fifth Third Direct and asks the user to download Internet Explorer (IE) versions 6, 7, or 8. This is not a legitimate Fifth Third Bank message.
It is important to note that Fifth Third Direct customers who get this message are already infected with the Zeus Trojan.
Fifth Third Direct customers who receive this message need to remove the infected PC from the network immediately, and have it scanned and thoroughly cleaned before connecting it back to the network. If this message is received after recently releasing payments, contact your Relationship Manager or the Commercial Support Center at 1-866-475-0729.
As a reminder, it is important to review your bank statements regularly to ensure all of the transactions listed are legitimate. Contact Fifth Third immediately with any discrepancies you find on your statement.