February 14, 2013
Fraudulent Email from Fiserv
Fiserv is the latest victim of a “Phishing” attack. Fiserv, Inc. is a global provider of financial services technology. The company serves more than 16,000 clients worldwide, including banks, thrifts, credit unions, investment management firms, leasing and finance companies, retailers, merchants and government agencies. Use caution if you receive an email claiming to be from Fiserv.
Phishing (pronounced "fishing") is an electronic scam that attempts to obtain confidential personal or financial information from its target. Phishing takes the form of a fake message, usually an email, which appears to be from a financial institution or service provider. The message usually includes the company name, logo and a link to a Web site which instructs you to update your account information by providing your Social Security number, bank account number, PIN, password, birth date, etc. with a dire warning if action isn't taken. A phisher can then use your personal information to commit fraud.
The fraudulent Fiserv email advises the recipient to open an attachment that contains “zero day” malicious software (malware). The malware may request or capture the user’s passwords or personal financial information, and may disrupt or damage the user’s systems. If you receive such email, delete it immediately. Never open it, never click on its links, never open its attachments, and never reply or forward it. If you have clicked on it, notify your organization’s information technology security department or help desk as soon as possible.
Here is a sample of the email:
From: Fiserv Secure Notification <email@example.com>*
Subject: [Released by Allow List]Fiserv Secure Email Notification – FS1TQSM8
Attachment: Notification_FS1TQSM8.zip[100 KB]
You have received a secure message.
Read your secure message by opening the attachment, Notification_FS1TQSM8.zip. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it in a Web browser. To access from a mobile device forward this message to firstname.lastname@example.org (Please note this is NOT a valid email address from Fiserv) to receive a mobile login URL. If you have concerns about the validity of this message, please contact sender directly. For questions about secure e-mail encryption service please contact technical support at 888.274.5533.
2000-2013 Fiserv Secure Systems, Inc. All rights reserved.
*PLEASE note that this is NOT a valid email address from Fiserv.
If you have questions about whether a communication you’ve received is legitimate, please contact National Penn’s Customer Service at 1.800.822.3321.