09/29/2014 DYRE MALWARE NOTICE
We would like to inform you about updates to Lewiston State Bank free IBM Trusteer Rapport product and its protection against Dyre malware, which has been reported as a recent computer threat.
Dyre is a piece of financial targeted malware, that is a malicious program illegal installed on infected computers, that uses an attack technique that redirect infected online users to a fraudulent website served by the malware – a copycat website of the financial website. The user "logs in" to the site, submits their online banking login credentials and extra information required to make a transaction. The login information is instantly forwarded to a fraudster. The fraudsters use these details to log in to the real financial institution website from the customers computer in an unseen, parallel session to conduct an account takeover attack.
Lewiston State Bank provides the IBM Security Trusteer Rapport free of change which will provide online users full protection from this malware. The malware installation is prevented on devices on which Trusteer Rapport is installed. If the malware is already installed on the device, Trusteer Rapport will remove the malware. Learn more and install Trusteer Rapport.
Lewiston State Bank also deploys a number of other security measures to help online users determine the authenticity of our website. In the address bar of your web browser you may have noticed a green bar containing our name. We provide an Extended Validation security certificate to help online visitors confirm our website. In online banking we also provide a watermark, which is a unique security image, to help online users confirm they are logging in to the actual online banking website.
If you have any online security related question, please contact customer service at 1-800-233-6510. We also invite you to learn more about online security recommendations we have placed our website.
08/21/2014 ALBERTSONS & SUPERVALU CARD COMPROMISE
In August the Albertsons Super Market Chain and its security provider SUPERVALU reported that they were investigating a possible card data breach at a number of its locations. Upon further investigation, it has been reported that customers who used their debit or credit card at Albertsons stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah were impacted. In addition, ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; Jewel-Osco stores in Iowa, Illinois and Indiana; and Shaw's and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island were all impacted by this incident.
The company released a statement on August 15, 2014 confirming the breach, "…..At Albertsons, nothing is more important to us than your trust. Our team works hard to earn that trust through offering great value, service and quality products.
These days, we know you are also concerned about the security of your payment card data, and we work hard to protect it. Unfortunately, like many other retailers over the past few years, Albertsons has recently learned of an unlawful intrusion to obtain credit and debit card payment information in some of its stores. The appropriate federal law enforcement authorities have been notified, and Albertsons is working closely with its third party IT services provider, SUPERVALU, to better understand the nature and scope of the incident. Third-party data forensics experts are supporting an ongoing investigation. It has not yet been determined whether any cardholder data was in fact stolen, and currently we have no evidence of any misuse of customer payment information.
Importantly, Albertsons believes that the intrusion has been contained and is confident that its customers can safely use their credit and debit cards in its stores.”
Albertsons went on to mention that they would also offer affected customers a complimentary 12 month consumer identity protection service. For the link to the service and for the company’s full statement, please click on the link provided below.
The compromise dates for the breached data are June 22, 2014 to July 17, 2014. If you have questions or concerns, please contact Lewiston State Bank customer service @ 1-800-233-6510 toll free to request a new card today.
Albertson’s website notice
12/24/2013 Target Card Compromise
TARGET COMPROMISE: If you used your Lewiston State Bank Debit or Credit card at a Target store anytime between November 27th – December 15, 2013 Target has confirmed that your card number has been compromised as part of their nationwide card compromise that recently affected more than 40 million cards. To protect your account against future possible fraudulent transactions, Please contact Lewiston State Bank Customer Service @ 1-800-233-6510 to request a new card today.
Target's official communications
Target's Frequently Asked Questions
11/27/2013 FBI Provides Holiday Shopping Tips
The FBI reminds holiday shoppers to beware of cyber criminals who are out to steal money and personal information. Scammers use many techniques to defraud consumers, from phishing emails offering too good to be true deals on brand-name merchandise to offering quick cash to victims who will re-ship packages to additional destinations. Previously reported scams are still being executed today.
They suggest when shopping online to use reputable sites because often consumers are shown specials on the web, or even in email offers, that look too good to be true. These sites are used to capture personally identifiable information, including credit card numbers, addresses and phone numbers to make fraudulent transactions. In an FBI November 26, 2013 public service announcement they state, "It’s best to shop on sites with which you are familiar and that have an established reputation as trusted online retailers" referencing the MRC, a nonprofit that supports and promotes operational excellence for fraud, payments and risk professionals within eCommerce.
Some additional tips provided by the FBI to avoid becoming a victim of cyber fraud:
- Do not respond to unsolicited (spam) email.
- Do not click on links contained within an unsolicited email.
- Be cautious of email claiming to contain pictures in attached files; the files may contain viruses. Only open attachments from known senders. Scan the attachments for viruses if possible.
- Avoid filling out forms contained in email messages that ask for personal information.
- Always compare the link in the email to the link you are actually directed to and determine if they match and will lead you to a legitimate site.
- Log on directly to the official website for the business identified in the email instead of “linking” to it from an unsolicited email. If the email appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.
- Contact the actual business that supposedly sent the email to verify that the email is genuine.
- If you are requested to act quickly or there is an emergency that requires your attention, it may be a scam. Fraudsters create a sense of urgency to get you to act quickly.
- Remember if it looks too good to be true, it probably is.
09/11/2012 FBI Warns of Citadel Malware
The FBI warns that hackers are using a form of malware, called Citadel, to hijack victims'
computers. Computers are infected by visiting infected websites. The malware is reportedly
automatically installed after visiting an infected website and the computer is then taken over.
Once loaded the, malware may freeze the computer and request money to remove the freeze or
display a notice indicating that the infected user's computer was used illegally to access
illegal sites and that they are required to pay a fine to the U.S. Department of Justice.
Infected individuals are asked to make payments to unfreeze their computers via prepaid money
card service. This is of course a crime benefiting online fraudsters. If you believe you have
been infected the FBI warns that this form of malware is difficult to remove and may even linger
on computers to attempt to capture online usernames and passwords to financial websites. They
recommend you work with a computer expert to remove this malware if you are infected.
If you believe you have been infected with malware or if you have any questions about online
banking security, please contact Lewiston State Bank customer service at 1-800-233-6510.
09/11/2012 Malware Computer Takeover
Lewiston State Bank has received a notice from our online banking service provider
that they have seen an increased activity with a malware screen takeover that is targeting
online banking users with tokens. This particular malware (malicious computer virus) will
prompt an infected user to input account and/or token data, which then results in another
screen prompt indicating that the user will be unable to access their online banking
for 24-hours while maintenance is performed. This allows online fraudsters to take over the
computer session and to commit financial fraud.
A similar variant reportedly provides the infected user with a screen pop up asking for
several pieces of personal information, including a phone number. Upon completing the
questions, the infected user receives a phone call immediately from a caller claiming to
be a bank employee letting them know the system will be down for maintenance as well.
Our service provider has recommended customers request IP restrict to block such
attempts. Lewiston State Bank has additionally posted security recommendations on our
website for protecting both yourself
and your business
If you believe you have been infected with malware or if you have any questions about online
banking security, please contact customer service at 1-800-233-6510.
09/14/2011 Auto-dialer Call Claiming to Be From Lewiston State Bank
Lewiston State Bank has received reports of a fraudulent telephone auto-dialer
calling customers and instructing them to provide information to unblock their bank
cards. This is not a bank notification and if you have responded to this call please
contact Customer Service at 1-800-233-6510 immediately.
09/07/2011 Email Claiming to Be From the FDIC Claiming Issues with Online Banking
Lewiston State Bank has received reports of fraudulent emails circulating claiming
to be from the FDIC that are notifying recipients that they have issues with their
online banking. The emails request that recipients click a link in the body of the
email to fix their online banking access. Please note that this is a fraudulent
email and that the FDIC would not notify you of access issues to your bank's online
If you have any questions or concerns regarding your Lewiston State Bank
banking access please contact Customer Service at 1-800-233-6510.
08/30/2011 Email Claiming to Be From the FDIC
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of
fraudulent emails that have the appearance of being from the FDIC.
The emails appear to be sent from a "firstname.lastname@example.org" email address
and have a subject line that read: "FDIC Notification."
The fraudulent emails state that "Your account ACH and Wire transactions have been
temporarily suspended for security reasons due to the expiration of your security
version. To download and install the newest installations read the document (pdf)
attached below. As soon as it is set up, your transaction abilities will be fully
The emails include an attachment named "FDIC_document.zip." The emails and attachments
are fraudulent and were not sent by the FDIC. Recipients should consider the intent
as an attempt to collect personal or confidential information, or to load malicious
software onto end users' computers. Recipients should NOT open the attachment.
01/12/2011 Special Alerts
FDIC Issues Special Alert on Deposit-Insurance Email Scam
The FDIC late yesterday issued a special alert to warn consumers about an e-mail
scam that uses the alleged suspension of consumers' deposit insurance coverage as
a ploy to obtain personal information. The e-mail - - purportedly from the FDIC
- - informs recipients that "in cooperation with the Department of Homeland
Security, federal, state and local governments,- the FDIC has withdrawn deposit
insurance coverage from their account "due to account activity that violates
the Patriot Act."
It then says the deposit insurance coverage will remain suspended until identity
and account information can be verified using a system called "IDVerify."
The FDIC is attempting to identify the e-mails' source and disrupt their transmission,
02/11/2010 Survey Phishing Scam
There have been some reports of a fictitious online survey popping up when visiting
our web site. Please note that the Bank does not currently have an online survey
posted on our web site and that we would never post or send any kind of communication
requesting personal information. This type of phishing scam is very common and is
generally propagated to web users virally (infect personal PCs) or through the same
spy bots that are used to manage pop up advertisements. Please contact Customer Service
at 1-800-233-6510 if you need assistance.
11/12/2009 Malicious email purporting to be from NACHA is currently circulating.
Companies may have received a falsified e-mail with the subject title "Rejected
ACH Transaction." This e-mail appears to be from NACHA – The Electronic Payments
Association telling them that there is a problem with an ACH transaction they have
originated. The e-mail includes a link which redirects the individual to a fake
web page which appears like the NACHA website and contains a link which is almost
certainly executable virus with malware.
IF YOU GET ONE OF THESE EMAILS DO NOT CLICK ON THE LINK! The email carries a potentially
09/11/2009 Fraudulent Cashier's Check Alert
A number of fraudulent cashier's checks have been issued on Lewiston State Bank.
These checks are sent with an "AWARD CLAIM NOTIFICATION" letter. Checks have been
in the amount of $2,870.29 and numbered 856301. If you receive one of these checks
or one similar, please contact the bank.