Consumer Alerts

Consumer Alerts

Home Depot Data Breach

The large data breach at Home Depot has started to trigger fraudulent transactions. The fraudulent transactions are showing up across the U.S. as criminals use stolen card information to buy prepaid cards, electronics, and even groceries. In some cases, the fraudulent transactions can be tracked to batches of cardholder accounts that are tied to specific ZIP Codes, They said. The original breach For more information on the breach, visit Home Depot’s website. They have a page dedicated to resources on the data breach.



Jimmy John’s Data Breach

Jimmy John’s reported A possible security incident involving credit and debit card data at approximately 216 of their stores on September 24, 2014. The breach is reported to have occurred between June 16, 2014 and September 5, 2014. For more information on the breach and a list of store locations affected, visit the Jimmy John’s website.



Debit Card Telephone Scam

A fraudulent organization is contacting people in our area by phone requesting debit card numbers, PIN numbers and other personal, financial information.

These calls typically give a warning that your debit card will be deactivated if you don’t respond. Sometimes the calls come from a particular bank and sometimes they do not name a bank. In any case, these phone calls are NOT legitimate. These are an attempt to obtain your banking information to commit fraud against you.

If you receive a phone call like this, do NOT provide any information to the caller and hang-up the phone. First Federal Bank of Wisconsin will NEVER contact you to retrieve your account information, debit card numbers, or PINs.



Pervasive IRS Telephone Scam 

The Internal Revenue Service is warning consumers about a sophisticated phone scam targeting taxpayers, including recent immigrants, throughout the country.

Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. If the victim refuses to cooperate, they are then threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting.

“This scam has hit taxpayers in nearly every state in the country. We want to educate taxpayers so they can help protect themselves. Rest assured, we do not and will not ask for credit card numbers over the phone, nor request a pre-paid debit card or wire transfer,” says IRS Acting Commissioner Danny Werfel. “If someone unexpectedly calls claiming to be from the IRS and threatens police arrest, deportation or license revocation if you don’t pay immediately, that is a sign that it really isn’t the IRS calling.” Werfel noted that the first IRS contact with taxpayers on a tax issue is likely to occur via mail



Social Security Scam

The Social Security Administration has issued a warning: Beware of e-mails that look as if they come from the agency and have the subject line “Cost-of-Living for 2007 update.” The body of the e-mail says, “NOTE: We now need you to update your personal information.” The e-mail says Social Security “will be forced to suspend your account indefinitely” if you don’t comply. If you click on the link in the e-mail, you will be taken to a web site designed to look like the SSA’s home page. You will be asked to provide your Social Security number, bank account numbers and credit card account information.

This is “phishing,” an Internet scam in which con artists try to steal your identity, then your money. If you get this e-mail, report it to Social Security at (800) 269-0271. To be safe, don’t even open it. Don’t open any e-mail purporting to be from Social Security. SSA corresponds with recipients only by regular mail and never sends out unsolicited e-mails.


Some Privacy Policies are not Private Enough

There are organizations on the Internet that offer free services such as e-mail or virus scanning. It is important to be aware that some of these companies have privacy policies that allow them to collect and share personal information about your browsing habits. These companies might also collect secure information from you. In addition, related software may be difficult to uninstall, despite your attempts to do so.

FIRST FEDERAL does not share or sell any customer information to third parties. However, it is important for you to be aware that some of the Internet companies that use technologies to intercept secure information will also have complete access to your personal information. When you accept an agreement with these companies, you are also agreeing that they can share your information with third parties.

What you can do:
1. Always read the contract and privacy policy before agreeing to install any software or use an Internet service.
2. When in doubt, do not accept the agreement.
3. Install spyware programs like AdAware to check your computer for software that collects this type of information.
4. Report suspicious organizations to the Federal Trade Commission.
5. Visit the Federal Trade Commission’s identity theft Web site to learn how to minimize your risk of damage from identity theft. Information about FIRST FEDERAL’S Privacy Policy is mailed to our clients annually. In addition, you can read FIRST FEDERAL’S Privacy Policy on our Web site.


“Pharming” is the practice of redirecting Internet domain name requests to false Web sites in order to capture personal information, which may later be used to commit fraud and identity theft. For example, an Internet banking customer, who routinely logs in to his or her online banking Web site, may be redirected to an illegitimate Web instead of accessing his or her bank’s Web Site. FIRST FEDERAL has steps in place to combat the art of “pharming” from happening to you.

Pharming Can Occur In Four Different Ways:

Static domain name spoofing: The “pharmer” (the person or entity committing the fraud) attempts to take advantage of slight misspellings in domain names to trick users into inadvertently visiting the pharmer’s Web site. For example, a pharmer may redirect a user to instead of, the site the user intented to access.

Malicious software (Malware): Viruses and “Trojans” (latent malicious code or devices that secretly capture data) on a consumer’s personal computer may intercept the user’s request to visit a particular site such as , and redirect the user to the site that the pharmer has set up.

Domain hijacking: A hacker may steal or hijack a company’s legitimate Web site, allowing the hacker to redirect all legitimate traffic to an illegitimate site. Domain names generally can be hijacked in two ways:

  • Domain slamming:

By submitting domain transfer requests, a domain is switched from one registrar to another. The account holder at the new registrar can alter routing instructions to point to a different, illegitimate server.

  • Domain expiration:

Domain names are leased for fixed periods. Failure to manage the leasing process properly could result in a legitimate ownership transfer. In this instance, trade name laws usually must be invoked to recover lost domains.

DNS poisoning: The most dangerous instance of pharming may be domain name server (DNS) poisoning. Domain name servers are similiar to Internet road map guides. When an individual enters into his or her browser, Domain Name Servers on the Internet translate the phrase into an Internet protocol (IP) address, which provides routing directions. After the DNS server provides this address information, the user’s connection request is routed to Local DNS servers can’t be “poisoned” to send users to a web site other than the one that was requested. This poisoning can occur as a result of misconfiguration, network vulnerabilities or malware installed on the server.

There are 13 root DNS servers for the entire Internet, which are closely protected and controlled. Most requests are directed by the local DNS server before they reach a root DNS server. However, if a hacker were to penetrate one or moreof these root servers, the Internet could be severely compromised.

Detection and Prevention

Consumers can take these steps to prevent pharming attacks:

  • Digital certificates:

Legitimate Web servers can differentiate themselves from illegitimate sites by using digital certificates. Web sites using certificate authentication are more difficult to spoof. Consumers can use the certificate as a tool to determine whether a site is trustworthy.

  • Education:

FIRST FEDERAL recommends Internet banking customers install current versions of virus detection software, firewalls and spyware scanning tools to reduce computer infections, and should stress the importance of regularly updating these tools to combat new threats.
If suspect you have been a victim of pharming, please contact FIRST FEDERAL Web Technical Support Services at 262-542-4448 as soon as possible.

Don’t Get Hooked by Phishing Scams

If you find a request for personal information in your inbox, you may think it’s safe to click and comply, especially if the e-mail displays a familiar logo and convincing words and graphics. Better think again. Chances are this seemingly authentic message camouflages a “phishing” excursion angling to hook your identity.

Phishing, also called “carding” or “brand spoofing,” is a serious Internet scam that trolls for your personal data by luring you to a replica of a well-known website. (The “ph” is a carryover from so-called “phone phreaking” attacks on the early 1970’s telephone systems.)

The high-tech swindle begins with an unsolicited, but official-looking, e-mail that frequently uses scare tactics to reel in a reponse. It may, for example, threaten to close your bank account inless you verify some of your information. The e-mail will likely include a link that’s a dead ringer for your bank’s website address. But click that link and enter a password or account number, and you could be giving an Internet swindler free rein to your life savings.

How FIRST FEDERAL Protects You

At FIRST FEDERAL, we’re aware of such scams, and because your privacy and account security are important to us, we maintain strict safeguards to help keep your data out of the phishing nets. You should know that FIRST FEDERAL does not:

  • Send any e-mail that asks for your personal account information.
  • Ask for your password in an e-mail or request it via the phone or U.S. mail.
  • E-mail sensitive information to you.
  • Make any address or account changes without mailing a confirmation of your request. If you receive a notice about a change you did not initiate, contact FIRST FEDERAL right away.
  • Display a pop-up warning or pop-up security alert when you log on if you’ve kept your Web browser up to date. If you do encounter a log-on caution message, click “No” and call FIRST FEDERAL Web Technical Support Services at (262) 542-4448. Please note: A security alert could indicate that either the date on your computer is incorrect or you are using an older version of the Microsoft Internet Explorer browser.

How You can Protect Yourself

While FIRST FEDERAL does its best to protect you, you also share responsibilty for maintaining secure account information. The following precautions will help you outsmart the phishing scam:

  • To access FIRST FEDERAL’S website, type our address ( in the Web browser address field, and bookmark it. Always use this bookmark to enter our site.
  • Before submitting your access id and password, make sure your browser displays the FIRST FEDERAL website.
  • Log off the website when you complete a transaction, and close your browser. This will help prevent anyone else from accessing your account.
  • Be wary of any e-mail declaring your account in jeopardy or asking for personal information. Don’t reply to the e-mail, click any links in the e-mail, or open any attachments. Report these incidents to FIRST FEDERAL immediately, using an address or phone number you know to be accurate.
  • Make sure your Web browser is up to date. (Windows users can go to Windows Update to stay current)
  • Choose a password that includes both letters and numbers. Avoid predictable words or dates, and change the password often.
  • Never share your password or user name. And never store them on a computer.
  • Be vigilant. Review your account regularly, and report and discrepancies.
  • Deleting a suspicious e-mail with its look-alike links, accessing a site via an address you type in, and keeping your system up to date may be the best ways to prevent an Internet phisher from landing another big catch. For more information about identity theft, visit the Federal Trade Commission’s website.