UPDATE: Monday Dec 22, 2008
Many people are now receiving emails or "snail mail" letters warning them about a bill pay security breach. This is not a scam: it concerns a
legitimate security breach that happened
the morning of December 2nd (see full story below).
At first, it appeared that only customers of Check Free who used
CheckFree.com as their online bill payment system were affected. But now it appears
customers of several major banks may be affected as well.
Why? It turns out some banks use CheckFree to handle their online bill payment systems. While you think your bank is paying your Credit Card directly, the payment actually routes through CheckFree.
So if you receive an email or US Mail letter like the one below, take it seriously.
______________________
Original ReportAnother security breach to tell you about tonight...And this one could affect thousands of people who pay their bills online. It concerns one of the most popular online bill pay services:
CheckFree.Check Free customers are receiving emails warning them about a breach that took place the morning of December 2nd. Viewers are asking me of the e-mail is legitimate.... or is just another scam. This one, I'm sorry to say, is legitimate.
CheckFree says anyone who accessed the system to pay bills Tuesday morning December 2nd could be a victim. Your password may have been compromised.
What happened? A hacker apparently changed the web address of Check Free's login page, directing it to a bogus copycat website in the Ukraine, according to the Washington Post.
If you receive the e-mail, read it and follow the instructions, though remember that you are affected only if you paid bills December 2nd.
For more details, click the link above.
Email:
You are receiving this message because you are a subscriber to online bill payment services through CheckFree or through a provider who contracts with CheckFree for these services. This message is sent on behalf of CheckFree by Silverpop Systems.
December 10, 2008
We take great care to keep your personal information secure. As part of these ongoing efforts, we are notifying you that the computer you use for online bill payment may have been exposed to software that puts the security of your computer's contents at risk. This letter will help you determine if your computer is actually infected and advise you how to fix the problem and protect yourself against future risk.
The malicious software affects some but not all customers who accessed online bill payment on Tuesday, December 2, 2008. For a limited period of time, some customers were redirected from the authentic bill payment service to another site that may ha ve installed malicious software. Your computer may be infected if all of the following are true:
- You attempted to access online bill payment between 12:30 a.m. and 10:10 a.m. Eastern time (GMT -5) on Tuesday, December 2, 2008, and
- You were using a computer with the Windows operating system, and
- You reached a blank screen rather than the usual bill payment screen when you attempted to navigate to online bill payment, and
- After reaching the blank screen, your computer's virus protection program did not tell you via pop-up or other messaging that malicious software was detected and quarantined.
If all four of the conditions above are true, your computer may be infected. We have partnered with McAfee®, the world's largest dedicated security technology company, to provide you with a complimentary copy of its VirusScan® Plus software which, when installed, will detect, block and remove any malicious software from your computer hard drive. Please contact us at 877-800-4864 for further instructions or 800-564-9184 (Option 1) for further instructions. We will also offer you both advice and free services that can help you mitigate any risk you may face as a result of this incident or other everyday exposures you may encounter.
CheckFree will never ask for your password via email or via phone. If you ever re ceive an email requesting your password, do not respond and delete the email immediately.
We value your business and your trust, and we apologize for any inconvenience this incident has caused.
Art D'Angelo
Vice President, CheckFree Customer
