We have been notified that there is a widespread phishing attack telling Merchant Service customer recipients that their merchant ID has been locked. The phishing attacks have been by email (see sample email below) as well as through unsolicited telephone calls. Unsolicited email containing errors should always raise a red flag, especially if combined with a call to action, such as calling a toll-free number or clicking on a link.
If you receive an email similar to the one below, immediately delete it from your inbox and deleted items folder. Do not open any attachments. No further action is required on your part. These emails are not coming from Heartland Bank and Trust Company or First Data Merchant Services.
If you are a merchant customer who called a fraudulent toll-free number in response to an email or phone call and gave your merchant ID, please call the customer care center number on your statement (1-877-273-8191) so that First Data can help you monitor for fraudulent activity on your account.
First Data is constantly monitoring for these types of emails and phone calls, and they are working with law enforcement officials to take down these phishing sites and to pursue these criminals. If you receive emails or unsolicited phone calls in the future that you suspect are phishing, please let First Data know at email@example.com. Phishing attempts may also be reported to your local Heartland Bank office or the FDIC at firstname.lastname@example.org.
Below is a copy of the current phishing email message. Note indicators that this is a phishing scam email are underlined.
From: FirstData [mailto:email@example.com]
Sent: Monday, February 10, 2014 9:58 AM
We regret to inform you that your merchant account has been locked. (no specific account number provided)
To continue using our services please call our tool free number XXXXXXXXX and update your information. (misspelling and no specific merchant services listed)
Please be ready with your Merchant ID and Terminal ID number. (no description of process to unlock account)