Scams & Alerts
Smishing? What is it?
CELL PHONES NOT IMMUNE TO FRAUD! NEW SCAM CALLED "SMISHING" USES TEXT MESSAGES!
Fraudsters are now sending text messages to Credit Union and other financial institution members’ wireless devices to lure them into giving personal information. In "smishing", the members receive a text message via cell phone warning that their bank account has been closed due to suspicious activity. It then tells them they need to call a certain phone number to reactivate the account.
Unsuspecting callers who dial the number provided in the text message will be taken to an automated voice mail box that prompts them to key in their credit or debit card number, expiration date and PIN to verify their information.
If you have a question concerning your account or credit/debit card, contact your financial institution directly using their local phone number or the credit/debit card company using the telephone number on the back of your card.
Be suspicious of any e-mail, text message or phone call with urgent requests for personal financial information.
Do not open unsolicited e-mails or text messages. Any e-mail or text message asking the cardholder to call a toll-free number to verify account information should be deleted. Don’t use the links in an e-mail you receive. Never provide personal information or account information based on an e-mail or text request.
When receiving a phone call from someone asking for credit/debit card or personal information, simply hang up and report the incident by contacting the financial institution that issued the card by using the phone number on the back of the card or on a recent statement.
Calls from someone who claims to be from a financial institution and knows your credit/debit card account number – but who wants the three-digit code on the back of the card for whatever reason - should be treated the same way. Hang up and call the card issuer as soon as possible.
Always be suspicious of any phone or e-mail contact that doesn't’t use your first name or surname.
Be wary of any text message received from an unknown sender.
Don’t display your wireless number or e-mail address in public. This includes newsgroups, chat rooms, Web sites or membership directories.
If you open an unwanted message, send a stop or opt out message in response.
Contact your wireless or Internet service provider about unwanted messages.
Essentially, never dial a call return number - or reply to an e-mail - regarding any financial matters.
Please remember that this Credit Union, the NCUA, CUNA, CUNA Mutual, the Co-Op Network, or any other organization pertaining to credit unions, DOES NOT e-mail, text message or telephone our members asking for personal information such as complete social security numbers, account numbers, dates of birth, etc. For that matter, no legitimate company that you do business with solicits this information. THEY ALREADY HAVE IT!
Institutions Requesting Information
Local and national credit union members are being called on their home phones and being asked if they would like to apply for a loan, lower their interest rate on their credit card and being asked other personal information such as Social Security number, birthdate, pin numbers and debit/credit card numbers. Peninsula Federal Credit Union will never call their members requesting any personal information over the phone. NEVER give out your personal information over the phone but if you have please contact the credit union immediately.
New scam: Ransomware locks computers, extorts payment
WASHINGTON (9/21/12)--A new "drive-by" Internet virus known as Reveton ransomware locks computers, carries a fake message and tries to extort money from victims--bogusly claiming it is from the Federal Bureau of Investigation (FBI), according to a report issued by the FBI's Internet Crime Complaint Center (IC3). Credit unions should be aware of the threat.
Unlike many viruses that activate when users open a file or attachment, Reveton can install itself when users simply click on a compromised website. Hence it is describe as a drive-by malware.
Once it is infected, the victim's computer immediately locks, and the monitor displays a screen stating there has been a violation of federal law.
"We're getting inundated with complaints," said Donna Gregory of the FBI Internet IC3.
The phony message goes on to say the user's Internet address was identified by the FBI or the Department of Justice's Computer Crimes and Intellectual Property Section as having been associated with child pornography or illegal online activity.
To unlock their machines, users are required to pay a fine using a prepaid money card service, as part of the central ploy of the scam to extort cash from victims.
IC3 suggests that victims do not pay or provide any personal information, contact a computer professional to remove the virus from their computer, file a complaint with IC3 and look for update about the Reveton virus on the IC3 website.
NACHA & UMACHA FRAUD ALERT
Members have recently received emails from NACHA & UMACHA, which are electronic payment associations. These emails indicate there is an ACH transaction that has been canceled or rejected. There is a transaction report link to click on to open.
DO NOT open any links associated with these emails as they are fraudulent. IMMEDIATELY DELETE the emails
THIEVES TRANSFER DENIAL-OF-SERVICE (DOS) ATTACKS TO PHONES
Denial-of-service (DOS) attacks--Criminals use automated dialing programs and multiple accounts to overwhelm the phone lines of unsuspecting phone owners, said the Federal Bureau of Investigation (FBI). The agency noted that individual consumers and small and medium sized business are especially targeted. While the lines are tied up, the criminals masquerade as the victims and raid their accounts at the credit union or bank as well as their online trading or other money management accounts. Here's how the scam works:
- Weeks or months before the phone calls begin, a criminal uses social engineering tactics or malicious software to mine personal information--such as account numbers and passwords--that a financial institution would keep about the victim. Perhaps the victim responded to a bogus email phishing for information, inadvertently gave out personal information during a phone call or put too much personal information on social networking sites trolled by criminals.
- Using technology, the criminal floods the victim's phone lines, essentially denying the victim the phone service.
- Then the criminal either contacts the financial institution pretending to be the victim or pilfers the victim's online bank accounts via fraudulent transactions. Normally the institution calls to verify the transactions, but the DOS attack means it can't reach the victim over the phone.
- If the criminal can't make the transaction, he may sometimes pose again as the victim and recontact the financial institution, asking for the transaction to clear. Or the criminal adds their own phone number to the victim's accounts and just waits for the bank to call.
- By the time the financial institution or victim realizes what has happened, it's too late.
The FBI urged consumers and businesses to take these precautions:
- Never give personal information to an unsolicited phone caller or via email;
- Change online banking and automated telephone system passwords frequently;
- Check account balances often; and
- Protect computers with the latest virus protection and security software.
Money Transfer Alert
The FTC has a new Consumer Alert: Money transfers can be risky business
It includes info on how to avoid money transfer & telemarketing fraud.
NEVER wire money to:
- someone you don't know in the US or in a foreign country
- someone claiming to be a relative in the midst of a crisis & wants to keep the request secret
- someone who says a money transfer is the ONLY form of payment that's acceptable
- someone who asks you to deposit a check & send some of the money back.
IRS Name Used in Phoney E-mail and Telephone Scams
The Internal Revenue Service has issued an alert warning that the IRS name and logo is being used by fraudsters attempting to access the taxpayer financial information through e-mail, telephone, and cell phone text messaging.
Note: The IRS does not ask for personal identifying or financial information via unsolicited e-mail, telephone calls, or text messaging.
The following scams are being used to trick taxpayers into divulging financial account information for fraudulent purposes:
- Taxpayers receive a phone calls telling them that they are eligible for a sizable rebate for filing their taxes early, and they are told to provide their financial account information for direct deposit.
- Taxpayers receive e-mails that claim they are eligible for a tax refund of a specific amount, and they are instructed to click on the link in the e-mail to access the refund claim form, which requires them to disclose financial account information.
- E-mail notifications addressed to individual taxpayers claim that their tax returns will be audited. The individual is instructed to click on the link within the e-mail and complete forms disclosing personal and financial account information.
- Businesses, accountants, and “Treasury” managers are receiving bogus e-mails regarding tax law changes. To obtain information on publications for businesses, estates taxes, excise taxes, exempt organizations, as well as IRAs and other retirement plans, the recipient is instructed to click on a series of links. The IRS suspects that clicking on these links downloads “malware” onto the recipient’s computer, which can be used to search for financial records and other private information.
- A person claiming to be an IRS employee telephones taxpayers to say the IRS has mailed them a check that has not been cashed. The caller then asks for verification of financial account information.
Loss Prevention Recommendations:
If you receive an unsolicited e-mail purporting to be from the IRS, take the following steps:
- Do not open any attachments to the e-mail; they could contain malicious code that will infect your computer.
- Forward a questionable e-mail claiming to be from the IRS to firstname.lastname@example.org.
- View resources on the online theft resource page at www.irs.gov.
- Contact the IRS at 800-829-1040 to determine whether the IRS is trying to contact you about a tax refund.
- Remember that taxpayers do not have to complete a special form to obtain a refund.
- If you have received this, or a similar hoax, please file a complaint at www.ic3.gov.