Security Alerts, Articles, Tips, and How Tos
May 27, 2020 – Recognize and Avoid COVID-19 Unemployment Compensation Scams
The scammers behind the PUA fraud appear to be using Social Security numbers and other personally identifiable information to apply for and receive PUA benefits. In many situations, the victims are unaware that their personal information has been compromised.
In general, take these steps to protect yourself against unemployment scams:
- Never give out your personal information over email or text message.
- Don’t wire money, and always ignore the following requests:
- Communications related to your UC benefits from someone asking for money;
- Someone who says they can help you file for your benefits for a fee; and
- Anyone claiming to work for L&I who says they need a fee to complete your application.
- Don’t open or respond to unsolicited emails or text messages.
Get more information from the Office of Employment Compensation.
May 20, 2020 – COVID-19 contact tracing text message scams
You may have heard recently about contact tracing. It’s the process of identifying people who have come in contact with someone who has tested positive for COVID-19, instructing them to quarantine and monitoring their symptoms daily. But scammers, pretending to be contact tracers and taking advantage of how the process works, and are sending fradulent text messages. But theirs are spam text messages that ask you to click a link. Don’t take the bait. Clicking on the link will download software onto your device, giving scammers access to your personal and financial information. Ignore and delete these scam messages. For detailed information on this scam and how it works, read the FTC’s alert here.
May 12, 2020 – Be on alert for sophisticated social engineering scams
Please be on the lookout for fraudulent texts appearing to be from your financial institution. Here’s how the scam works:
- Fraudsters send account alerts to members via text message – appearing to come from the credit union – warning them of suspicious debit card activity.
- For those members who respond to the text, the fraudsters call the members spoofing the credit union’s phone number and claim they are in the credit union’s fraud department and calling to verify suspicious transactions.
- To verify the member’s identity, the fraudster explains a passcode will be sent via text message and the member must provide the passcode over the phone.
- The fraudsters attempts a transaction that triggers a 2-step authentication passcode, such as using the “forgot password” feature or initiating a P2P transaction. The passcode is sent via text / email to the member who, in turn, provides it to the fraudster.
- The fraudsters immediately use the passcode to login to the member’s accounts and use the P2P feature to transfer funds.
If you ever have any doubt about ANY notices via email or text that appear to be from your financial insitution, give them a call first to verify the communication!
April 21, 2020 – Coronavirus stimulus payment scams: What you need to know (Latest Consumer Alert from the FTC)
From the FTC: We know there’s been a flood of information and updates about the government’s economic impact payments, or so-called stimulus checks, lately. But quickly and safely moving massive amounts of money into the hands of those who need it is a big job with a lot of moving parts. We also know that the more you know about the process, the less likely you’re going to be tripped up by calls, text messages, or emails from scammers trying to steal your money or personal information. Here’s what you need to know about the stimulus payments and how to avoid scams related to these payments. Read more.
April 6, 2020 – Protect Your Wallet—and Your Health—from Pandemic Scammers
FBI Exec Discusses COVID-19-Related Schemes – Read about these fraudsters’ tricks from the FBI.
April 6, 2020 – FBI Warns of Money Mule Schemes Exploiting the COVID-19 Pandemic
Fraudsters are taking advantage of the uncertainty and fear surrounding the COVID-19 pandemic to steal your money, access your personal and financial information, and use you as a money mule. Acting as a money mule—allowing others to use your bank account, or conducting financial transactions on behalf of others—not only jeopardizes your financial security and compromises your personally identifiable information, but is also a crime. Protect yourself by refusing to send or receive money on behalf of individuals and businesses for which you are not personally and professionally responsible. Get more information from the FBI here.
April 2, 2020 – Coronavirus Stimulus Scams Surface Targeting Members
The Better Business Bureau (BBB) reports fraudsters have deployed a variety of scams involving Coronavirus stimulus checks. Be aware of and watch out for these text message, social media post/messages or phone call scams:
- A Facebook post informing seniors of a special grant to help pay medical bills. The link within the post takes them to a website claiming to be a government agency called “U.S. Emergency Grants Federation” and asks for a social security number.
- Phone calls in which fraudsters claim the person qualifies for a $1,000 to $14,000 Coronoavirus stimulus payment; however, they must first pay a processing fee.
- Fraudsters may also attempt to scam you into providing your account number so they can deposit the stimulus payment into the account.
BE AWARE THAT CORONAVIRUS SCAMS ARE HAPPENING. NEVER GIVE OUT ANY PERSONAL INFORMATION. AND PLEASE BE AWARE OF FRAUDULENT TEXTS CLAIMING THEY ARE FROM FMFCU. CURRENTLY, FMFCU DOES NOT TEXT MESSAGE.
RECENT SECURITY ARTICLES, TIPS AND HOW TOs
BE AWARE OF A GROWING FRAUD TREND using a text and a phone call (Smishing)
Using a combination of a text and a phone call, scammers are tricking people into giving up personal banking information so they can log into their online banking accounts. This rapidly growing scam uses a text sent by fraudsters that says it is a “fraud alert.” The text asks the user if they made a specific transaction (which is fake) and to reply “Yes or No.”
Once the person confirms the transaction is not valid by replying “No”, the imposter proceeds with a phone call claiming to be from the “Fraud Department” or their financial institution’s “Security Officer.” The phone number is sometimes spoofed to appear that it’s from the user’s financial institution.
The fraudster then “verifies” the person by asking them to provide their banking Login ID, the Secure Access Code (SAC) which is obtained from doing a “forgot password”, and debit card/pin information. The fraudster then turns around to complete a P2P transfer to their own accounts.
Please be aware of this possible scam and DO NOT provide ANY personal information, including your Login ID and Secure Access Code (SAC). FMFCU would NEVER ask for your SAC
FDIC – Beware of Fake Checks
Protect yourself from fake check scams with these tips from FDIC Consumer News
Even in today’s digital and mobile world where electronic money transfers are common, consumers and businesses may still prefer the assumed security of paper cashier’s checks or official bank checks for large or major payments. Read the full article at FDIC.gov.
Be aware for Money Mules.
A money mule is someone who transfers illegally acquired money on behalf of or at the direction of another. Criminals recruit mules to move money electronically through bank accounts, in person, or through a variety of other methods. Once received, the mule will wire the money into a third party bank account; “cash out” the money received, possibly via several cashier’s checks; convert the money into a virtual currency; or conduct a combination of these actions. Money mules are inherently dangerous, as they are added layers to the money trail from a victim to a criminal actor. A more detailed explanation is described on the Federal Trade Commission’s web site here.
Read the entire article on the FBI’s web site and learn what you can do to prevent yourself from falling victim to this scam.
Check Deposits – Know your checks
Whether you use AnytimeDeposit, an ATM or make a deposit transaction at your local branch, know that you are ALWAYS responsible for the personal or business/payroll checks deposited into your account. It doesn’t matter who the check is from, if you were duped by a “fraudster” or the check hold is no longer on the item. If the item was deposited into your account by you, a joint owner or a complete stranger….you and any of the account owners are responsible if and when any check is returned.
Safeguards for check deposits include properly endorsing the item and knowing who you received the check from and why.
NCUA Fraud Prevention Center
Consumers now have an information resource to help learn about and protect themselves against fraud with the National Credit Union Administration’s Fraud Prevention Center.
5 Tips for Protecting Your Checking Account
A nice brief article from the Federal Reserve Board. Read the article
July 22, 2019 – Equifax Announces Comprehensive Consumer Settlement Arising From 2017 Cybersecurity Incident
In September of 2017, Equifax announced it experienced a data breach, which impacted the personal information of approximately 147 million people. A federal court is considering a proposed class action settlement submitted on July 22, 2019, that, if approved by the Court, would resolve lawsuits brought by consumers after the data breach. Equifax denies any wrongdoing, and no judgment or finding of wrongdoing has been made.
If approved, if you qualify, you could get some of the following benefits:
- Free Credit Monitoring or $125 Cash Payment
- Other Cash Payments.
- Free Identity Restoration Services
April 4, 2019 – FILING YOUR TAXES? WATCH OUT FOR PHISHING SCAMS
THE INTERNAL REVENUE Service has warned taxpayers for years to be wary of online phishing, where criminals impersonate the agency using fake emails, text messages, or websites in order to steal your personal information. Read more from Wired.com.
November 27, 2018 – Half of phishing sites trick you into thinking they’re ‘secure’
You can’t assume that a site is honest because it has that “secure” padlock in the address bar, and PhishLabs just illustrated why. The anti-phishing company has determined that 49 percent of all known phishing sites used Secure Sockets Layer protection (and thus displayed the padlock) as of the third quarter of 2018. Read more about this from Engadget.com.
Call forwarding phishing attacks
Be on the lookout for Call Forwarding phishing attacks. How it works: the fraudster calls a person and asks him/her to activate their credit card. Then they ask you to call a phone number to activate the card. The phone number contains *72 which activates call forwarding, giving them control of the person’s phone number allowing international calls, etc. NEVER give out your personal information to anyone calling you and when it doubt, hang up and call them using official corporate phone numbers.
Avoid tech support phone scams
Cybercriminals don’t just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. Read what you need to know and how to protect yourself. Read what you need to know and how to protect yourself.
Phishing scam targets taxpayers who use tax software
The growing popularity of tax preparation software has led to a rise in e-mail scams targeted at do-it-yourself taxpayers. Read the article.
September 24, 2019 – Avoiding online car buying scams
We’ve had reports from members that auto scams are back on the rise. The following is an older article from the National Consumer League, but is very relevant today. The post explains the scam, informs you what to look for, and how to avoid them. A must-read! View the article here.
May 6, 2019 – Get a one-ring call? Don’t call back.
You could be a potential victim of the growing “one-ring” cell phone scam.
Here’s how it works: Scammers are using auto-dialers to call cell phone numbers across the country. Scammers let the phone ring once — just enough for a missed call message to pop up.
The scammers hope you’ll call back, either because you believe a legitimate call was cut off, or you will be curious about who called. If you do, chances are you’ll hear something like, “Hello. You’ve reached the operator, please hold.” All the while, you’re getting slammed with some hefty charges — a per-minute charge on top of an international rate. The calls are from phone numbers with three-digit area codes that look like they’re from inside the U.S., but actually are associated with international phone numbers — often in the Caribbean. The area codes include: 268, 284, 473, 664, 649, 767, 809, 829, 849 and 876.
If you get one of these call:
- Don’t call back
- Report the robocall to the FTC at donotcall.gov and to the FCC at fcc.gov/complaints
- Always check your phone bill for suspicious or unusual charges
*Articles courtesy of the Federal Trade Commission.
April 29, 2019 – How to stop scammers from stealing your phone number
Smart speakers add a level of convenience to daily life, but there are also some privacy issues associated with using them. We’ve seen reports of everything from Amazon workers listening to your Alexa conversations and having access to your home address to the future possibility of Google Assistant learning to read your moodbased on the tone of your voice. If you’re really, really concerned about privacy, you should probably steer clear of these devices altogether.
But there are some steps you can take right now to get a better handle on your privacy options. For Amazon smart speakers, the focus of this particular post, it all begins in the Alexa app. Read the full article.
April 12, 2019 – Social Security Administration (SSA) imposters top IRS in consumer loss reports
Have you gotten calls about supposed problems with your Social Security number from callers pretending they’re with the Social Security Administration (SSA)? If so, you’re not alone.
They often use robocalls to reach you, then launch into a story aimed at tricking you into giving them your money, your Social Security number (SSN), or both. They may say your SSN has been suspended and you need to confirm your SSN to reactivate it. Or, they may say your SSN has been involved in a crime and your bank account is about to be seized or frozen, but you can protect your money if you put it on a gift card and give them the code. Never do that – your money will disappear.
If you get one of these calls, remember – the real SSA will never contact you out of the blue or tell you to put money on a gift card or, for that matter, visit a Bitcoin ATM, or wire money. Read the full article from the FTC web site here.
April 10, 2019 – Puppy Scams: How to Protect Yourself from Fake Online Pet Sellers
If you are looking for a pet to add to your family, be on the lookout for scams. As more consumers turn to the internet to find new pets, more scams are popping up online. Experts say a shocking 80% of sponsored advertisements about pets may be fake. The BBB International Investigations Initiative conducted an extensive study of online puppy scams and also provides tips for avoiding puppy scams. Read the article from the Better Business Bureau.
April 4, 2019 – How to stop scammers from stealing your phone number
Sorry to be the bearer of bad tidings, but there’s one more security threat to worry about: your phone number. If a hacker gets hold of it, you could be facing some serious personal privacy issues.
Cnet can recommend ways to help you identify scams that lure you to give up your details, and have tips to help keep your phone number safe. Read the Cnet article here.
Online Tools and Tips
February 2019 – Password Checkup by Google – recently released a new tool called Password Checkup that will alert you when you need to change your password because it might have been stolen by a third party. It’s an extension (plug-in) that you install in the Chrome browser. Once it’s installed, it will let you know if you need to change your account password. Read more from Google including the new Cross Account Protection for apps that have Google Sign In.February 2019 – Why you should NEVER share PINs and Banking Credentials
One of the most frequent scenarios we hear in our Risk Management Department is account fraud when members share their FMFCU Debit/Credit Card PINs, card numbers, logins and online/mobile banking passwords. Whether a friend, family member or stranger…this information should NEVER be shared!Sometimes it seems like sharing is a logical thing to do in certain situations. But we’d like to remind you that your cards, PINs and banking credentials belong to you and you only! If you share it with someone else, YOU are responsible.
The Federal Trade Commission has a comprehensive online library related to securing your information. Read more here at FTC.gov.