March 20 – Beware of Spam! Bogus Emails Sent to Postal Customers
U.S. Postal Inspection Service Crime Alert: Some postal customers are receiving bogus emails about a package delivery or online postage charges. The emails contain a link or attachment that, when opened, installs a malicious virus that can steal personal information from your PC.
The emails claim to be from the U.S. Postal Service and contain fraudulent information about an attempted or intercepted package delivery or online postage charges. You are instructed to click on a link, open the attachment, or print the label.
But Postal Inspectors warn: Don’t do it!
Like most viruses sent by email, clicking on the link or opening the attachment will activate a virus that can steal information, such as your user name, password, and financial account information.
What to do? Simply delete the message without taking any further action. The Postal Inspection Service is working hard to resolve the issue and shut down the malicious program.
If you have questions about a delivery or wish to report postal-related spam, please call 1-800-ASK-USPS or email spam at uspis.gov.
RECENT SECURITY ARTICLES, TIPS AND HOW TOs
Check Deposits – Know your checks
Whether you use AnytimeDeposit, an ATM or make a deposit transaction at your local branch, know that you are ALWAYS responsible for the personal or business/payroll checks deposited into your account. It doesn’t matter who the check is from, if you were duped by a “fraudster” or the check hold is no longer on the item. If the item was deposited into your account by you, a joint owner or a complete stranger….you and any of the account owners are responsible if and when any check is returned.
Safeguards for check deposits include properly endorsing the item and knowing who you received the check from and why.
NCUA Says Lookout for Fake Checks
Be on the lookout for fake checks. They may look legitimate, but can be easily faked. Don’t be pressured into wiring or sending money after depositing a check. If you send money to a scammer, the funds may be impossible to recover. You may be responsible for repaying the funds if you deposit a fake check and withdraw money, even if you were scammed. Fraud Prevention Center
NCUA Fraud Prevention Center
Consumers now have an information resource to help learn about and protect themselves against fraud with the National Credit Union Administration’s Fraud Prevention Center.
5 Tips for Protecting Your Checking Account
A nice brief article from the Federal Reserve Board. Read the article
‘ZipperDown’ Flaw Might Expose Up To 100 Million Apple iPhones – 6/7/18. Apple iPhone users take note: A vulnerability that might affect tens of millions of users leaves devices open to dangerous attacks, China-based researchers have warned. The flaw, dubbed ZipperDown, resides in 15,978 iOS apps that have been downloaded 100 million times, according to famous iPhone jailbreakers Pangu Team. Read more
Half of phishing sites trick you into thinking they’re ‘secure’ – 11/27/18
You can’t assume that a site is honest because it has that “secure” padlock in the address bar, and PhishLabs just illustrated why. The anti-phishing company has determined that 49 percent of all known phishing sites used Secure Sockets Layer protection (and thus displayed the padlock) as of the third quarter of 2018. Read more about this from Engadget.com.
Call forwarding phishing attacks
Be on the lookout for Call Forwarding phishing attacks. How it works: the fraudster calls a person and asks him/her to activate their credit card. Then they ask you to call a phone number to activate the card. The phone number contains *72 which activates call forwarding, giving them control of the person’s phone number allowing international calls, etc. NEVER give out your personal information to anyone calling you and when it doubt, hang up and call them using official corporate phone numbers.
Avoid tech support phone scams
Cybercriminals don’t just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. Read what you need to know and how to protect yourself. Read what you need to know and how to protect yourself.
Phishing scam targets taxpayers who use tax software
The growing popularity of tax preparation software has led to a rise in e-mail scams targeted at do-it-yourself taxpayers. Read the article.
October 11, 2018 – Inspector General Warns Public About OIG Impersonation Schemes
The Acting Inspector General of Social Security, Gale Stallworth Stone, is warning citizens about an ongoing Office of the Inspector General (OIG) impersonation scheme. The OIG has recently received reports from citizens about suspicious phone calls claiming to be from the Acting Inspector General. Read more from the Social Security Administration site.
April 24, 2018 – Be wary of home warranty scams
Home warranty scams are common, but if you get one in the mail and you’ve never had one, don’t be fooled. These mail pieces seem very serious and claim to be time sensitive. They may even reference your loan from your financial institution. Why do they have that information? Because it’s public information at the court house.
Bottom line…throw them in the trash.
April 3, 2018 – Combat Mobile Phone Port-Out Scams
The CUNA Mutual Group reports that fraudsters are impersonating mobile phone users to have phones transferred to a different carrier – effectively stealing the users’ mobile phone number. This is being coined as a port-out scam. Once transferred to a different carrier, the fraudster receives all calls and texts that were intended for the user – including those that can be used to takeover a member’s account via online banking. Fraudsters have successfully intercepted one-time passcodes used to authenticate members logging into their account or to initiate transactions within online banking.
This scam could also result in fraudulent transactions using credit and debit cards. A fraudster, who has ported a cardholder’s mobile phone to a new carrier, could use a counterfeit or stolen credit or debit card belonging to the cardholder to conduct fraudulent transactions.
Major mobile phone carriers, such as T-Mobile and AT&T, are recommending to their customers to place a “port validation password” on their accounts. If a user wishes to port their mobile phone to a different carrier, the new carrier would have to provide the “port validation password” to the existing carrier before the switch can take place.
The information above are excerpts from CUNA Mutual Group’s risk alerts based on their experience in the credit union, insurance, and risk management marketplace. It is intended to be used only as a guide, not as legal advice. Any examples provided have been simplified to give you an overview of the importance of selecting appropriate coverage limits, insuring-to-value, and implementing loss prevention techniques. No coverage is provided by this resource, nor does it replace any provisions of any insurance policy or bond.
March 12, 2018 – Watch out for tax scams
They’re at it again… tax scammers scheming new ways to steal personal information and money.
In the first scenario, identity thieves file a fake tax return and have the refund deposited into your bank account. The thieves then contact you, often by phone, and — posing as the IRS or debt collectors for the IRS — demand you return the money to the IRS. But following the thieves’ instructions actually sends the money to them.
In another version, after you get that erroneous refund, you get an automated call, allegedly from the IRS, threatening you with criminal fraud charges, an arrest warrant, and “blacklisting” of your Social Security number. The caller gives you a case number and a telephone number to call to return the refund.
March 7, 2018 – Tax-related identity theft still a concern
Even though reports of tax-related identity theft have declined markedly in recent years, the Internal Revenue Service warns that this practice is still widespread and remains a serious threat. The IRS reminds everyone should:
- Always use security software with firewall and anti-virus protections. Make sure the security software is always turned on and can automatically update. Encrypt sensitive files such as tax records stored on the computer. Use strong passwords.
- Learn to recognize and avoid phishing emails, threatening phone calls and texts from thieves posing as legitimate organizations such as banks, credit card companies and government organizations, including the IRS. Do not click on links or download attachments from unknown or suspicious emails.
- Protect personal data. Don’t routinely carry a Social Security card, and make sure tax records are secure. Treat personal information like cash; don’t leave it lying around.
To read the full article, visit the IRS Newsroom article here.
Online Tools and Tips
Password Checkup by Google – recently released a new tool called Password Checkup that will alert you when you need to change your password because it might have been stolen by a third party. It’s an extension (plug-in) that you install in the Chrome browser. Once it’s installed, it will let you know if you need to change your account password. Read more from Google including the new Cross Account Protection for apps that have Google Sign In. (February 2019)Why you should NEVER share PINs and Banking Credentials
One of the most frequent scenarios we hear in our Risk Management Department is account fraud when members share their FMFCU Debit/Credit Card PINs, card numbers, logins and online/mobile banking passwords. Whether a friend, family member or stranger…this information should NEVER be shared!Sometimes it seems like sharing is a logical thing to do in certain situations. But we’d like to remind you that your cards, PINs and banking credentials belong to you and you only! If you share it with someone else, YOU are responsible.
The Federal Trade Commission has a comprehensive online library related to securing your information. Read more here at FTC.gov.(February 2019)