Menu
Related Links Report a Phishing Attempt

Report a Phishing Attempt

Email Us

Security Alerts, Articles, Tips, and How Tos

CURRENT ALERTS

 

October 23, 2020 – Receive a call saying you overpaid your utility bill? That’s probably a scam!

If you get a robocall saying you paid too much on a utility bill, then it could be a scam. They’ll usually say you’ll get a cash refund, but utility companies typically don’t give cash refunds. That’s your first sign it’s fraud.

Get the details from the FTC

September 29, 2020 – Employment scams target college students

Many college students are on the lookout for flexible, part-time employment to help cover their school expenses. Now, with the COVID-19 pandemic and many other people out of work, finding a job may be even more difficult and may create more pressure to find work quickly. If this situation describes you or a student in your life, watch out for scams.

Read the article from the Better Business Bureau

August 7, 2020 – How to Spot, Avoid and Report Tech Support Scams 

Tech support scammers want you to believe you have a serious problem with your computer, like a virus. They want you to pay for tech support services you don’t need, to fix a problem that doesn’t exist. They often ask you to pay by wiring money, putting money on a gift card, prepaid card or cash reload card, or using a money transfer app because they know those types of payments can be hard to reverse*. Quick tips:

  • DO NOT RESPOND TO OUT OF THE BLUE TECH SUPPORT CALLS
  • DO NOT CLICK ON ADS IN SEARCH RESULTS IF LOOKING FOR TECH SUPPORT
  • DO NOT CLICK ON POP-UP WARNINGS ABOUT THREATS BEING DETECTED ON YOUR PC (unless it’s from your own anti-virus software)

The FTC has provided an article summarizing this problem, how to detect these scammers, what to do if your PC has an issue, and what to do if you were scammed.

Read the FTC Article

 

*Federal Trade Commission: How to Spot, Avoid and Report Tech Support Scams

July 21, 2020 – Beware of Money Mule Scams, especially during the pandemic – Learn more below

 

Scammers may try to use you to move stolen money. If you help them, you could be what law enforcement calls a money mule. Scammers send money to you, sometimes by check, then ask you to send (some of) it to someone else. They often want you to use gift cards or wire transfers. Of course, they don’t tell you the money is stolen and they’re lying about the reason to send it. And there never was a relationship, job, or prize. Only a scam.

 

Signs You May Be Acting as a Money Mule*

  • You receive an unsolicited email or contact over social media promising easy money for little to no effort.
  • The “employer” you communicate with uses web-based email (such as Gmail, Yahoo, Hotmail, or Outlook).
  • You are asked to open up a bank account in your own name or in the name of a company you form to receive and transfer money.
  • As an employee, you are asked to receive funds in your bank account and then “process funds” or “transfer funds” via a wire transfer, ACH, mail, or money service business (such as Western Union or MoneyGram).
  • You are allowed to keep a portion of the money you transfer.
  • Your duties have no specific job description.
  • Your online companion, whom you have never met in person, asks you to receive money and then forward the funds to an individual you do not know.

How to Protect Yourself

  • Do not accept any job offers that ask you to use your own bank account to transfer their money. A legitimate company will not ask you to do this.
  • Be wary when an employer asks you to form a company to open up a new bank account.
  • Never give your financial details to someone you don’t know and trust, especially if you met them online.
  • Be wary when job advertisements are poorly written with grammatical errors and spelling mistakes.
  • Be suspicious when the individual you met on a dating website wants to use your bank account for receiving and forwarding money.
  • Perform online searches to check the information from any solicitation emails and contacts.
  • Ask the employer, “Can you send a copy of the license/permit to conduct business in my county or state?”

How to Respond

  • If you have received solicitations of this type, do not respond to them and do not click on any links they contain. Inform your local police or the FBI.
  • If you believe that you are participating in a money mule scheme, stop transferring money immediately and notify your bank, the service you used to conduct the transaction, and law enforcement.

*December 17, 2018 – Don’t Be a Mule – FBI Joins International Campaign to Stop Money Mules

 

MORE CURRENT ALERTS

  • May 27, 2020 – Recognize and Avoid COVID-19 Unemployment Compensation Scams

    The scammers behind the PUA fraud appear to be using Social Security numbers and other personally identifiable information to apply for and receive PUA benefits. In many situations, the victims are unaware that their personal information has been compromised.

     

    In general, take these steps to protect yourself against unemployment scams:

    • Never give out your personal information over email or text message.
    • Don’t wire money, and always ignore the following requests:
    • Communications related to your UC benefits from someone asking for money;
    • Someone who says they can help you file for your benefits for a fee; and
    • Anyone claiming to work for L&I who says they need a fee to complete your application.
    • Don’t open or respond to unsolicited emails or text messages.

     

    Get more information from the Office of Employment Compensation.

  • May 20, 2020 – COVID-19 contact tracing text message scams

    You may have heard recently about contact tracing. It’s the process of identifying people who have come in contact with someone who has tested positive for COVID-19, instructing them to quarantine and monitoring their symptoms daily. But scammers, pretending to be contact tracers and taking advantage of how the process works, and are sending fradulent text messages. But theirs are spam text messages that ask you to click a link. Don’t take the bait. Clicking on the link will download software onto your device, giving scammers access to your personal and financial information. Ignore and delete these scam messages. For detailed information on this scam and how it works, read the FTC’s alert here.

  • May 12, 2020 – Be on alert for sophisticated social engineering scams

    Please be on the lookout for fraudulent texts appearing to be from your financial institution. Here’s how the scam works:

    • Fraudsters send account alerts to members via text message – appearing to come from the credit union – warning them of suspicious debit card activity.
    • For those members who respond to the text, the fraudsters call the members spoofing the credit union’s phone number and claim they are in the credit union’s fraud department and calling to verify suspicious transactions.
    • To verify the member’s identity, the fraudster explains a passcode will be sent via text message and the member must provide the passcode over the phone.
    • The fraudsters attempts a transaction that triggers a 2-step authentication passcode, such as using the “forgot password” feature or initiating a P2P transaction. The passcode is sent via text / email to the member who, in turn, provides it to the fraudster.
    • The fraudsters immediately use the passcode to login to the member’s accounts and use the P2P feature to transfer funds.

    If you ever have any doubt about ANY notices via email or text that appear to be from your financial institution, give them a call first to verify the communication!

 

RECENT SECURITY ARTICLES, TIPS AND HOW TOs

    General Fraud Info

  • Top Information

    BE AWARE OF A GROWING FRAUD TREND using a text and a phone call (Smishing)

     

    Using a combination of a text and a phone call, scammers are tricking people into giving up personal banking information so they can log into their online banking accounts. This rapidly growing scam uses a text sent by fraudsters that says it is a “fraud alert.” The text asks the user if they made a specific transaction (which is fake) and to reply “Yes or No.”

     

    Once the person confirms the transaction is not valid by replying “No”, the imposter proceeds with a phone call claiming to be from the “Fraud Department” or their financial institution’s “Security Officer.”  The phone number is sometimes spoofed to appear that it’s from the user’s financial institution.

     

    The fraudster then “verifies” the person by asking them to provide their banking Login ID, the Secure Access Code (SAC) which is obtained from doing a “forgot password”, and debit card/pin information. The fraudster then turns around to complete a P2P transfer to their own accounts.

     

    Please be aware of this possible scam and DO NOT provide ANY personal information, including your Login ID and Secure Access Code (SAC). FMFCU would NEVER ask for your SAC

    FDIC – Beware of Fake Checks
    Protect yourself from fake check scams with these tips from FDIC Consumer News

     

    Even in today’s digital and mobile world where electronic money transfers are common, consumers and businesses may still prefer the assumed security of paper cashier’s checks or official bank checks for large or major payments. Read the full article at FDIC.gov.

     

    Be aware for Money Mules.

    A money mule is someone who transfers illegally acquired money on behalf of or at the direction of another. Criminals recruit mules to move money electronically through bank accounts, in person, or through a variety of other methods. Once received, the mule will wire the money into a third party bank account; “cash out” the money received, possibly via several cashier’s checks; convert the money into a virtual currency; or conduct a combination of these actions. Money mules are inherently dangerous, as they are added layers to the money trail from a victim to a criminal actor. A more detailed explanation is described on the Federal Trade Commission’s web site here.

     

    Read the entire article on the FBI’s web site and learn what you can do to prevent yourself from falling victim to this scam.

     

     

    Check Deposits – Know your checks
    Whether you use AnytimeDeposit, an ATM or make a deposit transaction at your local branch, know that you are ALWAYS responsible for the personal or business/payroll checks deposited into your account. It doesn’t matter who the check is from, if you were duped by a “fraudster” or the check hold is no longer on the item.  If the item was deposited into your account by you, a joint owner or a complete stranger….you and any of the account owners are responsible if and when any check is returned.

     

    Safeguards for check deposits include properly endorsing the item and knowing who you received the check from and why.

     

    NCUA Fraud Prevention Center
    Consumers now have an information resource to help learn about and protect themselves against fraud with the National Credit Union Administration’s Fraud Prevention Center.

     

    5 Tips for Protecting Your Checking Account
    A nice brief article from the Federal Reserve Board. Read the article

    • Vulnerabilities

  • Top Issues

    July 22, 2019  – Equifax Announces Comprehensive Consumer Settlement Arising From 2017 Cybersecurity Incident

     

    In September of 2017, Equifax announced it experienced a data breach, which impacted the personal information of approximately 147 million people. A federal court is considering a proposed class action settlement submitted on July 22, 2019, that, if approved by the Court, would resolve lawsuits brought by consumers after the data breach. Equifax denies any wrongdoing, and no judgment or finding of wrongdoing has been made.

     

    If approved, if you qualify, you could get some of the following benefits:

    1. Free Credit Monitoring or $125 Cash Payment
    2. Other Cash Payments.
    3. Free Identity Restoration Services

     

    For complete details, read the press release from Equifax and the settlement web site.

     

    • Web Targeting & Phishing

  • Top Issues

    April 4, 2019  – FILING YOUR TAXES? WATCH OUT FOR PHISHING SCAMS
    THE INTERNAL REVENUE Service has warned taxpayers for years to be wary of online phishing, where criminals impersonate the agency using fake emails, text messages, or websites in order to steal your personal information. Read more from Wired.com.

     

    November 27, 2018  – Half of phishing sites trick you into thinking they’re ‘secure’
    You can’t assume that a site is honest because it has that “secure” padlock in the address bar, and PhishLabs just illustrated why. The anti-phishing company has determined that 49 percent of all known phishing sites used Secure Sockets Layer protection (and thus displayed the padlock) as of the third quarter of 2018. Read more about this from Engadget.com.

     

    Call forwarding phishing attacks
    Be on the lookout for Call Forwarding phishing attacks. How it works: the fraudster calls a person and asks him/her to activate their credit card. Then they ask you to call a phone number to activate the card. The phone number contains *72 which activates call forwarding, giving them control of the person’s phone number allowing international calls, etc. NEVER give out your personal information to anyone calling you and when it doubt, hang up and call them using official corporate phone numbers.

     

    Avoid tech support phone scams
    Cybercriminals don’t just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. Read what you need to know and how to protect yourself. Read what you need to know and how to protect yourself.

     

    Phishing scam targets taxpayers who use tax software
    The growing popularity of tax preparation software has led to a rise in e-mail scams targeted at do-it-yourself taxpayers. Read the article.

    • Scam Information

  • Top Information

    How to Spot, Avoid and Report Tech Support Scams 

    Tech support scammers want you to believe you have a serious problem with your computer, like a virus. They want you to pay for tech support services you don’t need, to fix a problem that doesn’t exist. They often ask you to pay by wiring money, putting money on a gift card, prepaid card or cash reload card, or using a money transfer app because they know those types of payments can be hard to reverse*. Quick tips:

     

    • DO NOT RESPOND TO OUT OF THE BLUE TECH SUPPORT CALLS
    • DO NOT CLICK ON ADS IN SEARCH RESULTS IF LOOKING FOR TECH SUPPORT
    • DO NOT CLICK ON POP-UP WARNINGS ABOUT THREATS BEING DETECTED ON YOUR PC (unless it’s from your own anti-virus software)

     

    The FTC has provided an article summarizing this problem, how to detect these scammers, what to do if your PC has an issue, and what to do if you were scammed.

    READ THE FTC ARTICLE

     

    *Federal Trade Commission: How to Spot, Avoid and Report Tech Support Scams

    How Scammers Tell You to Pay

     

    September 24, 2019 – Avoiding online car buying scams

    We’ve had reports from members that auto scams are back on the rise.  The following is an older article from the National Consumer League, but is very relevant today. The post explains the scam, informs you what to look for, and how to avoid them. A must-read! View the article here.

     

    May 6, 2019 – Get a one-ring call? Don’t call back.

    You could be a potential victim of the growing “one-ring” cell phone scam.

     

    Here’s how it works: Scammers are using auto-dialers to call cell phone numbers across the country. Scammers let the phone ring once — just enough for a missed call message to pop up.

     

    The scammers hope you’ll call back, either because you believe a legitimate call was cut off, or you will be curious about who called. If you do, chances are you’ll hear something like, “Hello. You’ve reached the operator, please hold.” All the while, you’re getting slammed with some hefty charges — a per-minute charge on top of an international rate. The calls are from phone numbers with three-digit area codes that look like they’re from inside the U.S., but actually are associated with international phone numbers — often in the Caribbean. The area codes include: 268, 284, 473, 664, 649, 767, 809, 829, 849 and 876.

     

    If you get one of these call:

    • Don’t call back
    • Report the robocall to the FTC at donotcall.gov and to the FCC at fcc.gov/complaints
    • Always check your phone bill for suspicious or unusual charges

     

    *Articles courtesy of the Federal Trade Commission.

    • Cybersecurity

  • Online Tools and Tips

    February 2019 – Password Checkup by Google – recently released a new tool called Password Checkup that will alert you when you need to change your password because it might have been stolen by a third party. It’s an extension (plug-in) that you install in the Chrome browser. Once it’s installed, it will let you know if you need to change your account password. Read more from Google including the new Cross Account Protection for apps that have Google Sign In.

     

    February 2019 – Why you should NEVER share PINs and Banking Credentials
    One of the most frequent scenarios we hear in our Risk Management Department is account fraud when members share their FMFCU Debit/Credit Card PINs, card numbers, logins and online/mobile banking passwords. Whether a friend, family member or stranger…this information should NEVER be shared!
    Sometimes it seems like sharing is a logical thing to do in certain situations. But we’d like to remind you that your cards, PINs and banking credentials belong to you and you only!  If you share it with someone else, YOU are responsible. 

    The Federal Trade Commission has a comprehensive online library related to securing your information. Read more here at FTC.gov.

Schedule an Appointment