Security Alerts, Articles, Tips, and How Tos
April 2, 2020 – Coronavirus Stimulus Scams Surface Targeting Members
The Better Business Bureau (BBB) reports fraudsters have deployed a variety of scams involving Coronavirus stimulus checks. Be aware of and watch out for these text message, social media post/messages or phone call scams:
- A Facebook post informing seniors of a special grant to help pay medical bills. The link within the post takes them to a website claiming to be a government agency called “U.S. Emergency Grants Federation” and asks for a social security number.
- Phone calls in which fraudsters claim the person qualifies for a $1,000 to $14,000 Coronoavirus stimulus payment; however, they must first pay a processing fee.
- Fraudsters may also attempt to scam you into providing your account number so they can deposit the stimulus payment into the account.
BE AWARE THAT CORONA VIRUS SCAMS ARE HAPPENING. NEVER GIVE OUT ANY PERSONAL INFORMATION. AND PLEASE BE AWARE OF FRAUDULENT TEXTS CLAIMING THEY ARE FROM FMFCU. CURRENTLY, FMFCU DOES NOT TEXT MESSAGE.
March 18, 2020 – BE AWARE OF FRAUDULENT TEXTS
Recently, we received reports of fake texts appearing as if they were an FMFCU Fraud Alert. These texts ask for a transaction verification from a retail store (like Walmart). DO NOT REPLY.
March 16, 2020 – FMFCU cares about your financial safety. Watch out for scams!
AVOIDING COVID-19 SCAMS – During times of uncertainty and emergency situations like the Coronavirus, fraudsters love to take advantage by implementing scams. Unfortunately, they are finding ways to take advantage of this public health issue. Be wary of emails claiming to be from the Centers of Disease Control (CDC) or experts saying they have information or health supplies related to the virus. Fraudsters may appear to promote awareness and prevention as a ruse to take your money and/or personal information.
Please remember, FMFCU will never contact you to ask for your online or mobile banking login, password, SAC code, or other personal identifying information. If you have experienced a fraud that has to do with your FMFCU accounts, please contact us immediately. Visit our Security Center to learn more.
February 10, 2020 – CORONAVIRUS: SCAMMERS FOLLOW THE HEADLINES
Scammers are taking advantage of fears surrounding the Coronavirus. They’re setting up websites to sell bogus products, and using fake emails, texts, and social media posts as a ruse to take your money and get your personal information.
The emails and posts may be promoting awareness and prevention tips, and fake information about cases in your neighborhood. They also may be asking you to donate to victims, offering advice on unproven treatments, or contain malicious email attachments.*
*Federal Trade Commission “Consumer Information” Blog, February 10, 2020.
February 3, 2020 – BEWARE OF FAKE JOB OFFERS USING FRAUDULENT CASHIER’S CHECKS
FMFCU has learned of a newer scam involving LinkedIn and Indeed.com. Potential employees submit resumes on the respective web sites. A scammer who poses as a legitimate company identifies those applicants (maybe by hacking), and then uses something like Google Hangouts (which is a red flag right away) to offer a job like a Virtual Assistant. The fraudster includes job details, salary, job description and more.
Then the scammer asks the person to take a Cashier’s Check, sent to them by FedEx, to their bank to deposit and then make a cash withdrawal. They are instructed to then deposit the money in a Bank of America account or similar using account numbers they provide the “new employee.” The employee then expects to get a computer with software to do their “Virtual Assistant” job.
THE BOTTOM LINE
NEVER reply to any potential employer through text, social media, or apps like Google Hangouts. Use the official communication areas in employment web sites. No employer would ever send you money to deposit and then redeposit, after you take money out for them! When in doubt, ask LinkedIn or Indeed or whatever employment site you use, to see if the communication is official and verified.
RECENT SECURITY ARTICLES, TIPS AND HOW TOs
BE AWARE OF A GROWING FRAUD TREND using a text and a phone call (Smishing)
Using a combination of a text and a phone call, scammers are tricking people into giving up personal banking information so they can log into their online banking accounts. This rapidly growing scam uses a text sent by fraudsters that says it is a “fraud alert.” The text asks the user if they made a specific transaction (which is fake) and to reply “Yes or No.”
Once the person confirms the transaction is not valid by replying “No”, the imposter proceeds with a phone call claiming to be from the “Fraud Department” or their financial institution’s “Security Officer.” The phone number is sometimes spoofed to appear that it’s from the user’s financial institution.
The fraudster then “verifies” the person by asking them to provide their banking Login ID, the Secure Access Code (SAC) which is obtained from doing a “forgot password”, and debit card/pin information. The fraudster then turns around to complete a P2P transfer to their own accounts.
Please be aware of this possible scam and DO NOT provide ANY personal information, including your Login ID and Secure Access Code (SAC). FMFCU would NEVER ask for your SAC
FDIC – Beware of Fake Checks
Protect yourself from fake check scams with these tips from FDIC Consumer News
Even in today’s digital and mobile world where electronic money transfers are common, consumers and businesses may still prefer the assumed security of paper cashier’s checks or official bank checks for large or major payments. Read the full article at FDIC.gov.
Be aware for Money Mules.
A money mule is someone who transfers illegally acquired money on behalf of or at the direction of another. Criminals recruit mules to move money electronically through bank accounts, in person, or through a variety of other methods. Once received, the mule will wire the money into a third party bank account; “cash out” the money received, possibly via several cashier’s checks; convert the money into a virtual currency; or conduct a combination of these actions. Money mules are inherently dangerous, as they are added layers to the money trail from a victim to a criminal actor. A more detailed explanation is described on the Federal Trade Commission’s web site here.
Read the entire article on the FBI’s web site and learn what you can do to prevent yourself from falling victim to this scam.
Check Deposits – Know your checks
Whether you use AnytimeDeposit, an ATM or make a deposit transaction at your local branch, know that you are ALWAYS responsible for the personal or business/payroll checks deposited into your account. It doesn’t matter who the check is from, if you were duped by a “fraudster” or the check hold is no longer on the item. If the item was deposited into your account by you, a joint owner or a complete stranger….you and any of the account owners are responsible if and when any check is returned.
Safeguards for check deposits include properly endorsing the item and knowing who you received the check from and why.
NCUA Fraud Prevention Center
Consumers now have an information resource to help learn about and protect themselves against fraud with the National Credit Union Administration’s Fraud Prevention Center.
5 Tips for Protecting Your Checking Account
A nice brief article from the Federal Reserve Board. Read the article
July 22, 2019 – Equifax Announces Comprehensive Consumer Settlement Arising From 2017 Cybersecurity Incident
In September of 2017, Equifax announced it experienced a data breach, which impacted the personal information of approximately 147 million people. A federal court is considering a proposed class action settlement submitted on July 22, 2019, that, if approved by the Court, would resolve lawsuits brought by consumers after the data breach. Equifax denies any wrongdoing, and no judgment or finding of wrongdoing has been made.
If approved, if you qualify, you could get some of the following benefits:
- Free Credit Monitoring or $125 Cash Payment
- Other Cash Payments.
- Free Identity Restoration Services
April 4, 2019 – FILING YOUR TAXES? WATCH OUT FOR PHISHING SCAMS
THE INTERNAL REVENUE Service has warned taxpayers for years to be wary of online phishing, where criminals impersonate the agency using fake emails, text messages, or websites in order to steal your personal information. Read more from Wired.com.
November 27, 2018 – Half of phishing sites trick you into thinking they’re ‘secure’
You can’t assume that a site is honest because it has that “secure” padlock in the address bar, and PhishLabs just illustrated why. The anti-phishing company has determined that 49 percent of all known phishing sites used Secure Sockets Layer protection (and thus displayed the padlock) as of the third quarter of 2018. Read more about this from Engadget.com.
Call forwarding phishing attacks
Be on the lookout for Call Forwarding phishing attacks. How it works: the fraudster calls a person and asks him/her to activate their credit card. Then they ask you to call a phone number to activate the card. The phone number contains *72 which activates call forwarding, giving them control of the person’s phone number allowing international calls, etc. NEVER give out your personal information to anyone calling you and when it doubt, hang up and call them using official corporate phone numbers.
Avoid tech support phone scams
Cybercriminals don’t just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. Read what you need to know and how to protect yourself. Read what you need to know and how to protect yourself.
Phishing scam targets taxpayers who use tax software
The growing popularity of tax preparation software has led to a rise in e-mail scams targeted at do-it-yourself taxpayers. Read the article.
September 24, 2019 – Avoiding online car buying scams
We’ve had reports from members that auto scams are back on the rise. The following is an older article from the National Consumer League, but is very relevant today. The post explains the scam, informs you what to look for, and how to avoid them. A must-read! View the article here.
May 6, 2019 – Get a one-ring call? Don’t call back.
You could be a potential victim of the growing “one-ring” cell phone scam.
Here’s how it works: Scammers are using auto-dialers to call cell phone numbers across the country. Scammers let the phone ring once — just enough for a missed call message to pop up.
The scammers hope you’ll call back, either because you believe a legitimate call was cut off, or you will be curious about who called. If you do, chances are you’ll hear something like, “Hello. You’ve reached the operator, please hold.” All the while, you’re getting slammed with some hefty charges — a per-minute charge on top of an international rate. The calls are from phone numbers with three-digit area codes that look like they’re from inside the U.S., but actually are associated with international phone numbers — often in the Caribbean. The area codes include: 268, 284, 473, 664, 649, 767, 809, 829, 849 and 876.
If you get one of these call:
- Don’t call back
- Report the robocall to the FTC at donotcall.gov and to the FCC at fcc.gov/complaints
- Always check your phone bill for suspicious or unusual charges
*Articles courtesy of the Federal Trade Commission.
April 29, 2019 – How to stop scammers from stealing your phone number
Smart speakers add a level of convenience to daily life, but there are also some privacy issues associated with using them. We’ve seen reports of everything from Amazon workers listening to your Alexa conversations and having access to your home address to the future possibility of Google Assistant learning to read your moodbased on the tone of your voice. If you’re really, really concerned about privacy, you should probably steer clear of these devices altogether.
But there are some steps you can take right now to get a better handle on your privacy options. For Amazon smart speakers, the focus of this particular post, it all begins in the Alexa app. Read the full article.
April 12, 2019 – Social Security Administration (SSA) imposters top IRS in consumer loss reports
Have you gotten calls about supposed problems with your Social Security number from callers pretending they’re with the Social Security Administration (SSA)? If so, you’re not alone.
They often use robocalls to reach you, then launch into a story aimed at tricking you into giving them your money, your Social Security number (SSN), or both. They may say your SSN has been suspended and you need to confirm your SSN to reactivate it. Or, they may say your SSN has been involved in a crime and your bank account is about to be seized or frozen, but you can protect your money if you put it on a gift card and give them the code. Never do that – your money will disappear.
If you get one of these calls, remember – the real SSA will never contact you out of the blue or tell you to put money on a gift card or, for that matter, visit a Bitcoin ATM, or wire money. Read the full article from the FTC web site here.
April 10, 2019 – Puppy Scams: How to Protect Yourself from Fake Online Pet Sellers
If you are looking for a pet to add to your family, be on the lookout for scams. As more consumers turn to the internet to find new pets, more scams are popping up online. Experts say a shocking 80% of sponsored advertisements about pets may be fake. The BBB International Investigations Initiative conducted an extensive study of online puppy scams and also provides tips for avoiding puppy scams. Read the article from the Better Business Bureau.
April 4, 2019 – How to stop scammers from stealing your phone number
Sorry to be the bearer of bad tidings, but there’s one more security threat to worry about: your phone number. If a hacker gets hold of it, you could be facing some serious personal privacy issues.
Cnet can recommend ways to help you identify scams that lure you to give up your details, and have tips to help keep your phone number safe. Read the Cnet article here.
Online Tools and Tips
February 2019 – Password Checkup by Google – recently released a new tool called Password Checkup that will alert you when you need to change your password because it might have been stolen by a third party. It’s an extension (plug-in) that you install in the Chrome browser. Once it’s installed, it will let you know if you need to change your account password. Read more from Google including the new Cross Account Protection for apps that have Google Sign In.February 2019 – Why you should NEVER share PINs and Banking Credentials
One of the most frequent scenarios we hear in our Risk Management Department is account fraud when members share their FMFCU Debit/Credit Card PINs, card numbers, logins and online/mobile banking passwords. Whether a friend, family member or stranger…this information should NEVER be shared!Sometimes it seems like sharing is a logical thing to do in certain situations. But we’d like to remind you that your cards, PINs and banking credentials belong to you and you only! If you share it with someone else, YOU are responsible.
The Federal Trade Commission has a comprehensive online library related to securing your information. Read more here at FTC.gov.