Fraud & Scam Information
The security of your accounts is a top priority at Southern Lakes Credit Union. We are dedicated to helping you learn more about preventing identity theft and our systems are continually monitoring for fraudulent and potentially fraudulent activity.
Fraudsters are using the internet, mail, and telephone in many ways to try to make you fall victim to their schemes. It’s important to remember that fraudsters are clever at gaining your trust and gathering your personal information.
Below is a list of common fraud schemes you should watch out for.
Google Docs Phishing Scam
A dangerous email phishing scam is making the rounds. Employees at various organizations that use Google for email, as well as thousands of personal Gmail customers are reporting the same scam.
It starts with an email from a known contact, which says that the person has shared a Google Doc with you. You’re invited to click the link to open, which redirects you to a legitimate Google sign-in page. You’re prompted to select one of your Google accounts and then authorize a legitimate-looking app called “Google Docs” to manage your emails.
That’s how the scam works: the app called “Google Docs,” which requests permission to read, send, and delete emails, isn’t really a Google app. Rather, it’s an app controlled by hackers. It seems that once it has permission to manage your email, it secretly sends out emails to all your contacts, with the same phishing link. Once the hackers have control of your Gmail account, the possibilities are dangerous. Personal and business email accounts are commonly used as the recovery email on a number of digital accounts, which means that hackers could potential get control over your Apple, Amazon, Facebook, Twitter or personal Google account. Anything linked to a compromised Gmail account is potentially at risk.
To protect yourself, the most important thing to do is to delete any email about a shared Google Doc, unless you can personally verify with the sender that it’s not a phishing email. If you already clicked on the link, you should set up two-factor authentication, using a cell phone number, on any critically important account. You can also remove permissions for the fake “Google Docs” app from your Google account. Go to myaccount.google.com, Sign-In and Security, and Connected Apps. From there, look at the list of connected apps, and ensure that anything you don’t recognize is deleted.
Text Message Phishing Scam
Recently, The National Credit Union Administration (NCUA) has received a number of consumer calls about a suspicious text message claiming to come from the agency.
The message reads: “National Credit Union Administration Alert for (recipient’s phone number). Contact 844-234-5445.”
It has been confirmed that this is not a communication from NCUA. The agency stressed that it does not seek personal information through the internet or on the telephone.
Please contact NCUA’s Consumer Assistance Center at 1-800-755-1030 between 8 a.m. and 5 p.m. Eastern if you receive one of these messages. NCUA also recommends contacting the Credit Union and, if necessary, local law enforcement. You can reach the Credit Union at 800.498.8930.
IRS Impersonation Scams
We have learned that individuals and businesses are receiving fraudulent phone calls impersonating the Internal Revenue Service (IRS) attempting to obtain personal information. The IRS also issued an alert regarding fraudulent emails impersonating the IRS. The emails coerce the recipient into clicking on a malicious website link. These phone calls and emails are fraudulent.
It is important to keep in mind that the IRS generally does not initiate contact with taxpayers by email or phone to request personal or financial information. If you receive such a communication from the IRS, do not provide any personal information (especially while on the telephone). Rather, if you feel the contact may be legitimate, first review and follow the guidelines provided by the IRS.
Tech Support Scams
Southern Lakes Credit Union is committed to educating its members about how they can protect themselves and their families from frauds and scams. Recently, scam artists have been making phone calls, sending e-mails, and setting up phony websites to try to gain access to an individual’s computer. A scam artist will contact the victim claiming to be a computer technician associated with well-known company, like Microsoft. The scam artist will state that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need. These scammers take advantage of your reasonable concerns about viruses and other threats. They know that computer users have heard time and again that it is important to install security software. But the purpose behind their elaborate scheme isn’t to protect your computer; it’s to steal your personal information, such as access codes, passwords, and account numbers, and fraudulently obtain your money. Therefore, please do not allow an unknown party, or one that has not been verified as legitimate, to remotely access your computer, as it could result in a security compromise.
Debit Card Fraud
As Southern Lakes Credit Union receives notifications of possible data and security breaches, we evaluate each situation to determine the best course of action to protect our members. In some cases this means that we may re-issue debit and ATM cards believed to be compromised. While we understand that this is an inconvenience, we believe it is prudent to protect our members’ accounts from future fraud.
We are always proactive in protecting you and the Credit Union from fraudulent transactions. In an effort to help combat increasing debit card fraud, we are implementing some changes that may affect you. To lessen the likelihood of debit card fraud for our members, we may require the use of your PIN when your card is being used in areas or regions where fraud is more common. If you use your debit card for a signature-based purchase (“credit” transaction) and the transaction fails, please retry by selecting a “debit” transaction using your four-digit PIN (Personal Identification Number).
We also use other fraud monitoring tools to approve debit card transactions, such as analyzing patterns in your use of your debit card and recognizing transactions that may be “out of the norm” for you. If this occurs, a transaction may be declined or you may receive a phone call from our fraud prevention specialists to inquire on transactions we suspect to be fraudulent. While we make every effort to ensure our members’ experience with their debit card is convenient, these steps may be necessary to prevent unauthorized transactions from posting to your accounts.
The following are recommendations that you should consider to monitor activity on your accounts and to protect your personal information:
- Regularly check your account statements and activity
- If you have reason to suspect fraudulent activity on your account, contact us immediately at 1.800.924.6373
ATM Skimming
If you find anything unusual at any ATM or other places like gas pumps where credit and debit cards are accepted, please report your observation to the financial institution during business hours or contact the local police department.
“Skimming”, where criminals steal your PIN and account number using devices and cameras that capture personal information is increasing dramatically and is becoming harder to detect. The first part is the skimmer itself, a card reader placed over a real card reader slot. When a card is slid into an ATM (or swiped at a gas pump), it is sliding through the counterfeit reader, “a skimmer,” which scans and stores all the information on the magnetic strip. However, to gain full access to the accounts, the thieves still need the PIN. Cameras hidden on or near the ATMs or gas pumps are positioned to get a clear view of the keypad and record all the PIN information. Some ATM skimming schemes employ fake keypads instead of cameras to obtain PINs.
Here are three tips to help you protect your account when using an ATM:
- Hide your password with your hand
Always cover your password with your hand. Criminals disguise hidden cameras to try and obtain your password. By protecting it with your hand, ATM thieves can’t access your PIN. - Observe the ATM
Take a quick look at the ATM machine. Does anything look a bit out-of-place? If the card reader moves around when you try to wiggle it with your hand, a “skimmer” may be laid over it. A genuine card reader should not move around and will be securely attached as part of the ATM.
Examine the keypad and check for cameras. If the keypad looks a bit too thick or appears to look different from how it normally appears, something may be wrong. Check for any suspicious looking cameras that may be placed around the ATM above the screen, around the key pad, or in a brochure rack.
- Check your account balances and transactions frequently
Regularly check your savings, checking, and credit card accounts online. If you notice any suspicious activity, contact your financial institution immediately.
Mystery Shopping
There are multiple ways this type of fraud can occur. For example we will use one of the most common.
Fraudsters contact victims through employment websites and ask them to first evaluate the Western Union Money Transfer service. The fraudster sends the victim a check and instructs them to deposit the check and use the funds to send a money transfer.
Secondly, the fraudsters also inform the victim that they are being hired to evaluate various retail outlets and to complete an evaluation form on those assignments. The victim actually goes to those retail outlets and evaluates their products and services not knowing all along that this is a scam.
The victim sends the money transfer, keeps a small amount of money from the check and in the meantime the fraudster picks up the funds at Western Union. What the victim is not expecting is for the check to be returned back to their financial institution as a “counterfeit” and the victim is left responsible for the funds owed to their financial institution.
Employment
The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as a signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will be returned to their financial institution and the victim is left responsible for the funds owed.
Lottery/Prize
Victims are informed through an unsolicited communication that they have won a large prize or sweepstakes. The victim receives a check for part of the winnings from the fraudster and is told to pay a small amount to cover taxes and/or processing fees. The victim uses the check to pay for the taxes or fees and is left responsible to their financial institution for the returned counterfeit check and the amount that they now owe them.
Internet Purchases
Victims are told to send money for a product, auction item or service to the seller. The fraudster will use a number of tactics to make you believe they are legitimate, but once the victim sends the money they will not receive the purchased item or service.
Overpayment
A common fraud in which the victim is sent a check in payment of a product or service that appears to be valid, but will eventually bounce. Typically, the amount of the check exceeds what the victim expects to receive and he or she is instructed to send the excess to the fraudster. When the check is returned to the victim’s financial institution, the victim is left responsible for the funds owed.
Business Email Compromise
Recently, the FBI and the Department of Business Regulation put out Public Service Announcements regarding a scam known as the Business E-mail Compromise (BEC). The BEC, by definition, is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
Most victims report using wire transfers as a common method of transferring funds for business purposes; however, some victims report using checks as a common method of payment. The fraudsters will use the method most commonly associated with their victim’s normal business practices.
The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back.
One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle, a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer. Anyone who responds “yes,” “no” or at all will very soon after receive a phone call from a scammer pretending to be from the financial institution’s fraud department. The caller’s number will be spoofed so that it appears to be coming from the victim’s bank. To “verify the identity” of the customer, the fraudster asks for their online banking username, and then tells the customer to read back a passcode sent via text or email. In reality, the fraudster initiates a transaction — such as the “forgot password” feature on the financial institution’s site — which is what generates the authentication passcode delivered to the member. An important aspect of this scam is that the fraudsters never even need to know or phish the victim’s password. By sharing their username and reading back the one-time code sent to them via email, the victim is allowing the fraudster to reset their online banking password.
To combat this scam Zelle introduced out-of-band authentication with transaction details. This involves sending the member a text containing the details of a Zelle transfer – payee and dollar amount – that is initiated by the member. The member must authorize the transfer by replying to the text. Unfortunately, the scammers are defeating this layered security control as well.
The Consumer Financial Protection Bureau (CFPB) recently announced it was conducting a probe into companies operating payments systems in the United States, with a special focus on platforms that offer fast, person-to-person payments. In the meantime, remember the mantra: Hang up, Look Up, and Call Back. If you receive a call from someone warning about fraud, hang up. If you believe the call might be legitimate, look up the number of the organization supposedly calling you, and call them back.
For more information, statistical data, recent trends, suggestions for protection and victim assistance information, please to the PSA from the FBI at www.ic3.gov/media/2015/150827-1.aspx. Additional information is publicly available on the United States Department of Justice website www.justice.gov publication entitled “Best Practices for Victim Response and Reporting of Cyber Incidents”.