July 23, 2010 - BE ADVISED: We have received reports of fraudulent emails that appear to have been sent from NACHA – The Electronic Payments Association. See sample below.
The subject line of the e-mail states: “Unauthorized ACH Transaction.” The e-mail redirects the individual to a fake Web page and contains a link which is likely a virus with malware. Do not click on the link. Both the e-mail and the related website are fraudulent.
Be aware that fraudulent e-mails frequently have links to Web pages that host malicious software. Do not follow links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
NACHA does not send communications to individuals or organizations.
= = = = = Sample E-mail = = = = = =
Sent: Thursday, July 22, 2010 8:27 AM
To: Doe, John
Subject: Unauthorized ACH Transaction
Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:
Unauthorized ACH Transaction Report
Copyright ©2009 by NACHA - The Electronic Payments Association
= = = = = = = = = = = = = = = = = = =
Please contact the following staff with any questions regarding this matter:
Senior Director, Communications & Marketing
Scott Lang, AAP
Senior Vice President, Association Services
**Fraud Email Phishing Activity Reported**
May 25, 2010 – The National Credit Union Administration (NCUA) is reporting recently simulated NCUA email boxes. The fraudulent emails solicit credit union member participation in an Online Survey or Member Survey, and promise compensation of $40 as an inducement to respond to the email.
The emails are fraudulent, and may be an attempt to obtain confidential member information. NCUA does not solicit such information from credit union members. This is a phishing activity with no NCUA activity or approval. If you have received these emails please do not respond. If you have any questions or concerns please email NCUA at email@example.com.
Attention ALL Members:
SC National Guard FCU will NEVER solicit personal/private information via e-mail!! If you get an e-mail that appears to be from SC National Guard FCU requesting private information, such as passwords, account numbers, and user id's, please DELETE it immediately.
********SCAM ALERT NOTICE********
SCNG FCU is aware of a scam/phishing attempt. Members may have received the following text message:
Credit Union Alert
Your card has been deactivated.
Please contact us at 803-233-1804 to reactivate your card.
If you received this text message do not reply, IT IS A SCAM.
Please feel free to contact us with any questions you may have regarding this matter!
Please remember, SCNG FCU will not ask you to provide your social security number, ATM or debit card PIN or any other sensitive information via text message.
Fraud Alert - September 29, 2009
Credit Union National Association [CUNA] is aware of phone calls, text messages, and emails being made about:
• Account De-activation
• Account Status Alert
• Changes to Terms and Conditions
• Irregular Activity
These e-mails and text messages ask that the member to call a number in order to have their account reactivated. Some may request that you leave callback information or provide your financial information directly. All of these messages are fraudulent. Please do not respond to these messages.
The CUNA is the trade association for credit unions in the US. CUNA does not maintain any type of member financial information. Additionally, South Carolina National Guard Federal Credit Union would never solicit your personal identification information via email. If you did respond to such a solicitation, please contact us immediately.
Important Debit Card Tips
Debit cards are a convenient way of paying for everyday items because they can help you manage your money better. However, due to the increasing number of unauthorized charges and rise in identity theft, here are some tips debit card users should know:
Use your hand or body to shield your PIN when you are conducting transactions at the Automated Teller Machine (ATM), or when making Point of Sale (POS) transactions at retail stores. Avoid potential “shoulder surfing”.
Never let your debit card out of your sight when conducting a POS transaction. Be certain the transaction is complete and review the receipt before leaving the premises. Always remember to take the receipt with you and record it in your register. Then shred your receipt before discarding it, since it contains valuable account information.
Regularly check your statements and balances to verify all transactions have been properly documented. If entries do not accurately reflect transaction activities, for example, if there are missing or additional transactions, you should contact your Financial Institution immediately.
If your debit card is lost, stolen or retained by an ATM, notify your Financial Institution immediately upon becoming aware of the problem.
Your debit card and PIN are the keys to your account(s). Never disclose your PIN to anyone. Keep your card in a safe place and never lend it to anyone.
Memorize your PIN - it's your electronic signature. If you suspect that someone knows your PIN, change it immediately or contact your Financial Institution immediately to cancel the card. It is strongly recommended you do not write down your PIN.
When selecting your PIN, never use obvious information such as your telephone number, date of birth, address or social security number.
Only conduct ATM transactions when & where you feel secure. If you suspect that someone may have obtained your PIN or account number, please contact your Financial Institution immediately.
Phishing, Smishing, and Vishing: What’s the Difference?
SUMMARY: Phishing scams continue to affect credit unions, but styles of phishing are shifting. Vishing, Smishing, and U.S. Mail Phishing are new ways to bait members into divulging personal and financial information. Scammers are turning to these different methods with the hope of confusing members into thinking they can only be "phished" through the use of e-mail. These methods are defined as follows:
Phishing (pronounced "fishing") is a scam to steal valuable information such as credit card and Social Security numbers, user IDs, and passwords. In phishing, also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, credit union, bank, or retail establishment. E-mails can be sent to people on selected lists or on any list, and the scammers expect some percentage of recipients will actually have an account with the real organization.
LAND LINE TELEPHONE “VISHING” & VoIP (INTERNET PHONES “VISHING”)
Vishing, (Voice phISHING) also called "VoIP phishing for the Internet phones," is the voice counterpart to phishing. Instead of being directed by e-mail to a Web site, an e-mail message asks the user to make a telephone call. The call triggers a voice response system that asks for the user's card number or other personal or financial information. The initial bait can also be a telephone call with a recording that instructs the user to phone an 800 number or another area code within or outside of the United States.
In either case, because people are used to entering card numbers over the phone, this technique can be effective. Voice over IP (VoIP) is used for vishing because caller IDs can be spoofed and the entire operation can be brought up and taken down in a short time, compared to a land line telephone.
TEXT MESSAGE “SMISHING”
Smishing (SMS phISHING) is the mobile phone counterpart to phishing. Instead of being directed by e-mail to a Web site, a text message is sent to the user's cell phone or other mobile device with some ploy to click on a link. The link causes a Trojan to be installed in the cell phone or other mobile device.
New! Mail LETTER “PHISHING”
This new scam occurs where the phisher is creating a letter and sending it through the mail to individuals to respond to the letter by calling a phone number. The phisher outlines in the letter that the individual must respond for their own protection. This scam is used in conjunction with other channels to steal valuable personal and financial information of the individual receiving the letter.
IRS Phony E-mail and Telephone Scams
The Internal Revenue Service has issued an alert, warning that the IRS name and logo is being used by fraudsters attempting to access the taxpayer financial information through e-mail, telephone, and cell phone text messaging.
Note: The IRS does not ask for personal identifying or financial information via unsolicited e-mail, telephone calls, or text messaging.
The following scams are being used to trick taxpayers into divulging financial account information for fraudulent purposes:
- Taxpayers receive a phone calls telling them that they are eligible for a sizable rebate for filing their taxes early, and they are told to provide their financial account information for direct deposit.
- Taxpayers receive e-mails that claim they are eligible for a tax refund of a specific amount, and they are instructed to click on the link in the e-mail to access the refund claim form, which requires them to disclose financial account information.
- E-mail notifications addressed to individual taxpayers claim that their tax returns will be audited. The individual is instructed to click on the link within the e-mail and complete forms disclosing personal and financial account information.
- Businesses, accountants, and “Treasury” managers are receiving bogus e-mails regarding tax law changes. To obtain information on publications for businesses, estates taxes, excise taxes, exempt organizations, as well as IRAs and other retirement plans, the recipient is instructed to click on a series of links. The IRS suspects that clicking on these links downloads “malware” onto the recipient’s computer, which can be used to search for financial records and other private information.
- A person claiming to be an IRS employee telephones taxpayers to say the IRS has mailed them a check that has not been cashed. The caller then asks for verification of financial account information.
In a new twist to the ever popular IRS phishing scam, a credit union recently received an email purportedly from the IRS that contained an attachment (that probably contained a virus or attempt to gain information for ID theft, although thankfully the recipient didn't open it). The subject line of the email was "URGENT: Tax Avoidance Investigation XXX Federal Credit Union (Case id: #F12C36)" so it looked very official.
The contents went on to say that "the company you are affiliated to, XXX Federal Credit Union is participating in an illegal scheme to avoid paying taxes" and "The IRS has begun an investigation regarding your company's activities and your cooperation is needed" and so forth. It requested that the recipient open the attachment or click a link and fill in an investigation form.
Please be aware and very careful of opening ANY attachment on an email that you receive and don't know the sender or question the validity of the sender.
For more information on phishing scams and ID theft from the IRS go to www.irs.gov/newsroom and click on the Phishing and ID Theft link.
Debit cards too risky for online shopping
MADISON, Wis. (12/10/07)--Use the wrong payment method or the wrong piece of plastic when shopping online and someone you don't know could zero out your checking account balance in a matter of minutes.
It's a fact: The safest form of payment online is a credit card, although there still are risks, particularly if you don't know the reputation of the seller. But if you're a die-hard debit card user and insist on using it for online purchases, you're putting yourself at much greater risk than if you use a credit card for those same purchases.
Why? Because debit cards are regulated by the Electronic Funds Transfer Act, which is weaker than the law that regulates credit cards. What you need to remember has to do with liability:
- Credit card liability. Federal law protects you so your liability is no more than $50 (per card) if a crook uses your card fraudulently before you report the theft. Report the theft before the crook uses your card, and your liability is zero. Even if you're subject to the $50 liability, some issuers may waive that amount.
- Debit card liability. Here's where it gets sticky. If you report the theft within two business days, your liability is limited to $50, and again, some issuers may waive that amount. However, after two business days, your liability jumps to $500. And if you don't report the loss or theft within 60 days of receiving your statement, your liability is unlimited.
Bottom line: Don't use a debit card for online purchases. Use a credit card on sites of reputable sellers.
Finally there is an organization (National Consumers League – NCL) that is taking initiatives to inform and warn consumers about this issue.
It’s a great website. There are videos of actual victim’s stories…pretty sad. There are also videos of a guy attempting typical scams in person rather than on the Internet. It’s funny how when this is done in person, without the anonymity of the Internet, the scams seem much more evident. The website also has a way to report fraud. It appears it will be a database for law enforcement as a central source for information about these scams.
On the NCL website they have a brochure that could be provided to members that present questionable checks to help explain these scams.
CUNA also has some info in this News Now article.
Please do not respond to a text message stating "Your Debit Card Has Been Blocked" (or any similar messages). This text has a return address of SMS.ALERT@VISA.COM. The message provides a number to call where you will be asked your ATM/ DEBIT Card # , the 3 Digit Code on the back of the card, and the Pin Number.
THIS IS A SCAM! Do not reply to this text.
Remember, SCNG FCU will never ask for personal information via email or text message.
Please feel free to contact us with any questions you may have regarding this matter!