Phishing Scams - Detect and Prevent

DETECTING FRAUDULENT EMAIL CAN BE DIFFICULT. Here are some characteristics of fraudulent email: 1. Fraudulent emails are rarely personalized; 2. They often contain urgent requests for information; 3. They provide links to websites that ask for your personal information.

If you believe you've received a phishing email or that your personal information has been compromised, notify SESLOC immediately so we can protect your account.

REMEMBER: Legitimate institutions do not request your personal information by email.         

The following scams were reported to SESLOC

3/07:  Several credit unions report members have received Phishing emails with a new twist.  The fraudster's email suggests that you can help fight terrorism and related money laundering by verifying your personal information. A link in the email leads to a counterfeit website deisgned to trick people into divulging sensitive data, such as account numbers, credit card numbers, names and passwords.

11/07:  A member reports receiving an odd phone message from a "fraud reporting service"; the caller left a phone number to call back.  SESLOC does utilize a fraud monitoring service to detect unusual account activity.  (see Fraud Monitoring Service). However, this phone call sounded "phishy," and the member wisely called SESLOC directly. Our Member Support staff was able to verify that no call had been placed from our monitoring service.  When in doubt, call SESLOC directly using a phone number you know to be correct. Don't rely on a phone number left by the possible fraudster.

11/07:  Credit Union National Association reports a phishing scam called "Irregular Check Card Activity." This phishing email targets credit union members in an attempt to collect personal account information, plastic card numbers and passwords.

This scam informs recipients about "irregular check card activity" and advises them to call a toll-free number to have any account restrictions removed. The toll-free number is a ploy to get personal account information, possibly for identity theft purposes.  If you have received this email, do not click on the link to the fake web page, just delete the message.

7/07:  A member reports receiving a fake notice that appears to be from the National Credit Union Administration. It begins, "This notice is to inform you that your Credit Union bank has just joined our federal credit union (FCU) network." It asks members to follow a link to fill in the form to "activate your account." The address provided appears to go to ncua.gov -- however, this is a fake. As a federal agency, the NCUA would not directly contact credit union members and would never ask for personal account information. (See similar scam June 2006, below.)

3/07:  We have received reports of members receiving calls from someone who claims to represent SESLOC. The caller claims there is a problem with the account and requests account numbers and other confidential information.  SESLOC will never telephone you to request your account information.  We already have it.

12/4/06:  A message which appears to be from Credit Union National Association promises $20 direct deposited to your account and the opportunity to win $1200 if you take a survey. This is a fraud. Do not respond. Their goal is to capture your account number.
 
11/17/06: Social Security Fraud:  A message which appears to be from the Social Security Administration is circulating with the subject, “Cost-of-Living for 2007 Update.” The message provides information about the benefit increase for 2007. It contains the following, “NOTE: We now need you to update your personal information. If this is not completed by (date), 2006, we will be forced to suspend your account indefinitely.”
       The reader is directed to a website designed to look like Social Security’s Internet website where the individual is asked to register for a password and to confirm their identity by providing personal information, such as Social Security number, bank account information, and credit card information.

10/23/06:  Fake Purchase Notice: This email is designed to frighten members into providing information reads:  "This email confirms that you have paid PALMTREOSTORE $419.95 USD.  This credit card transaction will appear on your bill as "Bay Federal Credit Union PALMTREOSTORE."  It then lists fictional purchase details.  The email concludes: "If you haven't authorized this charge, click the link below to go to BayFedOnline, cancel the payment and get a full refund".  The link is to a site outside the U.S. where account information is fraudulently collected if someone tries to log on.

10/20/06:  Fake Security Confirmation.  A fraudulent email targeting Pearl Harbor Federal CU members read: "Due to some recent fraudulent activity on PHFCU online accounts, we are launching a new security system to make PHFCU accounts more secure and safe.  Before we can activate it, we will be checking all accounts to confirm the authenticity of the holder.  We will require a confirmation that your account has not been stolen or hacked.  To confirm your account status, please log in" (a link was provided.

10/18/06:  Fake Member Survey:  L.A. Firemens Credit Union members received an email that appeared to be from their credit union, which asked them to provide feedback by using a link provided in the email to log on to their account and take a survey. For their time and effort, members' accounts would be credited with $150.  This was a fraudulent attempt to collect member's account information.

Vishing Scams

7/26/06:  Fraudsters are sending emails and making phone calls warning people that their accounts may have been compromised and you must call a phone number to verify your account or it will be frozen or closed or some other dire consequence will befall you. When you call the phone number, you are asked to provide personal account information.  This is a fraud. This information will be used to fraudulently access your accounts.

Debit Card Fraud - Danger Zone

7/10/06 You are more likely to experience fraudulent use of your debit or credit card during the two months before its expiration date, according to Credit Union National Association.  It is suspected that criminals in possession of stolen card data have an incentive to make as much money as they can before the card expires. Cards that do not expire for a long time allow them extra time to test, probe, and ultimately use the card.

Phishing Scams and Alerts

6/23/06: A Phishing email claims there have been multiple attempts to log on to your account with multiple password failures.  It says "to protect you from fraud, your account will be blocked" unless you immediately log on and change your password.  The link provided is to a fraudulent website which steals your log-on information.

6/15/06:  The NCUA name, logo and website are used repeatedly in spammed messages in attempts to obtain personal account information and PIN numbers.  Please be aware and alert, and never respond to emails that appear to be official NCUA messages and surveys.  As a federal agency, NCUA would not directly contact credit union members and would never ask for personal account information.

6/06/06: This scam email claims your account as been denied insurance, citing the Dept. of Homeland Security, plus state and local government officials. It falsely claims that all insurance on your account has been suspended until your identity can be verified, and threatens that failure to use the link provided in the email will "cause all insurance on your accounts to be terminated and all records of your account history will be sent to the FBI in Washington, D.C. for analysis and verification." 
     The email also threatens that you will be visited by Homeland Security officials if you fail to log on to verify your identity.

4/06: This fraudulent email proclaims: CONGRATULATIONS! You have been chosen by the [name of financial institution] to take part in our quick and easy 5-question survey.  In return, we will credit $30 to your account - just for your time."  A link is provided where the targeted victim is invited to log on with account number and PIN to take the survey. Of course, there is no survey, and the criminals have now collected your vital information.

3/06:  Emails continue to flood mailboxes claiming to be from CUNA, NCUA, and the CO-OP Network.  These provide a web link and threaten dire consequences, such as the freezing of your account, unless you log on with your account number and PIN.  These agencies will never contact you directly to request your account information.

Ongoing: Fraudulent emails claiming to be from eBay or PayPal regularly circulate asking you to verify your account information. Another email claims to be from an eBay buyer who claims to have purchases something from you and provides a link for you to log on to eBay (assuming you have an account) to read the message.

Cash Transfer Scams - WARNING: Victims May Face Criminal Charges

People are regularly solicited by email or website ad to "work from home" and be an "Account Manager" or "Money Transfer Agent" earning a commission for their efforts.  Money is then transferred illegally from an unsuspecting person's account into the account of the "transfer agent," who is asked to wire the money to another account (that of the thieves), keeping a small percentage as a commission.  The "transfer agent" or "account manager" has no idea where the money is coming from or going to.  It may be used for a variety of purposes, including money laundering or terrorism.  The "transfer agent" may face criminal charges, if caught. Don't believe emails or web ads soliciting you to earn money by transferring cash.

Inheritance and Overpayment Scams

Overpayment: This scam usually arises when someone purchases something from you online and then overpays for their purchase.  You are asked to return the excess payment after deducting shipping charges.  The victim wires the excess money back, only to discover the fraudster's payment cannot be collected, and the victim has been defrauded of the money wired from his or her account.

Inheritance: In the same manner, people are notified of an inheritance from some "long lost relative" they don't remember or didn't know they had, usually overseas somewhere.  To get the large monetary inheritance, the victim must first send money for "legal fees" or some other reason.  The victim's funds are collected, but the inheritance never materializes.

Grant Money for Educators Scam

A caller informs you that you have been selected for grant funds, and provides an 800 number you can call for verification of the grant.  The caller then asks for your account information so grant monies can be electronically direct deposited into your account.  The result is actually the reverse: funds are withdrawn from your account.  Remember, it's easy to set up a fake phone center to receive your return phone call and "verify" their scam.

Social Engineering Scams

These types of scams rely on the victim's panic, and may go something like this:  Someone telephones you claiming to be a police officer.  You're informed a warrant has been issued for your arrest because you failed to report for jury duty.  You protest, having never received the jury duty notice.  The caller says, "Is your Social Security number xxx-xx-xxxx?" giving a random number.  The scammer counts on you to respond, "No! My number is ......"  Most scams depend on creating a sense of panic and urgency.

LOVE IS BLIND: Online Dating Scam
An Internet dating scheme left one Oklahoma City credit union member broke--and his heart broken, as well. The victim met a potential mate online who told him she lived in Nigeria and wanted to fly to America to be with him. The courtship, however, was quickly ended after she sent him more than $5,000 in purported Wal-Mart money orders, which he deposited at his credit union.  He then wired her the funds to finance her flight. Authorities identified the money orders as counterfeit, and now the jilted member owes his credit union $5,100.   –from The Credit Union Journal, May 2007.