|
Fraud & Scam Alerts
____________________________________________________________________________________________________________________________________
This page is dedicated to informing you about current scams and recent incidents of fraud. You can also find articles about fraud prevention and tips on how to be a safer, smarter consumer. Be sure to check back often to educate yourself about fraudulent activity and measures you can take to protect yourself from becoming a victim.
Reminder: FAA Eastern Region FCU will never solicit personal or private information via e-mail!
E-mailed Grand Jury Summons May Harm Computers
House Stealing: The New Scam on the Block
Fraudulent E-mail Claiming to be from the FDIC
Recent Phishing Attempt Targets CU Members
IRS Name Used in Phony E-mail and Telephone Scams
Passwords Mean Protection
Scam Alert! - Ongoing Scam Targeting CU Members
Lost/Stolen Wallet Inventory & Emergency Checklist
Fraud Prevention Tips
Nigerian Scam Suicide
Who Are You?
E-Mailed Grand Jury Summons May Harm Computers
The FBI’s Internet Crime Complaint Center (IC3) is alerting computer users about a spam e-mail that contains a fraudulent court subpoena. The bogus e-mail attempts to notify recipients that they are commanded to appear and testify before a Grand Jury.
At first glance, the e-mail appears authentic. It contains a court case number, federal code, name and address of a California federal court, court room number, issuing officers' names, and the court’s seal. The spammer directs recipients to click the link provided in the e-mail in order to download and print associated information for their records. If the recipient clicks the link, a malicious code is downloaded onto their computer.
The e-mail also contains language threatening recipients with contempt of court charges if they fail to appear. Recipients are told the subpoena will remain in effect until the court grants a release. As with most spam, the content contains multiple spelling errors.
If you receive this type of notification and are unsure of its authenticity, you should contact the issuing court clerk’s office for validation. Subpoenas are generally served in person, by mail or fax, not by e-mail.
House Stealing: The New Scam on the Block
What do you get when you combine two popular rackets these days—identity theft and mortgage fraud? A totally new kind of crime: house stealing.
Here’s how it generally works:
… The con artists start by picking out a house to steal—say, YOURS.
… Next, they assume your identity—getting a hold of your name and personal information (easy enough to do off the Internet) and using that to create fake IDs, social security cards, etc.
… Then, they go to an office supply store and purchase forms that transfer property.
… After forging your signature and using the fake IDs, they file these deeds with the proper authorities, and lo and behold, your house is now THEIRS.
There are some variations on this theme:
… Con artists look for a vacant house—say, a vacation home or rental property—and do a little research to find out who owns it. Then, they steal the owner’s identity, go through the same process of transferring the deed, put the empty house on the market, and pocket the profits.
… Or, the fraudsters steal a house a family is still living in…find a buyer (someone, say, who is satisfied with a few online photos)…and sell the house without the family even knowing. In fact, the rightful owners continue right on paying the mortgage for a house they no longer own.
It can get even more complicated than this, as we learned in a recent case out of Los Angeles that we investigated with the IRS. Last year, a real estate business owner in southeast Los Angeles pled guilty to leading a scam that defrauded more than 100 homeowners and lenders out of some $12 million. She promised to help struggling homeowners pay their mortgages by refinancing their loans. Instead, she and her partners in crime used stolen identities or “straw buyers” (people who are paid for the illegal use of their personal information) to purchase these homes. They then pocketed the money they borrowed but never made any mortgage payments. In the process, the true owners lost the title to their homes and the banks were out the money they had loaned to fake buyers.
So how can prevent your house from getting stolen? Not easily, we’re sorry to say. The best you can do at this point is to stay vigilant. A few suggestions:
- If you receive a payment book or information from a mortgage company that’s not yours, whether your name is on the envelope or not, don’t just throw it away. Open it, figure out what it says, and follow up with the company that sent it.
- From time to time, it’s also a good idea to check all information pertaining to your house through your county’s deeds office. If you see any paperwork you don’t recognize or any signature that is not yours, look into it.
Fraudulent E-mail Claiming to be from the FDIC
The Federal Deposit Insurance Corporation (FDIC) has received a number of reports of a phishing e-mail that has the appearance of being sent from the FDIC.
This email asks "Who is FDIC?" and "What can FDIC do for you?" It warns against identity theft and states that the "FDIC is presenting a new card insurance which can restore you up to $500.00 if you are a victim of Internet fraud." The e-mail directs recipients to click on a link to be redirected to "an online signup page for this program."
This e-mail is a fraudulent attempt to obtain personal information from consumers. Consumers should NOT access the link provided within the body of the e-mail and, under any circumstances, should NOT provide any personal information through this media.
Recent Phishing Attempt Targets CU Members
Several credit unions have contacted CUNA Mutual to report recent phishing attempts designed to obtain several key pieces of personal information.
The fraudsters' e-mail starts by suggesting that you can help the government fight terrorism and related money laundering by verifying your personal information. Then, they attempt to lead consumers to a counterfeit Web site designed to trick recipients into divulging financial data, such as credit card numbers, account user names, passwords and Social Security numbers.
Detecting a fraudulent e-mail can be difficult. Here are a few things to keep in mind:
- Be suspicious of any e-mail with urgent requests for personal financial information.
- Don't use the links in such an e-mail.
- Phisher e-mails are typically NOT personalized.
Below is a copy of a recent phishing attempt that was reported to CUNA Mutual.
"Notice to All Members!
Valued Member,
To help the government fight the funding of terrorism and money laundering activities, Federal law requires all Credit Unions to obtain, verify, and record information that identifies each person who has an account, including investors in transactions for which we act as advisor.
What this means for you:
If you are a member of any Credit Union please provide your name, social security number, address, and date of birth, financial information and/or other information that will allow us to identify you. We may also ask to see your driver's license or other identifying documents.
Please follow the link below to continue:
(Link has been removed for your protection)
We appreciate your cooperation with this. Thank you."
IRS Name Used in Phony E-mail and Telephone Scams
The Internal Revenue Service (IRS) has issued an alert, warning that the IRS name and logo is being used by fraudsters attempting to access taxpayer financial information through e-mail, telephone, and cell phone text messaging.
Note: The IRS does not ask for personal identifying or financial information via unsolicited e-mail, telephone calls, or text messaging.
The following scams are being used to trick taxpayers into divulging financial account information for fraudulent purposes:
- Taxpayers receive a phone call telling them that they are eligible for a sizable rebate for filing their taxes early, and they are told to provide their financial account information for direct deposit.
- Taxpayers receive an e-mail that claims they are eligible for a tax refund of a specific amount, and they are instructed to click on the link in the e-mail to access the refund claim form, which requires them to disclose financial account information.
- E-mail notifications addressed to individual taxpayers claim that their tax returns will be audited. The individual is instructed to click on the link within the e-mail and complete forms disclosing personal and financial account information.
- Businesses, accountants, and “Treasury” managers are receiving bogus e-mails regarding tax law changes. The recipient is instructed to click on a series of links to obtain information for businesses, estate taxes, excise taxes, exempt organizations, as well as IRAs and other retirement plans. The IRS suspects that clicking on these links downloads “malware” onto the recipient’s computer, which can be used to search for financial records and other private information.
- A person claiming to be an IRS employee telephones taxpayers to say the IRS has mailed them a check that has not been cashed. The caller then asks for verification of financial account information.
If you receive an unsolicited e-mail purporting to be from the IRS, take the following steps:
- Do not open any attachments to the e-mail as they may contain malicious codes that will infect your computer.
- Forward any questionable e-mail claiming to be from the IRS to phishing@irs.gov.
- Use instructions contained in an article at www.irs.gov titled “How to Protect Yourself from Suspicious E-Mails or Phishing Schemes.”
- Contact the IRS at 800-829-1040 to determine whether the IRS is trying to contact you about a tax refund.
- Remember that taxpayers do not have to complete a special form to obtain a refund.
- If you have received this, or a similar hoax, please file a complaint at www.ic3.gov.
- If you have been the victim of a spoof e-mail or Web site, you should contact your local law enforcement, a U.S. Postal Inspector, or the FBI.
Passwords Mean Protection
Passwords are designed to protect your accounts and personal information. The stronger your passwords, the more difficult it will be for hackers and identity thieves to gain access to your accounts. Should you need to change your passwords, as is recommended periodically, here are a few good tips on how to create strong passwords. A good password is one that is easy to remember but difficult to guess.
- Think of a memorable phrase and use the first letter of each word as your password, converting some letters into numbers that resemble letters. For example “I love Felix; he is a good car” would be 1LFHA6c.
- The best passwords are at least 8 characters in length and use a combination of numbers, keyboard characters and upper-and lower-case letters (the longer the password is, the more difficult it is to crack).
- Do not use only letters or numbers.
- Do not use passwords with double letters or numbers.
- Do not use names of spouses, children, loved ones, pets, etc (this is one of the first things hackers will try).
- Do not use phone numbers, social security numbers, and/or birthdays.
- Do not use the same word as your log-in or any variation of it.
- Do not use words that can be found in the dictionary- even foreign ones.
Remember: any e-mail that requests your password or asks you to go to another website to verify your password is almost certainly a fraud.
It has been brought to your Credit Union’s attention that many of our members are being contacted via phone and e-mail by fraudulent companies and/or individuals posing as representatives in pursuit of personal account information. It is imperative that you take the necessary precautions to protect yourself and your good name from these fraudsters. Here are a few simple measures you can easily practice to help ensure that you do not become a victim of this ongoing scam:
- If you receive an e-mail that warns that your account has an activity alert or will be shut down unless you reconfirm your billing information, DO NOT reply or click on the link in the e-mail. Instead, contact the company cited in the e-mail directly using a telephone number or web site address you know to be genuine.
- Avoid e-mailing personal and financial information. Before submitting financial information through a web site, look for “https” in the web address, an indicator that the information is secure during transmission.
- Review credit card and credit union account statements as soon as you receive them to determine whether there are any unauthorized charges. If the statement is late by more than a couple of days, call the credit card company or your Credit Union to confirm your billing address and account balances.
- Report suspicious activity to the FTC. Send the actual spam to uce@ftc.gov.
Lost/Stolen Wallet Inventory & Emergency Checklist
Most Identity Theft starts with a stolen wallet, purse, or mail. Use this Lost/Stolen Wallet Inventory & Emergency Checklist for record keeping- make sure you keep this secure and confidential. Here are some tips to help ensure that you don’t become a victim:
- Do not write your account number on the outside of envelopes containing bill payments.
- Have the post office hold your mail for you when you're out of town or ask someone you trust to pick it up everyday.
- Pay your bills online using a secure site such as our FREE Online Bill Payer service, accessible through My Credit Union Online.
- Do not give out your credit card number on the Internet unless it is encrypted on a secure site.
- Use direct deposit whenever possible instead of a paper paycheck.
- Commit all passwords to memory. Never write them down or carry them with you.
- Destroy the hard drive of your computer if you are selling it, giving it to charity, or otherwise disposing of it. Don’t just erase the hard drive; physically remove it.
- Do not carry your social security card with you. Rather, keep it in a safe place at home.
- Do not keep your car registration in your car. You should always carry it with you.
- Examine your credit reports at least once a year. You are entitled to a free credit report once a year as per federal law. Visit www.annualcreditreport.com to learn more.
- Write to the Direct Marketing Association to have your name removed from direct mailing lists. This will stop the dangerous flow of pre-approved credit card offers to your address.
Direct Mailing Association
Mail Preference Service
PO Box 643
Carmel, NY 10512
Fraud Prevention Tips
Watch out for this new scam-- "vishing"
Credit union members are being targeted by “vishing” to steal information via e-mail and phone. The term is a combination of “voice” and “phishing”. A recent example of fraudster ingenuity is the use of Voice over Internet Protocol (VoIP) phones to steal members’ financial information. This scam is called "vishing" -- short for “voice phishing”. There are at least two “vishing” methodologies scammers use:
Online version
The scammer sends a blast e-mail, disguised to appear as though it’s from your Credit Union, online payment service or other well-known business. The e-mail, which may have a trusted logo, typically reports a “security” problem with the recipient’s account and urges you to call a telephone number to “straighten things out.”
Although many members know better than to click on hyperlinks in strange e-mails for fear of being “phished,” you may feel safe calling a telephone number that appears to be local or toll-free. When you call, you will reach an automated attendant prompting you to enter your account number, password or other private information for “security verification” purposes.
Cold Call
Some "vishers" use automated dialing programs to “cold call” members. The member’s caller ID device may list a legitimate-looking local phone number, to inspire trust from the recipient. A prerecorded message (or sometimes a live "employee") claims that your account has been compromised or needs updating or verification. You are then asked to enter your account information, which is digitally transcribed onto the hard drive of the scammer’s computer.
- Report VoIP attacks to your local federal law enforcement agency. Many agencies now have cyber threat units that are well-versed in investigating these activities.
- Use the Federal Trade Commission (FTC) web site, www.onguardonline.gov.
- Consumers can take interactive quizzes designed to enlighten them about identity theft, phishing, spam and online-shopping scams.
- Elsewhere on the site, consumers can find detailed guidance on how to monitor their credit histories, use effective passwords and recover from identity theft.
- If you are a victim of phishing and/or vishing, take appropriate steps to help protect yourself:
- Cancel the compromised credit/debit cards and have your Credit Union reissue new ones
- Report to credit bureaus (Equifax, Experian and TransUnion)
- Order a credit report
Here are some important numbers you will need in case you are a victim of phishing, vishing, or identity theft:
1.) Equifax: 1-800-525-6285
2.) Experian (formerly TRW): 1-888-397-3742
3.) TransUnion: 1-800-680-7289
4.) Social Security Administration (fraud line): 1-800-269-0271
Nigerian Scam Suicide
As posted on nj.com, by Tom Haydon
Click here to read an article from the Star Ledger about a Nigerian based lottery scam that unfortunately resulted in the distressed victim's suicide.
Who Are You?
Fraud, Identity Theft and You
by our CEO/President, Thomas J. O'Shea
If you have ever been a victim of identity theft you understand the destruction it can cause to your credit and good name and how difficult it is to restore them once they’ve been compromised. Victims of Identity Theft could lose a good job opportunity, be denied all types of loans, or have trouble renting an apartment or getting a cell phone. Stuff we all take for granted is now out of reach.
At your Credit Union, we have added systems and procedures to help us validate your identity so we can be confident that we are speaking and working with you and not someone pretending to be you. However, thieves have a variety of methods to get your information so you must take extra measures to safeguard your personal information.
Identity thieves get your information by:
- Stealing your wallet or purse.
- Stealing your mail from unlocked mailboxes.
- Rummaging through trash in a practice known as “dumpster diving.”
- “Shoulder surfing” at ATM machines and phone booths to capture PIN numbers.
- Completing a “change of address form” to divert your mail to another location.
- Stealing your credit or debit card numbers by capturing the information in a data storage device in a practice known as “skimming.”
- Stealing personal information from you through email or phone. When this is done online, it is known as “phishing.” Over the phone it is called “vishing” (voice phishing).
Identity thieves use your personal information by:
- Changing the billing address on your credit card account, and then running up charges on your account.
- Opening new credit card accounts in your name.
- Opening a bank account in your name and writing bad checks on that account.
- Counterfeiting checks or credit/debit cards, or authorizing electronic transfers in your name.
- Filing for bankruptcy under your name to avoid paying debts they’ve incurred under your name.
- Buying a car by taking out an auto loan in your name.
- Getting identification such as a driver’s license issued with their picture, in your name.
- Getting a job or filing fraudulent tax returns in your name.
The good news is you can protect yourself. Review your credit report annually. You can get one free credit report from each of the three major consumer credit reporting agencies once a year at www.AnnualCreditReport.com. Also, subscribe to a service that will provide information to help stop credit fraud and identity theft such as AlertMe, our low-cost consumer credit monitoring service.
|
