|
Fraud Alert
Tuesday, November 22, 2011
Holiday Shopping Alert
As the holiday season approaches, it is important to be aware of potential scams. Con artists are working hard to get their hands on your money as well as personal and financial information. To help reduce the risk and protect credit union members, we offer a list of potential scams along with tips for a safer and smarter holiday shopping season.
Alert Details
Many consumers will be using their mobile devices and computers to conduct their holiday shopping and so will the cyber scammers! Mobile device scams are a top threat this year based on the increase in mobile malware and malicious apps. Consumers should be aware of all potential threats in order to safeguard their funds and personal information this holiday season.
Let’s work together to keep the scammers away from credit union members. Potential scams and tips to be aware of are listed below.
Holiday Scams and Tips
Watch for mobile malware – especially deals for black Friday and cyber Monday.
Be cautious when looking for free mobile apps - may be an attempt to steal information.
Watch for malicious screensavers, ring tones and e-cards.
Watch for purchase offers of fake anti-virus software – this scam may trick you into purchasing the software.
Secure your computer – at a minimum, have anti-virus, anti-spyware and a firewall.
Remember to turn off your computer when you’re done shopping.
Watch for social media scams – phony Facebook and Twitter sites or other online promotions and contests.
Beware of scammers advertising popular holiday items.
Check out the seller of items – research before you buy.
Don’t fall for the mystery shopping scam asking you to shop for $XX dollars (ex: $100).
Online coupon scams may ask for your personal or financial information using email.
Holiday phishing scams – Don’t fall for emails, text messages or phone calls asking for personal or financial information.
Monitor credit, debit and account numbers used for your holiday shopping to help identify any unauthorized usage.
Vacation scams – don’t post holiday pictures until you are back home.
Lighted parking lots – survey the parking lot surroundings. Make sure you have your car keys in your hands before entering the parking lot.
If an offer or item sounds too good to be true, it’s probably a scam.
Report scams to the Federal Trade Commission at www.ftc.gov or call toll-free 1.877.ftc.help (1.877.382.4357)
Fraud Alert
Wednesday, July 27, 2011
E-mail Claiming to Be From the FDIC
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent emails that have the appearance of being from the FDIC.
The emails appear to be sent from various "@fdic.gov" email addresses, such as "protection@fdic.gov," "admin@administration.fdic.gov," or "service@admin.fdic.gov."
The messages have various subject lines that read: "Update for your banking account" or "ACH and Wire transfers disabled," and "Banking security update."
The fraudulent emails are addressed to "Dear clients" and state "Your account ACH and Wire transactions have been temporarily suspended for your Security, due to the expiration of your security version. To download and install the newest Updates, follow this link. As soon as it is set up, your transaction abilities will be fully restored."
The message concludes with, "Best regards, Online security department, Federal Deposit Insurance Corporation."
These emails and links are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the emails and should NOT, under any circumstances, provide any personal financial information through this media.
Financial institutions and consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.
Fraud Alert
Thursday, July 21, 2011
In the last few days, credit unions from around the country have reported their members are receiving bogus text message (smishing) alerts. The text message indicates it is from Credit Union Services and advises the member to call the number provided in the text message to have their card reactivated. This is a scam as no credit union would ever ask a member for this type of information using text messaging.
Credit unions have reported multiple phone numbers provided in text messages sent to credit union members to call to have their card reactivated.
Just a reminder that Frontier CCU, NCUA, or FDIC will never send you an email or text message or call to ask for any personally identifying information such as your account or PIN number. Do not reply to these type of scams and smishing, phishing or vishing attempts.
Fraud Alert
Friday, April 29, 2011
FoolProof Helps CUs Grappling With Sony PlayStation Security Breach
FoolProof, the Florida-based financial literacy and advocacy firm which has 15 state leagues as clients, announced Thursday it is “moving quickly” to help credit unions and their members cope with this week’s Sony Corp. card security breach on its PlayStation products.
The firm said it is offering a fact sheet and a special Podcast for CUs nationwide as both adult users and parents dealing with compromised credit cards, email addresses and passwords for 77 million customer accounts for the PlayStation network or Qriocity music service.
"This security breach in particular can cause quick damage to any credit union member who provided credit card and email password information to the Sony Playstation Network,” said Remar Sutton, FoolProof chairperson. “The criminals that stole this information didn't steal it for fun. They plan to steal identities, run up unauthorized charges on credit cards, and generally cause havoc for unwary consumers.
Parents, said FoolProof, use PlayStations to watch Netflix movies, while youngsters “use PlayStations to order games and both uses require credit cards, email addresses and passwords with all of that highly sensitive information stolen.”
FoolProof said the fact sheet and podcast highlight what happened, “why this security breach is particularly dangerous, and what consumers can do to protect themselves, if they have accounts on the Sony PlayStation network.”
The fact sheet and podcast can be downloaded for free by any credit union member by going to http://www.foolproofnational.com.
Fraud Alert
Monday, April 11, 2011
MADISON, Wis. (4/11/11)--Almost everyone seems to know someone whose name and e-mail address was among the millions compromised in a hacking of Epsilon, the world's largest e-mail marketer. Security experts and credit unions warned last week that consumers will see a sharp hike in phishing emails--especially targeted or "spear" phishing.
Just how big is this breach, and how will it affect credit unions and members? Some say it likely will top the largest breach in history--the Heartland Payment Systems breach of 40 million accounts disclosed in 2009.
Epsilon's parent company, Alliance Data Systems Corp., discovered the breach on March 30 and said it affects roughly 2% of its 2,500 clients. However, more and more of its clients are notifying their customers they were among the addresses compromised. Epsilon's clients include some of the world's largest retailers, banks and financial service companies, and telecommunications companies: Capital One Financial, Barclays Bank, U.S. Bancorp, Citigroup, Ameriprise Financial and JPMorgan Chase, Verizon, Charter Communications, TiVo, Best Buy, Walgreens, Kroger and Kraft Foods (AOL's WalletPop.com and New York Post April 4, Yahoo.com April 3 and April 8).
Both security experts News Now interviewed agreed that the breach's impact will grow. "There's not a final answer yet [as to how many names and addresses were compromised but likely it is more widespread than initially believed," said Brian M. Otte, senior vice president of corporate development at Perimeter, a security solutions firm headquartered in Milford, Conn., and a CUNA Strategic Services provider.
Jay Liebe, director of integration at Las Vegas-based Switch SuperNAP, a provider of facility and network security and a CUNA Strategic Services provider, agreed. "I absolutely don't believe that all the problems have been disclosed," Liebe said, noting that Epsilon is "clearly on damage control, much like those in charge of Japan's nuclear reactors" affected by the catastrophe there.
The breach's direct effect on the credit union market is not yet clear. "Initially, it was a couple of companies, but now it is effecting more and more companies," Otte said.
Is the type of information stolen that serious? Opinions vary. Otte points out that names and addresses can be easily found through other sources and emphasized that "no financial information has been compromised. However, the hackers have access to e-mails and will use them to phish--an action that involves sending phony e-mails and collecting numbers from unsuspecting consumers."
Names and e-mail addresses are all a hacker needs to send "targeted" phishing attacks against a specific brand. While many phishing expeditions rarely hit recipients who are actually customers of the company they claim to be, targeted phishing ensures recipients are customers of the company they're attacking. And that could trick recipients into disclosing more information that can be used in identity theft.
Liebe says the breadth of scale of the companies involved indicates Epsilon was "careless" about differentiating different industries' information. "Clearly Epsilon had to have a flaw in its architecture to expose the kind of data it did and to expose such a wide area," he said. "There are many wonderful companies in credit unions' space who do a phenomenally successful job with security so they are able to protect their members' data," he told News Now. The fact that Marriott, Verizon and bank data are lumped together indicates they may not have treated sensitive banking data differently, Liebe said. "The data they had relate to their businesses, and Epsilon mixed it all together. I don't believe credit unions as a whole have their marketing services in that kind of setup."
Fraud Alert
Wednesday, March 30, 2011
EPCOR and NACHA have received numerous reports this morning that individuals and/or companies are receiving fraudulent emails that have the appearance of being sent from NACHA. Specifically, the email subject line is “ACH Payment Rejected” and appears to be sent from "risk @ nacha.org" See a sample below.
Begin Sample Email
From:risk@nacha.org [risk @ nacha.org]
Sent: Wednesday, March 30, 2011 7:32 AM
To: Doe, John
Subject: ACH payment rejected
The ACH transaction (ID: 011057709972), recently initiated from your bank account (by you or any other person), was canceled by the Electronic Payments Association.
Please click here to download report
If you have any questions or comments, contact us at info @ nacha.org. Thank you for using http:// www nacha.org.
End Sample Email
Please note this is a fraudulent email. NACHA does not process nor touch the ACH transactions that flow through the Network. NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.
Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
Fraud Alert
Concerning Credit and Debit Card Use at Snow Creek Ski Resort, Weston, MO
Thurssday, February 24, 2011
If you are a Frontier CCU member and used your credit or debit card at Snow Creek Ski Resort please contact us IMMEDIATELY at 913.651.6575 or 800.633.4559 to have your card canceled and reissued.
Hacking creates chaos for Snow Creek and its customers
By SCOTT CANON
Snow Creek ski resort in Weston and many of its credit card customers appear to be victims of an attack by Internet hackers that first came to light Friday morning.
By midday Friday the Platte County outfit had cut its on-site credit card processing system from the Internet and was warning customers to keep close track of their bills.
Soon word was coming from credit card processing companies, banks and the Secret Service that a large number of dubious credit card transactions appeared to be linked to customers who had done business at Snow Creek.
“The Secret Service thinks we got hacked in that nanosecond before the information is encrypted,” Dave Grenier, Snow Creek’s general manager, said Monday at the end of a hectic Presidents Day weekend. “It’s still not clear what happened.”
The fraud, he said, does not appear to have taken place at Snow Creek.
And the credit card theft does not to apply to people who bought lift tickets or other passes online.
Rather, the problems stem from the electronic credit card transactions performed at the site in northwest Platte County.
Fraudulent charges to credit cards belonging to customers and employees of Snow Creek came from around the world, Grenier said. The numbers reported Friday seemed to grow exponentially in the following days, he said.
“It started out as a trickle and then became a cascade over the weekend,” Grenier said.
The company is still accepting credit card transactions, but at a slower pace over its fax line, Grenier said.
Fraud Alert
Tuesday, February 22, 2011
EPCOR and NACHA have received numerous reports that individuals and/or companies are receiving fraudulent emails that have the appearance of being sent from NACHA. Specifically, the email claims be from the “Electronic Payments Association” and appears to be sent from “payments@nacha.org.”
Sample Email
From:payments@nacha.org [mailto:payments@nacha.org]
Sent: Tuesday, February 22, 2011 7:32 AM
To: Doe, John
Subject: ACH transaction rejected
The ACH transaction, recently sent from your checking account (by you or any other person), was cancelled by the Electronic Payments Association.
End Sample Email
Please note this is a fraudulent email. NACHA does not process nor touch the ACH transactions that flow through the Network. NACHA does not send communications to individuals or organizations about ACH transactions that they originate or receive.
Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
Fraud Alert
Thursday, January 13, 2011
There are fraudulent emails claiming to be from the FDIC in cooperation with Homeland Security, federal, state and local governments that state that the FDIC has withdrawn deposit insurance from the recipient’s account “due to account activity that violates the Patriot Act.” Do not respond to these emails, do not click on any embedded links and do not provide any personally identifying information. Please do report any similar attacks to the FDIC at alert@fdic.gov.
Vishing Attack
January 6, 2011
Vishing attack reported. Calls requesting personally identifying information are not originating from Frontier CCU. If you have responded to a vishing call, notify Frontier CCU immediately at 913.651.6575.
Suspicious Phone Calls Claiming to be from FDIC
September 14, 2010
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of suspicious telephone calls where the caller claims to represent the FDIC and is calling regarding the collection of an outstanding debt.
To date, the callers have alleged that the call recipient is delinquent in payment of a loan that was applied for over the Internet or made through a payday lender. The loan may or may not actually exist. The caller attempts to authenticate the claim by providing sensitive personal information, such as name, Social Security number and date of birth, supposedly taken from the loan application. The recipient is then strongly urged to make a payment over the phone to "avoid a lawsuit and possible arrest." In some instances, the caller is said to sound aggressive and threatening.
These suspicious telephone calls are fraudulent. Recipients should consider them as an attempt to steal money or collect personal identifying information. The FDIC generally does not initiate unsolicited telephone calls to consumers and is not involved with the collection of debts on behalf of operating lenders and financial institutions.
Just a reminder that Frontier CCU, NCUA, or FDIC will never send you an email or text message or call to ask for any personally identifying information such as your account or PIN number. Do not reply to these type of scams and phishing or vishing attempts.
Vishing Attack Underway
August 4, 2010
Members and non-members are receiving vishing calls from an automated system in an attempt to gain access to debit and credit card numbers and PINs.
Vishing attacks are originating from numbers 603.659.9999 and 703.965.7660.
Recording states calls relate to federal credit cards or that the call is from a federal credit union. Call instructs recipient to enter card number and PIN.
Do NOT enter any information when requested, end the call immediately. Frontier CCU will never call to request personally identifying information or card information.
DO contact Frontier CCU at 913.651.6575 or email Fraud@FrontierCCU.coop and report the vishing attempt. We will report to appropriate agencies.
Criminals are Email Phishing in Order to Commit Unauthorized ACH Fraud
July 28, 2010
NACHA (The Electronic Payments Association) has alerted the financial services industry of a recent phishing attack where the email is purportedly sent by NACHA. The subject line of the email states, “Unauthorized ACH Transaction.” The email contains a link to a fake web page infected with malware. Credit unions should advise employees and members to not click on the link. The email and the related website are fraudulent.
Phishing emails frequently contain links to fake websites infected with malware (malicious software), such as Trojan keyloggers. Do not click on links contained in unsolicited emails from unknown parties, or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
NACHA itself does not process ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that credit unions originate or receive.
Sample Email
From: Information
Sent: Thursday, July 22, 2010 9:27 AM
To: Doe, John
Subject: Unauthorized ACH Transaction
Dear credit union/bank account holder,
The ACH transaction, recently initiated from your credit union/bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:
End, Sample Email
|
