|
|
|
December
7, 2009 Maryland
State Police report that an ATM skimmer was placed on a Bank of America ATM in
Eldersburg, MD, and that possibly $30,000 was taken last week. Police have
removed the skimmer, but say there could be more. State police have reported
other incidents at various other banks in Northern Virginia and In
That
report came a week after a similar ploy in The
Savannah-Chatham, GA. Metro Police report they were tipped off to two skimming
incidents. Detective
Ray Woodberry of the Savannah-Chatham Metro Police says they have seen three
reports of skimming over the past few months, including the most recent one at a
Bank of America ATM on Victory Drive in Savannah. Woodberry
reports an ATM technician discovered the skimming devices at the Bank of America
and reported it to police. There is no word yet how many customers may have been
victimized by thieves.
Direct Deposit Helps Protect You From Identity Theft Direct deposit can actually reduce your risk of
identity theft. When your paycheck goes directly into your account, there is no
chance your check will be stolen or cashed by someone other than yourself. There
is also no chance that someone can copy any personal information from your
check. Watch Out for Phishing Scams If you receive an email from someone you don't know, or if any financial institution contacts you via email and asks for personal information use extreme caution. The emails associated with phishing scams always appear legitimate. They may even have identical logos and language as an email you would expect from your bank, credit card company or credit union. Often, phishing scams attempt to steal your information by alerting you to some "problem" with your account and threaten to cancel your account if something isn't done immediately. Remember, at SSCU, we will never request your passwords or personal information in any email
Credit Union Vishing Attempts in Alabama We
have been notified today that credit union members, from multiple credit unions
in Alabama, have been receiving calls advising them to renew their debit cards
with the Alabama Credit Union League,
as well as receiving calls regarding Falcon alerts, asking the member call a
number and press one for further instructions, etc. These
calls are all fraudulent. As you know, neither SSCU, the
League nor any of our member credit unions would ever use phone calls asking
members to call in and renew their cards. In addition, the Falcon Call
Back centers never leave a recorded message asking members
to call back and leave information or enter their card information
over the phone. Remember
never give out their financial information via phone and that these calls are an
attempt to steal their information. Also, please notify your staff that these
calls are in progress, should any members inquire about their validity within
the credit union. If you have information about your members receiving these
calls, please let me know, as we can work to track down the perpetrators via the
phone numbers they leave. Thank you for your vigilance and I will keep you
informed as developments occur. Storm Worm virus Around holidays, such as Valentine's Day, look out for spam e-mails spreading Storm Worm malicious software (malware). An e-mail directs the recipient to click a link to retrieve an electronic greeting card (e-card). Once the user clicks the link, malware is downloaded to the computer, which becomes infected as part of the Storm Worm botnet. A botnet is a network of compromised machines under the control of a single user. Botnets are typically set up to facilitate criminal activity such as spam e-mail, identity theft, denial of service attacks, and spreading malware to other machines through the Internet. The Storm Worm virus has capitalized on various holidays in the last year by sending millions of spam e-mails with an e-card link included. Valentine's Day has been identified as another target. FBI identifies recurring fraudulent e-mail scams The FBI reports that cybercriminals are sending fraudulent e-mails to unsuspecting recipients about a complaint that has been filed with the Department of Justice, the Internal Revenue Service, the Social Security Administration, or the Better Business Bureau. They claim that the complaint names the recipient or their company. The e-mails appear to be legitimate messages from the above departments. They address the recipients by name, and other personal information may be contained within the e-mail. The scam appears to be an effort to secure Personally Identifiable Information (PII), such as Scxoail Security numbers and birthdates. The nature of these scams is to create a sense of urgency for the recipient to provide a response by clicking on a hyperlink, opening an attachment, or initiating a telephone call. The FBI suspects this e-mail refers to a complaint that is in the form of an attachment, which actually contains virus software designed to steal passwords from the recipient. The virus is wrapped in a screensaver file, which most anti-virus programs are unable to detect as malicious in intent. Once downloaded, the virus is designed to monitor user name and password logins, and record the activity, as well as other password-type information, entered on the compromised machine. Vishing attacks increase Many people have received an e-mail, text message, or telephone call, supposedly from their credit card or debit card company directing them to call a telephone number to re-activate their card due to a “security issue.” The IC3 has received multiple reports of variations of this scheme known as "vishing." Vishing operates like phishing with scammers trying to persuade consumers to divulge their Personally Identifiable Information (PII), claiming that their account was suspended, deactivated, or terminated. Recipients are directed to contact their financial institution via a telephone number provided in the e-mail or by an automated recording. Upon calling the telephone number, the recipient is greeted with "Welcome to the (name of bank or credit union) …" and asked to enter their card number in order to resolve the pending security issue. For authenticity, some fraudulent e-mails claim the bank or credit union would never contact customers to obtain their PII by any means, including e-mail, mail, or instant messenger (but not by telephone). These e-mails further warn recipients not to provide sensitive information when requested in an e-mail and not to click on embedded links, claiming they could contain "malicious software aimed at capturing login credentials." A new version recently reported involves sending text messages to cell phones, claiming the recipients' online banking account has expired. The message instructs the recipients to renew their online banking account by using the link provided. Loss Prevention Recommendations:
Someone Wants Your Numbers. Be on the Lookout! Online fraud and phishing scams are on the rise. What is phishing? When someone send you an email pretending to be a financial institution or other company and request your credit card or other personal information. Once the thief obtains your information, they use it to steal your money. If you receive an email from someone you don't know, or if any financial institution contacts you via email and asks for personal information -use extreme caution. The emails associated with phishing scams always appear legitimate. They may even have identical logos and language as an email you would expect from your bank, credit card company or credit union. The fact is, while most institutions send emails from time to time, most companies these days will never request your information out of the blue. Often phishing scans attempt to steal your information by alerting you to some "problem" with your account and threaten to cancel your account if something isn't done immediately. The best rule is: If you receive any email regarding your financial information that requests passwords or other information, call your financial institution and verify of it is legitimate. And remember, at SSCU, we will never request your passwords or personal information in any email.
CUNA target of new card-activation phish attempt! CUNA, (NOT CUNA Mutual Group), is being used as the subject of a phishing message targeting credit union members to collect personal account information, plastic card numbers, and passwords. CUNA is warning people who receive the e-mail not to click on the link to the fake web page, just delete the message. This new phishing-scam attempt using the Credit Union National Association's name, informs recipients about "irregular check card activity" and advises them to call a toll-free number to get any restrictions removed. Calling the toll-free number is a "bad idea," says Dorothy Steffens, CUNA's vice president of web services, 800-356-9655 ex 5719. The call is a ploy to get personal account information, possibly for identity theft purposes. Recipients received a message as a: "CUNA Alert: Irregular Check Card Activity" "We detected irregular activity on check card on Oct. 25/2007. For your protection, you must reactivate your card. Call us immediately at 1.866.840.2863. We will review the activity on your account with you and upon verification, we will remove any restrictions placed on your account. Please disregard this notice if you have already accessed the website or spoken with one of our representatives." As a trade association for U.S. credit unions, "CUNA does not maintain any type of customer/member financial information," emphasized Steffens, adding that "your financial institution would never request personal identification information over the phone." And while this phone number has since been disabled, a new phishing e-mail with a different phone number started making the rounds on October 30, 2007. "Anyone responding to any e-mails of this type should contact their financial institution directly using the phone number provided by it," she said. Also, another phish making the rounds earlier with CUNA's name on it comes from a gmail.com address and addresses "Credit Union National Association SERVICE." It says CUNA ensures security "by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service." It provides a "case ID" and a link to a fake website mimicking CUNA's. * IF YOU RECEIVE THESE E-MAILS PLEASE CONTACT THE CREDIT UNION AS SOON AS POSSIBLE AND DO NOT RESPOND!*
Account Fraud via TDD (TTY). Recently, USAlliance Federal Credit Union and other credit unions received relay phone calls through IP Relay or other TDD (TTY) services. In each call, someone other than the member tried to obtain account information on the member's account. The caller had the member's social security number or the member's name. The caller didn't receive any account information because they were unable to provide the member number and PIN for the accounts. In one of the calls, the caller said he needed the account balance information urgently because he wanted to send money to his cousin via Western Union. The IP Relay supervisor then alerted the credit union that IP management believed the call fit a pattern of fraudulent and illegal activity. Telecommunications Relay Service, also known as TRS, Relay Service, or IP-Relay, is an operator service that allows people who are Deaf, Hard–of–Hearing, Speech–Disabled, and Deaf/Blind to place calls to standard telephone users via TDD (TTY), personal computer or other assistive telephone device. Most TRS operators use regular keyboards to transcribe spoken voice as text for relaying. However, some TRS services may use stenotype or stenomask equipment, similar to those used by court reporters and closed captioning systems. None of the members accounts that were attacked were hearing impaired or had ever used the any of the above services. A telecommunications device for the deaf (TDD) is an electronic device for text communication via a telephone line, used when one or more of the parties has hearing or speech difficulties. Other name for TDD includes TTY (telephone typewriter or teletypewriter).
BEWARE OF FRAUDULENT AMERICAN EXPRESS TRAVELERS AND GIFT CHEQUES American Express Company issued a fraud advisory about counterfeit Travelers Cheques and Gift Cheques. The upcoming holiday season is a prime time for an increase of counterfeit checks being presented at retail businesses and financial institutions.
TJX Corporation Hacked into! If you have shopped at TJ Maxx, Marshalls, Home Goods and any other TJX Corp. stores there is a chance that your check card or credit card could have been compromised. If you have not been contacted by the credit union please call us to check and make sure your card was not affected. Here is a link on this story from MSNBC's Website.
2/15/2007 - Click here for an Important Customer Alert from TJX Corp's CEO concerning their updates on their recent Security Breach.
Debit Card Information Theft Is On The Rise! Despite the latest in security and electronic
encryption methods, SSCU and many other financial institutions around the globe
have members whose debit card information has or will unfortunately be
compromised. Once this happens, thieves make fraudulent purchases, causing many
headaches for the victims.
|