The NCUA has reported that fraudulent emails have gone out to credit union members and the general public stating to be from the NCUA. The emails ask the member to take part in a survey and in return they will receive $50.00 in their account. The link in the email directs members to a counterfeit version of the NCUA’s website with a survey that solicits credit card account numbers and confidential personal information.
As a reminder, the NCUA will never ask credit union members or the general public for personal account or personally identifiable information as part of a survey. Any email that alleges to be from the NCUA and asks for account information is fraudulent and should be treated as suspicious. The NCUA has taken steps to shut this site down, but they are warning credit union members to remain alert to possible variations of this fraudulent email.
If you have received this email and have clicked on the link you may want to consult with a computer security or anti-virus specialist to assess the need to re-install a clean image of the computer system. Additionally, the NCUA recommends that members should:
- Scan affected computers using updated anti-virus software.
- Enable automatic updates for anti-virus software and computer operating systems.
- Install security patches for common software applications promptly.
- Be aware that phishing emails frequently have links to web pages that host malicious code and software.
- Do not open unsolicited or unexpected email attachments.
- Do not follow web links in unsolicited emails from apparent federal banking agencies, instead, bookmark or type the agency’s web address.
- Call the agency using a known and appropriate telephone number to verify the legitimacy of the message and attached file.
If you have been affected by this scam, or variants of this scam, you should forward the entire email message to firstname.lastname@example.org. Formal complaints concerning any suspected fraudulent email can be filed with the Internet Fraud Complaint Center at www.ic3.gov.
False E-mail Claiming to be from NACHA
NACHA has received reports that individuals and/or companies have received a fraudulent e-mail that has the appearance of being sent from NACHA. See sample below.
The subject line of the e-mail states: "Unauthorized ACH Transaction." The e-mail includes a link that redirects the individual to a fake Web page and contains a link which is almost certainly an executable virus with malware. Do not click on the link. Both the e-mail and the related website are fraudulent. Do not follow Web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software applications security patches are installed and current.
= = = = = Sample E-mail = = = = = =
Sent: Thursday, July 22, 2010 8:27 AM
To: Doe, John
Subject: Unauthorized ACH Transaction
Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:
Unauthorized ACH Transaction Report
Copyright ©2009 by NACHA - The Electronic Payments Association
= = = = = = = = = = = = = = = = = = =
RESPOND IMMEDIATELY! FINAL NOTICE!
That's What They Want You To Think
Better Business Bureau has received multiple reports from local consumers who received a letter informing them they may be eligible for debt relief through their program.
The notification letter expresses urgency in responding immediately as this is a "FINAL NOTICE" of eligibility and no further notice will be sent. Although the name "US Debt Reduction Initiative" is on the letterhead the company is not approved or endorsed by a government agency.
Typically with debt settlement or negotiation services, the consumer pays an upfront fee to the debt settlement firm with the understanding that the company will try to negotiate a settlement with creditors for less than what is owed. The debt settlement business works with the consumer to establish a plan to put money into an account administered by the debt settlement company or a third party, the money is used to pay any negotiated settlements. It may take six months to a year before there is enough money to start settling accounts. Consumers typically are advised not to make any payments to their creditors during that time. Not only does this put the consumer at risk of having creditors file garnishments or other legal actions, but their credit rating will likely suffer as a result of not making required monthly payments.
BBB warns families to look for the following red flags when considering getting help from a debt settlement or negotiation firm:
- High upfront fees. Beware of companies that require payment before any debts are settled. Often, these upfront fees may be better used to reduce a consumer's overall debt.
- Promises that are too good to be true. Some companies might promise that they can reduce debt by more than half even before looking into the consumer's financial situation.
- Claims that it's a fast, easy and painless process. Reducing debt through debt settlement programs takes time-often years.
It has been brought to our attention that there is a phishing scam going around Boise. Credit union members have received an automated call on their cell phone saying there is a problem with their account and asking them to call a certain number to provide information. This is a scam designed to get confidential information from members. If you receive such a call, please do not call the number back. Although we don’t believe any members of Idaho Advantage Credit Union have been affected by this scam, we want you to be aware of it.
If you ever receive a call or a message from us that you think is suspicious we recommend that you call back on a safe number, such as the number in the phone book or on our website. Also, if we call you we will already know your personal information and will not ask you for it.
Posted 02/18/2010 (updated 8/25/10)
Due to fraudulent activity we have seen on accounts we have made the decision to block all debit card transactions from the following countries:
Saint Kitts & Nevis
*debit cards will be accepted if used as a PIN-based transaction
We will add to this list as necessary in order to protect our members from fraudulent activity. If you are planning on traveling to any of these countries and need to use your debit card, please contact Steve at 577-5715 to see what arrangements can be made.
Text Message Scam
Several members have received the following text message:
email@example.com Mountain Gem Credit Union Account restriction notice. Please Call us immediately at 866-347-7588.
This is a scam. If you receive this text message do not call the number and do not provide any account information to a number you don’t recognize. Remember that Idaho Advantage will never contact you via text message. If Idaho Advantage does contact you, we will not ask you to provide your debit card number. If you have any questions please call 208-327-3445.
This one is pretty slick since they provide YOU with all the information, except the one piece they want......
Note, the callers do not ask for your card number; they already have it. This information is worth reading. By understanding how the VISA & MasterCard Telephone Credit Card Scam works, you'll be better prepared to protect yourself.
The scam works like this: Caller: 'This is (name), and I'm calling from the Security and Fraud Department at VISA. My Badge number is 12460. Your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a Marketing company based in (somewhere)?'
When you say 'No', the caller continues with, 'Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?'
You say 'yes'. The caller continues - 'I will be starting a Fraud investigation. If you have any questions, you should call the 1- 800 number listed on the back of your card (1-800-VISA) and ask for Security.'
You will need to refer to this Control Number. The caller then gives you a 6 digit number. 'Do you need me to read it again?'
Here's the IMPORTANT part on how the scam works. The caller then says, 'I need to verify you are in possession of your card'. He'll ask you to 'turn your card over and look for some numbers'. There are 7 numbers; the first 4 are part of your card number, the next 3 are the security Numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the 3 numbers to him. After you tell the caller the 3 numbers, he'll say, 'That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?' After you say No, the caller then thanks you and states, 'Don't hesitate to call back if you do, and hangs up.
You actually say very little, and they never ask for or tell you the Card number. But after we were called on Wednesday, we called back within 20 minutes to ask a question. Are we glad we did! The REAL VISA Security Department told us it was a scam and in the last 15 minutes a new purchase of $497.99 was charged to our card.
Long story - short - we made a real fraud report and closed the VISA account. VISA is reissuing us a new number. What the scammers want is the 3-digit PIN number on the back of the card Don't give it to them. Instead, tell them you'll call VISA or Master card directly for verification of their conversation. The real VISA told us that they will never ask for anything on the card as they already know the information since they issued the card! If you give the scammers your 3 Digit PIN Number, you think you're receiving a credit. However, by the time you get your statement you'll see charges for purchases you didn't make, and by then it's almost too late and/or more difficult to actually file a fraud report.
What makes this more remarkable is that on Thursday, I got a call from a 'Jason Richardson of Master Card' with a word-for-word repeat of the VISA scam. This time I didn't let him finish. I hung up! We filed a police report, as instructed by VISA The police said they are taking several of these reports daily! They also urged us to tell everybody we know that this scam is happening.
Please be aware of a telephone SCAM that is hitting CUs in the mid-west.......
Members have been hit with SCAM telephone calls telling them their charge cards had been de-activated via an electronic message with a male voice directing them to call 515-414-2686. Once on the phone line, of course, they were solicited for their card numbers, pins numbers and other information.