|
July 2010 Email Phishing Scam
NACHA, the Electronic Payments Assoication has received reports that individuals and/or companies have received a fraudulent e-mail that looks like it was sent from NACHA. See sample below.
The subject line of the e-mail states: "Unauthorized ACH Transaction". The e-mail includes a link that redirects the individual to a fake web page and contains a link which is almost certainly an executable virus with malware. Do NOT click on the link. Both e-mail and the related website are fraudulent!!
= = = = = = = = = Sample Email = = = = = = = = =
From: Electronic Payments Association
Sent: Friday, July 23, 2010 2:07PM
To: John Doe
Subject: An unauthorized transaction billed from your bank account
Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction
report by clicking the link below:
Unauthorized ACH Transaction Report (hyperlink to fraudulent site or executable virus with malware)
------------------------------------------------------------------
Copyright 2010 by NACHA - The Electronic Payment Association
July 2010 Debit/Credit Card Phone Scam
Reports have been received that members are receiving phone calls that their Saginaw Medical card has been deactivated. The automated message system tells them to press 1 to reactivate. Once you press one, you will be asked personal, sensitive information such as card number, CVVS or a PIN. Do NOT give anyone your personal information!! Although Saginaw Medical Federal Credit Union or our Credit/Debit Fraud Departments may ask for personal information to confirm identification such as a cardholder's name, date of birth, and/or last four digits of a social security number, we will NEVER ask for CVV2 or a PIN.
TEXT SCAM ALERT
Text scams, known as 'smishing' scams, are the newest scams being used on unsuspecting members. The fraudsters use cell phone text messages to get people to provide their card, PIN, and CVV numbers. Saginaw Medical Federal Credit Union does not send any type of text message alerts or warnings.
- Don't respond to text messages that ask you to verify personal information
- Be suspicious of any text message with an urgent request for personal information.
- Be suspicious of any text message stating that your Debit or Credit Card has been deactivated or suspended
- See more information about text, email and phone scams below
PLEASE DO NOT GIVE ANYONE YOUR PERSONAL INFORMATION!!!
SMiShing Attacks(also know as text phishing)
SMiShing uses cell phone text messages to persuade victims to provide personal information such as card number, CVV2, and PINs. Text messages may contain either a website address or more commonly, a phone number that connects to an automated voice response system, which then asks for personal information.
The following are examples of SMiShing messages recently sent to cardholders:
- Text message originating from either notice@jpecu or message@cccu:
- ABC CU- has- deactivated-your-Debit_card. To-reactivate-contact:210957XXXX
- This is an automated message from ABC Bank. Your ATM card has been suspended. To reactivate call urgent at 1-866-215-XXXX.
- Text message originating from sms.alert@visa.com:
Although Saginaw Medical Federal Credit Union or our Credit/Debit Fraud Departments may ask for personal information to confirm identification such as a cardholder's name, date of birth, and/or last four digits of a social security number, we will NEVER ask for CVV2 or a PIN.
Risk Alert
Fraudsters/pranksters are getting people to call someone at these area codes by telling you that it is information about a family member who has been ill or to tell you someone has been arrested, died, or to let you know you have won a wonderful prize, etc. In each case you are told to call the 809 number right away. If you call from the U.S. you will apparently be charged $2,425 per minute!!! Or, you'll get a long recorded message. The point is they will try to keep you on the phone as long as possible to increase the charges.
Why the Scam works:
The 809 area code is located in the Dominican Republic. The charges can become a real nightmare. That's because you DID actually make the call. If you complain both your local phone company and your long distance carrier will not want to get involved and will most likely tell you that they are simply providing the billing for the foreign company. You'll end up dealing with a foreign company that argues they have done nothing wrong.
Information and tips from AT&T:
-
Return calls to familiar numbers only. As a general rule, return calls from numbers that contain familiar or recognizable area codes.
-
You many call your directory assistance or long distance operator to check the area code location.
-
Carefully read your telephone bill. Make sure that you only receive charges from your provider of choice. Ensure you thoroughly understand charges listed on your phone bill; have chosen to do business with all the listed providers billing for those charges and have authorized fees invoiced. If your local service provider has changed, you will receive a final bill from the former provider and a notice of service disconnection.
If you believe that you have been scammed:
-
Contact the carrier with whom the charge originated, whose name and toll-free telephone number should be printed on the same bill page as the charge in question. Often, the problem can be resolved with a single phone call.
-
If the carrier with whom the charge originated does not agree to resolve the problem, contact AT&T. AT&T will work with you and the carrier to help remove fraudulent charges from the phone bill.
FBI Email Scam Alert (October 2009)
The FBI has reported that fraudulent emails are being sent titled with various subjects such as:
- "New Patterns in Al-Qaeda Financing"
- "New DHS (Department of Homeland Security) Report"
- "Weapons of Mass Destruction Directorate.
All of these emails are a hoax and DO NOT CLICK ON ANY OF THE LINKS ASSOCIATED WITH THEM. These links may contain files that are harmful to the recipient's system and may serve to illegally gather an individual's user ID, password or other personal confidential information.
The FBI does not send unsolicited e-mails or e-mail official reports. Consumers should not respond to any unsolicited e-mails or click on any embedded links, as they may contain viruses or other malicious software.
IRS Email Scam Alert (October 2009)
The Department of Homeland Security's Computer Emergency Readiness Team (CERT) is warning Internet users to be on guard against a convincing e-mail virus scam disguised as a message from auditors at the Internal Revenue Service.
CERT recently reported: "The attacks arrive via an unsolicited email message concerning an inquiry by the IRS and may contain a link or attachment. If users click on this link or open the attachment, they may be infected with a malicious code, including the Zeus Trojan."
The Zeus Trojan steals sensitive data, and it is especially interested in on-line banking credentials. According to Gary Warner, director of research in computer forensics at the University of Alabama, Birmingham, this fake IRS notice has been ongoing for several weeks now.
A word to the wise: Do not click on attachments included in unsolicited e-mails, especially those that encourage you to act quickly or else suffer some scary fate. These are attempts to plant malicious software on your computer.
Also, note that the IRS has stated emphatically that it does not communicate with businesses or citizens via e-mail.
Telephone Scams
Telephone Scam (November 2008)
The telephone call is either an automated call or from a live person claiming to be from a financial institution (bank or credit union), advising the recipient's card has been suspended and needs to be re-activated. The automated call or live person asks you to press #1 to be transferred to the security department and enter your account information.
Debit Card Telephone Scam(October 2008)
Cardholders have received computer-generated calls claiming to be from their financial institution. The calls claim their accounts have been frozen and then direct the cardholder to call a toll-free number to leave their debit card information in order to reactivate any cards. The toll-free number includes a recorded message that asks the customer to key their account number, card expiration date, and PIN.
Recommendations:
Cardholder awareness is key in combating fraud. Should your cardholders receive any questionable calls, please make sure they do not provide their personal information. In addition, you may want to share the following tips and/or characteristics of a fraudulent call with your cardholders:
-Make sure you [i.e. cardholder] initiate the contact, and the institution verifies your identity with questions only you would know.
-To verify whether a call is legitimate, call your bank or visit its website, using phone numbers or internet addresses from your bank statement or account documentation. Do not call back a number provided over the phone or click on a link in an email.
-Most communications will include something that will concern or excite the victim.
-If you have been the victim of a scam, file a complaint at local law enforcement.
-Notify your financial institution.
Email Scams
(JUNE 2009)
Please be advised of the following email. If you have received this email DO NOT click on the link at the end of the email that ends in '.exe' it is a virus that will infect your PC!!
Good evening
Dear Credit Card Holder:
The last transaction report on your credit card shows a number of transactions that have questionable background. That gives us reasons to believe that your credit card details have been stolen, and your card has been abused for making unauthorized payments.
Enclosed is the listing of transactions made with your credit card between 13.06.2009 and 15.06.2009. Please look through the enclosed document carefully and pay special attention to the last three of the listed transactions – they are the ones that we suspect to be fraudulent.
Please find time to review the enclosed account statement and confirm the transactions you have authorized in person. This would help us both to have this issue resolved as quickly as possible.
The Word-formatted copy of your transaction list:
***This is where '.exe' link is placed*** DO NOT CLICK ON THIS LINK!!! |
(MAY 2007)
Please be advised that there is an email circulating that claims to be a complaint from the Better Business Bureau (BBB). Users infect their PCs after clicking on a link in the body of this email which will download a trojan horse known as "Iwebho." The emails are highly targeted and contain convincing personal information such as names of companies and individuals. If downloaded, the trojan can steal not only personal banking information but also all interactive data sent by the victim's Microsoft Internet Explorer; all other browser platforms are not at risk. The BBB email messages can be identified by their subject lines similar to:
BBB Complaint for John Smith - Case id #332B4A7E11
BBB Complaint for John Q. Public, Jr. [Case ID #8a656fd82b4c73bbb4bea22c165a28ab]
BBB complaint for John Doe at Big Company, Inc. [case #778a16cb3d20a01ffe8]
(APRIL 2007)
Two new social engineering techniques are being used that may target people.
The first is a wave of spam-like emails being distributed across the Internet. The email contains a threatening message and attempts to extort money ransoms from the recipient. This email scam which first appeared in December 2006, preys on individual’s fears by threatening to kill them if the sender, who identifies themselves as a hired assassin, is not paid a large amount of money within a specified time frame.
The emails often target professionals at their work e-mail address. Recipients who have replied to the messages are shocked to find that the scammers provide personal details about the victim such as the name of a spouse or pet, street address, or a phone number in an attempt to prove they are telling the truth. For more detailed information please visit http://www.fbi.gov/page2/jan07/threat_scam011507.htm.
Secondly, a new email phishing scam has been discovered which uses a "Call Forwarding" technique. The scam targets finanical institution members and the email explains that their credit union needs to verify their phone number immediately and states that if the number is not confirmed their account will be suspended. Instructions are detailed in the email and if they are followed, the victim actually forwards their telephone calls to the phisher. The victim is asked to confirm their phone number and to verify/update personal information such as social security and credit union account numbers. All of the victim’s calls will continue to be forwarded to the phisher until the victim realizes that they are no longer receiving telephone calls. For more information please visit http://www.secureworks.com/research/threats/callforward.
Immediately report any threatening messages to your local FBI Field Office and/or the Internet Crime Complaint Center (www.ic3.gov).
Card Skimmers
Crooks install hard-to-spot card readers, called skimmers, on top of card readers built into gas station pumps. The skimmers grab the account information from the card without interfering with the legitimate payment transaction. Then this data is used to create or clone fake debit or credit cards that are used at ATMs.
Card thieves are becoming more and more sophisticated with the use of technology. Tiny cameras that record PIN numbers; others use fake keypads that slip over the real keypad and transmit the PIN code as it is entered. Also, wireless transmitters are installed inside the pump at gas stations. Thieves sit in the parking lot with a laptop and receive real-time information as victims uses their credit cards at the pump. These devices when placed on the outside of the card reader often can be very difficult to see.
Employers should make certain that all employees that use company credit cards are aware of these scams. The safest way to avoid card skimming is to take the card inside to the cashier to run the charge.
Sweepstakes Notification
A letter is received informing you as one of the declared winners and the company has been unsuccessful contacting you regarding this winning sum of money. To expedite the processing, a check is enclosed which has been supposedly deducted from the winnings. The purpose of the check is the payment of applicable Government Taxes. The check is more than is needed for taxes so the letter instructs the tax money to be paid by Western Union or Money Gram and the remainder kept. The check is deposited and the taxes are sent to a third party. The check is fraudulent or counterfeit and you are left "holding the bag".
Secret Shopper
Mystery Shopper program- you are selected to participate in a paid position evaluating selected retail stores, restaurants and various establishments, making predetermined purchases and evaluating the Customer Service of stores and service providers. A check is sent to cover the first week of assignments. Explicit instructions are given to evaluate the effectiveness and efficiency of the payment system called Money Gram/Western Union. You pose as a potential customer by sending a Money Gram/Western Union to a training agent after the check is deposited into a bank or credit union account. The check is returned after the hold period as "Account Closed" or" Account Unable to Find." | 
