Fraud Alerts

Identity Theft - IDT911

Scam Of The Week Blends CEO Fraud And W-2 Phishing

[ALERT] The bad guys are starting their tax scams early this season! They are now combining two scams-in-one. First, they ask you to send them the W-2 forms of all employees, with the email looking like it comes from the CEO or a C-level executive. Next, they follow up with an urgent request to transfer a large sum of money to a bank account controlled by these cyber criminals.

Remember that when you receive sudden requests like this, they may be spoofed emails and that you should double check by picking up the phone and verify that this is a legit request coming from that executive. In these cases, it's "OK to say NO to the CEO".

This tax season, stay alert for scams like this, and Think Before You Click!

Gas Pump Fraud

With more than 35 million people expected to hit the roads this weekend across the US, the upcoming Labor Day holiday is unfortunately also prime time for card scammers. During times of increased travel, a popular method is often at gas station pumps where many members will be using their credit or debit cards. Firstmark would like to encourage all members to be diligent about checking their account activity and recognizing signs of potential fraud.

In recent years, fraud has been popular among gas pumps given that many have universal key locks, which makes them vulnerable to tampering, and a lack of compliance regulations. All it takes is a skimming device, which the fraudsters install, and then all user data is captured for fraudsters to start manufacturing counterfeit activity.

So, how can you avoid being scammed? Always trust your instincts. If a gas pump appears to be altered or damaged, move to another pump. Other tips for spotting a potential risk include:

  • Look for security tape over gas pump cabinets to ensure it hasn’t been tampered with by unauthorized parties. If the security tape is removed, cut or the gas pump appears tampered with, do no use it and report it to the manager.
  • We encourage members to use gas pumps located closer to the front of the gas station as fraudsters will typically place skimming devices at gas pumps away from the store to go unnoticed.
  • We encourage members to use a credit card instead of a debit card. While there is member liability protection for both, most find dealing with a credit card compromise less intrusive.
  • We suggest running debit cards as a credit card instead of entering a PIN number. This can prevent PIN compromises when a member uses a debit card at the pump.
  • Members should check accounts regularly to spot any unauthorized charges.
  • We encourage members who suspect debit or credit card numbers may have been compromised to report it immediately to authorities and to their financial institution and/or credit card company.

Watch Out for Credit Card Interest Rate Telephone Scam

Members have received several calls that state that Firstmark Credit Union will reduce the interest rate on their credit card. Firstmark is not making these calls that are coming from (601) 909-9052. This is called phishing — or “vishing” — callers impersonate legitimate companies to steal money and personal and financial information. And These scams are on the rise. Firstmark Credit Union values your identity and as such we will NEVER ask you via phone or e-mail for your account number or password. If you ever receive a call where this information is requested, do not provide or surrender account information.

IRS Urges Public to Stay Alert for Scam Phone Calls

The IRS continues to warn consumers to guard against scam phone calls from thieves intent on stealing their money or their identity. Criminals pose as the IRS to trick victims out of their money or personal information. Here are several tips to help you avoid being a victim of these scams:

  • Scammers make unsolicited calls.  Thieves call taxpayers claiming to be IRS officials. They demand that the victim pay a bogus tax bill. They con the victim into sending cash, usually through a prepaid debit card or wire transfer. They may also leave “urgent” callback requests through phone “robo-calls,” or via phishing email.
  • Callers try to scare their victims.  Many phone scams use threats to intimidate and bully a victim into paying. They may even threaten to arrest, deport or revoke the license of their victim if they don’t get the money.
  • Scams use caller ID spoofing.  Scammers often alter caller ID to make it look like the IRS or another agency is calling. The callers use IRS titles and fake badge numbers to appear legitimate. They may use the victim’s name, address and other personal information to make the call sound official.
  • Cons try new tricks all the time.  Some schemes provide an actual IRS address where they tell the victim to mail a receipt for the payment they make. Others use emails that contain a fake IRS document with a phone number or an email address for a reply. These scams often use official IRS letterhead in emails or regular mail that they send to their victims. They try these ploys to make the ruse look official.
  • Scams cost victims over $23 million.  The Treasury Inspector General for Tax Administration, or TIGTA, has received reports of about 736,000 scam contacts since October 2013. Nearly 4,550 victims have collectively paid over $23 million as a result of the scam.

The IRS will not:

  • Call you to demand immediate payment. The IRS will not call you if you owe taxes without first sending you a bill in the mail.
  • Demand that you pay taxes and not allow you to question or appeal the amount you owe.
  • Require that you pay your taxes a certain way. For instance, require that you pay with a prepaid debit card.
  • Ask for your credit or debit card numbers over the phone.
  • Threaten to bring in police or other agencies to arrest you for not paying.

If you don’t owe taxes, or have no reason to think that you do:

  • Do not give out any information. Hang up immediately.
  • Contact TIGTA to report the call. Use their “IRS Impersonation Scam Reporting” web page. You can also call 800-366-4484.
  • Report it to the Federal Trade Commission. Use the “FTC Complaint Assistant” on FTC.gov. Please add "IRS Telephone Scam" in the notes.

If you know you owe, or think you may owe tax:

  • Call the IRS at 800-829-1040. IRS workers can help you.

Phone scams first tried to sting older people, new immigrants to the U.S. and those who speak English as a second language. Now the crooks try to swindle just about anyone. And they’ve ripped-off people in every state in the nation.
Stay alert to scams that use the IRS as a lure. Tax scams can happen any time of year, not just at tax time. For more, visit “Tax Scams and Consumer Alerts” on IRS.gov.
Each and every taxpayer has a set of fundamental rights they should be aware of when dealing with the IRS. These are your Taxpayer Bill of Rights. Explore your rights and our obligations to protect them on IRS.gov.

Older Consumers Targeted By Fraudsters Not Once, But Twice!

After reviewing complaints submitted by consumers, we have discovered a financial scam targeting older consumers who had previously been victims of fraudulent money-making schemes, such as bogus timeshare investments and in-home business opportunities. So-called asset recovery companies are contacting these past victims, promising to get refunds for a substantial fee, failing to deliver promised services, and leaving consumers financially worse off than before. Learn More

Credit Card Fraud Alert

We have learned that some members may be receiving calls concerning their credit cards. Firstmark Credit Union values your identity and as such will NEVER ask you via phone or e-mail for your account number, share account number or password. If you ever receive a call where this information is requested, do not give this information out. If you feel that your account has been compromised, please contact us at (210) 442-0100.

Consumer Cyber Safety Tips

  • Only access the Internet over a secure network. Maintain the same vigilance you would on your computer with your mobile device.
  • Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.
  • Download only trusted applications from reputable sources or marketplaces.
  • Securely delete all contents before discarding, exchanging, selling or donating the device.

NCUA Warns Consumers about “National Credit Union” Phishing Scam. Website Uses Logo Similar to NCUA’s, Mimics Website Design and Language

ALEXANDRIA, Va. (March 17, 2015) – The National Credit Union Administration has received reports of an online phishing scam that uses a website with a logo and a design similar to the agency’s own site in an attempt to convince unwary customers to provide information or send money.

Consumers have received emails from the National Credit Union website, which apparently originates in Australia and claims to offer services in the United States, Europe and the Commonwealth of Independent States. This website is not affiliated in any way with the National Credit Union Administration, a federal agency, and the emails are not from NCUA.

The emails attempt to persuade individuals to provide personal information, such as Social Security numbers, account numbers and login information, or transfer large amounts of money. Consumers should neither provide information to this website nor attempt to conduct any financial transactions through it. NCUA would not request personal or financial information in this manner. See NCUA’s Privacy Policy for more information.

Consumers receiving such emails should call NCUA’s Fraud Hotline toll-free at 800-827-9650 or 703-518-6550 in the Washington, D.C., area. Consumers should also contact the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center. NCUA also offers information about avoiding frauds and scams on its MyCreditUnion.gov website.

Consumers who suspect they may have become victims of identity theft should immediately contact their financial institutions and, if necessary, close existing accounts and open new ones. NCUA urges consumers also contact the three major credit bureaus—Equifax (800-525-6285), Experian (888-397-3742) and TransUnion (800-680-7289)—to request a fraud alert be placed on their credit reports.

Voice Phishing

Voice phishing is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward. Sometimes referred to as 'vishing' the word is a combination of "voice" and phishing. Voice phishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations known to the telephone company, and associated with a bill-payer. Voice phishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.

Some fraudsters use features facilitated by Voice over IP (VoIP). Features such as caller ID spoofing (to display a number of their choosing on the recipients phone line), and automated systems (IVR).
Voice phishing is difficult for legal authorities to monitor or trace. To protect themselves, consumers are advised to be highly suspicious when receiving messages directing them to call and provide credit card or bank numbers — vishers can in some circumstances intercept calls that consumers make when trying to confirm such messages.
Example

  1. The criminal either configures a war dialer to call phone numbers in a given region or list of phone numbers stolen from an institution.
  2. Typically, when the victim answers the call, an automated recording, often generated with a text to speech synthesizer, is played to alert the consumer that their credit card has had fraudulent activity or that their bank account has had unusual activity. The message instructs the consumer to call the following phone number immediately. The same phone number is often shown in the spoofed caller ID and given the same name as the financial company they are pretending to represent.
  3. When the victim calls the number, it is answered by automated instructions to enter their credit card number or bank account number on the key pad.
  4. Once the consumer enters their credit card number or bank account number, the visher has the information necessary to make fraudulent use of the card or to access the account.
  5. The call is often used to harvest additional details such as security PIN, expiration date, date of birth, etc.

Although the use of automated responders and war dialers is preferred by the vishers, there have been reported cases where human operators play an active role in these scams, in an attempt to persuade their victims.
Another simple trick used by the fraudsters is to ask the called party to hang up and dial their bank - when the caller hangs up, the fraudster does not, keeping the line open and remaining connected when the victim picks up the phone to dial. When in doubt, calling a company's telephone number listed on billing statements or other official sources is recommended as opposed to calling numbers received from messages or callers of dubious authenticity. However, sometimes hanging up and redialing is insufficient: if the caller has not hung up, the victim might still be connected and the fraudster spoofs a dial tone down the phone line when the victim dials and a fraudster's accomplice answers and impersonates whoever the victim is trying to call. Hence consumers are advised to use a different phone when dialing a company's number to confirm.

Heartbleed Update

You have probably heard of the Heartbleed bug sweeping the internet. Firstmark Credit Union is OK and has been in contact with 3rd party vendors who provide support to Firstmark Credit Union to verify that they have also taken the appropriate actions to ensure that their networks are secure. To ensure that your computer and other internet service providers are safe, it is always a good suggestion to change your password on a regular basis, for example every three to six months, especially on social media and market-place websites.