Consumer Cyber Safety Tips
NCUA Warns Consumers about “National Credit Union” Phishing Scam. Website Uses Logo Similar to NCUA’s, Mimics Website Design and Language
ALEXANDRIA, Va. (March 17, 2015) – The National Credit Union Administration has received reports of an online phishing scam that uses a website with a logo and a design similar to the agency’s own site in an attempt to convince unwary customers to provide information or send money.
Consumers have received emails from the National Credit Union website, which apparently originates in Australia and claims to offer services in the United States, Europe and the Commonwealth of Independent States. This website is not affiliated in any way with the National Credit Union Administration, a federal agency, and the emails are not from NCUA.
Consumers receiving such emails should call NCUA’s Fraud Hotline toll-free at 800-827-9650 or 703-518-6550 in the Washington, D.C., area. Consumers should also contact the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center. NCUA also offers information about avoiding frauds and scams on its MyCreditUnion.gov website.
Consumers who suspect they may have become victims of identity theft should immediately contact their financial institutions and, if necessary, close existing accounts and open new ones. NCUA urges consumers also contact the three major credit bureaus—Equifax (800-525-6285), Experian (888-397-3742) and TransUnion (800-680-7289)—to request a fraud alert be placed on their credit reports.
Voice phishing is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward. Sometimes referred to as 'vishing' the word is a combination of "voice" and phishing. Voice phishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations known to the telephone company, and associated with a bill-payer. Voice phishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.
Some fraudsters use features facilitated by Voice over IP (VoIP). Features such as caller ID spoofing (to display a number of their choosing on the recipients phone line), and automated systems (IVR).
Voice phishing is difficult for legal authorities to monitor or trace. To protect themselves, consumers are advised to be highly suspicious when receiving messages directing them to call and provide credit card or bank numbers — vishers can in some circumstances intercept calls that consumers make when trying to confirm such messages.
Although the use of automated responders and war dialers is preferred by the vishers, there have been reported cases where human operators play an active role in these scams, in an attempt to persuade their victims.
Another simple trick used by the fraudsters is to ask the called party to hang up and dial their bank - when the caller hangs up, the fraudster does not, keeping the line open and remaining connected when the victim picks up the phone to dial. When in doubt, calling a company's telephone number listed on billing statements or other official sources is recommended as opposed to calling numbers received from messages or callers of dubious authenticity. However, sometimes hanging up and redialing is insufficient: if the caller has not hung up, the victim might still be connected and the fraudster spoofs a dial tone down the phone line when the victim dials and a fraudster's accomplice answers and impersonates whoever the victim is trying to call. Hence consumers are advised to use a different phone when dialing a company's number to confirm.
Browser Security Warning
Microsoft has reported to everyone that there is a potential security flaw in Internet Explorer. The security flaw resides in an Adobe Flash file. Users can avoid it by turning off Adobe Flash.
You have probably heard of the Heartbleed bug sweeping the internet. Firstmark Credit Union is OK and has been in contact with 3rd party vendors who provide support to Firstmark Credit Union to verify that they have also taken the appropriate actions to ensure that their networks are secure. To ensure that your computer and other internet service providers are safe, it is always a good suggestion to change your password on a regular basis, for example every three to six months, especially on social media and market-place websites.
FTC Warns Small Businesses: Don't Open Email Falsely Claiming to be From FTC
The Federal Trade Commission is warning small businesses that an email with a subject line “Pending consumer complaint” is not from the FTC. The email falsely states that a complaint has been filed with the agency against their company. The FTC advises recipients not to click on any of the links or attachments with the email. Clicking on the links may install a virus or other spyware on the computer.
The FTC’s advice: Delete the email. For more information on malicious software (malware), visit www.OnGuardOnline.gov/malware.
Fake German Email - 1-8-14
Ignore loans FirstMark Credit Union
Fraud at the Helpdesk are several reports received a fake email from FirstMark Credit Union . The mail is about loans. This scam is also called loan scam . If you indicate that you want to take out a loan you will be asked to pay a deposit for an insurance to cover the loan. This also occurs in advance fee fraud . Once you have paid this amount, you will hear nothing from the company. The loan will never receive . Always be alert when you are asked to do a foreign bank or money transfers via Western Union or MoneyGram money transfer. These agencies are there namely known for scams to be used. example :
From : First Mark Credit Union
Date : January 6, 2014 00:16:17 CET
To: undisclosed recipients:
Subject: First Mark Credit Union
Reply to: First Mark Credit Union
Hello . my name is Louise Lancaster , I come from FirstMark Credit Union , you Happy New Year , a year of greatness , just rest asure that your financial problems is taken by elected First Mark Credit Union. I would like to inform you that this noble Company , give out loan to families , individuals, business men and women, including cooperative bodies. Our loan types are :
1 : Auto Loan
2 : Mortgage
3 : Home Equity Loan
4: Home Improvement Loan
5 : Personal Unsecured Loan
6: Line of credit loan
7 : Boat and Jet Ski Loan
8: Educator Loan
9 : Motorcycle Loan
10 : unimproved Property Loan
11 : Overdraft Protection Loan
12: Share and CD Secure Loan.
We offer all kinds of loans at an interest rate of 3 % . our range is from € 5,000 to €50,000.000 The information which is necessary for the processing of loans :
all information should be sent firstname.lastname@example.org We hope your answer for the better , Meeting customers is our goal job.
Target Corp. Data Breach - 12/19/13
Target announced on December 19, 2013, that it has been the victim of a large-scale payment card data breach. Debit and credit card payments in their US stores between Nov. 27th and Dec. 15th may have been affected.
Firstmark Credit Union is closely monitoring the situation for potential fraud. Members who used their debit or credit card at Target during this timeframe are encouraged to monitor their transactions through online banking and their monthly statements for possible suspicious activity.
Certain card account data may have been exposed in the incident, it does not necessarily mean that data related to your card number was taken, or that fraud has occurred, or will occur with your card. However, if you encounter any suspicious transactions, please inform us immediately.
In the event that your debit card has been compromised, you may obtain a new one instantly at any Firstmark branch location except for the Potranco and Southwest Military Branches. If you have any questions, please feel free to contact us directly at (800)-683-1211 or email us via secure email at https://www.firstmarkcu.org/contact-us/contact-us.php
For more information about the incident, please go to the Target website.
Local CU Phishing Scam
Some members are receiving text messages that appear to be from another local credit union. These are phishing scams. Please do not respond. Remember that FirstmarkCU will never contact you via text or email that your account/debit card/credit card has been deactivated.
In these types of scams, the perpetrator often calls a grandparent or other relative pretending to be his/her grandchild/niece/nephew, etc. The caller sounds upset and typically states there are only a few moments to talk. Callers may say that they have a cold if you don't quite recognize their voice, or cue-in on feedback from the call to sound even more convincing (scam victims often report being sure they were talking to their actual relative, but it's a clever trick!). Their story generally follows a familiar line: they were traveling in another country with a friend, and after a car accident or legal infraction, they are in jail and need bail money wired to a Western Union account as soon as possible for their quick release.
Sums can vary from several hundred to several thousand dollars, sometimes over the course of two or three calls. In some instances, a second scammer calls back later pretending to be a law enforcement official or attorney, to confirm the story or ask for additional money. They may even claim to be employees of a U.S. embassy or consulate overseas!
Should you be targeted in this type of scam, there are actions you can take to protect yourself. Although the supposed grandchild may plead with you not to tell his/her family, you should immediately reach out to parents or other relatives to verify the information you receive. In the vast majority of cases, the real relative is safely where (s)he should be - at work, school or home.
Another way to determine whether the story is true is to look at the country code or area code of the number the scammers are calling from. A quick check online can confirm if the country or area code is appropriate to the story. For example, we have noticed many of these sophisticated scams originate in Quebec, Canada, which has the area code "914". If your caller has a number beginning with 914, there is a good chance the call is a scam.
When in doubt, and BEFORE YOU SEND ANY MONEY, contact the State Department's Office of Overseas Citizens Services (OCS) at 1-888-407-4747. We will help you verify whether the situation is legitimate or a scam!
You can also report the incident to the Internet Crime Complaint Center (IC3) - a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). IC3 was established to receive internet related criminal complaints and to research, develop, and refer complaints to federal, state, local, or international law enforcement if appropriate.
Holiday Scams Alert
With the holiday season fast approaching, credit unions should be aware of holiday scams that may impact members. Credit unions should alert members of common holiday scams.
Consumers around the country are gearing up for the holiday shopping season. Fraudsters are also preparing for the holiday season to prey upon unsuspecting consumers. Ongoing awareness of these scams is critical to help members protect their personal and financial information this holiday season.
Risk Prevention Tips
Secure home computers and mobile devices: Members should ensure their home computers with a firewall and antivirus software performing any online transactions. Operating system patches should be downloaded when made available by sofware vendors. Members should also protect mobile devices used to conduct online transactions by installing antivirus software.
Phishing scams: Member should not respond to emails, tex messages and phone calls that advertise the sale of gift cards, holiday gifts, promotions, contest and jobs.
Be wary of holiday offers for free items: Members should avoid tempting holiday offers, such as free downloadable applications for smartphones, antivirus software, screen savers, ring-tones and electronic greeting cards, which may be infected with viruses and/or malware.
Be wary of shopping online at Craiglist and public auction sites: Members might purchase merchandise that is never delivered. Members should follow the best practices published by Craiglist and other public auction websites to avoid scams.
Be wary of social media scams: Fraudsters often place bogus advertisements for free prizes on social media sites. Members should be instructed to not respond to the advertisements.
Bogus charity scams: Members should confirm the legitimacy of the charity through the Better Business Bureau.
Monitor accounts: Members should periodically monitor their deposits and credit card accounts to identify any unauthorized transactions. Members should be instructed to immediately report unauthorized transactions to the credit union.
Watch Out for the Windows Telephone Scam
I used to be excited when I came home to six messages on my answering machine. But that was before a fake Windows telephone scam started calling five times a day, trying to convince me to give them my money.
The caller will claim to be either a member of the “Windows Technical Care Department”, “Windows Service Department” or a “Windows-certified support agent”. It changes every time, but the word “Windows” will almost certainly be in there.
The thick-accented man will then explain that your version of Windows is sending them error reports, and they are phoning to help fix it.
For anyone who isn’t already suspicious: Microsoft has never had a policy of phoning customers because their computers are reporting errors. In fact, Windows (as yet) has no facility for reporting non-anonymous computer errors to Microsoft without your explicit say so.
If you continue with the call, the scammer will talk your through various Windows-based commands which are supposed to highlight security errors in your system. In actual fact, these are normal Windows information boxes, and have nothing to do with any security breech. Every Windows system has them, the caller is just pretending they’re malicious errors, trying to destroy your PC.
Finally, the scammer will ask you to install LogMeIn – a software that lets the caller access your computer – or go to their website and buy a fake virus scanner. Doing either of those things is a bad idea.
Of course, LogMeIn isn’t a virus in itself – it’s actually a useful business tool – but allowing these guys access to your computer with it would be silly.
The scam itself has been widely reported to both the police and scam-watchers, but if you fancy some vigilante justice, there is one thing you can do: waste the callers time. The more time you spend on the call, the less time they can go around scamming less technically-savvy users.
In fact, it’s becoming a bit of a hobby for some people, many of whom have submitted recorded versions of their phone calls to this website. The record appears to be 1 hour and 20 minutes – but be warned, some of the employees of Windows Technical Care have not have adequate customer-relations training and swear. A lot.
Virginia is experiencing a marked increase in fraudulent credit-based debit card transactions. To protect member accounts, all credit-based transactions initiated in grocery stores and discount stores in Virginia will be blocked effective immediately. Members remain able to make debit transactions using their PIN (Personal Identification Number). This block is temporary and limited to the state of Virginia.
The security of your account is of upmost importance to Firstmark Credit Union. We apologize for any inconvenience this may cause.
Ohio is experiencing a marked increase in fraudulent credit-based debit card transactions. To protect member accounts, all credit-based transactions initiated in automated fuel dispensers and gasoline service stations in Ohio will be blocked effective immediately. Members remain able to make debit transactions using their PIN (Personal Identification Number). This block is temporary and limited to the state of Ohio.
The security of your account is of upmost importance to Firstmark Credit Union. We apologize for any inconvenience this may cause.
Other credit unions in the San Antonio area are reporting instances of their members receiving text messages asking for their personal account information. If you receive one of these messages, DO NOT reply. Please report it to our Member Contact Center at 210-442-0100. If you have received a message and responded, call the same number for assistance. Remember, Firstmark Credit Union will never contact you to request your account information.
Florida is experiencing a marked increase in fraudulent credit-based debit card transactions. To protect member accounts, all credit-based transactions initiated in grocery stores, pharmacies and discount stores in Florida will be blocked effective immediately. Members remain able to make debit transactions using their PIN (Personal Identification Number). This block is temporary and limited to the state of Florida.
South Africa is experiencing a marked increase in fraudulent credit-based debit card transactions. To protect member accounts, all transactions initiated in South Africa will be blocked effective immediately. Members will not be able to make any transactions. This block is set for a year and limited to South Africa.
Michigan is experiencing a marked increase in fraudulent credit-based debit card transactions. To protect member accounts, all credit-based transactions initiated in grocery stores and discount stores in Michigan will be blocked effective immediately. Members remain able to make debit transactions using their PIN (Personal Identification Number). This block is temporary and limited to the state of Michigan.
Arkansas, Iowa and Utah
Arkansas, Iowa and Utah are experiencing a marked increase in fraudulent credit-based debit card transactions. To protect member accounts, all credit-based transactions initiated in Discount Stores and Gas Stations will be blocked effective immediately. Members remain able to make debit transactions using their PIN (Personal Identification Number). This block is temporary and limited to Arkansas, Iowa and Utah.
Mexico is experiencing a marked increase in fraudulent credit-based debit card transactions. To protect member accounts, all credit-based transactions initiated in restaurants in Mexico will be blocked effective immediately. Members remain able to make debit transactions using their PIN (Personal Identification Number). This block is temporary and limited to Mexico.
Maryland, Illinois, and Missouri
Maryland, Illinois, and Missouri are experiencing a marked increase in fraudulent credit-based debit card transactions. To protect member accounts, all credit-based transactions initiated in grocery stores or pharmacies in Maryland; and all credit-based transactions initiated in grocery stores, discount stores or department stores in Illinois and Missouri; will be blocked effective immediately. Members remain able to make debit transactions using their PIN (Personal Identification Number). This block is temporary and limited to the states of Maryland, Illinois, and Missouri.
NetTeller Watch Notice
We are receiving reports of phishing emails being sent from what appears to be a NetTeller email address customer _service @cm.netteller.com with the subject line of NetTeller Watch Notice. These are "Phishing emails" trying to get members to click on the embedded NetTeller access link. These emails are not coming from NetTeller. You should NOT to clink on the link. It is recommended to permanently delete the email.
Russia is experiencing a marked increase in fraudulent credit-based debit card transactions. To protect member accounts, all transactions initiated in Russia will be blocked effective immediately. Members will not be able to make any transactions. This block is set for a year and limited to Russia.