NOFFCU Logo
Newsletter
About Noffcu
Products & Services
Auto Warranties
Spot's Page
Teen Smart
FAQ
Financial Calculators
Branch Info
Contact Us
Useful Links
The New Orleans Firemen's Federal Credit UnioneFire Home BankingRatesOrder ChecksAtm LocatorSecurity TipsHomePageAuto LoansMortgage LoansVISA CardsAccountsBusiness LoansMerchant ProcessingRate SpecialsNOFFCU NewsClosingsEmergency InfoMembershipDirect Deposit

 

ALERTS

NEW ALERT:

New Scam known as Smishing

Credit unions across the country are reporting that their member’s are receiving unsolicited text messages. It’s an attempt at Smishing, the latest form of phishing. In Smishing, an e-mail tries to lure a recipient into giving personal information via SMS, the communications protocol used to send text messages to a wireless device. The recent scam is targeting credit union and other financial institution members.

In smishing, the members receive a text message via cell phone warning that their bank account has been closed due to suspicious activity. It then tells them they need to call a certain phone number to reactivate the account.

Unsuspecting callers who dial the number provided in the text message will be taken to an automated voice mail box that prompts them to key in their credit card or debit card number, expiration date, and PIN to verify their information.

If you have a question concerning your account or credit/debit card, contact your financial institution using a telephone number obtained independently, such as the phone number from your statement, a telephone book, or other independent means.

BBB:  WATCH FOR “VERIFIED BY VISA” SCAM

Ridgeland, Miss., March 24, 2008 –  Identity thieves are constantly looking for ways to make scam emails more plausible, so they are now attempting to add creditability to such emails by including a “Verified by Visa” scheme.

The wording may be something like this: “Your credit card (specified) has been automatically enrolled in the Verified by Visa program. To ensure your card’s security, it is important that you protect your card online with a personal password. Please take a moment to activate Verified by Visa now.”

According to Bill Moak, President/CEO of the Better Business Bureau (BBB) of Mississippi, “Verified by Visa is a legitimate service that adds an additional layer of security to online credit card transactions. It is unfortunate that it has begun to appear as a topic of phishing emails.”

These scam emails contain links to bogus sites, under the control of the hackers, that prompt consumers to enter their credit card information. The messages usually end with a threat that failure to respond may temporarily disable the credit card in question.  “Such threats should be a dead giveaway that the emails are scams,” Moak continued.

Consumers should always be on guard when sharing their personal information in any way.”

The BBB urges consumers to continually be vigilant whenever they receive solicitations for identity verification by phone, mail or email.  To block solicitations, consumers should register on:

                        National Do Not Call Registry            

888-382-1222                           www.donotcall.gov

Opt Out Mail Registry

888-567-8688                           www.optoutprescreen.com

The BBB of Mississippi has been serving consumers since 1964 by providing Reliability Reports on businesses and charities, assisting with business complaint resolution, monitoring advertising, and offering alerts on current scams. The BBB may be reached by calling 800-987-8280 or online at www.ms.bbb.org. 

CUNA tracking dramatic increase in
phish attempts

The Louisiana Credit Union League has recently been notified that the Credit Union National Association (CUNA) has experienced a dramatic increase in phishing attacks during the past seven days. A new phishing-scam attempt using CUNA’s name informs email recipients about "irregular check card activity" and advises them to call a toll-freenumber to get any restrictions removed. The call is a ploy to get personal account information, possibly for identity theft purposes. To date, 10 versions of these e-mails are in circulation nationwide. Of those, CUNA has successfully disabled seven phone numbers.

The e-mails describe "Irregular Account Card Activity" or some version of that statement. The message in these e-mails includes a statement that "CUNA would never solicit personal identification from you in an e-mail or over the web; therefore, we have de-activated your card, for your own safety." The e-mail then goes on to direct the recipient to a phone number to call for re-activation of the card. These phone numbers are set up using Voice-Over-IP lines.

Dorothy Steffens, CUNA's vice president of web services, explains, "They are Internet-based phone numbers, which are more difficult to track down and disable. Callers are instructed to enter their account number and then their PIN (twice) and then enter the CVV number as well. After a short pause, they are told that their card has been re-activated. CUNA is especially concerned about these e-mails because they are morphing on a daily basis, and they are playing on the 'we will not solicit you over the web' message that has been used with previous phishing scams.”

“As a trade association for U.S. credit unions, CUNA does not maintain any type of customer/member financial information," emphasized Steffens, adding that "your financial institution would never request personal identification information over the phone." Anyone responding to the e-mail should contact their financial institution immediately.

Another scam making the rounds with CUNA's name on it comes from a gmail.com address and addresses "Credit Union National Association SERVICE." It says CUNA ensures security "by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service." It provides a "case ID" and a link to a fake website mimicking CUNA's. Recipients should not click on the resource link but should delete it. CUNA has taken steps to shut down the fake site.

CUNA has updated its fraud alert information on its consumer website,www.creditunion.coop and the association's home page, www.cuna.org
.

Internet/E-Mail Fraud Alert

Recently, there have been multiple e-mail fraud attempts, known as "Phishing”, that were initiated via e-mail sent to both the general public and to some credit union members that appeared to be from NCUA. This false e-mail asked for the recipient to click on a link to verify their credit union account registration. If the recipient proceeded to do so, the link directed them to a false website and asked for their credit union account number and PIN, along with other personal information.

NCUA does not ask credit unions members for such personal information. Anyone who receives an e-mail that purports to be from NCUA and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.

If you responded to such an e-mail and provided any confidential account information, please notify your credit union immediately of the scheme. You should also change your account’s PIN, and take any additional action recommended by your credit union to protect your account.

If you feel that you have received a fraudulent phishing e-mail purportedly from NCUA please forward the entire e-mail message to Phishing@ncua.gov

Additionally, you can file formal complaints concerning any suspected fraudulent e-mail with the Internet Fraud Complaint Center (IFCC) at www.ic3.gov. The IFCC is a partnership between the Federal Bureau of Investigation, and the National White Collar Crime Center. 

IRS issues warning about latest e-mail scam

Aug. 30, 2007—The IRS alerted taxpayers on Monday about a new e-mail scam that purports to come from the agency and claims the recipient can receive $80 by filling out an online customer satisfaction survey.
 
As with previous scams the IRS has warned about this year, the e-mail is believed to contain a link and attachment that open a Trojan Horse program which takes over a person’s computer. The Trojan Horse enables the hacker to remotely access the victim’s computer. The IRS is urging people to not click on the link or open the attachment. Instead, they should forward suspicious e-mails to phishing@irs.gov and follow the instructions, the agency said.

Mark Hanson, an IRS media relations officer, said the latest scam appears to be aimed at “business taxpayers as well as individual taxpayers.”

In issuing its warning about the latest scam, the IRS reiterated that it does not send out unsolicited e-mails or ask for detailed personal and financial information.

Acting IRS Commissioner Kevin M. Brown said in a press release that people should “always exercise caution when you receive unsolicited e-mails or e-mails from senders you don’t know.”

VISHING

Details:  A recent example of fraudster ingenuity is the use of Voice over Internet Protocol (VoIP) phones to steal member's financial information. This scam is called "vishing" -- short for "voice phishing."

There are at least two "Vishing" methodologies scammers use.

Online version

    The scammer sends a blast e-mail, disguised to appear as though it’s from your credit union, bank, online payment service or other well-known business. The e-mail, which may have  a trusted logo, typically reports a "security" problem with the recipient’s account and urges the member/member  to call a telephone number to "straighten things out." 

    Although many members know better than to click on hyperlinks in strange e-mails for fear of being "phished," they often feel safe calling a telephone number that appears to be local or toll-free. When the member calls, they reach an automated attendant prompting them to enter their account number, password or other private information for "security verification" purposes. 

Cold Call

    Some "vishers" use automated dialing programs to "cold call" members. The members caller ID device may list a legitimate-looking local phone number, to inspire trust from the recipient. A prerecorded message (or sometimes a live "employee") claims the member’s account has been compromised or needs updating or verification. The member is asked to enter their account information, which is digitally transcribed onto the hard drive of the scammer’s computer.
JQ Bank Grant Scam

According to the Better Business Bureau, law enforcement and other agencies, a new type of online scam for grant money has surfaced. This scam appears to be another version of the "overpayment scam".

Victims are solicited online regarding grants that may be available to them. These grants may be for education, debt relief, low income subsidy, or any other type of "financial aid". Responding victims apply for their grant and are sent printed information along with a check, typically for $4,975.00. They are then directed to a website for instructions. The site instructs the victim to purchase a specific variety of stored value credit card (*GREENDOT Reloadable/MoneyPak) and load it with the grant broker’s "commission". They are promised a second, larger check after the stored value card number is e-mailed to the broker. Of course, the card is quickly liquidated and the original check is later returned as counterfeit, or account closed.

The websites reportedly used in the scam are:

* GREENDOT Reloadable/Money Pak stored value credit cards are legitimate cards but are being used as part of this scam.

Scam Details

- A grant seems like a reasonable explanation for receiving a large sum of money and is very attractive to college students.

- The counterfeit checks are often drawn on an active and verifiable account, typically at Wells Fargo.

- Convincing

 printed information is provided to the victim with a plausible explanation for why funds need to be sent back to the broker. (Conflict of interest, regulations, etc…)

- Money is transferred back to the scammer via stored value credit card. Thus, avoiding the suspicion often generated by wire transfers. This method also facilitates further laundering of the stolen funds.

OR:

- Grant money is received for a mere commission of 10% of the check amount.

- The receiver of the grant money deposits the check, and then via Electronic Funds Transfer, sends 10% of the check amount back through a given website.

- The check is returned as counterfeit and the thief now has the depositor’s good money along with their bank account information.

 
NCUA Phishing SCAM

COLUMBIA, S.C. (5/7/07)--Another phish attempt brandjacking the name of the National Credit Union Administration (NCUA) is circulating--this time taking advantage of consumers' security fears related to the data breach of Massachusetts-based TJX Cos.

SC State CU, Columbia, S.C., reported receiving the communication, according to Brandon Pugh, director of communications and public relations at the South Carolina Credit Union League. The message was forwarded to NCUA.

The e-mail message purports to a notification that "Current legislation mandates businesses (merchants, service providers, financial institutions, etc.) to report breaches in security or occurrences that may pose a threat to cardholder security."

It discusses the TJX Cos. data breach, which was made public in January. The breach incidents spanned periods from 2003 through 2006. The phish e-mail gives the wrong dates for the breach and says Visa notified NCUA in January about the breach.

The notice warns that "magnetic strip information was being stored and your PIN may have been captured" and "strongly" urges NCUA's "members" to update their information within the next 48 hours.

And, like other phish, it provides a link that brandjacks NCUA's name and website. It also provides a phone number with an area code from Texas. NCUA is based in Arlington, Va.

NCUA and credit unions do not send unsolicited e-mails asking for consumers personal information. Anyone receiving the e-mail should not click on the link but should delete the message instead.