Category Archives: Fraud

Avoid Depositing Checks from Unknown Parties

Consumers should be on the lookout for fake check scams, the National Credit Union Administration, the federal agency that insures 1st Nor Cal members’ deposits, warned after receiving numerous inquiries from consumers.

There are many versions of a fake check scam. However, the result is the same. Scammers lure consumers into depositing a cashier’s check, money order, or other checking instrument from someone that they don’t know and wiring or sending money to the scammers. A check may take considerably longer to clear the financial institution that issued it before the funds can be collected. It could take days or even weeks to discover that the deposited check was fraudulent.

When the check is discovered to be fraudulent, the damage may already have been done. Once a victim wires or sends funds from such a check, he or she may be responsible for reimbursing the financial institution for that amount. Typically, the financial institution will not cover the financial loss and expects the victim to pay the difference.

The Federal Trade Commission also recently issued a fake check scam alert. These checks can be hard to recognize. They may be printed with the names, addresses, and logos of legitimate financial institutions. Consumers are reminded to be on the alert and to not be pressured into wiring funds or sending money after depositing a check.

If you think you or someone you know was the victim of a fake check scam, consider taking the following steps:

  • Contact your local law enforcement agency to report the scam.
  • Contact your state’s attorney general. Contact information for each state’s attorney general can be found on the National Association of Attorneys General website.
  • File a complaint with the Federal Trade Commission. Your complaint will be filed into a secure online database, which is used by many local, state, federal, and international law enforcement agencies. Complaints from consumers help detect patterns of fraud and abuse.
  • If you or the victim is an older adult or a person with a disability, contact your local adult protective services agency. You can find local support resources using the online Eldercare Locator or by calling 1-800-677-1116.

NCUA operates an online Fraud Prevention Center that offers information about avoiding frauds and scams on its MyCreditUnion.gov website. NCUA also released a two-part video series for consumers on fraud prevention techniques.

Source: National Credit Union Administration

Tricks & Scams In Debit Cards To Watch Out For

Members are being cautioned to watch for numerous debit card-related scams and tricks in 2017. Fraudsters see chip cards flooding the market and are finding new ways to separate members from their money.

    • Robocalls telling victims their debit cards have been locked, which leads nervous cardholders to follow instructions in the calls, one of which is to key in their card numbers, expiration dates and PINs.
    • Card-cracking artists using social media to lure victims. Millennials are the targets of these scams, which ask debit cardholders to share their cards and PINs as a way of earning extra cash. Scammers deposit fake checks into the associated accounts, make immediate withdrawals and then share some of the cash with the victims. When victims’ financial institutions eventually find fraudulent checks, the debit cardholders are left holding the bag.
  • Seniors being tricked into handing over cards in their homes. Con artists posing as banks or credit union fraud investigators have begun to talk their way into the homes of people as old as 96. Once inside, they convince victims to swap cards, saying their original card was compromised.

Holiday Scams

Shoppers looking for a good deal this holiday season should also be aware of increasingly aggressive and creative scams designed by criminals to steal money and personal information. According to the FBI’s Internet Crime Complaint Center (IC3), shoppers should be extra vigilant of the following schemes and red flags.

Online Shopping Scams: If a deal looks too good to be true, it probably is. Steer clear of unfamiliar sites offering unrealistic discounts on brand name merchandise or gift cards as an incentive to purchase a product, as you may end up paying for an item, giving away personal information, and receive nothing in return except a compromised identity. In addition, do not open any unsolicited e-mails or click on the links provided. Before shopping online, secure all bank and credit accounts with strong and different passwords. The same should be done for airline and rewards accounts, because the emergence of these offerings has led to an increase in the demand for and resale value of stolen information.

Social Media Scams: Beware of posts on social media sites that appear to offer vouchers or gift cards, even if it appears the offer was shared by an online friend. Some may pose as holiday promotions or contests that lead to participation in an online survey designed to steal personal information. In addition, do not post photos of event tickets on social media sites as fraudsters can use the barcode to recreate tickets for resale.

Smartphone App Scams: Some apps, often disguised as games and offered for free, may be designed to steal personal information from your device. Before downloading an app from an unknown source, look for third-party reviews and be mindful that alternative app marketplaces can potentially include stolen content and compromised versions of otherwise trustworthy applications.

Work-From-Home Scams: Beware of postings offering work that can be done from the comfort of home, as these opportunities may have unscrupulous motivations behind them. Take caution when money is required up front for instructions or products, or when a job post claims “no experience necessary.” Carefully research individuals or companies before providing them with personal information and never provide personal information when first interacting with a potential employer.

Additional steps to avoid becoming a victim of fraud:

  • Check bank and credit card statements routinely, including immediately after making an online purchase and weeks following the holiday season.
  • Only purchase merchandise from a reputable source.
  • Don’t trust a website to be secure just because it claims to be.
  • Do not respond to spam e-mails or click on links contained within them.
  • Avoid filling out forms contained in e-mails that ask for personal information.
  • Be cautious of all e-mail attachments and scan them for viruses before opening.
  • Verify requests for personal information from businesses or financial institutions by contacting them using the main contact information on their official website.
  • Be cautious when dealing with individuals outside of your own country.

How to report fraud: Consumers who suspect they’ve been victimized should immediately contact their financial institution and then law enforcement. They are also encouraged to file a complaint with the FBI’s Internet Crime Complaint Center regardless of dollar amount lost, and provide all relevant information regarding the complaint.

Internet Crime Complaint Center | Tech Support Scam

The Internet Crime Complaint Center (IC3) is receiving an increase in complaints related to technical support scams, where the subject claims to be an employee (or an affiliate) of a major computer software or security company offering technical support to the victim. Recent complaints indicate some subjects are claiming to be support for cable and Internet companies to offer assistance with digital cable boxes and connections, modems, and routers. The subject claims the company has received notifications of errors, viruses, or security issues from the victim’s internet connection. Subjects are also claiming to work on behalf of government agencies to resolve computer viruses and threats from possible foreign countries or terrorist organizations. From January 1, 2016, through April 30, 2016, the IC3 received 3,668 complaints with adjusted losses of $2,268,982.

Technical Details

Initial contact with the victims occurs by different methods. Any electronic device with Internet capabilities can be affected.

  1. Telephone: This is the traditional contact method. Victims receive a “cold” call from a person who claims the victim’s computer is sending error messages and numerous viruses were detected. Victims report the subjects have strong foreign accents.
  2. Pop-up message: The victim receives an on-screen pop-up message claiming viruses are attacking the device. The message includes a phone number to call to receive assistance.
  3. Locked screen on a device (Blue Screen of Death – BSOD): Victims report receiving a frozen, locked screen with a phone number and instructions to contact a (phony) tech support company. Some victims report being redirected to alternate websites before the BSOD occurs. This has been particularly noticed when the victim was accessing social media and financial websites.
  4. Pop-up messages and locked screens are sometimes accompanied by a recorded, verbal message to contact a phone number for assistance.

Once the phony tech support company/representative makes verbal contact with the victim, the subject tries to convince the victim to provide remote access to their device. If the device is mobile (a tablet, smart phone, etc.), the subject often instructs the victim to connect the device to a computer to be fixed. Once the subject is remotely connected to the device, they claim to have found multiple viruses, malware, and/or scareware that can be removed for a fee. Fees are collected via a personal debit or credit card, electronic check, wire transfer, or prepaid card. A few instances have occurred in which the victim paid by personal check.

Variations and Trends

An increasingly reported variation of the scam occurs when the subject contacts the victim offering a refund for tech support services previously rendered because the company has closed.

The victim is convinced to allow the subject access to their device and to log onto their online bank account to process the refund. The subject then has control of the victim’s device and bank account. With this access, the subject appears to have “mistakenly” refunded too much money to the victim’s account, and requests the victim wire the difference back to the subject company. In reality, the subject transferred funds among the victim’s own accounts (checking, savings, retirement, etc.) to make it appear as though funds were deposited. The victim wires their own money back to the company, not finding out until later that the funds came from one of their own accounts. The refunding and wiring process can occur multiple times, which results in the victim losing thousands of dollars.

Victims are increasingly reporting subjects are becoming hostile, abusive, and utilizing foul language and threats when being challenged by victims.

Additional Threats

The tech support scam is an attempt by subjects to gain access to victim devices. However, more can happen once a subject is given access to the device. For example:

  • The subject takes control of the victim’s device and/or bank account, and will not release control until the victim pays a ransom.
  • The subject can access computer files that may contain financial accounts, passwords, and personal data (health records, social security numbers, etc.).
  • The subject may intentionally install viruses on the device.
  • The subject threatens to destroy the victim’s computer or continues to call in a harassing manner.

Defense and Mitigation

  • Recognize the attempt and cease all communication with the subject.
    Resist the pressure to act quickly. The subjects will urge the victim to fast action in order to protect their device. The subjects create a sense of urgency to produce fear and lure the victim into immediate action.
  • Do not give unknown, unverified persons remote access to devices or accounts. A legitimate software or security company will not directly contact individuals unless the contact is initiated by the customer.
  • Ensure all computer anti-virus, security, and malware protection is up to date. Some victims report their anti-virus software provided warnings prior to the attempt.
  • If a victim receives a pop-up or locked screen, shut down the device immediately. Victims report that shutting down the device and waiting a short time to restart usually removes the pop-up or screen lock.
  • Should a subject gain access to a device or an account, victims should take precautions to protect their identity, immediately contact their financial institutions to place protection on their accounts, and monitor their accounts and personal information for suspicious activity.

Filing a Complaint

Individuals who believe they may be a victim of an online scam (regardless of dollar amount) can file a complaint with the IC3 at www.ic3.gov.

To report tech support scams, please be as descriptive as possible in the complaint including:

  1. Name of the subject and company.
  2. Phone numbers and email addresses used by the subject.
  3. Websites used by the subject company.
  4. Account names and numbers and financial institutions that received any funds (e.g., wire transfers, prepaid card payments).
  5. Description of interaction with the subject.

Complainants are also encouraged to keep all original documentation, emails, faxes, and logs of all communications.

Extortion Email Schemes Tied to Recent High-Profile Data Breaches

The Internet Crime Complaint Center (IC3) continues to receive reports from individuals who have received extortion attempts via e-mail related to recent high-profile data thefts. The recipients are told that personal information, such as their name, phone number, address, credit card information, and other personal details, will be released to the recipient’s social media contacts, family, and friends if a ransom is not paid. The recipient is instructed to pay in Bitcoin, a virtual currency that provides a high degree of anonymity to the transactions. The recipients are typically given a short deadline. The ransom amount ranges from 2 to 5 bitcoins or approximately $250 to $1,200.

The following are some examples of the extortion e-mails:

“Unfortunately your data was leaked in a recent corporate hack and I now have your information. I have also used your user profile to find your social media accounts. Using this I can now message all of your friends and family members.”

“If you would like to prevent me from sharing this information with your friends and family members (and perhaps even your employers too) then you need to send the specified bitcoin payment to the following address.”

“If you think this amount is too high, consider how expensive a divorce lawyer is. If you are already divorced then I suggest you think about how this information may impact any ongoing court proceedings. If you are no longer in a committed relationship then think about how this information may affect your social standing amongst family and friends.”

“We have access to your Facebook page as well. If you would like to prevent me from sharing this dirt with all of your friends, family members, and spouse, then you need to send exactly 5 bitcoins to the following address.”

“We have some bad news and good news for you. First, the bad news, we have prepared a letter to be mailed to the following address that details all of your activities including your profile information, your login activity, and credit card transactions. Now for the good news, You can easily stop this letter from being mailed by sending 2 bitcoins to the following address.”

Fraudsters quickly use the news release of a high-profile data breach to initiate an extortion campaign. The FBI suspects multiple individuals are involved in these extortion campaigns based on variations in the extortion emails.

If you believe you have been a victim of this scam, you should reach out to your local FBI field office, and file a complaint with the IC3 at www.ic3.gov. Please include the keyword “Extortion E-mail Scheme” in your complaint, and provide any relevant information in your complaint, including the extortion e-mail with header information and Bitcoin address if available.

TIPS TO PROTECT YOURSELF:

  • Do not open e-mail or attachments from unknown individuals.
    Monitor your bank account statements regularly, as well and as your credit report at least once a year for any fraudulent activity.
  • Do not communicate with the subject.
  • Do not store sensitive or embarrassing photos of yourself online or on your mobile devices.
    Use strong passwords and do not use the same password for multiple websites.
  • Never provide personal information of any sort via e-mail. Be aware, many e-mails requesting your personal information appear to be legitimate.
  • Ensure security settings for social media accounts are turned on and set at the highest level of protection.
  • When providing personally identifiable information, credit card information, or other sensitive information to a website, ensure the transmission is secure by verifying the URL prefix includes https, or the status bar displays a “lock” icon.

Member Advisory: Identity Theft Tax Refund Fraud

Identity theft tax refund fraud cost the IRS almost $6 billion in 2013. In order to protect taxpayers, the IRS has instituted a series of security controls. For those who file their tax returns electronically, the tax software providers will strengthen validation requirements by toughening password standards. Passwords will require a minimum of eight characters with uppercase, lowercase, alphabetic, numerical, and special characters. Security questions will be added, and a new timed lockout feature will limit unsuccessful log-in attempts. State returns may require additional information, such as a driver license number.

Taxpayers will also experience slower time frames in receiving the refunds so that the IRS and state taxing agencies can ensure only one tax return per taxpayer was filed. The IRS also recommends taxpayers institute the following controls:

  • Use security software with firewall and anti-virus protection.
  • Recognize and avoid phishing e-mails, threatening calls, and texts from thieves posing as legitimate organizations. Do not click links or download attachments from unknown or suspicious e-mails.
  • Protect your personal data. Don’t carry your social security card, and secure your tax records.