Fraudulent Email Alert!
PLAY ANTI-PHISHING PHIL
Click here to play Anti-Phishing Phil, an interactive game that teaches how to avoid online scams.
SCAMS
Text Message Scam
Freedom United FCU in Rochester, PA has received numerous calls from people reporting that they received a text message from the Credit Union regarding their credit card. The text message scam advises that the credit card has been restricted and asks recipients to call 1-800-451-2678. The number (which is fraudulent) goes to an automated system which asks callers to enter card number, expiration date and PIN number. The recipients who have reported receiving the fraudulent message have not been actual members of Freedom United.
'Zeusbot Bedevils CUs
Credit Union Journal Daily Briefing
Monday, January 11, 2010
AUSTIN, Texas – Security experts are monitoring credit unions for a so-called "zeusbot" attack, which is bypassing many anti-virus and malware scanning software used by credit union members, putting their personal financial jeopardy when they log on to their home banking service.
"All credit unions should provide a warning and information to their members," according to a new alert issued by the CU Information Security Professionals Association.
The zeusbot waits for the user to log in to their online banking, logs the credentials, and then offers a screen that asks the user to further verify their login by entering their credit card data. All information gathered is sent to the attackers.
CUISPA noted that "while some users may be skeptical and not enter their data, the damage is already done. The online banking credentials have been compromised."
In cases where members report activity, CUISPA said credit unions’ only recourse is to have members shut down, wipe and reload their PC, while the CU changes account passwords. The association, which monitors such security threats, said it has identified "dozens of cases throughout the country."
New Phishing Email
The email looks like it's from the NACHA (National Automated Clearing House Association) and states that an ACH transaction has been rejected from your bank account. DO NOT RESPOND TO THIS EMAIL!
If you receive any emails, phone calls or text messages claiming to be from Penn State Federal, CUNA, NCUA or NAFCU please do not respond. No reputable business will contact you and ask for your personal or account information. If you have responded to such inquiries, please call the credit union immediately at (800) 828-4636.
PIN Reversal Scam
Please be aware of a new scam that may lead to personal safety issues. PIN reversal is a theory based on the possibility that a debit or credit card holder could reverse his or her PIN at an ATM to draw attention to a dangerous situation like a kidnapping or a robbery. Don't be misled; if you are in distress, PIN reversal will not help you in an emergency situation.
FREE Identity Theft Protection
Click here for details on your FREE identity theft protection and how to upgrade your coverage.
ID Theft Glossary
- Identity Theft
- Identity theft is when someone uses your name, social security number or other personal information to establish accounts in your name.
- Mail Fraud
- Mail fraud is still the number one form of fraud in the US. Identity thieves steal your mail, which may include pre-approved credit card applications, to obtain your personal information.
- Malware
- Short for “malicious software,” it refers to any harmful software that affects your computer. Malware includes computer viruses, worms, Trojan horses or spyware.
- Pharming
- When hackers redirect internet traffic from one website to a different, identical-looking site in order to trick you into entering your username and password into the database on their fake site.
- Phishing
- The act of tricking someone into giving them confidential information or tricking them into doing something that they normally wouldn’t do or shouldn’t do. For example: sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
- Pretexting
- Pretexting is the collection of an individual’s personal information under false pretenses typically over the phone or via e-mail.
- Shoulder Surfing
- Shoulder surfing is the name given to the procedure that identity thieves use to find out your PIN. They either hang around close to the ATM, or wherever you may be entering your PIN, or they can even watch from a distance, using binoculars.
- Skimming
- Skimming is another method identity thieves use to get your personal information. It’s usually done by an employee of a restaurant, a gas station or any other place where you swipe your card. Often, they use swiping tools, which they use to quickly swipe your card. A good way to prevent skimming is to never let your card out of your sight.
- Spam
- Unsolicited commercial emails. Many of these come from legitimate companies but many also come from questionable businesses.
- Spoofing
- A fraudulent website or email that appears to be from a well-known company and attempts to get you to provide, update or confirm personal information. Similar to pharming.
- Spyware
- General term for any technology that gathers information about a person or organization without their knowledge. Advertisers or other interested parties often use spyware programming to gather and relay information.
- Trojans
- Trojans piggyback themselves inside something that you actually want, like the old Trojan Horse story. For example, you download a video game, and you actually do get the video game you wanted, but you get the trojan packed along with it. You can avoid trojans by only downloading files from trusted sources.
- Viruses
- A virus is malware that can copy itself, like a biological virus. It usually lies dormant inside of an executable file until someone runs that file. When run, the virus may spread to other executable files on your system. You can avoid viruses by scanning files, especially downloaded files and email attachments, with anti-virus software.
- Vishing
- Using Voice over Internet Protocol (VoIP) phone numbers to steal user information.
- Worms
- A worm also self-replicates, but spreads from computer to computer using the internet. Unlike a virus, the user need not download or run a file to become infected. You need to only be connected to the internet in order to become infected by a worm. You can avoid worms by using a firewall.
