Check this page to find out what kind of scams are being used relating to financial transactions.

1/17/08—Are you one of many who have received an e-mail, text message, or telephone call, supposedly from your credit card/debit card company directing you to contact a telephone number to re-activate your card due to a security issue? The IC3 has received multiple reports of different variations of this scheme known as "vishing". These attacks against US financial institutions and consumers continue to rise at an alarming rate.

Vishing operates like phishing by persuading consumers to divulge their Personally Identifiable Information (PII), claiming their account was suspended, deactivated, or terminated. Recipients are directed to contact their bank via a telephone number provided in the e-mail or by an automated recording. Upon calling the telephone number, the recipient is greeted with "Welcome to the bank of ……" and then requested to enter their card number in order to resolve a pending security issue.

For authenticity, some fraudulent e-mails claim the bank would never contact customers to obtain their PII by any means, including e-mail, mail, or instant messenger. These e-mails further warn recipients not to provide sensitive information when requested in an e-mail and not to click on embedded links, claiming they could contain "malicious software aimed at capturing login credentials."

Please beware—spam e-mails may actually contain malicious code (malware) which can harm your computer. Do not open any unsolicited e-mail and do not click on any links provided.

A new version recently reported involves the sending of text messages to cell phones claiming the recipient's on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

Due to rapidly evolving criminal methodologies, it is impossible to include every scenario. Therefore, be cognizant and protect your PII. Beware of e-mails, telephone calls, or text messages requesting your PII.

If you have a question concerning your account or credit/debit card, you should contact your bank using a telephone number obtained independently, such as from your statement, a telephone book, or other independent means.

If you have received this, or a similar hoax, please file a complaint at www.ic3.gov.

---

THE VERDICT: HANG UP
Don't Fall for Jury Duty Scam

The phone rings, you pick it up, and the caller identifies himself as an officer of the court. He says you failed to report for jury duty and that a warrant is out for your arrest. You say you never received a notice. To clear it up, the caller says he'll need some information for "verification purposes"-your birth date, social security number, maybe even a credit card number.

This is when you should hang up the phone. It's a scam.

Jury scams have been around for years, but have seen a resurgence in recent months. Communities in more than a dozen states have issued public warnings about cold calls from people claiming to be court officials seeking personal information. As a rule, court officers never ask for confidential information over the phone; they generally correspond with prospective jurors via mail.

The scam's bold simplicity may be what makes it so effective. Facing the unexpected threat of arrest, victims are caught off guard and may be quick to part with some information to defuse the situation.

"They get you scared first," says a special agent in the Minneapolis field office who has heard the complaints. "They get people saying, 'Oh my gosh! I'm not a criminal. What's going on?'" That's when the scammer dangles a solution-a fine, payable by credit card, that will clear up the problem.

With enough information, scammers can assume your identity and empty your bank accounts.

"It seems like a very simple scam," the agent adds. The trick is putting people on the defensive, then reeling them back in with the promise of a clean slate. "It's kind of ingenious. It's social engineering."

In recent months, communities in Florida, New York, Minnesota, Illinois, Colorado, Oregon, California, Virginia, Oklahoma, Arizona, and New Hampshire reported scams or posted warnings or press releases on their local websites. In August, the federal court system issued a warning on the scam and urged people to call their local District Court office if they receive suspicious calls. In September, the FBI issued a press release about jury scams and suggested victims also contact their local FBI field office.

In March, USA.gov, the federal government’s information website, posted details about jury scams in their Frequently Asked Questions area. The site reported scores of queries on the subject from website visitors and callers seeking information.

The jury scam is a simple variation of the identity-theft ploys that have proliferated in recent years as personal information and good credit have become thieves' preferred prey, particularly on the Internet. Scammers might tap your information to make a purchase on your credit card, but could just as easily sell your information to the highest bidder on the Internet's black market.

Protecting yourself is the key: Never give out personal information when you receive an unsolicited phone call.

October 30, 2007

Details: CUNA target of new card-activation phish attempt

CUNA, (NOT CUNA Mutual Group), is being used as the subject of a phishing message targeting credit union members to collect personal account information, plastic card numbers, and passwords. CUNA is warning people who receive the e-mail not to click on the link to the fake web page, just delete the message. 

This new phishing-scam attempt using the Credit Union National Association's name, informs recipients about "irregular check card activity" and advises them to call a toll-free number to get any restrictions removed. Calling the toll-free number is a "bad idea," says Dorothy Steffens, CUNA's vice president of web services, 800-356-9655 ex  5719. The call is a ploy to get personal account information, possibly for identity theft purposes.

Recipients received a message as a:

As a trade association for U.S. credit unions, "CUNA does not maintain any type of customer/member financial information," emphasized Steffens, adding that "your financial institution would never request personal identification information over the phone."

And while this phone number has since been disabled, a new phishing e-mail with a different phone number started making the rounds on October 30, 2007. 

 "Anyone responding to any e-mails of this type should contact their financial institution directly using the phone number provided by it," she said.

Also, another phish making the rounds earlier with CUNA's name on it comes from a gmail.com address and addresses "Credit Union National Association SERVICE." It says CUNA ensures security "by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service." It provides a "case ID" and a link to a fake website mimicking CUNA's.

September 26, 2007

Details: Fake Caller ID Numbers

In a new phishing scam, con artists are using phony caller ID numbers to solicit personal information and money. Thanks to the phony caller IDs, the "spoofers" are able to convince victims that they're receiving a call from a bank, credit union or credit card company.  The scammers use this technique to acquire sensitive personal and financial information, or even money, from their victims.

The frightening aspect of this scam is that few people would ever think that the names and phone numbers appearing on their caller ID screens were not genuine. However, scammers are already using phony caller IDs and are posing as representatives of banks, credit card companies and government agencies. The problem has reached the point where Senator Bill Nelson from Florida is sponsoring legislation to ban the transmission of false caller ID numbers. "A similar bill has already sailed through the house," reports ABCnews.go.com.

Unfortunately, anyone with Internet access and a few dollars can find a number of legal online services that supply fake caller ID numbers. ScamBusters.org reports that in just a few minutes of research revealed several services that tout the "benefits" of caller ID spoofing, including:

• Maintaining the privacy of your caller ID number.
• Changing your voice to sound like a male or female.
• Fooling friends and business associates (or business competitors).
• One firm claims its technology is suited to individuals in certain law-enforcement-related professions, while another advertises its services as inexpensive, easy to use, and great for "business or fun."

Loss Prevention Recommendations:

• Do not assume that the information displayed on your phone, regarding who the caller is, is accurate. It can easily be spoofed.
• Never give out personal or financial information over the telephone unless you know EXACTLY whom you're dealing with.
• If you have doubts about who's on the phone, call back the number of record at your financial institution or credit card company.
• Use the  FTC (Federal Trade Commission) web site www.onguardonline.gov
  • Consumers can take interactive quizzes designed to enlighten them about identity theft, phishing, spam and online-shopping scams.
  • Elsewhere on the site, consumers can find detailed guidance on how to monitor their credit histories, use effective passwords and recover from identity theft.

07/17/07—We have increasingly received reports of fraudulent schemes misrepresenting the FBI and Director Robert S. Mueller III. The e-mails may include pictures of the FBI Director, the seal, letter head, and banners. The letters may also claim to come from domestic or foreign FBI offices.

Most of the schemes that use the Director’s name or refer to the FBI are lottery endorsements and inheritance notifications. They also include threat and extortion e-mails, website monitoring containing malicious computer program attachments (malware), and online auction scams.

Beware of any unsolicited e-mail referencing the FBI, Director Mueller or any other FBI official endorsing any type of Internet activity.

Fraudsters pretending to be from the FBI—which is an old trick—hope to cash in by intimidating their victims.

If you have experienced this situation please notify the IC3 by filing a complaint at www.ic3.gov .

07/17/07—We continue to receive reports of spam e-mail which claim to be from an official of the U.S. military sent on behalf of American soldiers stationed overseas. The scam e-mails vary in content; however, the general theme of each is to request personal information and/or funds from the individual receiving the e-mail.

Beware of any e-mail received from an unknown sender which either requests personal information or asks for money for any reason. We recommend against opening e-mail from unknown senders because they often carry viruses or other malicious software.

If you receive an e-mail similar to this, please file a complaint at www.ic3.gov.

07/17/07—We continue to receive reports of Internet fraud related to electronic greeting cards containing malware (malicious software). The cards, which are also referred to as e-cards or postcards, are being sent via spam.

Like many other Internet fraud schemes, the perpetrators claim the card is from a family member or friend. Although there have been variations in the spam message and attached malware, generally the spam directs the recipient to click the link provided in the e-mail to view their e-card. Upon clicking the link, the recipient is unknowingly taken to a malicious web page.

Beware of unsolicited e-mails. It is recommended not to open e-mails from unknown senders because they often contain viruses or other malicious software.

If you have received an e-mail similar to this, please file a complaint at www.ic3.gov.

SOMETHING VISHY
Be Aware of a New Online Scam

The Social Security Administration issued a warning about a new e-mail scam being circulated with the subject, “Cost-of-Living for 2007 Update.” The message appears to be from the Social Security Administration and provides information about the benefit increase for 2007. It contains the following, “NOTE: We now need you to update your personal information. If this is not completed by November 11, 2006, we will be forced to suspend your account indefinitely.” The reader is then directed to a Web site designed to look like Social Security’s Internet Web site.  Once directed to the phony Web site, the individual is asked to register for a password and to confirm their identity by providing personal information such as the individual’s Social Security number, bank account information, and credit card information.

Inspector General O’Carroll recommends people always take precautions when giving out personal information. “You should never provide your Social Security number or other personal information over the Internet or by telephone unless you are extremely confident of the source to whom you are providing the information,” O’Carroll said.

To report receipt of this e-mail message or other suspicious activity to Social Security’s Office of Inspector General, please call the OIG Hotline at 1-800-269-0271. A Public Fraud Reporting form is also available online at OIG’s Web site, www.socialsecurity.gov/oig.

Recommedations:

• Do not click on the link in the suspect e-mail.
• Do not open an attachment to an unsolicited e-mail unless you have verified the source.
• Do not be intimidated by an e-mail or caller who suggest dire consequences if you do not immediately provide or verify information.
• If you believe the contact is legitimate, go to the company’s web site by typing in the site address directly or using a page you have previously book marked, instead of a link provided in the e-mail.
• Report the incident to Internet Fraud Complaint Center at http://www.ifccfbi.gov/cf1.asp 
• A good resource for this topic is Anti-Phishing Working Group at http://www.antiphishing.org/index.html 
• If you have been victimized by a spoofed e-mail or Web site, you should contact your local law enforcement, US Postal Inspector, or FBI.

In a new twist, identity thieves are sending spam that warns victims that their credit union/bank account or PayPal accounts were supposedly compromised. However, unlike typical phishing emails, there is no website address in these phishing messages. Instead, the victim is urged to call a phone number to verify account details.

The automated voice message says: "Welcome to account verification. Please type your 16-digit card number."  The goal is to get the victim to enter their credit card number. In these reported scams, no mention of the credit union, bank or PayPal is made.

Security experts tracking this scam and other instances of "vishing" , short for "voice phishing",  say the frauds are particularly despicable because they imitate the legitimate ways people interact with financial institutions.  In fact, some vishing attacks don't begin with an e-mail. Some come as calls out of the blue, in which the caller already knows the recipient's credit card number. This increases the perception of legitimacy, the caller ask for the valuable three-digit security code on the back of the card.

Vishing appears to be prospering with the help of Voice over Internet Protocol, or VoIP, the technology that enables cheap and anonymous Internet calling, as well as the ease with which caller ID boxes can be tricked into displaying erroneous information.

LOSS PREVENTION RECOMMENDATIONS :

• Never click on the link provided in an e-mail you believe is fraudulent.
• Do not open an attachment to an unsolicited e-mail unless you have verified the source.
• Do not be intimidated by an e-mail or caller who suggest dire consequences if you do not immediately provide or verify information.
• If you believe the contact is legitimate, go to the company’s website by typing in the site address directly or using a page you have previously book marked, instead of a link provided in the e-mail.
• Use the  FTC (Federal Trade Commission) website, www.onguardonline.gov.  Consumers can take interactive quizzes designed to enlighten them about identity theft, phishing, spam and online-shopping scams.  Elsewhere on the site, consumers can find detailed guidance on how to monitor their credit histories, use effective passwords and recover from identity theft.

The spam e-mail starts with: "The Online department kindly asks you to take part in our quick and easy 5 question survey. In return we will credit $50.00 to your account - Just for your time!"  The e-mail goes on to describe how it only takes two minutes, your answers will help them.  It is well done and looks authentic. Of course, the spam doesn't really take you to the credit union or bank website. Instead, it takes you to a scammer's site in China, Russia, Romania or ??. The web page itself and the initial questions they ask look quite authentic.

The catch, of course, is that they say that in order to credit your $50 reward, they need your credit union User ID and password, as well as your credit card number, expiration date, three digit security number, Social Security number, ATM PIN Number, zip code, mother's maiden name and email address.

The ploy of using a $50 reward for a customer service survey can be an effective phishing lure.

Phishers seek every opportunity to find individuals who are willing to provide information for the criminals to tap into a financial gain from you. Once you provide the personal and/or financial information, the fraudsters are off and running to create financial losses to you.

The phishers continue to change their phony e-mails by including false fraud protection techniques as a new twist to convince you the e-mail is from your credit union with the added educational information.  Because of  everyone's fraud awareness, the phishers lure you to “take action” and provide the information by using an “online banking” log-in which will re-direct this site to the fraudster.

The "take action" the phishers are asking you to perform is:

• deactivate their card(s) temporarily to guard against fraud
• activate their card(s) by having you log on to an “online banking system” where the phishers are able to obtain member's card information.

The phishers convince you there is no need to contact your credit union to validate the email or telephone request involving the deactivation and activation process. We feel it’s critical to continue to remind you of the new twists in the phishing fraud arena and how you should go about performing the confirmation of this with your credit union first.

LOSS CONTROL RECOMMENATIONS

• Never click on any links provided in an e-mail you believe is fraudulent.
• Do not open an attachment to an unsolicited e-mail unless you have verified the source.
• Do not be intimidated by an e-mail or caller who suggest dire consequences if you do not immediately provide or verify information.
• If you believe the contact is legitimate, go to the company’s website by typing in the site address directly or using a page you have previously book marked, instead of a link provided in the e-mail.
• Use the  FTC (Federal Trade Commission) website, www.onguardonline.gov.  Consumers can take interactive quizzes designed to enlighten them about identity theft, phishing, spam and online-shopping scams.  Elsewhere on the site, consumers can find detailed guidance on how to monitor their credit histories, use effective passwords and recover from identity theft.