Be On The Lookout For...

From CUNA Mutual Group - 02/15/08

Details:
The Internal Revenue Service has issued an alert, warning that the IRS name and logo is being used by fraudsters attempting to access the taxpayer financial information through e-mail, telephone, and cell phone text messaging.
Note: The IRS does not ask for personal identifying or financial information via unsolicited e-mail, telephone calls, or text messaging. 
The following scams are being used to trick taxpayers into divulging financial account  information for fraudulent purposes:

• Taxpayers receive a phone calls telling them that they are eligible for a sizable rebate for filing their taxes early, and they are told to provide their financial account information for direct deposit.
• Taxpayers receive e-mails that claim they are eligible for a tax refund of a specific amount, and they are instructed to click on the link in the e-mail to access the refund claim form, which requires them to disclose financial account information.
• E-mail notifications addressed to individual taxpayers claim that their tax returns will be audited. The individual is instructed to click on the link within the e-mail and complete forms disclosing personal and financial account information.
• Businesses, accountants, and “Treasury” managers are receiving bogus e-mails regarding tax law changes. To obtain information on publications for businesses, estates taxes, excise taxes, exempt organizations, as well as IRAs and other retirement plans, the recipient is instructed to click on a series of links. The IRS suspects that clicking on these links downloads “malware” onto the recipient’s computer, which can be used to search for financial records and other private information.
• A person claiming to be an IRS employee telephones taxpayers to say the IRS has mailed them a check that has not been cashed. The caller then asks for verification of financial account information. 

If you receive an unsolicited e-mail purporting to be from the IRS, take the following steps:

• Do not open any attachments to the e-mail; they could contain malicious code that will infect your computer.
• Forward a questionable e-mail claiming to be from the IRS to phishing@irs.gov.
• Use instructions contained in an article online at www.irs.gov titled “How to Protect Yourself from Suspicious E-Mails or Phishing Schemes.” http://www.irs.gov/individuals/article/0,,id=155344,00.html
• Contact the IRS at 800-829-1040 to determine whether the IRS is trying to contact you about a tax refund.
• Remember that taxpayers do not have to complete a special form to obtain a refund.
• If you have received this, or a similar hoax, please file a complaint at www.ic3.gov.

12/26/07

CUNA - Fax Scam

A member recently received a fax claiming to be from CUNA. The fax informed the recipient that there was "Irregular activity on your check card" and that the member needed to contact CUNA at an 800 number to verify this activity. Ignore this fax it is a scam.

CUNA is not a financial institution and does not monitor account activity. Anyone who calls this number would be asked to provide account information which a fraudster would use to gain access to the persons account.

If you feel you have been a victim of this or any other type of scam please be sure to contact the credit union immediately.

11/15/07

Co-Op ATM/Debit Card Scam

It has been brought to our attention that a fraudulent email supposedly from CSCU@Co-Op.net that claims your ATM/Debit card has been deactivated. Ignore this email it is a scam. The exact wording from this email is below:

From: cscu@co-op.net
Subject: Member Alert! [Scanned]
Date: Wed, 14 Nov 2007 09:59:45 -0800
 
ALERT
Last Updated: November 14, 2007
 
Dear Co-op Services Credit Union Customer,
 
We will never contact you to obtain your personal financial data via
any means, including email, USPS mail, instant message, etc. Why not?
If you are a member, we already have it. If you receive any type of
solicitation for that information, do not provide it--it is a fraudulent
scam.
 
If you receive any emails requesting this information, do not provide
it, and do not click on embedded links in the email. Clicking on them
may install spyware, Trojans, keystroke loggers, or other malicious
software aimed at capturing your login credentials. See What is "phishing"
section below for more information.
 
Due to unusual levels of fraud we have had to suspend any future
authorizations being conducted with your DEBIT/CheckCard/ATM.
 
Your DEBIT/CheckCard/ATM is now inactive.
 
How to re-activate your card.
 
Call our Card Department (24 Hour Line)

Toll-Free (641) 665-8887
Our automated system allows you to quickly re-activate your card.


Co-op Services Credit Union
29550 Five Mile Rd, Livonia, MI 48154
(641) 665-8887

11/02/2007

Details: CUNA target of new card-activation phish attempt
CUNA, (NOT CUNA Mutual Group), is being used as the subject of a phishing message targeting your credit union members to collect personal account information, plastic card numbers, and passwords. CUNA is warning people who receive the e-mail not to click on the link to the fake web page, just delete the message. 
This new phishing-scam attempt using the Credit Union National Association's name, informs recipients about "irregular check card activity" and advises them to call a toll-free number to get any restrictions removed. Calling the toll-free number is a "bad idea," says Dorothy Steffens, CUNA's vice president of web services, 800-356-9655 ex  5719. The call is a ploy to get personal account information, possibly for identity theft purposes.
Recipients received a message as a:
"CUNA Alert: Irregular Check Card Activity" 
"We detected irregular activity on check card on Oct. 25/2007. For your protection, you must reactivate your card. Call us immediately at 1.866.840.2863. We will review the activity on your account with you and upon verification, we will remove any restrictions placed on your account.
Please disregard this notice if you have already accessed the website or spoken with one of our representatives."
As a trade association for U.S. credit unions, "CUNA does not maintain any type of customer/member financial information," emphasized Steffens, adding that "your financial institution would never request personal identification information over the phone."
And while this phone number has since been disabled, a new phishing e-mail with a different phone number started making the rounds on October 30, 2007. 
 "Anyone responding to any e-mails of this type should contact their financial institution directly using the phone number provided by it," she said.
Also, another phish making the rounds earlier with CUNA's name on it comes from a gmail.com address and addresses "Credit Union National Association SERVICE." It says CUNA ensures security "by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service." It provides a "case ID" and a link to a fake website mimicking CUNA's.

Source: http://www.fbi.gov/cyberinvest/escams.htm.

GREETING CARD SCAM

07/17/07—We continue to receive reports of Internet fraud related to electronic greeting cards containing malware (malicious software). The cards, which are also referred to as e-cards or postcards, are being sent via spam.

Like many other Internet fraud schemes, the perpetrators claim the card is from a family member or friend. Although there have been variations in the spam message and attached malware, generally the spam directs the recipient to click the link provided in the e-mail to view their e-card. Upon clicking the link, the recipient is unknowingly taken to a malicious web page.

Beware of unsolicited e-mails. It is recommended not to open e-mails from unknown senders because they often contain viruses or other malicious software.

If you have received an e-mail similar to this, please file a complaint at www.ic3.gov.

NCUA - Phishing Alert - January 31, 2007

Recently, there have been multiple e-mail fraud attempts, known as "Phishing”, that were initiated via e-mail sent to both the general public and to some credit union members that appeared to be from NCUA. This false e-mail asked for the recipient to click on a link to verify their credit union account registration. If the recipient proceeded to do so, the link directed them to a false website and asked for their credit union account number and PIN, along with other personal information.

NCUA does not ask credit unions members for such personal information. Anyone who receives an e-mail that purports to be from NCUA and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.

If you responded to such an e-mail and provided any confidential account information, please notify your credit union immediately of the scheme. You should also change your account’s PIN, and take any additional action recommended by your credit union to protect your account.

If you feel that you have received a fraudulent phishing e-mail purportedly from NCUA please forward the entire e-mail message to Phishing@ncua.gov

FDIC Phishing Alert – October 19, 2006

The FDIC has received reports by businesses and consumers of a phishing e-mail that has the appearance of being sent from the FDIC. This phishing e-mail, similar to that sent on September 29th, appears to be from the FDIC and ask recipients to click on a hyperlink titled "Take the Corrective Action – Implement the LinkBank System." The fraudulent e-mails, which are purportedly from "Russell A. Rau, Assistant Inspector General for Audits," typically include a "Subject" line that states: "Compliance Examination for [recipient's name inserted]." 

However, this is a new variation that includes a new and more dangerous hyperlink. When accessed, the hyperlink downloads an executable file to your computer. FDIC is currently analyzing the executable file; however, it is likely installing a keylogger or similar piece of malicious software. DO NOT click on the link provided in the phishing e-mail.

Once on the page, users are asked to "certify" that they "will provide correct information in order to implement the LinkBank System." The "LinkBank System" is described as:

"…a protocol developed by the FDIC and other federal agencies as a way to ensure that the standards for Online Banking security are met. This protocol is based on a client utility, safeConnect, that was developed to be installed on business computers which are used to open Online Banking sessions. This utility only interacts when an online session with a Financial Institution insured by the FDIC is opened, thus it will never interfere with any other applications."

After clicking on the certification radio button, another page is opened that asks for bank name, username, and password.

This e-mail is a fraudulent attempt to obtain personal information from consumers. Consumers should NOT to access the link provided within the body of the e-mail and, under any circumstances, not to provide any personal information through this media.

The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers and financial institutions are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

Consumer Alert from Card Services for Credit Unions (CSCU)

Members may have received a bogus e-mail mimicking an e-mail from Card Services for Credit Unions (CSCU). This e-mail asks members to take a brief survey. When you click on the line in the e-mail, it takes the member to a site that looks like the CSCU Web site and asks for personal account information as well as plastic card information.

CSCU did not send any e-mails directly to cardholders and does not have cardholder data.

CSCU does not communicate with cardholders directly. Rather, all of their communication is through member credit unions.

Consumer Alert

The FDIC has received a report of a new e-mail that has the appearance of being sent from the FDIC. However, instead of a typical phishing e-mail that might ask the recipient to click on a hyperlink to a spoofed Web site, this e-mail appears to deliver malicious software on to the recipient's computer.

After describing the FDIC and deposit insurance, the e-mail describes "a small client utility" that bank customers are asked to install on home and business computers "which is used to open Online Banking sessions." The e-mail goes on to state that "[t}his utility only starts whenever an online session is opened with a Financial Institution insured by the FDIC, thus it will never interfere with any programs installed on your computer. Please help us combat fraud by installing, ProBank on any computer that is used to open an Online Banking session."

The e-mail also asks institutions to "advertise and market the ProBank's existence to employees, suppliers, third-party service providers and customers." It suggests channels, such as "bank newsletters, memoranda, written policy, and internal and external bank Web sites."

This e-mail is a fraudulent attempt to obtain personal information from consumers and businesses. Consumers and businesses should NOT click the link provided within the body of the e-mail or install any software on their computer which is unfamiliar.

You Have Won...Don't Be a Victim of a Lottery Scam

Recently we have seen an increase in members becoming the victims of fraud. They are receiving mail/spam that tells them they have won money in a foreign lottery. Most promotions for foreign lotteries are phony. Participating in a foreign lottery violates U.S. law. The scammers will keep any money you send for "taxes" or fees. In addition, lottery hustlers use victims' bank account numbers to make unauthorized withdrawals or their credit card numbers to run up additional charges.

What to do...Skip these offers. Don't send money now on the promise of a payoff later.

Customer Survey Phishing Scam
The spam e-mail starts with: "The Online department kindly asks you to take part in our quick and easy 5 question survey. In return we will credit $50.00 to your account - Just for your time!"  The e-mail goes on to describe how it only takes two minutes, your answers will help them.  It is well done and looks authentic. Of course, the spam doesn't really take you to the credit union or bank website. Instead, it takes you to a scammer's site in China, Russia, Romania or ??. The web page itself and the initial questions they ask look quite authentic.

The catch, of course, is that they say that in order to credit your $50 reward, they need your credit union or bank User ID and password, as well as your credit card number, expiration date, three digit security number, Social Security number, ATM PIN Number, zip code, mother's maiden name and email address.

The ploy of using a $50 reward for a customer service survey can be an effective phishing lure.