Security Center
12-8-11
Smishing and Vishing And Other Cyber Scams to Watch Out for This Holiday Season
Tips from the FBI’s Internet Crime Complaint Center (IC3):
You receive a text message or an automated phone call on your cell phone saying there’s a problem with your account. You’re given a phone number to call or a website to log into and asked to provide personal identifiable information—like a bank account number, PIN, or credit card number—to fix the problem.
But beware: It could be a “smishing” or “vishing” scam…and criminals on the other end of the phone or website could be attempting to collect your personal information in order to help themselves to your money. While most cyber scams target your computer, smishing and vishing scams target your mobile phone, and they’re becoming a growing threat as a growing number of Americans own mobile phones. (Vishing scams also target land-line phones.)
“Smishing”—a combination of SMS texting and phishing—and “Vishing”—voice and phishing—are two of the scams the FBI’s Internet Crime Complaint Center (IC3) is warning consumers about as we head into the holiday shopping season. These scams are also a reminder that cyber crimes aren’t just for computers anymore.
Here’s how smishing and vishing scams work: criminals set up an automated dialing system to text or call people in a particular region or area code (or sometimes they use stolen customer phone numbers from banks or credit unions). The victims receive messages like: “There’s a problem with your account,” or “Your ATM card needs to be reactivated,” and are directed to a phone number or website asking for personal information. Armed with that information, criminals can steal from victims’ bank accounts, charge purchases on their charge cards, create a phony ATM card, etc. Sometimes, if a victim logs onto one of the phony websites with a smartphone, they could also end up downloading malicious software that could give criminals access to anything on the phone. With the growth of mobile banking and the ability to conduct financial transactions online, smishing and vishing attacks may become even more attractive and lucrative for cyber criminals.
Here are a couple of recent smishing case examples:
- Account holders at one particular credit union, after receiving a text about an account problem, called the phone number in the text, gave out their personal information, and had money withdrawn from their bank accounts within 10 minutes of their calls.
- Customers at a bank received a text saying they needed to reactivate their ATM card. Some called the phone number in the text and were prompted to provide their ATM card number, PIN, and expiration date. Thousands of fraudulent withdrawals followed.
IC3 Tips to Protect Yourself From Cyber Scams
- Don’t respond to text messages or automated voice messages from unknown or blocked numbers on your mobile phone.
- Treat your mobile phone like you would your computer…don’t download anything unless you trust the source.
- When buying online, use a legitimate payment service and always use a credit card because charges can be disputed if you don’t receive what you ordered or find unauthorized charges on your card.
- Check each seller’s rating and feedback along with the dates the feedback was posted. Be wary of a seller with a 100 percent positive feedback score, with a low number of feedback postings, or with all feedback posted around the same date.
- Don’t respond to unsolicited e-mails (or texts or phone calls, for that matter) requesting personal information, and never click on links or attachments contained within unsolicited e-mails. If you want to go to a merchant’s website, type their URL directly into your browser’s address bar
Source: http://www.fbi.gov/news/stories/2010/november/cyber_112410
If you have any questions regarding this information or you think you may have fallen victim to this type of scam, contact us immediately at 877-MY-LAPFCU (877-695-2732).
Church Confidence Scam
Los Angeles Police Federal Credit Union has been made aware of a scam involving a suspect approaching a victim in a parking lot after shopping. The victim is convinced to assist the suspect in donating a large amount of money in order to receive a part of a multi-million dollar inheritance. There is always a second suspect involved as well at a church that meets the victim and the primary suspect.
Usually, the victim is over 50 and is withdrawing their entire savings or retirement monies for an “emergency.” The victims are told not to discuss with bank or credit union personnel why they are withdrawing the money, however if armed with this information, they may be able to prevent the loss of thousands of dollars.
How to avoid becoming a victim of this scam:
- Ask them if they need help and offer to call the police.
- Call your police department's non-emergency line.
- Pay attention to suspicious people in and around the bank or credit union. Write down descriptions of those involved, including vehicle license plate numbers.
- Do not disclose your financial information to strangers.
If you have any questions regarding this information or you think you may have fallen victim to this scam, contact us immediately at 877-MY-LAPFCU (877-695-2732).
Scam involving Kelly Blue Book Los Angeles Police Federal Credit Union has been made aware of a scam being perpetrated by a fake Kelly Blue Book website. Kelley Blue Book is the foremost authority on information about new and used cars. The scam attempts to lure car buyers into investing in an escrow-based buyer protection program—which Kelley Blue Book doesn’t offer. The company warns that the scam website looks a lot like kbb.com, and can easily fool unwary consumers. Kelley Blue Book advises online car buyers to be careful to enter the correct website, and adds that consumers who see a buyer-protection plan using the Kelley Blue Book name should be aware that the plan–and the site it’s offered on–is a scam. Fraudulent websites should be reported to the Internet Crime Complaint Center at www.ic3.gov.
Here’s what happens:
- An individual uses a reputable vehicle listings site to list a car he doesn’t own. The fake seller is usually prepared with a story about military deployment or an emergency that forces him to sell quickly and cheaply.
- Then the scammer moves the transaction to a disreputable website. The new website may look a lot like the Kelley Blue Book site, with authentic-looking guarantees from well-known companies. These sites often contain spelling errors and grammatical mistakes.
- The scammer instructs the buyer to wire the car’s purchase price to a third party. The buyer, reassured by the Kelley Blue Book name and the website’s guarantees, does so—and never sees the money again.
Shayne Brown, associate general counsel for Kelley Blue Book, notes that “criminals have added…technology to their scam by adding 800 numbers and offering live chat with potential buyers in an effort to ease their concerns…” She adds that consumers should be aware that “any type of online consumer escrow service backed by our company is a scam.”
If you have any questions regarding this information or you think you may have fallen victim to this scam, contact us immediately at 877-MY-LAPFCU (877-695-2732).
Credit Union Members are being targeted in Smishing Attacks
Los Angeles Police Federal Credit Union has been made aware of smishing attacks targeting Credit Union members. Credit Unions from around the country have reported their members are receiving bogus text message (smishing) alerts. The text message indicates it is from Credit Union Services and advises the member to call the number provided in the text message to have their card reactivated. This is a scam, as LAPFCU would never ask a member for this type of information using text messaging.
Credit unions have reported multiple phone numbers provided in text messages sent to credit union members to call to have their card reactivated. One credit union reported that some of their members responded to the text and provided the requested card information. Because of the increase in both smishing (text message phishing) and vishing (phone call phishing) attempts directed towards members asking for personal or financial information, members should never respond to this type of request. LAPFCU will never request your personal information through text message, email, or unsolicited phone calls.
If you have any questions regarding this information or you think you may have fallen victim to this scam, contact us immediately at 877-MY-LAPFCU (877-695-2732).
Fraudulent Wire Transfer Emails Appearing to Come from NACHA
Los Angeles Police Federal Credit Union has been made aware of a fraudulent e-mail message stating a wire transfer had been rejected by the Federal Reserve Board. Some of the emails appear to be from "canceled_ach@nacha.org", "transfer-manager@nacha.org" and "infomation@nacha.org". See a sample of the e-mail below.
These e-mails are fraudulent - DO NOT CLICK ON ANY HYPERLINKS.
NACHA does not process nor touch ACH transactions or wire transfers that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual transactions that they originate or receive.
= = = = = Sample Email= = = = = =
From:canceled_ach@nacha.org [mailto:canceled_ach@nacha.org]
Sent: Thursday, June 23, 2011 7:32 AM
To: Doe, John
Subject: Your Wire Fund Transfer
The domestik Wire fund transfer, recently initiated from your checking account, was not processed by an intermediary or beneficiary bank.
Please click here to view further information
________________________________
This service is provided to you by the Federal Reserve Board. Visit us on the web.
Please click here to view report
= = = = = = = = = = = = = = = = = = = =
If you have any questions regarding this information or you think you may have fallen victim to this scam, contact us immediately at 877-MY-LAPFCU (877-695-2732).
Member security is something LAPFCU takes very seriously, and we are committed to providing you with a safe, secure environment to conduct your business, both in our branches and online. Here are a few resources we provide to protect your security.
- Multi-Factor Authentication - When you access your accounts online via PATROL, our Multi-Factor Authentication (MFA) service is designed to protect your data from unauthorized internet access and fraudulent attacks.
- Identity Theft 911® - LAPFCU is working to protect your identity via our partnership with Identity Theft 911. In addition to education on safeguarding your identity, we provide you with free guidance if your identity is stolen.
- Card Fraud Protection - LAPFCU works with the country's top fraud protection services to monitor activity on our member's Visa® credit card, QuickDraw and QuickDraw Plus Debit/ATM cards to help keep our members' assets safe, while minimizing inconveniences.
- Verified by Visa - Protect your Visa card online. Verified by Visa provides password reassurance that only you can use your Visa card online.
- New Automated Telephone Phishing Scam - A new fraudulent attempt to obtain cardholder information is done through an automated telephone service.
- MasterCard Secure Code - MasterCard SecureCode is a simple and secure way to pay at thousands of online stores. A private code known only to you and your bank, your SecureCode enhances your existing MasterCard account by protecting you against unauthorized use of your card when shopping online at participating online retailers.
