• Home  |
• Rates  |
• Tools & Resources  |
• Online Security  |
• Contact Us

Account:         PIN:         

• Security Alerts
• Fraud Prevention
• Fraud Resources

Security Alerts

Last Updated: 03/05/2012

Fraud Alert - New Spam E-mail Scheme - "Gameover" - 03/05/12

The FBI recently sent out a warning of a new spam email scheme that involves a type of malware called "Gameover".

In this scheme, the Credit Union member receives a fake email from a Federal Agency (NACHA, the Federal Reserve, the FDIC or NCUA) attempting to trick the recipient into opening a link to resolve some type of problem with their account or deal with a recent transaction. Once the link in opened, "Gameover" takes control of the person's computer and thieves have access to usernames, passwords and eventually money in the account.

Below are some important steps to help you avoid falling victim to internet fraud and reducing the risk of loss:

• Maintain the newest version of anti-virus software on your computer and mobile device;
• Do not open any embedded links from emails if you doubt the authenticity of the sender;
• Credit Unions will never request any personal information via email and
• Access your account often to verify the balance and check for any unauthorized transactions – report any discrepancies immediately.

New Variation on Telephone Collection Scam
Related to Delinquent Payday Loans - 02/23/2012

The FBI recently reported that incidences of payday loan telephone collection scams are continuing. The typical payday loan scam involves a fraudster calling a victim and stating that they are delinquent on a loan and must make payment immediately to avoid subsequent legal action.

These callers will relentlessly call the victim's home phone or cell number posing as FBI Agents, using terms such as the "Federal Legislative Department" or other legitimate sounding agencies. They tell the victim they are collecting debt for companies such as United Cash Advance, US Cash Net or other Internet check cashing services. They often are aggressive and refuse to provide information on the loan or provide any documentation to support the debt.

These high-pressure collection tactics used by the fraudsters have evolved and in one recent complaint, the fraudster posed as a process server and appeared at the victim's job. In another instance, a phony process server came to a victim’s home. In both cases they claimed to be serving a court summons and stated the victim could avoid going to court if they provided a debit card or credit card for repayment of the loan.

The FBI recommends that anyone contacted by a person trying to collect a debt that is not owed, should:

• Contact local law enforcement if they feel threatened or in immediate danger;
• Contact their credit union, bank and credit card companies to advise of the incident;
• Contact the three major credit bureaus and request an alert be put on their file;
• Contact their loan company if the individual has a legitimate loan and wants to verify any outstanding obligation; and
• File a complaint at www.IC3.gov.

Beware of Frauds on Facebook - 11/23/2011

Fraudsters may be hiding in the background and watching your Facebook, Twitter, Linked-in and eHarmony accounts, waiting to steal your personal information and initiate a fraud against you, your friends or business associates.

Crooks have moved to "affinity" frauds, which target members of a set group that include members of a particular church, a health club association or some group with a similar bond. Victims tend to let down their guard when they're introduced to someone through a friend, even if that introduction is second-hand. Because we assume that our friends won't betray us, that bond increases the likelihood that even a reasonable, thoughtful individual will become a victim.

Con artists take advantage of how easily people share background and personal information online by using this information to make a highly targeted pitch to friends within a particular social group. Just because someone has friended you online doesn't mean that person is your friend when it comes to sharing personal information.

General Tips to helping stay safe on Facebook:

• Friend people you know and make sure you are communicating with that person;
• Create a secure password and don’t share it with anyone;
• Change passwords on a regular basis;
• Share personal information only with people you know or companies that need it;
• If it looks like Facebook is asking you to log in a second time, skip the links and directly type www.facebook.com into your browser address bar;
• Use a one-time password when using someone else's computer;
• Log out of Facebook after using someone else's computer;
• Use secure browsing whenever possible;
• Only download apps from sites you trust;
• Keep your anti-virus software updated;
• Keep your browser and other applications up to date;
• Beware of unusual posts from anyone, including close friends - if it looks like something your friend wouldn't post, don't click on it; and
• Beware of enticing links coming from your friend - scammers might hack your friends' accounts and send you a link that appears to come from them.

Malicious Software Features Osama Bin Laden Links- 05/05/2011

According to consumer protection officials, that email you receive purporting to have photos and videos showing Osama Bin Laden’s death could cost you dearly. This email could contain a virus that targets personal information and addresses stored on your computer and opening that information could set in motion malicious software that will attack your computer.

The FBI’s Internet Crime Complaint Center (IC3) urges computer users to not open unsolicited (spam) e-mails, including clicking links contained within those messages. Even if the sender is familiar, the public should exercise due diligence. Computer owners must ensure they have up-to-date firewall and anti-virus software running on their machines to detect and deflect malicious software.

The IC3 recommends the public do the following:

• Adjust the privacy settings on social networking sites you frequent to make it more difficult for people you know and do not know to post content to your page. Even a "friend" can unknowingly pass on multimedia that’s actually malicious software.
• Do not agree to download software to view videos. These applications can infect your computer.
• Read e-mails you receive carefully. Fraudulent messages often feature misspellings, poor grammar, and nonstandard English.
• Report e-mails you receive that purport to be from the FBI. Criminals often use the FBI’s name and seal to add legitimacy to their fraudulent schemes. In fact, the FBI does not send unsolicited e-mails to the public. Should you receive unsolicited messages that feature the FBI’s name, seal, or that reference a division or unit within the FBI or an individual employee, report it to the Internet Crime Complaint Center at www.ic3.gov.

Credit Card Skimming Alert - 10/22/2010

A skimming device is a small and inexpensive item that is inserted into an ATM. If not scrutinized closely, it looks like it is part of the machine and it is configured to steal ATM numbers and PINs from unsuspecting customers/members. In addition to the skimming device, a camera is mounted nearby to capture the keystrokes used to enter the password.

Often, the scam artists will sit in a nearby car receiving the information wirelessly transmitted from the skimmer. The fraudsters are then able to duplicate the information stored on the magnetic strip of the ATM card and use the PIN number to withdraw funds from an account at the Credit Union.

From a technology standpoint, new ATM's are being built with the reader embedded deep within the machine. And the slots on the machine are being designed to make it difficult to attach a skimmer. Also, new technology on some machines forces the card to move back and forth at different speeds while it is reading the information. This new process makes the skimmer ineffective as it requires a smooth card reader.

These improvements will help, but with the number of older machines in use, thieves will have an easy time finding susceptible targets for years to come.

What can you watch for to help avoid this scam?

• Always protect your PIN: Don't write it down anywhere and don't provide the number to anyone.
• Use ATM's in safe places: Make sure the ATM is in a well lit area with public visibility. These machines normally have 24/7 video surveillance and are often located within a financial institution or in a high-traffic area. Thieves like to avoid areas under surveillance and these machines are less likely to be used for fraudulent activity. Where are the cameras - Be conscious of cameras monitoring the ATM - While many ATM have surveillance cameras, they won't be positioned to record the keypad.
• Cover the keypad: As a precaution, put your hand over the keypad when you enter the PIN to avoid a camera recording the number. Be conscious of your surroundings and be suspicious of an ATM that has signage indicating you should use a specific machine. Also, avoid using a machine that appears to have been altered. If anything on the front of the machine looks loose, crooked or damaged, move on and use another machine.
• Be especially conscious of gas pumps: These high traffic areas offer a fraudster a multitude of different users and recent reports have involved fraud occurring in these areas.
• Report any suspicious activity: If the machine looks suspicious or if it retains your card, report the incident immediately.
• Be cautious of anyone offering help near an ATM: These people could be part of the scam and you should report this incident to the financial institution immediately.
• Monitor your monthly statement: Check your statements immediately upon receipt for any fraudulent withdrawals or other questionable transactions.
• Conduct ATM transactions during the daylight hours: Most ATM crime occurs in the evening.

NACHA Phishing Alert - 8/26/2010

NACHA – The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA and signed by a non-existent NACHA employee. See a sample of the email below.

Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.

NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.

If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software applications security patches are installed and current.

Be alert for different variations of fraudulent emails.

= = = = = Sample Email = = = = = =

Dear bank account holder,

The ACH transaction, recently initiated from your bank account (by you or any other person), was rejected by the Electronic Payments Association.

Please Find Attached Transaction Report

= = = = = End Sample Email = = = = = =

FDIC Fraudulent Email Notice - 07/07/2010

Recently, the Federal Deposit Insurance Corporation (FDIC) has received reports of a fraudulent e-mail which has the appearance of being sent from the FDIC.

The e-mail’s subject line reads: "you need to check your Bank Deposit Insurance Coverage." The body of the email states, "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets." The email instructs the recipient to click a link that reads, "You need to visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage."

The e-mail and the website it is associated with are fraudulent. Recipients should consider this e-mail as an attempt to obtain personal or confidential information, or to load malicious software onto end users' computers. The FDIC does not issue unsolicited e-mails to consumers. Recipients of this e-mail should NOT click on the link.

For further information, please visit www.fdic.gov.

Please remember that AFEFCU will never ask you for personal information, or information about your credit union accounts via e-mail, a web page, or over the phone.

Copyright 2012 Associated Federal Employees Federal Credit Union. All Rights Reserved.
Your savings federally insured to at least $250,000 and backed by the full faith and credit of the United States Government.
National Credit Union Administration, a U.S. Government Agency.
Web Development By Wallin Web Solutions