Fraud Alerts
The more you know about today’s fraud, the less likely you will be to fall for them.
DON'T BE A VICTIM! THE BEST DEFENSE IS EDUCATION!
Below are many of the common types of fraud schemes used today. The best way to defend yourself is through knowing how to detect what is fraud.
Money one FCU will NEVER ask for the following items through text message or email:
- Your online banking security questions or image
- Your online banking password
- Your debit card number
- Your debit card pin
- Your social security number
Be vigilant and protect yourself!
Here are ways to do so:
- Avoid answering unknown numbers. Even if the caller ID display name seems familiar, they are still unknown, and they could be a scammer in disguise.
- Don’t hit any buttons. If you happen to answer a spoofed call, avoid pressing anything or following any of their instructions, and hang up immediately.
- Stay silent. If you end up answering a call that you’re unsure about, stay silent and hang up as soon as you can in order to avoid accidentally giving up any personal information. Never share personal information over the phone with an unknown caller, and keep in mind financial institutions will never ask you for personal information over the phone.
- Keep your information private. When you’re talking to someone you don’t know, avoid sharing any personal information, as scammers could use it for malicious purposes such as identity theft or fraud.
- Block any spam numbers that try to get into contact with you.
- Use a spam blocking app provided by your cell phone carrier if you feel as though you cannot manually block all of the ones you receive.
- Use two-factor authentication and/or biometric logins (your face or fingerprint) whenever possible.
- Use strong, unique passwords across all of your accounts.
- If a link in the fraudulent email is clicked, the computer should be scanned with updated anti-virus software. If malicious code is detected, a computer security specialist should be consulted.
- Use the FTC (Federal Trade Commission) website, www.onguardonline.gov. Consumers can take interactive quizzes designed to enlighten them about identity theft‚ phishing‚ spam and online-shopping scams. Elsewhere on the site‚ consumers can find detailed guidance on how to monitor their credit histories‚ use effective passwords and recover from identity theft.
If you responded to any scams and provide any confidential account information‚ please notify us at 301-925-4600 or info@moneyonefcu.org. We will assist you in changing any information to protect your account.
Below are some common fraud schemes that we have seen or have been brought to our attention:
Caller ID Spoofing
Caller ID spoofing is when scammers deliberately disguise their phone numbers to look like someone else’s such as a local company or government agency that you may already know & trust. These scammers will attempt to gather personal information from you, such as credit card information. It is unlikely that you will be able to tell right away if an incoming call is spoofed, as the caller ID shows up to be official, and the scammer can know things like employee names and impersonate them. Do not trust random phone numbers you do not recognize, share your login credentials or personal information over the phone, and pay extra attention to website details. While Caller ID spoofing is the most well known, especially among financial institutions, it is also important to stay vigilant and pay attention to suspicious websites and emails, as well as deepfakes, which are realistic imitations of real people that will tell you to do something, because those very well could be attempts at spoofing you as well.
Smishing Text Message Scam
A few of our members have reported two text messages that they received.
The first fraudulent text reads:
From: 1 240 349 0118@supportgaurd.com
There are issues with your credit union account. Call customer service now at 240.349.0118 to remove restrictions.
The second fraudulent text reads:
From: 1 240 349 0118@supportgaurd.com
You have a new credit union banking message. To hear this message call 240.349.0118 immediately.
When the number is called‚ it is answered by a mechanical system. To un-restrict their account‚ members are being asked to run a verification and enter their 16 digit credit card number to ensure that they are in possession of their credit card‚ expiration date, and 3 digit verification number on the back of the card.
Phishing Email Scams
Phishers will change their phony e-mails by including false fraud protection techniques as a new twist to convince you the e-mail is from your credit union with the added educational information. Because of everyone’s fraud awareness, the phishers lure you to “take action” and provide the information by using an “online banking” log-in which will re-direct this site to the fraudster.
The “action” the phishers will ask you to perform are:
- deactivate your card(s) temporarily to guard against fraud
- activate your card(s) by having you log on to an “online banking system” where the phishers can obtain member’s card information
The phishers convince you there is no need to contact your credit union to validate the email or telephone request involving the deactivation and activation process. It’s critical that you are aware of the new twists in the phishing fraud arena and that you should confirm any changes with your credit union.
Say No to *72
This scam is when the scammer tells their victim to call another number for more details regarding a topic, and to begin the cell phone call with the code *72. What this does is transfer all calls sent to the cell phone to the number the scamming caller has given to the scammer’s own phone number. It will be the same person the whole time, but then the scammer will leak your number to anyone in the world, where they can phone the scammer via your cell, with you picking up the charges. You will know nothing about it — until you get your bill.
You can avoid this by not using the *72 or any other forwarding code to forward calls to a number you don’t know or recognize. You can enter *73 to clear call forwarding. (We’re not sure if *72 and *73 are the forwarding codes for all cell phones. Check your cell phone manual or talk to your carrier.)
Poodle
Google announced a new vulnerability called POODLE (Padding Oracle on Downgraded Legacy Encryption) which can bypass the secured connection often used when browsing to secured web pages. With POODLE, the vulnerability is related to a “man in the middle” type of attack. To protect your personal information, we suggest that you:
- Always avoid any public Wi-Fi or connection you do not trust.
- Disable SSLv3 and enable TLS 1.0, TLS 1.1 and TLS1.2 in Internet Explorer
o Go to the Internet Explorer Tools menu, click Internet Options.
o In the Internet Options dialog box, click the Advanced tab.
o Scroll down to the Security category and uncheck Use SSL 3.0 and check use TLS 1.0, Use TLS 1.1 and Use TLS1.2, if available.
o Select OK.
o Exit and restart Internet Explorer. - For Chrome: Google advised adding the following to the end of the browser shortcut after: chrome.exe” –ssl-version-min=tls1
- For Mozilla Firefox: install the available plug-in.
- Verify your browser by going to https://www.poodletest.com If a “poodle” displays, you are still at risk.
Sandworm
Sandworm is another scam that was discovered. It allows an attacker to execute software on an unsuspecting victim’s PC. This vulnerability impacts all supported versions of Microsoft Windows. The attack comes in the form of email messages with attachments from trusted sources. The attachments include Microsoft Word documents, Excel spreadsheets, or PowerPoint presentations, etc. If you open the attachment, your computer can become infected without your knowledge. Then the attacker can execute remote commands. Luckily, Microsoft has already released an update to patch this security issue (CVE-2014-4114). If you have not already done so, please apply this patch immediately.
New Recruitment Scam Using Craigslist Targets Credit Unions
Advertisements have been posted on Craigslist as part of member recruitment scams nationwide. The ads solicit current credit union members and offer $75.00 or more for their assistance with qualifying a new member. This scam is targeting credit unions and members across the country. Avoid these ads, and just come into credit unions in person or call their listed phone number on their website.
NCUA Alerts CUs about Fedwire Scam
NCUA issued an alert warning credit unions of an email scam that claims the Federal Reserve Fedwire system has been compromised by a phishing attack, but the emails are attempts to load malicious software onto users’ computers. This email scam falsely tells users that banks and credit unions have been affected by a phishing attack against the Fedwire system, which has resulted in high levels of illegal wire transfers. Consumers are then directed to click on a link for additional information; however, the link opens Web pages with the malicious software.
Unauthorized Use of Financial Crimes Enforcement Network's Name
The Financial Crimes Enforcement Network (FinCEN) has issued warnings about financial scams being undertaken through the unauthorized use of FinCEN’s name. These scams involve people representing themselves as FinCEN officials seeking confidential information. The requests may be presented in letters bearing the FinCEN seal or an e-mail represented as official correspondence. “These scams often involve the enticement of a phony inheritance of sum of money and claim that FinCEN is holding or blocking the transfer of funds,” the agency said.
FinCEN advises anyone receiving such letters or e-mails to refrain from sending funds or information. Anyone who suspects a request or thinks they have been victimized should report the information to local, state or federal law enforcement, it said. FinCEN doesn’t send unsolicited requests and doesn’t ask for personal or financial information from members of the public, though it may freeze or block the transfer of assets. The fraudulent messages may seem to come from an overseas office as well, but FinCEN notes it has no offices outside the United States.
We will update this page with new alerts as we become aware of new fraud schemes.