Weststar will never send you an email asking for your online ID, passcode or any other private or personal information.
If someone sends you a check or money order then asks you to deposit the item into your account and wire transfer money out of your account, WATCH OUT! You may become the victim of a popular scam.
Regardless of the pitch, all scams involve you being contacted by individuals who agree to forward you a check or money order. After the item is deposited, you may be contacted and told an elaborate story and then asked to wire transfer back all or some of the money.
After you withdraw or wire the money from your account, it is then determined the check or money order you were given is a counterfeit. At this time, the check or money order will be returned to the credit union/bank unpaid and the full amount will be deducted from your account.
There are variations to this scam, but you need to stop and ask yourself a question: why would you wire money to a stranger you met through the internet or correspondence only?
If you believe you have been the victim of or are currently being solicited by a fraudster, contact your local police department immediately. If you want more information or are the victim of one of these scams, please visit the websites below:
The IRS cautions people to be wary of individuals who are using the 2008 tax rebates to try to obtain private financial information in order to engage in identity theft or to steal money from your bank account.
Generally, the IRS will not call you over the phone or send you an unsolicited e-mail. If you receive a phone call or an e-mail asking for personal financial information (e.g., "we need your bank account number so that your tax rebate can be direct deposited" or "we can help you get your tax rebate sooner if you let us help you"), you should assume that the caller's motives are fraudulent and not provide the information.
If you have filed a 2007 tax return, the IRS knows where to send you the rebate. In addition, the IRS does not make it their business to determine if you have cashed your rebate check or in what bank account. If you have instructed the IRS (on your tax return) to use direct deposit of refunds into your bank account then be especially cautious about answering questions from anyone about problems. If someone calls you indicating there is a problem, assume the worst and insist that they send you an official letter. The IRS does not gather information by telephone.
The IRS provides further information about rebate scam on its website.
/link_bumper.php?xName=www.irs.gov&xURL=http://www.irs.gov/
http://www.irs.gov/newsroom/article/0,,id=178061,00.html
Go back to top
There is a new scam that involves unsolicited text messages sent to cell phones. The message urges the recipient to call a number provided for information about account discrepancies and then solicits individual account information and pin numbers.
Cell phone users should be weary of unsolicited text messages. Such messages should be deleted and all deleted text messages should be removed, if possible, as the perpetrators have been known to use Spyware1 in conjunction with their text message solicitation.
Such a scam could be used to obtain personally identifiable information and credit union account access information, for those who access their accounts using their cell phones.
Go back to top
This fraudulent e-mail starts by suggesting that the recipients
can help the government fight terrorism and related money laundering
by verifying their personal information. It attempts to lead consumers
to a counterfeit Web site in an attempt to trick recipients into
divulging financial data, such as credit card numbers, account
user names, passwords and Social Security numbers. See sample
below:
Detecting a fraudulent e-mail can be difficult. Here are a few
things to keep in mind:
The Internal Revenue Service has issued an alert, warning that the IRS name and logo is being used by fraudsters attempting to access the taxpayer financial information through e-mail, telephone, and cell phone text messaging. Note: The IRS does not ask for personal identifying or financial information via unsolicited e-mail, telephone calls, or text messaging.
The following scams are being used to trick taxpayers into divulging financial account information for fraudulent purposes:
If you receive an unsolicited e-mail purporting to be from the
IRS, take the following steps:
- Do not open any attachments to the e-mail; they could contain
malicious code that will infect your computer.
- Forward a questionable e-mail claiming to be from the IRS
to phishing@irs.gov.
- Use instructions contained in an article online at www.irs.gov
titled “How to Protect Yourself from Suspicious E-Mails
or Phishing Schemes.” http://www.irs.gov/individuals/article/0,,id=155344,00.html
- Contact the IRS at 800-829-1040 to determine whether the
IRS is trying to contact you about a tax refund.
- Remember that taxpayers do not have to complete a special
form to obtain a refund.
- If you have received this, or a similar hoax, please file
a complaint at www.ic3.gov.
- If you have been the victim of a spoof e-mail or Web site,
you should contact your local law enforcement, a U.S. Postal
Inspector, or the FBI.
Go back to top
CUNA target
of new card-activation phish attempt - October 30, 2007
CUNA, (NOT CUNA Mutual Group),
is being used as the subject of a phishing message
targeting credit union members to collect personal account information,
plastic card numbers, and passwords. If you receive this email
do not click on the link (which will take you to a fake web
page), just delete the message.
This new phishing-scam attempt using the Credit Union National
Association's name, informs recipients about "irregular
check card activity" and advises them to call a toll-free
number to get any restrictions removed. Do NOT call the toll-free
number. The call is a ploy to get personal account information,
possibly for identity theft purposes.
Recipients received a message as a:
- "CUNA Alert: Irregular Check Card Activity"
- "We detected irregular activity on check card on Oct. 25/2007.
For your protection, you must reactivate your card. Call us
immediately at 1.866.840.2863. We will review the activity
on your account with you and upon verification, we will remove
any restrictions placed on your account.
Please disregard this notice if you have already accessed
the website or spoken with one of our representatives."
As a trade association for U.S. credit unions, "CUNA does
not maintain any type of customer/member financial information”
and WestStar Credit Union would never request personal identification
information over the phone.
And while this phone number has since been disabled, a new phishing
e-mail with a different phone number started making the rounds
on October 30, 2007. If you have responded to any
e-mails of this type, please contact your financial institution
directly.
Also, another phish making the rounds earlier with CUNA's name
on it comes from a gmail.com address and addresses "Credit
Union National Association SERVICE." It says CUNA ensures
security "by regularly screening the accounts in our system.
We recently reviewed your account, and we need more information
to help us provide you with secure service." It provides
a "case ID" and a link to a fake website mimicking
CUNA's.
Loss Prevention Recommendations:
- Report suspicious Internet sites and emails to the government
and for additional protection tips visit the Internet Crime
Complaint Center at www.ic3.gov
or the Federal government’s consumer information center
at www.consumer.gov/Tech.htm.
- If you have been victimized by a spoofed e-mail or web site,
you should contact your local law enforcement, US Postal Inspector,
or FBI.
Go back to top
Online
California Fire Scams - October 29, 2007
Websense, Inc. announced that its security research team has
discovered suspicious online scams designed by criminals to
steal money from those donating to the California fire effort.
“Unfortunately, as we saw with Katrina and several other
recent emergencies, there are criminals who attempt to divert
monies intended for the victims by creating bogus online donation
Web sites and advertising them on high-traffic Web sites,”
said Dan Hubbard, vice president of security research, Websense.
“These criminals are trying to take advantage of the amazing
outpouring of support locally, state-wide and internationally.
Tips to for donating online:
- Ensure you are dealing with legitimate organizationsv
- Contact these organizations on your own.
- Go to their Web site rather than clicking on a link in
an email sent to you.
- Remember that legitimate organizations will not
aggressively approach people for money and donations.
- Be mindful of groups reporting to be affiliated with legitimate
organizations asking for donations or requesting you to visit
their Web site.
- They may be fraudulent or hosting malicious code designed
to steal personal financial information.
- Be wary of online auctions that claim to support the donation
effort.
- Report suspicious Internet sites and emails to the government
and for additional protection tips visit the Internet Crime
Complaint Center at www.ic3.gov or the Federal government's
consumer information center at www.consumer.gov/Tech.htm.
Thanks.
Go back to top
New ATM & VISA Check Card
Fraud Policy - December 1, 2006
To protect our members from fraud, WestStar Credit Union may block
the purchase ability of the VISA Check Card in foreign countries.
If you plan on traveling outside of the United States, please
contact us at 800-729-9328, so we can verify Visa Check and ATM
availability for your destination.
For your protection, due to a high incidence of fraud, no Visa
Check or ATM activity will be processed in the following countries.
Japan - Effective: 12/01/2006
Turkey - Effective: 07/14/2006
Alternative payment methods must be made, such as your WestStar
Credit Union Credit Card .
Go back to top
JQ Bank
Grant Scam - August 20, 2007
According to the Better Business Bureau, law enforcement and
other agencies, a new type of online scam for grant money has
surfaced. This scam appears to be another version of the "overpayment
scam."
Victims are solicited online regarding grants that may be available
to them. These grants may be for education, debt relief,
low income subsidy, or any other type of “financial aid.”
Responding victims apply for their grant and are sent printed
information along with a check, typically for $4,975.00.
They are then directed to a website for instructions.
The site instructs the victim to purchase a specific variety
of stored value credit card (GREENDOT Reloadable / MoneyPak*)
and load it with the grant broker’s “commission.”
They are promised a second, larger check after the stored value
card number is e-mailed to the broker. Of course, the
card is quickly liquidated and the original check is later returned
as counterfeit, or account closed.
If you responded to such an e-mail and provided any confidential
account information, please notify your credit union immediately
of the scheme. You should also change your account’s PIN,
and take any additional action recommended by your credit union
to protect your account.
*GREENDOT Reloadable / MoneyPak stored value credit cards are
legitimate cards but are being used as part of this scam.
Scam Details:
- A grant seems like a reasonable explanation for receiving
a large sum of money and is very attractive to college students.
- The counterfeit checks are often drawn on an active and
verifiable account, typically at Wells Fargo.
- Convincing printed information is provided to the victim
with a plausible explanation for why funds need to be sent
back to the broker. (Conflict of interest, regulations, etc…)
- Money is transferred back to the scammer via stored value
credit card. Thus, avoiding the suspicion often generated
by wire transfers. This method also facilitates further
laundering of the stolen funds.
OR:
- Grant money is received for a mere commission of 10% of
the check amount.
- The receiver of the grant money deposits the check, and
then via Electronic Funds Transfer, sends 10% of the check
amount back through a given website.
- The check is returned as counterfeit and the thief now has
the depositor’s good money along with their bank account
information.
If you have been victimized by this scam, please contact your
local law enforcement, US Postal Inspector, or FBI, and
report the incident to Better Business Bureau at www.bbb.org
and to the Internet Crime Complaint Center at www.ic3.gov
.
Go back to top
NCUA
phishing e-mail - May 18, 2007
A recent phishing e-mail appearing to be from the
National Credit Union Administration (NCUA) is targeting consumers',
and their fear of security relating to the recent TJ Maxx
Companies (TJX) data breach. The false e-mail discusses
the TJX Companies data breach, which was made public in January.
This email notice warns that "magnetic strip information
was being stored and your PIN may have been captured" and
"strongly" urges NCUA's "members" to update
their information within the next 48 hours.
This false e-mail will ask you to click on a link to verify
your credit union account registration. If you proceed to do
so, the link is directed to a false website and asked for your
credit union account number and PIN, along with other personal
information.
If you responded to such an e-mail and provided any confidential
account information, please notify your credit union immediately
of the scheme. You should also change your account’s PIN,
and take any additional action recommended by your credit union
to protect your account.
If you receive an unsolicited e-mail alleging to be
from the NCUA, take the following steps:
- Reminder: WestStar Credit Union and NCUA do not ask credit
union members for personal account information.
- Anyone who has received a fraudulent phishing e-mail purportedly
from NCUA should forward the entire e-mail message to Phishing@ncua.gov.
- Do not open any attachments to the e-mail, in case they
contain malicious code that will infect your computer.
- Your can file a complaint with the following agencies:
- If you have been victimized by a spoofed e-mail or web site,
you should contact your local law enforcement, US Postal Inspector,
or FBI.
Go back to top
E-Mail
Fraud Alert - March 28, 2007
SCENARIO/METHOD: NCUA Fraudulent Email
A fraudulent email is being circulated claiming to be from “National
Credit Union Association”. This message was sent to both
the general public and to some credit union members that appeared
to be from NCUA. This false e-mail asked for the recipient to
click on a link to verify their credit union account registration.
If the recipient proceeded to do so, the link directed them to
a false website and asked for their credit union account number
and PIN, along with other personal information.
The subject of the email is “Credit Union account limitation”.
The body of the fake message goes on to state:
Credit Union is constantly working to ensure security by regularly
screening the accounts in our system. We recently reviewed your
account, and we need more information to help us provide you with
secure service.
Until we can collect this information, your access to sensitive
account features will be limited. We would like to restore your
access as soon as possible, and we apologize for the inconvenience.
This is a "phishing" attempt—Do not reply or click
on any associated links or buttons.
As a reminder:
- Beware of an unsolicited email that threatens to close or
suspend your accounts or online account access services or
requests that you provide personal account information.
- Never provide personal or account information in response
to an unsolicited request of any kind (online via emails or
by phone).
- For your protection, we recommend that you carefully review
your account transaction details on a regular basis through
WestStar's eTeller Online Banking System.
- If you believe the contact is legitimate, contact WestStar
directly for verification. (702) 791-4777 or (800) 729-9328.
If you responded to such an e-mail and provided any confidential
account information, please notify WestStar immediately of the
scheme. You should also change your account’s PIN, and take
any additional action recommended by WestStar to protect your
account.
If you feel that you have received a fraudulent phishing e-mail
purportedly from NCUA please forward the entire e-mail message
to Phishing@ncua.gov.
Additionally, you can file formal complaints concerning any suspected
fraudulent e-mail with the Internet Fraud Complaint Center (IFCC)
at ncua@ic3.gov. The IFCC is a partnership between the Federal
Bureau of Investigation, and the National White Collar Crime Center.
Go back to top
SCAM ALERT - December 12, 2006
SCENARIO/METHOD: 419 Scammers
Launch Fake Shipping Websites
Advance fee fraudsters operating from Amsterdam and Rotterdam
have created copies of the websites of express transportation
company DHL and Lufthansa Cargo
to lure victims into paying transportation and advance fees for
used motorcycles and cars that are never delivered.
Many people are familiar with the old style 419 scam where
an email claims to come from a person needing to transfer
large sums of money out of the country. The scammers seem
to have discovered a new way of making a quick buck.
The scammers offer a used Suzuki Katana GSX-600 or a
BMZ Z3 Roadster at sites such as Car.com or Autotrader.com
for next to nothing. After the buyer responds, they are usually
told that the cars are currently in Spain or another European
country and that they will have to pay transportation
costs.
The scammers then recommend the use of escrow services
with slick websites that appear legitimate. Some fake escrows
even warn you about internet fraud, or link to the Internet
Fraud Complaint Center. A Dutch scam fighter, Ultrascan
Advanced Global Investigations, has issued warnings about fake
sites promoting DHL Shippers and Lufthansa
Worldwide Cargo, as opposed to the real
companies, DHL Worldwide Express and Lufthansa Cargo. Sites
such as Carbuyingtips.com claim to have shut down over 600
fake escrow sites.
Loss Prevention Recommendations
- If you have been victimized by spoofed email or website, contact
your local law enforcement, US Postal Inspector, or FBI.
- Report the incident to Internet Fraud Complaint Center
at www.ic3.gov
Go back to top
CUNA
ALERT - October 19, 2006
SCENARIO/METHOD: FDIC Phishing Alert.
Beware of Malicious Code
The FDIC has received reports by businesses and consumers of
a phishing e-mail that has the appearance of being sent from
the FDIC. This phishing e-mail, similar to that sent on September
29th, appears to be from the FDIC and ask recipients to click
on a hyperlink titled "Take the Corrective
Action – Implement the LinkBank System."
The fraudulent e-mails, which are purportedly from "Russell
A. Rau, Assistant Inspector General for Audits," typically
include a "Subject" line that states: "Compliance
Examination for [recipient's name inserted]."
However, this is a new variation that includes
a new and more dangerous hyperlink. When accessed, the hyperlink
downloads an executable file to your computer.
FDIC is currently analyzing the executable file; however, it
is likely installing a keylogger or similar piece of malicious
software. DO NOT click on the link provided
in the phishing e-mail.
Once on the page, users are asked to "certify" that
they "will provide correct information in order to implement
the LinkBank System." The "LinkBank System" is
described as:
"…a protocol developed by the FDIC and other federal
agencies as a way to ensure that the standards for Online Banking
security are met. This protocol is based on a client utility,
safeConnect, that was developed to be installed on business
computers which are used to open Online Banking sessions. This
utility only interacts when an online session with a Financial
Institution insured by the FDIC is opened, thus it will never
interfere with any other applications."
After clicking on the certification radio button, another page
is opened that asks for bank name, username, and password.
This e-mail is a fraudulent attempt to obtain personal information
from consumers. Consumers should NOT to access the link provided
within the body of the e-mail and, under any circumstances,
not to provide any personal information through this media.
The FDIC is attempting to identify the source of the e-mails
and disrupt the transmission. Until this is achieved, consumers
and financial institutions are asked to report any similar attempts
to obtain this information to the FDIC by sending information
to alert@fdic.gov.
Go back to top
Security Alert - September 20,
2006
SCENARIO/METHOD: Bogus e-mail mimicking
an e-mail from Card Services for Credit Unions (CSCU).
This e-mail asks members to take a brief survey. When you click
on the link in the e-mail, it takes the member to a site that
looks like the CSCU Web site and asks for personal account information
as well as plastic card information.
CSCU DID NOT SEND ANY E-MAILS DIRECTLY TO CARDHOLDERS AND
DOES NOT HAVE CARDHOLDER DATA.
CSCU does not communicate with cardholders directly. Rather,
all of our communication
is through our member credit unions.
As a reminder:
Beware of an unsolicited email that threatens to close or suspend
your accounts or online account access services or requests
that you provide personal account information.
Never provide personal or account information in response to
an unsolicited request of any kind (online via emails or by
phone).
For your protection, we recommend that you carefully review
your account transaction details on a regular basis through WestStar's
eTeller Online Banking System.
If you believe the contact is legitimate, contact WestStar
directly for verification. (702) 791-4777 or (800) 729-9328.
If you responded to such an e-mail and provided any confidential
account information, please notify WestStar immediately
of the scheme. You should also change your account’s PIN,
and take any additional action recommended by WestStar
to protect your account.
If you feel that you have received a fraudulent phishing e-mail
purportedly from NCUA please forward the entire e-mail message
to Phishing@ncua.gov.
Additionally, you can file formal complaints concerning any
suspected fraudulent e-mail with the Internet Fraud Complaint
Center (IFCC) at ncua@ic3.gov. The IFCC is a partnership between
the Federal Bureau of Investigation, and the National White
Collar Crime Center.
Go back to top
CUNA
Alerts - September 14, 2006
SCENARIO/METHOD: FDIC Reports Fraudulent
E-Mails
E-mails fraudulently claiming to be from the FDIC are attempting
to trick recipients into installing unknown software on personal
computers. These e-mails falsely indicate that recipients should
install software that was developed by the FDIC and other agencies.
The software may be a form of spyware or malicious code and
may collect personal or confidential information.
The subject line of the e-mail includes the phrase, "Urgent
Notification - Security Reminder." The e-mail requests
that recipients click on a hyperlink that appears to be related
to the FDIC, which directs recipients to an unknown executable
file to be downloaded. While the FDIC is working with the United
States Computer Emergency Readiness Team to determine the exact
effects of the executable file, recipients should consider the
intent of the software as a malicious attempt to collect personal
or confidential information, some of which may be used to gain
unauthorized access to on-line banking services or to conduct
identity theft.
The e-mail also asks financial institutions to "advertise
and market the ProBank's existence to employees, suppliers,
third-party service providers, and customers." Financial
institutions should NOT advertise the existence of the software. The
FDIC is attempting to identify the source of the e-mails and
disrupt the transmission. Until this is achieved, consumers
and financial institutions are asked to report any similar attempts
to obtain this information to the FDIC by sending information
to alert@fdic.gov.
LOSS PREVENTION RECOMMENDATIONS:
Do not click on the link in the suspect email.
Keep your operating system and web browser patched along with
running an anti virus system with up-to-date definitions.
Do not open an attachment to an unsolicited e-mail unless you
have verified the source .
Do not be intimidated by an e-mail or caller who suggest dire
consequences if you do not immediately provide or verify information.
If you believe the contact is legitimate, go to the company’s
web site by typing in the site address directly or using a page
you have previously book marked, instead of a link provided
in the e-mail.
Go back to top
CUNA
Alerts - July 26, 2006
SCENARIO/METHOD: Fishing Scams Use Phones
Instead of Fake Websites
In a new twist, identity thieves are sending spam that warns
victims that their credit union/bank account or PayPal accounts
were supposedly compromised. However, unlike typical phishing
emails, there is no website address in these phishing messages.
Instead, the victim is urged to call a phone number to verify
account details.
The automated voice message says: "Welcome to account
verification. Please type your 16-digit card number." The
goal is to get the victim to enter their credit card number.
In these reported scams, no mention of the credit union, bank
or PayPal is made.
Security experts tracking this scam and other instances of
"vishing" , short for "voice phishing",
say the frauds are particularly despicable because they imitate
the legitimate ways people interact with financial institutions.
In fact, some vishing attacks don't begin with an e-mail. Some
come as calls out of the blue, in which the caller already knows
the recipient's credit card number. This increases the perception
of legitimacy, the caller ask for the valuable three-digit security
code on the back of the card.
Vishing appears to be prospering with the help of Voice over
Internet Protocol, or VoIP, the technology that enables cheap
and anonymous Internet calling, as well as the ease with which
caller ID boxes can be tricked into displaying erroneous information.
SCENARIO/METHOD: Customer Survey Phishing
Scam
The spam e-mail starts with: "The Online department kindly
asks you to take part in our quick and easy 5 question survey.
In return we will credit $50.00 to your account - Just for your
time!" The e-mail goes on to describe how it only takes
two minutes, your answers will help them. It is well done and
looks authentic. Of course, the spam doesn't really take you
to the credit union or bank website. Instead, it takes you to
a scammer's site in China, Russia, Romania or ??. The web page
itself and the initial questions they ask look quite authentic.
The catch, of course, is that they say that in order to credit
your $50 reward, they need your credit union or bank User ID
and password, as well as your credit card number, expiration
date, three digit security number, Social Security number, ATM
PIN Number, zip code, mother's maiden name and email address.
The ploy of using a $50 reward for a customer service survey
can be an effective phishing lure.
Go back to top
CUNA
Alert - June 28, 2006
SCENARIO/METHOD: New Twist on “how”
the Phishers Continue to Phish Credit Union Members!
Phishers seek every opportunity to find individuals who are
willing to provide information for the criminals to tap into
a financial gain from credit union members. Once a member
provides the personal and/or financial information, the fraudsters
are off and running to create financial losses to the credit
union and its members.
The phishers continue to change their phony e-mails by including false
fraud protection techniques as a new twist to convince members the
e-mail is from their credit union with the added educational
information. Because of everyone's fraud awareness,
the phishers lure members to “take action” and provide
information by using an “online banking” log-in
which will re-direct this site to the fraudster.
The "take action" the phishers are asking members
to perform is:
deactivate their card(s) temporarily to guard against fraud
activate their card(s) by having them log on to an “online
banking system” where the phishers are able to obtain
member's card information.
The phishers convince members there is no need to contact
your credit union to validate the email or telephone request
involving the deactivation and activation process. It’s
critical that you know of the new twists in the phishing
fraud arena and you should contact WestStar any time
you believe you have received a fraudulent email.
Go back to top
CUNA
Alert - Phishing E-mails - June 12, 2006
SCENARIO/METHOD: Phishing E-mail Sent
to Members
Some phishes swimming the web waters are so realistic that
even well-informed recipients have trouble distinguishing whether
they are legitimate. The Credit Union National Association (CUNA)
is alerting readers to one that is especially convincing.
The phish e-mail purports to be from CUNA, Visa, and MasterCard.
It claims that because of a recent phishing attack and identity
theft, CUNA and the card companies have temporarily deactivated
the recipient's debit card tied to a credit union account.
It then asks the recipient to "reactivate" the debit
card at the CUNA website and specifies separate links depending
on whether the card is from Visa or MasterCard. Of course, the
phish asks for the card number, a ploy to gather information
that possibly could be used for identity theft or fraudulent
transactions.
"It's another 'spin' on phishing, and it's convincing
enough that we have had a dozen calls this morning from consumers,"
said Dorothy Steffens, CUNA's vice president of web services,
Tuesday. "At least they are beginning to question the messages
before they reply," she said.
The phish, addressed to "Dear Credit Union National Association
Member," also says there is "no need to call us in
response to a phone message we've left in the last three days
unless you see any transactions you don't recognize." It
then says that if there are problems to call the customer service
number on the back of the debit card.
CUNA warns recipients that it would never send an e-mail about
a credit card deactivation and would never ask for personal
information such as card numbers in an unsolicited e-mail. Recipients
should not click on the links in the message. Instead, they
should delete the message.
Go back to top
Phishing
Scam Alert - May 1st, 2006
SCENARIO/METHOD: Fraudulent e-mail claiming
to be from CreditUnions.com
It has come to our attention that a fraudulent e-mail claiming
to be from CreditUnions.com was recently distributed. CreditUnions.com
will never ask for any personal credit card or financial information
via e-mail. We do not share our internal email lists with anyone,
and have security in place to ensure that our internal databases
are not being accessed. Neither CreditUnions.com nor its vendor
partners are affiliated with this phishing scam.
A sample of the email is shown below
Phishing
Alert - March 20, 2006
SCENARIO/METHOD: CO-OP Phishing email
asking for cardholder information.
If you receive an email that purports to be from CO-OP Network
asking for cardholder information, please note that the email
is fraudulent as CO-OP Network never contacts credit union members
directly and never requests personal account information. The
email should be considered a deceitful attempt to obtain cardholder
information with the intent of committing fraudulent activity
against members's accounts.
The following is a sample of the fraudulent email asking you
to follow a link that will lead you to a form to be filled with
your card information.
Scam
Alert - March 17, 2006
SCENARIO/METHOD:Scam artist posing as
Jury Coordinator
Clark County officials warned Friday of a jury duty scam that
has led to identity theft in Nevada and 11 other states. The
scam artist poses as a jury coordinator who claims the victim
failed to show up for jury duty. The "coordinator"
then asks for a Social Security number, birth date and credit
card information in order to execute an arrest warrant for not
showing up in court.
Court officials said they do not make follow-up phone calls
to residents who do not report to jury duty. Court administrators
also never ask for any personal information over the phone.
In addition, arrest warrants are rarely served to prospective
jurors who fail to report for duty. A courtesy letter is typically
sent to remind residents of the previously mailed jury summons.
Potential jurors who still do not respond are then sent a notice
to show up in court. Only as a last resort does the court request
a bench warrant, according to the county.
General information about jury duty is available on the county's
Web site, www.accessclarkcounty.com. Prospective jurors can
also call 455-4472 for more information.
Go back to top
Phishing Alert - February
15, 2006
SCENARIO/METHOD: IRS Phishing Emails
- Tax Refunds
The Internal Revenue Service and the Internet Crime Complaint
Center have issued consumer alerts about an Internet scam in
which consumers receive an e-mail informing them of a tax refund.
One e-mail, which claims to be from the IRS, tells the recipient
that they are eligible to receive a tax refund for a given amount.
It then directs the consumer to a link that requests personal
information, such as Social Security number and credit card
information.
Another e-mail titled "Refund Notice" claims to provide
information to recipients regarding the status of their IRS
Tax Refunds. The e-mail contains a link, which mirrors the true
IRS web site. This site purportedly allows recipients to check
the status of their IRS tax refund after providing the following
information:
- First and last name
- Social Security Number or IRS Individual Taxpayer Identification
Number
- Credit card information
The IRS has seen numerous attempts over the years to defraud the
public and the federal government through a variety of schemes,
including abusive tax avoidance transactions, identity theft,
claims for slavery reparations, frivolous arguments and more.
The IRS does not ask for personal identifying or financial information
via unsolicited e-mail.
If you receive an unsolicited e-mail alleging to be from the IRS,
take the following steps:
- Do not open any attachments to the e-mail, in case they
contain malicious code that will infect your computer.
- Contact the IRS at 1-800-829-1040 to determine whether the
IRS is trying to contact you about a tax refund.
- If you have received this, or a similar hoax, please file
a complaint at www.ic3.gov.
- If you have been victimized by a spoofed e-mail or web site,
you should contact your local law enforcement, US Postal Inspector,
or FBI.
Go back to top
Phishing
Alert - February 15, 2006
SCENARIO/METHOD: VISA Scam Email
Please be aware of a new phishing scam that appears to be coming
from Visa, but in reality Visa will never ask for cardholder information.
Cardholders could receive an email (from VisaServices@visa.com
or Visa@visa.com or something similar) that states something like
this:
If anyone receives an email of this nature please email it
to phishing@visa.com. This way we can track where hackers are
setting up these bogus email addresses, and we can shut them
down immediately.
Go back to top
Phishing
Alert - February 15, 2006
SCENARIO/METHOD: NCUA Fraudulent Email
A fraudulent email is being circulated claiming to be from “National
Credit Union Association”. This message was sent to both
the general public and to some credit union members that appeared
to be from NCUA. This false e-mail asked for the recipient to
click on a link to verify their credit union account registration.
If the recipient proceeded to do so, the link directed them
to a false website and asked for their credit union account
number and PIN, along with other personal information.
The subject of the email is
The body of the fake message goes on to state:
This is a "phishing" attempt—Do not reply or
click on any associated links or buttons.
As a reminder:
- Beware of an unsolicited email that threatens to close or
suspend your accounts or online account access services or
requests that you provide personal account information.
- Never provide personal or account information in response
to an unsolicited request of any kind (online via emails or
by phone).
- For your protection, we recommend that you carefully review
your account transaction details on a regular basis through
WestStar's eTeller Online Banking System.
- If you believe the contact is legitimate, contact WestStar
directly for verification. (702) 791-4777 or (800) 729-9328.
- If you responded to such an e-mail and provided any confidential
account information, please notify WestStar immediately of
the scheme. You should also change your account’s PIN,
and take any additional action recommended by WestStar to
protect your account.
- If you feel that you have received a fraudulent phishing
e-mail purportedly from NCUA please forward the entire e-mail
message to Phishing@ncua.gov.
- Additionally, you can file formal complaints concerning
any suspected fraudulent e-mail with the Internet Fraud Complaint
Center (IFCC) at ncua@ic3.gov. The IFCC is a partnership between
the Federal Bureau of Investigation, and the National White
Collar Crime Center.
Go back to top
Online
Fraud Alert - December 30, 2005
SCENARIO/METHOD: Phishing web page.
Security Confirmation-online banking and bill pay service
We have discovered "phishing" activity in which our
Online Bill Pay and Online Banking users are presented a web
page requesting personal information. This web page may be titled
"Security Confirmation" and appears to come from within
the online banking and bill pay service, but it is actually
a fraudulent page caused by malicious code that has infected
users' personal computers.
If you see this web page, DO NOT PROVIDE YOUR INFORMATION and
DO NOT SUBMIT THE FORM.
Most anti-virus software providers have recently issued updated
software which eliminates the malicious code. It is important
that you update and run anti-virus protection software immediately
to protect yourself.
Please follow this link to learn more about online security.
Go back to top
Fraud
Alert - December 19, 2005
SCENARIO/METHOD: WestStar Scam. Fraudulent
telemarketing.
The holiday season is a ripe time for telemarketers who claim
to be from companies representing your financial institution,
prize distributing companies, and charities, but in reality
are pocketing the fruits of other peoples' good will.
It has come to our attention that WestStar Credit Union’s
good name is being used in a telemarketing scam indicating you
may have won airline tickets, trips, or may have even won a
lottery. Telemarketing fraud is one of the largest and most
serious consumer crimes in the United States of America.
During the course of the conversation, a fraudulent telemarketer
may identify your financial institution then ask you for a credit
card number or for your checking account number. They may also
try and obtain your personal information such as your social
security number, date of birth, mailing address, or even your
personal identification number (PIN).
This information is then used to create checks drawn on your
account, charge purchases leaving you with the bill, or may
even attempt to take over your identity.
Do not give personal information over the phone to anyone unless
you have initiated the call to a reputable company or organization.
If you receive a suspicious call on behalf of your financial
institution, obtain as much information about the call as possible
such as: name of caller, position held, callback number, reason
for the call, etc., and immediately contact your financial institution.
Go back to top
