How Phishing & Vishing works

What is Vishing?

 

Phishing

Beware of new Phishing scams

Phishers know that consumers are more educated about Phishing attempts and have come up with a new way to obtain personal information. Most of us are familiar with the standard Phishing e-mails: you receive an e-mail that your account has been compromised, that your account needs to be updated or it will be closed or an item has been purchased under your account, and you are urged to click the link and enter the requested information (account numbers, social security number, PIN, credit card numbers, etc.).

The new Phishing e-mails are an offer of a reward (usually money) if you complete a shore survey about the company. The e-mail promises that you will not have to provide any sensitive information when you complete the survey. The survey will most likely contain the name and logo of the company, and may look very legitimate. You will be asked some simple questions that are not personal in nature.

However, later in the survey you are asked to provide personal information so that the reward can be deposited into your account. The survey will now ask for your account number, credit card number, mother's maiden name, and a whole lot of other personal information that the phishers can use to open accounts in your name and perpetrate other types of fraud - including identity theft.

Vishing

You can also be scammed via the phone in a scam referred to as "Vishing." Identity thieves are sending spam that warns victims that their credit union/bank account or PayPal accounts were supposedly compromised. However, unlike typical phishing e-mails, there is NO website address in these phishing messages. Instead, the victim is urged to call a phone number to verify account details.

The automated voice message says: "Welcome to account verification. Please type your 16 digit card number." The goal is to get the victim to enter their credit card number. There's no mention of the credit union, bank or PayPal.

Some of these attacks don't even use an e-mail: they simply contact you by phone and they already know your credit card number. Because this increases the perception of legitimacy, the caller ask for the valuable three-digit security code on the back of the card.

Remember - no legitimate business will ever ask for this kind of information in an e-mail or in a phone call. This is a fraudulent attempt to obtain your personal information for illegal purposes and you should not respond.

Here are some tips to help you avoid falling victim to phishing scams:

• The credit union, other financial institutions or any legitimate company will not send you an e-mail or call you asking for your personal information.

• Do not respond to any e-mail that requests your personal information. Delete any suspicious e-mails, or forward the e-mail to the Federal Trade Commission (FTC) at use@ftc.gov.
• Ignore online pop-up windows asking for personal information, no matter how official they may look. use@ftc.gov.
• Review your monthly statements for accuracy. use@ftc.gov.
Here's what to do if you're a victim of a phishing scam:use@ftc.gov.
• Contact the credit union (and the company represented in the e-mail) immediately. use@ftc.gov.
• Immediately upon receipt, review all credit card and other account statements for unauthorized transactions. use@ftc.gov.
• Contact vendor immediately if statements are late.

• If you've disclosed personally identifying information, contact the three major credit reporting agencies listed above. They will help you determine if a fraud alert should be placed on your file, which will help prevent thieves from opening accounts in your name.

• If your response to a Phish e-mail results in your becoming a victim of identity theft, file a complaint with the Federal Trade Commission at www.ftc.gov

Avoiding Scams

Tips for Online Buying and Selling

Buying and selling online is very popular. As with any sales transaction, you should exercise caution when transacting business online.

• Do your research. Select an online company that has a good reputation.

• If you receive payment by check for an item you sell, make sure the check clears your account before sending the merchandise. Even cashier's checks can be fraudulent.

• Do you research before making a decision on how to pay online, select the option you feel most comfortable with. You should not use your Debit/ATM card for online transactions.

• When buying online, get as much information about the seller. Ask for phone number/address in case you need to contact him/her at a later date. Get a picture of the item you are purchasing, ask the seller to send one via e-mail or postal service.

Counterfeit Checks

With the advancement of computer technology, it has become easier for criminals to create counterfeit checks. This is often done with a simple desktop publishing software or a color copier. Some counterfeiters are better than others, and sometimes it can be difficult to tell the difference between a legitimate and counterfeit check. Here are some "red flags" to look for to identify a counterfeit check:

• The check lacks perforations

• The check number is missing, or if more than one check is present, the check number does not change

• The font type varies on different areas of the check

• Additions to the check (i.e. phone numbers) may be hand written

• The maker's address is missing

• The drawee's bank address is missing

• The number coding on the bottom of the check is shiny. Genuine magnetic ink appears dull and non-glossy

• The check number on the bottom of the check does not match the check number elsewhere on the check

• The name of the payee appears to have been printed by a typewriter

• The word VOID appears across the check

Counterfeit checks are frequently used to pay for purchases made on the Internet. In this type of scam, the purchaser tells the seller that they will send a Cashiers Check for the purchase price, including shipping costs. Frequently, the purchaser will also say that since the shipping costs aren't known at that time, they will send more than enough money to cover this cost. The purchaser asks the seller to wire the excess funds back once they receive the check and ship the goods.

Unfortunately, when the seller realizes that the Cashier's Check is fraudulent, they will not only be out their merchandise and the shipping charge, but also the money that they wired back to the seller prior to finding out the check is bad.

You can read more about counterfeit check scams at the Federal Trade Commission's web site at www.ftc.gov/bcp/conline/pubs/alerts/overpayalrt.htm

Foreign Lottery Scams

Remember the old saying, "If it sounds too good to be true, it probably is"? This is especially true of phone calls or mail solicitations offering instant wealth through foreign lotteries.

Here's an example of a lottery scam:

"Congratulations! You may receive a certified check for up to $400,000,000 U.S. CASH! One Lump sum! Tax free! Your odds to WIN are 1-6." "Hundreds of U.S. citizens win every week using our secret system! You can win as much as you want!"

Of course, all you need to do is provide your credit card number or bank account number to purchase the lottery tickets. And when you do, the lottery hustlers will make unauthorized withdrawals or run up charges on your credit card. You'll never get the lottery tickets you were promised.

The FTC has these words of caution for consumers who are thinking about responding to a foreign lottery:

• If you play a foreign lottery — through the mail or over the telephone — you're violating federal law. There are no secret systems for winning foreign lotteries. Your chances of winning more than the cost of your tickets are slim to none.

• If you purchase one foreign lottery ticket, expect many more bogus offers for lottery or investment "opportunities." Your name will be placed on "sucker lists" that fraudulent telemarketers buy and sell.

• Keep your credit card and bank account numbers to yourself. Scam artists often ask for them during an unsolicited sales pitch.

The bottom line, according to the FTC: Ignore all mail and phone solicitations for foreign lottery promotions. If you receive what looks like lottery material from a foreign country, give it to your local postmaster.

Other lottery scams proclaim that you are a winner in a foreign lottery (which you didn't even enter). All you have to do to collect your winnings is send a "contest fee" to cover expenses associated with the lottery and taxes. You're also instructed not to tell anyone that you have won the lottery - especially bank employees, or you will lose your winnings. If you send the fee, whether by mail or through a wire transfer, you'll never see your money or the lottery winnings again.

Another lottery scam involves overnight courier services to give the appearance of legitimacy. You receive a letter that you have won a lot of money (let's say $50,000) in a foreign lottery (typically Canada or Australia). You call the number in the letter and are told that in a few days you will receive a letter and a check to cover the cost of the lottery fees and taxes. The letter arrives by overnight courier service (like FedEx) along with a check (let's say it's for $2,200). The letter explains that the fees and taxes are part of federal law, and you can use the check to cover the costs.

Since the check looks very real, you deposit it into your account and then, as instructed, you write a check out of your account for the fees (or you wire transfer the fees). Of course, their check is fake and now you're out the $2,200.

Here are five tips from ScamBusters.org about these scams:

• First of all, playing any kind of cross-border lottery system is a violation of Federal law, and law enforcement officials ARE paying attention. It's illegal. Don't do it!

• You can't win a prize in a lottery if you didn't buy a lottery ticket.

• Real lotteries don't ask you to pay a fee. If you have to write a check to win a lottery prize, it's a scam. Never, ever send any money for "processing fees," or share any other financial information, in order to claim a prize.

• Never fill out any prize forms or "claims" either through snail mail or online -- you may end up on scammers' "sucker" lists as a result, which means you'll just get more solicitations.

• Don't believe -- or pay for -- any "secret systems" that will help you win lotteries. If someone really had a foolproof secret system to win lotteries, why would they sell it to you?

Home Computer Security

Firewalls, virus protection software, network intrusion detection systems, and encryption are just some of the ways the credit union protects your account information from unauthorized access. How you protect your personal computer is just as important to the security of your personal information. If you plan to use your computer in an online environment, you need to educate yourself about computer security.

Anti-Virus Software

A virus is a computer program that replicates itself and can harm other programs and files on your computer. Anti-virus software is designed to protect your computer against known viruses. There are many anti-virus software programs available. Keep in mind that with new viruses emerging daily, the program needs regular updates to recognize and prevent new viruses from infecting your computer.

Firewall

A firewall is a barrier that protects your computer from unauthorized access when you are connected to the Internet. A firewall will filter information coming in to your computer from the internet, and will not allow any information to come through that is "flagged" by the filters. If you don't have a firewall installed on your computer, you should do so soon for your own protection.

Spam

Spam is unwanted and unsolicited e-mail. It's similar to the "junk" mail you receive in your mailbox at home. You didn't ask for it, but there it is. Some Internet Service Providers have filters built into their e-mail programs to catch the spam before it reaches your e-mail inbox. Check with your provider to see if they offer this service.

If you get a spam e-mail, don't respond to it. If you respond, or click the "unsubscribe" link in the e-mail, this simply verifies your e-mail address so the sender can continue spamming your e-mail box. Delete the spam and consider using a filter.

Spyware

Spyware is a program installed on your computer, without your knowledge, that is used to "spy" on you as you navigate the Internet. The spyware tracks your web site visits and then sends you advertisements it thinks may appeal to you. Some spyware may even capture user ID and password information you provide online when accessing accounts or placing online orders.

Some companies sell software that combines anti-virus, firewall, and spyware protection all in one.

General Security Tips and Information

The information below will assist you in protecting yourself against fraud and identity theft.

Thieves check mailboxes looking for all kinds of information. How many pre-approved credit card offers do you receive? Do your statements contain your social security number?

Here are some helpful tips:

• If you do not have a mailbox with a lock, be sure to pick up your incoming mail every day. Or, consider using a PO Box.

• Take outgoing mail to the Post Office, never raise the red flag on your mailbox telling everyone that you have mail to be picked up.

• Shred all offers of credit that you receive in the mail. Never dispose of these items in the trash without first shredding them.

• Make a list of all bills and statements you receive and the dates you normally receive them. If you're expecting a bill and you do not receive it, contact the issuer right away.

Telephone:

• Never give private information, such as social security number, account or credit card numbers, passwords, etc. over the phone unless you initiated the call.

• A credit union employee will not call you and ask you to provide sensitive account information. You may receive a call from someone claiming to be a credit union employee, and they may ask for your account information (such as your credit card number, account number, etc.). In some cases, the caller has already obtained one identifying piece of information (such as your Social Security Number) and will use this to persuade you that the call is legitimate and that you need to provide additional account information. Do not provide the caller with any sensitive or personal information. Remember - the credit union will not call you and ask for this information.

• Don't agree to any offer or prize where you have to pay a registration or shipping fee, or send money, to claim the "prize."

• Check out charities before you give. Ask for written information before you make a donation.

• Don't be pressured to make an immediate decision.

Passwords:

• Never write your password/PIN down where someone can find it.

• Do not send your password or any other personally identifying information (i.e. social security number, account number, etc.) via e-mail.

• Avoid easy-to-guess passwords/PINs - like birthdays, anniversaries, phone numbers, names, etc. Use a combination of letters (upper and lower case), numbers and symbols for passwords.

• Keep your password/PIN private.

Identity Theft

Identity theft occurs when someone uses your personal information to obtain access to your existing accounts, or open new accounts or credit lines in your name. Thieves may gain access to your personal information in a number of ways:

• Personal information stolen from your purse or wallet (DO NOT carry your social security card in your wallet/purse)

• Home break in

• Automobile theft

• Dumpster diving (stealing trash with personal information from a residential or business trash receptacle)

• Personal information on your imprinted checks

• Medical or school records that are accessed by an untrustworthy employee

• Information you provide to a fraudulent telemarketer

• Information you supply over the Internet

You can help avoid becoming a victim of identity theft by following the tips listed in the Mail, Telephone and Password sections of this page. You may also want to consider the following:

• Do not print unnecessary information on your personal checks (i.e. phone number, drivers license). Never print your Social Security Number on your checks.

• Maintain an unlisted home phone number. This listing is just one more source of information for someone who has a desire to defraud you. You may also consider listing just your name and telephone number without an address.

• Review your credit reports from the three credit reporting agencies at least once a year.

• For permanent opt-out status, put your request in writing and send it to the three credit reporting agencies listed on this page. This establishes a two-year opt out.

• To remove your name from phone and/or mail lists, visit the Direct Marketing Association's web site www.the-dma.org

• Visit www.google.com and search for your area code and phone number. You'll get a link to your name, address, zip code and a map to your house. Google provides a web site www.google.com/help/pbremoval.html to remove your phone number from their search engine.

If you are a victim of Identity Theft, contact the credit union immediately. You should also contact the three credit reporting agencies and ask them to place a fraud alert on your account.

Equifax: 1-800-685-111
www.equifax.com
Experian: 1-888-397-3742
www.experian.com
Trans Union: 1-800-888-4213
www.transunion.com
The web sites below provide more information about how to avoid becoming a victim of identity theft, and what to do if you are a victim.

Federal Trade Commission
www.consumer.gov/idtheft/
Privacy Rights Clearinghouse
www.privacyrights.org/identity.htm
Better Business Bureau
www.bbb.org/idtheft

 More