|
 |
Financial Scams and Identity Theft |
|
 |
New Hampshire Postal Credit Union would like to warn you to be on the look-out for financial scams intended to steal your money and/or your identity. Anyone can become a victim and you need to know how to help protect yourself from various “phishing” (pronounced fishing) and "vishing" scam artists.
Take Charge: Fighting Back Against Identity Theft
The FTC’s comprehensive guide for victims of identity theft. Download the PDF file here »
Visit the
for more information on how you can protect yourself from identity theft.
|
|
|
|
Latest Updates |
|
|
Latest Updates!
E-mail Airline Ticket Scam
A new e-mail “phishing” scam seeks to plant malicious software on the computers of recipients who open an attachment purportedly related to the purchase of an airline ticket. Learn more »
MasterCard Three-Digit Security Code Scam
A new twist on phishing aims to obtain the three-digit security code printed on the back of MasterCard debit cards. The phishers are trying to get enough information to perform fraudulent card-not-present transactions (Internet, telephone, and mail-order purchases). Learn more »
"Smishing"is a cell phone text messaging tactic used by scammers to obtain financial information from unsuspecting account holders. Learn more »
IRS WARNING of scammers tricking taxpayers into divulging financial account information for fraudulent purposes. Learn more »
Fake Check Scams are on the rise.
Visit
to learn how you can protect yourself against fake check scams.
Under NO circumstances will the New Hampshire Postal CU (or its affiliates) either e-mail or call to ask you for your Account Number, PIN, Password, or any other personal information.
Do not under any circumstances respond to any e-mail asking for your personal information.
Read below to find out more about fraudulent e-mail and phone calls (known as "Phishing" and/or "Vishing"). |
|
|
|
E-mail Airline Ticket Scam |
|
|
A new e-mail “phishing” scam seeks to plant malicious software on the computers of recipients who open an attachment purportedly related to the purchase of an airline ticket.
The fake e-mails use the names of various U.S. airlines including Northwest Airlines, Continental Airlines, Sun Country Airlines, US Airways, Allegiant Air, Delta Air Lines, Alaska Airlines, Midwest Airlines, and Hawaiian Airlines.
The e-mail messages urge recipients to confirm a ticket purchase they never ordered. The e-mail requires an entry by thanking recipients for buying the tickets using the “Buy flight ticket online” service offered by the airline. Giving fake details of the purchased ticket, it asks them to confirm the purchase by printing the invoice and the ticket after clicking on an attachment in the mail.
However, when unsuspecting recipients click on the e-mail, a malicious software program downloads onto their computers. This “malware” enables the fraudsters to gain confidential information such as credit card access codes, Social Security numbers, and net banking passwords by allowing them remote access to the computers.
Airlines say there are a couple of things inside the mail that should warn people of the scam. The e-mails contain mistakes in spelling and grammar, and the formats in which the itineraries are presented are different than those used by the airlines.
Members should be aware that these e-mails are not coming from the airline. If the format does not look familiar to you, and you have not recently purchased a ticket, do not open the attachment. Delete the e-mail right away.
Below is an example of an e-mail received by a credit union executive:
From: Hawaiian Airlines [mailto:tegoo@qq.com]
Sent: Thursday, November 13, 2008 4:24 PM
To: James Mxxxx
Subject: Your flight ticket
Dear Valued Customer
Thank you for using our new service ‘Buy airplane ticket Online” on our website.
Your account has been created:
Your login: 1mooreDacu,com
Your password: PASS8QBE
Your credit card has been charged for $424.85.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the airplane ticket. To use your ticket, simply print it on a color printed, and you are set to take off for the journey!
Kind regards,
Hawaiian Airlines
|
|
|
|
|
MasterCard Three-Digit Security Code Scam |
|
|
With the holiday season here, Members increasingly use their debit cards to make purchases at the mall, on the Internet, or over the telephone. When plastic card use increases this time of year, so do the scams.
A new twist on phishing aims to obtain the three-digit security code printed on the back of MasterCard debit cards. The phishers are trying to get enough information to perform fraudulent card-not-present transactions (Internet, telephone, and mail-order purchases).
Under this scam, a telephone call is placed to a legitimate cardholder. The caller claims to be a representative from MasterCard informing the cardholder of suspicious card activity. The caller provides details of an unusual transaction and asks if the cardholder made this purchase, which, of course, the cardholder did not. The cardholder is then asked to verify possession of the card. To do so, the cardholder is asked to read the three-digit security code on the back of the card. The fraudster then provides a control number in the event the cardholder needs to call back with questions, making the call seem legitimate.
The caller does not ask for the credit or debit card number, and that is why some members are fooled into believing the call is legitimate. But the fraudster already has the card number; what they don’t have is the three-digit security code from the back of the card, and that is what they are after with this scam.
The three-digit code on the back of the MasterCard card is a security tool used for non face-to-face transactions. When conducting transactions that are not face-to-face, many merchants will ask the shopper for the three-digit code to complete a card authorization. If the criminal obtains this three-digit number and already has your member’s card number, card expiration date, and billing address, the criminal may be able to obtain authorization for fraudulent transactions.
Members should never give out that three-digit code to anyone who may contact them by telephone, Internet, or mail. This security tool is used when a card-not-present transaction is performed, and during the transaction the merchant may ask for the code to complete the authorization process.
REMEMBER: Never respond to any e-mail, telephone call, voice message, text message, or letter received through the mail that requests personal and financial information, including the three-digit number on the back of the card. |
|
|
|
IRS WARNING |
|
|
The Internal Revenue Service has issued an alert, warning that the IRS name and logo is being used by fraudsters attempting to access the taxpayer financial information through e-mail, telephone, and cell phone text messaging.
Note: The IRS does not ask for personal identifying or financial information via unsolicited e-mail, telephone calls, or text messaging.
The following scams are being used to trick taxpayers into divulging financial account information for fraudulent purposes:
- Taxpayers receive a phone calls telling them that they are eligible for a sizable rebate for filing their taxes early, and they are told to provide their financial account information for direct deposit.
- Taxpayers receive e-mails that claim they are eligible for a tax refund of a specific amount, and they are instructed to click on the link in the e-mail to access the refund claim form, which requires them to disclose financial account information.
- E-mail notifications addressed to individual taxpayers claim that their tax returns will be audited. The individual is instructed to click on the link within the e-mail and complete forms disclosing personal and financial account information.
- Businesses, accountants, and “Treasury” managers are receiving bogus e-mails regarding tax law changes. To obtain information on publications for businesses, estates taxes, excise taxes, exempt organizations, as well as IRAs and other retirement plans, the recipient is instructed to click on a series of links. The IRS suspects that clicking on these links downloads “malware” onto the recipient’s computer, which can be used to search for financial records and other private information.
- A person claiming to be an IRS employee telephones taxpayers to say the IRS has mailed them a check that has not been cashed. The caller then asks for verification of financial account information.
|
|
|
What are Phishing and Vishing? |
|
|
“Phishing” is a term used to describe fraudulent e-mail messages designed to steal your personal information. These e-mail messages may appear to come from a legitimate business – even using legitimate logo’s. But the fact is, they are actually from thieves masquerading as a legitimate business. The e-mail will ask you to click on a link - taking you to a phony website - created by a phishing scam-artist.
If you click on the link, the phony website will ask you for personal information. The thieves then steal your information to harm your good name, access your accounts, open new accounts and even commit crimes in your name. Phishing e-mail messages typically suggest that if you do not update your personal information, your account will be closed.
There are at least two types of "Vishing" methodologies scammers use:
Online Version
The scammer sends a blast e-mail, disguised to appear as though it’s from your credit union, bank, online payment service or other well-known business. The e-mail, which may have a trusted logo, typically reports a "security" problem with the recipient’s account and urges the member/member to call a telephone number to "straighten things out."
Although many members know better than to click on hyperlinks in strange e-mails for fear of being "phished," they often feel safe calling a telephone number that appears to be local or toll-free. When the member calls, they reach an automated attendant prompting them to enter their account number, password or other private information for "security verification" purposes.
Cold Call Version
Some "vishers" use automated dialing programs to "cold call" members. The members caller ID device may list a legitimate-looking local phone number, to inspire trust from the recipient. A prerecorded message (or sometimes a live "employee") claims the member’s account has been compromised or needs updating or verification. The member is asked to enter their account information, which is digitally transcribed onto the hard drive of the scammer’s computer.
Rest assured that NH Postal Credit Union will never send you an e-mail message requesting any personal information. You already supplied this information to us when you opened your account. If you receive such an email message – this is a scam and you should contact us immediately.
|
|
|
|
What is Smishing? |
|
|
Credit unions across the country are reporting that their member’s are receiving unsolicited text messages. It’s an attempt at Smishing, the latest form of phishing. In Smishing, an e-mail tries to lure a recipient into giving personal information via SMS, the communications protocol used to send text messages to a wireless device. The recent scam is targeting credit union and other financial institution members.
In smishing, the members receive a text message via cell phone warning that their bank account has been closed due to suspicious activity. It then tells them they need to call a certain phone number to reactivate the account.
Unsuspecting callers who dial the number provided in the text message will be taken to an automated voice mail box that prompts them to key in their credit card or debit card number, expiration date, and PIN to verify their information.
If you have a question concerning your account or credit/debit card, contact your financial institution using a telephone number obtained independently, such as the phone number from your statement, a telephone book, or other independent means.
|
|
|
|
Look For These Warning Signs |
|
|
- The e-mail message will urge you to act “quickly” or your account will be closed.
- The wording may be sloppy and contain errors and misspellings.
- Personal information is requested – such as user names and passwords, debit card numbers and PINs, social security numbers, mother’s maiden name, etc.
- An “@” symbol in the linked website address may indicate that the source might be imitating the bank. (For example www.nhpcu@internet.com is fake).
- Watch out for non-secure website pages that ask for sensitive information. Secure sites use encryption technology to protect your personal information.
If it sounds too good to be true, it probably is. Odds are, “valuable offers” and “great deals” are other ways to obtain personal information from you. |
|
|
|
What Can You Do If You Receive
Suspicious
Phishing or Vishing Email Messages or Phone Calls? |
|
|
- Contact the credit union immediately.
- Contact the local police department.
- Change your user names and personal identification numbers.
- Maintain a written log of what has happened to you, the steps that
you have taken, and the names of the people that you have spoken to.
- Check your account online or your monthly account statement as soon as you receive it and report any irregularities to us immediately.
- Report suspicious activity to the Federal Trade Commission (for the Consumer) FTC at
or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261.
- Forward any email message received that is “fishing” for your personal information, to spam@uce.gov.
- Obtain FREE information on consumer issues, at the Federal Trade Commission website at
.
- Visit the FTC’s Identity Theft website at
to learn how to minimize your risk of damage from ID theft.
- Visit
to learn other ways to avoid email scams and deal with deceptive spam.
- Visit
to learn how you can protect yourself against fake check scams.
|
| |
| |
| |
|
|
|
|
