Security/Fraud Alerts

Protect Yourself from “Smishing”... (April 22, 2009)
A growing form of fraud that targets cell phone users.

Recent media and government reports point to an identity theft threat for the nation's millions of cell phone users. The scam has been dubbed “smishing” (or SMiShing), a term derived from SMS technology that's used for cell phone text messages.

Although wireless telephone companies are working to block unwanted text messages, users are reporting increasing numbers of “spam” messages and smishing attacks. Adding insult to injury is the fact that users must pay for
the text message they get on their cell phones.

How the scam works
The scam is similar to the deceptive e-mail and phone schemes known as phishing and vishing. In all these forms of fraud, scammers try to trick victims into revealing personal information like account numbers, Social Security numbers, and passwords. The personal information is then used to withdraw money from victims' accounts or obtain credit in victims' name.

In smishing scams, cell phone users receive a text message that seems to come from a legitimate source, such as a bank, e-commerce site or other financial institution. The message seeks to dupe users into clicking on a link via the phone's internet connection, or into calling a certain phone number. Both the link and phone are fraudulent, and lead to requests for personal information that can be used for ID theft. Once your identity has been stolen, it generally takes much time and effort to try to regain your lost funds and your good name.

How to protect yourself
Now that you're aware of the problem, it's wise to take a few simple precautions to protect yourself from this growing form of fraud.
Never respond to unsolicited requests for personal financial information received via text message – even if the request appears to come from a legitimate institution that you do business with. This includes request to “confirm, verify or update” your information.

Always know who you're dealing with. Don't click on links in text messages, or call numbers listed in text messages. Verify contact information independently, and key in web addresses yourself.

Put passwords on all your financial accounts.

Monitor your credit report regularly for signs of irregularities. You are entitled one free credit report from each of the three major credit report. Visit www.annualcreditreport.com, call (877) 322-8228, or write to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.

Remember, Fort Bragg Federal Credit Union will never contact you via text message, e-mail, phone or any other way to ask for your account numbers or passwords. If you suspect you've been a victim of smishing or any other form of ID theft, contact Fort Bragg Federal Credit Union immediately at 1.800.793.2328 or 910.864.2232.

Bank scam hits accounts across country (Published by The Fayetteville Observer, January 05, 2009)
Scores of consumers are opening their monthly checking account statements to find that their accounts have been debited electronically without their consent. These charges come in the form of electronic checks and range from $10.00 to $40.00. so far, the Internet Crime Complaint Center (IC3) has received more than 400 complaints from unsuspecting consumers nationwide. But the number could go much, much higher.

On the electronic check is the name of a business, an 800 number to call and a reference number. When the victim calls the number, an operator claiming to be based in Nicosia, Cyprus informs him or her that the charge was levied by an adult Web site. Fortunately, most victims who call to refute the charges are usually refunded their money. Many victims, however, fail to even notice the bogus transactions, let alone call to contest them.

The victims' computers may have been compromised by some form of malware (i.e. hijacker, keylogger, etc.) which allowed unauthorized users to gain access to private bank account or other information.

To help eliminate the threat, the National White Collar Crime Center (NW3C) urges consumers to avoid clicking on any email attachments delivered to either work or at home addresses from unknown sources. They should also closely monitor their monthly bank statements for any irregularities.

If you have been victimized by this scam, NW3C recommends that you contact your local police department and then file a complaint with IC3 at www.ic3.gov. IC3 works with federal, state, and local law enforcement agencies to follow-up on such complaints.

Online Scam Warnings Issued (Published by The Fayetteville Observer, December 4, 2008)
The Better Business Bureau is warning consumers to be alert for holiday e-mail scams. Computer hackers are posing as workers from FedEx, UPS, and Wal-Mart in an effort to steal personal information such as Social Security or credit card numbers, according to a news release from the BBB of Coastal Carolina.

"While most of the country is spreading peace and love this holiday season, cyber crimals are spreading computer viruses and stealing identities and information," chapter President Kathy Graham said in the release.

Those from shipping companies such as FedEx or UPS reporting a problem with delivery of merchandise. The e-mails will usually include a link to another Web site that may install a program designed to damage computers or one to get personal information.These e-mails may include a tracking number in the subject line and a message indicating a package can't be delivered.The consumer will be advised to print a copy of the shipping invoice as an attachment.The attachment is a virus that can be spread by opening it, the release said.Consumers who get these e-mails should contact the shipping firm directly to check on a delivery status, Graham said.

E-mails from retailers offering holiday spending money in exchange for participating in a survey. These e-mails appear to come from stores such as Wal-Mart and include a subject line involving an online survey. The contents proclaim that the targeted consumer is one of the few customers selected to participate in survey. In return, the customer will receive a credit for a designated amount. The consumer is given a link where the survey is posted. In face, Graham said, the link is to a phishing site that lead to stolen personal information. Don't respond to any unsolicited e-mails offering cash for taking part in a survey, Graham said.

E-cards have become a popular method to have consumers link to a phishing Web site or one that will intall damaging software on a computer, Graham said. A bogus e-card is hard to spot because scammers will include brand-name logos in an effort to appear legitimate, Graham said. Spelling and grammatical mistakes should be a red flag to consumers. Don't try to open an e-card unless you know who sent it, Graham said.

Beware of Scams This Time of the Year (Posted November 26, 2008)
With the holiday season upon us, shoppers increasingly use their credit and debit cards to make purchases at the mall, on the internet, or over the telephone. When plastic card use increases this time of year, so do the scams.

A new twist on phishing aims to obtain the three-digit security code printed on the back of VISA and MasterCard credit and debit cards. The phishers are trying to get enough information to perform fraudulent card-not-present transactions (Internet, telephone, and mail-order purchases).

Under this scam, a telephone call is placed to a legitimate cardholder. The caller claims to be a representative from VISA or MasterCard informing the cardholder of suspicious card activity. The caller provides details of an unusual transaction and asks if the cardholder made this purchase, which, of course, the cardholder did not. The cardholder is then asked to verify possession of the card. To do so, the cardholder is asked to read the three-digit security code on the back of the card. The fraudster then provides a control number in the event the cardholder needs to call back with questions, making the call seem legitimate.

The caller does not ask for the credit or debit card number, and that is why some members are fooled into believing the call is legitimate. But the fraudster already has the card number; what they don't have is the three-digit security code from the back of the card, and that is what they are after with this scam.

The three-digit code on the back of the Visa or MasterCard is a security tool used for non face-to-face transactions. When conducting transactions that are not face-to-face, many merchants will ask the shopper for the three-digit code to complete a card authorization. If the criminal obtains this three-digit number and already has your member's card number, card expiration date, and billing address, the criminal may be able to obtain authorization for fraudulent transactions.

Never respond to any e-mail, telephone call, voice message, text message, or letter received through the mail that requests personal and financial information, including the three-digit number on the back of the card.

Phishing Scam (Published October 7, 2008)
A phishing scam may now be targeting Fort Bragg Federal Credit Union members by sending e-mails that appear to be from Digital Insight (our home banking provider), a financial institution or some other source designed to appear official. The scam attempts to trick recipients into clicking a link in the fraudulent e-mail for the purpose of acquiring sensitive data, such as passwords or financial information. Please do not click links in these particular e-mails. Fort Bragg Federal Credit Union will never ask for your information through e-mails.

Police Warn of 'Secret Shopper' Scam (Published by The Fayetteville Observer July 31, 2008)
Fayetteville police are warning residents about a "secret shopper" scam. Suspicious residents have given letters to police that say the recipient was selected to represent the company Market Pulse International as a secret shopper. Attached to the letter is what appears to be a valid cashiers check.

After cashing the check, the person is encouraged to wire a portion back to the company, which is usually based overseas. When the victim's bank realizes the check is fraudulent, it demands the money back and leaves the victim in the red.

According to its Web site, Market Pulse International is based in New Zealand. Police spokeswoman Theresa Chance said the department is advising people to not cash the checks. According to the Federal Trade Commission's Web site, similar scams have told victims they were the winner of a foreign lottery.

FinCEN Name Used in Scams (Published by National Association of Federal Credit Unions July 23, 2008)
The Financial Crime Enforcement Network has issued warnings about financial scams being undertaken through the unauthorized use of FinCEN's name.

Some of the scams involve persons representing themselves as FinCEN officials seeking confidential information. The requests may be presented in letters bearing the FinCEN seal or an e-mail represented as official correspondence. "These scams often involve the enticement of a phony inheritance of sum of money and claim that FinCEN is holding or blocking the transfer of funds, " the agency said.

FinCEN advises anyone receiving such letters or e-mails to refrain from sending funds or information. Anyone who suspects a request or thinks they have been victimized should report the information to local, state or federal law enforcement, it said.

FinCEN doesn't send unsolicited requests and doesn't ask for personal or financial information from members of the public, thought it may freeze or block the transfer of assets. The fraudulent messages may seem to come from an overseas office as well, but FinCEN notes it has no offices outside the United States.

Current Phising Scam (Published by Digital Insight, July 17, 2008)
Fayetteville, NC - Digital Insight would like to warn you about a current phishing scam directed at Digital Insight client financial institutions and their end users. This scam targets users by sending emails that appear to be from an official Digital Insight source (for example, "Digital Insight Customer Care," "Digital Insight Administration," etc.), and is designed to trick the recipient into clicking a link in the email for the purpose of acquiring sensitive data, such as passwords or financial information.

Users should be advised to NEVER click links or install programs suggested in emails, even if the email appears to be from an official or familiar source. Digital Insight will never send client emails containing links to download software or applications.

Sheriff warns of jury duty scam (Published by The Fayetteville Observer on Thursday, June 12, 2008)
Fayetteville, NC - Residents are being warned about a scam operation that lures its victims with a phony jury duty summons.

The scam has been reported in 11 states, according to a press release issued by Cumberland County Sheriff Moose Butler. Butler said the scam involves someone calling a home to ask the resident about jury duty. The caller implies that the person failed to show up for court and tells the resident that an order for his or her arrest will be issued. Most residents will protest, Butler said, prompting the caller to ask for the resident's Social Security number and date of birth. The caller says the information needs to be verified in order to have the arrest warrant canceled.

"Quite often the scammer bullies the citizen for this information by posing as a law enforcement officer or a member of the court system," Butler said. Residents should never give personal information to anyone over the phone, Butler said. If someone calls asking for that information, get a number from the caller and notify authorities.

--Never send money to someone you don't know or whose identity you can't verify.

--A legitimate lottery or sweepstakes will never ask for money up front before sending your prize.

--If you receive a solicitation from a lottery or sweepstakes, talk it over with family or friends and contact local law enforcement to find out if it is legitimate.

Attorney General Roy Cooper warns North Carolina consumers about automated calls that seek to steal your personal informtion - (February 7, 2008)
North Carolina - Scam: Consumers should be on the lookout for automated phone calls pretending to be from your bank or credit union. The message says that your card has been suspended and asks you to contact their security department at the telephone nmber provided. When customers call the number, an automated system tells them to enter their card number, expiration date, and PIN in order to "activate fraud protection on their account". This scam, called "vishing", is an attempt to steal your personal information including card numbers, expiration dates, and PINs for your debit and credit cards. The email version of this scam is called "phishing".

TIP: Never give your private information to someone you don't know who calls you on the phone. If you get an automated call that tells you to call another number, look up the correct number to call on your own. For example, call your credit card company at the phone number listed on the back of your credit or debit card or call your bank at the number listed on your bank statement. If you've respoded to one of these calls or been the victim of a similar scam, please contact Attorney General Roy Cooper's Consumer Protection Division for assistance at 1-877-5-NO-SCAM.

We have been notified that a new phishing scam is now targeting Cash Management end users. The scam is designed to trick recipients into clicking a link in the fraudulent e-mail for the purpose of acquiring sensitive data, such as passwords or financial information.

Unlike some phishing scams that require recipients to enter user names or passwords in order for data to be compromised, this phishing scam may require only that users click the link in the phishing e-mail in order to create risk.

The most common example we have seen includes the following:

E-mail Subject: Cash/Treasury Management Online Service Notice

Following a recent SSL server and website upgrade, The Cash Management Online Security Department requests you to start the client data confirmation procedure. Clicking on the link at the bottom of this letter will take you directly to the confirmation procedure page.

The following steps are to be taken by all Cash Management and Treasury Management Online service users and are mandatory to avoid online access suspension. This includes all business online banking and commercial online banking customers of the bank including ach and payroll online users.

Click here <hostile url> to start the confirmation procedure

The cash/treasury management online users have been upgraded to a dedicated server and website. After the above procedure, an e-mail will be sent to you containing details of the upgraded website and protocols. You are hereby advised to do this immediately to avoid total online access suspension

The Cash/Treasury Management Security Department apologizes for the inconveniences caused to you, and is very grateful for your cooperation.