Scam Alerts

In the News

Fraudsters and criminals are always thinking of new ways to steal your money or your identity.

Don’t let the fraudsters take what belongs to you! Keep informed of their latest scams:

Fall Brings Phishing Attacks

Back to school also means “back to fraud” for some cybercriminals looking to spoof domains and pull off spear phishing attacks. However, credit unions can take steps to protect their brands and members from these threats, which often begin as malicious emails. Email scams coerce people into providing sensitive data, which leads to identity theft and other crimes. Phishing victims often blame the companies or financial institutions they think were behind the fake emails, so ultimately, these attacks can erode trust between organizations and their customers.

According to John Wilson, field chief technology officer for the San Mateo, Calif.-based email security solutions provider Agari, there are several types of back-to-school scams.

First, there’s phishing, to which education credit unions are especially susceptible at the start of a new school year. Cybercriminals who obtain teachers’ union email lists can hit members with spear phishing attacks, which requests a union member update his or her information and lures him or her to a fake page designed to capture usernames, passwords and personal credentials.

Second, a tuition wire scam coaxes money out of victims by convincing them they have an unpaid tuition bill. They may even pose as the school and solicit bank transfer information to cover the “tuition.”

Finally, during the back-to-school months, criminals are likely to instigate a common email fraud scheme that involves sending a message that promises a reward, such as a gift card from a major retailer. Criminals ask their victims to complete a survey, which includes personal information such as home addresses, Social Security numbers and birthdays. Once the fraudsters have enough details, they use the survey applicant’s data to apply for credit cards.

More sophisticated criminals use a similar tactic to install malware on the victim’s computer. This typically involves the use of an undetected key logger that captures information typed by the victim – including URLs, user names and passwords – and sends it off to the criminal. (

Make Money from Home?

Fraudsters have now come up with a new scam involving social media and remote deposit capture. The scam, posted on social media sites, appears to be a legitimate work-at-home job or other opportunity that functions as a “money transfer agent.” The member is told they will receive deposits into their accounts, with instructions on withdrawing the funds and forwarding the money to a contact person. The member is told they will receive a percentage of the funds as commission.

Next, the member is instructed to provide the contact person with their online/mobile banking username and passwords. This action allows the fraudsters to log into the member’s accounts to access remote deposit capture and deposit checks. The checks are subsequently returned, after the holds have expired and the member has already withdrawn the funds and sent them to the contact person.

Please do not EVER provide anyone with your online/mobile banking username and/or password. (

Too Close to Call

The FTC warns consumers that it’s a mistake to assume that all toll-free numbers that pop up in a search are legitimate customer service lines. Some are run by scammers out to hijack your credit card number or install malware on your computer. Using company names and URLs that look confusingly similar to national shopping outlets and big box stores, scammers hope that consumers will see the look-alike sites at the top of search engine results and assume they’re legitimate. Once they have you on the line with your defenses down, scammers try to get you to reveal your credit card number.

Want to stay away from these scams? Here are four tips to help keep you safe:

  1. On some search engines, the prime real estate at the top or on the side of results pages is for sale.
  2. The most reliable place to go for information is the URL you know is the company’s official website. Look for a “Contact Us” or “How can we help?” link, maybe on the bottom of the page or on a button bar at the top or along the side.
  3. Toll-free numbers aren’t the only way companies connect with consumers these days. Some might limit their communication to email. Others offer an online chat function.
  4. So what should you do if you spot a fake customer service line? File a complaint with the FTC. Chances are you’re not the only one who is experiencing this. By letting them know, you can help them protect others.

Even if it involves some digging on a company’s website to find reliable contact information, search carefully and you’ll be more likely to stay safe online and strike gold with your search. (

Water Damaged Cars Flooding the Market

Recent storms and flooding plaguing the Midwest and Southeast could impact car buyers across the country. Vehicles damaged by floods in those areas can be cleaned up and taken out of state for sale. You might not know a vehicle is damaged until you take a closer look or have a mechanic check it out.

Here’s what to do:

  • Look for water stains, mildew, sand or silt under the carpet, floor mats, and dashboard, and in the wheel well where the spare is stored. Look for fogging inside the headlights and taillights.
  • Do a smell test. A heavy aroma of cleaners and disinfectants is a sign that someone’s trying to mask a mold or odor problem.
  • Get a vehicle history report. Check a trusted database service. There are reliable services that charge a small fee. The National Insurance Crime Bureau’s (NICB) free database includes flood damage and other information.
  • Understand the difference between a “salvage title” and a “flood title.” A “salvage title” means the car was declared a total loss by an insurance company because of a serious accident or some other problems. A “flood title” means the car has damage from sitting in water deep enough to fill the engine compartment. The title status is part of a vehicle history report.
  • Have your mechanic inspect the car’s mechanical and electrical components, and systems that contain fluids, for water contamination.
  • Report fraud. If you suspect a dealer is knowingly selling a storm-damaged car or a salvaged vehicle as a good-condition used car, contact your auto insurance company, local law enforcement agency, or the NICB at (800) TEL-NICB (835-6422). You’ll help someone else avoid a rip-off.

If you have other questions about buying a car, these resources can help.   (

Is Your Phone a Prized Possession?

Let’s be honest: I spend more time playing games on my smart phone than talking on it. Our phones have become our family photo albums, personal gaming systems, calendars, encyclopedias, navigators, and instant messengers. If you can think of an activity, there’s probably an app for it.

Unfortunately, some apps might not be what they claim, and downloading the wrong app could put your phone on the fritz. According to the FTC, that’s what happened to thousands of people who downloaded the Prized app before it was removed from the app store.

Prized claimed that users could earn prizes by completing tasks like playing games and taking surveys. Instead, the app contained malware that hijacked the phone’s computing power. As a result, phones ran slower, had less battery life, and used up people’s data plans. The company was using the hijacked computing power to mine virtual currencies – like Dogecoin and Litecoin – for their own profit, without the authorization or knowledge of the phone owners.

For tips on how to avoid downloading malware to your phone, click here(

OPM Data Breach – What Consumers Should Do

The FTC Has released information to assist current or former federal employees whose personal information may have been exposed in the recent data breach at the Office of Personnel Management and the Interior Department.  Steps to help protect consumer identities include checking credit reports, taking advantage of offers for free credit monitoring, and placing fraud alerts on credit reports, among others.

If your credit union has members that may have been affected by this data breach, please share this link with them:  OPM data breach – what should you do?   (

The Skinny on Phony Weight Loss Promises

You get an email from a friend, with a link and a message: “Hi! Oprah says it’s excellent!” But did your friend really send this message? And what’s so excellent?

Millions of people get emails like this one, but not from their friends. Instead, according to the FTC, marketers hired by Sale Slash sent spam emails from hacked email and social media accounts. Why? To trick people into thinking the messages came from a friend. And, of course, to sell stuff.

The links in the messages led to fake news sites promoting Sale Slash’s weight loss products. Everything about the news sites was fake. Endorsements from Oprah and The Doctors’ TV show? Fictitious. Reviews from news reporters? Phony. Testimonials from people with dramatic weight loss stories from using diet pills? Bogus.

Also false, according to the FTC? Claims that Sale Slash’s products would help people “melt away” extensive amounts of belly fat without diet or exercise. Just not true.

So here’s the skinny:

    • Even emails that seem to be from a friend might not be. Stop and check before you click any links or open any attachments.
    • Just because it looks like a celebrity or news reporter endorses a product, that doesn’t make it true. And it doesn’t mean that the product really works.
    • Anyone who claims you can lose more than a pound a week without diet and exercise is probably lying.     (

NCUA Text Message Scam

More than 40 consumers around the country have received a scam phone text message purporting to use a National Credit Union Administration phone number, the agency announced Wednesday. Consumers who receive a text from 703-518-6301 asking for personal information should contact the agency’s Consumer Assistance Center hotline at 800-755-1030. The NCUA’s privacy policy states that it will never request personal or financial information from consumers.

According to the NCUA, the perpetrators are able to mimic a telephone number to generate text messages. The messages may warn of a debit card reaching its limit or use some other trick to persuade individuals to provide personal information or go to a malicious website.

Consumers should not click on links in the message, provide information to any websites referenced in the message nor attempt to conduct any financial transactions through those websites.

This attempted fraud scam is classified as “spoofing” by the Federal Communications Commission.


Find the details on more scams here.