Search
Security
Personal Account Access
    Demo | More InfoLogin
Business Account Access
    Demo | More InfoLogin
Also In This Section

Security

Scam Alerts

Alert#1 - 07/27/2010

Email Claiming to be from NACHA Reported

NACHA - The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent e-mail that has the appearance of having been sent from NACHA. The subject line of the e-mail states: "Unauthorized ACH Transaction." The e-mail includes a link that redirects the individual to a fake web page and contains a link which is an executable virus with malware. DO not click on the link. Both the e-mail and the related website are fraudulent.

Remember to always verify e-mail notification claims as the one listed above with your financial institution before taking futher action.

Alert#2 - 07/20/2010

Phone Scam Targets Credit Union Accounts

The FBI has reported a new twist in the way fraudsters are accessing member and small to medium sized business accounts at Credit Unions and other Financial Institutions. The new scheme uses telecommunications denial-of-service (TDoS) attacks and fraudsters are able to compromise a member's account and change the victims profile information (mailing address, e-mail address or telephone number). These TDoS attacks use automated dialing systems to overwhelm a victim's cell phone and land lines with thousands of calls and the member is ultimately forced to change his or her number to terminate the attacks.Below is a brief summary of the facts and the complete alert published by the FBI . To review click on the link.
http://www.fbi.gov/page2/june2010/phone_062110.html

Alert#3 - 06/29/2010

Risk Alert - Loss Prevention Tips to Help Members Prevent Check Fraud

Skilled professional criminals are using sophisticated technologies to easily defraud individuals and their financial institutions using a copy of a check and or an individual's personal information. A thief is able to create new, authentic looking checks using a blank check or personal information obtained from an intercepted check mailed to pay a bill. To reduce this type of loss please be careful in how you use and store checks. This will help to reduce the risk of this type of loss.

Recommendations to help reduce the risk of check fraud:

  1. Keep your account information confidential and never provide your account number or personal information to unknown persons. Be particularly cautious of unsolicited phone sales.
  2. Reconcile your bank statement as soon as possible after receipt (within 20 days) to detect irregularities. Delays may subject you to liability for any losses due to check fraud.
  3. Protect your checks - store your checkbook, blank checks, deposit slips and bank statements in a secure location.
  4. Don't leave blank spaces on the payee or payment amount lines on your checks.
  5. Mail bill payments through the Post Office and not from your mail box at home. Seeing the upright red flag on your home mail box is a favorite signal for criminals to look in the box and steal whatever is there.
  6. Do not add personal information on your check (Social Security #, Driver's License # or DOB).

Alert#4 - 05/14/2010

Counterfeit Checks/ Overpayment Check Scams

The North Carolina Credit Union League has announced that there have been several instances of reported counterfeit checks that have been reported out of the Greensboro Postal cashier's checks office. The amounts of the reported checks have been $1290.18 & $2404.18. These checks are tied to the mystery shopper/over payment scams. Please be on alert when responding to mystery shopper and overpayment requests.

Below are resources related to these scams:

Check Overpayment Scam – (from bankrate)
Counterfeit check scam http://www.bankrate.com/brm/news/advice/scams/20071017_scam_counterfeit_check_order_a1.asp

Federal Trad Commission info on Check Scams:
FTC - Check Overpayment Scams - FTC Website – Check Fraud Scams - Money Matters - Work From Home scams - Scams - http://www.ftc.gov/bcp/edu/microsites/moneymatters/scam-watch.shtmlhttp://www.ftc.gov/bcp/edu/pubs/consumer/invest/inv14.shtm
http://www.ftc.gov/bcp/edu/microsites/moneymatters/jobs.shtml
http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre40.shtm
http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt014.shtm
 

Alert#5 - 03/09/10

Be Cautious About Giving Information to Census Workers

With the U.S. Census process beginning, the (BBB) advises people to be cooperative, but cautious, so as not to become a victim of fraud or identity theft. The first phase of the 2010 U.S. Census is under way as workers have begun verifying the addresses of households across the country.

Eventually, more than 140,000 U.S. Census workers will count every person in the United States and will gather information about every person living at each address including name, age, gender, race, and other relevant data.

The big question is - how do you tell the difference between a U.S. Census worker and a con artist?

If a U.S. Census worker knocks on your door, they will have:

  • a badge,
  • a handheld device,
  • a Census Bureau canvas bag, and
  • a confidentiality notice.

The BBB offers the following advice and information:

  • Ask to see their identification and their badge before answering their questions.
  • Do not invite anyone you don't know into your home. Census workers are currently only knocking on doors to verify address information.
  • Do not give your Social Security number, credit card, or banking information to anyone, even if they claim they need it for the U.S. Census.

Remember, no matter what they ask, you only need to tell them how many people live at your address.

  • While the Census Bureau might ask for basic financial information, such as a salary range,  you do not need to answer anything about your financial situation.
  • The Census Bureau will not ask for Social Security, bank account, or credit card numbers, nor will employees solicit donations. Anyone asking for that information is NOT with the Census Bureau.

Eventually, Census workers may contact people by telephone, mail, or in person at home. However, the Census Bureau will not make contact by e-mail, so be on the lookout for e-mail scams impersonating the Census. Never click on a link or open any attachments in an e-mail that are supposedly from the U.S. Census Bureau.

For more advice on avoiding identity theft and fraud, visit www.bbb.org or go this link :

http://dallas.bbb.org/article/bbb-alerts-consumers-about-us-census-workers-be-cooperative-but-cautious-10346

Alert#6 - 01/19/10

HAITIAN EARTHQUAKE RELIEF FRAUD ALERT

The FBI reminds Internet users who receive appeals to donate money in the aftermath of last Tuesday’s earthquake in Haiti to apply a critical eye and do their due diligence before responding to those requests. Past tragedies and natural disasters have prompted individuals with criminal intent to solicit contributions purportedly for a charitable organization and/or a good cause.

Therefore, before making a donation of any kind, consumers should adhere to certain guidelines, to include the following:

  • Do not respond to any unsolicited (spam) incoming e-mails, including clicking links contained within those messages.
  • Be skeptical of individuals representing themselves as surviving victims or officials asking for donations via e-mail or social networking sites.
  • Verify the legitimacy of nonprofit organizations by utilizing various Internet-based resources that may assist in confirming the group’s existence and its nonprofit status rather than following a purported link to the site.
  • Be cautious of e-mails that claim to show pictures of the disaster areas in attached files because the files may contain viruses. Only open attachments from known senders.
  • Make contributions directly to known organizations rather than relying on others to make the donation on your behalf to ensure contributions are received and used for intended purposes.
  • Do not give your personal or financial information to anyone who solicits contributions: Providing such information may compromise your identity and make you vulnerable to identity theft.

Anyone who has received an e-mail referencing the above information or anyone who may have been a victim of this or a similar incident should notify the IC3 (Internet Crime Complaint Center) via www.ic3.gov.

Alert#7 - 01/12/10

Fraudsters Distribute Fake FDIC / NCUA Emails

A risk alert has been reported by the American Bankers Association and this scam could certainly occur in a Credit Union. If you receive a similar email please take caution.The FDIC has recently reported incidences of fraudulent emails being sent to individuals (bank customers) requesting / suggesting they check on the deposit insurance coverage of their local bank.  The subject line on the email might be titled something like:  “Check your bank deposit insurance coverage”.

The reported scenario has customers of banks receiving an email instructing them to download and open a "personal FDIC insurance file" to check their deposit insurance coverage. When they perform this task, the downloaded file collects personal and confidential information from that individual. The email warns the bank customer that their bank has failed and the FDIC has taken control of its assets. The bank customer is then directed to visit the official FDIC website by clicking on a provided hyperlink. Although the link appears related to the FDIC, it is believed that clicking on the hyperlink will cause malicious software to be downloaded and then used by the fraudster to steal ones identity.

The often stated rule of thumb is to never click on any links or download any files unless you have initiated the contact and are sure you know who you are dealing with.

Alert#8 - 11/12/09

FRAUDULENT AUTOMATED CLEARING HOUSE (ACH) TRANSFERS CONNECTED TO MALWARE AND WORK-AT-HOME SCAMS

Within the last several months, the FBI has seen a significant increase in fraud involving the exploitation of valid online banking credentials belonging to small and medium businesses, municipal governments, and school districts. In a typical scenario, the targeted entity receives a “spear phishing” e-mail which either contains an infected attachment, or directs the recipient to an infected website. Once the recipient opens the attachment or visits the website, malware is installed on their computer. The malware contains a key logger which will harvest the recipients business or corporate bank account log-in information. Shortly thereafter, the perpetrator either creates another user account with the stolen log-in information, or directly initiates funds transfers by masquerading as the legitimate user. These transfers have occurred as both traditional wire transfers and as ACH transfers.

Further reporting has shown that the transfers are directed to the bank accounts of willing or unwilling individuals within the United States. Most of these individuals have been recruited via work-at-home advertisements, or have been contacted after placing resumes on well-known job search websites. These persons are often hired to “process payments”, or “transfer funds”. They are told they will receive wire transfers into their bank accounts. Shortly after funds are received, they are directed to immediately forward most of the money overseas via wire transfer services such as Western Union and Moneygram.

The FBI is urging people who use online banking services to contact their financial institution to ensure they are employing all the appropriate security and fraud prevention services their institution offers. The United States Computer Emergency Readiness Team (US-CERT) has made information on banking securely online available at http://www.us-cert.gov/reading_room/Banking_Securely_Online07102006.pdf.  Protecting a computer against malicious software is an ongoing activity and, at minimum, all computer systems need to be regularly patched, have up to date anti-virus software, and a personal firewall installed. Further information is available at http://www.us-cert.gov/nav/nt01/

Alert#9 - 11/05/09

African Energy Consortium Investment Scam

We have been advised of an investment scam where fraudsters, posing as an African energy consortium, have presented an investment opportunity to a group of Credit Union members. The investment involved a renewable energy project (sunlight, wind, rain, tides, geothermal heat, etc.). Some proof was provided that these investment advisers/consultants were officers of the consortium.  In hindsight, that proof appears to have been limited in nature and now looks very suspicious.

The members were sold on the plan and many applied for loans at their Credit Union as well as obtained cash advances on their credit cards, giving this money to the fraudsters to invest in this renewable energy project.  After receiving the investment funds, the fraudsters skipped the area and the investors were left with only the worthless paper and the outstanding loan at their Credit Union.

Unfortunately, this type of scam is serious because of the dollars involved and the number of people who were duped. The losers in this scheme are the ones who fell for this bogus investment as this type of scam is not covered by any insurance company in the industry.

Please be aware of anything that sounds suspicious. When a number of loans are requested by members, all mentioning the same purpose, the Credit Union may want to ask questions and offer advice.  Obviously, while the investment may well be legitimate, asking questions would in no way adversely impact the investment or its proponents.  Gaining additional information never hurts but clearly serves to avoid a most serious problem at a later date.

Alert#10 - 10/21/09

Mortgage Loan Modification Scams

Credit Unions should urge their members who are delinquent on their mortgage to be cautious about using services to help them work with their lender to modify the terms of their home loan.  The Division of Banking in most states encourages consumers to research and inquire if a business is licensed prior to utilizing their  services.

A recent development in the ongoing subprime mortgage and foreclosure crisis is the emergence of a new type of business which purports to offer loss mitigation consulting, foreclosure prevention, mortgage loan modification, or similar services.  Many states are seeing an increase in the of number of advertisements, direct-mail solicitations and other marketing materials offering consumers assistance in negotiating resolutions of their delinquent residential mortgage loans with lenders and servicers, or assistance in negotiating lower mortgage loan rates, in exchange for up-front fees.

Members who have fallen behind on mortgage payments or who are in foreclosure or default may become targets for certain types of scams known as "home equity theft" or "foreclosure rescue fraud." Perpetrators of these scams claim that they can solve debt problems and stop consumers from losing their home.  Some of these scams offer to temporarily hold onto the house while consumers catch up on their payments.  The perpetrator then uses deceptive tactics to obtain ownership of a consumer’s home for a fraction of its market value, and leaves the consumer homeless yet still holding the mortgage which is now in foreclosure.

Other scams falsely claim that they can stop a foreclosure or tax sale, charge substantial up-front fees and fail to deliver the promised results.  Members should be advised they do not need to pay fees for foreclosure prevention help. Many not-for-profit HUD approved housing counselors will help members negotiate with their lender for free.

Members should be advised to explore all available options for requesting a mortgage loan modification. Contact your own lender or mortgage servicer or a HUD approved housing counselor if they believe they will have difficulty in making their mortgage payments.

Alert#11 - 10/02/09

IRS Trojan Virus Scam

The Department of Homeland Security's Computer Emergency Readiness Team (CERT) is warning Internet users to be on guard against a convincing e-mail virus scam disguised as a message from auditors at the Internal Revenue Service.

CERT recently reported: "The attacks arrive via an unsolicited email message concerning an inquiry by the IRS and may contain a link or attachment. If users click on this link or open the attachment, they may be infected with a malicious code, including the Zeus Trojan."

The Zeus Trojan steals sensitive data, and it is especially interested in on-line banking credentials. According to Gary Warner, director of research in computer forensics at the University of Alabama, Birmingham, this fake IRS notice has been ongoing for several weeks now.

A word to the wise: Do not click on attachments included in unsolicited e-mails, especially those that encourage you to act quickly or else suffer some scary fate. These are attempts to plant malicious software on your computer.

Also, note that the IRS has stated emphatically that it does not communicate with businesses or citizens via e-mail.

If you receive an e-mail message that is similar to the description above, follow these guidelines:

  • Do NOT submit the requested information.
  • Do NOT open any attachments.
  • Contact the company or financial institution mentioned in the e-mail (if applicable) immediately   

General Scam Alert Information

Phishing Scam - Don't be a victim of identity theft

Many Americans have been receiving fraudulent e-mails that direct recipients to web sites where they are asked to verify sensitive personal information. BEWARE! We want to assure you that RTP Federal Credit Union, other financial institutions, federal financial agencies, and companies in general do not communicate with consumers by e-mail requesting important personal information such as your name, account numbers, date of birth, or social security number.

The fraudulent e-mails that have been circulating are part of a scam known as "phishing." Phishing is the fraudulent scheme of sending an e-mail to a user falsely claiming to be a legitimate company. The email attempts to con the user into surrendering private information that could later be used for identity theft. The e-mail directs the user to visit a web site where they are asked to update personal information, such as name, account and credit card numbers, passwords, social security numbers and other information. The Web site, however, is bogus and set up only to steal the user's information.

Consumers can protect themselves from this latest identity theft scam by following these useful tips, which were developed by the Federal Trade Commission:

  • If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or Web site address you know to be genuine.
  • Avoid emailing personal and financial information. Before submitting financial information through a web site, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission.
  • Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges.
  • Report suspicious activity to the FTC. Send the actual spam to uce@ftc.gov. If you believe you've been scammed, file your complaint at www.ftc.gov, and then visit the FTC's Identity Theft Web site) to learn how to minimize your risk of damage from identity theft.

If you think you have been the victim of a Phishing Scam, contact RTP Federal Credit Union as soon as possible.

PROTECT YOURSELF

  • Do not provide account information or other personal information over the phone to telemarketers or anyone you do not know.
  • Beware of offers that sound too good to be true, especially if they require you to provide your account number or credit card numbers.
  • Beware of any offer that requires you provide your account number or credit card number to cover shipping and handling charges. This may be a pretext for con-artists to obtain access to your accounts.
  • If you give your account information to a suspicious caller, immediately call your financial institution, explain the circumstances, and tell them you want to take all necessary steps to block unauthorized withdrawals.
  • Always check your monthly statements to make sure that there are no unauthorized payments. Report any unauthorized payments to your financial institution as soon as you detect them.
  • Put your telephone number on the Federal Trade Commission's (FTC) Do Not Call Registry by calling 1-888-382-1222 (TTY 1-866-290-4236) from the telephone number you want put on the Registry. You may also register online at www.donotcall.gov.

Important information from the Federal Trade Commission:

The ONLY authorized online source for you to get a free credit report under federal law is www.annualcreditreport.com. You can get a free report from each of the three national credit reporting companies every 12 months. Some other sites claim to offer "free" credit reports, but may charge you for another product if you accept a "free" report.

The Federal Trade Commission advises consumers who order their free annual credit reports online to be sure to correctly spell annualcreditreport.com, or link to it from the FTC's website to avoid being misdirected to other websites that offer supposedly free reports, but only with the purchase of other products. While consumers may be offered additional products or services while on the authorized website, they are not required to make a purchase to receive their free annual credit reports.

 

NCUAEqual Housing Lender
Digital Insight, an Intuit company