Current Alerts
Debit Card Phishing Notice from Fiserv - January 27, 2012
Security Alert - Zappos Data Leak - January 15, 2012
Better Business Bureau - Email contains malicious link - December 12, 2011
Holiday Season Fraud Alerts - December 5, 2011
Text and Cell Phone Scam Alert- August 1, 2011
Email claiming to be from the FDIC - July 19, 2011
Michaels Stores PIN Pad Tempering - May 10, 2011
NCUA EMAIL PHISHING - October 6, 2010
NCUA FRAUD EMAIL PHISHING - May 26, 2010
NEW EMPLOYMENT SCAMS - February 2, 2010
MOBILE PHONE SCAM ALERT - January 22, 2010
EMAIL PHISHING ALERT: October 23rd
EMAIL PHISHING ALERT: September 29th
DIGITAL INSIGHT - Phishing Scam
NCUA ALERT Text Message Scam
ALERT-CUNA TARGET OF NEW CARD-ACTIVATION PHISH ATTEMPT
Fake Check Scam Educational Website
Don't Fall Victim to a "Vishing" Scam
New Computer Virus May Prompt Online Fraud Attempt
Click here for information regarding Online Security and Privacy!
Debit Card Phishing Attack Notice from Fiserv
Our debit card processor, Fiserv, has alerted us that some of their clients are receiving phishing emails that references their “eNFact” product. The email directs recipients to click on a link that takes them to a mock-Fiserv site that is believed to install malicious software.
If you receive one of these emails DO NOT open it, DO NOT click on the link DO NOT contact the telephone number listed in the email.
The phishing attack is contained in a fraudulent email identical or similar to the one that follows:
-----Original Message-----
From: eNFACT Notifications [mailto:noreply@enfactnotifications.com]
Sent: Thursday, January 26, 2012 11:34 AM
To: Recipients
Subject: eNFACT Case #29018
To protect your account, we monitor your ATM and debit card transactions for potentially fraudulent activity which may include a sudden change in locale (such as when a U.S.-issued card is used unexpectedly overseas), a sudden string of costly purchases, or any pattern associated with new fraud trends around the world.
An eNFACT Case was generated for the cardholder below:
Transaction 1 Information:
A charge on 10/23/2011 in the amount of $438.09 in ITALY Transaction Score: 981
Transaction 2 Information:
A charge on 10/23/2011 in the amount of $513.14 in ITALY Transaction Score: 918
Transaction 3 Information:
A charge on 10/22/2011 in the amount of $0.02 at O RANCH Transaction Score: 37
The eNFACT Case is generated when a suspect transaction is detected. If this transaction was not initiated by you as the credit card holder please follow the steps as shown at : http://www.efactnotify.com/
Please be sure to complete the Case Resolution Notification (CRN) Form at (http://www.efactnotify.com/) . If you have any questions, or would like additional information pertaining to this eNFACT Case, please contact the Card Processing Center at 800-262-2024.
If you have received this phishing attack via email, or if you receive it at any time from this point forward:
1. Do not open the email;
2. Do not click on the link contained in the email; clicking on any of the links contained in the email may install malicious software on your system;
3. Do not contact the telephone number listed in the email;
4. Delete the email from your “Inbox” and “Sent Items.
Security Alert - Zappos Data Leak
Online shoe and apparel retailer, Zappos.com, announced on Sunday, January 15, 2012, that hackers had broken into their company’s system through one of its servers in Kentucky and obtained data on its 24+ million Zappos.com customers. The hackers took names, billing, shipping and email addresses, phone numbers and partial credit card numbers of Zappos customers, as well as their cryptographically scrambled passwords. Based on reports from Zappos, it appears that users' full credit card information is safe, though they could be at risk if these customers use the same email and password combination to access other sites.
Zappos CEO Tony Hsieh stated the secure database that stores customers' critical card and other payment data was neither affected nor accessed. In addition to expiring and resetting customers' passwords, Zappos has created a link that will let each customer securely create a new password. Zappos is also urging customers to change their passwords on any other websites where they use the stolen password or similar ones, and it has warned them to be wary of emails and phone calls that ask for personal information or direct them to websites asking for personal information.
Zappos is working with law enforcement and has sent an email, accessible at http://blogs.zappos.com/securityemail to notify its potentially impacted customers.
Scam Alert - Better Business Bureau - Email contains malicious link
The Better Business Bureau is issuing an urgent scam alert cautioning businesses and consumers about an e-mail that looks like it’s from BBB, with the subject line “Complaint from your customers.” This e-mail is fraudulent, the BBB said in a statement.
The BBB urges consumers to ignore the e-mail’s contents and delete it immediately. If you’ve already clicked on a link in the e-mail, run a full virus scan of your computer.
The return e-mail address is riskmanager@bbb.org, an address the BBB doesn’t use, and it’s signed with the address of the Council of Better Business Bureaus, the national office of the BBB system. The e-mail contains a link to a non-BBB web site. Don’t click on the link.
The BBB is working with law enforcement to determine the source of the e-mails and stop the fraudulent campaign.
The BBB serving Alaska, Oregon, and Western Washington reports two weeks after fake BBB complaint notices hit businesses nationwide, it’s once again receiving local reports of these suspicious emails. The organization advises consumers to report fraudulent emails to phishing@council.bbb.org.
The holiday season brings out the best in most people but there are some who take advantage of the opportunity to commit fraud against unsuspecting consumers. Below are two of the more common schemes targeting consumers and some general recommendations to help reduce the risk of loss.
Gift Card Stripping
Holiday gift cards are attractive to fraudsters because they are usually
displayed in the open and can be easily taken from a display counter.
They contain no customer information until loaded by the store and are
subsequently handled just like cash.
The scheme works like this: The fraudsters will take a stack of gift
cards off a sales rack or shelf in a store and sneak off to an
out-of-the-way spot to capture the identifying information contained on
the cards by using a skimming device. Once the fraudster has captured
the digital information from the cards, he leaves the store and simply
waits. By using a computer or calling the phone number on the back of
the cards, he can determine when the card was sold and when it was
activated by the purchaser.
Because many holiday gift cards are sold as gifts to be used in the
future, the fraudster has time to use the card number for online
purchases before the consumer realizes that the balance has been
dramatically reduced.
Recommendation:
- When purchasing a Gift Card - Consider asking the sales employee
if you can purchase a card that has not been on display and this
should minimize your chances of purchasing a scanned gift card.
Stores often retain a stock of gift cards behind the customer
service desk or in a storage room, where access to fraudsters is
limited.
- Check the back of the card before purchasing - If the identifying
numbers or codes are easily seen without removing the card, put it
back. If you can see the code, anyone can. A quick check for signs
of tampering can go a long way in reducing the chances that
someone has tampered with the card.
Debit Card Skimming
Fraudsters can use a special scanner to collect data off a debit card
that can later be used to make unauthorized purchases. Often, the person
owning the card has no idea that their information has been compromised.
These debit card scanners can be installed on ATMs or gas station pumps
and many are virtually undetectable. A camera or magnetic device set up
nearby can then captures the PIN entered by the victim. The PIN and the
card number collected from the scanner give the fraudster all the
information he needs. The victim is unaware his information has been
compromised until he notices strange and usual purchases made on his
account.
Recommendation:
- Be wary of any stand-alone ATM. Obviously there are plenty of
legitimate ones, but look around and be suspicious of an ATM that
isn't bolted to the side of a building or secured inside a
facility. A legitimate ATM is heavy and not easy to move. Also,
beware of stand-alone ATMs that advertise "no fees," since most
legitimate owners of stand-alone ATMs have to charge fees to make
money.
- Avoid ATMs if the access door or any part of the machine is broken
. If the lock on the door to the room accessing the machine is
broken, beware and don't use the machine. A fraudster may have
forced open the door to install a skimming device.
- Beware of "out of service" signs. If your ATM has a "out of
service" sign, it could be legitimate -- or it could be trying to
get you to use another nearby ATM that had been compromised.
- Report "malfunctions" immediately. If you get an error message
instead of money, contact your financial institution immediately.
- Access your account on line and frequently monitor your
transaction activity. Take a few minutes every week to log onto
your accounts and review your transactions. Report bogus
transactions immediately.
Text and Cell Phone Scam Alert
Southern Mass Credit Union has become aware of a text and cell phone scam. This scam is a fraudulent text message or automated call stating that the person’s credit or debit card had been restricted and that to reactivate their card the person needed to follow the instructions and input their debit and/or credit card account number and other personal information. Do not respond to any type of communication like this. Southern Mass Credit Union will never contact you in this manner and will never ask you to text or email your debit and/or credit card account number or ask you for your PIN number.
E-mail Claiming to Be From the FDIC
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent emails that have the appearance of being from the FDIC.
The emails appear to be sent from various "@fdic.gov" email addresses, such as "protection@fdic.gov," "admin@administration.fdic.gov," or "service@admin.fdic.gov."
The messages have various subject lines that read: "Update for your banking account" or "ACH and Wire transfers disabled," and "Banking security update."
The fraudulent emails are addressed to "Dear clients" and state "Your account ACH and Wire transactions have been temporarily suspended for your Security, due to the expiration of your security version. To download and install the newest Updates, follow this link. As soon as it is set up, your transaction abilities will be fully restored."
The message concludes with, "Best regards, Online security department, Federal Deposit Insurance Corporation."
These emails and links are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the emails and should NOT, under any circumstances, provide any personal financial information through this media.
Consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.
Michaels Stores Announces PIN Pad Tempering at Certain Stores
On May 10, 2011, Michaels issued a press release stating that they had identified approximately 90 PIN pads throughout their stores in the US that had been tampered with. They announced they have replaced these PIN pads and approximately 7,200 other PIN pads in their stores. In the MA, RI market area, there were 4 store locations that had PIN pads which had been tampered with. In MA they identified stores in Braintree, Burlington, Danvers and Everett. In RI they identified a store in Warwick.
If you have used your Southern Mass Credit Union credit card or debit card at any of these Michaels stores or any of the other stores listed in their press release located on their website (see below of how to access the complete press release), please notify the credit union immediately at 508-994-9971 and ask for Support Services so we may close your SMCU credit or debit card and issue you a new one to avoid any potential fraudulent transactions.
To read the press release from Michaels, please visit their website, www.michaels.com and click on the section “For important customer information click here.”
The purpose of this fraud alert is to inform you about a recent phishing attempt to obtain member credit card account numbers, expiration dates and electronic signatures. In cases reported to NCUA, the perpetrator(s) sent fraudulent e-mails, representing to be from the NCUA, to credit union members and the general public. The emails state the NCUA will add $50.00 to the member’s account for taking part in a survey. The link embedded in the message directs members to a counterfeit version of NCUA’s website with an illicit survey that solicits credit card account numbers and confidential personal information.
NCUA will never ask credit union members or the general public for personal account or personally identifiable information as part of a survey. Any e-mail that alleges to be from NCUA and asks for account information is fraudulent and should be treated as suspicious. The NCUA have taken steps to shut this site down, but credit union members should remain alert to possible variations of this fraudulent e-mail.
The NCUA advises anyone who clicked on any of the e-mail links to consult with a computer security or anti-virus specialist to assess the need to re-install a clean image of the computer system. We also encourage you to take the following additional precautions:
· Scan affected computers using updated anti-virus software.
· Enable automatic updates for anti-virus software and computer operating systems.
· Install security patches for common software applications promptly.
· Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software.
· Do not open unsolicited or unexpected e-mail attachments.
· Do not follow Web links in unsolicited e-mails from apparent federal banking agencies, instead, bookmark or type the agency's Web address.
· Call the agency using a known and appropriate telephone number to verify the legitimacy of the message and attached file.
If you are affected by this scam, or variants of this scam, forward the entire e-mail message to Phishing@ncua.gov. Additionally, formal complaints concerning any suspected fraudulent e-mail can be filed with the Internet Fraud Complaint Center (IFCC) at www.ic3.gov. The IFCC is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.
The latest trend by scammers attempting to steal your personal information involves sending you an automated telephone message on your mobile phone. The message states that there is a problem with your debit/credit card and requests that you respond by calling a certain telephone number and leaving a message with your debit/credit card number or by texting a reply with your debit/credit card information.
Do not fall victim to this scam! Southern Mass Credit Union would never ask you for your card number by telephone, automated message or by email. Never give out personal confidential information such as your Social Security Number, account number, credit/debit card number, expiration dates, PIN numbers or passwords to anyone.
Email Phishing Alert: October 23rd
EXTREMELY IMPORTANT - PHISHING SCAMS!
Recently local residents have received fraudulent emails that look as if they are from a financial institution. These emails are NOT from any financial institution but are "Phishing Scams" designed to get your personal account information.
These emails have been in several form including the following:
-
Surveys with a cash reward in you enter your personal information,
-
Implications that your account is in jeopardy of being closed unless you enter your personal information,
-
A notice that we are updating our security enhancements, so please enter your personal information,
-
Plus, many other schemes to entice people to enter their personal and confidential information.
ALL OF THESE EMAILS ARE FRAUDULENT!
As a reminder if you should ever receive one of these emails, DO NOT RESPOND.
Southern Mass Credit Union would NEVER send you an email requesting your personal information. If you would ever receive an email that looks like it is from Southern Mass Credit Union, DO NOT RESPOND and call us immediately at 508-994-9971 to report it to our IT Department.
Email Phishing Alert: September 29th Digital Insight
We have become aware of a new phishing scam that appears to be from official Digital Insight sources or from financial institutions. The scam is designed to trick recipients into clicking a link in the fraudulent email for the purpose of acquiring sensitive data such as passwords or financial information.
The most common examples include the following:
Subject: Attention-Important Customer Information
Body: As a [Name of financial institution] customer, your privacy and security is a primary task for us. We have been dedicated to customer safety and protection and our mission remains as strong as ever. We inform you that your Net Banking account is about to expire. It is strongly recommended to updated it immediately. Update form is located here: [LINK]
Please note the following:
-
Digital Insight systems or Southern Mass Credit Union would never ask you for your sensitive account or password information.
-
Recipients of these emails are not specific to DI financial institutions end users or Southern Mass Credit Union. Phishing emails can be sent to anyone who has am email address on the internet.
-
Do not click the link if you receive one of these emails.
-
Some of the false email address that have been reported include:
-
customer-support@digital insight.com"
-
admin@support.digitalinsight.com
-
admin-support@digitalinsight.com
-
customer-care@digitalinsight.com
-
accounts@digitalinsight.com
-
support@update.digitalinsight.com
-
administration@digitalinsight.com
-
Scam fraudsters are setting up what looks like new employment opportunities on the Internet by hiring work-at-home employees. The newly hired person is being used to transfer money through their personal credit union account and losses are occurring.
How the scam works is the hiring company deposits money into the newly hired employee's account as an ACH transaction. Then the employee is asked to withdraw part or all of the funds and wire the money to the hiring company's "business partners." Most transactions occur in amounts less than $10,000.
Be wary of these types of work-at-home scams. When possible, contact the Better Business Bureau to check out the legitimacy of a new employer and never use your personal bank or credit union account to deposit/withdraw funds for anyone else.
For more employment scam information, go to FakeChecks.org, scroll to the bottom of the page and click on the 'view our ecard' box and follow the prompt to view the short video.
DIGITAL INSIGHT - PHISHING SCAM
Digital Insight, out website host, has informed Southern Mass Credit Union, along with other financial institutions about an email phishing scam going on. This scam targets users by sending emails that appear to be from an official Digital Insight source (for example, "Digital Insight Customer Care," "Digital Insight Administration," etc), and is designed to trick the recipient into clicking a link in the email for the purpose of acquiring sensative data, such as passwords or financial information.
Please be advised: NEVER click links or install programs suggested in emails, even if the email appears to be from an official or familiar source. Digital Insight & Southern Mass Credit Union will NEVER send client emails containing links to download software or applications.
Here is an example of a Phishing Email:
From: " customer-care@digitalinsight.com" administration@digitalInsight.com
Date: July 16, 2008
To:
Subject: Attention - Important Notification!
Dear Administrator,
We inform you that your account is about to expire. It is strongly recommended to update it immediately. Update for is located here. However, failure to confirm your records may result in account suspension
The email described above is not from Digital Insight. Please delete emails such as these immediately, and be careful not to take the actions requested.
The purpose of this fraud alert is to inform you of a scam that involves unsolicited text messages sent to cell phones. The message urges the recipients to call a number provided for information about account discrepancies and then solicits individual account information and pin numbers.
Cell phone users should be weary of unsolicited text messages. Such messages should be deleted and all deleted text messages should be removed, if possible, as the perpetrators have been known to use Spyware in conjunction with their text messaging solicitation. Such a scam could be used to obtain personally identifiable information and credit union account access information, for those who access their accounts using their cell phones. In order to avoid potential identity theft, if you receive one of these text messages, do not respond in any manner to it.
ALERT-CUNA TARGET OF NEW CARD-ACTIVATION PHISH ATTEMPT
CUNA is being used as the subject of a phishing message targeting our credit union members to collect personal account information, plastic card numbers, and passwords. If you should receive the e-mail do not to click on the link to the fake web page, just delete the message.
This new phishing-scam attempt using the Credit Union National Association's name, informs recipients about "irregular check card activity" and advises you to call a toll-free number to get any restrictions removed. Do not call the toll free number; the call is a ploy to get personal account information, possibly for identity theft purposes.
As a trade association for U.S. credit unions, CUNA does not maintain any type of member financial information and would never request any personal identification information over the phone.
Anyone responding to any e-mails of this type should contact the Credit Union immediately.
We have learned of a new website that has important educational information on FAKE CHECK SCAMS of which you should be aware and should always AVOID. NEVER BECOME A VICTIM OF THESE SCAMS.
The website is as follows: Fake Check Scam Educational Website Link
Don't Fall Victim to a "Vishing" Scam
We have become aware of a nationwide trend by scammers to attempt another method of stealing your personal financial information through what is known as “ Vishing.”
What’s Vishing? Well it’s a scam that attempts to solicit personal financial information through the use of automated telephone calls which is very similar to phishing, which uses e-mails to try to obtain your personal financial information.
In these automated calls, the message states that it is your financial institution calling and requesting you to either call a certain telephone number and/or visit a certain website to enter and/or verify your personal financial information. NEVER FALL VICTIM TO ONE OF THESE SCAMS; SOUTHERN MASS CREDIT UNION WOULD NEVER DO THIS.
As a reminder Southern Mass Credit Union would never ask you by phone in an automated message or live telephone call or by email for your personal financial information. Never give out confidential information, such as your Social Security number, account number, credit card numbers, debit/ATM card numbers, expiration dates, and PIN numbers or passwords to anyone.
New Computer Virus May Prompt Online Fraud Attempt
Please be on the look out for a new computer virus that may be on your computer. This virus may cause a fraudulent screen to appear in the online Bill Payment window. The screen posts messages that attempt to trick you into providing sensitive information such as your account numbers and passwords - information the bill payment system already knows and you should not provide again.
If you are using online Bill Payment and a new screen appears out of context asking you to provide sensitive information, do not provide this information.
If you're in doubt about the validity of a screen, please call the credit union at (508)994-9971 or toll free at (888)345-7689 and ask for Bill Payment Support.
