Scam Alerts

Keep your identity safe! Check this page often to keep on top of the latest scams and phishing tactics.

If you have any questions about this information, please contact Allegis Credit Union's Security Officer by email or by calling 1-800-797-3281, ext. 209.

NEW! Phishing, Smishing, & Vishing...What's the Difference?
Smishing uses Text Messages
IdentityTheft.com: Protecting and Empowering the REAL you.
FBI Fraud Alert
"Verification" Phishing Scam Hits Indiana
Phishing Scams & Email Safety
Top 10 Identity Theft Prevention Tips
Check Washing is Gaining Popularity Again
Fraud Resources
 

Internet Crime Complaint CenterDon't Get Scammed!

Click here for the FBI's most up-to-date info on Internet scams and crimes.
Are you a victim of an Internet scam? Report it here!
 

Phishing, Smishing, & Vishing...What's the Difference?

Phishing scams continue to affect financial institutions, but the styles of phishing are shifting. Vishing, Smishing, and U.S. Mail Phishing are new ways to bait people into divulging personal and financial information. Scammers are turning to these different methods with the hope of confusing members into thinking they can only be “phished” through the use of e-mail. These methods are defined as follows: 

E-MAIL “PHISHING”
Phishing (pronounced "fishing") is a scam to steal valuable information such as credit card and Social Security numbers, user IDs, and passwords. In phishing, also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, credit union, bank, or retail establishment. E-mails can be sent to people on selected lists or on any list, and the scammers expect some percentage of recipients will actually have an account with the real organization.

LAND LINE TELEPHONE “VISHING” & VoIP (INTERNET PHONES “VISHING”)
Vishing, (Voice phISHING) also called "VoIP phishing for the Internet phones," is the voice counterpart to phishing. Instead of being directed by e-mail to a Web site, an e-mail message asks the user to make a telephone call. The call triggers a voice response system that asks for the user's card number or other personal or financial information. The initial bait can also be a telephone call with a recording that instructs the user to phone an 800 number or another area code within or outside of the United States.

In either case, because people are used to entering card numbers over the phone, this technique can be effective. Voice over IP (VoIP) is used for vishing because caller IDs can be spoofed and the entire operation can be brought up and taken down in a short time, compared to a land line telephone.

TEXT MESSAGE “SMISHING”
Smishing (SMS phISHING) is the mobile phone counterpart to phishing. Instead of being directed by e-mail to a Web site, a text message is sent to the user's cell phone or other mobile device with some ploy to click on a link. The link causes a Trojan to be installed in the cell phone or other mobile device.

New!  Mail LETTER “PHISHING”
This new scam occurs where the phisher is creating a letter and sending it through the mail to individuals to respond to the letter by calling a phone number. The phisher outlines in the letter that the individual must respond for their own protection. This scam is used in conjunction with other channels to steal valuable personal and financial information of the individual receiving the letter.

Source: CUNA Mutual

 

Smishing uses Text Messages

Fraudsters are now sending text messages to credit union and other financial institution members' wireless devices to lure them into giving personal information. Because wireless devices use SMS, a communications protocol, to send text messages, this is called "Smishing".

In smishing, you may receive a text message via your cell phone warning you that your account has been closed due to suspicious activity. It then says you need to call a certain phone number to reactivate the account. Unsuspecting callers who dial the number provided in the text message will be taken to an automated voicemail box that prompts you to key in confidential numbers such as credit card, debit card, expiration date, and PIN to verify your information. If you have a question concerning your account or credit/debit card, contact your financial institution using a telephone number obtained independently, such as the phone number from your statement, the phone book, or other independent means.

Source: CUNA Mutual

 

FBI Fraud Alert

IF YOU CAN ANSWER "YES" TO ANY OF THE FOLLOWING QUESTIONS, YOU COULD BE INVOLVED IN A FRAUD OR ABOUT TO BE SCAMMED!

  • Is the CHECK from an item you sold on the Internet, such as a car, boat, jewelry, etc.?
  • Is the amount of the CHECK more than the item's selling price?
  • Did you receive the CHECK via an overnight delivery service?
  • Is the CHECK connected to communicating with someone by email?
  • Is the CHECK drawn on a business or individual account that is different from the person buying your item or product?
  • Have you been informed that you were the winner of a LOTTERY, such as Canadian, Australian, El Gordo, or El Mundo, that you did not enter?
  • Have you been instructed to either "WIRE", "SEND", or "SHIP" MONEY, as soon as possible, to a large U.S. city or another country, such as Canada, England, or Nigeria?
  • Have you been asked to PAY money to receive a deposit from another country such as Canada, England, or Nigeria?
  • Are you receiving PAY or a COMMISSION for facilitating money transfers through your account?
  • Did you respond to an email requesting you to CONFIRM, UPDATE, or PROVIDE your account information?

If you can answer YES to any of these, please contact your local law enforcement immediately.

   

"Verification" Phishing Scam Hits Indiana

ConsumerAffairs.com
February 19, 2006

Scammers passing themselves off as the "Nationwide Verification Office" have popped up in Indiana this month. Indiana Attorney General Steve Bell says the scam that has targeted mostly seniors in other states has been reported recently all across the Hoosier state.

"Callers representing themselves as from Nationwide Verification Office are calling Hoosiers and selling them a story that their bank accounts have been compromised and they need to verify their routing numbers and other personal information," Carter said.

Read the entire story...
 

Phishing Scams

The following information was taken from www.accurint.com .

E-mail Scams: Phishing

All Internet users should be aware of the online scam known as "phishing" (pronounced "fishing"). Phishing involves the use of e-mail messages that appear to come from your bank or another trusted business such as Accurint, but are actually from imposters.

Phishing e-mails typically ask you to click a link to visit a Web site, where you are asked to enter or confirm personal financial information such as your account numbers, passwords, Social Security number or other data. Although these Web sites may appear legitimate, they are not. Thieves can collect whatever data you enter and use it to access your personal accounts.

Other sites appear non-functional or temporarily out of service, this may be deceiving and in reality, the site may be downloading a virus and/or other ill-intended software to your computer.

How can I spot a phishing scam?

Look for these warning signs:

  • Language and tone. The message you receive may urge you to act quickly by suggesting that your account is threatened or will expire soon. It may say that if you fail to update, verify or confirm your personal or account information, access to your accounts will be suspended. The wording may also be sloppy and contain misspellings and or grammatical errors.
  • Requests for personal information.  Scam e-mails typically ask for personal or account information such as:
    -Account numbers and passwords
    -Credit and check card numbers
    -Social Security numbers
    -Online banking user IDs and passwords
    -Mother's maiden name
    -Date of birth
    -Other confidential information
  • E-mailed instructions to download software.  Do not install software downloads directly from e-mail messages, or from companies or Web sites you do not recognize. When in doubt, contact the company directly.
  • Non-secure Web pages. Clever thieves can build a fake Web site that looks nearly identical to an authentic one. They can even alter the URL (the Web address) that appears in your browser window address field on the top. Watch out for non-secure Web pages that ask for sensitive information (secure sites will typically display a lock in the status bar at the bottom of your browser window).

How can I decrease my risk of being a phishing victim?

Here are some safety tips:

  • Be suspicious of demanding messages. Messages threatening to terminate or suspend your account without your quick response should be treated as suspicious. A legitimate business should not request personal information from you over an unsecured Web site. When in doubt, call the business' customer service number (available on your account statement) to confirm the status of your account. Do not use telephone numbers found on the suspected Web site or email.
    Be cautious of downloads. Installing unknown software on your computer can put your personal information at risk and potentially harm your computer's hard drive. Make sure the software comes from a legitimate Web site, not an e-mail message. If you are not sure whether you should download a program, contact a customer service representative for more information.
  • Always type in the URL of the Web page you need. Phishing scams rely on embedded links that take you to fake Web sites. It is safer to type your intended Web address directly into your browser so you know you are visiting the legitimate site.
  • Protect your password. Do not write down sensitive personal information such as your login ID, password or Social Security number.
  • Keep your computer up-to-date. Industry best practices recommend that you install anti-virus and firewall programs to help keep your computer safe and that you keep updated with the latest Security improvements of your software providers.  
  • Report an online scam

Learn more about phishing

To learn more about phishing, review the suggested materials below:

General Security Tips

While anyone can fall prey to fraud and identity theft, many ways exist to minimize your risk.

Privacy

  • Never give out personal information online or over the phone unless you have initiated the contact. Allegis will never request that you submit confidential information over non-secure channels such as e-mail or phone calls initiated by us.
  • Avoid using easily guessed or learned information for as your online password
  • Avoid writing down passwords

Personal Computer Security

One way a thief can get personal information about you is from your home computer. The following tips detail how you can add to the security of personal information on your home computer.

Passwords and User IDs

For each computer or online service you use, you should have a user ID and password. Try to create the most unique password, and protect it. Commit your password to memory and do not share it with anyone.

The following easily-identifiable items should be avoided when creating passwords:

  • Your birth date or a family member's birth date
  • Names of family members or pets
  • Social Security number
  • Phone numbers
  • Dates of important events, such as anniversaries
  • Your login ID

Tips for creating strong passwords:

  • Use a combination of numbers, letters and punctuation.
  • Longer passwords are better.
  • Make sure it is something you can remember without writing it down.

Install and Use Anti-Virus Programs

Viruses can infect a home computer in many ways: through floppy disks, CDs, e-mail, Web sites and downloaded files. Anti-virus programs help protect your computer against most viruses, worms, Trojans and other unwanted invaders that can make your computer "sick." Viruses, worms and the like often perform malicious acts, such as deleting files, accessing personal data or using your computer to attack other computers. If a file is infected with a virus, most anti-virus programs provide you with options of how to respond, such as removing the harmful item or deleting the file. Installing an anti-virus program and keeping it up-to-date is the best defense for your home computer.

Firewalls: What Are They and How Do I Use Them?

Before you connect your computer to the Internet, you should install a firewall. A firewall can be generally described as a security guard for your home computer. The guard is a piece of software or hardware that helps protect your PC against hackers and many computer viruses and worms. With a firewall, you define which connections between your computer and other computers on the Internet are allowed and which are denied. There are firewall programs, both free and available for purchase that provides the capabilities you need to help make your home computer more secure.

E-mail Attachments

E-mail viruses and worms are fairly common. Here are steps you can use to help you decide what to do with every e-mail message attachment you receive. You should only open and read a message that passes all of these tests:

  • The know test—is the e-mail from someone you know?
  • The received test—have you received e-mail from this person before?
  • The expect test—were you expecting e-mail with an attachment from this sender?
  • The sense test—does the e-mail subject make sense based on who is sending the e-mail? Would you expect this type of attachment from this person?
  • The virus test—does this e-mail contain a virus? To determine this, you need to install and use an anti-virus program.

Purchasing and Installing Programs

Apply these practices when you select software for your home computer.

  • Learn as much as you can about the product and what it does before you purchase it.
  • Understand the refund/return policy before you make your purchase.
  • Buy from a local store that you already know or a national chain with an established reputation.

Keep Your System Up-to-Date

Most software vendors provide free patches to fix problems in their products. You can usually download these patches from the vendor's Web site. When you purchase a program, it is a good idea to find out how the vendor provides customer support.

Backups: How Important?

It is a good practice to back up important files and folders on your computer. To back up files, you can make copies onto media that you can safely store elsewhere, such as CDs or floppy discs.

For more information on home computer security, visit http://www.cert.org/ .

 

Top 10 Identity Theft Prevention Tips

  1. Be extremely cautious when handling and disclosing the following information:
  • Social Security Number
  • Past Addresses
  • Mother’s Maiden Name
  • Driver’s License Number
  • Date of Birth
  • Credit union, bank, and credit card account numbers
  1. Opt out of pre-approved credit card offers by calling 1-888-5-OPT OUT (1-888-567-8688). Your request covers all three major credit bureaus (Experian, TransUnion, and Equifax).
  2. Scrutinize monthly billing statements. Open bills and check e-statements promptly and look at your accounts each month. Look for charges you don’t recognize and report them immediately. Report late statements. Save receipts to compare with your monthly statement.
  3. Don’t leave outgoing checks or paid bills in your residential mailbox. Take your mail to the post office or drop it in a U.S. Postal Service mailbox. Also, consider paying bills electronically with Allegis Credit Union’s CU EasyPay.
  4. Invest in a personal shredder. This is your first line of defense. Shred financial statements (if you throw them away), pre-approved credit card offers, and canceled checks before disposal. A cross-cut shredder offers added security because it makes it harder to reconstruct the document.
  5. Keep a record of all your credit card account numbers, expiration dates, and the telephone number and address of each creditor. Store it in a secure place.
  6. Order a copy of your credit report at least 1-2 times per year from each of the three major credit bureaus (Experian, TransUnion, and Equifax). Look for address changes and fraudulent accounts. Check for accuracy. Do this on your birthday to help you remember to do it at least once per year.
  7. Limit the amount of information you place on your Internet homepage and on websites detailing family genealogy.
  8. Install a residential mailbox with a locking mechanism or install a mail slot to your existing door.
  9. Don’t voluntarily give out personal information such as social security numbers or credit card account numbers over the phone, unless you initiated the phone call. Ask for a call back number and match it against the telephone book or directory assistance.
 

Check Washing is Gaining Popularity Again

BALTIMORE (6/18/07)--As reliance on technology increases, so does the complexity of scams. However, some scammers are reverting to more primitive methods (baltimoresun.com May 29).

There's been a resurgence of check washing--the process of taking a legitimate check that has been filled out and signed, using a basic solvent available in drugstores or hardware stores to dissolve the dollar amount and recipient, and rewriting the check as the scammer chooses. The scammer obtain checks from a variety of methods, but mailbox theft still is one of the most popular (Forbes.com).

Protect yourself from check washing fraud:

  • Write checks with a gel pen--solvents can't dissolve them. A good option is the Uni-Ball 207, which sells for about $2.
  • Shred old checks and important documents you no longer need.
  • Don't put outgoing bills in the mailbox--take them to the post office or to a collection box. Also, don't put the flag up on your mailbox, particularly if you're mailing bills that contain account numbers.
  • Consider buying a mailbox with a lock (available at hardware stores) to protect incoming mail.
  • Buy checks with security features, and don't have them sent to you through the mail. Instead, pick them up at your credit union.
  • Fill out your checks completely, including a squiggly line in blank areas.
  • Inspect your statements thoroughly and report any suspicious activity immediately.
 

Fraud Resources

Find more information about safeguarding your personal financial information:
Federal Trade Commission - www.consumer.gov/idtheft or (877-ID-THEFT)
Experian (Credit Bureau) (888-397-3742 to report fraud)
Equifax - (800-685-1111 for credit report) or (800-525-6285 to report fraud)
Trans Union - (800-888-4213 for credit report) or (800-680-7289 to report fraud)
Privacy Right Clearinghouse - www.privacyrights.org or (619-298-3396)
Identity Theft Resource Center - www.idtheftcenter.org
Federal Bureau of Investigation (FBI) - www.ifccfbi.gov
Social Security Administration Fraud Hotline - (800-269-0271)
CUNA Mutual Group - www.cunamutual.com or (800 - 637-2676)