Category: SECURITY

With the holidays quickly approaching, criminals are looking for ways to trick unsuspecting people. Many individuals might be increasing their shipping activity, which could make a text message asking you to verify your package with UPS or USPS seem valid. While the message might look fairly legitimate at first glance, there are several red flags …

Criminals are looking for ways to trick unsuspecting people through text messages.

With the holidays quickly approaching, criminals are looking for ways to trick unsuspecting people. Many individuals might be increasing their shipping activity, which could make a text message asking you to verify your package with UPS or USPS seem valid. While the message might look fairly legitimate at first glance, there are several red flags that scream “fraud”. First, look at the link to see if it is suspicious. Never click on a link without knowing it’s 100% reliable. Secondly, ask yourself if the additional instructions for how to activate the link are reasonable. Be on guard! The objective from the criminal is all the same, to obtain your personal information or to get you to send money. If you receive a text with a link or instructions on how to activate the link, do not click on the link nor respond. Instead, look up the number and call to verify. While it might take a few extra steps, it will save you a lot of time and headaches in the end.

 

The Difference Between Frauds and Scams

An individual’s personal and financial information is a valuable commodity, and protecting it is key to maintaining financial security. Being able to recognize the signs and understand the differences between frauds and scams is essential in safeguarding oneself from having their hard-earned money taken away by scammers and fraudsters. Here are the differences and some practical tips to help people avoid falling victim to deceitful practices.

Fraud:

Fraud is financial theft without one’s permission or knowledge. Fraud refers to the deceptive and dishonest activities carried out with the intention of gaining financial or personal benefits––all while breaking the law. Examples of fraud include unauthorized use of someone’s credit or debit card, stealing someone’s identity and opening accounts in their name, and taking over an unsuspecting person’s financial accounts. Fraud is more difficult to protect oneself from than scams, as it happens without people knowing about it. However, regularly keeping an eye on financial accounts for suspicious activity is key to spotting it quickly.

Scams:

A scam is financial theft with one’s permission or knowledge. It’s a trick that is designed to persuade people into believing false information or promises, with the goal of gaining their money, personal information, or other valuables. Scammers often manipulate their victims by exploiting their trust. Examples of scams include people pretending to be debt collectors, offering fake investment opportunities, or promising fake lottery or prize winnings. For example, a scammer could mail, call, text, or email someone to tell them they’ve won a prize through a lottery or sweepstakes and then ask them to pay an upfront fee to receive the rest of the money. There is no prize. The scammer simply wanted quick payment from the victim. One of the most important ways people can avoid falling victim to scams is by staying informed about the latest scams––that way they spot that something is suspicious before they agree to take action.

Tips to Avoid Becoming a Victim:

Be Caution When Sharing Information – People should be cautious about sharing personal or financial information, whether online or offline. They should avoid revealing sensitive information, such as banking information, passwords, Social Security numbers, addresses, and phone numbers to unfamiliar callers, email senders, or unfamiliar websites.

Strengthen Online Security – People should use strong, unique passwords for each online account and use two-factor authentication whenever possible. Two-factor authentication is an extra security step in the process of logging into an account. As usual, people enter either their username or email address––followed by their password. However, instead of being granted access to their account after entering the password, the user needs to confirm their identity via another specified method. For example, the user may receive a text message or an email with a one-time code that must be entered to complete the login process. Other two-factor authentication methods include biometric information, such as fingerprint or facial recognition scanning.

Resist Pressure to Take Immediate Action – Acting in urgency is a warning sign of a scam. Scammers want people to act quickly and make payments without taking the time to think the situation through. Honest organizations will give people time to make a decision.

Avoid Unusual Payment Methods – If someone is asked by an unfamiliar person or business to send a payment via a wire transfer, prepaid card, or cryptocurrency, they should not do it. These methods are nearly untraceable, and once the money is sent, it’s usually gone for good.

Develop Awareness – People should regularly educate themselves about the latest tactics being used by fraudsters and scammers. Common frauds and scams are regularly shared on the Consumer Financial Protection Bureau’s website. This can help people spot common warning signs and red flags that might indicate a fraudulent attempt to obtain their financial or personal information before it happens.

Trust Any Instincts – If something seems too good to be true, it probably is. If someone is suspicious about something, they should talk with a trusted friend, family, or their financial institution before taking action.

The Bottom Line:

Knowing the difference between frauds and scams is an important part of understanding the full picture in regard to the deceptive practices that exist in today’s world. By educating themselves and being prepared to spot the red flags, people can avoid falling victim to fraudsters and scammers.

Watch out for Charity Fraud

According to the Giving USA Foundation’s annual report on U.S. philanthropy, Americans contributed nearly $485 billion to charity in 2021. Unfortunately, this willingness to donate money opens a door for scammers, who capitalize on donor’s goodwill to steal money. Charity fraud scammers succeed by mimicking the real thing.

This fraud is an example of Relationship and Trust Fraud under the Fed’s FraudClassifer model.

HOW TO IDENTIFY THREAT: Scammers solicit “donations” by contacting victims using the same channels as legitimate charities, such as telemarketing, direct mail, email, door-to-door solicitations, social media, crowdfunding platforms, and cold calls. Scammers may also use natural disasters or other emergencies to commit fraud. For instance, scammers may commit insurance fraud against natural disaster victims, re-victimizing people whose homes or businesses were damaged by the disaster.

HOW TO PROTECT AGAINST THIS THREAT: Real charities will accept donations using any method available to the donor, such as ACH debit, check, or credit/debit card. Scammers will request payments immediately using payment methods that are difficult to trace and provide the scammer guaranteed funds such as cash, gift card, virtual currency, Instant Payment, or wire transfer. Donors should verify the charity’s names and web addresses before donating. Consumers should also keep records of their donations and view their bank accounts regularly to ensure they weren’t charged the incorrect amount or unknowingly signed up for a reoccurring donation. Consumers who find incorrect or unauthorized entries on their accounts can dispute entries with their financial institution.

The Internal Revenue Service maintains an online database where consumers can check whether an organization is a registered charity and whether their donation is tax-deductible. Click here.

A victim of charity fraud can report it to the FTC and the government agency in their state that regulates charities. The consumer can further report a charity fraud to the FBI at 1-800-CALL-FBI or visit www.fbi.gov for more information.

The Latest Scam

We have provided some information and tips on how you can protect yourself from phony emails and phishing scams. In this article, we will be focusing on the latest scam published by the FBI’s Internet Crime Complaint Center (IC3), Tech Support Scams. Based on a Public Service Announcement published in July, this particular scam is on the rise. IC3’s 2022 Internet Crime Report shows this type of scandal had a 27% increase over 2021 and totaled in over $1B in losses.

How do you know if you’re being targeted:

The scammers will initiate contact with their victim through a phone call, text message, email, or popup window posing to be support from a company. They hook their victims by telling them they are eligible for a refund and that they need to gain access to their computer so they can guide them through the transfer. They will urge their victim to log into their bank account, and then take over control. During this process they will intentionally transfer more money than what was said to be refunded and play on their victims’ emotions by telling them they could lose their job if they do not receive the funds back. They will instruct their victim to send the money via cash disclosed in a magazine or to a pharmacy or retail business which will accept packages like this.

How do you protect yourself against the threat, below are some tips provided from IC3:

  • Never download software at the request of an unknown individual who contacts you
  • Never allow an unknown individual authorization to access or control your machine remotely
  • Do not click on unsolicited popups, links, text messages or even attachments.
  • Never send cash via mail or shipping companies

What do you do if you’ve fallen victim, or suspect you’ve been targeted:

If you suspect you have been a victim of this attack, you should report this activity to the FBI Internet Complaint Center at www.ic3.gov. You will need to include as much information as possible, and this should include.

  • The name of the person or company that contacted you
  • Methods of communication used, in include websites, emails, and phone numbers
  • The address where the cash was shipped and the recipient name

The source of this information was gathered from the FBI’s IC3 website and can be reviewed in more detail at https://www.ic3.gov/Media/Y2023/PSA230718.

Compass Community Credit Union is dedicated to protecting our members and the safety of your information. If you have any questions or concerns, please call us at 707-443-8662.

Preventing Identity Theft

If a fraudster steals your personal information, they can run up charges on credit cards, withdraw money from your accounts, open new accounts in your name, and more. Here are some ways you can prevent identity theft:

Safeguard Your Physical Records

While fraudsters are becoming increasingly sophisticated in their ways of stealing personal information, the tried-and-true method of physical theft is easy to rely on. Identity thieves can do a lot of financial harm with a lost or stolen wallet, mail, or documents you throw away. To limit the chances of identity theft, safeguard important documents at home, such as your Social Security card, birth certificate, passport, recent credit union statements, and tax documents. Put these documents in a locked safe. If you throw away any documents with your personal information on them, tear them up or shred them beforehand. Sensitive materials such as credit union statements, credit applications or offers, insurance forms, medical statements, checks, and utility bills can be a goldmine for thieves if they search through your trash. Opting into Compass e-Statements is an easy, secure way to protect your account information.

Additionally, you should consider collecting your mail daily. If an identity thief is willing to steal sensitive data out of your garbage, it’s likely they’re willing to steal sensitive data out of your mailbox. Consider signing up for Informed Delivery, which will notify you with a digital preview of the items being delivered—that way you’ll know if something is missing. If you know you’re going to be away from home for a while, sign up for Hold Mail service. By opting to use this tool, the USPS will safely hold your mail at your local Post Office until your return home, for up to 30 days.

Enable Two-Factor Authentication

Consider enabling two-factor authentication on all of your accounts. By adding two-factor authentication, accounts can only be accessed after entering the username and password, then by completing another prompt—such as entering a code you receive via text or email or scanning a fingerprint. Without having access to the latter, a fraudster can’t access your accounts.

Don’t Overshare on Social Media

Social media platforms are treasure troves for identity thieves. Not only is it common for someone to share their full name and date of birth on social media, but people are often sharing updates on their whereabouts and interacting with family members. For example, let’s say John Smith makes the following status update, accompanied by a photo: “Hey, everyone! Check out my new car! I’m going to take it for a spin and meet my mom at the dog park. Spike always loves playing fetch!” Under the photo, John’s mother, Jane (Doe) Smith comments, “I can’t wait to see you!” Without John realizing it, answers to common security questions were revealed:

What is the make and model of your first car?

What is your childhood pet’s name?

What is your mother’s maiden name?

Be wary of oversharing online.

If you have questions or if you’re looking for a way to increase security on your financial accounts, contact us at 707-443-8662. As an additional resource, visit IdentityTheft.gov to report identity theft and create a recovery plan.

Go mobile, stay safe

Today, doing anything and everything on your mobile phone is extremely easy – often too easy.  Here are some simple tips to help keep your money, and personal information, safe.

Treat your phone like a computer: It may be smaller but contains similar confidential information.   Set a logon password to protect your information should you lose your phone. In addition to setting a password, enable the fingerprint security and/or facial recognition settings on your phone to better protect your information.”

Be careful when you connect to open Wi-Fi; you may be exposing your information to hackers. Only connect to known, secure Wi-Fi when conducting business that exposes sensitive data.

Never save passwords in a text document: Never save sensitive data or passwords to a text document on your phone.

Think before you download: Only download apps from trusted sources.

Equip your phone with protection: Take advantage of malware and virus protection. Avoid leaving your phone unattended:  If you don’t, “hacking” can be as simple as someone else turning on your phone.

To learn more about the Compass app, click here.

Scams are on the rise. Protect yourself, don’t become a victim (part 2).

Last month, we provided some tips on how to identify recent scams. This is part 2 of our series on how to identify them and what to watch for.

E-mail Fraud/Phishing – What is Phishing?

Phishing is a general term for e-mails, text messages and websites fabricated and sent by criminals and designed to look like they come from well-known and trusted businesses, financial institutions and government agencies in an attempt to collect personal, financial and sensitive information.  It’s also known as brand spoofing.

Characteristics: 

•            The content of a phishing e-mail or text message is intended to trigger a quick reaction from you. It can be unsettling, might contain exciting information or demand an urgent response.  Phishing messages are normally not personalized.  

•            Typically, phishing messages will ask you to “update,” “validate,” or “confirm” your account information or face dire consequences.  They might even ask you to make a phone call.  

•            Often, the message or website includes official-looking logos and other identifying information taken directly from legitimate websites. Government, financial institutions and online payment services are common targets of brand spoofing.

Catch phrases:  

•            E-mail Money Transfer Alert:  Please verify this payment information below…

•            It has come to our attention that your online banking profile needs to be updated as part of our continuous efforts to protect your account and reduce instances of fraud… 

•            Dear Online Account Holder, Access To Your Account Is Currently Unavailable…, Important Service Announcement from…, You have 1 unread Security Message!

•            We regret to inform you that we had to lock your bank account access.  Call (telephone number) to restore your bank account.

In some cases, the offending site can modify your browser address bar to make it look legitimate, including the web address of the real site and a secure “https://” prefix.

Information sought: Social Security numbers, full name, date of birth, full address, mother’s maiden name, username and password of online services, driver’s license number, personal identification numbers (PIN), credit card information (numbers, expiry dates and the last three digits printed on the signature panel) and bank account numbers. 

Foreign Government Fraud 

Watch out for emails from senders posing as government or business officials offering to share large sums of money. If you have received an unsolicited letter containing any of the characteristics listed below, you should consider this a scam and delete the email. Most letters are variations of the following:

•            You receive an “urgent” business proposal “in strictest confidence” from a foreign civil servant or businessman.

•            The sender, often a member of the “contract review panel”, obtained your name and profile through the Chamber of Commerce or the International Trade Commission.

•            The sender recently intercepted or has been named beneficiary of the proceeds from real estate, oil products, over-invoiced contracts, cargo shipments, or other commodities, and needs a foreign partner to assist with laundering the money.

•            Since their government/business position prohibits them from opening foreign bank accounts, senders ask you to deposit the sum, usually somewhere between $25-50 million, into your personal account.

•            For your assistance, you will receive between 15-30% of the total, which sits in the “Central Bank of ______” awaiting transfer.

•            To complete the transaction, they ask you to provide your bank name and address, your telephone and fax numbers, the name of your beneficiary, and, of course, your bank account number.

•            The sender promises to forward your share within 10-14 working days!

Money Mule – What is it?

The Money Mule (victim) is recruited – often unknowingly – by scammers to move money made from illegal activity. Money is moved from one bank account to another. By using a money mule, it makes it harder for authorities to track down.

How do people become Money Mules?

Fraudsters approach their money mule victims in a variety of ways including social media, email, mail or phone. Many scams are typically disguised as online job opportunities that promise a fast and easy way to earn money. All they need is your account information to let money be transferred into your account. Then you move the money out of your account for a commission.

These scams look attractive, especially when a little extra income wouldn’t hurt, which is why so many people fall for them. But they are actually helping criminals commit crimes.

Tips:

1.           Be cautious of unsolicited emails and social posts.

2.           Verify company information online or give them a call.

3.           Thoroughly check offers from overseas companies.

4.           Never give out your bank account information.

Remember, do not give out your personal or account information unless you are absolutely sure you know who you are dealing with. If you have any questions or concerns, please call us at 707-443-8662.

Scams are on the rise. Protect yourself, don’t become a victim (part 1).

We have recently seen an increase in scams and would like to provide you with some tips on how to identify them and what to watch for.

Prize Pitch (Lottery) Scams 

The classic prize pitch scam involves victims receiving notification by mail, phone, or e-mail indicating they have won a prize (monetary or other valued items). 

However, in order to collect the prize the victim is required to pay various fees or taxes in advance. Victims either never hear from the organization again or receive further requests for money.

Tips: 

  • Challenge a caller who says you’ve won a prize to tell you where and when you entered. If you didn’t enter, you can’t win.
  • Keep track of contests, draws and lotteries you enter.
  • If it sounds too good to be true, it probably is.

Watch out for Charity Scams 

Fraud artists hope to profit from people’s generosity. Consider the following precautions to make sure your donations benefit the people and organizations you want to assist:

•            Be wary of appeals that tug at your heart, especially pleas involving current events.

•            Ask for written information about the charity, including name, address and telephone number. A legitimate charity or fund-raiser will give you information about the charity’s mission, how your donation will be used and proof that your contribution is tax deductible.

•            Ask the solicitor for the registered charitable tax number of the charity. Question any discrepancies. 

•            Check out the charity’s financial information. For many organizations, this information can be found online or call them.    

•            Watch out for similar-sounding names. Some phony charities use names that closely resemble those of respected, legitimate organizations. If you notice a small difference from the name of the charity you intend to deal with, call the organization to check it out. 

•            Be skeptical if someone thanks you for a pledge you don’t remember making. If you have any doubts about whether you’ve made a pledge or previously contributed, check your records. Be on the alert for invoices claiming you’ve made a pledge. Some unscrupulous solicitors use this approach to get your money. 

•            Refuse high-pressure appeals. Legitimate fund-raisers won’t push you to give on the spot. 

•            Be wary of charities offering to send a courier or overnight delivery service to collect your donation immediately. 

•            Be wary of guaranteed sweepstakes winnings in exchange for a contribution. According to law, you never have to donate anything to be eligible to win. 

•            Avoid cash gifts. Cash can be lost or stolen. For security and tax record purposes, it’s best to pay by check. 

Advance Fee Fraud 

Classified advertisements for loan opportunities do not guarantee the legitimacy of a company. Some companies claim they can guarantee you a loan even if you have a bad credit history or no credit rating at all. They usually request an up-front fee of several hundred dollars. If you send your money to these companies, it is unlikely you will get your promised loan and your advance payment will be at risk.

Advance fee loans operating for a criminal purpose generate millions of dollars annually in the U.S. Persons with poor credit ratings are usually the key targets and once the ‘loan processors’ receive your money, they usually disappear.

If you have doubts about the organization, contact the Better Business Bureau for further information.

Most important, do not give out your personal or account information unless you are absolutely sure you know who you are dealing with. If you have any questions or concerns, please call us at 707-443-8662.

Why You Should Monitor Your Automatic Payments

Between working, spending time with your friends and family, and pursuing your hobbies, there never seems to be enough time in the day. As a result, we are all looking for ways to cut the amount of time spent on mundane chores. Setting up automatic payments for recurring bills is a modern convenience that saves a significant amount of time. As long as you have the funds in your account, you’ll simply be able to set it and forget it, right? Yes—you could, but here are a few reasons why you should monitor your automatic payments:

Overdraft Fees

When making manual bill payments, you can always check to ensure you have sufficient funds in your account before you pay. When you enroll in auto-pay, there’s a greater risk of an overdraft to your account. While truly being able to set it and forget it would be great, it’s a good idea to continue checking in on your accounts before your automatic payments clear each month. This is especially crucial if you’ve automated any variable expenses, such as a utility bill. Try to get in the habit of checking your account balance before your auto-pay clears. While it’s not exactly a “set it and forget it” approach, it’s still more convenient that manually paying your bills each month.

Unnoticed Errors

There are a number of benefits to enrolling in auto-pay. It’s convenient and you’re less likely to miss a payment. A major downside, however, is actually something out of your control. Payees do occasionally make mistakes. While rare, these mistakes could be costly. If you aren’t monitoring your automatic payments, a significant mistake could go unnoticed.

Cancelled Services

If you’ve enrolled in auto pay and had only positive experiences, you might simply let your automatic ACH or Bill Pay services take care of everything. However, your auto-pay service doesn’t know when you’ve stopped going to the gym or canceled a service. If you’re letting your auto-pay take care of everything, you may find yourself wasting money on subscriptions you’re not using. Instead, simply check in on your account statements each month to ensure that you aren’t throwing your hard-earned money away.

If you decide to sign up for auto pay, set up eAlerts using the Compass app. You will receive a notification when your balance is low or when a transaction has occurred. It’s a great way to stay on top of your payments without having to manually make them yourself. Auto pay is incredibly convenient and is a payment process that is certainly worth looking into, but it’s important to have good financial habits rooted in an awareness of what you’re paying and when.

Watch out for these scams

Phone scams have been around almost as long as phones. Sadly, the prevalence of automated robocalls has exploded and appears to invade our lives almost daily.

Three general warning signs your call may be a scam:

  1. You get an unsolicited call from someone claiming to work for a government agency or Microsoft. None of them will call you unless you have already contacted them.
  2. The caller asks for your Social Security number or to “verify your identity” in any way.
  3. The caller threatens consequences if you do not provide payment or personal information.

Beware of these particular scams that are sweeping the nation:

The IRS Swindle

A threatening phone caller “from the IRS” (or “from the Federal Reserve”) says you’re guilty of tax evasion and must pay the penalty at once with your credit or debit card, or else face jail time or revocation of your driver’s license. Some folks with complex financial lives may pay up, assuming they made a mistake on their taxes. Wrong—the IRS never demands payment over the phone. Self-defense: Don’t pay. Report the scam to the U.S. Treasury Inspector General’s office at 1-800-366-4484.

The “Family member” Scam

The person claims to be a family member in trouble and needs your help, asking you to send them money or use your credit card. You might be asked to guess who’s on the line. If so, don’t give out any names. You ask the caller to identify who they are. Then ask them to describe something you know only the real person would know like a special occasion or trip together, a gift you gave or received or something in your home that they would know. Self-defense: Be absolutely sure you know who you are speaking with and do not give out any information until you know for sure who it is you’re talking with.

The “Computer Crash” Con

You get a phone call from a self-described “computer security expert” who warns that your Windows PC or laptop may be infected with a fatal virus. You might be asked for money to protect your system or to remove this nonexistent malware. If you agree to download a fix or allow remote access to your computer, the crook can ask for your passwords—and may actually install malware that you then have to pay to get rid of. Self-defense: Hang up on this scammer. No legitimate IT security pro will ever cold-call you in this way.

In short, a credit union is a cooperative financial institution where people work together to make everyone’s lives better. Everyone who has an account here is a member. And every member is an owner.

Rather than making profits to send to far-off shareholders, Compass CCU reinvests in our credit union. Which means we reinvest in YOU. That’s why we say that, at Compass Community Credit Union, we guide you to better banking.