Global Payments Card Breach Could Increase Phishing
Be Vigilant for Fraud this Holiday Season
Telephone Scam Alert
Bogus Text Messaging
Security breach at Heartland Payment Systems
VISA Security and C V V 2 numbers
Phishing is just like fishing
Internet scam using NCUA
On the heels of the recent Global Payments breach, we are warning members of the potential for increased phishing attacks. These attacks could also target members who were not impacted by the recent card breach.
We are alerting members to be aware of any suspicious emails, text messages or phone calls requesting any personal or financial information. The next several days and weeks are critical.
The card information that may be requested includes: cardholder billing address; 3-digit CVV2/CVC2 code found on the back of the card; or enrollment criteria/passwords for Verified by VISA or MasterCard SecureCode. This card information was not part of the recent Global Payments breach. Criminals, however, may ask for this information to add to the other card data they may have obtained from the breach in order to perform illegal card transactions.
If a member receives a suspicious email, text or phone call, please contact the Credit Union immediately. Being aware of a potential phishing scheme may help curb the chances for ID Theft that may result from the recent Global Payments card breach.
Note: Your Credit Union will NEVER call you to ask for personal or confidential account information.
With the holiday season upon us, be on guard for scams. Especially when shopping on the internet, you are even more prone to being a target.
Remember that legitimate financial organizations, such as your Credit Union, never request personal financial information through an email and never include attachments in emails. Should you receive unusual emails like this, you are best to delete them.
Also, be careful should you receive an email from your “system administrator” asking you to perform maintenance on your account.
This is a widespread phishing scam that many banking customers have fallen victim to.
Even emails that appear to be from friends should be opened with caution. e-Card scams are widespread including those adorable animated holiday e-Cards that have been known to redirect viewers to a site with malware.
Needless to say, emails from desperate, wealthy people in foreign countries who need help securing their funds into a U.S. bank can be deleted guilt-free!
For more details, check out www.fightidentitytheft.com
Members of Credit Unions as well as banking customers have reported receving calls from 1-718-683-3104 stating that there has been fraud on their VISA debit card. The caller then asks for the card and PIN so that the client can be identified. The 718 phone number comes back to the sales office of the Laditude Condos in Riverside, New York. A google search shows multiple reports of that telephone number being used in similar scams. No one from the Credit Union will ever call you and ask for your card and PIN number. Please be aware.
In the last few days, credit unions from around the country have reported their members are receiving bogus text message (smishing) alerts. The text message indicates it is from Credit Union Services and advises the member to call the number provided in the text message to have their card reactivated.
This is a scam as no credit union would ever ask a member for this type of information using text messaging. Credit Unions have reported multiple phone numbers provided in text messages sent to credit union members to call to have their card reactivated.
Because of the increase in both smishing (text message phishing) and vishing (phone call phishing) attempts directed towards members asking for personal or financial information, we are alerting members to never respond to this type of request.
In fact, never respond to any type of request for personal or financial information being requested by text, phone or email.
If you are able…capture the telephone number used by the fraudster, report the number to the Federal Trade Commission at firstname.lastname@example.org
Diligent members and non-members have informed us of a “vishing” scam which uses telephone recordings to lure unsuspecting consumers into disclosing their personal account information.
Random calls are being made to members and non-members telling them their credit or debit card account has been compromised and that they will need to provide their account number and PIN verification.
YOUR CREDIT UNION WILL NEVER CALL OR EMAIL YOU ASKING FOR YOUR ACCOUNT INFORMATION.
Other credit unions are experiencing similar scenarios. Findings suggest that fraudsters do not know if the household is actually a Credit Union member. They count on the volume of false calls to produce their desired results. Unfortunately, this is a widespread problem affecting financial institutions around the country.
If you inadvertently respond to one of these calls and provide your confidential information, please notify us immediately.
The Baltimore County Employees Federal Credit Union has learned that there was a security breach at Heartland Payment Systems, a card processor for retail merchants based in Princeton, New Jersey.
Information that may have been compromised includes debit and credit card numbers, cardholder names, and card expiration dates. According to a press release issued by Heartland, no personal information such as addresses, phone numbers, PINs, or social security numbers was exposed.
These types of breaches sometimes occur through no fault or involvement of your Credit Union. Please be assured that we have sophisticated plastic card monitoring programs in place and have increased the monitoring of all accounts. Your Credit Union receives alerts of unusual account activity and potential fraud on a daily basis, and will contact you directly should this occur.
For this reason, the Credit Union does not intend to cancel or reissue any member cards at this time. We encourage you to review your statements and if you notice any discrepancies or suspicious activity, please contact our VISA Department at 410-828-4730 or 1-800-234-4730, option 3.
New techniques are being applied to previously used schemes. In a new twist on traditional forms of “phishing,” criminals are now targeting your C V V 2 information.
C V V 2 (Card Verification Value) is a three-digit code on the back of your card used during telephone or internet-based transactions. C V V 2 was implemented by credit card companies as a way to authenticate the actual card with the cardholder and reduce fraud.
In these new schemes, criminals posing as representatives of credit card companies communicate to you with urgency about a possible fraud scenario involving your card. During this process, you are then duped into revealing your C V V 2 number.
Your Credit Union will never ask you to reveal your C V V 2, PIN, or any other number because we have your account information on file.
Your Credit Union will never send you an email telling you our website is down and suggest that you access your account from an alternate website provided through a “convenient” link. These are examples of outright scams.
Today’s technology offers great convenience for members in handling their finances. It also offers criminals countless ways to creatively scam unwary consumers.
An alarming trend in internet piracy is called “phishing” (pronounced fishing)… which is exactly what the thieves are doing—fishing for your personal financial information.
“Phishing” thieves are desperately in search of account numbers, passwords, Social Security numbers, and other confidential information that they can use to loot your checking account or run up your credit card bills. If these individuals are successful, you could find yourself a victim of identity theft. With your identity, a thief has the ability to take out loans, obtain credit cards, and even acquire a driver’s license in your name. This can result in serious damage to your financial history, cost thousands of dollars to repair, and can take years to correct.
There are many ways in which a thief may try to “phish” out your personal information. One common avenue is by email. Typically you receive an email that appears to come from a reputable company, a government agency, or even the Credit Union. It may warn of a serious problem that requires your immediate attention. Often, by following their instructions, you are redirected to a phony web site that looks exactly like the real thing. The unsuspecting person, desiring to remedy the problem with their account will start to provide their personal information. Now, the internet thieves have pertinent information about you to continue their scam on your personal finances.
Remember these helpful hints:
|1.||Never provide your personal information in response to an unsolicited request.|
|2.||If you believe an email could be legitimate and have concern about an account problem they have brought to your attention, contact the financial institution or agency yourself.|
|3.||Never provide your password over the phone or to an unsolicited email request.|
|4.||Review your account statements regularly to ensure the accuracy of all charges, transactions, and balances.|
Report all suspicious email contacts to the Federal Trade Commission through the internet at www.consumer.gov/idtheft or by calling 1-877-IDTHEFT.
The e-mail message fraudulently shows that it is from the National Credit Union Administration (NCUA). It is addressed to credit union members advertising that they have been selected to take part in a quick and easy 5-question survey and that their responses will enable the credit union to provide improved and expanded online services.
The members are advised that their replies will be kept confidential and that in return for responding to the survey questions, $50.00 will be credited to the member’s credit union account.
To receive the $50.00 award, the member is asked to provide their account number and PIN so that the $50.00 may be credited to the member’s account.
The message is a scam. It is not from the NCUA. It is an attempt to obtain enough personal information relating to the member’s credit union account to enable the swindlers to steal money from the account.
We have been told that the NCUA is in the process of having this phony website closed down. However, until it is closed, please be aware that it is a scam and should not be responded to by any recipient.