Winter 2010 Scam Updates
January 8, 2010 - Debit Card Skimming Fraud
Please click here for more information.
December 14, 2009 - Fraudulent Cashier's Checks referencing Global Investment Holdings & Finance and/or BMA Mystery ShoppingFraudulent cashier's checks in the name of Great Basin Federal Credit Union are currently in circulation in conjunction with at least two different scams. The two scams we are aware of are sent through the mail; the letters reference either Global Investment Holdings and Finance or BMA Mystery Shopping. If you receive cashier's checks from either of these companies, do NOT cash the check or deposit it into your account. If you have further questions please call 775.789.3177 or 1.800.545.4228. You can also send us an email at fraud@greatbasin.org.
OTHER DETAILS: The FRAUDULENT checks have a similar ram's head logo in the upper left hand corner as valid checks. Next to the logo it lists the address and phone number in two lines:
9970 S. VIRGINIA ST.
RENO, NEVADA 89511 Tel. 1-289-888-2421
VALID GBFCU cashier's checks list the address and phone number in three lines:
9770 S. VIRGINIA ST.
RENO, NV 89511
(775) 333-4228
Other differences include:
Valid checks have the date printed all numeric: 12/04/09 - Counterfeit checks spell out the date: December 04, 2009
In the lower right hand signature area, valid cashier's checks state, "Two signatures required if over $50,000.00". There are two signature lines printed on all checks and under the bottom signature line it states, "VOID AFTER 90 DAYS" - Fraudulent checks only have one signature line with the words, "AUTHORIZED SIGNATURE", listed underneath.
December 11, 2009 - Phone Calls Soliciting Personal Information to "Reactivate" a Debit Card
We have had multiple members inform us that they have received phone calls from someone identifying them as their "credit card company" or "bank". The caller states that thier debit or credit card has been "disabled for the holiday season" and proceed to solicit personal information from the victim in order to "reactivate" the card.
Please remember: NEVER provide personal information to someone over the phone unless YOU initiated the phone call and can confirm that you are talking to a legitimate business.
FALL SCAM UPDATES:
October 28, 2009 - Fraudulent E-Mails Claiming to Be From the FDIC
The Federal Deposit Insurance Corporation (FDIC) has warned of e-mails that appear to be sent from the FDIC that ask recipients to download and open a "personal FDIC insurance file" to check their deposit insurance coverage. These e-mails are fraudulent and were not sent by the FDIC. The FDIC is attempting to identify the source of the e-mails and disrupt the transmission.
Currently, the subject line of the fraudulent e-mails includes the wording "check your Bank Deposit Insurance Coverage." The e-mails state: "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets."
The e-mails ask recipients to "visit the official FDIC website" by clicking on a hyperlink provided, which appears to be related to the FDIC and directs recipients to a fraudulent Web site. The Web site includes hyperlinks that appear to open forms. However, it is believed that clicking on the hyperlinks will cause an unknown executable file to be downloaded. While the FDIC is working with the United States Computer Emergency Readiness Team (US-CERT) to determine the exact effects of the executable file, recipients should consider the intent of the software as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to online banking services or to conduct identity theft. Financial institutions and consumers should NOT access the Web site or download the executable files provided on the Web site.
Information about counterfeit items, cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F-3054, Washington, D.C. 20429, or transmitted electronically to alert@fdic.gov. Information related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.
For your reference, FDIC Special Alerts may be accessed from the FDIC's website at www.fdic.gov/news/news/SpecialAlert/2009/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.
SUMMER SCAM UPDATES:
"MAKING WORK PAY" TAX CREDIT EMAIL PHISHING SCAM
If you get an email from the IRS about the "Making Work Pay" tax credit, DELETE IT. The email says that you can have money directly deposited into your account instead of receiving a tax credit and will ask for your name and your account number. Here are a couple of facts to keep in mind:
Taxpayers who aren't wage earners (like retirees) don't qualify for the tax credit.
The IRS does NOT discuss tax account matters with taxpayers via e-mail. Recipients should delete these messages, even if they include the IRS name, logo or Web site. If an e-mail is questionable, call the local IRS office (with a number from your phone book, not the e-mail) to confirm its validity.
The IRS warns against several other "phishing" scams now circulating, including e-mails from:
The Department of Treasury telling the recipient he/she will receive millions of dollars in recovered funds or lottery winnings or cash consignment if they provide certain personal information, including phone numbers, via return e-mail
Fraudsters that modify a genuine IRS form, the W-8BEN, Certificate of Foreign Status of Beneficial Owner for United States Tax Withholding. The e-mail may request detailed personal and financial information, such as passport number, bank account and PIN numbers, spouse's name and mother's maiden name, etc. The message may include the official form name/number or may make up a new one, such as W-4100B2.
Source: http://www.hrmorning.com/gotcha-warn-employees-about-the-latest-identity-theft-scam/ 
FORECLOSURE RESCUE SCAMS
Beware of foreclosure rescue scams - help is FREE! Keep in mind that:
Scam artists often target homeowners who are struggling to meet their mortgage commitment or anxious to sell their homes. Recognize and avoid common scams.
Assistance from a HUD-approved housing counselor is FREE.
Beware of anyone who asks you to pay a fee in exchange for a counseling service or modification of a delinquent loan.
Beware of people who pressure you to sign papers immediately, or who try to convince you that they can "save" your home if you sign or transfer over the deed to your house.
Do not sign over the deed to your property to any organization or individual unless you are working directly with your mortgage company to forgive your debt.
Never make a mortgage payment to anyone other than your mortgage company without their approval.
Information found on www.makinghomeaffordable.gov; click on the link for more information or call us at 775.789.3171.
MYSTERY SHOPPER SCAM (INTERNET LOTTERY SCAM/SWEEPSTAKES SCAMS)
This scam has been making the rounds as of late. A person receives a letter in the mail along with a check stating that they have recently applied for a position as a Mystery Shopper, or that they have won an Internet Lottery or the Publishers Clearing House Sweepstakes. The letter will look official and will have names of individuals to contact and in some instances will purportedly have the name of an IRS official who is responsible for the taxes on the prize.
They will ask you to deposit the check at your institution and then wire back funds to cover taxes, purchase items at stores etc. A request such of this is a definite indicator of a scam. Another sign of it being a scam is if the person that you contact tells you not to take the check to the bank it is drawn on because of a security feature of the check and that you must deposit it in your bank.
If you do deposit the check into your financial institution, when it is returned by the bank that it was allegedly drawn on, you will not only be responsible for the cash that you sent the fraudster, but you could also face civil and criminal penalties.
Spring 2009 Scam Updates:
VISA SECURITY CODE SCAM
Telephone scammers will call and pose as representative of Visa or MasterCard and ask for the three digit security code on the back of VISA/MASTERCARD credit and debit cards, claiming that they need to verify that you are in possession of your card. This allows them to perform fraudulent Internet, telephone, and/or mail order purchases using your account. If you did not initiate the phone call, do not give out the information.
FAKE AIRPLANE TICKET SCAM
There is a new e-mail scam that is being used to place malicious software on computers of recipients, who open an attachment that is purportedly related to the purchase of an airline ticket. This fake e-mail has used the name of major American carriers.
The e-mail will encourage the recipient to confirm a ticket purchase that they had never ordered by printing out an invoice and ticket after clicking on an attachment in the e-mail. A twist on this scam is an e-mail that says that you have won airline tickets and requires that you click on an attachment.
When you click on the attachment, you are downloading a malicious software program which will give the person wishing to commit fraud confidential information stored on your computer, such as account numbers, SSNs, online passwords etc. These programs also allow the person committing the fraud remote access to you computer.
If you have not recently purchased a ticket or entered a drawing where the prize is tickets, them immediately delete the e-mail and empty your deleted files folder.
Winter 2008-2009 Scam Updates:
January 15, 2009: A similar survery to the one sent out on 1/7/09 has recently been sent out claiming to be from Wal Mart. Please ignore these requests for your personal data!
January 7, 2009: An e-mail appearing to be from Frontier Financial Credit Union was recently sent out claiming to be a "Member Satisfaction Survey." It claims that if you complete the survey (as well as include personal and account information) you will receive a credit of $150.00 to your account. It appears that this e-mail is another scam effort by the individuals who are responsible for the recent fraud attempt using cell phones, e-mail and text messages. We have contacted Frontier Financial CU and it is our belief that this is yet another attempt to obtain individuals` account information.
A number of members have also received automated calls or text messages recently from "Frontier Credit Union" claiming that there is a problem with their credit union accounts. The calls are originating from numerous states including the 213 area code (Los Angeles, CA) and from the 773 area code (Chicago, IL). The automated call and/or text messages are asking for members to input their account number and other information. The message requests that the caller press 1 for more information. This in turn transfers the person to another system, which asks the member to give account number, PIN, Authorization Code, etc.
Great Basin Federal Credit Union will never contact you in an unsolicited email, text message or phone call and request personal information. Any such request is fraudulent and does not originate with or on behalf of Great Basin FCU.
Winter Scam:
CURRENT RASH OF PHISING
Recently, members of Great Basin Federal Credit Union as well as members of the general public have been blanketed with telephone calls, text messages and/or e-mails which state that their account has been compromised and asking them to call a specific telephone number and input the information on their account. It stated that if the person did not provide the required information their account would be frozen.
This recent incident of phishing has targeted a Northern Nevada credit union and a new twist has been added to this scam. During the first week of January, e-mails started to appear asking the recipient to fill out a customer service survey and in return they would have either $150.00 or $500.00 dollars credited to their account (depending on which version of the e-mail you received). In this version of the scam, the individuals sending out the e-mail appear to have copied the recently targeted credit union`s website so that it appeared to be from them. As with the earlier attempt, this attempt asked that the recipient provide all types of information including account information and passwords.
Credit unions and banks are not the only ones that are being used by these individuals to target victims. They have also started to use social networking sites in addition to well-known internet companies.
HOW THE SCAM WORKS
In the e-mail you are given a link to click on which then re-directs you to what appears to be the legitimate site. If you look at the URL bar you will see what appears to be the correct site, but is actually not.
The site that you are re-directed to is a server where the individuals running the scam have purchased or rented space. These servers are typically located in the United States. Once they have the space on the server, they put up their phony website and transmit all the information that is provided to a second server which is located outside of the United States. Once the information is transmitted it makes its way to the origin of the scam.
The individuals running the scam then take the information that is provided and create duplicate cards based on the information that has been provided. Once they have created the cards, they proceed to get everything that they can.
Generally speaking, the whole process from the time that an individual inputs the required information to the time that the duplicate card is made and being used is sometimes less than an hour.
It is believed that a majority of the attacks are originating from Romania and other Baltic States.
HOW TO AVOID BEING SCAMMED
1. If you receive an e-mail, text message or phone call similar to those that have blanketed the area in the past few weeks, call your financial institution and speak with an individual at the institution to verify if it is a valid message. As a rule, financial instructions will not ask for information in this manner. This also applies to Federal Agencies such as the FBI etc.
2. If you are going to make purchases over the Internet, make sure that you are dealing with a reputable company and only make purchases on those sites that employ 128 bit key or higher encryption. This will ensure that the information you are sending will not be visible to anyone other than the intended receiver.
3. When in doubt, do not be afraid to ask questions. It can hurt you if you don`t!
Please report any fraudulent activity to mailto:susand@greatbasin.org. Any member having additional questions may also contact mailto:timm@greatbasin.org. You can also contact the Federal Communications Commission at 1-888-CALL-FCC (1-888-225-5322) or http://www.fcc.gov/ as well as the Nevada State Treasurer`s Office at (775) 684-5600.
Fall 2008 Scam Update:
eBAY AND GIFT CARD SCAMS
With the holiday season soon upon us and with the economy being in the current state it is, a number of people will be looking for other ways to purchase gifts. One of the ways people will use is shopping for a present on eBay similar online outlet or giving gift cards.
There are several ways that you canned be scammed on eBay, these include:
1. Bogus or non existent items (most common)
2. Nigerian (or other) bogus cashier check payments
3. eBay or PayPal phishing email (ID Theft/Credit Card Theft)
4. 2nd Chance Offers
Here are some things that you should remember when purchasing an item online:
1. Understand as much as possible about how the auction works, what your obligations are as a buyer, and what the seller's obligations are before you bid.
2. Find out what actions the website/company takes if a problem occurs and consider insuring the transaction and shipment
3. Learn as much as possible about the seller, especially if the only information you have is an e-mail address. If it is a business, check the Better Business Bureau where the seller/business is located
4. Examine the feedback on the seller if available
5. Determine what method of payment the seller is asking from the buyer and where he/she is asking you to send payment. If a problem occurs with the auction transaction, it could be much more difficult if the seller is located in a country other than your own, due to the difference in laws.
6. Ask the seller when delivery can be expected and, if there is a problem with the merchandise, if is it covered by a warranty or can it be exchanged.
7. Find out if shipping and delivery is included or is it an additional charge, so that no unexpected charges are incurred.
Things to never do when purchasing an item online:
1. Never give out your Social Security Number or Driver's License number.
2. Contact the seller through a means other than that which is provided by the site. Usually the seller will use the terms "Please do not use Ask Seller a Question as my email box is full".
3. Never accept an offer from a seller that states that even though you have lost the auction or similar sale, that the seller will offer you a second chance at purchasing the item another way.
When in doubt, you can always use the tools that are on the site to verify if there is or has been a problem in the past with the person/company you are dealing with.
GIFT CARD SCAMS
Gift cards are expected to generate approximately 24.81 billion dollars in sales this year. Here are the most common scams and ways to combat them.
1. Used, counterfeit, and fraudulent gist cards are being sold on auction websites.
2. Sellers often overstate the value of gift cards that they are selling on auction websites, so buyers don't get what they think they were getting.
3. Scammers using stolen credit cards to buy gift cards and then sell them for cash, either at online auctions or elsewhere
Here are some ways to protect yourself against Gift Card Scams:
1. Don't buy gift cards from online auction sites.
2. Only buy cards directly from the store issuing the card or from a secure retailer's website.
3. Don't buy gift cards off of publicly displayed racks in retail stores.
4. Always carefully examine the front and the back of the card before you buy it.
5. Always ask the store cashier to scan the card in front of you.
6. Always keep your receipt as a proof of purchase as long as there is money stored on the card.
7. If possible, register the card at the store's website.
8. Finally and most importantly, never give your social security number, date of birth or any other private information when you purchase a gift card. No reputable company will ask for this information.
Each month, as a service to our members, we will highlight a different scam that is currently making the rounds. If you should have any questions or concerns, please feel free to contact our Security Coordinator, Susan Davis, at: susand@greatbasin.org or 775-789-3120.
Featured Scam: September
So you think you won the lottery...
You sit down daily and check your email to see if any one has sent you mail and you see that you have an email from a place you have never heard from stating that you have won a lottery and you open the email.
You open the mail and it is an official looking document often times with a reference to an "Award Notification". As you read it, the email tells you that you are one of a number of winners that has been selected randomly by a computer based on your email address.
The notification will generally contain the ticket number of the lottery, the batch number, a file number, and the numbers that have been assigned to you as well as a lotto code.
It also contains information that they will require for you to collect your winnings and a telephone number that you are supposed to call.
You don't remember entering any lottery but you will take the money just the same, you fill out all the information and submit it to the company and dream of how to spend the money while you wait for your prize to arrive.
A couple of days later in the mail you start receiving NSF notices from your financial institution which state that your account is severely overdrawn, but you know that can not be because you remember making a deposit a few days ago and have just balanced your checkbook. So you decide to call your bank and upon talking to the Telephone Services people, you find out that your account has been completely emptied. It suddenly dawns on you that when you filled out the lottery claim, you included your account information and other details.
Although the above scenario sounds like a stretch of the imitation, it happens all the time and can happen to anyone, including you. It occurs on a daily basis to people all over the nation, who, given the current economic conditions, do not realize that they are being scammed.
These scams go by all types of names: Global Award Lottery, Prime Clearing House (PCH), International Lottery Commission, International Gallery Promotions, Inter-State Financial Investment Services, to name just a few.
Some like Prime Clearing House (PCH) use a name that is similar to Publisher's Clearing House/PCH, to lull people into thinking that they are entering the Publisher's Clearing House Sweepstakes with hope of Ed McMahon showing up at their front door with a big cardboard check.
Lotteries, Sweepstakes and the like require that you take a specific action to be eligible for a prize, such as buying a ticket, completing an entry form. Lottery winners and sweepstakes winners are never ever selected by the use of emails. So if you receive such an email delete it immediately or readjust your spam controls to prevent receipt similar emails in the future.
Each month, as a service to our members, we will highlight a different scam that is currently making the rounds. If you should have any questions or concerns, please feel free to contact our Security Coordinator, Susan Davis at: mailto:susand@greatbasin.org or 775-789-3120.
Featured Scams: July
YAHOO/MSN LOTTERY SCAM
There is a new Lottery Scam finding its way into e-mails. This scam is similar to the Nigerian Letter scams that are constantly making the rounds.
This newest scam purports to be from YAHOO/MSN Lottery Incorporation, Baley House, Har Road, Sutton, Greater London, SM1 4te, United Kingdom. There are a number of problems with this address. First, "Baley House" is misspelled and should be spelled "Bailey House" , and Sutton is not in Greater London, but is rather in Surry which is a suburb of London and has its own mail code.
The writer of the letter claims that the recipient of the e-mail has won 500,000 British Pound Sterling, which is approx. $980,311.39. The currency of Great Britain is the pound and not the pound sterling.
Yahoo, MSN and Microsoft, contrary to what the letter states, does not collect the e-mail addresses of all the people that are online, nor do they participate in any such lottery. A copy of the e-mail is can be viewed here.
PHISHING EMAILS
This is one of the most common scams in which the fraudster sends an e-mail requesting that a person verify personal information for an account that they have. The most common are fraudulent e-mails requesting account information for a PayPal, eBAY, or bank account.
These e-mails will look if they are from eBAY, PayPal or a financial institution and generally will state that there was a problem with the computers for their site and that it has caused them to lose some of your information. It will generally include a link that it requests you to click on which then re-directs you to another site where you complete a "Personal Account Verification" form. Part of the information that it will request is your screen name, password, and account information.
Click here to view a copy of an actual page set up by a fraudster to obtain information as well as the e-mail that preceded it.
No legitimate company is going to e-mail you to verify account/card numbers, passwords, PINs (personal identification numbers) or other personal information. If you receive an e-mail requesting such information, immediately contact the company by telephone or by going to the actual site and checking with them to see if the e-mail is valid.
If you should have any questions regarding the featured scams or general security pertaining to your Great Basin Federal Credit Union Account, please contact our Security Coordinator, Susan Davis at mailto:susand@greatbasin.org.
