Valley Central Federal Credit Union: Consumer Scam Alerts

NCUA does not ask credit union members or the general public for information about credit card account numbers and/or expiration dates.

It has been recently reported to the NCUA that credit union members have been receiving e-mails stating that the "National Credit Union Administration temporarily suspended your credit account due to fraud attempts." The e-mail goes on to state "to reactivate your account call the toll-free number provided." The e-mail is addressed as originating from the NCUA region 1, Albany, NY office and the phone number to call has an Albany area code of 518.

Anyone who receives an e-mail that purports to be from the NCUA and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.

People affected by this scam, and variants of this scam, should be advised to forward the entire e-mail message to Phishing@ncua.gov. Additionally, formal complaints concerning any suspected fraudulent e-mail can be filed with the Internal Complain Center at www.ic3.gov.

The Internal Revenue Service has issued an alert, warning that the IRS name and logo is being used by fraudsters attempting to access taxpayer's financial information through e-mail, telephone and cell phone text messaging. These Fraudsters are especially heinous since it is tax season and the IRS is on the forefront of everyone's attention.

Note: The IRS does not ask for personal identifying or financial information via unsolicited e-mail, telephone calls or text messaging.

The following scams are being used to trick taxpayers into divulging financial account information for fraudulent purposes:

Taxpayers receive a phone calls telling them that they are eligible for a sizable-rebate for filing their taxes early and they are told to provide their financial account information for direct deposit.
Taxpayers receive e-mails claiming they are eligible for a tax refund of a specific amount. They are instructed to click on the link in the e-mail to access the refund claim form, which requires them to disclose financial account information.
E-mail notifications addressed to individual taxpayers claim that their tax returns will be audited. The individual is instructed to click on the link within the e-mail and complete forms disclosing personal and financial account information.
Business, accountants and 'Treasury' managers are receiving bogus e-mails regarding tax law changes. To obtain information on publications for businesses, estates taxes, excise taxes, exempt organizations, as well as IRAs and other retirement plans, the recipient is instructed to click an a series o links. The IRS suspects that clicking on these links downloads 'malware' onto the recipient's computer, which can be used to search for financial records and other private information.
A person claiming to be an IRS employee telephones taxpayers to say the IRS has mailed them a check that has not been cashed 'The caller' then asks for verification for financial account information.

Fraudulent Activity- Vishing

Date: January 2008

Source of Information: National Credit Union Administration (NCUA)

Summary

The NCUA has warned numerous times about "phishing" scams in which crooks send e-mails claiming to be from legitimate financial institutions. companies. or government agencies asking consumers to "verify" or "re-submit" confidential information such as bank accounts and credit card numbers, Social Security Numbers, passwords. and personal identification numbers. A variant on that approach using telephone systems. vishing, is increasingly being used to obtain this information form unwary consumers.

Consumers are becoming more aware that an e-mail they receive containing a link or other contact information could be malicious in nature. So criminals are moving away from primarily using e-mail as a method to gain confidential information to using methods victims are more familiar with, like calling a phone number.

In essence, vishing is the criminal practice of using social engineering and Voice Over Internet Protocol (VoIP) telephony to gain access to private personal and financial information from the public for the purpose of financial reward. The term "vishing" is a combination of voice and phishing. Vishing exploits the public's trust in land line telephone services, which have traditionally terminated in physical locations, are known to the telephone company, and are associated with a bill-payer. The victim is often unaware that VoIP allows for caller ID spoofing thus providing anonymity for the criminal caller. Vishing is attractive to criminals because VoIP is fairly inexpensive, especially for long distance, making it cheap to make fake calls. In addition, because it's web-based, criminals can use software programs to create phony automated customer call center service lines.

The scam works like this: Caller: "This is (name), and I'm calling from the Security and Fraud Dept. at VISA. My badge number is 123456. Your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a marketing company based in Arizona ?"

When you say "No", the caller continues with, "Then we will be issuing a credit to your account. This a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct ?".

You say "Yes". The caller continues - "I will be starting a Fraud investigation. If you have any questions, you should call the 1-800 number listed on the back of your card (1-800-VISA) and ask for Security." You will need to refer to this Control Number. The caller then gives you a 6 digit number. "Do you need me to read it again ?"

Here's the IMPORTANT part on how the scam works. The caller then asks you to read off the three digit CVV2 code. After you provide the CVV2, he'll say, "That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions ?" After you say "No", the caller then thanks you and states, "Don't hesitate to call back if you do", then hangs us.

You actually say very little, and they never ask for or tell you the card number. This scam was discovered when the card holder contacted VISA with questions. The real VISA Security Dept confirmed that it was a scam and in the last 15 minutes a new purchase of $497.99 was charged to the card.

If you discover this scam, immediately hang up the phone, file a fraud report, block the account and reissue a new card. VISA will never ask for anything on the card as they already know the information when they issue the card.