Category Archives: Important Alerts & Scams

Important Alert: Card Cracking Scam Targets Students

Posted on by
Reply

scamCash-strapped college students have been recruited to participate in a scam
referred to as “card cracking.” Using ATM/debit cards and PINs willingly provided by the students, fraudsters deposit fraudulent checks to the students’ accounts. The funds are subsequently withdrawn by the fraudsters with the students receiving a portion of the funds for their participation.

Details
The “card cracking” scam was reported to originate in Chicago and generally targeted college students who were recruited through social media sites including Facebook, Instagram and YouTube. Participants were even recruited in person at college campuses. The sales pitch is to allow the fraudster to deposit a check to a student’s account and withdraw the funds for which the student receives half of the proceeds for agreeing to participate. This scam was since reported nationwide.

Willing participants provide the fraudsters with their ATM/debit cards and PINs. The fraudsters deposit fraudulent checks (stolen or counterfeit checks) to the student accounts via ATMs and subsequently withdraw the funds. Their proposition is simple: If you provide me with access to your account so I can deposit a check and withdraw the money, I will provide you with half of the proceeds.

After initial contact is made, the scammer arranges to meet up with the student to retrieve the debit card and corresponding PIN. The deposit is made, the money is withdrawn and then the fraudulent checks were subsequently returned unpaid and charged back to the students’ accounts. Following the fraudsters’ instructions, the participants report their ATM/debit card as lost or stolen and that the transactions were fraudulent.

The participants may not be entitled to protection under Regulation E (Reg E) for
unauthorized use of their ATM/debit card since they willingly provided their card to the
fraudsters, which contains an exclusion to the definition of unauthorized
electronic fund transfer:

Unauthorized electronic fund transfer means an electronic fund transfer from a consumer’s account initiated by a person other than the consumer without actual authority to initiate the transfer, and from which the consumer receives no benefit. The term does not include an electronic fund transfer initiated by a person who was furnished access to the consumer’s account by the consumer, unless the consumer has notified their financial institution that transfers by that person are no longer authorized.

This is a huge risk – especially for students who may have large amounts going through their accounts from loans, scholarships and tuition reimbursements.

“Even though the students might be considered victims, authorities point out that providing their debit cards to someone else is a crime,” the Sun-Times of Chicago stated.

There’s an easy solution: Never share your account information, debit card or PIN with anyone! 

Here are some other safety tips you should keep in mind:

  • Always verify the identity of the person trying to obtain personal information.
  • Never give personal information to someone over the phone or via email. Personal information includes: Birth date, Social Security Number, maiden name, address, bank account number, debit/credit card number, PIN number, etc.
  • Maintain a record of the phone call or solicitation. Write down the phone number that the person is calling from, the time and date they called, the caller’s name, and reported affiliation. If it was online, save a copy of the email conversation or advertisement.
  • If it sounds too good to be true, it probably is.
  • If you believe you may be a victim of fraud, call your local police department so authorities can be alerted to the activity. You can also report email or internet scams to the Internet Crime Complaint Center (IC3) by going online to http://www.ic3.gov.

14 Tips to Avoid Cyber Monday Scams

Posted on by
2

cyber-monday-discountIn the frenzy of limited time offers, last minute sales and one-click shopping, it can be difficult to stay secure while you shop online, particularly on days like Cyber Monday.

Consumers spend about 1.5 billion dollars on Cyber Monday. Coupled with the boom in sales is a predicted increase in the amount and severity of online scamming and data theft.

Will Pelgrin, CEO of The Center for Internet Security (CIS), a non-profit organization focused on improving the cyber-security posture of both the private and public sector, shares a few helpful tips about staying secure online this season.

1. Don’t Click on Pop-up Ads

Though it may seem obvious, malicious pop-up ads still pose one of the largest threats to web shoppers. According to Pelgrin, studies have shown that a large amount of consumers will click on the “ad” regardless of its message. Be mindful of what pop-ups say, it could be evidence of a security threat.

2. Keep Software Up-To-Date

Though many systems automatically update your software as new features become available, it’s important to keep your programs as current as possible. To avoid security holes, update apps and software minimally once a week, as newer versions appear.

3. Use Strong Passwords

An essential part of online security in any sense is using strong passwords. This means no birthdays, dog names or variations of “1234” for any of your accounts. For help making a strong password, check out this guide: How to Create a Secure Password.

4. Install Antivirus and Anti-Spyware software

When shopping, you don’t want others to be able to track what sites you’re visiting and what information you’re entering online. It’s important to make sure you have antivirus software installed on your computer to protect your sensitive financial information.

5. Enable ‘Timeouts’ on Mobile

According to Pelgrin, more and more consumers are doing the bulk of their holiday shopping on mobile phones. If you’re one of those consumers, make sure to enable a lock screen password, in case your device is lost or stolen. “If your phone isn’t timed out, you’re leaving the keys to your kingdom to whoever picks it up,” says Pelgrin.

6. Use a Secure Connection

Pelgrin recommends that any and all online financial transactions take place through a secure, private Wi-Fi connection, as opposed to using the more vulnerable free Wi-Fi in a coffee shop or library.

7. Avoid Email Advertisements

Your inbox is likely swarming with holiday promotions from all of your favorite (and likely least favorite) brands. To avoid being hacked, the CIS recommends you always enter the shop’s URL in your browser, rather than following the links contained in an email.

8. Shop at Companies You Know

Before you buy from a merchant on Amazon, Etsy or Ebay, check their rating and number of sales. Make sure they have good return policies and clearly posted contact information. If worried, you can always check on a businesses legitimacy through the Better Business Bureau.

9. Use Credit, Not Debit

“There are more security protections on your credit card that may not exist while using your debit card, should your info be taken,” says Pelgrin.

10. Ensure Your Site Is Secure

If you are entering your financial information on a webpage, make sure the URL begins with “https” as opposed to “http” or has a lock in your browser’s search bar.

11. Be Wary of Charity Sites

Though the holidays are frequently the most popular time to make donations to charity, Pelgrin urges consumers to check the legitimacy of your charity’s website.

“Fraudulent sites pop up during disasters and holidays like clockwork. Be alert,” he says.

12. Check Your Location and Privacy Settings

Many apps and websites will automatically share your GPS location by default. Sometimes, apps will change your settings once downloaded. Check what services your downloads have access to in your phone’s privacy settings.

13. Check Your Statements Frequently

According to Pelgrin, some hackers will do very low level theft once obtaining your information, charging small amounts to your credit card to avoid detection. Stay on top of your account statements and keep a record of how much you spend and where.

14. Add Browser Extensions and Security Apps

Pop-up blockers and malware detection extensions will add an extra layer to your security this season.

Happy Safe Shopping!

Click here to view the article source by Max Knoblauch of Mashable.

new%20ncua%20disclaimer-resized-600

Smishing – An ID Theft Scam

Posted on by
Reply

Have you been “smished” lately? Be on the alert for text messages with links — they could be an ID theft scam known as smishing.

Similar to phishing (which involves email), smishing uses cell phone text messages to deliver bait that’s intended to get you to divulge personal information. Smishing may involve winning a prize or a message that contains something that requires your immediate attention — the link tells you to “click here.” If you click on the infected link, it downloads malware that allows the bad guys to gain control of your device remotely. They can then use your phone from anywhere in the world to access your banking information, credit card data and the like.

What to do:
If you receive a text message that asks for sensitive information –

  • Do not reply to the message.
  • Do not click on any of the links that may be embedded in the message.
  • Contact your carrier’s privacy or fraud team. If their company name or brand is used in efforts to fraudulently obtain personal information, they may choose to pursue legal action.
  • Contact your financial institution to be sure your accounts have not been compromised.

Visit the FTC Identity Theft website to learn more about how to minimize damage from identity theft. If you believe that you have been a victim of a smishing scam, you can file an online complaint with the Federal Trade Commission’s Report Fraud webpage. You can also call the FTC toll-free at 1.877.FTC.HELP (1.877.382.4357).

Bottom line: Avoid clicking!

Save someone from getting smished:
As technology provides new ways to expose and defend against familiar scams, clever con artists devise new ones. Please share this with loved ones and friends — smish be gone, pass this on!

If you notice any fraudulent activity on any of your First Financial accounts, contact us by calling 732.312.1500, emailing info@firstffcu.com or stopping into any one of our branches.

Article Sources: http://www.andersoncooper.com

Tips for Recognizing and Avoiding Fake Check Scams

Posted on by
Reply

fraudFake check scams are clever ploys to steal your money and First Financial wants to make sure you know the ways you can avoid becoming a victim by simply recognizing how the scam process works. It is important that you understand that you are responsible for the checks you deposit to your account, even if they are fraudulent.

So, if someone you don’t know wants to pay you by check but wants you to wire some of the money back, beware! It’s a scam that could cost YOU thousands of dollars.

  • There are many variations of the fake check scam. It could start with someone offering to buy something you advertised, pay you to do work at home, give you an “advance” on a sweepstakes you’ve supposedly won, or pay the first installment on the millions that you’ll receive for agreeing to have money in a foreign country transferred to your bank account for safekeeping. Whatever the pitch, the person may sound quite believable.
  • Fake check scammers hunt for victims. They scan newspaper and online advertisements for people listing items for sale, and check postings on online job sites from people seeking employment. Scammers place their own ads with phone numbers or email addresses for people to contact them and they call, send emails, or faxes to people randomly knowing that some will take the bait.
  • They often claim to be in another country. The scammers say it’s too difficult and complicated to send you the money (i.e. they claim to be in the military or vacationing overseas) directly from their country, so they’ll arrange for someone in the U.S. to send you a check.
  • They tell you to wire money to them after you’ve deposited the check. If you’re selling something, they say they’ll pay you by having someone in the U.S. who owes them money send you a check. It will be for more than the sale price; you deposit the check, keep what you’re owed, and wire the rest to them. If it’s part of a work-at-home scheme, they may claim that you’ll be processing checks from their “clients.” You deposit the checks and then wire them the money minus your “pay.” Or they may send you a check for more than your pay “by mistake” and ask you to wire them the excess. In the sweepstakes and foreign money offer variations of the scam, they tell you to wire them money for taxes, customs, bonding, processing, legal fees, or other expenses that must be paid before you can get the rest of the money.
  • The checks are fake but they look real. In fact, they look so real that even bank tellers may be fooled. Some are phony cashier’s checks, others look like they’re from legitimate business accounts. The companies whose names appear may be real, but someone has dummied up the checks without their knowledge.
  • You don’t have to wait long to use the money, but that doesn’t mean the check is good. Under federal law, banks and financial institutions have to make the funds you deposit available quickly – usually within one to five days, depending on the type of check. But just because you can withdraw the money doesn’t mean the check is good, even if it’s a cashier’s check. It can take weeks for the forgery to be discovered and the check to bounce.That means it might be a month or more before they take the money out of your account.
  • You are responsible for the checks you deposit. That’s because you’re in the best position to determine the risk – you’re the one dealing directly with the person who is arranging for the check to be sent to you. When a check bounces, the bank or credit union deducts the amount that was originally credited to your account. If there isn’t enough to cover it, the bank or credit union may be able to take money from other accounts you have at that institution, or sue you to recover the funds. In some cases, law enforcement authorities could bring charges against the victims because it may look like they were involved in the scam and knew the check was counterfeit.
  • There is no legitimate reason for someone who is giving you money to ask you to wire money back. If a stranger wants to pay you for something, insist on a cashier’s check for the exact amount, preferably from a local financial institution or a financial insitution that has a branch in your area.
  • Don’t deposit it – report it! Report fake check scams immediately to NCL’s Fraud Center, at www.fraud.org. That information will be transmitted to the appropriate law enforcement agencies.

Think this doesn’t happen close to home or at First Financial? Think again!

Here is an example of an incident that occurred in one of our branches: We received an HSBC check from a member who stated that he received the check in the mail from a person claiming to need a personal assistant located near Russia. After further investigating the check, one of our tellers realized that the routing number did not have the required 9 digits – it had 10, and the check number on the bottom of the check did not match the check number in the top right corner. The teller went on to the HSBC website and discovered that there is not a financial institution located at the address printed on the check. The teller then contacted HSBC’s fraud department and spoke with a representative to confirm that the check was indeed fake. We then contacted the member to explain the situation and what was to follow.

If you suspect you’ve received a fraudulent check, please contact us at 732.312.1500 or stop into any one of our branches and have a representative look at the check to try to help you confirm its validity. We also encourage you to visit our Resources page on our website in order to protect yourself and/or your business from crime.

Article Sources: www.fraud.org | www.redtape.nbcnews.com

**First Financial is not responsible for content listed on external websites. 

 

Alert: Credit Union Members Recruited as Money Mules

Posted on by
Reply

alert-resized-600What is a Money Mule you may ask? A Money Mule is a person who transfers stolen money or merchandise from one country to another, either in person, through a courier service, or electronically. The term is commonly used to describe online scams that prey on victims who are unaware that the money or merchandise they are transferring is stolen. As a precaution, First Financial wanted to alert our members that there have been several reports of credit union members across the country being recruited as Money Mules, and unknowingly assisting fraudsters in laundering stolen funds. We want you to be aware of this scheme and to report any suspicious activity to your local authorities immediately.

Alert Details

Money Mules unknowingly assist fraudsters in laundering stolen funds. The source of the stolen funds received by the Money Mules is often from account takeovers at other financial institutions through online banking systems.

Money Mules are most often recruited through bogus job offers for payment processors, financial managers, or overseas representatives. Fraudsters typically find their potential Money Mules by searching websites where job seekers post their resumes. A key consideration in accepting the position is the ability to work from home.

Upon accepting the job, the Money Mules are notified they will receive deposits to their accounts via ACH and/or wire transfer. In some cases, the money mules are instructed to open an account at a financial institution in order to receive the funds. The Mules are instructed to not share details of their new job with anyone. Upon receipt of the funds, the Mules are instructed to either wire the funds to an account at another financial institution (foreign and domestic) or send the funds to individuals via Western Union. The Money Mules keep a portion of the funds deposited to their accounts as wages.

The deposits made to the Money Mule accounts via ACH and/or wire transfer are actually stolen from deposit accounts at other financial institutions and investment accounts held at brokerage firms. Using sophisticated banking Trojans, fraudsters steal the login credentials of online banking users and investors who access their investment accounts online. The fraudster logs into the account and transfers funds.

If you’ve fallen for the scam and become a Money Mule, here’s what has gone wrong:

  • You’re receiving stolen money. This may be through bogus sales from online auctions or the proceeds of phishing, where crooks have obtained victims’ bank details and are transferring their cash to your account (which is why they often want you to open an account at a particular bank — the same one as their victims).
  • It may even be cash from a crime that the crooks just want to get out of the country. Or someone just sends you a bogus check that you bank and then forward.
  • You’re taking a cut of the proceeds of crime and transferring the rest via an untraceable money wire to a crook.
  • You’ve given away your own personal information in that phony employment contract you signed, leaving yourself open to identity theft.

Although easy-money job offers sound so inviting, you do not want to become the real perpetrator of this crime. So here are some ways to make sure you DO NOT become a Money Mule:

  • First and foremost, money forwarding jobs like this don’t exist. Period. There is no law preventing global companies from directly transferring money from one country to another.
  • Never accept payments from anyone and then transfer part of the proceeds by money wire.
  • Don’t open a new bank account to receive money from people you don’t know.
  • Scrutinize the name of the company offering employment. Go to a site like DomainTools.com and check out when the website was registered. If it’s a scam, it’ll probably be within the prior 28 days.
  • Check the advertisement or email for poor language and grammar.

Please contact our Member Service Center at 732.312.1500 if you suspect any fraudulent activity on your First Financial accounts.

Contributing Article: http://www.scambusters.org/moneymule.html

 

Warning: Phony Sweepstakes Scam Using FTC’s Name

Posted on by
Reply

iWarning“Hi, I’m calling from the Federal Trade Commission to tell you that you have won $250,000…”

If you receive a phone call like this, you are most likely being targeted as a potential victim of a scam. Reports of someone claiming to be from the Federal Trade Commission (FTC) have surfaced, so be aware not to fall victim.  The scammers in this situation pretend to be from the Federal Trade Commission, possibly even using the name of an actual FTC employee, and ask you to pay “taxes” or “insurance” in order to claim your prize, either by wiring money or sending a check.

TelemarketedIf you receive any sort of calls like this, DO NOT send any money, and report the incident to the FTC at ftccomplaintassistant.gov.  The FTC is the nation’s consumer protection agency and they investigate fraud and provide free information.  The FTC will never ask you to send them money, and neither will a legitimate sweepstakes company.

Take the following precautions to prevent yourself from falling victim to any type of sweepstakes scam:

Don’t pay to collect winnings.  If a company makes you pay to collect your sweepstakes winnings, you aren’t dealing with a legitimate company and may end up never seeing that money again.  Legitimate sweepstakes companies will never ask you to pay “taxes,” “insurance,” or “shipping and handling” on your winnings.

Hold on to your money.  When scammers act, they will try to pressure you into wiring money through commercial money wiring companies such as Western Union.  Wiring money is essentially the same as sending cash, so if you do fall victim, there is very little chance of recovering your money.  Also don’t mail a check or money order, especially by way of any sort of high speed shipping.  This allows the scammers to receive the money before you realize the scam.

Beware of look-alikes.  It is illegal for anyone to lie about an affiliation with or endorsement by a government agency or other well known organization.  Sometimes scammers may use a similar name to trick you into trusting them, but remember, insurance companies will never insure delivery of sweepstakes winnings.

Phone numbers can be deceptive.  Internet technology exists that allows con artists to disguise their area code.  Although it may appear that your caller is contacting you from Washington DC, they could in fact be calling you from anywhere in the world.

Alert the FTC! If somebody tries to impersonate a government agency to try and take your money, be sure to file a complaint at ftc.gov or call 1-877-FTC-HELP.  When you do this make sure you provide as many details as possible. Your complaint is more helpful if it includes information such as the time of the call, the phone number, name of the person or organization who called, which FTC employee name(s) were used, requested amount and method of money to be sent, or any other details.

We urge you to constantly be on the lookout for scammers and to always protect your personal and account information. Do not hesitate to call our Member Service Center at 732.312.1500 or stop into one of our branches if you suspect any fraudulent activity on your First Financial accounts.