REMEMBER: PAFCU will never call or email you to ask for any personal information, including login information and card numbers. If you ever doubt the validity of a call from someone who says they are a PAFCU employee, please hang up and call us at (631) 434-3500.
We have all been impacted by the recent turmoil in the economy. Now more than ever, credit union members are wondering about their account insurance. You can rest assured; your funds are safe. Your accounts are insured up to $250,000.00 by the National Credit Union Administration, a U.S. Government Agency. As your credit union, we take pride in providing our members with quality services and sound business practices. If you have any questions, please contact a Member Service Representative at 1-631-434-3500.
Fraud & Scam Information
Fraudsters are using the internet, mail, and telephone in many ways to try to make you fall victim to their schemes. It’s important to remember that fraudsters are clever at gaining your trust and gathering your personal information.
Below is a list of common fraud schemes you should watch out for.
Google Docs Phishing Scam
Google Docs Phishing Scam
A dangerous email phishing scam is making the rounds. Employees at various organizations that use Google for email, as well as thousands of personal Gmail customers are reporting the same scam.
It starts with an email from a known contact, which says that the person has shared a Google Doc with you. You’re invited to click the link to open, which redirects you to a legitimate Google sign-in page. You’re prompted to select one of your Google accounts and then authorize a legitimate-looking app called "Google Docs" to manage your emails.
That’s how the scam works: the app called "Google Docs," which requests permission to read, send, and delete emails, isn’t really a Google app. Rather, it’s an app controlled by hackers. It seems that once it has permission to manage your email, it secretly sends out emails to all your contacts, with the same phishing link. Once the hackers have control of your Gmail account, the possibilities are dangerous. Personal and business email accounts are commonly used as the recovery email on a number of digital accounts, which means that hackers could potential get control over your Apple, Amazon, Facebook, Twitter or personal Google account. Anything linked to a compromised Gmail account is potentially at risk.
To protect yourself, the most important thing to do is to delete any email about a shared Google Doc, unless you can personally verify with the sender that it’s not a phishing email. If you already clicked on the link, you should set up two-factor authentication, using a cell phone number, on any critically important account. You can also remove permissions for the fake "Google Docs" app from your Google account. Go to myaccount.google.com, Sign-In and Security, and Connected Apps. From there, look at the list of connected apps, and ensure that anything you don’t recognize is deleted.
Text Message Phishing Scam
Text Message Phishing Scam
Recently, The National Credit Union Administration (NCUA) has received a number of consumer calls about a suspicious text message claiming to come from the agency.
The message reads: "National Credit Union Administration Alert for (recipient's phone number). Contact 844-234-5445."
It has been confirmed that this is not a communication from NCUA. The agency stressed that it does not seek personal information through the internet or on the telephone.
Please contact NCUA's Consumer Assistance Center at 1-800-755-1030 between 8 a.m. and 5 p.m. Eastern if you receive one of these messages. NCUA also recommends contacting the Credit Union and, if necessary, local law enforcement. You can reach the Credit Union at 631-434-3500.
IRS Impersonation Scams
IRS Impersonation Scams
We have learned that individuals and businesses are receiving fraudulent phone calls impersonating the Internal Revenue Service (IRS) attempting to obtain personal information. The IRS also issued an alert regarding fraudulent emails impersonating the IRS. The emails coerce the recipient into clicking on a malicious website link. These phone calls and emails are fraudulent.
It is important to keep in mind that the IRS generally does not initiate contact with taxpayers by email or phone to request personal or financial information. If you receive such a communication from the IRS, do not provide any personal information (especially while on the telephone). Rather, if you feel the contact may be legitimate, first review and follow the guidelines provided by the IRS.
Tech Support Scams
Tech Support Scams
PAFCU is committed to educating its members about how they can protect themselves and their families from frauds and scams. Recently, scam artists have been making phone calls, sending e-mails, and setting up phony websites to try to gain access to an individual’s computer. A scam artist will contact the victim claiming to be a computer technician associated with well-known company, like Microsoft. The scam artist will state that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need. These scammers take advantage of your reasonable concerns about viruses and other threats. They know that computer users have heard time and again that it is important to install security software. But the purpose behind their elaborate scheme isn’t to protect your computer; it’s to steal your personal information, such as access codes, passwords, and account numbers, and fraudulently obtain your money. Therefore, please do not allow an unknown party, or one that has not been verified as legitimate, to remotely access your computer, as it could result in a security compromise.
As the CU receives notifications of possible data and security breaches, we evaluate each situation to determine the best course of action to protect our members. In some cases this means that we may re-issue debit and ATM cards believed to be compromised. While we understand that this is an inconvenience, we believe it is prudent to protect our members’ accounts from future fraud.
We also use other fraud monitoring tools to approve debit card transactions, such as analyzing patterns in your use of your debit card and recognizing transactions that may be "out of the norm" for you. If this occurs, a transaction may be declined or you may receive a phone call from our fraud prevention specialists to inquire on transactions we suspect to be fraudulent. While we make every effort to ensure our members’ experience with their debit card is convenient, these steps may be necessary to prevent unauthorized transactions from posting to your accounts.
The following are recommendations that you should consider to monitor activity on your accounts and to protect your personal information:
- Regularly check your account statements and activity through Home Banking
- Enroll in Alerts in Home Banking to set up transaction notifications to inform you of activity that posts to your account
- If you have reason to suspect fraudulent activity on your account, contact us immediately at 1-631-434-3500 or send us a secure message through Home Banking.
If you find anything unusual at any ATM or other places like gas pumps where credit and debit cards are accepted, please report your observation to the financial institution during business hours or contact the local police department.
"Skimming", where criminals steal your PIN and account number using devices and cameras that capture personal information is increasing dramatically and is becoming harder to detect. The first part is the skimmer itself, a card reader placed over a real card reader slot. When a card is slid into an ATM (or swiped at a gas pump), it is sliding through the counterfeit reader, "a skimmer," which scans and stores all the information on the magnetic strip. However, to gain full access to the accounts, the thieves still need the PIN. Cameras hidden on or near the ATMs or gas pumps are positioned to get a clear view of the keypad and record all the PIN information. Some ATM skimming schemes employ fake keypads instead of cameras to obtain PINs.
Here are three tips to help you protect your account when using an ATM:
- Hide your password with your hand
Always cover your password with your hand. Criminals disguise hidden cameras to try and obtain your password. By protecting it with your hand, ATM thieves can't access your PIN.
- Observe the ATM
Take a quick look at the ATM machine. Does anything look a bit out-of-place? If the card reader moves around when you try to wiggle it with your hand, a "skimmer" may be laid over it. A genuine card reader should not move around and will be securely attached as part of the ATM.
Examine the keypad and check for cameras. If the keypad looks a bit too thick or appears to look different from how it normally appears, something may be wrong. Check for any suspicious looking cameras, that may be placed around the ATM above the screen, around the key pad, or in a brochure rack.
- Check your account balances and transactions frequently
Regularly check your savings, checking, and credit card accounts online. If you notice any suspicious activity, contact your financial institution immediately.
There are multiple ways this type of fraud can occur. For example we will use one of the most common.
Fraudsters contact victims through employment websites and ask them to first evaluate the Western Union Money Transfer service. The fraudster sends the victim a check and instructs them to deposit the check and use the funds to send a money transfer.
Secondly, the fraudsters also inform the victim that they are being hired to evaluate various retail outlets and to complete an evaluation form on those assignments. The victim actually goes to those retail outlets and evaluates their products and services not knowing all along that this is a scam.
The victim sends the money transfer, keeps a small amount of money from the check and in the meantime the fraudster picks up the funds at Western Union. What the victim is not expecting is for the check to be returned back to their financial institution as a "counterfeit" and the victim is left responsible for the funds owed to their financial institution.
The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as a signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will be returned to their financial institution and the victim is left responsible for the funds owed.
Victims are informed through an unsolicited communication that they have won a large prize or sweepstakes. The victim receives a check for part of the winnings from the fraudster and is told to pay a small amount to cover taxes and/or processing fees. The victim uses the check to pay for the taxes or fees and is left responsible to their financial institution for the returned counterfeit check and the amount that they now owe them.
Victims are told to send money for a product, auction item or service to the seller. The fraudster will use a number of tactics to make you believe they are legitimate, but once the victim sends the money they will not receive the purchased item or service.
A common fraud in which the victim is sent a check in payment of a product or service that appears to be valid, but will eventually bounce. Typically, the amount of the check exceeds what the victim expects to receive and he or she is instructed to send the excess to the fraudster. When the check is returned to the victim’s financial institution, the victim is left responsible for the funds owed.
Business Email Compromise
Business Email Compromise
Recently, the FBI and the Department of Business Regulation put out Public Service Announcements regarding a scam known as the Business E-mail Compromise (BEC). The BEC, by definition, is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
Most victims report using wire transfers as a common method of transferring funds for business purposes; however, some victims report using checks as a common method of payment. The fraudsters will use the method most commonly associated with their victim’s normal business practices.
For more information, suggestions for protection and victim assistance information visit the following links: