ISPFCU is committed to helping our members achieve financial independence and security. With that commitment in mind, we are pleased to provide you with a wealth of current and unbiased financial information right at your fingertips so that you can make more informed financial decisions and achieve your goals.
Identity thieves are now targeting cell phone users with a scam called smishing. In smishing scams, cell phone users receive a text message that seems to come from a legitimate source, such as a financial institution. The message seeks to convince users into clicking on a link via the phones Internet connection or into calling a certain phone number. Both the link and the phone number are fraudulent and lead to a request for personal information that can be used for identity theft. Once your identity has been stolen, it generally takes much time and effort to regain your lost funds and your good name.
Take a few simple precautions to protect yourself from this growing form of fraud. First, never respond to unsolicited requests for personal financial information received via text message, even if the request appears to come from a legitimate institution that you do business with. Second, always be sure of who you are dealing with. Don’t click on links in text messages or call numbers listed in text messages. Verify contact information independently and key in web addresses yourself. Lastly, monitor your credit report regularly for signs of irregularities.
To file a complaint with the Federal Trade Commission about any suspected scam or fraud that you may have encountered please click here.
Remember, ISPFCU will never contact you via text message, e-mail, phone, or any other way to ask for account numbers or passwords. If you suspect you have been a victim of identity theft, contact ISPFCU at 800-255-0886.
IRS Warns of New E-Mail and Telephone Scams
IRS has posted new warnings about phone and e-mail scams, both tied to this year’s economic stimulus payments and tax season, by fraudsters seeking to acquire taxpayers’ financial institution account numbers and other sensitive data.
In one of the scenarios, people have been contacted by phone and told by the caller that they need to provide their account numbers in order to get the stimulus payments. But IRS isn’t calling or e-mailing people for this information; it’s making the payments based on information in taxpayers’ tax returns.
In another case, people are receiving an e-mail with a link to a form where recipients are told they must provide information to receive their payments by direct deposit. IRS says the senders are probably really trying to get recipients’ personal and financial information so they can clean out their accounts. And taxpayers that want to receive tax refunds, or stimulus payment, by direct deposit are already instructed to provide the required information on their tax returns, it notes.
Credit Card Phone Scam
The below is from an email being circulated.
Person calling says, "this is , and I'm calling from the Security and Fraud Department at VISA. My Badge number is 12460. Your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card which was issued by bank. Did you purchase an Anti-Telemarketing Device for $497.99 from a marketing company based in Arizona?"
When you say "No", the caller continues with, "Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?"
You say "yes". The caller continues... "I will be starting a Fraud investigation. If you have any questions, you should call the 1-800 number listed on the back of your card (1-800-VISA) and ask for Security. You will need to refer to this Control #" The caller then gives you a 6 digit number.
"Do you need me to read it again?"
Here's the IMPORTANT part on how the scam works. The caller then says, "he needs to verify you are in possession of your card". He'll ask you to "turn your card over and look for some numbers. There are 7 numbers; the first 4 are your card number, the next 3 are the 'Security Numbers' that verify you are in possession of the card. These are the numbers you use to make Internet purchases to prove you have the card. Read me the 3 numbers".
After you tell the caller the 3 numbers, he'll say ,"That is correct. I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?" After you say No, the caller then Thanks you and states, "Don't hesitate to call back if you do", and hangs up.
You actually say very little, and they never ask for or tell you the card number. But after we were called on Wednesday, we called back within 20 minutes to ask a question. Are we glad we did! The REAL VISA Security Department told us it was a scam and in the last 15 minutes a new purchase of $497.99 was charge on on our card.
Long story made short, we made a real fraud report and closed the VISA card, and they are reissuing us a new number. What the scammers wants is the 3-digit PIN number on the back of the card. Don't give it to them. Instead, tell them you'll call VISA or Master card direct. The real VISA told us that they will never ask for anything on the card as they already know the information since they issued the card! If you give the scammers your 3 Digit PIN Number, you think you're receiving a credit. However, by the time you get your statement, you'll see charges for purchases you didn't make, an d by then it's almost to late and/or harder to actually file a fraud report.
What makes this more remarkable is that on Thursday, I got a call from a "Jason Richardson of MasterCard" with a word-for-word repeat of the VISA scam. This time I didn't let him finish. I hung up! We filed a police report, as instructed by VISA. The police said they are taking several of these reports daily! They also urged us to tell everybody we know that this scam is happening.
ATM P.I.N Reversal
The internet can often quickly spread “urban myth” stories but few stories gain such rapid appeal with so many potentially negative impacts on cardholder safety and confidence as the misleading stories circulating the internet regarding PIN reversal to signal duress. PIN reversal technology is a concept based upon the possibility that a cardholder could remember (and reverse) his or her PIN at an ATM to draw attention to a dangerous situation like a kidnapping or a robbery. Critics say that it is unlikely that anyone under duress could successfully employ this technique without compromising personal safety.
Financial institutions within the United States have not deployed this technique despite several well circulated email chain letters that have misstated this fact. The problem now facing financial institutions is the immediate need to communicate their positions and practices on this concept so that cardholders are not in any way misled into thinking that PIN reversal functionality is operating behind the scenes when in fact it is not.
Pharming and Evil Twins
Fraudsters are coming up with new ways to steal identities online. These new scams are even harder to detect which means they are easier to fall victim to. Two new scams with the most damaging potential are pharming and evil twins.
Pharming occurs when an e-mail is sent requesting an update on account information. “The difference from phishing is that in pharming, the email contains a virus that installs small software programs on users' computers. When a user tries to go to the bank's real Web site, the program redirects the browser to the pharmer's fake site. It then asks a user to update information such as logons, PIN codes or other sensitive information. Savvy users that do not click on the links in the email are still subject to this attack because it uses a virus to direct the browser to the scammers website.”
“The virus-based method of pharming is stopped by maintaining up-to-date antivirus, antispyware, and firewalls on your computer. This will greatly reduce the possibility that a virus will redirect you to the malicious web site. Additionally, be careful when entering sensitive information on a website. Look for the lock icon at the bottom of the browser. If the site has changed since your last visit, be suspicious. When in doubt, do not use the website.”
The second new scam evil twins affects users of wi-fi. “In the evil twin scam, hackers send out their own wi-fi signals at or near places such as Starbucks, Barnes & Noble or an airport and then set up a fake page looking like the sign-in page of a legitimate provider. Their goal is to have unsuspecting surfers log on to the page and give out credit card numbers and other sensitive data.”
“It has been recommended that for protection against evil twins, consumers should turn a laptop's Wi-Fi function off when not in use to avoid accidentally connecting to an evil twin, security experts recommend. Some advise users to sign up for Wi-Fi services, such as the T-Mobile networks available in many Starbucks coffee shops, from computers with fixed-line Internet access so they don't have to send credit-card numbers over a wireless connection. T-Mobile provides free connection software for laptops that automatically checks a Wi-Fi network's digital ID certificate to make sure it's legitimate.”
ISPFCU will never send you an e-mail asking you to update your sensitive financial information. If you are ever on our website and something looks suspicious call ISPFCU at 800-255-0886.
Phishing is the use of fraudulent websites and e-mails to lure users into divulging their personal information to online scammers. Scammers use phishing to attain usernames, passwords, account numbers, social security numbers, credit card numbers, and anything else they feel they can use to access your accounts.
Phishing has become the tool of choice for online scammers. ISPFCU is always moving forward to protect the security of your financial information, but the only defense against phishing is to educate online users of what can be done to defend against phishing and other online scams.
ISPFCU will NEVER ask for any account or personal information in e-mails. If you do receive any e-mail regarding your account information, please contact ISPFCU at 1-800-255-0886.
Identity theft is a growing problem worldwide. According to the Federal Trade Commission, last year an estimated 500,000 Americans were robbed of their identities and more than $400 million was stolen in their names. Now, it is more important than ever to safeguard your financial information and transactions.
Identity theft involves someone acquiring pieces of your personal information such as name, address, social security number, bank or credit card account number, or other identifying information without your knowledge to commit fraud or other crimes. These crimes include purchasing automobiles, applying for loans, credit cards, apartment rentals, and establishing phone and utility services.
Victims of identity theft have a lot to lose. People have had their possessions taken over, their credit records ruined, credit cards run up to the limit, driver license records ruined, and more problems due to identity theft. The effects of identity theft are numerous and could haunt you for years to come. Losses of credit, employment opportunities, work time and of course money are all consequences of identity theft.
It could take months or even years to learn that you have been a victim. You might find out when you’re rejected for a loan or credit card based on a credit report indicating you do not pay your bills.
Take these simple steps to avoid the hassles, headaches and high cost of identity theft:
- Read your statements. Make sure all charges on your credit card bills are yours. This is usually the first place unauthorized activity appears.
- Guard your numbers. Don't give out your Social Security number, PIN numbers, credit card or bank account numbers.
- Shred Everything! Identity thieves can gain information simply by stealing your mail or going through your garbage. Shred receipts, statements and credit card offers.
- Report your lost or stolen checks to ISPFCU immediately. Examine new checks to be sure that none were stolen during shipment.
- Contact the major credit reporting companies at least once a year to review your file.
You may use our website www.ispfcu.org to contact TransUnion a major credit reporting company and receive a copy of your credit report. Just click Links and then TransUnion.
ISPFCU considers identity theft a serious threat. The credit union is continuously monitoring security procedures to protect you and your accounts. If you are a member of Illinois State Police Federal Credit Union and you suspect that you may be a victim of identity theft, contact the credit union immediately.
By clicking on the links below, you are leaving the credit union’s website. You are linking to a website not operated by ISPFCU. The credit union is not responsible for the content of the alternate website. The credit union does not represent either the third party or the member if the two enter into a transaction. Each third party site may have privacy and security policies that differ from ISPFCU.
Bank ATMs Converted to Steal IDs of Bank Customers
A team of organized criminals is installing equipment on legitimate bank ATMs in at least 2 regions to steal both the ATM card number and the PIN. The team sits nearby in a car receiving the information transmitted wirelessly over weekends and evenings from equipment they install on the front of the ATM.
The equipment used to capture your ATM card number and PIN is cleverly disguised to look like normal ATM equipment. A "skimmer" is mounted to the front of the normal ATM card slot that reads the ATM card number and transmits it to the criminals sitting in a nearby car.
At the same time, a wireless camera is disguised to look like a leaflet holder and is mounted in a position to view ATM PIN entries.
The thieves copy the cards and use the PIN numbers to withdraw thousands from many accounts in a very short time directly from the bank ATM.
Top 20 Tips for ATM Use
An initiative by the Global ATM Security Alliance
Choosing an ATM
Whenever possible, use ATMs with which you are most familiar. Alternatively, choose well-lit, well-placed ATMs where you feel comfortable.
Scan the whole ATM area before you approach it. Avoid using the ATM altogether if there are any suspicious-looking individuals around, or if it looks too isolated or unsafe.
Avoid opening your purse, bag or wallet while in the queue of the ATM. Have your card ready in your hand before you approach the ATM.
Notice if anything looks unusual or suspicious about the ATM indicating it might have been altered. If the ATM appears to have any attachments to the card slot or key pad, do not use it. Check for unusual instructions on the display screen and for suspicious blank screens. If you suspect that the ATM has been interfered with, proceed to another ATM and inform the financial institution.
Avoid ATMs which have messages or signs fixed to them indicating that the screen directions have been changed, especially if the message is posted over the card reader. Financial institutions and other ATM owners will not put up messages directing you to specific ATMs, nor would they direct you to use an ATM which has been altered.
Be especially cautious when strangers offer to help you at an ATM, even if your card is stuck or you are experiencing difficulty with the transaction. You should not allow anyone to distract you while you are at the ATM.
Check that other individuals in the queue keep an acceptable distance from you. Be on the look-out for individuals who might be watching you enter your PIN.
Stand close to the ATM and shield the keypad with your hand when keying in your PIN (you may wish to use the knuckle of your middle finger to key in the PIN).
Follow the instructions on the display screen, e.g. do not key in your PIN until the ATM requests you to do so.
If you feel the ATM is not working normally, press the Cancel key and withdraw your card. Then proceed to another ATM, reporting the matter to your financial institution.
Never force your card into the card slot.
Keep your printed transaction record so that you can compare your ATM receipts to your monthly statement.
If your card gets jammed, retained or lost, or if you are interfered with at an ATM, report this immediately to the financial institution and/or police using the help line provided or the nearest phone.
Do not be in a hurry during the transaction. Carefully secure your card & cash in your wallet, handbag or pocket before leaving the ATM.
Managing Your ATM Use
Memorize your PIN (if you must write it down, do so in a disguised manner and never carry it with your card).
NEVER disclose your PIN to anyone, whether to family member, financial institution staff or police.
Do not use obvious and guessable numbers for your PIN like your date of birth.
Change your PIN periodically, and, if you think it may have been compromised, change it immediately.
Set your daily ATM withdrawal limit at a level that you consider reasonable.
Regularly check your account balance and financial institution statements and report any discrepancies to your financial institution immediately.
Please note that you should show the same precautionary care when using your card(s) at a POS (point of sale) pinpad terminal in a retail environment, at a restaurant, when conducting transactions online, over the telephone, or when writing cheques (checks) – speak to your branch about security when using these other service delivery channels.