SnoCope Credit Union Go to main content
Online Banking Login
Online Banking Login

Forgot Password?

New Enrollment?

Home > Financial Wellness > Fraud, Identity Theft & CyberSecurity Information

We at SnoCope have seen a drastic increase in fraud and account related cyber crime and want to give you the opportunity to learn ways to protect yourself, your finances and your family.  We have several resources available to you:

Cybersecurity

We have contracted with FBI Special Agent Lanza to create a video on will explain easy ways to:  

  • Guard your Social Security Account
  • Protect your credit reports
  • Avoid scams
  • Safeguard yourself from financial account takeovers
  • Shield yourself from wire fraud
  • Protect your computer
  • Prevent identity theft
  • Avoid home title fraud
  • Defend your devices and home systems

You can attend our special presentation of Agent Lanza's video several times a year.  Please check the Financial Wellness Page for upcoming dates and time.

View the handout from the video, click here

 

Take the Course!

Our Personalized Financial Wellness Program Enrich, has a course on: "Protecting yourself from identity theft and scams".  You can take this course and many others FREE, through Snocope.Enrich.org

To learn more about this course, click here.  There is 8 minutes of video and 2 exercises to complete with an action plan.

 

scam of the week

Stay up-to-date on hacker plots and new scams with our Scam of the Week.

Visit our Facebook Page and each Monday you'll see a new entry on the Scam of the Week to watch for.

 

August 28, 2024:  When a QR Code Goes Bad - "Quishing!"

For today's Scam of the Week we bring in another new word into the scamuniverse - "Quishing". Not to be confused with Phishing which we have talked about in great detail. Quishing is using QR codes for malicious intent. We have introduced other forms of phishing that you should be aware of, like "vishing" (voice phishing – phone calls) and "smishing" (text messaging – SMS texting). The and now we have "quishing", the use of QR codes as phishbait. .

QR code phishing or quishing is a type of phishing attack that uses QR codes to lure victims into revealing sensitive information. Threat actors create a QR code that looks legitimate, such as one that appears to offer a discount or special offer, but in fact, it directs the victim to a fake website controlled by the attacker.

Once on the fake website, the victim is prompted to enter sensitive information such as login credentials or credit card information, which is then stolen by the attacker. Quishing attacks can be hard to spot, as the attackers create legitimate-looking websites and logos impersonating known brands. Delivery of these QR codes happens via email, social media, or even physical flyers.

Red flags to look for include:

  • Check the destination site of the QR code: Check for mistakes and misspelled words, shoddy design, low-quality photos, and insecure URLs as indicators that you’ve landed on a bogus website. Sites that are “secure” will use HTTPS rather than HTTP and will have a padlock icon next to their URL.
  • Preview the URL before accessing the link: Before directing you to the intended page, your phone will tell you the destination of the QR code. Check the URL to see if it seems safe. If the URL is shortened or unreadable, be extra cautious
  • Be cautious with QR codes in public places or in the mail: A public QR code or one you receive in the mail could have been added there by a threat actor or be easily altered. Avoid scanning these as much as possible to minimize the risk of infection


What should you do if you realize you scanned a fake QR code?

  • Change your passwords and secure your online accounts: Make sure you use strong passwords for your accounts, and to add an extra layer of security, enable two-factor authentication (2FA)
  • Disconnect from your Wi-Fi or cellular network: If you downloaded malware onto your device turn off any internet connection as soon as you realize the file might be corrupt. There is less of a risk that the malware may send your sensitive information to a hacker if there is no connection
  • Backup your important files: If your device is compromised, threat actors may steal private information like images or papers, or they may even encrypt your drive and demand a ransom. To be extra cautious, make a backup of your files on an external disk
  • Set up a fraud alert for your cards: If you entered your financial information, notify the credit bureaus as soon as possible. Fraud alerts and credit freezes make it more difficult for con artists to open credit cards or commit loan fraud

 

August 20, 2024 - Say YES Scam:

Scam of the Week "The say "YES" scam:

With all the robo-callers and unknown callers people are still asking folks on the other end of the line if they can hear them. But now it’s often scammers doing the asking, according to the Federal Communications Commission (FCC), which has warned consumers about so-called “can you hear me” scams — also known as “say yes” scams.

How it works: A criminal calls someone and asks a straightforward question like, “Can you hear me?” or, “Is this so-and-so?” in order to record the person saying “yes.” In theory, the scammer can later use the recording for nefarious purposes.

Finish reading Say YES Scam from AARP:   Click here

 

August 12, 2024 - Travel Scams taking advantage of CrowdStrike Outage

This week's Scam of the Week shows how scammers are taking advantage of the recent disaster of the CrowdStrike outage that wiped out IT services worldwide. Systems were affected globally, resulting in delayed flights, business closures, and more. However, what may be bad news for you could be good news for cybercriminals. Cybercriminals often seek to turn major events to their advantage by sending out phishing emails or text messages related to the event. By using a major event that you are familiar with, they hope that they can trick you into clicking on malicious links or attachments.

Shortly after the outage, cybercriminals began creating fake websites. The websites claim to belong to IT workers who can assist with troubleshooting the outage and restoring access to affected computers. There are files on the fake websites that appear to be software updates for Windows computers. However, these files actually contain malware. If you download them, malicious software can be installed on your computer, giving cybercriminals access to your personal data!

Follow these tips to avoid falling victim to any CrowdStrike-related scams:

This specific scam involves fake websites, but remember that cybercriminals will exploit this event in different ways. Be on the lookout for any suspicious activity related to the CrowdStrike outage.

Delta Airlines continues to report scammers offering rebates and free flights with fake emails weeks later.

Don’t download any files or attachments from websites or emails. Any troubleshooting related to the CrowdStrike outage should be addressed by your organization’s IT team.

Be cautious of unexpected calls, emails, or text messages that seem urgent to respond to. Cybercriminals will try to use this outage to trick you into acting impulsively.

 

August 8, 205 - Using Bitcoin ATMs to Move Money

Bitcoin ATM Imposter Scam

This week's Scam of the Week involves Bit Coin. I'm sure you've heard about it by now and it's become a favorite way for Scammers to get to your real money.

Is there a legit reason for someone to send you to a Bitcoin ATM? The short answer is NO. Will someone from the government send you to a Bitcoin ATM? NEVER.

Scammers succeed because they’re good at what they do — which is lying. So, if someone calls and says you have to act now because your money is at risk, you might listen if they’re convincing. They’ll scare you into keeping it a secret — even from your closest loved ones. Once they have you alarmed and alone, they’ll give you the solution to the problem they just created: “protect your money by moving it.” And that’s when they’ll send you to a Bitcoin ATM to “secure” your money. “Problem” solved? Not even close.

That’s because neither Bitcoin nor the ATM will protect your money. In fact, no cryptocurrency will. No matter what the caller says, there’s no such thing as a government Bitcoin account or digital wallet. There are no Bitcoin federal safety lockers. And only a scammer will give you a QR code to “help” you deposit your life savings in a Bitcoin ATM.

What they’re doing is trying to rush you into something you can’t reverse: giving your money to a scammer. So, if you get a call like this, remember:

Never move or transfer your money to “protect it.” Your money is fine where it is, no matter what they say or how urgently they say it.  Worried? Call your real bank, broker, or investment advisor. Use the number you find on your account statements. Don’t use the number the caller gives you. That’ll take you to the scammer.
Report it. Tell our bank or fund right away. Especially if you moved money. Then tell the FTC at www.ReportFraud.ftc.gov.

Then share this post with one person today? Scammers love this approach right now. But if we all tell one person, and they tell one person, we can make sure more people know how to stop this scam.

 

July 29, 2024 - Use Caution with FlowCode QR Codes

This week's Scam of the Week is about a relatively new type of QR code known as a Flowcode. This is part of our Fraud and Cybersecurity video that talks about Flowcodes. To see the information that can be harvested from your device see the Flowcode Privacy Statement attached. To attend the upcoming Fraud and Cybersecurity webinar in September, visit our website:

To view the video, click here

To view FlowCode Privacy Statement, click here

 

July 8, 2024 - Tolls Trouble Scam

Today's Scam of the week is one that utilizes our very own Washington State Good To Go program, and other toll programs across the Country. I got a text telling me my trip on I-405 Express Lanes cost me $4.15. I don't remember taking those lanes, but they are suggesting additional late fees if I don't follow the link to pay it.

Problems:

  • Anyone can steal the WSDOT Good To Go logo and a picture of the Narrows Bridge to make it look legit.
  • Look at the link they want me to go to, that's not a Washington State Finance website
  • The phone number this came from is Montreal Canada
  • Good To Go doesn't text. They send you an invoice for your tolls or you have a sticker on your vehicle and an active balance
  • If you typed in the URL address of the link, it doesn't go anywhere, meaning that the real URL is camouflaged in the link

If you clicked on the link under the pressure tactic to avoid late fees, you could give these scammers your credentials and payment methods. Below is the text from my phone so you can see what it looked like and maybe avoid something yourself.

WSDOT image

 

June 3, 2024 - Look-a-Like Documents Made Easy

This week's Scam of the Week is a bit more involved, and from a graphic designer's point-of-view, very concerning. Available to everyone now is online graphic design software with thousands of professional templates called Canva and Adobe Express and they can create almost anything, including fake documents and bad links (a continuation of last week's fake log in scam).

Cybercriminals often use legitimate websites like this in their phishing attacks as a way to get around the security systems that your organization has in place. A recent example of this is Cybercriminals are using Canva to create an official-looking document that contains a clickable, malicious link. Creating and storing this document on Canva allows the attackers to get through security measures because Canva is a legitimate website.

Once the scammers have created and stored their file on Canva or Adobe Express, they will send you an email that includes a link to this malicious file. The email claims the link leads to an important document that needs your attention. However, if you click this link, you are taken to the Canva/Express file and prompted to click another link in order to view the document mentioned in the email. Clicking this second link will redirect you to a phony login page for your email provider. Any information entered on this page will be sent directly to the scammers. Don’t be fooled!

Remember these tips:

  • Never click a link in an email that you were not expecting.
  • Call the sender to be sure the email and link are legitimate. Do not call the phone number provided within the email as it may be a fake number.
  • When you’re asked to log in to an account or online service, navigate to the official website and log in. That way, you can ensure you’re logging in to the real site and not a phony look-a-like.

 

May 28, 2024 - Fake Log In

This week's scam of the week, just happened to hit close to home with a family member this last week, so I thought I'd share. Scammers frequently try to trick you into clicking on malicious links in emails and texts by making them appear legitimate. In a recent scam, they are trying to trick you with an email that appears to be related to your Microsoft account. The email/text says that there has been some unusual activity on your account and that many of your account’s features have been locked (or the whole account is locked to protect your information). There is a link in the email or text, along with instructions to click it so that you can review all activity on your account.

If you click the link, you’ll be taken to what appears to be a authentic Microsoft login page. However, the login page is actually fake, and you won’t be taken to your Microsoft account if you enter your login information here. Instead, entering your user credentials on this page will allow cybercriminals to steal them. Once they have your username and password, they can use them to access your account and steal your personal information, sometimes this can contain your payment information for Window 365 and other products.

Follow these tips to avoid falling victim to this and other phishing scams:

  • Scammers will often try to scare you into acting impulsively, telling you or showing you how "urgent" something is or that you might "loose all your information". Always stop and think before clicking, especially if an email or text is instructing you to act quickly.
  • Pay attention to the details of the email/text. Phishing emails will often contain spelling and grammatical errors, or the wording of the email may seem unusual, use caution with abbreviations in texts.
  • Navigate to the official website in your browser, separate from the email or text being sent. Check your account status from the native home page that you went to direct

 

May 20 - Fake USPS Stamps

This week's Scam of the Week is about a popular topic on Facebook regarding USPS stamps that are on sale at huge discounts. Well, here's your first clue that something's wrong - a sale at the post office. But these posts make it sound so appealing and the Facebook comments sure make it sound legit. Well, they are either counterfeit or stolen. Counterfeit stamps are often sold in bulk quantities at a significant discount–anywhere from 20 to 50 percent of their face value. That’s a tell-tale sign they’re bogus. If you get caught using the bad stamps, you could be charged with a felony. But there's something worse - you've now given this shady group your credit card information (hopefully not your debit card) and goodness knows what they will do with it. As it turns out, a great many of these "for sale stamps" groups are based in China and is a front for hacking and account take over. So stay clear of these offers, if it's too good to be true, it likely is.

Watch a video on counterfeit stamps from USPS:  https://www.youtube.com/watch?v=MPzNdcJPLL4&t=3s

Watch a video from the postal inspector on how the USPS fights counterfeit postage: https://www.youtube.com/watch?v=Sq1hLWELs4w

To read more on this topic or how to report postage fraud, read this article: https://www.uspis.gov/u-s-postal-inspection-service-warns...

 

May 6, 2024 - Elder Abuse

This week's Scam of the Week is a few thoughts on elder abuse, something we see more and more of, so we want to share some things to look out for:

Financial Elder Abuse: The statistics are staggering for this type of financial crime. With persons 60 and older being the fastest growing segment of the population, one if four seniors will fall victim, with an estimated loss of over $40 billion each year.

Why are seniors at a higher risk? Several reasons make them a prime target for financial abuse. Older adults have bigger retirement accounts and are less aware of financial fraud dangers and scams. Those two, compounded with in-home caretakers or even family members that can easily steal and onset of dementia or Alzheimer’s increases the risk of poor financial decisions. Scammers are looking for someone that can be manipulated; which also makes loneliness a prime opportunity for them to gain trust and friendship from their victim.

Elder abuse is not limited to a certain social status, ethnic group or even health conditions; studies do show that women are at a higher risk.

Possible Warning Signs of Financial Abuse:

  • – Unpaid bills when they should have means to pay
  • – Out-of-character spending behavior
  • – New “best friends” who do not have the persons best interests at heart
  • – Sudden changes in an elder’s legal documents (will, trust, accounts)
  • – Abrupt or unexplained transfers of assets
  • – Confusion about recent financial arrangements or changes

General Prevention Tips:

  • – Talk about finances with your elder parents. Get assistance from a third-party resource; such as friends, financial professionals or online sources. We are happy to be that source of information for you.
  • – When possible, use checks and credit cards instead of cash
  • – Teach them to exercise caution when discussing their finances and other personal information over the phone, internet or someone they don’t know
  • – Always ask for more information in writing and get a second opinion before changing your power of attorney, wills, trusts or financial information
  • – If you suspect fraud or misuse, please contact us immediately
Go to main navigation