Phishing, Vishing and SMiShing
What is Phishing?
All Internet users should be aware of the online scam known as "phishing" (pronounced "fishing"). Phishing involves the use of e-mail messages that appear to come from your financial institution or another trusted business, but are actually from imposters.
Phishing e-mails typically ask you to click a link to visit a Web site, where you're asked to enter or confirm personal financial information such as your account numbers, passwords, Social Security number or other data. Although these Web sites may appear legitimate, they are not. Thieves can collect whatever data you enter and use it to access your personal accounts.
What is Vishing?
Similar to phishing but associated with the phone and a voice, "vishing" is a scam where the member receives a message via a phone, sometimes automated, that instructs them to call a number or individual to verify their account information by selecting given options. When the victim returns the call they are asked to provide personal, private information to validate or update their account. Vishing is sometimes difficult to perceive because the caller-id can be falsely displayed so members think the inquiry is from a legitimate financial organization.
Recent reports to SnoCope suggest vishing may be ongoing. Members have reported that they have received a phone call saying "Your credit card is locked press # and a phone number to respond . . ." SnoCope never calls members in this way to unlock or modify VISA debit or VISA credit cards. Members are advised; do not respond to this phone call. If you have responded to a vishing scam by selecting the options requested and have provided information please contact SnoCope immediately.
What is SMiShing
Similar to phishing, SMiShing uses cell phone text messages to deliver the "bait" to get you to divulge your personal information. This method is used to actually "capture" your information. The text message may be a web site URL, or a phone number that connects to automated voice response system.
Various SMiShing scams targeting credit union members have been circulating. The text message falsely claims to be from a credit union. If you receive such a message, do not call the number or reply to the text. Never give out your personal information in response to an e-mail or text. If issues ever arise relating to your debit or credit card, or if you have concerns about your account status, call the credit union directly at 425-405-9973.
How can I spot a phishing scam?
The message you receive may urge you to act quickly by suggesting that your account is threatened. It may say that if you fail to update, verify or confirm your personal or account information, access to your accounts will be suspended. The wording may also be sloppy and contain grammatical errors and misspellings.
Requests for personal information.
Scam e-mails typically ask for personal account information such as:
- Account numbers
- Credit and check card numbers
- Social Security numbers
- Online banking user IDs and passwords
- Mother's maiden name
- Date of birth
- Other confidential information
Non-secure Web pages. Clever thieves can build a fake Web site that looks nearly identical to an authentic one. They can even alter the URL (the Web address) that appears in your browser window. Watch out for non-secure Web pages that ask for sensitive information (secure sites will typically display a lock in the status bar at the bottom of your browser window and the address at the top will start with "https").
How can I decrease my risk of being a phishing victim?
Messages threatening to terminate or suspend your account without your quick response should be treated as suspicious. A legitimate financial institution or business should not request personal information from you over an unsecured Web site. When in doubt, call the business' customer service number (available on your account statement) to confirm the status of your account. Do not use telephone numbers found on the suspected Web site.Always type in the URL of the Web page you need.
Phishing scams rely on embedded links that take you to fake Web sites. It's safer to type your financial institution's Web address directly into your browser so you know you're visiting the legitimate site.Protect your password.
Don't write down sensitive personal information such as your password or Social Security number. Change your password frequently.Keep your computer up-to-date.
We recommend that you install anti-virus and firewall programs to help keep your computer safe.Report an online scam.
If you receive suspicious e-mail that appears to come from SnoCope, please notify us immediately by forwarding the e-mail to firstname.lastname@example.org (do not open any attachments or click any links found in the suspicious e-mail).
You may also want to forward it to the Federal Trade Commission at email@example.com, or contact them at www.consumer.gov/idtheft* or 877.IDTHEFT (877.438.4338).
If you believe you have provided personal or account information in response to a fraudulent e-mail or Web site, please contact us immediately and contact the other financial institutions with which you have accounts.Recent phishing scams
A recent fraudulent e-mail pretends to be a "Security Center Advisory" that informs members their account "has been randomly selected for maintenance," and that they need to click a link to verify their identity.
Another fraudulent e-mail states that there is a pending charge (often a quite large one) to the member's account, and in order to decline the transaction, they need to click a button or a link in the e-mail.
All of these e-mail messages include links that appear to take you to legitimate Web sites -however, the Web pages they go to are not legitimate. They actually take you to fake Web pages where the scammers collect personal and account information.Guidelines for e-mail use.
Because e-mail is not private, you should always be on guard when communicating through the Internet. Here are some guidelines for using e-mail:
- Never open e-mail or attachments from a stranger.
- Never open e-mail when the return address looks unusual (not spelled right or uses symbols) unless you know who sent it.
- Never "reply" to a stranger's e-mail.
- Never send personal or private information in e-mail.
Receiving a surprise e-mail from anyone is the first clue that a crook is baiting your hook. Don't let a crook catch you with a Phishing e-mail. You should never feel compelled to open an e-mail from a stranger. If it's that important, the sender will call you.
Online & Aware
Online and Aware - Protect Yourself from E-Mail Scams:
E-mail and the Internet have become part of our daily lives. The convenience of shopping, banking, paying bills, and communicating electronically has saved us time and hassle. Unfortunately, it has also opened a door for new and continually developing criminal activity. With the increase in on-line personal business transactions has come an increase in identity theft and other types of consumer fraud.
Many consumers are tricked into divulging their personal information by thieves posing as legitimate companies or government agencies. This new brand of criminal sends emails that appear to be from the victim's financial institution, or other trusted source. The emails stress the urgency of providing personal information such as credit card numbers, checking account information, Social Security numbers, passwords, and other sensitive personal information, and link to fraudulent websites for collecting the information. Because the technology they use is so sophisticated, many consumers have no idea they've been victimized until it's too late. The thieves then create entirely new identities using the victim's personal information- leaving the consumer to pay the price.
Other Email Scams: Phishing isn't the only email scam. There are lots of disreputable people preying on consumers in many inventive ways. According to the Federal Trade Commission, the most common scam offers likely to arrive by email are:
- Chain letters - Not only are chain letters annoying, if they involve money or valuable items and promise big returns, they are illegal.
- Work-At-Home Schemes - Work-at-home schemes have cost consumers thousands of dollars. Many don't deliver on their promises or disclose all of the required up-front costs involved with the new "opportunity".
- Weight Loss - Programs or products that promote easy or effortless long-term weight loss - at a price - rarely work and can cause you harm in the process.
- Credit Repair - There is no legal way to remove accurate and timely information from your credit report. Making consistent payments over time is the best way to improve your credit report.
- Advance Fee Loans - Be wary of promises to provide a loan for a fee, regardless of your past credit history. Legitimate financial institutions don't issue credit cards without first checking your credit.
- Adult Entertainment - Adult entertainment sites that claim to offer content for free may disconnect your Internet connection and reconnect to an international long distance phone number, at exorbitant rates. Be skeptical when you see opportunities to view "free" content on the web.
Resources: Credit Reporting Bureaus
- Equifax to order a credit report call: (800) 685-1111
To report fraud call: (888) 766-0008
Equifax Credit Information Services, Inc., P.O. Box 105069 , Atlanta , GA 30374
- Experian to order a credit report call: (888) 524-3606
To report fraud call: (888) 397-3742
Experian, P.O. Box 2104 , Allen , TX 75013-2104
- TransUnion to order a credit report call: (800) 888-4213
To report fraud call: (800) 680-7289
TransUnion LLC, Consumer Disclosure Center , P.O. Box 1000 , Chester , PA 19022
- U.S. Federal Trade Commission - The FTC oversees the operation of credit bureaus and maintains a database of identity theft cases used by law enforcement agencies for investigations.
Consumer Response Center:
(877) 382-4357, or online at www.ftc.gov
ID Theft hotline: (877) 438-4338.
- US Social Security Administration - report fraud by calling (800) 269-0271
More than 400,000 people have had their lives disrupted last year by a growing "white collar" crime known as Identity Theft, according to the Privacy Rights Clearinghouse. You may have read the article recently in a local newspaper of the woman whose identification was used to secure loans and open accounts. Identity Theft occurs when someone steals your personal information and poses as you, running up charges, wiping out your accounts. It could take months or sometimes even years to discover you are a victim. For example you could be denied a loan for a mortgage or car based on a credit report that erroneously indicates that you don't pay your bills. At SnoCope, we take this potential threat very seriously. If you fall victim to losing your purse or wallet, we will assist you in closing your account and reopening with a new account number. But total security is only possible with your help.
Here are some steps you can take to help prevent identity theft:
Do not give out personal information, such as account numbers or credit card numbers over the phone unless you have initiated the call. Only deal with established companies. Remember: If someone calls you posing as your financial institution (such as your credit union) requesting information they should already have, they shouldn't need to request it over the phone!
Report lost or stolen checks immediately. Examine new checks to make sure none were stolen during shipping, and store them in a safe location.
Destroy unused financial solicitations before discarding them, as well as other financial documents, statements and receipts.
Guard your PIN for your ATM card and do not leave your receipt when using an ATM.
Make sure your mailbox is secure and promptly remove mail when it has been delivered. Do not leave outgoing mail in a mailbox that has road access.
Contact the major credit reporting companies annually to review your file. A copy of your report is available for a small fee. The three major credit bureaus are:
If you have been a victim of identity theft, or know someone who has, take these steps immediately:
Contact your credit union to protect your accounts
Contact your credit and debit card suppliers
Contact the Social Security Fraud Hotline: 800-269-0271
Contact the FTC Identity Theft Hotline: 877-IDTHEFT (877-438-4338)
Identity Theft Protection
More Phishing Scams
Recently, there have been multiple e-mail fraud attempts, known as "Phishing", that were initiated via e-mail sent to both the general public and to some credit union members that appeared to be from NCUA. This false e-mail asked for the recipient to click on a link to verify their credit union account registration. If the recipient proceeded to do so, the link directed them to a false website and asked for their credit union account number and PIN, along with other personal information.
NCUA does not ask credit unions members for such personal information. Anyone who receives an e-mail that purports to be from NCUA and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.
If you responded to such an e-mail and provided any confidential account information, please notify your credit union immediately of the scheme. You should also change your account's PIN, and take any additional action recommended by your credit union to protect your account.
If you feel that you have received a fraudulent phishing e-mail purportedly from NCUA please forward the entire e-mail message to Phishing@ncua.gov.
Additionally, you can file formal complaints concerning any suspected fraudulent e-mail with the Internet Fraud Complaint Center (IFCC) at www.ic3.gov. The IFCC is a partnership between the Federal Bureau of Investigation, and the National White Collar Crime Center.
If you receive an e-mail that appears to be from NAFCU and instructs you to go online to provide or verify or confirm financial or sensitive personal information, don't believe it: NAFCU will never send you an e-mail asking for your credit or debit card, credit union or bank account information, Social Security number, login information (such as a PIN) or similarly sensitive data.
NAFCU's name, logo, and other graphics have been used fraudulently in numerous "phishing" e-mails aimed at tricking people into providing sensitive financial and personal data on replicated Web sites. Giving these phishers your account and other sensitive information may expose you to identity theft and other types of fraud. If you have already complied with a phishing e-mail, you should contact the institution where you maintain your account and have the information changed immediately.
NAFCU has reported the phishing e-mail activity to the Internet Crime Complaint Center run by the FBI and the National White Collar Crime Center.
If you want to verify that the e-mail you've received is fraudulent dial 703-522-4775, ext. 263. To report the incident to law enforcement, visit the Internet Crime Complaint Center at www.ic3.gov.
CUNA is aware of new phishing emails in the form of surveys asking for feedback on your financial institution. These messages are scams and should be deleted. The messages offer awards up to $500, but there is no monetary award for filling out the form -- this is an identity theft scam. CUNA would never ask individuals to submit personal information via e-mail.
Sample Phishing Email
Member Advisory Heartbleed
Regarding the "Heartbleed"
Recently the software defect "Heartbleed" has been getting a lot of media attention. Heartbleed is a software defect occurring in widely used security software which enables a cyber-criminal to hack and retrieve private information.
SnoCope Credit Union's financial information services are not vulnerable to and have not been affected by the "Heartbleed Bug". SnoCope Credit Union exceeds information technology standards and regularly monitors all aspects of its security as part of its policy and procedures. SnoCope wants to assure our members that their information is secure. Members can continue to rely on services through our website, via "Executive Online" banking and through our mobile banking services called "Sprig." For members who are concerned, they may take the precautionary measure of updating sign-on passwords.
SnoCope reminds members to recognize the importance of email communications that contain confidential information and advises use of SnoCope's secure email system. Click here to learn more about SnoCope's secure email. Please note, subject lines cannot be encrypted, DO NOT include sensitive information in the subject line of a secure email.
Member Advisory Windows XP
Microsoft Windows XP Operating System End of Support Impact April 8, 2014
What this means to members. Per Microsoft, you will no longer receive software security updates that can help protect your computer from harmful viruses, spyware, and other malicious software. If you continue to use your Windows XP and Internet Explorer 8 your computer will still work but it will be at risk of cyber threat. Unsupported systems are vulnerable. Your computer could potentially be compromised and could expose you to identity theft.
FAQs Regarding Visa Debit & Credit Cards
FAQs regarding Visa Debit and Credit Card Compromises
Should your card be listed on the compromised list, SnoCope Credit Union will contact you either via mail or by phone with information that your current Visa Debit or Credit card has potentially been compromised. Protecting your account is our priority.
Does a card compromise mean I have fraud?
Card compromises do not necessarily mean fraud. However, our goal is to minimize impact. If the risk is deemed high, SnoCope Credit Union may take a proactive stance and attempt to block known compromised cards by sending a letter or making a phone call to you prior to fraud occurring. In these instances, our goal is to reach out and block the compromised card as a precautionary measure.
What approach does SnoCope Credit Union take when faced with a card compromise?
SnoCope Credit Union approaches each card compromise individually. We evaluate the need to reissue Debit or Credit cards to affected members, and then take the appropriate action based on the potential risk.
What is a card compromise?
A card compromise occurs when Debit or Credit card information is obtained by an unauthorized individual. Most compromises involve a criminal gaining unauthorized access to a merchant’s card processor known as a database/processor intrusion. It can also occur when a suspect is employed at a particular merchant and they are skimming card information at the time of purchase (an employee skim), or when a skimming device is placed on an ATM machine. In each of these situations, this information is stolen with the intent to commit fraudulent activity.
What personal information is typically stolen and viewable by the suspects when a card is compromised?
When a card is compromised, the suspect typically has access to the card number, expiration date, copy of the magnetic stripe, and/or the 3 digit code on the back of your card. Depending on the type of merchant and breach, the cardholder’s name, address, and phone number may also be compromised if the merchant was storing this data, but information like address and phone number are not stored on your debit or credit card. However, your address and phone number may be available out on the internet as public records can be obtained via a web search.
What is Skimming?
Skimming is the act of an unauthorized individual obtaining Debit or Credit card information during the process of a member performing a valid transaction. This occurs during a card present transaction when the card is validly swiped and the information from the black magnetic stripe on the back is compromised.
What do I do if I discover fraud?
If your card has not yet been blocked, please contact SnoCope Credit Union member services at 425-405-9973. Once your compromised card has been blocked, you will be asked to complete a dispute form and potentially obtain a police report. You will receive reimbursement for unauthorized activity that occurs due to a compromise as long as the activity is reported within 60 days of your statement cutoff date as stated in your account agreement.
How long does it take to receive a replacement Debit and Credit card?
SnoCope Credit Union's Visa Debit and Credit cards take up to 12 business days to reissue. Debit and Credit cards are mailed directly to you. SnoCope Credit Union’s Visa Debit and Credit card PINs (Personal Identification Numbers) arrive separately and also take up to 12 days to arrive.
What if I do not want to have my compromised card blocked?
SnoCope Credit Union understands it is an inconvenience associated with reissuing cards. Fraudulent activity may occur if a compromised card is left active. Should fraudulent activity occur on your account you will be refunded as defined in the member account agreement. To protect the credit union and members from loss resulting in the loss due to compromise your card will be automatically blocked by the Credit Union.
What if I have pre-authorized debits or re-occurring payments made to my compromised card?
Pre-authorized transactions, prior to the date your card was cancelled, will be posted to your account. Please continue to review your account for all transactions posted. For re-occurring payments please contact those merchants upon receipt of your new Visa Debit or Credit card and provide those merchants with the new card number and expiration date.
What can I do to prevent this from occurring again in the future?
Unfortunately the majority of compromises are unavoidable at the consumer level. It is impossible to predict when your card is going to be compromised, therefore we strongly suggest monitoring your account activity regularly and contacting SnoCope Credit Union immediately should there be a transaction that you do not recognize.
While there are no guarantees to prevent Debit and Credit card fraud members can elect to take steps to further protect themselves by purchasing fraud prevention products. It is recommended to always have available more than one source of payment so if your card is compromised you have access to funds.
SnoCope Credit Union has a Credit Monitoring Product called Legal Shield and Identity Theft. To enroll in either of these products please contact the credit union at 425-405-9973.
Why are details surrounding card compromises kept confidential and not shared with the membership?
SnoCope notifies the membership as soon as details of the investigation are provided directly to us from the affected merchant. Typically, the public hears of a breach as the investigation is just underway. The merchant may not be fully aware of all of the details of that investigation as it is happening.
SnoCope Credit Union works directly with Visa and law enforcement to mitigate the compromise and reduce any outstanding financial exposure. During this time, details of the compromise are kept confidential to avoid any negative impact to the integrity of the investigation.
What steps does SnoCope take to monitor for fraudulent activity?
Two scenarios are possible as we take immediate steps to protect our members.
- Members may receive a letter or a call directly from SnoCope Credit Union, if we have received your name on a compromised Debit and/or Credit card list and we suspect fraudulent activity.
- SnoCope Credit Union partners with a third party who performs fraud monitoring on our behalf for both Visa Debit and Credit cards. You may receive a call from our third party Visa partner attempting to verify activity on your account. They will call to verify information and WILL NOT ASK FOR YOUR PERSONAL INFORMATION. You know they are legitimate because they will not solicit personal data from you but provide you will factual information. Please note that this is a valid call and our attempt to contact you regarding suspicious account activity.
Why should I notify SnoCope Credit Union if I am planning on traveling?
Please notify SnoCope Credit Union if you are planning on traveling. You can do so by calling into SnoCope Credit Union 425-405-9973, or by visiting our branch at 3130 Rockefeller Ave, Everett, WA, 98201 or by sending a secure message via Executive Online.
When you notify SnoCope Credit Union of your travel dates and destinations we will ask you to provide a contact number and possibly a password on your account so we can contact you should your card become compromised and cancelled.
It is recommended to always have available more than one source of payment so if your card is compromised you have access to funds.
Member Advisory 8/22/14
Visa Debit and Credit Cards