The FBI’s Internet Crime Complaint Center has issued a new warning about fraudsters who are targeting your paycheck via direct deposit. Any worker can be affected by this scam, but the industries getting hit the hardest include towns /municipalities ,education, health care, and commercial airway transportation.
CYBERCRIMINALS UTILIZE SOCIAL ENGINEERING TECHNIQUES TO OBTAIN EMPLOYEE CREDENTIALS TO CONDUCT PAYROLL DIVERSION
Here’s what happens: the bad guy uses your work login info to get into your employer’s HR system to replace your direct deposit information with his own.
It starts when an employee receives an email that looks just familiar enough that he doesn’t question it too much. The email includes a link or web address that the user clicks on. Once he clicks, he will be directed to a fraudulent site or portal where the victim will be asked to enter his work credentials to confirm his identity. The bad guys use that login ID and password to change the employee’s direct deposit information in the company’s files. Often, the fraudsters even change other account settings in the system, preventing the victim from receiving an email warning that changes have been made to his account.
Here’s how employees can avoid being scammed:
- Make sure you verify with your employer that a suspicious email is valid. Send it to your office’s HR or IT departments for confirmation.
- Keep an eye out for any misspelled words, odd phrasing, and poor grammar. These could be indications that the email is coming from elsewhere in the world.
- If the email includes any links to web pages, hover your mouse over the link and confirm that the URL is exactly the same as that used by the payroll company. Don’t click if you are not 100% sure.
Here are some steps that businesses can take to protect their employees:
- Require that login credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.
Please be advised, that we have been made aware of a new automated telephone scam that may be targeting some of our members. The scam in question is an automated message which asks the member to press a number in order to continue. The caller ID may read “New Bedford Credit Union” and the number may be in the New Bedford area. Never give any personal and confidential information over the phone. We have all of your confidential information and would not ask you for that information. If you have any questions or concerns, please do not hesitate to contact our Electronic Services Department at (508) 994-6546, option 3.
Warning signs visible to a business or consumer that their system/network may have been compromised include:
- Inability to log into online banking (thieves could be blocking customer access so the customer won’t see the theft until the criminals have control of the money);
- Dramatic loss of computer speed;
- Changes in the way things appear on the screen;
- Computer locks up so the user is unable to perform any functions;
- Unexpected rebooting or restarting of the computer;
- Unexpected request for a one time password (or token) in the middle of an online session;
- Unusual pop-up messages, especially a message in the middle of a session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc.);
- New or unexpected toolbars and/or icons; and
- Inability to shut down or restart the computer.
Please be advised of fraudulent NBCU checks in circulation. If you receive any suspicious checks, along with a Secret Shopper letter with wiring instructions, please contact our Fraud Specialist immediately at (508) 994-6546 ext. 122.
Please be advised, that we have been made aware of a new Cellphone Text Messaging Scam. This scam involves a third party trying to gain access to personal identifying information, by giving false information about a deactivated Visa/Debit card. Please note that NBCU would never contact you via text message & we would never ask for your Debit Card PIN. The Credit Union will contact you directly via telephone or a letter concerning any card compromises. If you have any questions or concerns, please do not hesitate to contact our Electronic Services Department at (508) 994-6546, option 3.
Thieves will try anything to get access to your accounts and personal information. If you receive an email, text message, or phone call supposedly from a business you deal with, asking for account numbers, passwords, or PIN numbers do not reply to this or give any information. Contact the business using a number that you already have on file and know is correct. There is never any reason anyone would need to know your PIN number.
New Bedford Credit Union takes security seriously and strives to protect our members and their personal and financial information. As we become aware of security risks or scams that may affect our members we will post a notice here. We will also include any tips we receive to help prevent fraud or identity theft.
In the event any suspicious account activity is detected on your Debit Card, you will be contacted immediately via an automated telephone call by our fraud detection center at EnFact. This automated telephone call will ask to confirm whether or not the transaction in question was initiated by an authorized cardholder. You will be asked to verify your 5-digit zip code, and the date and dollar amount of the transaction in question. In the event you cannot be reached, you will be left a voice message, along with a 6-digit private message code. This 6-digit code will aid in verifying your identity. You will not be asked for and should not respond to the following: your account number, debit card number, PIN number, or your social security number. New Bedford Credit Union takes security seriously and strives to protect our member’s personal and financial information.
Fraudulent Text Messaging Scam
This text message scam reads, “Your debit has been flagged. Call 1-888-***-**** and follow steps to reactivate card. New Bedford Credit Union will never contact you in this manner, & we would never ask for your PIN number or plastic card information. If you receive a request for this type of information, do not respond & do not give out any personal information. If you have any questions or concerns, please call our Electronic Services Department at 508-994-6546 (press 3).
Zappos.com Hacking Alert
Online shoe and apparel retailer, Zappos.com, announced on Sunday, January 15, 2012, that hackers had broken into their company’s system through one of its servers in Kentucky and obtained data on its 24+ million Zappos.com customers. The hackers took names, billing, shipping and email addresses, phone numbers and partial credit card numbers of Zappos customers, as well as their cryptographically scrambled passwords. Based on reports from Zappos, it appears that users’ full credit card information is safe, though they could be at risk if these customers use the same email and password combination to access other sites.
Zappos is urging customers to change their passwords on any other websites where they use the stolen password or similar ones, and it has warned them to be wary of emails and phone calls that ask for personal information or direct them to websites asking for personal information.
NACHA Email Scam Alert
This scam involves a fraudulent email being sent out claiming to be from NACHA, the Electronic Payments Association. The email says your direct deposit has been disabled. Neither NACHA nor New Bedford Credit Union would ever contact you in this manner. If you receive an email of this type do not open it or click on any links. If you have any questions or concerns, please call us at 508-994-6546.
Scam involving T-Mobile / AT&T cell phone users
This scam involves T-Mobile / AT&T cell phone users. The following text has been distributed: “your credit union debit card has a pending alert. Call now toll free 1-404-891-1102 and follow instructions to resolve this alert.” New Bedford Credit Union would never contact you in this manner and would never ask for personal information including PIN numbers. Please do not call the number and devulge your personal information. If you have, please notify New Bedford Credit Union immediately so we can take further action if necessary. Thank you for your attention regarding this matter.
Epsilon Security Breach Click here for more.
This scam involves a notification of a system breach at Epsilon, a third party vendor that provides e-mail and marketing services to a number of companies. Please be assured that New Bedford Credit Union does not utilize the services of Epsilon, and that this breach does not affect your account here at New Bedford Credit Union. However, this breach has made many online consumers vulnerable to phishing attacks. We would like to pass on these important steps that you can take to protect your security online:
- Don’t provide your Online User ID or password in an e-mail
- Don’t reply to e-mails that require you to enter personal information directly into an e-mail or URL address
- Don’t reply to or follow links in e-mails threatening to close your account if you do not take immediate action of providing any personal information
- It is not recommended to use your e-mail address as a login ID or password
- Change your e-mail passwords frequently and do not utilize the “auto save” feature on the site
- If you suspect that you have received a fraudulent e-mail message, contact the vendor
Email Scam Alert
This scam involves a fraudulent email being sent out claiming to be the Security Department of VISA and MasterCard. The email reads “confirm your account information” or your account will be “suspended indefinitely”. It then asks for your plastic card information as well as your personal information. New Bedford Credit Union will never contact you in this manner. If you receive a request for this type of information New Bedford Credit Union do not give out any personal information. If you have any questions or concerns, please call us at 508-994-6546.
Cell Phone Scam Alert
This cellphone scam involves an automated call or a text message explaining their Debit Card had been restricted and to reactivate their card they needed to follow the instructions and input their account and personal information. Do not respond to any type of communication like this, New Bedford Credit Union would never contact you in this manner and would never ask for your PIN number.
VISA Check Card Security Alert
New Bedford Credit Union has encountered several fraudulent transactions being processed on our VISA Check cards. All of the fraudulent transactions had an endpoint in India. To protect our cardholders we have blocked all transactions with an endpoint in India. This does only apply to our VISA Check card and not the New Bedford Credit Union credit card. If you have any questions, please call us at 508-994-6546.
Tips for Recognizing and Avoiding Fake Check Scams
If someone you don’t know wants to pay you by check but wants you to wire some of the money back, beware! It’s a scam that could cost you thousands of dollars.
There are many variations of the fake check scam. It could start with someone offering to buy something you advertised, pay you to do work at home, give you an “advance” on a sweepstakes you’ve supposedly won, or pay the first installment on the millions that you’ll receive for agreeing to have money in a foreign country transferred to your bank account for safe keeping. Whatever the pitch, the person may sound quite believable.
Fake check scammers hunt for victims. They scan newspaper and online advertisements for people listing items for sale, and check postings on online job sites from people seeking employment. They place their own ads with phone numbers or email addresses for people to contact them. And they call or send emails or faxes to people randomly, knowing that some will take the bait.
They often claim to be in another country. The scammers say it’s too difficult and complicated to send you the money directly from their country, so they’ll arrange for someone in the U.S. to send you a check.
They tell you to wire the money to them after you’ve deposited the check. If you’re selling something they say they’ll pay you by having someone in the U.S. who owes them money send you a check. It will be for more than the sale price; you deposit the check, keep what you’re owed, and wire the rest to them. If it’s part of a work-at-home scheme, they may claim that you’ll be processing checks from their “clients.” You deposit the checks and then wire them the money minus your “pay.” Or they may send you a check for more than your pay “by mistake” and ask you to wire them the excess. In the sweepstakes and foreign money offer variations of the scam, they tell you to wire them money for taxes, customs, bonding, processing, legal fees, or other expenses that must be paid before you can get the rest of the money.
The checks are fake but they look real. In fact, they look so real that even bank tellers may be fooled. Some are phony cashier’s checks; others look like they’re from legitimate business accounts. The companies whose names appear may be real, but someone has dummied up the checks without their knowledge.
You don’t have to wait long to use the money, but that doesn’t mean the check is good. Under federal law, banks have to make the funds you deposit available quickly – usually within one to five days, depending on the type of check. But just because you can withdraw the money doesn’t mean the check is good, even if it’s a cashier’s check. It can take weeks for the forgery to be discovered and the check to bounce.
You are responsible for the checks you deposit. That’s because you’re in the best position to determine the risk – you’re the one dealing directly with the person who is arranging for the check to be sent to you. When a check bounces, the bank deducts the amount that was originally credited to your account. If there isn’t enough to cover it, the bank may be able to take money from other accounts you have at that institution, or sue you to recover the funds. In some cases, law enforcement authorities could bring charges against the victims because it may look like they were involved in the scam and knew the check was counterfeit.
There is no legitimate reason for someone who is giving you money to ask you to wire money back. If a stranger wants to pay you for something, insist on a cashier’s check for the exact amount, preferably from a local bank or a bank that has a branch in your area.
Don’t deposit it – report it! Report fake check scams to the National Fraud Information Center/Internet Fraud Watch, a service of the nonprofit National Consumers League, at www.fraud.org or (800) 876-7060. That information will be transmitted to the appropriate law enforcement agencies.
Fraudulent Check Scam
This scam involves a check being mailed out along with a letter, informing the recipient that they had won a “Consumer’s Reward Program Lottery” they had been entered in through various department and chain stores. The enclosed check was to pay for the taxes. Please be advised this is a scam. If you receive such a letter please disregard it. If you have any questions, please contact us at (508) 994-6546.