As a member of New Bedford Credit Union, the security of your personal and account information is of extreme importance to us. We have developed a thorough information security program to ensure that your information is kept confidential.
Debit Card Fraud Information
We want to remind you how stolen debit card information is used to commit fraud.
Fraudsters have become increasingly adept at getting you to share information they need to commit fraud by posing as your financial institution call center agent, or by sending text messages that look like they are coming from NBCU, warning of suspicious transaction activities. They are also known to call into call centers posing as you requesting changes to card information and parameters.
- A text alert from NBCU warning of suspicious activity on your card will NEVER include a link to be clicked. You should never click on a link in a text message that is supposedly from NBCU. A valid notification from NBCU will provide information about the suspect transaction and ask you to reply to the text message with answers such as ‘yes’, ‘no’, ‘help’, or ‘stop,’ and will never include a link.
- A text alert from NBCU will always be from a 5-digit number and NOT a 10-digit number resembling a phone number.
- A phone call from NBCU’s automated dialer will only include a request for your zip code, and no other personal information unless you confirm that a transaction is fraudulent. Only then will you be transferred to an agent who will ask questions to confirm your identity before going through your transactions.
- NBCU will NEVER ask for the PIN or the 3-digit security code on the back of a card.
- Posing as call center agents, fraudsters will often ask you to verify fake transactions. When you say no, you did not perform those transactions, the fraudster then says that your card will be blocked, a new card will be issued, and that you need the card’s PIN to put on the new card. Many people believe this and provide your PIN.
- We advise you to regularly check your account(s) online for suspicious transactions, but especially if you are unsure about a call or text message you’ve received. If anything looks amiss, call NBCU directly for assistance.
- If you have received a voice or a text message from NBCU’s fraud call center and are unsure about responding to it, call NBCU directly for assistance.
Beware of Scammers
Coronavirus Stimulus Scams Surfacing
The Better Business Bureau (BBB) reported that fraudsters have deployed a variety of scams involving coronavirus stimulus checks. The BBB Scam Tracker has received several reports of coronavirus scams where individuals are contacted through text messages, social media post /messages, or phone calls.
Beware of social media posts advertising a special grant to help pay medical bills. The link within the post goes to a bogus website claiming to be a government agency called the “U.S. Emergency Grants Federation.” The victims are asked for their Social Security number and in some cases, asked to pay a “processing fee” to receive a grant.
Coronavirus direct payments will likely be sent as direct deposits or through U.S. Treasury checks. Do not give out your Social Security number or account number.
- Government agencies do not communicate through social media outlets, such as Facebook
- Never pay a fee for a government grant. A government agency will never request an advanced processing fee to receive the grant
- Beware of fake government agencies promoted by fraudsters. The only official list of all U.S. federal grant-making agencies can be found at www.grants.gov
As the world continues to grapple with the coronavirus (COVID-19) pandemic, the federal government has discussed several proposals involving sending money by check or direct deposit to American consumers.
While the details are still being worked out, the Federal Trade Commission posted a blog entry on several important things consumers should know, no matter what the final decision turns out to be.
Jennifer Leach, associate director of FTC’s Division of Consumer and Business Education, says:
- The government will not ask you to pay anything up front to get this money. No fees. No charges. No nothing.
- The government will not call to ask for your Social Security number, bank account, or credit card number. Anyone who does is a scammer.
- These reports of checks aren’t yet a reality. Anyone who tells you they can get you the money now is a scammer.
She also urged consumers who spot one of these scams to submit a complaint to the FTC. The agency also maintains a page with up-to-date information on the latest COVID-19 related scams.
Coronavirus Opens Doors to Scams
The Coronavirus (COVID-19) has been a windfall for fraudsters as they exploit the global thirst for knowledge on the virus. Fraudsters have launched Coronavirus-themed phishing attacks to deliver malware –typically credential-stealing banking Trojans. The phishing emails purport to be from the Centers for Disease Control (CDC) and the World Health Organization (WHO). Fraudsters have also created fake websites to exploit Johns Hopkins University’s interactive Coronavirus dashboard to spread malware.
Fraudsters are exploiting the global thirst for knowledge about the virus by launching Coronavirus-themed phishing attacks to spread credential stealing malware. The emails, which contain an infected attachment or a link to a malicious website, are made to appear like they come from the CDC or the WHO. The WHO posted an article on its website warning users of this scam.
Fraudsters have also exploited Johns Hopkins University’s interactive Coronavirus dashboard containing an interactive map that tracks Coronavirus statistics by region. Cybersecurity firms have identified several fake Coronavirus interactive maps that infect user devices with credential-stealing malware. Fraudsters are circulating links to these malicious websites containing Coronavirus maps through social media and phishing emails.
Security blogger Brian Krebs reported several Russian cybercrime forums started selling infection kits that exploits John Hopkins University’s interactive Coronavirus dashboard as part of a Java-based malware deployment scheme.
There have also been reports of other Coronavirus-themed phishing campaigns aiming to spread malware, including:
- Coronavirus advice-themed phishing emails purporting to provide advice on how to protect against the virus. The emails might claim to be from medical experts near Wuhan, China where the Coronavirus started.
- Workplace policy-themed phishing emails about Coronavirus targeting an organization’s employees. For example, the emails may purport to come from the organization’s HR department alerting employees of a new pandemic policy.
The FBI’s Internet Crime Complaint Center has issued a new warning about fraudsters who are targeting your paycheck via direct deposit. Any worker can be affected by this scam, but the industries getting hit the hardest include towns /municipalities ,education, health care, and commercial airway transportation.
Note! Cybercriminals utilize social engineering techniques to obtain employee credentials to conduct payroll diversion.
Here’s what happens: the bad guy uses your work login info to get into your employer’s HR system to replace your direct deposit information with his own.
It starts when an employee receives an email that looks just familiar enough that he doesn’t question it too much. The email includes a link or web address that the user clicks on. Once he clicks, he will be directed to a fraudulent site or portal where the victim will be asked to enter his work credentials to confirm his identity. The bad guys use that login ID and password to change the employee’s direct deposit information in the company’s files. Often, the fraudsters even change other account settings in the system, preventing the victim from receiving an email warning that changes have been made to his account.
Here’s how employees can avoid being scammed:
- Make sure you verify with your employer that a suspicious email is valid. Send it to your office’s HR or IT departments for confirmation.
- Keep an eye out for any misspelled words, odd phrasing, and poor grammar. These could be indications that the email is coming from elsewhere in the world.
- If the email includes any links to web pages, hover your mouse over the link and confirm that the URL is exactly the same as that used by the payroll company. Don’t click if you are not 100% sure.
Here are some steps that businesses can take to protect their employees:
- Require that login credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.
New Automated Telephone Scam
Please be advised, that we have been made aware of a new automated telephone scam that may be targeting some of our members. The scam in question is an automated message which asks the member to press a number in order to continue. The caller ID may read “New Bedford Credit Union” and the number may be in the New Bedford area. Never give any personal and confidential information over the phone. We have all of your confidential information and would not ask you for that information. If you have any questions or concerns, please do not hesitate to contact our Electronic Services Department at (508) 994-6546, option 3.
Corporate Account Takeover
Warning signs visible to a business or consumer that their system/network may have been compromised include:
Inability to log into online banking (thieves could be blocking customer access so the customer won’t see the theft until the criminals have control of the money);
- Dramatic loss of computer speed;
- Changes in the way things appear on the screen;
- Computer locks up so the user is unable to perform any functions;
- Unexpected rebooting or restarting of the computer;
- Unexpected request for a one time password (or token) in the middle of an online session;
- Unusual pop-up messages, especially a message in the middle of a session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc.);
- New or unexpected toolbars and/or icons; and
- Inability to shut down or restart the computer.
Fraudulent NBCU Checks
Please be advised of fraudulent NBCU checks in circulation. If you receive any suspicious checks, along with a Secret Shopper letter with wiring instructions, please contact our Fraud Specialist immediately at (508) 994-6546 ext. 122.
Thieves will try anything to get access to your accounts and personal information. If you receive an email, text message, or phone call supposedly from a business you deal with, asking for account numbers, passwords, or PIN numbers do not reply to this or give any information. Contact the business using a number that you already have on file and know is correct. There is never any reason anyone would need to know your PIN number.
New Bedford Credit Union takes security seriously and strives to protect our members and their personal and financial information. As we become aware of security risks or scams that may affect our members we will post a notice here. We will also include any tips we receive to help prevent fraud or identity theft.
Suspicious Activity Alert
In the event any suspicious account activity is detected on your Debit Card, you will be contacted immediately via an automated telephone call or text message alert by our fraud detection center at EnFact. This automated call/text will ask to confirm whether or not the transaction in question was initiated by an authorized cardholder. You will be asked to verify your 5-digit zip code, and the date and dollar amount of the transaction in question. In the event you cannot be reached, you will be left a voice message, along with a 6-digit private message code. This 6-digit code will aid in verifying your identity. You will not be asked for and should not respond to the following: your account number, debit card number, PIN number, or your social security number. New Bedford Credit Union takes security seriously and strives to protect our member’s personal and financial information.
Email Scam Alert
This scam involves a fraudulent email being sent out claiming to be the Security Department of VISA and MasterCard. The email reads “confirm your account information” or your account will be “suspended indefinitely”. It then asks for your plastic card information as well as your personal information. New Bedford Credit Union will never contact you in this manner. If you receive a request for this type of information New Bedford Credit Union do not give out any personal information. If you have any questions or concerns, please call us at 508-994-6546.
Tips for Recognizing and Avoiding Fake Check Scams
If someone you don’t know wants to pay you by check but wants you to wire some of the money back, beware! It’s a scam that could cost you thousands of dollars.
There are many variations of the fake check scam. It could start with someone offering to buy something you advertised, pay you to do work at home, give you an “advance” on a sweepstakes you’ve supposedly won, or pay the first installment on the millions that you’ll receive for agreeing to have money in a foreign country transferred to your bank account for safe keeping. Whatever the pitch, the person may sound quite believable.
Fake check scammers hunt for victims. They scan newspaper and online advertisements for people listing items for sale, and check postings on online job sites from people seeking employment. They place their own ads with phone numbers or email addresses for people to contact them. And they call or send emails or faxes to people randomly, knowing that some will take the bait.
They often claim to be in another country. The scammers say it’s too difficult and complicated to send you the money directly from their country, so they’ll arrange for someone in the U.S. to send you a check.
They tell you to wire the money to them after you’ve deposited the check. If you’re selling something they say they’ll pay you by having someone in the U.S. who owes them money send you a check. It will be for more than the sale price; you deposit the check, keep what you’re owed, and wire the rest to them. If it’s part of a work-at-home scheme, they may claim that you’ll be processing checks from their “clients.” You deposit the checks and then wire them the money minus your “pay.” Or they may send you a check for more than your pay “by mistake” and ask you to wire them the excess. In the sweepstakes and foreign money offer variations of the scam, they tell you to wire them money for taxes, customs, bonding, processing, legal fees, or other expenses that must be paid before you can get the rest of the money.
The checks are fake but they look real. In fact, they look so real that even bank tellers may be fooled. Some are phony cashier’s checks; others look like they’re from legitimate business accounts. The companies whose names appear may be real, but someone has dummied up the checks without their knowledge.
You don’t have to wait long to use the money, but that doesn’t mean the check is good. Under federal law, banks have to make the funds you deposit available quickly – usually within one to five days, depending on the type of check. But just because you can withdraw the money doesn’t mean the check is good, even if it’s a cashier’s check. It can take weeks for the forgery to be discovered and the check to bounce.
You are responsible for the checks you deposit. That’s because you’re in the best position to determine the risk – you’re the one dealing directly with the person who is arranging for the check to be sent to you. When a check bounces, the bank deducts the amount that was originally credited to your account. If there isn’t enough to cover it, the bank may be able to take money from other accounts you have at that institution, or sue you to recover the funds. In some cases, law enforcement authorities could bring charges against the victims because it may look like they were involved in the scam and knew the check was counterfeit.
There is no legitimate reason for someone who is giving you money to ask you to wire money back. If a stranger wants to pay you for something, insist on a cashier’s check for the exact amount, preferably from a local bank or a bank that has a branch in your area.
Don’t deposit it – report it! Report fake check scams to the National Fraud Information Center/Internet Fraud Watch, a service of the nonprofit National Consumers League, at www.fraud.org or (800) 876-7060. That information will be transmitted to the appropriate law enforcement agencies.