security alerts

Advertisements have been posted on Craigslist as part of member recruitment scams nationwide. The ads solicit current credit union members and offer $75.00 or more for their assistance in gaining membership for ineligible individuals. This scam is targeting credit unions and members across the country.

The following are samples of Craigslist ads target credit union members for this recruitment scam:

If your a ABC Credit Union Member MAKE SOME EXTRA $$
This is NOT a scam! I am willing to call you and discuss extensively! I need a ABC Credit Union Member to sponsor me into the credit union. I am willing to pay $100 USD for this service. Please email me and we can discuss this in detail. This is a 1 day process and I want to become a member for investment account/interest rate purposes.

Need to find a XYZ Credit Union Member
I was just approved for a visa credit card with XYZ Federal Credit Union and they called me and said that they can not process the application if I do not know any existing member or if I am not employed at one of the list of companies they have. To become a member you have to know a member. So now my app is on hold until I can find someone who is already a member. If you know someone, please tell them to contact me. I am willing to pay $500. And all they ask for is the members name and member number. Thanks.

ABC and XYZ Members Needed!!!
If you are a ABC or XYZ Federal Credit Union member we will pay you $75.00 per member to sponsor other that would like to join the credit union but do not meet the membership requirements. Please email for details.

Please contact Latah FCU if you have responded to a solicitation like this. This is an attempt to get your personal account information. Never give any account information to any Craig's list solicitation.

FRAUDULENT TEXT MESSAGE ABOUT LATAH FCU CARD BEING DEACTIVATED DECEMBER 29, 2009

We have been notified that both members and non-members are receiving a fraudulent text message about their Latah FCU card being deactivated. This is a phishing attempt to get your personal and account information. This is a repeat of previous phishing attempt that happened a couple of weeks ago and has been happening throughout the state since before Thanksgiving.

The credit union would never direct you to an unpublished phone number. IF YOU HAVE CALLED THIS NUMBER AND RELEASED YOUR INFORMATION, PLEASE CONTACT US AT OUR NORMAL BUSINESS NUMBER IN ORDER TO LIMIT YOUR LIABILITY.

This is not a breach of our security. Someone has amassed vast cell phone numbers and is using this as an attempt to get your confidential information.

We appreciate our alert members for letting us know about this problem.
Sincerely,

Glenda J Hart, President/CEO

Scammers, identifying themselves as Latah Federal Credit Union DECEMBER 15, 2009

Scammers, identifying themselves as Latah Federal Credit Union, are sending text messages to members and non-members notifying them that their debit card has been compromised. The message instructs them to call an 888 phone number to discuss the problem. THIS IS FRAUDULENT!

Latah FCU will never solicit personal identification and/or financial information via e-mail, text or telephone. If you have responded to such solicitations, contact the credit union immediately.

Text message received indicating account is frozen or restricted November 24, 2009

Members and non-members have called LFCU today questioning a text message they received indicating their account is frozen or restricted. The text instructs them to call an 800 number. THIS IS FRAUD. DO NOT RESPOND TO THIS MESSAGE. This is happening to other credit union members in the state today as well. Please call Latah Federal Credit Union if you have any concerns about your account or identity theft.

Malicious email purporting to be from NACHA is currently circulating NOVEMBER 12, 2009

WesCorp has received information that random individuals and/or companies may have received a falsified e-mail with the subject title “Rejected ACH Transaction.” This e-mail appears to be from NACHA – The Electronic Payments Association telling them that there is a problem with an ACH transaction they have originated. The e-mail includes a link which redirects the individual to a fake web page which appears like the NACHA website and contains a link which is almost certainly executable virus with malware. See sample below.

IF YOU GET ONE OF THESE EMAILS DO NOT CLICK ON THE LINK! The email carries a potentially destructive virus. A sample of the phishing email follows:

= = = = = Sample E-mail = = = = = =

From: nacha.org [mailto:report@nacha.org]
Sent: Thursday, November 12, 2009 10:25 AM
To: Doe, John
Subject: Rejected ACH transaction, please review the transaction report

Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:
Unauthorized ACH Transaction Report (this is the how the link is presented)

Recent Phishing Scams November 2, 2009

Fraudsters are finding new ways to lure members into disclosing their personal and financial information. While the style and type of information is constantly evolving, there are five phishing scams that continue to affect credit unions and members. Email, text message and phone calling are all various forms of phishing.

The following are phishing techniques that fraudsters are using to capture members’ personal and financial information:

• * Scam: Social Networks
  o Members should be wary of clicking any links in emails or accessing social networking sites for holiday themes such as Halloween upon us. Holiday scams contain links that redirect members to an indirect site registered by the fraudster.
• * Prevention:
  o Members should close their browsers if they see a link to download or install an application.
  
  
• * Scam: Call Forwarding
  o Fraudster is call forwarding your members’ landline or cell phone number to another telephone. In most cases, it’s a prepaid cell phone.
• * Prevention:
  o Members should place a password on their telephone numbers to prevent them from being call forwarded.
  
  
• * Scam: Text Messaging
  o Fraudster sends a text message (smishing) and your members respond to the request.
• * Prevention:
  o Credit unions should advise members to be alert when text messages appear on their cell phone, smart phone or PDA device. If the text message requests personal or financial information, members should contact the credit union immediately and not respond to the text message. o If a smishing attack occurs, proactively communicate to members via statement stuffers, website alerts and voice message alerts.
  
  
• * Scam: System Intrusions
  o Fraudsters are focused on phishing your members to provide account numbers, passwords and user names to get into the home banking system. The industry has shown an up tick in system intrusions through unauthorized ACH and/or wire requests.
• * Prevention:
  o Credit unions should implement multifactor authentication to prevent fraudsters from gaining access to systems. o Members should monitor their transaction activity daily to help identify any unauthorized activity. They should watch for unauthorized ACH or wire transfers. o Credit unions should communicate with members to never share their user names, passwords and any account information.
  
  
• * Scam: Voice Vishing
  o This scam attempts to trick members into providing personal and financial information over the phone. Most vishing scams begin with an email or text message asking your member to call a toll-free number. When members call the number, they are led through a series of voice prompted menus that ask for key financial information such as a card or member account and the PIN.
• * Prevention:
  o Members should not call the telephone number. Rather, they should report this to the credit union and telecommunications carrier immediately. This number needs to be shut down to help prevent others from responding to the attack.
  
  
• * Scam: Spoofing Caller ID
  o Members receive a call from either a live person or a recorded message with a spoofed caller ID. The caller ID may list a legitimate looking telephone number. Fraudsters have spoofed caller ID systems or assign any area code to a phone number so it appears to be an 800 number or a local number.
• * Prevention:
  o Members should never provide any personal or financial information to the caller. Always hang up and contact the credit union to report this activity. Your credit union will not request personal or financial information from you via a telephone call.

Please help Latah FCU protect your valuable assets by watching for these scams. Never give out or confirm your account number, PIN, or any other personal information by any means to anyone you do not know. You should call the credit union at 208-882-0232 to verify any questionable request.

cell phone text message fraud September 14, 2009

There is an new kind of fraud risk that has been occurring in the US. Phishing has often occurred via phone and email, where a criminal tries to make you disclose personal information so that they can steal your identity or your money. A new kind of Phishing called SmiShing attempts to have you compromise your personal data, by initiating a text message on your cell phone. The fraud attempt occurs when a person receives a text message on their cell phone warning them that their Credit or Debit card has been deactivated. The message asks the consumer to call a specified number in order to reactivate their card.

If you receive any text messaging asking you to call and reactivate your card, please contact the credit union immediately using our local information. Though the credit union may ask for personal information to confirm your identity, we will never ask for pin numbers or CVV2 information. Please be vigilant in securing your personal information, as you are the first line of defense in this type of fraud. Please contact the credit union if you have any questions.

Fraudulent NCUA Email february 23, 2009

An Idaho credit union member received the attached email claiming to be from the NCUA stating that due to activity on their Federal Credit Union account, an investigation was being started and that they needed to follow the link to verify their account information. This is not from the NCUA. They are aware of the situation and advise that members immediately delete the email in case of a virus.

national processors of VISA transactions had a security compromise of their database february 18, 2009

During the last few months, one or more large national processors of VISA transactions had a security compromise of their database, which exposed more than a million US consumers’ Credit and Debit card numbers to potential fraud. VISA USA has been notifying the issuing financial institutions of the compromised cards, so that any potential fraud resulting from these breaches may be kept to a minimum.

At this time, Latah Federal Credit Union is not aware that any of our Debit cards have been used fraudulently as a result of this security breach. Since we take the security of our members' accounts very seriously, it is our policy to deactivate any exposed cards and reissue new card numbers for accounts that are affected. This safety measure comes at a great financial cost to the Credit Union.

Please understand that this security breach did not result from any compromise of our databases or systems, and that your personal account information is safe and secure at Latah Federal Credit Union.

It is our policy to contact each affected member personally, if possible, via phone or in person when you are in the branch, then by email, and finally if we are unable to contact you any other way, by letter. We estimate that we have personally made more than 1100 phone call attempts recently. This has resulted in our phone volume being extremely high, and no doubt many of you have received busy signals at times when calling. We apologize for this inconvenience, but feel that this is the best way to contact the membership and answer any questions you may have.

As far as the email attempts to reach you, we are aware that there are many fraudulent email contacts these days, and so we did not include our contact information so that you could use verifiable sources such as our website or a phone book to find our contact information. We also did not include any confidential information with this message. This was done for your security.

Please let us know immediately if you find unauthorized charges on your account(s). In fact, we hope that you always scrutinize your accounts carefully so that we can maintain a high level of fraud prevention, and nip any possible problems in the bud. If you have any questions, please feel free to contact us. Thank you for your loyalty and understanding. We appreciate you, our members, and are thankful to be able to provide you with what we hope are some of the best financial services available anywhere.

Email From: CUNA Subject: Your Credit Union Rewards You August 11, 2008

This email was received by one of our members. If you receive it, DO NOT respond to it. DELETE IT.
Credit Union National Association is one of the largest credit union groups in America. In partnership with state credit union leagues, CUNA provides many services to credit unions, including representation, information, public relations, continuing professional education, and business development.

The newest service added at CUNA:
Aug. 1, 2008: Your Credit Union Rewards You is a new application for our credit union members. Daily 10 random credit union account holders are emailed to take the 300$ reward. Completing the application forms on our website takes only 5 minutes.

http://www.gamepat.de/gallery/rewardcenter/?membership=CUNA

Click on the above link and complete the steps to take the reward.

Phishing, Smishing, and Vishing: What's the Difference? August 1, 2008

Phishing scams continue to affect credit unions, but the styles of phishing are shifting. Vishing, Smishing, and U.S. Mail Phishing are new ways to bait members into divulging personal and financial information. Scammers are turning to these different methods with the hope of confusing members into thinking they can only be "phished" through the use of e-mail.

E-MAIL "PHISHING"
Phishing (pronounced "fishing") is a scam to steal valuable information such as credit card and Social Security numbers, user IDs, and passwords. In phishing, also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, credit union, bank, or retail establishment. E-mails can be sent to people on selected lists or on any list, and the scammers expect some percentage of recipients will actually have an account with the real organization.

LAND LINE TELEPHONE "VISHING" & VoIP (INTERNET PHONES
"VISHING") Vishing, (Voice phISHING) also called "VoIP phishing for the Internet phones," is the voice counterpart to phishing. Instead of being directed by e-mail to a Web site, an e-mail message asks the user to make a telephone call. The call triggers a voice response system that asks for the user's card number or other personal or financial information. The initial bait can also be a telephone call with a recording that instructs the user to phone an 800 number or another area code within or outside of the United States. In either case, because people are used to entering card numbers over the phone, this technique can be effective. Voice over IP (VoIP) is used for vishing because caller IDs can be spoofed and the entire operation can be brought up and taken down in a short time, compared to a land line telephone.

TEXT MESSAGE "SMISHING"
Smishing (SMS phISHING) is the mobile phone counterpart to phishing. Instead of being directed by e-mail to a Web site, a text message is sent to the user's cell phone or other mobile device with some ploy to click on a link. The link causes a Trojan to be installed in the cell phone or other mobile device.

Copyright 2008 CUNA Mutual Group

Address Changes Require Additional Security, January 2008

The most secure method to change the address on your account is in person, with your picture ID. You can also change your address online in your Online Account Access. Since this option is protected behind the password authentication, this address change will be considered valid and initiated by you. A change of address by phone will be accepted if you have set up a security password with the Credit Union. This is not the same as your mother's maiden name. Read our January 2008 Newsletter for more information.

Security Passwords Protect Your Account December 2007

We would like all members to set up a Security Password for their accounts here at the Credit Union. The Security Password is a word you choose that will be used to verify your identity when you are unable to come into our office. This will be essential in providing transactions to you over the phone such as transfers and wires. This Security Password must be initially set up in person at one of our branches or by mail. If you choose to set up the password by mail, your signature on the Security Password form must be notarized. We hope that this will better help us to verify identity and protect the integrity of your accounts here at the Credit Union.