Logo
 
Home Contact Us Privacy

Online Services

Account Services

security resources

security alerts

Fraudulent Txt Message

May 19, 2011 – Members and non-members have called LFCU today questioning a text message they received supposedly from LFCU. The text instructs them to call an 800 number. THIS IS FRAUD. DO NOT RESPOND TO THIS MESSAGE. We never contact or solicit our members in this manner. Please call Latah Federal Credit Union if you have any concerns about your account or identity theft.

If you have already responded to this fraudulent txt message, please call 1-800-554-8969 to report that your debit card has been compromised.

Current Credit Card Scam

March 08, 2011 –"This is forwarded from the NORTHCOM LAW ENFORCEMENT INTELLIGENCE BRANCH. In short, the perpetrators claim to be tracking fraudulent charges and the only information they ask you for is your security code on the back of the card.

The Lesson is: any unsolicited requests for information should be abruptly terminated and you should contact the appropriate institution (Credit Card company, Bank, FBI) to report it.

This information is worth reading. By understanding how the VISA & MasterCard telephone Credit Card Scam works, you'll be better prepared to protect yourself. One of our employees was called on Wednesday from 'VISA', and I was called on Thursday from 'MasterCard'.

The scam works like this:

Person calling says - 'This is (name), and I'm calling from the Security and Fraud Department at VISA. My Badge number is 12460, Your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a marketing company based in Arizona ?' When you say 'No', the caller continues with, 'Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?' You say 'yes'.

The caller continues - 'I will be starting a Fraud Investigation. If you have any questions, you should call the 1- 800 number listed on the back of your card (1-800-VISA) and ask for Security. You will need to refer to this Control Number. The caller then gives you a 6 digit number. 'Do you need me to read it again?'

Here's the IMPORTANT part on how the scam works - The caller then says, 'I need to verify you are in possession of your card'. He'll ask you to 'turn your card over and look for some numbers'. There are 7 numbers; the first 4 are part of your card number, the last 3 are the Security Numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the last 3 numbers to him. After you tell the caller the 3 numbers, he'll say, 'That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card Do you have any other questions?'

After you say no, the caller then thanks you and states, 'Don't hesitate to call back if you do', and hangs up. You actually say very little, and they never ask for or tell you the card number. But after we were called on Wednesday, we called back. Within 20 minutes to ask a question. Are we were glad we did! The REAL VISA Security Department told us it was a scam and in the last 15 minutes a new purchase of $497.99 was charged to our card. We made a real fraud report and closed the VISA account. VISA is reissuing us a new number.. What the scammers want is the 3-digit PIN number on the back of the card. Don't give it to them. Instead, tell them you'll call VISA or Master Card directly for verification of their conversation..

The real VISA told us that they will never ask for anything on the card as they already know the information since they issued the card! If you give the scammers your 3 Digit PIN Number, you think you're receiving a credit; however, by the time you get your statement you'll see charges for purchases you didn't make, and by then it's almost too late and/or more difficult to actually file a fraud report.

What makes this more remarkable is that on Thursday, I got a call from a 'Jason Richardson of MasterCard' with a word-for-word repeat of the VISA Scam. This time I didn't let him finish. I hung up! We filed a police report, as instructed by VISA. The police said they are taking several of these reports daily! They also urged us to tell everybody we know that this scam is happening. I dealt with a similar situation this morning, with the caller telling me that $3,097 had been charged to my account for plane tickets to Spain , and so on through the above routine..

It appears that this Is a very active scam, and evidently quite successful."

FRAUDULENT TEXT MESSAGE

October 29, 2010 –Members and non-members have called LFCU today questioning a text message they received supposedly from LFCU. The text instructs them to call an 800 number. THIS IS FRAUD. DO NOT RESPOND TO THIS MESSAGE. We never contact or solicit our members in this manner. Please call Latah Federal Credit Union if you have any concerns about your account or identity theft.

NACHA warns about phishing attack

July 26, 2010 – NACHA posted a notice on its website Friday that it has been the victim of a phishing attack, noting that some customers have received fraudulent e-mails that appear to be coming from the organization.

The subject line of these e-mails reads, “Unauthorized ACH Transaction,” and the body of the e-mail contains a link that will redirect the individual to a fake Web page. Once there, another link is viewable. NACHA is urging its customers not to click on this link because it will infect the user’s computer with a malware virus.

NACHA is reminding its customers that it does not process or come into contact with the ACH transactions that flow to and from organizations and financial institutions. Further, NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.

The organization encourages its customers to consult with a computer security or anti-virus specialist if malicious code is detected or suspected on a computer. It also urges customers to always use anti-virus software and ensure that the virus signatures are automatically updated. NACHA customers should stay alert for different variations of fraudulent emails, the company said.

Fraudulent text messages sent last night

Last night the following fraudulent text message was sent:

Test/SMS Message: "mobilebanking@latahfcu.org (Latah)Latah F C U Security Notice. For More Details , Please Contact our secure phone line at 866 368 0542 . Thank you ."
From the phone number: 362-45 (only 5 digits)
Victims seem to be in the 208-301-#### area code & prefix

  • This IS FRAUD
  • Your account and personal information is SAFE
  • The person/persons behind the fraud know nothing about them other than they have a 208-301-#### phone number
  • None of our computer systems have been broken into, this is simply a blind phishing attempt to obtain credit card and debit card numbers

Never give your debit or credit card number by phone, text, or email to any solicitation received that you did not initiate.

If you replied to this 866 number, contact the credit union or VISA immediately to cancel your debit card.

 

Better Business Bureau Warns Of IPad Scams

The U.S. Council of Better Business Bureaus is warning consumers about online scams designed to get them to provide credit card and other personal information by offering free Apple Inc. iPads, which went on sale as of Saturday.
McAfee Inc., a Santa Clara, Calif.-based security technology company, reported to the Better Business Bureau that someone was sending spam e-mails offering free iPads to consumers if they first provided their credit card numbers, says Alison Southwick, a spokesperson for the Arlington, Va.-based council. McAfee has published a warning about the e-mail scam on its security blog, she says.
GeekSugar.com, a technology and celebrity Web site, similarly is warning of spam e-mails that encourage consumers to become iPad testers by logging on to the Web site Testitandkeepit.com. Operators of Testitandkeepit say they will give the iPad to participating consumers after they spend two months testing it. GeekSugar warned, however, participants must provide their e-mail addresses and their passwords as well their friends' e-mail addresses to participate. PaymentsSource could not reach executives of Vancouver, British Columbia-based Testitandkeepit for comment.

Fraudulent Debit Card Message Received by LFCU Member

A member received a message about his debit card. The phone number that it was from is 817-688-7853. The phone # itself is a cell phone registered out of Texas. If a member does give their information to this scam then the card will most likely see charges coming out of Canada. Never give your debit or credit card number by phone, text, or email to any solicitation received that you did not initiate.

Credit Union Recruitment Scam on Craigs List January 8, 2010

Advertisements have been posted on Craigslist as part of member recruitment scams nationwide. The ads solicit current credit union members and offer $75.00 or more for their assistance in gaining membership for ineligible individuals. This scam is targeting credit unions and members across the country.

The following are samples of Craigslist ads target credit union members for this recruitment scam:

If your a ABC Credit Union Member MAKE SOME EXTRA $$
This is NOT a scam! I am willing to call you and discuss extensively! I need a ABC Credit Union Member to sponsor me into the credit union. I am willing to pay $100 USD for this service. Please email me and we can discuss this in detail. This is a 1 day process and I want to become a member for investment account/interest rate purposes.

Need to find a XYZ Credit Union Member
I was just approved for a visa credit card with XYZ Federal Credit Union and they called me and said that they can not process the application if I do not know any existing member or if I am not employed at one of the list of companies they have. To become a member you have to know a member. So now my app is on hold until I can find someone who is already a member. If you know someone, please tell them to contact me. I am willing to pay $500. And all they ask for is the members name and member number. Thanks.

ABC and XYZ Members Needed!!!
If you are a ABC or XYZ Federal Credit Union member we will pay you $75.00 per member to sponsor other that would like to join the credit union but do not meet the membership requirements. Please email for details.

Please contact Latah FCU if you have responded to a solicitation like this. This is an attempt to get your personal account information. Never give any account information to any Craig's list solicitation.

FRAUDULENT TEXT MESSAGE ABOUT LATAH FCU CARD BEING DEACTIVATED DECEMBER 29, 2009

We have been notified that both members and non-members are receiving a fraudulent text message about their Latah FCU card being deactivated. This is a phishing attempt to get your personal and account information. This is a repeat of previous phishing attempt that happened a couple of weeks ago and has been happening throughout the state since before Thanksgiving.

The credit union would never direct you to an unpublished phone number. IF YOU HAVE CALLED THIS NUMBER AND RELEASED YOUR INFORMATION, PLEASE CONTACT US AT OUR NORMAL BUSINESS NUMBER IN ORDER TO LIMIT YOUR LIABILITY.

This is not a breach of our security. Someone has amassed vast cell phone numbers and is using this as an attempt to get your confidential information.

We appreciate our alert members for letting us know about this problem.
Sincerely,

Glenda J Hart, President/CEO

 

Scammers, identifying themselves as Latah Federal Credit Union DECEMBER 15, 2009

Scammers, identifying themselves as Latah Federal Credit Union, are sending text messages to members and non-members notifying them that their debit card has been compromised. The message instructs them to call an 888 phone number to discuss the problem. THIS IS FRAUDULENT!

Latah FCU will never solicit personal identification and/or financial information via e-mail, text or telephone. If you have responded to such solicitations, contact the credit union immediately.

 

Text message received indicating account is frozen or restricted November 24, 2009

Members and non-members have called LFCU today questioning a text message they received indicating their account is frozen or restricted. The text instructs them to call an 800 number. THIS IS FRAUD. DO NOT RESPOND TO THIS MESSAGE. This is happening to other credit union members in the state today as well. Please call Latah Federal Credit Union if you have any concerns about your account or identity theft.

Malicious email purporting to be from NACHA is currently circulating NOVEMBER 12, 2009

WesCorp has received information that random individuals and/or companies may have received a falsified e-mail with the subject title “Rejected ACH Transaction.” This e-mail appears to be from NACHA – The Electronic Payments Association telling them that there is a problem with an ACH transaction they have originated. The e-mail includes a link which redirects the individual to a fake web page which appears like the NACHA website and contains a link which is almost certainly executable virus with malware. See sample below.

IF YOU GET ONE OF THESE EMAILS DO NOT CLICK ON THE LINK! The email carries a potentially destructive virus. A sample of the phishing email follows:

= = = = = Sample E-mail = = = = = =

From: nacha.org [mailto:report@nacha.org]
Sent: Thursday, November 12, 2009 10:25 AM
To: Doe, John
Subject: Rejected ACH transaction, please review the transaction report

Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:
Unauthorized ACH Transaction Report (this is the how the link is presented)

Recent Phishing Scams November 2, 2009

Fraudsters are finding new ways to lure members into disclosing their personal and financial information. While the style and type of information is constantly evolving, there are five phishing scams that continue to affect credit unions and members. Email, text message and phone calling are all various forms of phishing.

The following are phishing techniques that fraudsters are using to capture members’ personal and financial information:

  • * Scam: Social Networks
    o Members should be wary of clicking any links in emails or accessing social networking sites for holiday themes such as Halloween upon us. Holiday scams contain links that redirect members to an indirect site registered by the fraudster.
  • * Prevention:
    o Members should close their browsers if they see a link to download or install an application.

  • * Scam: Call Forwarding
    o Fraudster is call forwarding your members’ landline or cell phone number to another telephone. In most cases, it’s a prepaid cell phone.
  • * Prevention:
    o Members should place a password on their telephone numbers to prevent them from being call forwarded.

  • * Scam: Text Messaging
    o Fraudster sends a text message (smishing) and your members respond to the request.
  • * Prevention:
    o Credit unions should advise members to be alert when text messages appear on their cell phone, smart phone or PDA device. If the text message requests personal or financial information, members should contact the credit union immediately and not respond to the text message. o If a smishing attack occurs, proactively communicate to members via statement stuffers, website alerts and voice message alerts.

  • * Scam: System Intrusions
    o Fraudsters are focused on phishing your members to provide account numbers, passwords and user names to get into the home banking system. The industry has shown an up tick in system intrusions through unauthorized ACH and/or wire requests.
  • * Prevention:
    o Credit unions should implement multifactor authentication to prevent fraudsters from gaining access to systems. o Members should monitor their transaction activity daily to help identify any unauthorized activity. They should watch for unauthorized ACH or wire transfers. o Credit unions should communicate with members to never share their user names, passwords and any account information.

  • * Scam: Voice Vishing
    o This scam attempts to trick members into providing personal and financial information over the phone. Most vishing scams begin with an email or text message asking your member to call a toll-free number. When members call the number, they are led through a series of voice prompted menus that ask for key financial information such as a card or member account and the PIN.
  • * Prevention:
    o Members should not call the telephone number. Rather, they should report this to the credit union and telecommunications carrier immediately. This number needs to be shut down to help prevent others from responding to the attack.

  • * Scam: Spoofing Caller ID
    o Members receive a call from either a live person or a recorded message with a spoofed caller ID. The caller ID may list a legitimate looking telephone number. Fraudsters have spoofed caller ID systems or assign any area code to a phone number so it appears to be an 800 number or a local number.
  • * Prevention:
    o Members should never provide any personal or financial information to the caller. Always hang up and contact the credit union to report this activity. Your credit union will not request personal or financial information from you via a telephone call.

Please help Latah FCU protect your valuable assets by watching for these scams. Never give out or confirm your account number, PIN, or any other personal information by any means to anyone you do not know. You should call the credit union at 208-882-0232 to verify any questionable request.

cell phone text message fraud September 14, 2009

There is an new kind of fraud risk that has been occurring in the US. Phishing has often occurred via phone and email, where a criminal tries to make you disclose personal information so that they can steal your identity or your money. A new kind of Phishing called SmiShing attempts to have you compromise your personal data, by initiating a text message on your cell phone. The fraud attempt occurs when a person receives a text message on their cell phone warning them that their Credit or Debit card has been deactivated. The message asks the consumer to call a specified number in order to reactivate their card.

If you receive any text messaging asking you to call and reactivate your card, please contact the credit union immediately using our local information. Though the credit union may ask for personal information to confirm your identity, we will never ask for pin numbers or CVV2 information. Please be vigilant in securing your personal information, as you are the first line of defense in this type of fraud. Please contact the credit union if you have any questions.

Fraudulent NCUA Email february 23, 2009

An Idaho credit union member received the attached email claiming to be from the NCUA stating that due to activity on their Federal Credit Union account, an investigation was being started and that they needed to follow the link to verify their account information. This is not from the NCUA. They are aware of the situation and advise that members immediately delete the email in case of a virus.

national processors of VISA transactions had a security compromise of their database february 18, 2009

During the last few months, one or more large national processors of VISA transactions had a security compromise of their database, which exposed more than a million US consumers’ Credit and Debit card numbers to potential fraud. VISA USA has been notifying the issuing financial institutions of the compromised cards, so that any potential fraud resulting from these breaches may be kept to a minimum.

At this time, Latah Federal Credit Union is not aware that any of our Debit cards have been used fraudulently as a result of this security breach. Since we take the security of our members' accounts very seriously, it is our policy to deactivate any exposed cards and reissue new card numbers for accounts that are affected. This safety measure comes at a great financial cost to the Credit Union.

Please understand that this security breach did not result from any compromise of our databases or systems, and that your personal account information is safe and secure at Latah Federal Credit Union.

It is our policy to contact each affected member personally, if possible, via phone or in person when you are in the branch, then by email, and finally if we are unable to contact you any other way, by letter. We estimate that we have personally made more than 1100 phone call attempts recently. This has resulted in our phone volume being extremely high, and no doubt many of you have received busy signals at times when calling. We apologize for this inconvenience, but feel that this is the best way to contact the membership and answer any questions you may have.

As far as the email attempts to reach you, we are aware that there are many fraudulent email contacts these days, and so we did not include our contact information so that you could use verifiable sources such as our website or a phone book to find our contact information. We also did not include any confidential information with this message. This was done for your security.

Please let us know immediately if you find unauthorized charges on your account(s). In fact, we hope that you always scrutinize your accounts carefully so that we can maintain a high level of fraud prevention, and nip any possible problems in the bud. If you have any questions, please feel free to contact us. Thank you for your loyalty and understanding. We appreciate you, our members, and are thankful to be able to provide you with what we hope are some of the best financial services available anywhere.

Email From: CUNA Subject: Your Credit Union Rewards You August 11, 2008

This email was received by one of our members. If you receive it, DO NOT respond to it. DELETE IT.
Credit Union National Association is one of the largest credit union groups in America. In partnership with state credit union leagues, CUNA provides many services to credit unions, including representation, information, public relations, continuing professional education, and business development.

The newest service added at CUNA:
Aug. 1, 2008: Your Credit Union Rewards You is a new application for our credit union members. Daily 10 random credit union account holders are emailed to take the 300$ reward. Completing the application forms on our website takes only 5 minutes.

http://www.gamepat.de/gallery/rewardcenter/?membership=CUNA

Click on the above link and complete the steps to take the reward.

Phishing, Smishing, and Vishing: What's the Difference? August 1, 2008

Phishing scams continue to affect credit unions, but the styles of phishing are shifting. Vishing, Smishing, and U.S. Mail Phishing are new ways to bait members into divulging personal and financial information. Scammers are turning to these different methods with the hope of confusing members into thinking they can only be "phished" through the use of e-mail.

E-MAIL "PHISHING"
Phishing (pronounced "fishing") is a scam to steal valuable information such as credit card and Social Security numbers, user IDs, and passwords. In phishing, also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, credit union, bank, or retail establishment. E-mails can be sent to people on selected lists or on any list, and the scammers expect some percentage of recipients will actually have an account with the real organization.

LAND LINE TELEPHONE "VISHING" & VoIP (INTERNET PHONES
"VISHING") Vishing, (Voice phISHING) also called "VoIP phishing for the Internet phones," is the voice counterpart to phishing. Instead of being directed by e-mail to a Web site, an e-mail message asks the user to make a telephone call. The call triggers a voice response system that asks for the user's card number or other personal or financial information. The initial bait can also be a telephone call with a recording that instructs the user to phone an 800 number or another area code within or outside of the United States. In either case, because people are used to entering card numbers over the phone, this technique can be effective. Voice over IP (VoIP) is used for vishing because caller IDs can be spoofed and the entire operation can be brought up and taken down in a short time, compared to a land line telephone.

TEXT MESSAGE "SMISHING"
Smishing (SMS phISHING) is the mobile phone counterpart to phishing. Instead of being directed by e-mail to a Web site, a text message is sent to the user's cell phone or other mobile device with some ploy to click on a link. The link causes a Trojan to be installed in the cell phone or other mobile device.

Copyright 2008 CUNA Mutual Group

Address Changes Require Additional Security, January 2008

The most secure method to change the address on your account is in person, with your picture ID. You can also change your address online in your Online Account Access. Since this option is protected behind the password authentication, this address change will be considered valid and initiated by you. A change of address by phone will be accepted if you have set up a security password with the Credit Union. This is not the same as your mother's maiden name. Read our January 2008 Newsletter for more information.

Security Passwords Protect Your Account December 2007

We would like all members to set up a Security Password for their accounts here at the Credit Union. The Security Password is a word you choose that will be used to verify your identity when you are unable to come into our office. This will be essential in providing transactions to you over the phone such as transfers and wires. This Security Password must be initially set up in person at one of our branches or by mail. If you choose to set up the password by mail, your signature on the Security Password form must be notarized. We hope that this will better help us to verify identity and protect the integrity of your accounts here at the Credit Union.

 

 

 

 

 

l
This credit union is federally insured by The National Credit Union Administration.