In 2020, consumers reported losing more than $3.3 billion to fraud.
Keep your information safe!
With the ever-growing popularity of online shopping and online communications, you should always have your guard up in the cyberworld. Criminals will use any situation to their advantage–especially when it comes to annual holidays. Below you’ll find a few examples of commonly used seasonal and holiday scams, and what you can do to protect yourself.
Fake Shipping Notifications
End-of-the-year holidays invite a greater likelihood of this common phishing attack, but this is a scam you must be cautious of all year long. Scammers send fake notifications that appear to come from postal service companies. The emails include dangerous links that, if clicked, could install malware on your computer or take you to a fake login page where your credentials will be stolen.
To check the legitimacy of these types of claims, always log in to your online account or service through your browser—not through links in unexpected emails.
Travel Deals and Offers
Scammers know that their potential victims travel for holidays throughout the year. Cybercriminals send emails offering fake travel deals from well-known travel sites. They’re even known to create phony websites for cheap hotels and flights so they can rob you of your money.
When something seems too good to be true, it probably is. Never click on links in unexpected emails. Before booking through an unfamiliar service, do your research and ensure the company is legitimate.
Social Media Deals and Sales
All social media advertisements are not created equal. A “paid advertisement” may seem trustworthy, but be warned: Anyone can pay to put an ad on social media. During holidays and popular shopping seasons, fraudsters buy ads that offer deals for items that you’re more than likely interested in–considering social media ads target the buyer market. The ads typically contain phishing links that lead to fraudulent websites where they will steal your credit card data. Even if the malicious ad is reported and removed, the bad guys typically only need one victim to fall for their trick to make it worth their investment.
Always hover over links and URLs before clicking to check whether the URL will take you to a dangerous or unexpected site. If a social media ad appears to be from a company you’re familiar with, check the company’s website instead of clicking on links from the ad.
COVID-19 Vaccine Scams Put Your Identity At Risk
As soon as the FDA approved the emergency use of the Pfizer vaccine, scammers were busy implementing their plans to use this opportunity to profit from the health crisis and medical breakthroughs. Preying on those waiting for a vaccine, scammers have been convincing people to give up personal details in exchange for being put on a "vaccine list", having the opportunity to jump the line, receive alternative cures, or making a co-payment on a vaccine that isn't necessary. Scammers will also wait patiently as unwittingly people post images of their CDC COVID-19 vaccine card on social media, displaying personal information for the world to see! Some of these scams are so timely, delivered through phone calls, text messages, and emails, that it's often hard to tell a scam from the real thing. It's critical you share the real threat vaccine scams pose to people and the ways they can protect themselves from a scam.
- Make your vaccine appointment by calling or on one of the recommended vaccine sites.
- Do not give out personal information, bank account or social security numbers, or insurance information, when someone calls or messages you.
- Do not pay to put your name on a waiting list.
- Do not give a co-pay in advance of a vaccine. According to the CDC, vaccines are provided to Americans for free.
- Do not post pictures on social media sites of your vaccine card.
It will be quite some time until the general population has access to a vaccine. Whether you in Phase 1 or the last phase of the vaccine rollout, it's important to always stay aware and prepared for scammers to reach out to you. If you feel like you've fallen victim to a COVID-19 related scam, we are here to help. As part of our Service One new Choice checking accounts, you have an Identity Theft Recovery Advocate on standby waiting to help you recover your good name.
If you receive a Service One Credit Union cashier's check, please call 270-796-8500 to verify it, there are counterfeit Service One cashier’s checks in circulation.
Risk Alert from CUNA Mutual about the Zelle Fraud Scam
Here is how it works:
The fraudster sends test alerts to members, appearing to come from the credit union, warning members of suspicious debit card transactions.
Fraudsters call those members who respond to the text, spoofing the credit union’s phone number, and claim to be from the credit union’s fraud department.
To verify the identity of the member, the fraudster asks for the member’s online banking username and tells them they will receive a passcode via text or email and the member must provide it to the fraudster. In reality, the fraudster initiates a transaction, such as the forgot password feature, that generates a 2-step authentication passcode which is delivered to the member.
The member provides the passcode to the fraudster who uses it to log in to the member’s account using a device not recognized by the host system.
Upon logging into the accounts, fraudsters change the online banking passwords.
It seems pretty convincing, especially to those who don’t deal with it every day. A seemingly legitimate alert from your credit union about a debit card issue, followed by a call from the “fraud department”. Please do not fall for this scam. Call us if you have any questions about your account.
10 tactics scammers use to trick credit union members
by David Ver Eecke, PSCU
Scammers are known for preying on victims’ vulnerabilities, such as financial hardship, fear, and confusion. Given the particularly challenging circumstances surrounding COVID-19, people who believe they are savvy enough to avoid scams may fall victim, nonetheless.
Proactive education is the best way to not only protect members but also help your credit union staff be prepared to assist members who have been targeted by scammers. In fact, a recent Javelin study found 80% of people in the U.S. who are informed about a scam will disengage from it.
Here are 10 common practices scammers keep in their arsenals to attempt to fool your members and commit fraud.
- Faking an emergency. Scammers pretend to represent an official organization (like the IRS) and call, text or email members to demand immediate money for bogus issues. They use threatening phrases such as, “Your 401k plan will be frozen,” “Your passport will be seized,” or “The maximum sentence for this crime is five years in prison and a $10,000 fine,” to catch victims off guard and create a sense of urgency.
- Expressing that resistance is ineffective. Once the scammer has created the emergency and instilled panic, they reinforce there is nothing the member can do to remedy the situation. In the case of an IRS scam, they often tell the member they must cooperate or face arrest or fines.
- Rewarding cooperation with encouraging comments. Scammers sometimes try to play the part of a trusted friend, offering help and a way out of the emergency that would provide relief to the member. They often tell the member they seem like a good person and offer to help them with the situation at hand.
- Not allowing victims to hang up until they pay up. Phone scammers say it is a one-time opportunity for the member to take action to avoid further consequences, and if the member hangs up the phone, he or she will not be offered another chance to resolve the problem.
- Using official-sounding titles and names for ordinary things. Scammers try to sound impressive to gain members’ trust. They use official-sounding titles and names for merchants and everyday items. Examples include referring to a gift card as an “electronic federal tax payment system,” or instead of using the name of a store, they call it a “government-affiliated payment processor.”
- Stating they are not asking for personal information upfront. Scammers know asking for personal information could raise alarm bells for the member. Instead, they may say they are not looking to obtain this information, or they are not looking for an exchange of funds over the phone, which may cause members to let down their guard. This is why scammers often use gift cards to extract payment.
- Signaling to members they are being recorded. In an attempt to sound legitimate, scammers say the call is being recorded and monitored by the IRS.
- Threatening to alert the media. Scammers go to great lengths to keep suspicious or wary members on the phone, and even go so far as to threaten to contact the media on behalf of the IRS if the member does not comply with what is being asked. This is used as a last resort to salvage a conversation that might not be going well.
- Exploiting member engagement. Once scammers have members hooked, they may transfer the call to another fake agent in an attempt to further legitimize the call. Often, these scamming “call centers” employ multiple scammers who work together to make the initial call and then close the scam. Scammers are highly organized: some are responsible for getting members hooked, while others focus on closing the deal by extracting payment. They may say, “Please hold on the line, I am transferring the call to my senior treasury specialist,” or “Thanks for waiting, this is senior officer Matthews from the accounting department. My badge ID is…”
- Insisting members keep quiet about special offers. If a scammer offers a special tax break, for instance, they will often demand the member not discuss it with anyone, as it would prevent them from getting the settlement.
Members should report scams as soon as they occur, and visit USA.gov for information on reporting scams and fraud.
Members have received text messages telling them that their debit cards have been suspended. It lists an 800 number to call. This is not Service One. We do not text you stating your debit card has been suspended. Block the number texting you. It is s scammer trying to get access to your debit card.
Social Media Scams
With most of the US under orders to stay at home due to the COVID-19 pandemic, many people are turning to social media for a fun distraction. Taking a Facebook quiz may seem like a harmless way to pass the time while quarantined, but it could also give scammers your personal information.
How the Scam Works:
You see a fun quiz on Facebook or another social media platform. What’s the harm, you figure? You answer a few questions and prove how well you know a friend. Or you take a short personality test to match with a character from your favorite TV show.
These quizzes ask seemingly silly or meaningless questions, but scammers can use that information for nefarious purposes. For example, some quizzes collect personal information by asking questions like: “What is your mother's maiden name?” or “What is the name of the street you grew up on?” These are common security questions for banking and credit card accounts. Sharing this information can lead to your accounts being hacked, and your personal and financial information being stolen.
Not all social media quizzes are data collection scams, but BBB cautions users to be careful about what they share online. Social media data and quiz answers can be used to steal your identity or enable a scammer to impersonate you to your friends and family.
Tips to avoid social media scams:
- Be skeptical: Before you take a quiz, figure out who created it. Is it a brand you trust? Just because something appears to be fun and innocent, doesn’t mean there isn’t an inherent risk.
- Adjust privacy settings: Review your social media account’s privacy settings and be strict about what information you share - and be mindful of who you are sharing it with.
- Remove personal details from your profile: Don’t share information like your phone number or home address on social media accounts.
- Don't give answers to common security questions: Be cautious if the questions in a quiz ask for things like your mother's maiden name, street you grew up on, or the name of your high school.
- Monitor Friend Requests. Don't accept friend requests from people you don’t know. Also, be wary of a second friend request from someone you are already connected with; the second profile may be an imposter trying to access your data and your Friends list.