All posts by FPU

Well, don’t be PARANOID, per se.

All this talk about fraud and identity theft can paint a pretty grim picture of the world.

This is not the intent of the Fraud Prevention Unit.

The point of this information is to help you know what to look for when it comes to this type of crime. You have to be watchful, but to become cynical and paranoid is taking things too far.

We each have an individual view of the world, a lens through which we view ourselves, other people, society and life in general. We each have a set of values and beliefs that influences how we perceive every single piece of data we encounter.

This is a good thing. It’s what makes us all different, and that keeps life interesting. But this flipside is that, whether we realize it or not, we also seek confirmation of those same values and beliefs. We seek out those things that reinforce our view of reality, and reject those that would contradict it.

If you convince yourself that “everyone but me is dishonest and is trying to steal everyone else’s identity and money,” you will end up only seeing those things which confirm this view of the world.

Without realizing it, you may even set yourself up to become a victim, since you expect it to happen all the time anyway. For example, if you always expect to be ripped off, you may actually decide to take your car to a less-than-trustworthy mechanic, without realizing why you even made this decision (your subconscious desire to prove that the world is an ugly, terrible place with nothing but bad people in it).

The fact is, most people are honest. Even in a crummy economy, if you drop your wallet, most people will try to return it to you. There are so many people doing good things to help out others every single day, all around the world. Let yourself see it. Sure, you’re getting phishing emails a couple times a week, but those are coming from a very small number of criminals. Be alert, but don’t let yourself become cynical. Life is just no fun that way.

Video Dispatch: Protect Your SSN

Today’s Video Dispatch is a “musical number” of sorts. The song is called “Protect Your Social Talking Blues,” and while I’m not sure if it qualifies as a true talking blues per se, its message is vital: you have to be careful when it comes to giving out your Social Security Number. There are situations where you have to give it (opening new financial accounts, getting a new job, doing your taxes), and there are times when you need to keep it to yourself.

Yes, that’s me “singing” and playing all the instruments (through the magic of home recording equipment). It’s not my normal style of music, but it works for the information I’m delivering here.

Note: Videos hosted on YouTube contain links to other video content, which will play on the current page if clicked. REGIONAL Federal Credit Union is in no way affiliated with or responsible for this content and has no control over videos or advertisements that may be linked from our video content.

By the way, you didn’t win the lottery

Here’s a good rule of thumb when deciding how to respond to a potentially fraudulent email message, letter, telephone call or other type of communication: if a stranger walked up to you on the street and said the exact same thing, would you believe them?

For example, you’re walking down the street when a random guy in a shabby gray suit approaches you. He says, “Greetings, I am a foreign dignitary currently in exile and would like to ask for your assistance in transferring my fortune into the United States, totaling 250 million USD. If you help, I will let you keep 25% of that amount. I will need your checking account number to complete this process.”

You’d tell the clown to get lost.

Or perhaps he says, “Congratulations! You have been selected in the Canadian lottery as the top prizewinner! In order to claim your prize of 2.5 million USD, please give me a cashier’s check for $2,945.23 to cover taxes and other fees.”

Unless you’re very gullible, your reaction would be the same.

I know that the economy isn’t good at the moment. You might be facing layoffs, reduction in pay, or worse. Your employer might be going out of business completely. You get an email that promises instant riches and it seems like all your prayers have been answered.

These thieves know that. That’s why they’re in the fraud business to begin with. They’re counting on your sleepless nights of worrying about where you’re going to get the money to make it. And they’re only going to make your situation worse.

You have to keep your guard up. Imagine that offer coming from a stranger on the street, and you will instantly see through it.

New Identity Theft Laws in Indiana

The video is available here.

It looks like Indiana has been taking some proactive steps in the fight against identity crime, including stiffer penalties for violations (including child identity theft and businesses who don’t properly dispose of sensitive information).

It’s good that they’re trying to make it easier to block access to credit if your identity is stolen, but don’t be misled: identity theft still a major hassle to go through.

They also don’t mention anything about whether or not the system would help in cases of medical or other types of identity theft. Since it’s mostly dealing with credit, I’m guessing not. Still, these new laws are a giant step in the right direction.

Gone Vishin’

It’s 9:30 at night when the phone rings.

The Caller ID displays “Card Services” and a toll-free number.

You pick up the phone, and an automated voice informs you that “your card has been compromised.” It gives you a phone number to call to take care of the issue. The phone number is the same number on the Caller ID display.

Now…what should you do?

If you answered, “hang up and ignore the call,” you’re right.

Currently, there is a move towards integrating older technologies with the Internet. Eventually, I believe these technologies will be fully integrated; your television signal, Internet connection and telephone service will all be traveling along the exact same lines as part of the same service. These different technologies will also become more “seamless” over time—there will be less of a distinct divide between how you use your TV and your computer, and between the content you will receive from both. Okay, you’ll probably still use your phone to call Mom, but the signal will be digital, and it will be traveling through the Internet.

However, there is a downside, at least for the time being: vishing. Using Internet telephone services (Voice over Internet Protocol, or VoIP), criminals are able to spoof Caller ID information, to make a phone call appear to be from a trusted entity such as a financial institution or credit card issuer.

Let’s face it, you’re more likely to believe a call from “Card Services” than you are a “Blocked Call” or “Unknown Caller.” And that’s the basis of how Vishing works.

What happens if you call the number as instructed? You will be instructed to enter your credit or debit card number, expiration date, PIN and other security information. This is pretty much everything a crook needs to use your card for fraudulent purposes. They might also attempt to get your personal information, such as date of birth or Social Security number—basically, everything they would need to commit identity theft.

Phishing Alert: 07/06/09

Emails and text messages that claim to come from Allegius Credit Union are rampant in Northwest Indiana right now. In fact, several REGIONAL employees have received these over the past two weeks.

Of course, not everyone who gets one of these messages is a member of Allegius, in which case it’s easy to see through the phishing attempt, like a few years ago when I received a phishing message that claimed to be from a credit union in Hawaii. However, Allegius does have a lot of members, and that’s what the criminals are counting on.

For example, let’s say they sent 100,000 emails, and 5,000 of those people are members. If only 1% of those people fall for it, they’ve got 50 account numbers, PINs, and probably some other information as well. That’s more than enough to do some serious damage and drain a lot of money from victim’s accounts.

I’m pasting the text of these email messages below. I don’t have an example of the text message version of this scam, but it essentially said the same thing: “your account has been suspended, please go to this site and log in.”

Your financial institution will never contact you in this way regarding account security. If you receive such messages, delete them immediately. Never click a link inside an email message of this nature, as it will take you to a website designed to appear legitimate, but set up for the sole purpose of stealing your information.

Example #1:

Subject: You have 1 new ALERT message

You have 1 new ALERT message
Please login into your Allegius Credit Union
account !
To Login, please click the link below:

Click Here

Copyright © 1998-2009 Allegius Credit Union All Rights Reserved.

Example #2:

Subject: Important Security Information

Dear Member,

Your It’s Me 247 Online Banking account has been locked temporarily due to many unsuccessful login attempts.

You are kindly advised to Login to It’s Me 247 Online Banking and follow the instructions on your screen.

The data submitted will be transmitted over an SSL encrypted connection (128 bit Secure Socket Layer).

The line about SSL encryption in the second message is a cute touch. Yet another attempt to make the message seem realistic. You might also think the phrase “You are kindly advised” seems a little off. It doesn’t seem like a phrase a financial institution would use, does it? It has a weird, “translated” aroma to it. Since a lot of these scams originate overseas, that’s probably not far from the truth.

Mystery Shopper Scam Variations

Lately I’ve been getting a ton of emails with offers for…you guessed it: mystery shopper jobs.

Naturally, I know these are a scam, but I did open one of them (afterrunning a quick virus scan on it, just to be sure!). They are from a company called WA Surveys, allegedly based in Seattle. Run a Google search on that phrase and you’ll get all kinds of results confirming that it is indeed a scam. Better yet, Google “WA Surveys” and the word “scam.” This company has quite a colorful history.

I couldn’t help but notice the “from” line in these email messages, though; they were all apparently coming from…me. My email address was in both the “from” and “to” fields.

Odd, you might think, and you’d be correct. It’s also an excellent clue that you shouldn’t trust anything about that message. If they’re already trying to spoof the sending address, you know they’re up to something.

Of course, sometimes you’ll get messages  that appear to be from people who are in your address book. I’ve had a couple of these same messages appear to be coming from other people right here at REGIONAL. I don’t know how the senders are able to do this (is it a hack, or are they just skimming email addresses from the Internet?), but it should still raise red flags—why would your supervisor be sending you a message about mystery shopper jobs?

If you’re truly unsure, contact the person directly and ask them. However, the text of the message should give you all the clues you need. In this case, it said “mystery shopper,” promised a lot of money, asked for personal information outright, and came from WA Surveys, signed by a Michael McDowell or Michael Friedman (both are aliases used by the same person).

Then again, if it turns out your supervisor actually is suggesting a new line of work for you, it might be time to start looking for a new job on your own. Just don’t fall for one of these bogus offers.

Video Dispatch: Mystery Shopper Scams

Why not get things started with the first Video Dispatch?

The topic this time is the offers for “mystery shopper” jobs you sometimes see on the Internet, in the newspaper or taped to telephone poles. A huge percentage of those offers are scams. There’s some more information on the topic available in the Fact Sheets section.

Incidentally, the theme song is a synthesized little number I wrote (using some very old Cakewalk software) called “Funk Prevention Unit.” Anytime you hear music in a Video Dispatch, that’s me; mostly because I’m not willing to go through the hassle of licensing other people’s music.

Also, we are looking into hosting videos through other avenues than YouTube. For now, though, I have to throw in the following disclaimer:

Note: Videos hosted on YouTube contain links to other video content, which will play on the current page if clicked. REGIONAL Federal Credit Union is in no way affiliated with or responsible for this content and has no control over videos or advertisements that may be linked from our video content.

Stay Vigilant

Nobody is ever 100% safe from fraud, scams or identity theft. Even if you’ve done everything possible to prevent becoming a victim, it can still happen.

Take, for example, the data breach at Heartland Payment Systems a few months ago. Through no fault of their own, thousands of people experienced unauthorized use of their credit or debit cards. It wasn’t that they fell for a phishing email or a fake phone call. They simply made a purchase or two at a store or restaurant that used Heartland as their card processor.

However, there is no reason to panic. By taking simple steps to stay safe on your end, you can drastically reduce your chances of becoming a victim of fraud.

The key is to be informed and vigilant. Know what the threats are, know how to spot a scam and keep a close watch on your financial statements, and you’ll be miles ahead of where the crooks would like you to be.

That’s why REGIONAL Federal Credit Union is bringing you this new website. We believe that education is key to achieving financial security and independence.

It’s not all doom and gloom, though. In fact, it is my aim to make this site as entertaining as possible (despite the admittedly bone-dry seriousness of this first post). I’ll be posting some Video Dispatches from the FPU very soon. Be sure to check those out. There’ll be enough weird props, strange pop culture references, silly music and bad acting for everyone, and you’ll learn something, too.

I’ll be learning, too. After all, there are new variations on these scams popping up all the time. It will be a chore to keep up, but I will do my best. In the meantime, questions, comments and suggestions are always welcome! Use the comment function below, or email me directly at cturpen@regionalfcu.org. Also be sure to follow the FPU on Twitter (@fraudprevunit). I’ll be posting tips and updates there as well.

And always remember: stay vigilant.