All posts by FPU

New Identity Theft Laws in Indiana

The video is available here.

It looks like Indiana has been taking some proactive steps in the fight against identity crime, including stiffer penalties for violations (including child identity theft and businesses who don’t properly dispose of sensitive information).

It’s good that they’re trying to make it easier to block access to credit if your identity is stolen, but don’t be misled: identity theft still a major hassle to go through.

They also don’t mention anything about whether or not the system would help in cases of medical or other types of identity theft. Since it’s mostly dealing with credit, I’m guessing not. Still, these new laws are a giant step in the right direction.

Gone Vishin’

It’s 9:30 at night when the phone rings.

The Caller ID displays “Card Services” and a toll-free number.

You pick up the phone, and an automated voice informs you that “your card has been compromised.” It gives you a phone number to call to take care of the issue. The phone number is the same number on the Caller ID display.

Now…what should you do?

If you answered, “hang up and ignore the call,” you’re right.

Currently, there is a move towards integrating older technologies with the Internet. Eventually, I believe these technologies will be fully integrated; your television signal, Internet connection and telephone service will all be traveling along the exact same lines as part of the same service. These different technologies will also become more “seamless” over time—there will be less of a distinct divide between how you use your TV and your computer, and between the content you will receive from both. Okay, you’ll probably still use your phone to call Mom, but the signal will be digital, and it will be traveling through the Internet.

However, there is a downside, at least for the time being: vishing. Using Internet telephone services (Voice over Internet Protocol, or VoIP), criminals are able to spoof Caller ID information, to make a phone call appear to be from a trusted entity such as a financial institution or credit card issuer.

Let’s face it, you’re more likely to believe a call from “Card Services” than you are a “Blocked Call” or “Unknown Caller.” And that’s the basis of how Vishing works.

What happens if you call the number as instructed? You will be instructed to enter your credit or debit card number, expiration date, PIN and other security information. This is pretty much everything a crook needs to use your card for fraudulent purposes. They might also attempt to get your personal information, such as date of birth or Social Security number—basically, everything they would need to commit identity theft.

Phishing Alert: 07/06/09

Emails and text messages that claim to come from Allegius Credit Union are rampant in Northwest Indiana right now. In fact, several REGIONAL employees have received these over the past two weeks.

Of course, not everyone who gets one of these messages is a member of Allegius, in which case it’s easy to see through the phishing attempt, like a few years ago when I received a phishing message that claimed to be from a credit union in Hawaii. However, Allegius does have a lot of members, and that’s what the criminals are counting on.

For example, let’s say they sent 100,000 emails, and 5,000 of those people are members. If only 1% of those people fall for it, they’ve got 50 account numbers, PINs, and probably some other information as well. That’s more than enough to do some serious damage and drain a lot of money from victim’s accounts.

I’m pasting the text of these email messages below. I don’t have an example of the text message version of this scam, but it essentially said the same thing: “your account has been suspended, please go to this site and log in.”

Your financial institution will never contact you in this way regarding account security. If you receive such messages, delete them immediately. Never click a link inside an email message of this nature, as it will take you to a website designed to appear legitimate, but set up for the sole purpose of stealing your information.

Example #1:

Subject: You have 1 new ALERT message

You have 1 new ALERT message
Please login into your Allegius Credit Union
account !
To Login, please click the link below:

Click Here

Copyright © 1998-2009 Allegius Credit Union All Rights Reserved.

Example #2:

Subject: Important Security Information

Dear Member,

Your It’s Me 247 Online Banking account has been locked temporarily due to many unsuccessful login attempts.

You are kindly advised to Login to It’s Me 247 Online Banking and follow the instructions on your screen.

The data submitted will be transmitted over an SSL encrypted connection (128 bit Secure Socket Layer).

The line about SSL encryption in the second message is a cute touch. Yet another attempt to make the message seem realistic. You might also think the phrase “You are kindly advised” seems a little off. It doesn’t seem like a phrase a financial institution would use, does it? It has a weird, “translated” aroma to it. Since a lot of these scams originate overseas, that’s probably not far from the truth.

Mystery Shopper Scam Variations

Lately I’ve been getting a ton of emails with offers for…you guessed it: mystery shopper jobs.

Naturally, I know these are a scam, but I did open one of them (afterrunning a quick virus scan on it, just to be sure!). They are from a company called WA Surveys, allegedly based in Seattle. Run a Google search on that phrase and you’ll get all kinds of results confirming that it is indeed a scam. Better yet, Google “WA Surveys” and the word “scam.” This company has quite a colorful history.

I couldn’t help but notice the “from” line in these email messages, though; they were all apparently coming from…me. My email address was in both the “from” and “to” fields.

Odd, you might think, and you’d be correct. It’s also an excellent clue that you shouldn’t trust anything about that message. If they’re already trying to spoof the sending address, you know they’re up to something.

Of course, sometimes you’ll get messages  that appear to be from people who are in your address book. I’ve had a couple of these same messages appear to be coming from other people right here at REGIONAL. I don’t know how the senders are able to do this (is it a hack, or are they just skimming email addresses from the Internet?), but it should still raise red flags—why would your supervisor be sending you a message about mystery shopper jobs?

If you’re truly unsure, contact the person directly and ask them. However, the text of the message should give you all the clues you need. In this case, it said “mystery shopper,” promised a lot of money, asked for personal information outright, and came from WA Surveys, signed by a Michael McDowell or Michael Friedman (both are aliases used by the same person).

Then again, if it turns out your supervisor actually is suggesting a new line of work for you, it might be time to start looking for a new job on your own. Just don’t fall for one of these bogus offers.

Video Dispatch: Mystery Shopper Scams

Why not get things started with the first Video Dispatch?

The topic this time is the offers for “mystery shopper” jobs you sometimes see on the Internet, in the newspaper or taped to telephone poles. A huge percentage of those offers are scams. There’s some more information on the topic available in the Fact Sheets section.

Incidentally, the theme song is a synthesized little number I wrote (using some very old Cakewalk software) called “Funk Prevention Unit.” Anytime you hear music in a Video Dispatch, that’s me; mostly because I’m not willing to go through the hassle of licensing other people’s music.

Also, we are looking into hosting videos through other avenues than YouTube. For now, though, I have to throw in the following disclaimer:

Note: Videos hosted on YouTube contain links to other video content, which will play on the current page if clicked. REGIONAL Federal Credit Union is in no way affiliated with or responsible for this content and has no control over videos or advertisements that may be linked from our video content.

Stay Vigilant

Nobody is ever 100% safe from fraud, scams or identity theft. Even if you’ve done everything possible to prevent becoming a victim, it can still happen.

Take, for example, the data breach at Heartland Payment Systems a few months ago. Through no fault of their own, thousands of people experienced unauthorized use of their credit or debit cards. It wasn’t that they fell for a phishing email or a fake phone call. They simply made a purchase or two at a store or restaurant that used Heartland as their card processor.

However, there is no reason to panic. By taking simple steps to stay safe on your end, you can drastically reduce your chances of becoming a victim of fraud.

The key is to be informed and vigilant. Know what the threats are, know how to spot a scam and keep a close watch on your financial statements, and you’ll be miles ahead of where the crooks would like you to be.

That’s why REGIONAL Federal Credit Union is bringing you this new website. We believe that education is key to achieving financial security and independence.

It’s not all doom and gloom, though. In fact, it is my aim to make this site as entertaining as possible (despite the admittedly bone-dry seriousness of this first post). I’ll be posting some Video Dispatches from the FPU very soon. Be sure to check those out. There’ll be enough weird props, strange pop culture references, silly music and bad acting for everyone, and you’ll learn something, too.

I’ll be learning, too. After all, there are new variations on these scams popping up all the time. It will be a chore to keep up, but I will do my best. In the meantime, questions, comments and suggestions are always welcome! Use the comment function below, or email me directly at cturpen@regionalfcu.org. Also be sure to follow the FPU on Twitter (@fraudprevunit). I’ll be posting tips and updates there as well.

And always remember: stay vigilant.