Yahoo Data Breach Scam
This was originally posted by knowbe4.com on October 1, 2019
Scam of the Week: Yahoo Data Breach Settlement Phishing Attacks
From 2012 through 2016, several hackers got into Yahoo email systems and stole billions of personal records. Recently, there’s been news of Yahoo reaching a settlement on the class action lawsuit created for these events. Yahoo must offer two years of free credit-monitoring services or $100 to anyone who had an account stolen during the hacks.
Watch out! The bad guys are taking advantage of this situation by tricking you into filing a Yahoo claim to get your $100 payment. They’re sending phishing emails that look like they come from Yahoo. When you click on their phishing links, you wind up on a website that appears to be for Yahoo’s class action lawsuit. Don’t fall for it! The website will steal your personal information instead.
If your Yahoo account was compromised and you want to claim your rights to this settlement, be certain you’re using an official resource. To submit your claim, visit https://yahoodatabreachsettlement.com.
Stop, Look, and Think. Don’t be fooled.
The KnowBe4 Security Team
Amazon Phishing Scam in Progress
as published 09/24/2019 by KnowBe4.com
Scam of the Week: Amazon Phishing Scam in Progress
The bad guys are targeting Amazon customers and tricking them into giving up their account login details, personal information, and even their financial information. They’re sending phishing emails that tell you to update your account information within twenty-four hours or your account will be permanently disabled. Don’t fall for this warning! Cybercriminals are counting on your impulsive reaction.
Once you click the “Update Now” button in the phishing email, you’re taken to a realistic-looking Amazon login page. After you’ve entered your credentials, another form is displayed for you to “update” your name, phone number, date of birth, and address. Then, you have to provide your credit card and bank account details.
After you’ve given up all of this sensitive data, the phishing site tells you your account has been recovered and that you’ll be logged out automatically. You’re then redirected to the real Amazon website without having any idea of what actually happened.
Always remember: If you receive a suspicious email from an online service that you use, log in to your account through your browser (not through links in the email) to check the validity of the information presented. Also, be careful with emails that are seemingly urgent. The bad guys often use a ‘sense of urgency’ to pressure you into clicking as an impulsive response.
Stop, Look, and Think. Don’t be fooled.
The KnowBe4 Security Team
Beware of Calendar Scams
presented by knowbe4.com 9-10-2019
Alert Your Users About Calendar Scams and What to Do About Them
We’ve noted this particular scam before, but it’s continued to make a pest of itself, and so we bring it to your attention again. Scammers are abusing Google Calendar invites to send out unsolicited, spammy events, according to Rob Verger at Popular Science.
Attackers only need your Gmail address to send you an invite, and the event will be placed in your calendar by default. Verger notes that the spam itself is nothing new; the scammers are simply using a previously obscure technique to place it in front of you.
“While the location of the spam feels new, the behavior isn’t,” he writes. “Bad actors have a long history of exploiting any avenue they can, from sending suspicious messages to your email address, to spammy notes sent via iMessage, to robocalls.”
You can block this behavior by going to your Google Calendar settings, then making your way to Event settings and switching “Automatically add invitations” to “No, only show invitations to which I have responded.” Next, locate the “Events from Gmail” option, and uncheck “Automatically add events from Gmail to my calendar.” Verger says to keep in mind that these changes will turn off legitimate automatic invites as well.
Windows 7 End of Life (updated 2019-07-18)
On January 2020 Windows 7 goes end of life.
That means that Microsoft will quit fixing security holes and vulnerabilities in Windows 7.
Windows 7 PCs won’t stop working. But hackers go crazy for this. Because any new way that is found to hack into these PCs won’t ever be fixed. They share this info with each other.
They then start to collect your usernames and passwords, debit and credit card numbers, and any other personal information they can.
They also love to get on PCs used to file tax returns, so they can file a false tax return and steal your refund.
Here at the credit union we will have all Windows 7 systems upgraded or replaced by that date.
I am passing this info along so that if you use a Windows 7 PC at home, you can start to think about what you are going to do.
Your options are:
- Take your PC to someone that works on them and discuss upgrading to Windows 8 or 10
- Take your PC to someone that works on them and replace Windows with a free operating system like Linux Ubuntu or Mint
- Take advantage of PC sales year and replace your PC
- Keep using your Windows 7 PC and risk identity theft and fraud.
Attorney General Hill Warns of Tech Support Scams Aimed at Hoosiers Using Personal Computers
INDIANAPOLIS – Attorney General Curtis Hill is warning Hoosiers to beware of deceptive pop-up alerts on their computers claiming that their devices are infected with viruses and could be vulnerable to hackers.
Individuals are being targeted through pop-up messages designed to resemble security alerts from legitimate computer manufacturers or other technology companies. The pop-up alerts claim that a computer user’s device has been infected and requires immediate attention or else the hard drive will be deleted. In reality, the user’s device typically has not been infected with a virus. (more…)
When Storms Roll Through, So Do Scammers
Seasonal storms are hitting Indiana hard. Many communities have experienced flooding, severe thunderstorms and even tornadoes in recent days, likely causing damage to homes and property.
When storms roll through, scammers are not far behind. If your home or property has been damaged, beware of bogus home improvement contractors who may be looking to prey on your situation and swindle you into paying for shoddy, overpriced or unneeded work.
Door-to-door home repair scammers victimize people by using fear tactics and urging immediate action so that the customer doesn’t have time to fully vet the contract or company. They may tell you they are offering repairs for a discounted price only today or that they have worked on several of your neighbor’s homes. They may convince you to hire them, take off with your money and never complete the repair.
Home repair scams are one of the most common scams reported to the Attorney General’s Office. In 2014, the Attorney General’s Office received more than 800 home improvement-related complaints and has received 390 complaints in 2015 thus far.
The Indiana Attorney General’s Office encourages people to follow the below tips to avoid getting scammed by a home improvement contractor:
- Take your time. Don’t let the contractor rush your decision.
- Do your research. Know how much you can afford and what you want done.
- Get multiple price quotes from different contractors.
- Check with the Better Business Bureau and the Attorney General’s Office to see if complaints have been filed against the contractor.
- Check to make sure the contractor is locally licensed, bonded and insured. A performance bond provides the most direct protection for the consumer.
- Opt for the local, well-established contractor rather than the door-to-door â€˜storm chaser.’
- Get a contract in writing that details what work is to be done and when it will be finished.
- If the contractor came to your door unsolicited, ensure you receive a notice from the contractor of your ability to cancel the contract within three days for a full refund before signing any contract.
- Never pay for the entire project before the work begins. Do not pay more than a third of the total cost as a down payment.
For more tips, click here.
If you believe you have been scammed by a home contractor, you can file a complaint with the Attorney General’s Office at www.IndianaConsumer.com or by calling 1-800-382-5516.
Charitable Giving Not Immune to Scammers
Following the devastating and deadly earthquake in Nepal, many people and organizations have stepped up to help victims by donating both time and money. This response is tremendous, however it’s important to remember that even charitable giving is not immune to scammers. Criminals often prey on emotions in attempt to scam people out of their money. This is frequently seen during large natural disasters that capture national or global attention, like the situation in Nepal, prompting many people to donate. You may see email solicitations and pop up ads, or receive a phone call from a solicitor, asking for donations to Nepal. Be very wary of this type of unprompted contact, which may not only be fraudulent but a phishing scam or virus. If you are planning on donating to a charity in support of Nepal, make sure to do your research so that you know your contribution will be well spent. Although most charitable organizations use donations wisely, some scammers are out to take advantage of consumers’ hearts and wallets. Protect yourself by finding out if the charity is legitimate and contacting the organization first. Several independent organizations collect financial information on charities, especially those that conduct nationwide solicitation campaigns. Before donating, consider contacting one of the organizations listed on the Attorney General’s website. You can also follow the below guidelines for safe charitable giving:
- Ask the caller for written information on the charitable organization, including the charity’s name, address, telephone number, mission and details on how your donation will be used;
- Watch out for charities with similar sounding names. Some unscrupulous charities use names that are very similar to those of respected organizations to scam consumers;
- Do not click on pop-up solicitations or reply to emails asking for donations. These are likely phishing scams;
- Be suspicious if a caller or invoice thanks you for making a pledge that you didn’t make. If you have any doubt about whether you made a pledge, check your records;
- Under Indiana law, you have the right to cancel a pledge prior to making a contribution; and
- Always make contributions by credit card or check and payable to the charitable organization, not to the solicitor. Never wire money or use a pre-paid debit card to make a donation.
For more information, visit www.IndianaConsumer.com and click on “Charities and Donors.”
Please don’t include confidential information in your emails to us such as Account Number, Card Numbers, Social Security Numbers, User Names, or Passwords. Doing so may put you at risk for Identity Theft and Fraud. For more information about protecting your identity please visit our web site www.firsttrustcu.comand then click on the “Security Information and Member Alerts” link.
Common Tax Season Scams
The Internal Revenue Service (IRS) recently issued its annual “Dirty Dozen” list of tax scams, reminding taxpayers to use caution during tax season to avoid being affected by a scam. The listing includes a variety of common scams taxpayers can encounter any time during the year. The most common types are highlighted below.
Identity theft is at the top of the list. Identity theft occurs when someone uses your personal identifying information without your permission to commit fraud or other crimes. Most commonly, an identity thief uses a legitimate taxpayer’s identity to fraudulently file a tax return and claim a refund.
Phishing is another popular scam that is typically carried out with an unsolicited email or a fake website that looks legitimate to lure in potential victims and prompt them to enter personal and financial information. Once the information is obtained, a criminal can commit identity theft or other financial crimes.
Phone scams have also been increasing across the country.
- IRS Refund Scam – Callers pretend to be from the IRS in hopes of stealing money or identities from victims. The most common phone scam is one in which the caller says the victim owes money or is entitled to a large refund. After threatening victims with jail time or a driver’s license revocation, scammers hang up and a different scammer will usually call back and pretend to be from a police department or Bureau of Motor Vehicles.
- IT Support Scam – Scammers have also been known to call victims pretending to be IT support and offering to fix the “infected” computer for a fee.
- Credit Card Activation/Deactivation Scam – The caller will claim that there is a problem with your card and ask for information from the card to correct the issue. They will typically ask for the card number, PIN number, CVV, and the expiration date.
Cyber Security has received reports of USS employees receiving these types of scams to their work email addresses and company phone numbers. Never give anyone any information over the phone. If you can, write down the number they are calling from, but don’t argue or engage the caller in any way. We would like to remind you that if you experience any of these situations and think that it is a scam, please contact us firstname.lastname@example.org or call the GSD at steelcom 8-723-1574 or 1-800-552-2730.
RISK Alert – Phishing for Member Information – Automated Call and Text Scam
There has been an increase in reports from banks and credit unions around the U.S. whose customers are receiving automated calls and text messages asking them to enter personal information over the phone. Known as “phishing”, these calls are a fraudulent attempt to steal member’s debit and credit card information. Members should immediately hang up and disregard these calls and text messages.
Scam Alert to Credit Union Members – Scammers use missing Malaysia Airlines plane news as online bait
CSO Magazine * provides news, analysis and research on a broad range of security and risk management topics and recently reported a scam taking place using the missing Malaysia Airlines plane. The following article was published by CSO on March 19, 2014:
“CSO is warning people searching for news about the missing Malaysia Airlines plane to steer clear of a fake Facebook page which is designed to generate money for scammers.
According to a blog by Websense, senior manager Carl Leonard, the fake Facebook page has a share button, blue and white graphics and looks legitimate. However, if a consumer clicks on the site, they are presented with a link which claims to present a Yahoo! news article.
The user is then encouraged to share the news article. If the person is logged into Facebook, the fake link is shared with all their friends, warned Leonard. People are than presented with a link containing a YouTube video which is rated R18+.
“To verify your age, you have to complete a short test below,” reads the message. People are encouraged to take part in the test with claims of thousands of dollars or vouchers if they do. However, this is a lure designed to generate money for the scammers as part of what Leonard referred to as a Cost Per Action (CPA) scam. CPA is an online advertising price model where the advertiser pays for clicks or impressions.”**
*CSO’s areas of focus include information security, physical security, business continuity, identity and access management, loss prevention and more. CSO magazine and CSOonline.com are published by CXO Media Inc., which is an IDG (International Data Group) company.
** Barwick, Hamish. “Scammers use missing Malaysia Airlines plane news as online bait.” CSO Security and Risk. 19 March 2014. CSOonline.com.
Identity Theft Info from usa.gov
Identity (ID) theft happens when someone steals your personal information to commit fraud.
The identity thief may use your information to fraudulently apply for credit, file taxes, or get medical services. These acts can damage your credit status, and cost you time and money to restore your good name.
You may not know that you’re the victim of ID theft immediately. You could be a victim if you receive:
- Bills for items you didn’t buy
- Debt collection calls for accounts you didn’t open
- Denials for loan applications
Children and seniors are both vulnerable to ID theft. Child ID theft may go undetected for many years. Victims may not know until they’re adults, applying for their own loans. Seniors are vulnerable because they share their personal information often with doctors and caregivers. The number of people and offices that access their information put them at risk.
Types of ID Theft
There are several common types of identity theft that can affect you:
- Tax ID theft – Someone uses your Social Security number to falsely file tax returns with the IRS or your state
- Medical ID theft – Someone steals your Medicare ID or health insurance member number. Thieves use this information to get medical services or send fake bills to your health insurer.
- Social ID theft – Someone uses your name and photos to create a fake account on social media
Take steps to avoid being a victim of identity theft. Secure your internet connections, use security features, and review bills. Read more about how you can prevent identity theft.
Prevent Identity Theft
Keep these tips in mind to protect yourself from identity theft:
- Secure your Social Security number (SSN). Don’t carry your Social Security card in your wallet. Only give out your SSN when necessary.
- Don’t share personal information (birthdate, Social Security number, or bank account number) because someone asks for it.
- Collect mail every day. Place a hold on your mail when you are away from home for several days.
- Pay attention to your billing cycles ? Billing Cycle: the number of days between statements on a regularly recurring bill. . If bills or financial statements are late, contact the sender.
- Use the security features Security Feature: an app or setting on a wireless device that can help protect the device and the information on it from threats and vulnerabilities. on your mobile phone.
- Update sharing and firewall settings Firewall: security monitoring software that analyzes and blocks or allows information traveling between the internet and your computer based on a defined set of security rules. when you’re on a public wi-fi network Public WiFi Network: (WiFi hotspot) a network that anyone can use to connect to the internet or other networks. . Use a virtual private network (VPN) Virtual Private Network (VPN): a private network that connects your computer or mobile device to the internet and encrypts (codes) your information to protect your internet activity from monitoring or spying. , if you use public wi-fi.
- Review your credit card and bank account statements. Compare receipts with account statements. Watch for unauthorized transactions.
- Shred receipts, credit offers, account statements, and expired credit cards. This can prevent “dumpster divers” from getting your personal information.
- Store personal information in a safe place.
- Install firewalls and virus-detection software Virus Detection Software: (antivirus software) a computer program used to prevent, detect, and remove malicious programs that have been placed on your computer to spy on you or to do damage to your computer. on your home computer.
- Create complex passwords that identity thieves cannot guess. Change your passwords if a company that you do business with has a breach of its databases
- Review your credit reports Credit Report: a report that shows your bill payment history, current debt, and other financial information. once a year. Be certain that they don’t include accounts that you have not opened. You can order it for free from Annualcreditreport.com.
- Freeze your credit files with Equifax, Experian, Innovis, TransUnion, and the National Consumer Telecommunications and Utilities Exchange for free. Credit freezes prevent someone from applying for and getting approval for a credit account or utility services in your name.
Report Identity Theft
If you report identity theft online, you will receive an identity theft report and a recovery plan. Create an account on the website to update your recovery plan, track your progress, and receive prefilled form letters to send to creditors. If you don’t create an account, you won’t be able to access the report or letters later. Download the FTC’s publication (PDF, Download Adobe Reader) for detailed tips, checklists, and sample letters.
If you report identity theft by phone, the FTC will collect the details of your situation. But it won’t give you an ID theft report or recovery plan.
You may also choose to report your identity theft to your local police station. It could be necessary if:
- You know the identity thief
- The thief used your name in an interaction with the police
- A creditor or another company requires you to provide a police report.
Report Specific Types of Identity Theft
You may also report specific types of identity theft to other federal agencies.
- Medical Identity Theft – Contact Medicare’s fraud office, if you have Medicare.
- Tax Identity Theft – Report tax ID theft to the Internal Revenue Service.
Report Identity Theft to Other Organizations
You can also report the theft to other organizations, such as:
- Credit Reporting Agencies – Contact one of the three major credit reporting agencies to place fraud alerts or freezes on your accounts. Also get copies of your credit reports, to be sure that no one has already tried to get unauthorized credit accounts with your personal information. Confirm that the credit reporting agency will alert the other two credit reporting agencies.
- National Long-Term Care Ombudsman Resource Center – Report cases of identity theft that resulted from a stay in a nursing home or long-term care facility.
- Financial Institutions – Contact the fraud department at your bank, credit card issuers and any other places where you have accounts.
- Retailers and Other Companies – Report the crime to companies where the identity thief opened credit accounts or even applied for jobs.
- State Consumer Protection Offices or Attorney General – Some states offer resources to help you contact creditors and dispute errors.
Protect Yourself From Identity Thieves
We all take precautions to protect our home and car, locking doors and windows to keep thieves away. But another kind of thief can be even more dangerous. Identity thieves steal other people’s information and use it to buy whatever they want. Even if the thief is caught, it can take years to sort out the theft. In the meantime, you may have difficulty obtaining credit.
HOW TO AVOID HAVING YOUR IDENTITY OR PERSONAL FINANCIAL INFORMATION STOLEN
- Be suspicious of any emails or phone calls with urgent requests for personal information.
- NEVER give out financial information such as checking and credit card numbers, or your Social Security number, unless you know the person or organization you’re talking to.
- Notify your credit union of suspicious phone inquiries such as those asking for account information “to verify a statement” or “award a prize”.
- Don’t use the links in an email that you don’t recognize to get to any web page and do not reply to the email.
- Always ensure that you are using a secure Website when submitting credit card information or other sensitive information via your Web browser.
- Report lost or stolen checks immediately. Always review new deliveries of checks to make sure none were stolen in transit.
- Closely guard your Personal Identification Numbers for your credit and debit cards and online banking access. Check your monthly statements to verify all transactions.
- Notify your credit union, bank, or credit card issuer immediately if you discover any erroneous or suspicious transactions on your statements.
How Criminals are Getting Your Debit Card Data in 2015
Criminals are more organized and sophisticated than ever before. Attacks on ATMs and POS terminals can range from the rudimentary to the highly organized, involving thousands of fraudulent cards and criminal enterprises that span the globe. So how do the criminals get your debit card data? Here are 8 different ways.
- Data Breaches – According to the United States Secret Service, 1000 U.S. businesses have been affected by Malware. Capable hackers are able to crack the security on merchants and other card data holders, and access large volumes of card data. With the heightened awareness of cybercrime, the industry has made strides in using more secure techniques for storing data (or in many cases, ensuring that they don’t store it). This has made it harder for criminals, but there are still many opportunities for attacks.
- Buying the Data – With so many means of attack, there is a glut of card information for sale on underground carding websites. Lazy criminals can simply buy card data starting at $2 or less. Quality costs extra, but in the underground marketplace there are products for everyone.
- Internal Skimming Devices – More capable criminals could place a skimming device inside a terminal that intercepts messages on data lines.
- Separate Skimming Devices – In just a few seconds, a criminal can swipe a card through a reader and get its data.
- Overlaid Skimming Devices – In this case, the criminal places a card reader over the machine’s intrinsic reader. They might also attach a video camera or a pin-pad overlay to capture the PIN.
- Hijacked Terminals – A terminal can be hijacked by replacing the operating system with a compromised one. An avenue of attack might be available for those ATMs with remote control capabilities that are left in the default (and insecure) settings.
- Steal Cards – The simplest way for a criminal to get card data is to steal someone’s card. To get the PIN, the thief might shoulder surf or guess a weak password, such as a birthdate.
- Steal Machines – A criminal might decide to steal either an ATM or POS terminal. Cash can be pulled from the ATMs, but both types of machines could store card numbers if misconfigured. A stolen machine is also valuable in order to learn about weaknesses or ways to physically attack it.
If you feel you have been a victim of fraud, contact your local First Trust Credit Union Branch immediately. We can help!
Identity Theft – More Than A Financial Problem
Identity theft is defined as the process of using someone else’s personal information for your own personal gain. ID theft can happen to anyone and it can come in all shapes and sizes. According to the Federal Trade Commission (FTC), there are more than 30 types of identity theft affecting millions of Americans each year. Your credit card digits could be stolen and used to make online purchases; a thief could impersonate you to open up a loan in your name; a felon could commit a crime and pretend to be you when caught; or someone could use your personal information to apply for a job.
Simply by being a member of First Trust Credit Union and having a FTCU checking account, you have the option to take advantage of our Identity Theft Protection. Through our partnership with Merchants Information Solutions, Inc., if you or a family member suspects any type of identity theft, please contact us immediately at 800-276-6161. We will connect you with a Merchants Information Solutions certified identity recovery advocate. They will then place fraud alerts at the three major credit bureaus for you; help you access services to watch for signs of identity theft; access your credit reports and conduct a threat assessment to determine if any identity theft has occurred.
*Services extend to all named accountholders, their spouse or domestic partner, dependants up to age 25 with the same permanent residence address as the accountholder, including students, military and parents of the accountholder living at the same address as the accountholder, or living in hospice, assisted living, nursing home, or deceased for 12 months or less. Monthly fee applies. Ask a Member Service Representative for details.
If you are the victim of identity theft, your advocate will work on your behalf to restore your identity and make sure you stay recovered – no matter how long it takes. For details, please contact us at 800-276-6161 or visit us at any of our branches in Michigan City, La Porte, Valparaiso, or Wheatfield.
On Guard Online
OnGuard Online provides practical tips from the federal government and the technology community to help you guard against internet fraud, secure your computers and protect your privacy. On Guard Online Stop.Think.Click.
Corporate Account Takeover
If you are a business owner that utilizes online banking, please be aware that many businesses across the country have suffered large financial losses from electronic crimes through the banking system. All sizes of businesses and financial institutions have been impacted. Please click on this link to learn more – Corporate Account Takeover (CATO)
IRS Warns Taxpayers to Guard Against New Tricks by Scam Artists; Losses Top $20 Million
WASHINGTON – Following the emergence of new variations of widespread tax scams, the Internal Revenue Service today issued another warning to taxpayers to remain on high alert and protect themselves against the ever-evolving array of deceitful tactics scammers use to trick people.
These schemes – which can occur over the phone, in e-mails or through letters with authentic looking letterhead – try to trick taxpayers into providing personal financial information or scare people into making a false tax payment that ends up with the criminal.
The Treasury Inspector General for Tax Administration (TIGTA) has received reports of roughly 600,000 contacts since October 2013. TIGTA is also aware of more than 4,000 victims who have collectively reported over $20 million in financial losses as a result of tax scams.
“We continue to see these aggressive tax scams across the country,” IRS Commissioner John Koskinen said. “Scam artists specialize in being deceptive and fooling people. The IRS urges taxpayers to be extra cautious and think twice before answering suspicious phone calls, emails or letters.”
Scammers posing as IRS agents first targeted those they viewed as most vulnerable, such as older Americans, newly arrived immigrants and those whose first language is not English. These criminals have expanded their net and are now targeting virtually anyone.
In a new variation, scammers alter what appears on your telephone caller ID to make it seem like they are with the IRS or another agency such as the Department of Motor Vehicles. They use fake names, titles and badge numbers. They use online resources to get your name, address and other details about your life to make the call sound official. They even go as far as copying official IRS letterhead for use in email or regular mail.
Brazen scammers will even provide their victims with directions to the nearest bank or business where the victim can obtain a means of payment such as a debit card. And in another new variation of these scams, con artists may then provide an actual IRS address where the victim can mail a receipt for the payment – all in an attempt to make the scheme look official.
The most common theme with these tricks seems to be fear. Scammers try to scare people into reacting immediately without taking a moment to think through what is actually happening.
These scam artists often angrily threaten police arrest, deportation, license revocation or other similarly unpleasant things. They may also leave “urgent” callback requests, sometimes through “robo-calls,” via phone or email. The emails will often contain a fake IRS document with a telephone number or email address for your reply.
It is important to remember the official IRS website is IRS.gov. Taxpayers are urged not to be confused or misled by sites claiming to be the IRS but ending in .com, .net, .org or other designations instead of .gov. Taxpayers should never provide personal information, financial or otherwise, to suspicious websites or strangers calling out of the blue.
Below are five things scammers often do that the real IRS would never do:
The IRS will never:
- Angrily demand immediate payment over the phone, nor will the agency call about taxes owed without first having mailed you a bill.
- Threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.
- Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
- Require you to use a specific payment method for your taxes, such as a prepaid debit card.
- Ask for credit or debit card numbers over the phone.
Here’s what you should do if you think you’re the target of an IRS impersonation scam:
- If you actually do owe taxes, call the IRS at 1-800-829-1040. IRS workers can help you with a payment issue.
- If you know you don’t owe taxes or do not immediately believe that you do, you can report the incident to the Treasury Inspector General for Tax Administration (TIGTA) at 1-800-366-4484.
- If you’ve been targeted by any scam, be sure to contact the Federal Trade Commission and use their
Credit Reporting 101
When was the last time you checked your credit report for accuracy? How do you obtain your credit score? What does your credit report mean to those who lend you money and credit? Not only does your credit report affect your financial life, but it can also affect your career, education, and the interest rates that lenders offer you. Your credit report should make you look as financially attractive as possible. By periodically reviewing your credit report, you can see your payment history, understand how your credit is rated, prevent errors from going undetected, and save delay when you need an accurate credit report the most.
Download the full brochure to learn more! (INFORMATION CONTAINED IN A BROCHURE MAY CHANGE WITHOUT NOTICE. CONTACT US TO OBTAIN THE MOST RECENT VERSION)
Consumer fraud…by phone or mail!
When phone calls and postcards are bringing you marvelous offers to buy…
- “Shares” or “interests” in foreign lotteries
- Low-cost vacations
- Magazine subscriptions
- Office supplies or promotional items
- Club memberships
- Sure-fire investments
Do they say…
“You’ve just won a contest, and if you pay ‘shipping and handling’ or a ‘small gift tax,’ it’s all yours”?
Do they want…
Your credit card number?
If so, you may be the victim of a boiler room fraud.
Direct marketing vs. boiler room fraud
Direct marketing is the sale of goods and services by direct contact with the consumer, by phone or mail. Boiler room fraud is the use of the phone or the mail by unethical companies that only want to take your money. It is a growing problem for both individuals and businesses, costing consumers billions of dollars a year. The best way to protect yourself is to learn to recognize a fraudulent offer.
What are boiler room companies?
- Their calls are usually from firms located out of state. The firms work out of large rooms with rows of phones, staffed by solicitors trained to repeat a deceptive sales pitch.
- Sometimes they send you an enticing or officiallooking letter or postcard in the mail urging you to call them.
- Often “900” numbers are used, so you’ll be billed just for calling them, even if you decide not to purchase anything.
What do the salespeople say?
- “You’ve been specially selected to hear this offer.”
- “You’ll get a wonderful free bonus if you buy our product.”
- “You’ve won a valuable free prize.”
- “You’ve won big money in a foreign lottery.”
- “This investment is low-risk and provides a higher return than you can get anywhere else.”
- “You have to make up your mind right away.”
- “You can put the shipping and handling charges on your credit card.”
Callers may use well-rehearsed sales pitches designed to sound believable. You may be transferred from person to person, so it sounds like a genuine business setting. A “vice president” may even call you back to try to convince you to buy. Beware of high-pressure pitches that require immediate decisions! Legitimate firms will always give you time to think an offer over.
What if you fall for the boiler room sales pitch?
If you are a victim of a boiler room fraud, you may find: You never receive any “winnings” from the foreign lottery you entered.
- The merchandise you bought is overpriced and of poor quality.
- The “free gift” never arrives, or it’s worth just a fraction of the “shipping and handling” or “gift tax” you paid.
- The investment turns out to be nonexistent or a loser.
- The donation you thought was going to charity goes instead into the fundraiser’s pocket.
- Unauthorized charges start appearing on your credit card bills.
- Con artists call and offer to help you get your money back- for a fee, of course.
How can you protect yourself?
- Hang up!
- Take your time – don’t rush into accepting an offer.
- Don’t buy something merely because you’ll get a “free gift.”
- Get all information in writing before you agree to buy.
- Check out the caller’s record with your state’s Attorney General’s office and the Better Business Bureau.
- Don’t give your credit card or checking account number to anyone who calls on the phone or sends you a postcard.
- Check out a charity before you give them any money. Ask the charity how much of your donation actually goes to the needy party.
- Be extremely cautious about investing with an unknown caller who insists you make up your mind immediately.
- If the investment is a security, check with state officials to see if it is properly registered. If large amounts of money are involved, check with your legal or financial advisor.
- Don’t send money by messenger or overnight mail If you use money rather than a credit card in the transaction, you may lose your right to dispute fraudulent charges.
- Hang up the phone rather than allow yourself to be pressured to buy.
- Make sure you know the per-minute charge for any “900” call you make.
- If it sounds too good to be true, it probably is.
- Do I have adequate time to think this over, or am I being pressured for a decision right now?
- Will they send me additional information through the mail, putting their statements and promises in writing, or do they refuse to do so?
- Are they insisting on my credit card or checking account number right now?
- Why do they want to send a private courier tonight for my check?
- Is the free gift or prize they’re promising really free, or do I have to pay a registration fee or shipping and handling charge before receiving anything?
If the answer to any of these questions is yes – BEWARE!
Take time to consider the offer, get additional information and advice, and resist the “take it or leave it” high-pressure tactics so often used in boiler room pitches.
For more information about the firm and the offer you are considering, contact any of the following groups, preferably in the city or state where the firm is located:
- State Consumer Protection Agencies
- Better Business Bureau
- State Attorney General
- Chamber of Commerce
- State Securities Regulator
- Federal Trade Commission
- Federal Bureau of Investigation
- U.S. Postal Inspection Service
If you think you are the victim of a boiler room fraud, save all documentation of the transaction, including postcards, canceled checks, phone bills, credit card statements, and even mailing envelopes. Make detailed notes of your telephone conversations by date and time and write down any important statements made by each person who spoke with you.
If any part of the transaction took place through the U.S. Mail, such as the receipt of promotional literature or a mailed payment, we urge you to contact your nearest Postal Inspector. The Inspection Service ensures the safety, security, and integrity of the U.S. Mail â€” key elements of the Postal Service’s Transformation Plan. If necessary, your local postmaster can provide the Inspector’s address, or you may write directly to:
Attn Mail Fraud
Criminal Investigati ons Service Center
222 S Riverside Plaza Ste 1250
Chicago IL 60606-6100
Or, you can report fraud online at:
REMEMBER To Monitor Your Credit Report Once A Year!
One of the best ways our members can prevent fraud is to monitor their credit report. Members can get copies of their own credit reports once a year completely free at www.annualcreditreport.com or by calling 1-877-322-8228.
CAUTION: www.freecreditreport.com advertises heavily, but is actually a PAY FOR service.
Additionally, Indiana’s Credit Freeze Law took effect on September 1, 2007. Residents of Indiana can put a freeze on their credit to prevent identity theft. The member has to make a written request mailed to each credit bureau.
Equifax Security Freeze
PO Box 105788
Atlanta, GA 30348
Experian Security Freeze
PO Box 9554
Allen, TX 75013
Trans Union Security Freeze
PO Box 6790
Fullerton, CA 92834-6790
The written request must contain the following information:
- Full name (and former names if applicable)
- Current Address and former address(s) if it has changed in the last 5 years
- Social Security Number
- Date of Birth
- Photocopy of driver’s license, state ID card, or other government issued id
- Proof of current residence such as a phone bill or utility bill
Within 5 days the credit bureau has to have the freeze on your social security number.
Within 10 days of receiving the freeze request, they will supply you with a PIN number and instructions for temporarily or permanently removing a freeze, in case you need to apply for a loan. The credit freeze service is completely free also.
There are government resources and materials to inform the public about identity theft, as well as resources for people who find they are the victim of identity theft at http://www.ftc.gov/bcp/edu/microsites/idtheft/
If you have questions, or need additional information, please feel free to contact your financial partners at First Trust Credit Union during regular business hours at 800-276-6161.
Personal Internet Branch
At First Trust we take security very seriously, employing state of the art measures on multiple levels to protect members who use our electronic services. We now offer an entire set of tools that you control, making yourself even more secure.
PIB, or Personal Internet Branch, is available to all members using our It’s Me 247 Online Banking. The best thing about PIB is that you turn on the features you want, and off the ones you don’t. You have the ability to lock down your account as you see fit.
New features you can utilize and control include:
- Create a username for logging in, instead of your account number
- Set days of the week and times of the day that your account is accessible or inaccessible
- Control the features available, like funds transfers, check requests, loan application, opening new account, viewing cancelled checks, on-line bill pay, and more
- Set maximum dollar amounts of funds transfers allowed
- Set a second password for funds transfers
PIB also comes with Geographic Controls. These allow you to make your account accessible only within the US, only within your state, only within your city, or even only accessible by your own home PC. (This feature is built using IP Lookup and DNS information, and may not work properly for all members, especially those using dial up Internet connections or those accessing their accounts from work or schools)
So look for the new button “Manage My Security” when you log into It’s Me 247 Online Banking.
The IN’s and OUT’s of STRONG Passwords
If you use a computer for anything, you know about passwords. Annoying at best and often frustrating, passwords have become part of our everyday life. The more you do, the more passwords you get.
Passwords serve a very important function. They are the first line of defense for the things we do. But a password is only good and only does its job if it is strong. The best way to define a strong password is to define a weak password. If any of these characteristics apply to your password(s), it is weak:
- Less than eight characters
- Is a word found in a dictionary (English or foreign)
- Common usage words like names of family, pets, friends, co-workers, celebrities, fictional characters, computer terms, web site names, companies, birthdays, phone numbers, etc.
- A pattern of words or numbers like aaabbb, qwerty, zyxwvuts, 123321
- Any of the above spelled backwards
- Any of the above preceded or followed by a number (ex secret1 or 1secret)
So what makes a password strong? It should have the following characteristics:
- Contain both upper and lower case characters (a-z, A-Z)
- Have digits and punctuation characters also (0-9, !, @, $, %, &, etc)
- Not any word in any language, slang, or jargon
- Not based on any personal information
So how do you make a password strong and still be able to remember it? One way is to base it on a song title, book title, or phrase. For example from the phrase “This May Be One Way to Remember” the password “TmB1w2R!” or “tMb1W>r~” could be made. The phrase “Jack and Jill went up the hill” could be the password j&JwuTh!
With so many passwords to remember, you may be tempted to write them down, or use the same password for everything, or avoid changing your password. Passwords should be changed at least every 90 days. And you should never:
- Write down your password
- Reveal a password over the phone to anyone
- Reveal a password in an email message
- Talk about your password in front of others
- Hint at the format you make your passwords to others
- Reveal passwords on security forms, questionnaires, or web sites
- Share passwords with family or co-workers
- Store your passwords in an unencrypted electronic format.
If you can’t remember your passwords store them in a strongly encrypted database. There are applications for PCs as well as mobile phones that will let you store your list of usernames and passwords using strong encryptions. But remember to use a strong password on those as well.
Stop into your local First Trust Credit Union Branch TODAY to pick up a copy of the following brochures:
- ID Safe Choice
- 10 Things YOU Can Do To Avoid Fraud
- Credit, ATM and Debit Cards; What to do if they’re lost or stolen
- Deter, Detect, Defend: HOW TO AVOID ID Theft
- Your Access To Free Credit Reports
Consumer Financial Protection Bureau
Learn more about how Consumer Financial Protection Bureau helps to educate consumeers, enforce financial laws and study consumer financial markets to help protect you.