Information on fake check scams and how to spot them – click here

SMiShing Attacks:
Posted: September 11, 2009

Reports of SMiShing attacks (also known as text phishing), have impacted cardholders of financial institutions located primarily in the eastern region of the U.S.

SmiShing is a type of social engineering that uses cell phone text messages to persuade victims to provide personal information such as card number, CVV2, and PINs. The text message may contain either a website address or more commonly, a phone number that connects to an automated voice response system, which then asks for personal information.
The following are examples of SMiShing messages recently sent to cardholders:

Text message originating from either notice@jpecu or message@cccu:
−
ABC CU- has- deactivated-your-Debit_card. To-reactivate-contact:210957XXXX
−
This is an automated message from ABC Bank. Your ATM card has been suspended. To reactivate call urgent at 1-866-215-XXXX

Text message originating from sms.alert@visa.com:
−
sms.alert@visa.com/VISA. (Card Blocked) Alert. For more information please call 1-877-269-XXXX.

Although we may ask for personal information to confirm identification such as the cardholder’s name, date of birth and/or last four digits of a social security number, we will never ask for CVV2 or a PIN.

Attorney General: Beware of Visa E-mail
Posted: April 9, 2009 11:33 AM EDT
Kansas Attorney General Steve Six is warning about a new e-mail scam that looks like its from credit-card company VISA. The e-mails claim to be from VISA and highlights the "verified by VISA" fraud-protection program.

The e-mail says all VISA customers will be required to enroll in the program or they won't be allowed to make on-line purchases. A form is attached asking for the customer’s credit card information. The e-mail is a scam.

The Attorney General says, while the "verified by VISA" program is legitimate, it is NOT a requirement for VISA card holders. Six also says that VISA will not contact customers by e-mail, or ask for any personal information by e-mail or phone.

If you have received a similar e-mail, you can contact the Attorney General's Consumer Protection Division at 1-800-432-2310.

Email Scams Likely to Rise This Year, Says IRS
SPAMfighter News - 11.19.2008
The Internal Revenue Service (IRS) has released a warning that the e-mail scams are expected to increase this year because of economic stimulus package.

Peggy Riley, IRS Spokesperson, New England, said that a new wave of e-mail scams has been noticed that informs recipients about economic stimulus package or a specific tax refund based on their eligibility, as reported by daily news tribune on October 31, 2008.

The e-mail also includes the IRS address and encourages recipients to follow the link provided in it for getting the money. The links take users to a page where recipients' personal information is sought, including credit card number and bank account details. The offer seems very lucrative and hard to resist, actually too good to be true.

Further, some customers of tax service providers got the e-mails pretending to have come from the IRS. These e-mails attract recipients by saying that they are entitled to get $600 as a part of the economic stimulus package, but the link given in them takes recipients to a fake Web page where information like account details and social security number are asked to transfer the refund. Though the site does not look like the IRS Website, these e-mails come from IRS reply-at e-mail, so they look legitimate.

The IRS said in a statement released in July 2008 that it received 700 identity theft e-mails from taxpayers during May and June 2008. By July 2008, the figure reached nearly 1,600.

Moreover, the Internet has made task of stealing identity details easier, letting scammers to target anyone by just sending an e-mail.
Previously, scammers rely on letters and phone to target their victims, particularly elder people.

In addition, the IRS made clear that it does not contact taxpayers by e-mail, and funds can only be obtained by submitting a tax refund form.

It has become very common that scammers are targeting taxpayers by sending fake e-mails using IRS name. In similar news, Arkansas Attorney General warned consumers in early October 2008 about the e-mail scam that used refunds as bait and had IRS name along with its logo to make it look more genuine."



Release Date: November 4, 2008
The Federal Reserve Board on Tuesday alerted the public to instances of questionable solicitations directed at consumers. These solicitations promise consumers access to personal loans through a nonexistent Federal Reserve lending program.

Under this fraudulent scheme, targeted individuals are told that that they can work through a broker to access a Federal Reserve program that extends sizable secured loans to consumers. Consumers are encouraged to deposit large sums of money into a bank account, under the guise of a security deposit, in order to receive the purported loan.

The Federal Reserve is advising consumers that it has no involvement in these solicitations and does not directly sponsor consumer lending programs. The matter has been referred to the appropriate authorities for action.

Consumers are strongly urged to verify the legitimacy of potential service providers before entering into a business transaction. Individuals seeking personal finance options are encouraged to do business only with reputable lenders and to shop around for the most favorable loan terms.

Consumers with questions about solicitations that they suspect may be fraudulent are encouraged to contact the Federal Reserve Board Consumer Help Center at http://www.federalreserveconsumerhelp.gov or by calling 1-888-851-1920.

Current Fraud Event 10-22-08:
Debit Cardholders have received computer-generated calls claiming to be from their financial institution.  The calls claim their accounts have been frozen and then direct the cardholder to call a toll-free number to leave their debit card information in order to reactivate any cards. The toll-free number includes a recorded message that asks the customer to key their account number, card expiration date, and PIN.

What Can You Do?

• Make sure you [i.e. cardholder] initiate the contact, and the institution verifies your identity with questions only you would know.
• To verify whether a call is legitimate, call your bank or visit its website, using phone numbers or internet addresses from your bank statement or account documentation. Do not call back a  number provided over the phone or click on a link in an email.
• Most communications will include something that will concern or excite the victim.
• If you have been the victim of a scam, file a complaint at local law enforcement.
• Notify your financial institution.

Bank turmoil fuels phishing boom - October 16, 2008
The US Federal Trade Commission (FTC) issued a warning saying phishing gangs were using the current global financial crisis to extract valuable information from consumers. Phishing attacks are up more than 180% in a year.

The FTC said that the current rapid changes in the banking world, where many institutions suddenly had new owners, could only help fraudsters keen to steal login and other personal details. "Scammers are taking advantage of upheavals in the financial marketplace to confuse customers into parting with valuable personal information." It is expected fraudsters will pose as the new owners of banks or the federal agencies charged with oversight of struggling institutions.

The FTC urged customers to be wary and not to reply to e-mail messages or pop ups that ask for personal or financial information even if they appeared to come from a bank. Customers should also scrutinize bank and credit card statements for unauthorized withdrawals or transfers.

Chase, Wachovia and Bank of America were among the most popular targets for scammers. In its second annual report, the All Parliamentary Group on ID Fraud said tighter credit lending rules would lead to more attempts to get at existing bank accounts. "There is no longer a guarantee that they will get credit by applying assuming another person's identity, so they are instead tapping into accounts that already exist," read the report.

Fraud figures released in early October showed a steep rise in the number of phishing attacks even before the turmoil in the banking world began. From January to June 2008 phishing attacks rose by 186% on the same period in 2007, it said. In total it saw more than 20,682 phishing incidents during that six month period.

With the global financial crisis looking to get worse before it gets better, banking customers are being encouraged to be extra vigilant when using online financial services.

High-tech bank robbers phone it in October 16, 2008
Your ordinary bank robber can now steal hundreds of account numbers from ATMs without so much as lifting a finger. Instead, he skims. Skimming is the physical use of secondary readers to capture the magnetic tracks on the backs of credit and debit cards. On ATMs, skimmers and secondary keypads are used to capture account numbers and PINs. Often, the ATM transaction goes through, and the customer doesn't realize that the account has been compromised until later.

Two risks these high-tech criminals face are being caught fitting a faux cover over an ordinary ATM card slot and keypad, then later retrieving the skimmers in order to get the account information.

New information has been obtained including details on new devices can send captured account data via SMS to their smartphones. For about $8,000, skimmers can have their own ATM overlay capable of transmitting 1,856 cards via SMS. Bulk pricing is available. And if they don't want the information sent card by card, they can dial into the device and download the data at their convenience.

You're probably saying, "wait, I'd notice the compromise." Not so fast. These are good. Very good. See the photos of a compromised ATM machine on Snopes.com. Or watch this video to see how ATM skimming with SMS was accomplished last year. Industry standardization of ATM readers makes it easier for criminals to copy, so a bank robber needs only to match the look and style. Once the account information is captured, the criminals tend to burn it onto blank magnetic stripe cards (ISO standard 7810), then use it at ATMs worldwide.

5 Tampa Bay area firms targeted in credit scam inquiry October 16, 2008
Florida's attorney general is targeting five Tampa Bay area companies in a statewide campaign against scams on people desperate for relief from debt and credit problems. The effort against so-called debt-relief companies comes as attorney General Bill McCollum's office has seen consumer complaints increase more than 60 percent over last year, a stark reflection of the rapidly deteriorating economy.

The state has already settled with New Leaf Associates of Port Richey, which promised thousands of people nationwide that it could eliminate debt and improve credit scores through a secret "legal administrative process." No such process existed, McCollum said. New Leaf has agreed to pay $320,000 in fines and restitution to its victims. "This was absolutely a total scam," McCollum said, adding he was alarmed that there are "a lot" of similar companies that use Florida as a national headquarters.

This week, McCollum filed suit against Dunedin-based Enterprise Technology Group, which was operating as Ameritrust Financial Card. The state says the company charged $200 enrollment fees for a credit card that it claimed would perform like a normal card and could improve a person's credit score. But the "credit builder" card was good only with Ameritrust's online catalog, the suit states, and the company never reported consumers' accounts to a credit bureau. A phone number for Enterprise Technology Group did not appear to be working Wednesday.

McCollum's office has also subpoenaed records from three other bay area debt-relief companies: Financial Freedom Resources Inc. of Clearwater, Specialized Funding of Largo and United Debt Solutions, also known as American Debt Arbitration of Tampa. McCollum said companies being looked at - there are 31 in Florida - are suspected of violating the state's Deceptive and Unfair Trade Practices Act along with other laws regulating telephone solicitation and credit counseling services."I want to close these companies down," McCollum said. "Most of these companies are bad, bad, bad." There are some reputable debt-management companies, he added, but those typically help people come up with a strategy to pay off their bills, not offer new products and services. He said consumers in need of relief should follow some simple guidelines: Be very wary of any company that contacts you by telephone or the Internet; make sure there are no up-front fees; and, most of all, "ask a lot of questions."

Brad Ashwell, a consumer advocate for the Florida Public Interest Research Group, said people should first try to resolve problems themselves. "Many times a collection agency will settle for a lower payment, and even eliminate late fees and penalties," he said. "This may leave a blemish on a consumer's credit report, but it's one of several ways to stop the downward spiral into deep debt."