Scam artists are nothing new — they've been trying to fleece us out of our money since the beginning of time. What is new, however, is the increasing use of sophisticated techniques and technology. Each year the number of people victimized increases. It's up to each of us to educate ourselves on how to avoid being taken.
ATM Skimming On The Rise
Use extra caution when inserting your card at an ATM or a retailer, especially if it is unattended (such as a gas station pay at the pump). Fraudsters are getting more aggressive and we have seen a sharp rise in skimming-related card fraud in the first quarter of 2017.
Here are a couple of things you can do to help prevent this from happening:
- Examine the ATM: Never enter your PIN in an ATM that doesn't look genuine or has been modified. Thieves may place a thin reading device into or around the card slot to capture the data in the card's magnetic strip.
- If it's hard to insert your card, if the surface is sticky, or if the slot is scratched, it might contain a reader
- Before you insert your card, take hold of the place where you insert it on the machine. If it feels loose, do not insert your card.
- If you insert your card and can wiggle it around, remove the card immediately and report it to the merchant and your financial institution immediately.
- If using a gas pump, pay inside if possible.
Other tips for keeping your card safe:
- Protect your PIN: If they have your card data, next they need your PIN.
- There are many ways to hide a tiny camera on or near an ATM, such as in the light panel or brochure holder. Always use your free hand to cover your PIN every time you enter it.
- Never write your PIN on the back of your card.
- Never keep the card and PIN together.
- Never divulge your PIN to another person who is not on the account.
Much of the fraud we see related to purchases is because the person made the PIN accessible to someone else, even family members.
If you find a withdrawal or a purchase on your account and you did not make that withdrawal or purchase, you must report it immediately. Check your accounts often through online banking or our mobile app. At minimum, review your statements monthly. If you are a victim, and do not report it within 60 days, you may incur the loss.
For more information, see the FBI's article on this topic.
We have been made aware of fraudulent checks in circulation, appearing to be made out by Destinations Credit Union. These appear to be payments for things like mystery shopping. These checks are not issued by Destinations and we ask that if you are presented with one, that you provide the check and all documentation to:
Email email@example.com or mail to Fraud Department, Destinations Credit Union, 8767 Satyr Hill Rd., Baltimore, MD 21234.
Download our 90-page e-book, "Twists of Fake," that covers a wide range of scams and ID theft schemes.
Visit Our Blog: Reaching Your Financial Destinations
Subscribe to our blog for e-mail updates on posts.
- Four Steps to Checking Your Credit Report
- 3 Mortgage Scams and How to Beat Them
- Card Security Breaches: Why They Occur and Who's to Blame
- How 10 Seconds of Diligence Can Keep You Safe From Fraud
- Hackers Develop New Attack Methods: Charities
- Job Seekers Beware: Repacking Jobs Could Lead to Jail Time
- The 12 Scams of Christmas
- Is 2015 The Year of the Healthcare Hack?
- "ISIS" Hacks Credit Unions - What You Need to Know
- Looking for a Job? Scammers May Be Looking For You
- Protect Yourself Against Pinterest Scams
- Avoid Identity Theft by Fighting Back
- Check Fraud and Swiss Cheese
- Securing Your Phone
- High Yield Investment Fraud
- Google Drive Scam is Back: Why do we share our info with strangers?
- Your Greatest Strength Might Be Your Greatest Weakness
Recently it has been discovered that malware, called Svpeng, is beginning to target Android-based mobile applications in the United States. The malware looks for specific applications on the user's phone, then locks the phone and demands money to unlock it. Newer versions of the malware may contain a phishing component that substitutes the users banking application with a mirrored phishing window, deceiving the user into submitting their credentials for collection by the attackers.
Svpeng currently uses social engineering to infect the phone, specifically via text messaging. It is critical that you download content only from trusted sources. Below are examples of messaging you might consider as part of your consumer education and awareness campaigns.
- Users should download apps only from "official" App stores (e.g., Android GooglePlay, Apple App Store)
- For websites that request sensitive data, you should check to make sure the website address and content are valid
How to Protect Your Identity When Shopping Online
Useful information on how to shop online safely: Article by Camilla Taylor
Monitor Your Credit
Each member is entitled to get a free credit report annually from each of the three major credit bureaus. Just go to annualcreditreport.com to get yours.
Credit Bureau Contact Information
Two Loan Scams Claim MD Addresses
Better Business Bureau of Greater Maryland warns consumers that two entities, Certified Lending Group and Wesley Financial Group are targeting persons with poor credit scores. Learn more.
E-Mail Spoofing Alert!
It has come to our attention that spammers have launched e-mail campaigns that look like messages sent by Destinations Credit Union. We have nothing to do with such spam, we do not send, and have never sent spam email of any sort, and strongly oppose the act of spamming or sending unsolicited commercial email. If you have received such spam email we apologize, but we must emphasize that it is totally beyond our control, and we regret very much that we cannot stop it. We send only legitimate credit union news to those who have signed up to receive it.
What is E-mail Spoofing? (Faking or Forging)
"E-mail Spoofing" is the latest abhorrent trend in spam. Spammers falsify the header information in their e-mails to make the email appear to come from whoever they choose. Spammers are now routinely using the e-mail or web site identities of people and organizations on the internet, and using them to send millions of pieces of junk or offending e-mails. Unfortunately, most people who receive these emails don't understand what's happening, which is the whole purpose of the spoof.
What to Do
- You have several options of what to do if you receive a spoofed email:
- Report it to your ISP. Redirect the email on as an attachment to your ISP, ensuring that the entire message is included, or cut and paste the header information from the email. This contains the information (originating IP numbers etc.) required for anti-spam systems to filter out this junk mail.
- Do not simply 'forward' the message as the essential header information will be lost.
- Do not respond to the message in any way.
- Please do not do anything that might result in Destinations Credit Union being added to spam lists. We are as much a victim of this activity as you.
Email Spoofing Information
How to Combat Email Spoofing
Deciphering fake email or posting: The information provided here, describes how to find out where a fake post or e-mail originated from, decipher which machine it came from and who (generally or specifically) you should contact.
- Phishing – A criminally fraudulent process of attempting to acquire sensitive information by masquerading as a trustworthy entity in an electronic communication; typically carried out by e-mail or instant messaging, and often directs users to enter details at a fake website whose look and feel are almost identical to a legitimate one.
- Smishing – A form of criminal activity using social engineering techniques similar to phishing; typically carried out by SMS/text message, and often directs users to download a program/file which turns out to be a virus.
- Vishing – The criminal practice of using social engineering over the telephone, the term is a combination of "voice" and "phishing"; typically used to steal credit card numbers or other information.
Identity Theft: Deter, Detect, Defend
The Federal Trade Commission offers good information on detecting identity theft, defending yourself against ID theft, and helps victims through the process of recovering when their identity has been stolen. This site offers streaming video demonstrating how identities are stolen and the devastating effects it can have on individuals.
Should You Purchase ID Theft Protection? See what the FTC has to say on the subject.