Email Fraud/Phishing Alerts

Email Fraud

Fraudulent email activity, also known as "phishing," continues to increase, where emails circulate claiming to be from the National Credit Union Administration (NCUA), Credit Union National Association (CUNA), CO-OP Network, CU Service Centers, STAR System Network (ATMs), Visa, Internal Revenue Service (IRS), Social Security Administration (SSA) or other organization and request your personal information via email or online.

Phishers continue to change their phony emails by including false fraud protection techniques as a new twist to convince members that the email is from their credit union with the added educational information. Because of everyone's fraud awareness, the phishers lure members to "take action" and provide their information by using an "online banking" log-in which will redirect the site to the fraudster.

Please read below for more information on this scam and how you can protect yourself.

What is Phishing?

Internet scams, email fraud or phishing (pronounced "fishing") are attempts to fraudulently acquire sensitive personal information (ie. account numbers, passwords, social security numbers, credit card details, etc). In a typical case, phishing involves the use of email messages impersonating your financial institution, a reputable company that you or we normally conduct business with or a government agency; including one of the federal institution regulatory agencies.

Phishing emails always have a sense of urgency. The email will probably warn you of a serious problem that requires your immediate attention to respond. It will then urge you to click on a "button" or link where you will be asked to enter or confirm your personal information. The website may look legitimate but it is NOT! Do not click on the requested link and submit your personal information.

LBS Financial Credit Union will NEVER email or call to ask for your personal information.

Scam Examples

February 25, 2013 - Members from many different credit unions are receiving text messages saying "you have issues on your card ending in XXX" and that their credit card had been blocked until they called and gave more information. When Members called the number, they were asked for personal account information. This text message is not from LBS Financial Credit Union (or any credit union) and you should never provide your account information to someone over the phone unless you verify the number you are calling belongs to the financial institution. If you have provided your account information through this scam in error, please call the Credit Union at 562.598.9007.

February 17, 2011 - Some LBS Financial Members received a fraudulent email posing as the Credit Union and asking for ATM card and PIN information.

January, 2010 - Consumers have been receiving emails or US mail urging them to apply as a mystery shopper. According to the Internet Crime Compliant Center (IC3), fraudsters have learned that many retail and service corporations, including credit unions hire evaluators to perform secret or random checks on their service or their competitors, and the fraudsters are capitalizing on this.

Victims are asked to send a resume and are supposedly subject to a background check before being hired. The fraudster sends the shoppers a check with instructions to shop at a specific retailer for a specific length of time and spend a specific amount on the store's merchandise. The shopper is to note the environment, color, payment procedures, gift items and shopping/carrier bags, and report back to the employer.

The second trip evaluates the ease and accuracy of wiring money from the retail location. The money is included in a check received by the victim shopper. The remaining balance is the employee's pay for the assignment. After the merchandise is purchased and the money wired, the shopper learns the check is counterfeit, and the shopper is responsible for the money lost and fees incurred.

In other versions, applicants are requested to provide bank account information to have money directly deposited into their account. This gives the fraudster access to the victim's accounts and money, making the victim an identity theft victim.

The emails also have a pop-up that cannot be easily closed. The user clicks on the pop-up to purchase the software and must fill out a form that collects payment information. The user is charged for bogus software. Sometimes malicious codes are installed on the computer.

December, 2009 - Consumers have been receiving text messages indicating that their account has been compromised and to call the number listed on the text message to receive more information. DO NOT respond to this text nor call the number listed. This is a scam. Contact your own financial institution to verify if there is a problem with your account and to alert them about the text scam that you received

Anyone who receives an email from a financial institution that appears to be a scam can forward it on to Phishing@ncua.gov.

NCUA sample #1 - Phishing Email The National Credit Union Administration is a federal regulatory agency. It does not maintain financial accounts for credit union members.
NCUA sample #2 - Phishing Email The National Credit Union Administration is a federal regulatory agency. It does not maintain financial accounts for credit union members.
NCUA sample #3 - Spoofed (fake)Web Site The National Credit Union Administration is a federal regulatory agency. It does not maintain financial accounts for credit union members.
NCUA sample #4 - Phishing Email The National Credit Union Administration is a federal regulatory agency. It does not maintain financial accounts for credit union members.
Verified by Visa sample - Phishing Email Verified by Visa is a real security system used by Visa. Like most phishing techniques, this one takes your concern about security and attempts to trick you into providing personal information.
Star Network sample - Phishing Email This e-mail is not from Star System ATM Network and is an attempt to get you to provide cardholder information.

PIN Reversals - Not a Safety Option

Your safety at the ATM

The Internet can often quickly spread “urban myth” stories but few stories gain such rapid appeal with so many potentially negative impacts on cardholder safety and confidence as the misleading stories circulating the Internet regarding PIN reversal to signal duress. PIN reversal technology is a concept based upon the possibility that a cardholder could remember (and reverse) his or her PIN (password) at an ATM to draw attention to a dangerous situation like a kidnapping or a robbery. Critics say that it is unlikely that anyone under duress could successfully employ this technique without compromising personal safety.

Financial institutions within the United States have not deployed this technique despite several well circulated email chain letters that have misstated this fact. If you have read information on the Internet to use PIN reversal as a safety method, it's important for you to know that LBS Financial does not have the capability to read a PIN reversal as a request for help. Digital cameras are still the best security available at the ATM.

Report Fraud

If you receive a suspicious text, email or telephone call claiming to be from LBS Financial Credit Union requesting personal information, please do not reply or return the call. Instead, contact us immediately at 562.598.9007 or 714.893.5111 or send an email to abuse@lbsfcu.org to report the suspicious activity and to ensure that your account is in order.

Other reporting resources are:

• Anti-Phishing Working Group: reportphishing@antiphishing.org
• Report vishing calls to www.ftc.gov or call (888) 382.1222. The FTC wants the number and name that appeared on the caller ID as well as the time of day and the information talked about or heard in a recorded message. If you think you've been a victim of a vishing attack you can also contact, the Internet Crime Complaint Center at http://www.ic3.gov/default.aspx.

What Is Spyware?

Spyware is any software that covertly gathers user information through the user's Internet connection without his or her knowledge. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about email addresses and even passwords and credit card numbers. It is also called adware.

Protecting Your Identity on the Internet

• Be suspicious of urgent emails requesting your financial information and threatening to terminate or suspend your account unless you respond electronically. Call us as your financial institution to verify if we sent you an email regarding your account or log onto our website directly by typing in our web address (www.lbsfcu.org) in your browser. Do not click on the link that was provided to you in the suspicious email.
• Never click on links in email messages that ask you to provide or confirm your private information. Links can easily conceal the true destination. The destination website may be programmed to automatically download and install software called "malware." If in doubt, call the financial institution or merchant to see if in fact there is a problem with your account.
• When providing private information on a website, make sure of the following: 1.) That your web session is encrypted and 2.) That you're really on the site you're on. Sites that encrypt your session have addresses that start with "https" instead of "http." The "s" stands for "secure" which means your session is encrypted. Gold padlock or key icons at the bottom of the screen indicate a secure website but note that they too can be faked. Make sure the address is a valid one. An IP address as in http//163.10.4.76 is a dead give away. Others are not easy to spot. Clicking on the padlock or key will open a window with information about the website and who owns the digital certificate that enables the site security. The issuers of certificates do not issue them without first verifying the identity of the buyer. Newer browser versions and security programs like Symantec's Norton Security provide feedback regarding a site's authenticity by turning the address bar or a toolbar element green when a site is deemed safe.
• Consistently check your online accounts to ensure that all transactions are legitimate.
• Do not install unknown software on your computer. If you do so, you are potentially harming your computer's hard drive and putting your personal information at great risk. Verify that the software came from a legitimate website and not an email message. Be especially wary of "free" programs which are often infected with Spyware.
• Always protect your password. Do not share your password with anybody else or do not write down your password anyplace where it's accessible to another person. Change your password frequently and use one that is not easy for someone to guess.

Thwart Identity Theft

How does a thief get your personal information? Rummaging through garbage, pulling items from a mailbox, working as part of a large identity theft ring, stealing your wallet - the list goes on and on. Don't let a thief steal your identity! Here are a few simple tips to keep them away:

• A lost or stolen wallet is a goldmine of information. Don't carry extra credit cards, checks, Social Security card and even health insurance cards. Be sure to photocopy everything that's left, being careful to record emergency phone numbers. Keep these copies in a very safe place. Hopefully, you will never need them.
• Use LBS Financial Direct Deposit for any checks that are mailed to you on a regular basis.
• Before revealing personal identifying information, find out how it will be used and if it will be shared with others. Does your local video store really need to know your social security number? How about your gym?
• Pay attention to your billing cycles. Follow up with creditors if bills do not arrive on time. Review them each month to identify any unusual charges. Thieves sometimes test you prior to making a large hit.
• Order a free copy of your credit report from the three credit reporting agencies every year. Make sure it's accurate and includes only those activities you've authorized. Visit www.annualcreditreport.com to download your free annual reports.
• Use a cross-cut shredder to destroy charge receipts, credit applications and offers, insurance forms, bank checks and statements.

If you find that your identity has been compromised, immediately file a report with the police. Call every company that has extended credit to you to alert them of the problem. Give a copy of the police report to your financial institution, credit card company and/or insurance company as proof of the crime. Call the credit bureaus Equifax 800.525.6285; Experian 888.397.3742; TransUnion 800.680.7289 to ask that a "fraud alert" be placed in your file.

LBS Financial Credit Union does everything in its power to keep your personal information just that, personal. Not every company out there can make the same claim. Be sure to use the tips above to help thwart this growing concern. Also, visit www.idtheft.gov for more information.

What to do if you've mistakenly given out your personal information

• Call us at 562.598.9007 or 714.893.5111 immediately so we may flag your account(s) and contact you for any unusual activity or,
• Notify us immediately through our secure online form
  with a brief explanation about the email you received.
• Contact your other financial institution with which you have other accounts (ie. credit cards, loans, savings, etc.) to alert them or cancel your existing accounts. Many companies have toll free numbers and 24-hour service to deal with such emergencies.
• Report the theft to the three major credit reporting agencies:
  • Experian - www.experian.com or 888.397.3742
  • Equifax - www.equifax.com or 800.525.6285
  • Trans Union - www.transunion.com or 800.680.7289
• Contact your local police department to file a criminal report
• Contact the Social Security Administration's Fraud Hotline to report the unauthorized use of your personal identification information
• Notify the Department of Motor Vehicles of your identity theft
• File a complaint with the Internet Fraud Complaint Center (IFCC) at www.ic3.gov
• Document the names and telephone numbers of everyone you speak to regarding the incident. Request that all the phone calls be followed by a letter. Keep copies of all correspondence for future reference.