Financial Resources Federal Credit Union
Search
  • About Us
  •  Site Map
  •  Contact Us
Web Branch Login
  •  
  •  
Easy Access Menu
  • Apply Now
  • ATM Branch Locator
  • E Services
  • Forms
  • Rates
  • Security Center
Fraud Alerts
Photo

Protect your Identity with Deluxe ID TheftBlock.
Learn more about Deluxe ID TheftBlock.


If you think you've been a victim of fraud, tell a Credit Union Representative by visiting a branch or calling 800.933.3280, press 4.

Important Resources on Identity Theft:

Click on this link from the Federal Trade Commission, a National Resource for Identity Theft: http://www.consumer.gov/idtheft/.

Click on this link from The New Jersey State Police for additional information on Identity Theft: http://www.njsp.org/tech/identity.html.

Click on this link from the Internet Crime Complaint Center to file a complaint with the federal government: http://www.ic3.gov/


Alerts 11/24/08

New 'Phishing' Scam Uses Fake Airline Ticket

Summary: A new e-mail "phishing" scam seeks to plant malicious software on the computers of recipients who open an attachment purportedly related to the purchase of an airline ticket.

Details:The fake e-mails use the names of various U.S. airlines including Northwest Airlines, Continental Airlines, Sun Country Airlines, US Airways, Allegiant Air, Delta Air Lines, Alaska Airlines, Midwest Airlines, and Hawaiian Airlines.

The e-mail messages urge recipients to confirm a ticket purchase they never ordered. The e-mail requires an entry by thanking recipients for buying the tickets using the "Buy flight ticket online" service offered by the airline. Giving fake details of the purchased ticket, it asks them to confirm the purchase by printing the invoice and the ticket after clicking on an attachment in the mail.

However, when unsuspecting recipients click on the e-mail, a malicious software program downloads onto their computers. This "malware" enables the fraudsters to gain confidential information such as credit card access codes, Social Security numbers, and Internet banking passwords by allowing them remote access to the computers.

Airlines say there are a couple of things inside the mail that should warn people of the scam. The e-mails contain mistakes in spelling and grammar, and the formats in which the itineraries are presented are different than those used by the airlines.

You should be aware that these e-mails are not coming from the airline. If the format does not look familiar to you, and you have not recently purchased a ticket, do not open the attachment. Delete the e-mail right away.

Below is an example of an e-mail received:

From: Hawaiian Airlines [mailto:tegoo@qq.com]
Sent: Thursday, November 13, 2008 4:24 PM
To: James Mxxxx
Subject: Your flight ticket
Dear Valued Customer
Thank you for using our new service "Buy airplane ticket Online" on our website.

Your account has been created:
Your login: 1mooreDacu,com
Your password: PASS8QBE

Your credit card has been charged for $424.85.

We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the airplane ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!
Kind regards,
Hawaiian Airlines

New Phishing Scam Sounds like Official Telephone Call

Summary: Plastic-card phishing has a dangerous new twist. In a telephone call to a cardholder, the criminal attempts to obtain the three-digit security code on the back of card. You should never give out this information.

Details: With the holiday season approaching, shoppers increasingly use their credit and debit cards to make purchases at the mall, on the Internet, or over the telephone. When plastic card use increases this time of year, so do the scams.

A new twist on phishing aims to obtain the three-digit security code printed on the back of VISA and MasterCard credit and debit cards. The phishers are trying to get enough information to perform fraudulent card-not-present transactions (Internet, telephone, and mail-order purchases).

Under this scam, a telephone call is placed to a legitimate cardholder.  The caller claims to be a representative from VISA or MasterCard informing the cardholder of suspicious card activity. The caller provides details of an unusual transaction and asks if the cardholder made this purchase, which, of course, the cardholder did not. The cardholder is then asked to verify possession of the card. To do so, the cardholder is asked to read the three-digit security code on the back of the card. The fraudster then provides a control number in the event the cardholder needs to call back with questions, making the call seem legitimate.

The caller does not ask for the credit or debit card number, and that is why you can be fooled into believing the call is legitimate. But the fraudster already has the card number; what they don’t have is the three-digit security code from the back of the card, and that is what they are after with this scam.

The three-digit code on the back of the Visa or MasterCard card is a security tool used for non face-to-face transactions. When conducting transactions that are not face-to-face, many merchants will ask the shopper for the three-digit code to complete a card authorization. If the criminal obtains this three-digit number and already has your card number, card expiration date, and billing address, the criminal may be able to obtain authorization for fraudulent transactions.

Never give that code to anyone who may contact you by telephone, Internet, or mail. This security tool is used when a card-not-present transaction is performed, and during the transaction the merchant may ask for the code to complete the authorization process.

Never respond to any e-mail, telephone call, voice message, text message, or letter received through the mail that requests personal and financial information, including the three-digit number on the back of the card.


Alert 09/05/08

Hurricane Scams

Details: When Hurricane Katrina first hit in 2005, scams popped up within hours. Hurricane Gustav is no different, and Hanna, Ike and others will likely be the same in the days and weeks to come.

Online scams are likely to pop up in your inbox. How can you determine what is a scam and what is authentic?  Chances are that any e-mail asking for donations is a scam. But the e-mail scammers are very tricky. They have created e-mails that sound authentic, tear at your heartstrings, and make you feel compelled to "donate" to disaster relief.

So, to help protect you from scams that are almost certain to find you, we provide the following information. 

Phishing Scams

Prior to Hurricane Gustav’s landfall, the Louisiana Attorney General's office started seeing bogus e-mails asking people to "confirm" their bank information before the hurricane hit. These e-mails sent people to bogus Web sites that could then be used by scammers for financial fraud and identity theft.

Also, Web sites that claim to be legitimate Hurricane Gustav relief organizations have been created. They ask people to donate money by giving your financial information. The donated money will go straight into the pockets of con artists. The scammers can use this information to steal your identity, as well.

Here's an example of what an e-mail could look like:

"Please give your charitable donations to the victims of Hurricane Gustav. The chaos and destruction experienced by the region and its victims is unimaginable. But you can help these people regain their lives by giving them some hope. Your donation will go a long way to giving these victims their lives back. Our prayers and compassion go out to them. Make a generous donation to the American Red Cross by (clicking this link)." [A bogus but legitimate-sounding domain name is listed here] 

This scam sounds legitimate and plays on your emotions.

Action: If you want to make a donation through the Red Cross or another disaster relief organization, go to an organization's office itself, or the official Web site, such as RedCross.org.


Alert 08/05/08

Phishing,  Smishing and Vishing: What's the difference?

E-mail "Phishing"
Phishing (pronounced "fishing") is a scam to steal valuable information such as credit card and Social Security numbers, user IDs, and passwords. In phishing, also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, credit union, bank, or retail establishment. E-mails can be sent to people on selected lists or on any list, and the scammers expect some percentage of recipients will actually have an account with the real organization.

Land line telephone “Vishing” & VoIP (Internet phones “Vishing”)
Vishing, (Voice phISHING) also called "VoIP phishing for the Internet phones," is the voice counterpart to phishing. Instead of being directed by e-mail to a Web site, an e-mail message asks the user to make a telephone call. The call triggers a voice response system that asks for the user's card number or other personal or financial information. The initial bait can also be a telephone call with a recording that instructs the user to phone an 800 number or another area code within or outside of the United States.

In either case, because people are used to entering card numbers over the phone, this technique can be effective. Voice over IP (VoIP) is used for vishing because caller IDs can be spoofed and the entire operation can be brought up and taken down in a short time, compared to a land line telephone.

Text Message “Smishing”
Smishing (SMS phISHING) is the mobile phone counterpart to phishing. Instead of being directed by e-mail to a Web site, a text message is sent to the user's cell phone or other mobile device with some ploy to click on a link. The link causes a Trojan to be installed in the cell phone or other mobile device.

New!  Mail Letter “Phishing”
This new scam occurs where the phisher is creating a letter and sending it through the mail to individuals to respond to the letter by calling a phone number. The phisher outlines in the letter that the individual must respond for their own protection. This scam is used in conjunction with other channels to steal valuable personal and financial information of the individual receiving the letter.

Loss Prevention Recommendations:

  • If a message is received by someone claiming to be from your financial institution asking for confidential information, NEVER respond unless you initiated the request.
  • If you have doubts about who's on the phone, call back the number of record at your financial institution or Card Company.
  • Be wary of any message received from an unknown sender.
  • Monitor your accounts on a regular basis.
  • If you have a land line or Voice over the Internet (VoIP), create a password protected account.
  • Don't display your wireless phone number or e-mail address in public. This includes newsgroups, chat rooms, Web sites, or membership directories.
  • If you open an unwanted message, send a stop or opt out message in response.
  • Check the privacy policy when submitting your wireless phone number or e-mail address to any Web site. Find out if the policy allows the company to display or sell your information.
  • Contact your wireless or Internet service provider about unwanted messages.

If you are a victim of Phishing, Smishing or Vishing, take appropriate steps:

  • Contact your financial institution.
  • Report the incident to a credit bureau.
  • Order a credit report.
  • Report suspicious Internet sites and emails to the government and for additional protection tips visit www.ic3.gov or the Federal government's consumer information center at www.consumer.gov/Tech.htm.
  • Work with your Internet provider or telephone carrier to shut down fraudulent sites or telephone numbers.
  • Use tools provided by a reputable Internet brand protection service to conduct regular comprehensive Internet monitoring.
  • Monitor all Web links to ensure proper authorization, content, privacy, and security.
  • If you have been victimized by a spoofed e-mail or web site, you should contact your local law enforcement, US Postal Inspector, or FBI.

Fraud Alert 07/17/08

SECURITY WARNING: Current Phishing Scam

Our Internet Banking service provider, Digital Insight, would like you to be aware about a current phishing scam directed at Digital Insight client financial institutions and their end users.  The scam targets users by sending emails that appear to be from an official Digital Insight source (for example, “Digital Insight Customer Care,” “Digital Insight Administration,” etc.), and is designed to trick the recipient into clicking a link in the e-mail for the purpose of acquiring sensitive data, such as passwords or financial information.

You should NEVER click links or install programs suggested in emails, even if the email appears to be from an official or familiar source. Digital Insight and Financial Resources FCU will never send emails containing links to download software or applications.

 -- Sample Phishing Email --

From: "customer-care@digitalinsight.com" <administration@digitallnsight.com>

Date: July 16, 2008

To: <name>

Subject: Attention - Important Notification!

Dear Administrator,

We inform you that your account is about to expire. It is strongly recommended to update it immediately. Update form is located here. However, failure to confirm your records may result in account suspension

The email described above is not from Digital Insight.  You should immediately delete emails such as these, and be careful not to take the actions requested.


Fraud Alert 06/25/08

From the Credit Union National Association (CUNA Mutual Group):
"Smishing" Scam Targets Credit Unions via Text Messaging

Credit unions across the country are reporting that their member’s are receiving unsolicited text messages. It’s an attempt at Smishing, the latest form of phishing. In Smishing, an e-mail tries to lure a recipient into giving personal information via SMS, the communications protocol used to send text messages to a wireless device. The recent scam is targeting credit union and other financial institution members.

In Smishing, a member receives a text message via cell phone warning that their bank account has been closed due to suspicious activity. It then tells them they need to call a certain phone number to reactivate the account.

Unsuspecting callers who dial the number provided in the text message will be taken to an automated voice mail box that prompts them to key in their credit card or debit card number, expiration date, and PIN to verify their information.

If you have a question concerning your account or debit card, contact us at 800.933.3280, press 4.

Recommendations:

  • Financial Resources will never solicit personal or private information via e-mail or text message.
  • Be wary of any message received from an unknown sender.
  • Do not open unsolicited e-mails or text messages.
  • Do not click on any links provided in unsolicited e-mails.
  • Don’t display your wireless phone number or e-mail address in public. This includes newsgroups, chat rooms, Web sites, or membership directories.
  • If you open an unwanted message, send a stop or opt out message in response.
  • Contact your wireless or Internet service provider about unwanted messages.

Fraud Alert 02/22/08

From National Credit Union Administration:
Phishing Attempt – E-mail Solicitation Using NCUA Region 1 Address

The purpose of this fraud alert is to inform all federally-insured credit unions about a recent phishing attempt to obtain credit card account numbers and expiration dates.

In cases reported to NCUA, the perpetrator(s) sent e-mails to credit union members and the general public stating that the "National Credit Union Administration temporarily suspended your account due to fraud attempts". The e-mail goes on to state "to reactivate your account call the toll free number" provided. The e-mail is addressed as originating from the NCUA Region 1, Albany, New York office and the phone number to call has an Albany area code of 518.

NCUA does not ask credit union members or the general public for such information. Anyone who receives an e-mail that purports to be from NCUA and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.

Credit union management should inform their employees of this recent fraudulent activity so they can assist in identification of such activity. Credit union personnel should be educating members regarding the signs of such activity. Management should also be aware there may be variants to the scam previously described.

Persons affected by this scam, and variants of this scam, should be advised to forward the entire e-mail message to Phishing@ncua.gov. Additionally, formal complaints concerning any suspected fraudulent e-mail can be filed with the Internet Fraud Complaint Center (IFCC) at  www.ic3.gov. The IFCC is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.

Where appropriate, management must ensure they file a Suspicious Activity Report in accordance with established regulation. As specified by NCUA Rules & Regulations Part 748, management must provide notice to the appropriate NCUA Regional Director, and in the case of state-chartered credit unions, to their state supervisory authority. Management should also contact and file a report with local law enforcement authorities.

NCUA will continue to follow this issue and provide you with additional information as warranted. In the meantime, if you have any questions, please contact your District Examiner, Regional Office, or State Supervisory Authority.


Fraud Alert 10/16/07

Fraudulent Email  - Phishing Attempt
Please read what Members United Corporate Federal Credit Union states:

As we all know, phishing scams and other fraudulent activity are on the increase, putting your credit union and its members at risk. The most recent scam, much like those in the past, was initiated via an email appearing to come from NCUA. The sender is NOT NCUA.

Once again, several credit unions have reported that their members are being targeted in another phishing scam involving the NCUA. This most recent scam, much like those in the past, was initiated via e-mail appearing to be from NCUA. The sender is NOT NCUA.


This false e-mail asked the recipient to click on a link to verify their credit union account registration. If the recipient proceeded to do so, the link directed them to a false Web site and asked for their credit union account number and personal identification number (PIN), along with other personal information.

NCUA never asks credit union members for such personal information. Anyone who receives an e-mail that purports to be from NCUA and asks for account information should consider it to be a fraud and should not follow the instructions in the e-mail.

If you have received a fraudulent phishing e-mail purportedly from NCUA please forward the entire e-mail message to Phishing@ncua.gov.

Also, formal complaints can be filed concerning any suspected fraudulent e-mail with the Internet Fraud Complaint Center (IFCC) at ncua@ic3.gov. The IFCC is a partnership between the Federal Bureau of Investigation, and the National White Collar Crime Center. NCUA, CUNA and state agencies do not request or solicit personal information via e-mail from the general public or credit union members.


Fraud Alert 08/21/07

Security Alert:  New Computer Virus may prompt an Online Fraud Attempt

Financial Resources has been alerted to a new computer virus that may prompt an Online Fraud Attempt.

Please note that this is a fraud attempt generated outside of our Online Banking system, but an end user may be impacted if they unknowingly infected their computer with this new virus through activities such as:

  • Illegally trading software
  • Executing files sent via email
  • Allowing scripts to execute while browsing the internet

When an end user whose computer is infected with this virus is using Online Bill Payment, the virus may intercept the browser session and display a fraudulent web page to the end users requesting additional information. The fraudulent web page appears framed within the Bill Payment window and prompts the user for sensitive information such as debit card account numbers and passwords. This is an attempt to commit fraud, and the user SHOULD NOT provide the requested information. 

End user information would never be requested in the middle of a Bill Payment transaction. Any deviations from the documented and expected Bill Pay system behavior may be attempts to commit fraud.

To help prevent fraud, these best practices should be followed for online security:

  • Only install software from trusted sources and known origins. Software sent via email is particularly dangerous as viruses are often transmitted via email.
  • Install and maintain Antivirus and Anti-Spyware software on your computer.
  • Update browser software to benefit from the latest security protections.
  • Pay attention to warning messages presented through your browser. Browser warning messages may indicate a security threat.

Financial Resources is taking substantive measures to protect the safety and security of your accounts against account hijacking and other forms of identity theft. By acting today to strengthen security at your end of the Internet highway, hijackers will have an even tougher time.

If you have any questions or need further assistance, please call Member Service at 1-800-933-3280.


Fraud Alert 1/29/07

Internet/Email Fraud Alert from Visa®

Financial Resources recently learned of a fraudulent email sent to cardholders who participate in Verified by Visa. The email claimed to have come from Visa and stated that the cardholder was automatically enrolled in Verified by Visa. The email also stated that the cardholder’s Visa card may be temporarily disabled if they failed to update their Visa card. A sample of the email is shown on the last page of this notification.

This email was a phishing scam and did not come from Visa. Phishing is a form of fraud that attempts to trick the cardholder into revealing personal information, such as their credit or debit account numbers, checking account information, social security numbers, or banking account passwords through fake websites or in a reply email.

Visa will never ask cardholders to divulge account information or password via email. Should your cardholders receive any questionable emails, please ask them not to reply to the email or contact the website referenced in the email. Cardholders can report the email to Visa by sending an email to phishing@visa.com.

As with all possible fraudulent situations, you are encouraged to take appropriate measures if a scam is suspected. Note that an excessive number of attempts at small dollar preauthorizations may be an indication of intent to commit fraud.

If you have questions, please contact Member Services at 800.933.3280, option 4. Thank you.

Click here for a sample of the email.

 

A note about fraud

NEVER provide you personal account information when solicited via phone or email. For more information about this scam, Visit the NCUA's website at http://www.ncua.gov/Phishing/phishing.htm.

Important Information from the FBI about fraud:

If you can answer "yes" to any of the following questions, you could be involved in a fraud or about to be scammed!

  • Is the CHECK you have from an item you sold on the Internet, such as a car, boat, jewelry, etc?
  • Is the amount of the CHECK more than than the item's selling price?
  • Is the CHECK connected to communicating with someone by email?
  • Is the CHECK drawn on a business or individual account that is different from the person buying your item or product?
  • Have you been informed that you were the winner of a LOTTERY such as Canadian, Australian, El Gordo, or El Mundo, that you did not enter?
  • Have you been instructed to either "WIRE", "SEND" OR "SHIP" MONEY, as soon as possible, to a large U.S. city or to another country such as Canada, England or Nigeria?
  • Have you been asked to PAY money to receive a deposit from another country such as Canada, England or Nigeria?
  • Are you receiving PAY or a COMMISSION for facilitating money transfers though your account?
  • Did you respond to an email requesting you to CONFIRM, UPDATE OR PROVIDE your account information?

Top

Equal Housing Lender NCUA
© Financial Resources Federal Credit Union | All photography courtesy of Andy Finney: http://www.atsf.co.uk/ilight/index.html | powered by Digital Insight, an Intuit company