Don't Fall Victim to Text Scams (Smishing)

If a text message requests personal information, such as your Social Security number or an online account password beware!

You’ve probably heard about phishing, where criminals attempt to steal your personal information via email. With the popularity of texting, fraudsters are now attempting to scam victims via text, too. It’s called SMS phishing, or “smishing.” 

You might get what looks like a text from a company you do business with, such as your credit union, a mobile provider, or a tech service like Netflix or PayPal. It claims your account has expired or been locked on some pretext, maybe suspicious activity, and you need to provide personal information or click on a link to reactivate it. It may also ask you to verify purchases, claim issues with your payment information, offer prizes or gift cards, send fake package delivery notifications, or warn you of suspicious activity on one of your accounts These are some of the tactics that give the scammers means to steal your money or identity, or to infect your device with malware.

  • Don't be fooled by a local area code
     
  • Don't click on links in text messages
     
  • Don't respond to a suspicious text message
     
  • Contact your credit union or credit card company directly to confirm a text came from them
     
  • Report smishing texts to your mobile provider by texting 7726

Spoofing: Don't Hang On, Hang Up

Have you been spoofed? Spoofing is when a caller falsifies the caller ID displayed to disguise their identity. The incoming call may look like a neighbor (a local number) or from a company or government agency. You may not be able to tell right away if an incoming call is spoofed. Take extreme caution before giving out your personal identifying information.

Account Hijacking

The fastest growing form of identity theft is called "Account Hijacking". Account Hijacking occurs when a criminal obtains your personal financial information and uses it to take over your accounts. Fortunately, there are steps you can take to protect yourself. Click Here to learn more on how to prevent identity theft.

On this page, you will also find an explanation of various techniques used for financial fraud and identity theft, preventative actions you can take, and what to do if you fall victim.

For example, a common telephone fraud attempt will begin with a recorded message saying something like... "We have detected unusual activity on your account and your debit card has been inactivated. Please follow these instructions to verify your account and reactivate your card." The phone number for these calls is blocked.

Telco Community Credit Union (Telco) will never make a call like this! The calls are an attempt at fraud called "phishing", which means a criminal is trying to trick people into providing their account information. Your card has not likely been compromised, the phone numbers being called are random.

If you receive a call like this, ignore it and hang up. Do not respond to the call in any other way. Never provide your account information to someone unless you know who it is. Telco WILL NEVER ASK FOR YOUR PERSONAL INFORMATION OR ACCOUNT VERIFICATION THROUGH A RECORDED PHONE CALL, TEXT MESSAGE, OR EMAIL.

It's an unfortunate fact that attempts at fraud activity increase during holiday seasons. Be careful and follow this advice to protect your financial security. If you have any questions or concerns about the Telco accounts, please contact a Telco representativeIf your card is lost, stolen or compromised call Telco immediately at 828-252-6458. During non-business hours call  800-472-3272. Fraud department: 833-735-1892.

 

Avoid Fraudulent Checks

Click here for advice on how to avoid check fraud from the National Consumers League website, a consumer partner to the Federal Trade Commission.

 

Stop identity theft

There is a type of identity theft using the Internet called "phishing." Pronounced "fishing; that's exactly what thieves are doing, fishing for your personal financial information. They want your account numbers, passwords, Social Security numbers and other confidential information so they can use your financial accounts or run up bills on your credit cards.

In the worst case, you could find yourself a victim of identity theft. With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even a driver's license in your name. They can do damage to your financial history and personal reputation that can take years to unravel. But if you understand how phishing works and how to protect yourself, you can help stop this crime.

How phishing works

Typically, you'll receive an e-mail that appears to come from a reputable company that you recognize and may do business with, such as your financial institution. In some cases, the e-mail may appear to come from a government agency, perhaps a federal financial institution regulatory agency. The e-mail will probably warn you of a serious problem that requires your immediate attention. It may use phrases such as "Immediate attention required:' or "Please contact us immediately about your account."

The e-mail may also state that unless you provide certain confidential information your account will be deactivated or closed. The e-mail will encourage you to click a link to go to the institution's Website.

In a phishing scam, you could be redirected to a phony Website that may look exactly like the real thing. Sometimes, in fact, it may be the company's actual Website. In those cases, a pop-up window will quickly appear for the purpose of collecting your financial information.

You may be asked to update your account information or to provide information for verification purposes: your Social Security number, your account number, your password, or the information you use to verify your identity when speaking to your financial institution, such as your mother's maiden name or your place of birth. If you provide the requested information. you may find yourself a victim of identity theft.

How to protect yourself

  1. Never provide your personal information in response to an unsolicited request, whether it is over the phone or on the Internet. E-mails and Internet pages created by phishers may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure site. If you did not initiate the communication, do not provide any information.
  2. If you are unsure whether a contact is legitimate, contact the financial institution. You can find phone numbers and Websites on the monthly statements you receive from your financial institution, or you can look up the company in a phone book or on the Internet. The key is that you should be the one to initiate the contact, using information that you have verified yourself.
  3. Never provide your account information and/or password over the phone or in response to an unsolicited Internet request. A financial institution would never ask you to verify your account information or confirm a password online. Thieves armed with this information and your account number can help themselves to your money.
  4. Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving or does not arrive, call your financial institution to find out why. If your financial institution offers electronic account access, check your account activity online regularly to catch suspicious activity.

What to do if you fall victim

  1. Contact your financial institution immediately and alert it to the situation.
  2. Close accounts you think have been tampered with or opened fraudulently. Call the security or fraud department of each associated company or financial institution. Follow- up in writing and supply copies of supporting documents.
  3. It is important to notify credit card companies and financial institutions in writing. Send your letters by certified mail, return receipt requested, so you can document when and what the company received. Keep copies of your correspondence and enclosures.
  4. Report all suspicious contacts to the Federal Trade Commission online or by calling 1-877-IDTHEFT (1-877-438-4338).
  5. Check with your state Attorney General's office to find out if state law requires the police to take reports for identity theft. Check the Blue Pages of your telephone directory for the phone number, or Click Here for a list of state Attorneys General.

If possible, file a report with local police or police in the community where the identity theft took place. Obtain a copy of the police report or the report number. It can help you deal with creditors who need proof of the crime. If the police are reluctant to take your report, ask to file a "Miscellaneous Incidents" report.

If you disclose sensitive information in a phishing attack, contact one of the three major credit bureaus listed below and discuss whether to place a fraud alert on your file. A fraud alert will help prevent thieves from opening a new account in your name.

Equifax
800-525-6285
P.O. Box 740250
Atlanta, GA 30374
www.equifax.com

Experian
888-397-3742
P.O. Box 1017
Allen, TX 75013
www.experian.com

TransUnion
800-680-7289
P.O. Box 6790
Fullerton, CA 92634
www.transunion.com

 

You can fight identity theft here's how:

  1. Never provide personal financial information, including your Social Security number, account numbers or passwords over the phone or the Internet, if you did not initiate the contact.
  2. Never click on the link provided in an e-mail you think is fraudulent. In addition to stealing your personal information, the link may contain a virus that can contaminate your computer.
  3. Do not be intimidated by an e-mail or caller who suggests dire consequences if you do not immediately provide or verify financial information.
  4. If you are unsure whether a contact is legitimate, go to the company's Website by typing in the site address or using a page you have previously book marked, instead of using a link provided by the e-mail.
  5. If you fall victim to identity theft, act immediately to protect yourself. Alert your financial institution. Place fraud alerts on your credit files. Monitor your credit files and account statements closely.
  6. Report suspicious e-mails or calls to the Federal Trade Commission online or by calling 1-877-IDTHEFT (1-877-438-4338).

Phone Spoofing

"Spoofing" is where the caller changes what appears on the caller ID on your phone-both landline and cell.  They change the number and/or the name that appears on your screen making you think you are talking to your credit union, etc.

There are three simple ways to defeat this type of scam when they call and say they are from Telco, your Credit Card Company, utility, etc., and want to verify your account information.

  • Tell them you will go to your local office and talk to them in person
  • Hang-up and call the phone number listed in your phone book or on a bill that you received in the mail.
  • When they ask you ANY question, have the caller give you the answer to the question first so that YOU can verify the information.

If the caller(s) are from the real company, they will already have the information they want to verify since that information was given at the time the account was opened or service was requested. They may have some correct information. DO NOT provide them with ANY additional information they don't already have, as this may provide the information the scammers need to take over your identity.

REMEMBER: Scammers are VERIFYING your information; therefore they should already have the information otherwise they could not do the verification.

Useful Information Regarding E-mail Scams

What is a social engineering attack?

To launch a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

What is a phishing attack?

Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal, often financial, information. Attackers may send emails seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

How do you avoid being a victim?

  1. Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  2. Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
  3. Do not reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email.
  4. Don't send sensitive information over the Internet before checking a website's security (see Protecting Your Privacy for more information).
  5. Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
  6. If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group.
  7. Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (see Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information).

What do you do if you think you are a victim?

If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.

If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.

Consider reporting the attack to the police, and file a report with the Federal Trade Commission. So, if your friend's computer has become infected with such a virus, you could receive an email that may, in fact, come from your friend's computer but which was not authored by your friend. If you have any doubts, verify the message with the person you believe to be the sender before opening any email attachment.

What You Can Do to Avoid Becoming a Victim

Filter Spam

Because most email scams begin with unsolicited commercial email, you should take measures to prevent spam from getting into your mailbox. Most email applications and web mail services include spam-filtering features, or ways in which you can configure your email applications to filter spam. Consult the help file for your email application or service to find out what you must do to filter spam.

You may not be able to eliminate all spam, but filtering will keep a great deal of it from reaching your mailbox. You should be aware that spammers monitor spam filtering tools and software and take measures to elude them. For instance, spammers may use subtle spelling mistakes to subvert spam filters, changing "Potency Pills" to "Poten~y Pills."

Regard Unsolicited Email with Suspicion

Don't automatically trust any email sent to you by an unknown individual or organization. Never open an attachment to unsolicited email. Most importantly, never click on a link sent to you in an email. Cleverly crafted links can take you to forged web sites set up to trick you into divulging private information or downloading viruses, spy ware, and other malicious software.

Spammers may also use a technique in which they send unique links in each individual spam email. Victim 1 may receive an email with the link , and victim 2 may receive the same spam email with the link . By watching which links are requested on their web servers, spammers can figure out which email addresses are valid and more precisely target victims for repeat spam attempts.

Remember that even email sent from a familiar address may create problems: Many viruses spread themselves by scanning the victim computer for email addresses and sending themselves to these addresses in the guise of an email from the owner of the infected computer.

Treat Email Attachments with Caution

Email attachments are commonly used by online scammers to sneak a virus onto your computer. These viruses can help the scammer steal important information from your computer, compromise your computer so that it is open to further attack and abuse, and convert your computer into a 'bot' for use in denial-of-service attacks and other online crimes. As noted above, a familiar "from" address is no guarantee of safety because some viruses spread by first searching for all email addresses on an infected computer and then sending itself to these addresses. It could be your friend's computer is infected with just such a virus.

Use Common Sense

When email arrives in your mailbox promising you big money for little effort, accusing you of violating the Patriot Act, or inviting you to join a plot to grab unclaimed funds involving persons you don't know in a country on the other side of the world, take a moment to consider the likelihood that the email is legitimate.

Install Anti-virus Software and Keep it Up to Date

If you haven't done so by now, you should install anti-virus software on your computer. If possible, you should install an anti-virus program that has an automatic update feature. This will help ensure you always have the most up-to-date protection possible against viruses. In addition, you should make sure the anti-virus software you choose includes an email scanning feature. This will help keep your computer free of email-borne viruses.

Install a Personal Firewall and Keep it Up to Date

A firewall will not prevent scam email from making its way into your mailbox. However, it may help protect you should you inadvertently open a virus-bearing attachment or otherwise introduce malware to your computer by following the instructions in the email. The firewall, among other things, will help prevent outbound traffic from your computer to the attacker. When your personal firewall detects suspicious outbound communications from your computer, it could be a sign you have inadvertently installed malicious programs on your computer.

Learn the Email Policies of the Organizations You Do Business With

Most organizations doing business online now have clear policies about how they communicate with their customers via email. Many, for instance, will not ask you to provide account or personal information via email. Understanding the policies of the organizations you do business with can help you spot and avoid phishing and other scams. Do note, however, that it's never a good idea to send sensitive information via unencrypted email.

Go to main navigation