This page is to notify our members of fraudulent activities that are happening in the financial services world today. Please check this page regularly for new alerts.
The Five Most Common Scams in Southern Arizona – 1/17/18: News 4 Tucson published the top 5 scams in southern Arizona on the KVOA website. 5) The “Business Email Compromise” is when a scammer pretends to be a coworker and asks you to send money for business purposes. 4) Scammers use “Fake Check and Money Orders” to pretend to send money and for various reasons ask for a portion back. 3) “Malware,” short for malicious software, tries acquire your data. Don’t follow these unfamiliar links. 2) The “Tech Support Scam” can be a phone call or pop-up asking for money to fix a problem. 1) The number one scam in southern Arizona is “Phishing.” This is when someone tries to pretend they’re someone they’re not to access your data. Visit the previous link to learn more about these scams.
Western Union Refund For Stolen Funds – 11/22/17: the Federal Trade Commission announced a $586 million settlement for those who had money stolen by scammers through Western Union from January 1, 2004 to January 19, 2017. If you’re affected, click here for instructions on submitting your claim by February 12, 2018.
Fraudulent TFCU Cashier’s Checks – 6/20/17: We have discovered there are fraudulent cashier’s checks circulating that appear to be drawn off of Tucson Federal Credit Union. The fraud checks do not have the phone and fax number below the TFCU address; have only the numerical amount on the “Pay” line, without the words “dollars” and “cents”; have asterisks before and after the written amount; have uppercase and lowercase letters in the payee’s name; and have the month on the date line spelled out alphabetically. If you are in receipt of a fraudulent item, please contact a TFCU representative at (520) 795-8520.
Gas Pump Skimming – 8/22/16: Tucson has seen a dramatic increase of skimming devices at gas stations recently. Just like skimmers at ATMs (see ATM Skimming below), these devices scan your information when inserting your card into the gas pump’s card reader and are usually undetectable. Here’s how to avoid fraud at the gas pump:
- If possible, prepay inside with the store personnel
- Pay attention to the payment mechanism for any obvious signs of tampering
- Look for a tamper evident sticker and if the sticker is broken, notify store personnel
- If you notice suspicious activity near any gas station pumps, notify store personnel
- Check bank statements and activity often, report any unauthorized transactions to your financial institution
ATM Skimming – 4/27/16: Criminals have developed devices that they place over an ATM’s card reader that scans your account information when inserting your card into the ATM. Your credentials are then stored or transmitted wirelessly to a nearby device. These card reader overlays, called skimmers, can be undetectable. Skimmers are usually accompanied by a hidden camera or keypad overlay that records PIN numbers. To avoid being an ATM skimming victim:
- Examine the ATM
- Look for signs of alteration: scratches, loose parts, damage, adhesives, and tape
- Scan the ATM for a hidden camera
- Cover your PIN number with your other hand as you enter it
- Keep track of your purchases and balances
- Notify TFCU by calling (520) 795-8520 at the first sign of fraud
- Download CardValet* for the ability to turn TFCU cards on/off
Tax Identity Theft Awareness – 3/3/16: Identity theft can lead to fraudulent accounts, loans, and share drafts in your name. Identity thieves can also use your information to claim your refund or get a job under false pretenses. With tax season in full swing, tax refund fraud is steadily on the rise. If you’re a victim, the IRS may send you a notice but there are steps you can take to avoid it entirely. Click here for a resource on how to prevent, detect, and resolve tax identity theft. Click here to download a printable PDF.
Fraudulent TFCU Cashier’s Checks – 10/14/15: We have discovered that there are fraudulent cashier’s checks circulating that appear to be drawn off of Tucson Federal Credit Union. The checks are issued by a company claiming to offer Secret Shopper related positions. The fraud checks are printed on red and blue hued paper, have both the payee and written amount underlined, have asterisks before and after the dollar amount, and include the words “Issued through Tucson Federal Credit Union” in the memo line. If you are in receipt of a fraudulent item, please contact a TFCU representative at (520) 795-8520.
Fraudulent NCUA Website: Scammers using a website with a logo and design similar to that of the National Credit Union Administration are attempting to convince consumers to provide sensitive information or send money. According to the NCUA, consumers have received emails from the National Credit Union website, which is not affiliated in any way with the NCUA, a federal agency, and the emails are not from the agency. The site apparently originates in Australia, the NCUA said in its warning, and claims to offer services in the United States, Europe and the Commonwealth of Independent States. The emails attempt to persuade individuals to provide personal information, such as Social Security numbers, account numbers and login information, or transfer large amounts of money. The NCUA warns that consumers should not should neither provide information to this website nor attempt to conduct any financial transactions through it. The NCUA would not request personal or financial information in this manner.
Recent Online Banking Vulnerability Detected: POODLE (Padding Oracle on Downgraded Legacy Encryption) is a new vulnerability exploiting a flaw in SSL (Secure Sockets Layer) 3.0 that has been in the news this week. Older browsers, such as Internet Explorer 6.0 and earlier, use SSL 3.0 by default and require manual enablement of TLS (Transport Layer Security). Once the connection is secured via SSL 3.0, the flaw can be exploited to take malicious action. We take security threats very seriously and prioritize the security of your account information and credentials. Our online banking vendor is disabling support for SSL 3.0 and supporting only TLS protocols, which is not affected by the POODLE vulnerability. Current web browsers use the TLS (Transport Layer Security) protocol by default, so if you are using a current version of your browser, you will not need to take any action. If you are using an older version such as Internet Explorer 6.0 or earlier, in order to continue logging into Online Banking, please update your browser or go to Menu bar -> Tools -> Internet Options -> Advanced tab and under Security, check the box on the TLS 1.0, TLS 1.1, and/or TLS 1.2 options.
Dairy Queen Breach: Dairy Queen announced on Thursday, October 9 that their customers’ payment data has been breached. The stolen data includes names, card numbers, and expiration dates. The malware “Backoff” that caused this security breach has been contained, according to Dairy Queen. A total of 395 stores were affected because of stolen credentials from a third-party vendor, including two Tucson locations at Park Mall and Tucson Mall. See the full list here. Purchases from August to September may have been included in the breach. If you feel your information may have been stolen, continue to monitor your account and notify TFCU of any suspicious activity.
Vishing Scam: There is a new type of cyber-crime called vishing, which is similar to phishing but aims to trick people out of their money using someone’s voice instead of an email. A vishing scheme typically involves a call from a fraudster posing as a bank or credit card security team who asks consumers to call the emergency number on the back of their card to take care of a problem with their account. These fraudsters stay on the line and generate a fake dial tone, so consumers are still connected when they think they are dialing their bank, making it easy for criminals to obtain account information or permission to move the customer’s money to a new account that they have created. These concerns come at a time when the nation’s biggest bank by assets, JPMorgan Chase, reported that contact information for 76 million households and 7 million companies was stolen by hackers.
Jimmy John’s Data Breach: Jimmy John’s restaurants have announced a data breach similar to those that affected Home Depot and Target. In this episode, point-of-sale payment processor credentials were stolen and used to access consumer information. The breach affected 216 locations in 39 states, which calculates to 11% of Jimmy John’s stores from both franchise and corporate locations. The duration of the exposure lasted from June 16 to September 5. One Tucson location and nine other Arizona locations were affected. Click here to see the full list. If you feel you may have been affected, monitor your account and notify us of any erroneous charges.
Retailer Systems Compromised: Home Depot announced on Monday, September 8, that their data system was breached. Analysts believe that PIN information was not compromised but they are still working to determine the exact data that was stolen. According to the media, purchases as far back as April may have been compromised. If you feel you may have been impacted, monitor your account and notify TFCU if any fraud exists.
Clickjacking and Emmental Threats in the Media: Several recent publications have discussed security threats that have been around for a while but may have implications, present and future, for online privacy. Clickjacking is a method by which hackers are able to overlay an undetected web page that can steal credentials and personal information that the user thinks is on the legitimate page. Digital Insight, our online provider, has all the recommendations and best practices in place to disarm any clickjacking attempts.
While it has not yet surfaced in the U.S., Emmental is a scam that targets mobile devises. As an example, an email may request the user to link to, or download, a one-time pass code for their online banking provider. Once accessed, a virus infects the devise and is able to redirect the user to malicious sites that can steal information such as online banking credentials. While TFCU utilizes methods of multi-factor authentication that deter this risk, we recommend practicing the following suggestions:
Installing an antivirus app and keeping it updated
Avoiding installing apps from third-party websites or unreliable sources
Reading the permissions requested by every application before installing
Performing regular backup of data stored in devices
Protecting devices with a password
Not viewing or sharing personal information over a public Wi-Fi network
Two New Online Banking Security Threats: It has been recently announced that a foreign malware known as Svpeng has made it to the U.S. It is known to attack Android mobile devises and render them unusable. An earlier version of the bug has been reported to have the ability to scan for banking apps and when the app is opened, a fake username and password screen appears that stores the user’s credentials. Currently, this bug has not targeted any credit unions in the U.S. but Tucson Federal Credit Union and our online banking provider Digital Insight are monitoring the situation to ensure the protection of your financial information.
Dyreza or “Dyre” is another banking malware that will redirect financial institution access to malicious servers. If you access an infected link, the website will appear to have a secure connection with a legitimate online banking site. These links may come from spam e-mail messages such as “Your FED TAX payment ID [random number]” and “RE: Invoice #[random number].” These messages contain a “.zip” which can be hosted on legitimate domains, to minimize suspicion. Though Dyreza is similar to Svpeng in that it will steal online banking credentials, it can affect any devise with access to the internet. Please be cautious with the links you open. TFCU is not known to be targeted by Dyreza either, but we are keeping a watchful eye.
“HeartBleed” Bug: Tucson Federal Credit Union is working with Digital Insight to closely monitor the “HeartBleed” bug that you may be hearing about in the media. Digital Insight’s research shows the bug affects a platform called OpenSSL which we do not use. They have completed a preliminary assessment which has not uncovered any vulnerabilities. Rest assured both TFCU and Digital Insight are doing everything we can to help ensure that your information is safe.
Apple iOS SSL/TSL Vulnerability: Apple recently released iOS 7.0.6 and Mac OS X 10.9.2 to fix a vulnerability in its implementation of SSL/TLS. This vulnerability affects a variety of devices including iPhones and iPads running iOS 6.x or 7.x and Macs running OS X 10.9.x Mavericks. SSL and TLS are security protocols used to establish encrypted links between your device and resources on the Internet. An important function of SSL/TLS is to ensure the authenticity of the website to which you are connecting. Because certain SSL/TLS functionality does not work properly on Apple’s more recent operating systems, which a is big security risk, they released these unscheduled updates. To safeguard against any possible security threats, we highly recommend you update your Apple mobile device to iOS 7.0.6.
‘Vishing’ Scam: ALEXANDRIA, Va. (1/22/14)–The National Credit Union Administration released a warning to consumers Tuesday telling them to beware of a “vishing” scheme that uses the agency’s name in phone calls that attempt to get personal financial information from the targeted person. The warning states that several credit union members have been contacted by an automated phone call claiming to be from the NCUA and notifying consumers their debit cards have been compromised. The call then asks the receiver to follow prompts, which request personal information, including sensitive financial data and personal identification information.
Target Breach: Tucson Federal Credit Union is aware of the data breach that occurred on millions of cards used at Target stores between the dates of November 27 and December 15.
(Update January 10, 2014): Target posted today that non-card information from their customers may also have been stolen. The information stolen includes names, mailing addresses, phone numbers, and email addresses for up to 70 million individuals. Please be assured that this type of data is not part of the information included in a credit or debit card transaction; however this type of information has the potential to be used for phishing scams or other types of identity theft attempts. For example, a member may be asked to respond to an email that appears to be from TFCU which requests that personal and card information be updated. TFCU will never request this type information from our members via email or phone. If you do receive a phone call or email requesting this type of information, do not respond and contact the credit union.
Part of our commitment to you, our member, is to provide confidence in the use of your TFCU debit or credit card. Although it cannot be guaranteed that every fraudulent attempt on a card will be detected and denied, be assured that TFCU utilizes robust industry fraud detection tools to identify and deny potential fraudulent transactions. This data breach is card information-only, and does not include information about your TFCU account. Click here to view the official statement directly from Target.
Microsoft Scam: In July 2013, some members reported getting calls from fraudsters posing to be representatives from Microsoft. The scammers told the members that their computers had viruses; that they were calling to assist in the clean-up of those viruses. The caller stated a need for the member’s Online Banking information to ensure that there are no viruses present there. Members should never reveal their Online Banking or other personal information in calls they did not initiate.
Advisory for Potential DDoS Attack on May 7, 2013: Intuit has been made aware of a potential DDoS attack aimed at numerous providers nationwide. Intuit continuously works detect and mitigate DDoS attacks as quickly as possible, with minimal impact to customers. Although TFCU and members’ personal data are not at risk during DDoS attacks, concern during such attacks often lingers among banking customers and credit union members. For answers to frequently asked questions about DoS and DDoS attacks, click here.
Phishing Emails Posing as TurboTax Messages: On February 14, 2013, Intuit was advised of a phishing campaign using emails that appear to be related to TurboTax. The email claims, “Your State Return Has Been Rejected!” and asks you to sign-in using a fraudulent link. These emails do not originate from Intuit or TurboTax. Although our financial service products are not affected, we must warn members never to open the attachment or forward the email; instead they should delete the email right away. To view a copy of the fraudulent email, click here.
“Fedchoice” Text Message Scam: In November of 2012, some members reported receiving the following text message from (678) 905-8907: “Fedchoice has to take several measure and block all credit cards due to the large number of fraud committed in this period. Call free 1-678-905-8607 and re-activate your ATM card. We apologize and thank you for your understanding, safety is our priority.” Members should not reply or provide any information. The accounts of members who receive this message remain safe and have not been compromised.
Fraudulent “eNFACT” Emails: Some member have reported being subject to a phishing email scam with “eNFACT” as the subject and/or sender. The email directs recipients to click on a link that takes them to a mock site that may install malicious software. Recipients of the attached email should NOT open it or, if they do, should NOT to click on the link. For an example of the email and additional instructions should you receive it, click here.
Fraudulent Debit Card Phone Calls: Some members have reported receiving a phone call from (317) 215-5328 stating that there is a issue with their debit card, and they must answer some security questions. These calls were initiated by scammers in an attempt to obtain personal information. TFCU would not make calls of this nature and would never ask for personal information on a call we initiated.
California ATM Fraud: In April of 2011, many financial institutions began taking measures to ensure customer and member protection by blocking the usage of ATMs in California, encouraging of the usage of the cash back option during POS transactions, or using Shared Branching locations to withdraw from your account while in CA. This precautionary measure was temporary and has since been lifted.
Text Scams: In June of 2009, some members received fraudulent phone calls/text messages. The messages stated that they needed to call a number because their debit/credit card had been blocked and needed to be activated. The phone calls did not mention a specific credit union. When the member attempted to call that number, it asked for their entire card number and pin number. Please remember that TFCU would never call or text a member asking for that information. If you are unsure if a notification is legitimate, please call TFCU at (520) 795-8520.
Ongoing: Email Scams: Be wary of ANY email requesting your assistance with moving money, lottery winnings, inheritances, or helping to save a government from overthrow. These emails are fraudulent and currently very active. Click here to see a sample of this type of email.
*CardValet is a trademark of Fiserv, Inc. or its affiliates. The mobile app is offered as a free service to Tucson Federal Credit Union Members. You may incur charges assessed by your mobile service provider. Message and data rates may apply.