Fraud Alerts

This page is to notify our members of fraudulent activities that are happening in the financial services world today. Please check this page regularly for new alerts.

Port-Out Scams – 9/25/19

Port-out scams involve fraudsters exploiting the process of transferring a cell phone number from one carrier to another by using phished or stolen account information to carry out the port without the authorization of the phone number’s true owner.

After successfully gathering information about a cellular account (acquired either directly from the victim via phishing or found online), a scammer, posing as the phone number’s true owner, takes the victim’s information to another carrier and requests to port the number to a new account and cell phone. The scammer will then report the victim’s phone as lost or stolen. If the cellular carrier does not require a security PIN number or passcode, or the scammer passes any identity verification measures, the scammer may successfully port the number to a new device and carrier without the victim’s knowledge, shutting down his or her own phone’s cellular service. The scammer, now with exclusive access to the victim’s phone number, can potentially gain access to the victim’s online accounts via two-factor authentication (2FA) codes or keys texted directly to the phone number. This can happen fast, with little time for the victim to stop it or contact anyone for help.

If you find your smartphone suddenly stops making calls or sending texts, or says “Emergency calls only,” your phone number may have been stolen and ported out. Immediately notify your carrier. Report Scam Activity: Report any scams you encounter to local police, your cellular carrier, the Federal Trade Commission, or the Better Business Bureau. Keep a record of any information given to you or sought by the scammer.

Financial institutions should educate their customers/members about this threat.

Many carriers require account PIN numbers or other verification information to port out numbers or give out new SIM cards. However, if the PIN is a birth date, zip code, the last four digits of a social security number, or any information that is easily gathered, scammers can still quickly gain access by trying them all. There are databases online that anyone can log into and find current address, full name, the names of potential victim’s relatives, and more. Just by being aware of the dangers of hacking and by being smart about sharing information, consumers and businesses can protect themselves from a port-out or SIM hijacking scam.

Some tips for protecting yourself from port-out scams and SIM hijacking scams include:

• Use Strong Passwords- Use strong account passwords with a variety of characters (symbols, numbers, and capital letters) for any and all online accounts. Do not repeat passwords for separate accounts.• Use 2-Factor Authentication- If your cell phone carrier allows, sign up for dual-factor authentication (not always the same as an account PIN or passcode) upon logging into your account. In addition, if there’s an option, consider listing an alternative email for authentication instead of a phone number.
• Use Obscure Answers- If your carrier uses security questions for logging in, such as “What street did you grow up on,” try to use obscure answers you won’t be able to find out in a simple address directory search.
• Pin Protection: Most carriers allow you to create a PIN or passcode required to make changes to your account. Make a strong and random PIN number or passcode to access your account in addition to your online password
• Use Public Forum Safety: Avoid leaving personal information online in public forums or on social media such as your phone number, address, or any other personally identifiable info
• Online Marketplace Safety: When dealing with online marketplaces or forums, be careful not to give out personal information unless necessary or you can verify their identity first.
• Keep to yourself: Never give out information on your cellular account over email, online, or over the phone unless you are certain you are speaking with your carrier’s customer service representative.
• Keep track of your mail: Not all identity theft begins digitally. Make sure you keep track of your mail and shred any important documents that could be taken from trash or recycling. Your cell phone, bank, utility, and cable bills all have information that could be used to get a criminal closer to porting a number your phone number.

Below is a list of websites where you can file complaints about internet-related scams, fraud, and crime. Just don’t forget to call your cellular carrier and local police first.
Your local law enforcement’s fraud or cybercrime division.

File a scam complaint with the Better Business Bureau Scam Tracker.
File a complaint with the Department of Justice (DOJ).
File a complaint about online or related transactions with
Federal Trade Commission: Call 1-877-FTC-HELP or file a complaint online.
File a complaint with the Internet Crime Complaint Center (IC3) (IC3 is partnered with the FBI).
File a report on

TFCU Card Fraud – 7/16/18

TFCU has been made aware fraudulent phone calls are being made to our membership from criminals that have used technology to make it appear as if the call is coming from TFCU. The criminals tell the member that a large transaction is pending on their account, and ask the member if they’ve authorized the charge. When the member states they did not make the charge, the criminals ask the member to provide information from the back of their debit or credit card to “verify” the member is still in possession of the card.

Please keep in mind that while TFCU will occasionally call members to verify questionable Debit or Credit Card charges, WE WILL NOT ASK FOR CONFIDENTIAL INFORMATION-INCLUDING THE NUMBERS ON THE BACK OF YOUR CARD. If you receive such a call, hang up immediately and contact us to have your card blocked.

Tips to Avoid Lottery and Sweepstakes Fraud from the BBB – 6/25/18: 

  • True lotteries or sweepstakes don’t ask for money. If they want money for taxes, themselves, or a third party, they are most likely crooks.
  • Call the lottery or sweepstakes company directly to see if you won. Publishers Clearing House (PCH) does have a sweepstakes but does not call people in advance to tell them they’ve won. Report PCH imposters to their hotline at 800-392-4190.
  • Check to see if you won a lottery. Call the North American Association of State and Provincial Lotteries at 440-361-7962 or your local state lottery agency.
  • Do an internet search of the company, name, or phone number of the person who contacted you.
  • Law enforcement does not call and award prizes.
  • Talk to a trusted family member or your bank. They may be able to help you stay in control of your money in the face of fraudster pressure.

Online Dating Romance Scams – 2/13/18: A staggering 12% of people who have used online dating platforms say they have been scammed. Some recent examples illustrate how scammers undergo extensive communications with a potential victim. They will use long messages over the course of weeks or even months and then eventually ask for money as an emergency. Here are some tips to avoid engaging with a scammer. Search their images with TinEye or Google Images and use Romance Scams and Scamalytics to identify known scammers. Fact check their backstory through social media platforms and see what comes up in a search engine. It’s always good to tell a close friend if something seems off, they won’t be invested in the relationship and may have good advice.  Learn more about these crimes and how to protect yourself with this article about avoiding a romance scam.

Fraudulent TFCU Cashier’s Checks – 1/25/18: We have discovered there are fraudulent cashier’s checks circulating that appear to be drawn off of Tucson Federal Credit Union. These fraudulent checks appear to have a light blue hue and they do not have the phone and fax number below the TFCU address. Some of the fraudulent checks have the entire year in the date (2017 or 2018) whereas valid TFCU checks us a two-digit year. Some of the fraudulent checks have both uppercase and lowercase letters in the payee’s name. If you are in receipt of a fraudulent item, please contact a TFCU representative at (520) 795-8520.

The Five Most Common Scams in Southern Arizona – 1/17/18: News 4 Tucson published the top 5 scams in southern Arizona: 5) The “Business Email Compromise” is when a scammer pretends to be a coworker and asks you to send money for business purposes. 4) Scammers use “Fake Check and Money Orders” to pretend to send money and for various reasons ask for a portion back. 3) “Malware,” short for malicious software, tries acquire your data. Don’t follow these unfamiliar links. 2) The “Tech Support Scam” can be a phone call or pop-up asking for money to fix a problem. 1) The number one scam in southern Arizona is “Phishing.” This is when someone tries to pretend they’re someone they’re not to access your data. Visit the previous link to learn more about these scams.

Western Union Refund For Stolen Funds – 11/22/17: the Federal Trade Commission announced a $586 million settlement for those who had money stolen by scammers through Western Union from January 1, 2004 to January 19, 2017. If you’re affected, click here for instructions on submitting your claim by February 12, 2018.

Fraudulent TFCU Cashier’s Checks – 6/20/17: We have discovered there are fraudulent cashier’s checks circulating that appear to be drawn off of Tucson Federal Credit Union. The fraud checks do not have the phone and fax number below the TFCU address; have only the numerical amount on the “Pay” line, without the words “dollars” and “cents”; have asterisks before and after the written amount;  have uppercase and lowercase letters in the payee’s name; and have the month on the date line spelled out alphabetically. If you are in receipt of a fraudulent item, please contact a TFCU representative at (520) 795-8520.

Gas Pump Skimming – 8/22/16: Tucson has seen a dramatic increase of skimming devices at gas stations recently. Just like skimmers at ATMs (see ATM Skimming below), these devices scan your information when inserting your card into the gas pump’s card reader and are usually undetectable. Here’s how to avoid fraud at the gas pump:

  • If possible, prepay inside with the store personnel
  • Pay attention to the payment mechanism for any obvious signs of tampering
  • Look for a tamper evident sticker and if the sticker is broken, notify store personnel
  • If you notice suspicious activity near any gas station pumps, notify store personnel
  • Check bank statements and activity often, report any unauthorized transactions to your financial institution

ATM Skimming – 4/27/16: Criminals have developed devices that they place over an ATM’s card reader that scans your account information when inserting your card into the ATM. Your credentials are then stored or transmitted wirelessly to a nearby device. These card reader overlays, called skimmers, can be undetectable. Skimmers are usually accompanied by a hidden camera or keypad overlay that records PIN numbers. To avoid being an ATM skimming victim:

  • Examine the ATM
    • Look for signs of alteration: scratches, loose parts, damage, adhesives, and tape
  • Scan the ATM for a hidden camera
  • Cover your PIN number with your other hand as you enter it
  • Keep track of your purchases and balances
  • Notify TFCU by calling (520) 795-8520 at the first sign of fraud

Tax Identity Theft Awareness – 3/3/16: Identity theft can lead to fraudulent accounts, loans, and share drafts in your name. Identity thieves can also use your information to claim your refund or get a job under false pretenses. With tax season in full swing, tax refund fraud is steadily on the rise. If you’re a victim, the IRS may send you a notice but there are steps you can take to avoid it entirely. Click here to download a printable PDF on how to prevent, detect, and resolve tax identity theft.

Fraudulent TFCU Cashier’s Checks – 10/14/15: We have discovered that there are fraudulent cashier’s checks circulating that appear to be drawn off of Tucson Federal Credit Union. The checks are issued by a company claiming to offer Secret Shopper related positions. The fraud checks are printed on red and blue hued paper, have both the payee and written amount underlined, have asterisks before and after the dollar amount, and include the words “Issued through Tucson Federal Credit Union” in the memo line.  If you are in receipt of a fraudulent item, please contact a TFCU representative at (520) 795-8520.

Fraudulent NCUA Website: Scammers using a website with a logo and design similar to that of the National Credit Union Administration are attempting to convince consumers to provide sensitive information or send money. According to the NCUA, consumers have received emails from the National Credit Union website, which is not affiliated in any way with the NCUA, a federal agency, and the emails are not from the agency. The site apparently originates in Australia, the NCUA said in its warning, and claims to offer services in the United States, Europe and the Commonwealth of Independent States. The emails attempt to persuade individuals to provide personal information, such as Social Security numbers, account numbers and login information, or transfer large amounts of money. The NCUA warns that consumers should not should neither provide information to this website nor attempt to conduct any financial transactions through it. The NCUA would not request personal or financial information in this manner.

Recent Online Banking Vulnerability Detected: POODLE (Padding Oracle on Downgraded Legacy Encryption) is a new vulnerability exploiting a flaw in SSL (Secure Sockets Layer) 3.0 that has been in the news this week. Older browsers, such as Internet Explorer 6.0 and earlier, use SSL 3.0 by default and require manual enablement of TLS (Transport Layer Security). Once the connection is secured via SSL 3.0, the flaw can be exploited to take malicious action. We take security threats very seriously and prioritize the security of your account information and credentials. Our online banking vendor is disabling support for SSL 3.0 and supporting only TLS protocols, which is not affected by the POODLE vulnerability. Current web browsers use the TLS (Transport Layer Security) protocol by default, so if you are using a current version of your browser, you will not need to take any action. If you are using an older version such as Internet Explorer 6.0 or earlier, in order to continue logging into Online Banking, please update your browser or go to Menu bar -> Tools -> Internet Options -> Advanced tab and under Security, check the box on the TLS 1.0, TLS 1.1, and/or TLS 1.2 options.

Dairy Queen Breach: Dairy Queen announced on Thursday, October 9 that their customers’ payment data has been breached. The stolen data includes names, card numbers, and expiration dates. The malware “Backoff” that caused this security breach has been contained, according to Dairy Queen. A total of 395 stores were affected because of stolen credentials from a third-party vendor, including two Tucson locations at Park Mall and Tucson Mall. See the full list here. Purchases from August to September may have been included in the breach. If you feel your information may have been stolen, continue to monitor your account and notify TFCU of any suspicious activity.

Vishing Scam: There is a new type of cyber-crime called vishing, which is similar to phishing but aims to trick people out of their money using someone’s voice instead of an email. A vishing scheme typically involves a call from a fraudster posing as a bank or credit card security team who asks consumers to call the emergency number on the back of their card to take care of a problem with their account. These fraudsters stay on the line and generate a fake dial tone, so consumers are still connected when they think they are dialing their bank, making it easy for criminals to obtain account information or permission to move the customer’s money to a new account that they have created. These concerns come at a time when the nation’s biggest bank by assets, JPMorgan Chase, reported that contact information for 76 million households and 7 million companies was stolen by hackers.

Jimmy John’s Data Breach: Jimmy John’s restaurants have announced a data breach similar to those that affected Home Depot and Target. In this episode, point-of-sale payment processor credentials were stolen and used to access consumer information. The breach affected 216 locations in 39 states, which calculates to 11% of Jimmy John’s stores from both franchise and corporate locations. The duration of the exposure lasted from June 16 to September 5. One Tucson location and nine other Arizona locations were affected. Click here to see the full list. If you feel you may have been affected, monitor your account and notify us of any erroneous charges.

Retailer Systems Compromised: Home Depot announced on Monday, September 8, that their data system was breached. Analysts believe that PIN information was not compromised but they are still working to determine the exact data that was stolen. According to the media, purchases as far back as April may have been compromised. If you feel you may have been impacted, monitor your account and notify TFCU if any fraud exists.

Clickjacking and Emmental Threats in the Media: Several recent publications have discussed security threats that have been around for a while but may have implications, present and future, for online privacy. Clickjacking is a method by which hackers are able to overlay an undetected web page that can steal credentials and personal information that the user thinks is on the legitimate page. Digital Insight, our online provider, has all the recommendations and best practices in place to disarm any clickjacking attempts.

While it has not yet surfaced in the U.S., Emmental is a scam that targets mobile devises. As an example, an email may request the user to link to, or download, a one-time pass code for their online banking provider. Once accessed, a virus infects the devise and is able to redirect the user to malicious sites that can steal information such as online banking credentials. While TFCU utilizes methods of multi-factor authentication that deter this risk, we recommend practicing the following suggestions:

Installing an antivirus app and keeping it updated
Avoiding installing apps from third-party websites or unreliable sources
Reading the permissions requested by every application before installing
Performing regular backup of data stored in devices
Protecting devices with a password
Not viewing or sharing personal information over a public Wi-Fi network

Two New Online Banking Security Threats: It has been recently announced that a foreign malware known as Svpeng has made it to the U.S. It is known to attack Android mobile devises and render them unusable. An earlier version of the bug has been reported to have the ability to scan for banking apps and when the app is opened, a fake username and password screen appears that stores the user’s credentials. Currently, this bug has not targeted any credit unions in the U.S. but Tucson Federal Credit Union and our online banking provider Digital Insight are monitoring the situation to ensure the protection of your financial information.

Dyreza or “Dyre” is another banking malware that will redirect financial institution access to malicious servers. If you access an infected link, the website will appear to have a secure connection with a legitimate online banking site. These links may come from spam e-mail messages such as “Your FED TAX payment ID [random number]” and “RE: Invoice #[random number].” These messages contain a “.zip” which can be hosted on legitimate domains, to minimize suspicion. Though Dyreza is similar to Svpeng in that it will steal online banking credentials, it can affect any devise with access to the internet. Please be cautious with the links you open. TFCU is not known to be targeted by Dyreza either, but we are keeping a watchful eye.

“HeartBleed” Bug: Tucson Federal Credit Union is working with Digital Insight to closely monitor the “HeartBleed” bug that you may be hearing about in the media. Digital Insight’s research shows the bug affects a platform called OpenSSL which we do not use. They have completed a preliminary assessment which has not uncovered any vulnerabilities. Rest assured both TFCU and Digital Insight are doing everything we can to help ensure that your information is safe.

Apple iOS SSL/TSL Vulnerability: Apple recently released iOS 7.0.6 and Mac OS X 10.9.2 to fix a vulnerability in its implementation of SSL/TLS. This vulnerability affects a variety of devices including iPhones and iPads running iOS 6.x or 7.x and Macs running OS X 10.9.x Mavericks. SSL and TLS are security protocols used to establish encrypted links between your device and resources on the Internet. An important function of SSL/TLS is to ensure the authenticity of the website to which you are connecting. Because certain SSL/TLS functionality does not work properly on Apple’s more recent operating systems, which a is big security risk, they released these unscheduled updates. To safeguard against any possible security threats, we highly recommend you update your Apple mobile device to iOS 7.0.6.

‘Vishing’ Scam: ALEXANDRIA, Va. (1/22/14)–The National Credit Union Administration released a warning to consumers Tuesday telling them to beware of a “vishing” scheme that uses the agency’s name in phone calls that attempt to get personal financial information from the targeted person. The warning states that several credit union members have been contacted by an automated phone call claiming to be from the NCUA and notifying consumers their debit cards have been compromised. The call then asks the receiver to follow prompts, which request personal information, including sensitive financial data and personal identification information.

Target Breach: Tucson Federal Credit Union is aware of the data breach that occurred on millions of cards used at Target stores between the dates of November 27 and December 15.

(Update January 10, 2014): Target posted today that non-card information from their customers may also have been stolen. The information stolen includes names, mailing addresses, phone numbers, and email addresses for up to 70 million individuals. Please be assured that this type of data is not part of the information included in a credit or debit card transaction; however this type of information has the potential to be used for phishing scams or other types of identity theft attempts. For example, a member may be asked to respond to an email that appears to be from TFCU which requests that personal and card information be updated. TFCU will never request this type information from our members via email or phone. If you do receive a phone call or email requesting this type of information, do not respond and contact the credit union.

Part of our commitment to you, our member, is to provide confidence in the use of your TFCU debit or credit card. Although it cannot be guaranteed that every fraudulent attempt on a card will be detected and denied, be assured that TFCU utilizes robust industry fraud detection tools to identify and deny potential fraudulent transactions. This data breach is card information-only, and does not include information about your TFCU account. Click here to view the official statement directly from Target.

Microsoft Scam: In July 2013, some members reported getting calls from fraudsters posing to be representatives from Microsoft. The scammers told the members that their computers had viruses; that they were calling to assist in the clean-up of those viruses. The caller stated a need for the member’s Online Banking information to ensure that there are no viruses present there. Members should never reveal their Online Banking or other personal information in calls they did not initiate.

Advisory for Potential DDoS Attack on May 7, 2013: Intuit has been made aware of a potential DDoS attack aimed at numerous providers nationwide. Intuit continuously works detect and mitigate DDoS attacks as quickly as possible, with minimal impact to customers. Although TFCU and members’ personal data are not at risk during DDoS attacks, concern during such attacks often lingers among banking customers and credit union members. For answers to frequently asked questions about DoS and DDoS attacks, click here.

Phishing Emails Posing as TurboTax Messages: On February 14, 2013, Intuit was advised of a phishing campaign using emails that appear to be related to TurboTax. The email claims, “Your State Return Has Been Rejected!” and asks you to sign-in using a fraudulent link. These emails do not originate from Intuit or TurboTax. Although our financial service products are not affected, we must warn members never to open the attachment or forward the email; instead they should delete the email right away. To view a copy of the fraudulent email, click here.

“Fedchoice” Text Message Scam: In November of 2012, some members reported receiving the following text message from (678) 905-8907: “Fedchoice has to take several measure and block all credit cards due to the large number of fraud committed in this period. Call free 1-678-905-8607 and re-activate your ATM card. We apologize and thank you for your understanding, safety is our priority.” Members should not reply or provide any information. The accounts of members who receive this message remain safe and have not been compromised.

Fraudulent “eNFACT” Emails: Some member have reported being subject to a phishing email scam with “eNFACT” as the subject and/or sender. The email directs recipients to click on a link that takes them to a mock site that may install malicious software. Recipients of the attached email should NOT open it or, if they do, should NOT to click on the link. For an example of the email and additional instructions should you receive it, click here.

Fraudulent Debit Card Phone Calls: Some members have reported receiving a phone call from (317) 215-5328 stating that there is a issue with their debit card, and they must answer some security questions. These calls were initiated by scammers in an attempt to obtain personal information. TFCU would not make calls of this nature and would never ask for personal information on a call we initiated.

California ATM Fraud: In April of 2011, many financial institutions began taking measures to ensure customer and member protection by blocking the usage of ATMs in California, encouraging of the usage of the cash back option during POS transactions, or using Shared Branching locations to withdraw from your account while in CA. This precautionary measure was temporary and has since been lifted.

Text Scams: In June of 2009, some members received fraudulent phone calls/text messages. The messages stated that they needed to call a number because their debit/credit card had been blocked and needed to be activated. The phone calls did not mention a specific credit union. When the member attempted to call that number, it asked for their entire card number and pin number. Please remember that TFCU would never call or text a member asking for that information. If you are unsure if a notification is legitimate, please call TFCU at (520) 795-8520.

Ongoing: Email Scams: Be wary of ANY email requesting your assistance with moving money, lottery winnings, inheritances, or helping to save a government from overthrow. These emails are fraudulent and currently very active. Click here to see a sample of this type of email.