Security and Scam Prevention Tips

Members have reported receiving phone calls from what looks to be VCCU's main phone number asking to verify their Online/Mobile banking login information, one-time verification passcode or password. This is a Caller ID Spoofing Scam.

Spoofing calls appear to be from local or known sources, but they are actually thieves attempting to gain access to your accounts.
 
If you receive a suspicious phone call, email or text message:

1. Hang up and call our main phone number to confirm if we are trying to contact you.
2. Don’t reply, and don’t click on links provided in emails or text messages. 
3. Do not share personal information such as your SSN, password, one-time passcode, credit or debit card number with anyone if you did not initiate.
4. Review your accounts regularly for unauthorized charges and report them to us right away.
5. Report fraud to the Federal Trade Commission (FTC) at ftc.gov.

If you have received a suspicious phone call, text message or email from us or have further questions, please call 805.477.4000.

College students are recruited through social media, including Facebook and YouTube and in-person at college campuses. Willing participants provide the fraudsters with their ATM/debit cards and PINs. The fraudsters deposit fraudulent checks (stolen or counterfeit checks) to the student accounts via ATMs and subsequently withdraw the funds. The fraudulent checks are subsequently returned unpaid and charged back to the students’ accounts. Following the fraudsters’ instructions, the participants report their ATM/debit card as lost or stolen and that the transactions were fraudulent.

Be aware that you may not be entitled to protection for unauthorized use of your ATM/debit card if you willingly provide your card to the fraudsters.

Members answer an online advertisement offering money to have their cars “wrapped” with advertising from a reputable company. The offer usually includes a lucrative up-front payment and then monthly installments for just driving around in your car and displaying their ads. The scammer sends a check for more than was agreed upon and asks the victim to deposit or cash the item and send electronically the difference directly to the graphic artist that will be performing the installation on the car using Western Union or MoneyGram. The check winds up returning and no one shows up to wrap the car.

TIP: Never accept a check for deposit for more than was agreed on upfront and always let a credit union employee verify the check before depositing it.

With the economy and job markets still struggling, unemployed members searching for work have been victimized by “work from home” scams. The members have been contacted, interviewed and hired via email. After performing a minor task like a “mystery shop” or a making a travel arrangement, they receive a check in the mail that represents an “excess payment.” The boss asks them to cash the check at their financial institution, and return the overpayment via Western Union or MoneyGram. The original check ultimately returns unpaid as a counterfeit and the member incurs a loss.

TIP: Ask a credit union employee to verify the check for you before negotiating it!

Gift card scams. Gift cards are a popular way for scammers to steal money from you. Gift cards are for gifts, not payments. Anyone who demands payment by gift card is always a scammer.

Watch this video from the Federal Trade Commission (FTC) on how to detect and report common gift card scams. Learn more about gift card scams here. 

Scammers pose as grandchildren in distress and needing money wired to them immediately due to a car accident, an emergency medical situation, or to be released from jail in a foreign country.

TIP: The perpetrator will often plead with the victim not to tell anyone. Credit union employees are kept aware of the current scams targeted at our membership and can help you validate the information before you send the money.

Members selling an item on an online site such as Craigslist are sent a check for more than the amount requested. The buyer contacts the member and states to deposit or cash the item and send the difference back electronically. Additionally they may state the difference is for a moving company to pick up and transport the item. The member is instructed to send the difference via Western Union or MoneyGram to the moving company. The original check ends up returning and the member is left with a bad check and the merchandise they tried to sell.

TIP: Never accept payment for more than you agreed to sell the item for and make sure to have a credit union employee verify the check before depositing.

What is Phishing? 
Scammers use email or text messages to try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could get access to your email, bank, or other accounts. 

How do I recognize a phishing scam?
Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. You might get an unexpected email or text message that looks like it’s from a company you know or trust, like a bank or a credit card or utility company. Or maybe it’s from an online payment website or app.

Here’s a real-world example of a phishing email:


Signs that this email is a scam
Even though it looks like it comes from a company you know — and even uses the company’s logo in the header:

• The email has a generic greeting.
• The email says your account is on hold because of a billing problem.
• The email invites you to click on a link to update your payment details.

While real companies might communicate with you by email, legitimate companies won’t email or text with a link to update your payment information. Phishing emails can often have real consequences for people who give scammers their information, including identity theft.

Four ways to protect yourself from phishing

1. Protect your computer by using security software. Set the software to update automatically so it will deal with any new security threats.
2. Protect your cell phone by setting software to update automatically. These updates could give you critical protection against security threats.
3. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication.
4. Protect your data by backing it up. Back up the data on your computer to an external hard drive or in the cloud. Back up the data on your phone, too.

What to do if you suspect a phishing attack
If you get an email or a text message that asks you to click on a link or open an attachment, answer this question: 

• Do I have an account with the company or know the person who contacted me?
  • If the answer is “No,” it could be a phishing scam. Go back and review the advice in How to recognize phishing and look for signs of a phishing scam. If you see them, report the message and then delete it.
  • If the answer is “Yes,” contact the company using a phone number or website you know is real — not the information in the email. Attachments and links might install harmful malware.

What to do if you responded to a phishing email
If you think a scammer has your information, like your Social Security, credit card, or bank account number, go to IdentityTheft.gov. There you’ll see the specific steps to take based on the information that you lost.

If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software. Then run a scan and remove anything it identifies as a problem.

How to report phishing
If you got a phishing email or text message, report it. The information you give helps fight scammers.

• If you got a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org.
• If you got a phishing text message, forward it to SPAM (7726).
• Report the phishing attempt to the FTC at ReportFraud.ftc.gov.

To learn more about Phishing Scams, visit Consumer.ftc.gov.

Elderly members are being targeted via the internet on dating sites. The alleged suitor spends time getting to know the victim and gaining their trust and personal information. Soon the scammer asks for money claiming a tragedy has befallen them and they need it desperately. Often they create fake online profiles and prey on the sympathy and loneliness of their victims.

TIP: Never give personal information or money to someone that you have never met. Don’t trust people on the internet even though they may have a dating profile that looks legitimate.