New scams
Text message scam targets ACU members
Some Arsenal Credit Union members and many non-members reported that they received text messages on their cell phones beginning on Feb. 23 claiming to be from Arsenal Credit Union. The message states that their online bill pay service has expired and that they need to renew it ASAP by calling a “toll-free” number (801-704-0928). The text message came from members@arsenalcu.org. Those calling the number heard an automated message from “Arsenal Credit Union.” Members were asked to input their credit card or debit card number. It’s unknown if any other private information was asked for.
New phone numbers may surface, and the message itself may also change, but they are only different versions of the same scam. Arsenal Credit Union does not send text messages to its members and would never ask for sensitive information through an automated message. The E-mail address and phone number given do not belong to Arsenal Credit Union. If you have given out your personal information as a result of this or another scam, call us immediately at 314.962.6363.
Tax rebate scams
The Internal Revenue Service (IRS) warns taxpayers to beware of several current E-mail and telephone scams that use the IRS name as a lure. Taxpayers should especially be on the lookout for scams involving proposed advance payment checks, known informally as rebates.
The IRS expects such scams to continue through the end of tax return filing season and beyond. The most recent scams brought to IRS attention include phone calls offering a sizable rebate via direct deposit if the victim files his taxes early and inquiring about an uncashed IRS paper check and E-mails offering tax refunds, threatening audits, and providing downloads to tax law changes. Because they all claim to be from the IRS, they may seem legitimate, but here are a few tips to verify that they are all scams:
Phishing scam targets ACU members
Please be aware that there is an E-mail that began circulating on Feb. 15, 2008, that claims to be from Arsenal and requests personal information from "clients" to avoid having their account suspended. A link included in the E-mail, which looks like the same address as our online banking site, takes users to a replication of our home banking sign-on page, but please note that it is not safe to log in to this page. The URL at the top of the page that opens is different than what's what appears on our Web site. In addition, this page is not secure; ours carries a secure certificate (noted by the lock at the bottom of the browser window).
Your account information is not ask risk because you received the E-mail; spammers automatically generate addresses and even sent the E-mail to people who do not below to ACU. Your information would be at risk if you were to follow the link in the E-mail and enter your information on the fraudulent site.
Arsenal would never ask for your personal information via E-mail. If you ever receive an E-mail claiming to be from Arsenal that you feel is fraudulent, do not respond to the E-mail. Instead, contact us immediately at 314.962.6363. Always log into your ACU account or any secure site through a known link, not something you've received via E-mail.
The copy of the fraudulent E-mail is below.
Dear Arsenal Credit Union client,
You have received this email because you or someone had used your account from different locations. For security purpose, we are required to open an investigation into this matter.
In order to safeguard your account, we require that you confirm your banking details.
The help speeed up to this process, please access the following link so we ca complete the verification of your Arsenal Credit Union Online Banking Account registration information.
https://www.arsenalcu.org/onlineserv/HB/Signon.cgi [ACU removed this link for your safety.]
If we do no receive the appropriate account verification within 48 hours, then we will assume this Arsenal Credit Union account is fraudulent and will be suspended.
The purpose of this verification is to ensure that your bank account has not been fraudulently used and to combat the fraud from our community.
We appreciate your support and understanding and thank you for your prompt attention to this matter.
Computer virus affects bill pay users
Please be on the look out for a new virus that may be on your computer. This virus may cause a fraudulent screen to appear in the ACU online bill pay window. The screen posts messages that attempt to trick you into providing sensitive information such as your account number and passwords – information the bill pay system already knows and you should not provide again.
The fraudulent message is generated from outside of the ACU online banking system, but members may be impacted if they have unknowingly infected their computers with the new virus through activities such as illegally trading software, executing files sent via E-mail, or allowing scripts to execute while browsing the Internet.
If you question the validity of a screen in online banking, please call Arsenal Credit Union at 314.962.6363.
Jury duty telephone scam
Thieves posing as local court officials call potential victims and claim that a warrant has been issued for his or her arrest because the victim has failed to report for jury duty. After the victim states that he/she never received a jury duty notification, the thief asks for confidential information (i.e., Social Security number, birth date) for “verification” purposes or even payment information (i.e. credit card number, bank account details) for alleged fines.
Don’t be scared into giving out your personal information; court personnel will never ask for private information over the phone and typically only communicate via traditional mail.
So no matter how official it seems, never give out confidential or personal information when receiving unsolicited phone calls or E-mails. If you think the contact is legitimate, be sure to get the name of the company and its contact information then use directory assistance to verify and cross-reference the information given. Do not rely on the phone number the caller provides as a means of verifying the authenticity of the call. Scam artists will often have an accomplice answer the phone to appear legitimate in the event of a return call.
Credit card telephone scam
There is a new fraudulent attempt to capture card numbers through an automated telephone service. The system randomly calls phone numbers and states it is the credit union. It asks the member to enter their 16-digit debit or credit card number, expiration date and personal identification number (PIN).
Arsenal Credit Union would never call you to ask for this information. If you get an unsolicited call claiming to be from Arsenal CU asking for personal or account information, do not provide this information. Instead, verify the call and the request by calling our main number - 314.962.6363 (or 1.800.719.6363).
E-mail greeting cards
Be on the lookout for phishy online greeting cards. An E-greeting card sent over the Internet may say it is from a friend, family member, or secret admirer, but it may be from a phisher instead.
These fraudulent cards are sent year round but are more frequent around holidays, when your defenses are down.
A recent E-greeting card scheme was uncovered in Australia when a major cybercrime group used fake Yahoo! Greetings cards to infect computers with malicious software that tracked computer keystrokes. The keylogger then was used to collect credit card numbers, bank account user names, and passwords.
Use caution when you get an E-greeting in your in-box:
Phishing: educational E-mail
An E-mail (below) that was supposedly sent out by a credit union contains information warning members about phishing. Ironically, however, the message also encourages members to follow a link to log into the credit union's online banking system; the link does not go to the credit union's online banking site but to a fraudulent site that collects the member's information for fraud.
Avoid following links you receive in unsolicited E-mails, and do not enter any personal information on these sites. Instead, if you think the contact is valid, visit the Web site by typing the Web address, if you know it, directly into your browser you know (or you can get the correct address from valid communication from the institution).
Fraudulent E-mail
Dear Member,
At [the credit union], we are committed to protecting your financial interests with secure technology and educate you with “best practices” for staying secure on the Internet. As a [credit union] member, we want to make you aware of the increasing use of "phishing" and "spoofing" to obtain sensitive personal information.
"Phishing" is a type of fraud where an e-mail asks you, often with a sense of urgency, to click a link to update or confirm your sensitive personal information, such as your account numbers, card numbers, social security/tax identification numbers, passwords, or PINs.
To enhance the security when accessing your on-line accounts, [we have] implemented an additional layer to our on-line security system. You may be requested to answer security questions in order to complete your log in to the Online Teller system.
Click here to log in to the Online Teller system. Please do not reply to this message.Phishing: CUNA online survey
An E-mail claiming to be from the Credit Union National Association (CUNA) offers $50 for completing an online survey. After consumers finish the survey, they are asked to provide credit card information, allegedly so that they can be paid. In reality, the information is likely to be used for identity theft.
CUNA does not send unsolicated E-mails to credit union members - it primarily communicates with credit union staff - and would never ask members for credit card or account information.
Phishing: online banking dual authentication
Phishers are employing the dual-authentication signup process to lure credit union members and bank customers to bogus phishing websites.
Many credit unions have been implementing dual or multiple authentication steps to protect members' online banking activities from fraud. In October 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidelines requiring financial institutions to strengthen how online banking users authenticate who they are.
However, the latest phishing scam directs the institution's members, via an E-mail, to enter their account number and personal identification number (PIN) so they can register for the new "dual authentication code and phrase."
While Arsenal Credit Union does use multi-factor authentication, you will only be asked to setup or enter security information after you've logged into your online banking account. Do not respond to any unsolicited E-mails claiming to be from Arsenal Credit Union or any financial institution asking for this type of information.
Phishing: online survey
An E-mail claiming to be from Card Services for Credit Unions (CSCU) requests that cardholders click on the link in the E-mail to go to a site that looks like CSCU's Web site and complete a five-question survey. If they complete the survey, the E-mail states that they are eligible to win $50. The link also requests pertinent cardholder information, such as account numbers.
CSCU did not send any E-mails directly to cardholders. Please note that CSCU does not have cardholder data and never communicates directly with cardholders. Rather, it communicates only with its member credit unions. Click here to see a copy of the Web page to which the E-mail links.
Phishing: Banking accounts renewal
There is an E-mail circulating that claims to be from the Illinois Credit Union League Service Corporation (LSC) with subject line of "Banking Accounts Renewal." The fraudulent E-mail includes a link to a page that looks very realistically like the LSC Web site and attempts to persuade recipients to renew their accounts due to many supposed complaints about unusual account activity.
These messages are scams and should be deleted. The ICUL Service Corporation and the Illinois Credit Union League will never request sensitive credit union or member information through a mass mailing or email.
