Security and Fraud

Identity Theft is a crime in which an imposter obtains key pieces of personal information, in order to impersonate someone else. The information can be used to obtain credit, merchandise, and services in the name of the victim, or to provide the thief with false credentials. In addition to running up debt, an imposter might provide false identification to police, creating a criminal record or leaving outstanding arrest warrants for the person whose identity has been stolen.

• Identity Theft is categorized in two ways: True Name and Account Takeover. True Name Identity Theft means that the thief uses personal information to open new accounts. The thief might open a new credit card account, establish cellular phone service, or open a new checking account in order to obtain blank checks. Account Takeover Identity Theft means the imposter uses personal information to gain access to the person’s existing accounts. Typically, the thief will change the mailing address on an account and run up a huge bill before the person whose identity has been stolen realizes there is a problem. The Internet has made it easier for an identity thief to use the information they’ve stolen because transactions can be made without any personal interaction.
• Although an identity thief might crack into a database to obtain personal information, experts say it’s more likely the thief would obtain information by using old-fashioned methods. Retrieving personal paperwork and discarded mail from trash dumpsters (dumpster diving) is one of the easiest ways for an identity thief to get information. Another popular method to get information is shoulder surfing – the identity thief simply stands next to someone at a public office, such the Bureau of Motor Vehicles, and watches as the person fills out personal information on a form.

E-mail Spoofing
Email spoofing involves using a fake email address to make it appear that the message is from a trusted source. It’s an intention to get recipients to open and, ideally, respond. These solicitations have malicious intentions to get you to share sensitive information. However, email spoofing anyone other than yourself is illegal in some jurisdictions.

Caller ID Spoofing
Caller ID spoofing is when callers deliberately falsify the phone number and/or name relayed as the Caller ID information to disguise the identity of the calling party. Caller ID spoofing makes it appear that they’re calling from your bank, credit card company, or even a government agency.

Website Spoofing
Website spoofing happens when a fraudulent, often malicious, website is set up that appears to be a different, legitimate website to obtain sensitive information. The intention is to collect your personal information and online credentials. These websites are meant to look like your financial institution’s site to lure you into entering your username and password.

These types of fraud can come via email, text message, or voice call fraud methods in which the perpetrator attempts to gather personal and financial information from recipients.

These fishing analogies work like lures with emails, texts, or voice messages that look and sound like they’re coming from legitimate sources. They appeal to your sense of urgency with statements like “Act now” or “You must respond immediately,” which is the hook to get you to act before thinking. The information gathered during a phishing attack is often used for identity theft.

Phishing Example: In one fairly typical case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from America Online that said there had been a billing problem with recipients’ AOL accounts. The perpetrator’s email used AOL logos and contained legitimate links. If recipients clicked on the “AOL Billing Center” link, however, they were taken to a spoofed AOL web page that asked for personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers, and passwords.

The Grandparent Scam “Story”:
A “grandchild” or other relative calls, saying he’s been in a terrible accident overseas and needs money immediately in order to receive medical attention. A “doctor” might get on the line to say your grandchild can’t talk anymore because he needs medical attention. You must wire money for the treatment to proceed.

• The script has different variations. Your “grandchild” has been arrested and a “cop” picks up the line to demand bail money. Your relative’s car broke down and he needs money to get it fixed. Or he’s stuck at a foreign airport and needs money to pay customs and return home. The common theme is that the “grandchild” sounds like yours but can’t talk for long because there’s an urgent situation that demands immediate funds. Often the fake grandchild will beg you not to tell his parents – anything to delay you from discovering the truth before parting with your money.
• The call might be random and the scammer will expertly fake his way through the call, picking up cues from you, including your grandchild’s name. Or it might not be random at all. Sometimes the scammers know the names of your friends or relatives. As the Consumer Federation of America points out, bad guys can find information from a variety of sources. Your relatives may be mentioned in an obituary or on a social networking site. Your email account may have been hacked, revealing the names of your relatives. Criminals use marketing databases, telephone listings and a variety of sources to find information used to trick you

The Inheritance Scam “Story”:
A fraudster that claims to be a lawyer from overseas or some other legal official sends you an email or a letter. They tell you that a person sharing your family name has died and left behind a vast amount of money. The lawyer is administering the inheritance and has been unable to identify any of the dead person’s relatives. As a result, the money will go to the government. The lawyer suggests that, because you share the same family name as the deceased, he could pay the inheritance to you. You could then split the money between you, rather than handing it over to the government. The fraudsters will emphasize the need for secrecy and warn you not to tell anyone else about the deal. To hurry you into making a hasty decision, they will also stress the need to act quickly. However, there is no inheritance and the person contacting you isn’t a lawyer or legal official. What Happens Next:

• If you respond to the fraudsters, they’ll ask you to pay various fees – for example: taxes, legal fees, banking fees etc. – so they can release your non-existent inheritance. Each time you make a payment, the fraudsters will come up with a reason why the inheritance can’t be paid out unless you make another payment. If you ask, they will also give you reasons why the fees can’t be taken from your inheritance and have to be paid up front.
• If you become reluctant to pay a fee or suggest you can’t afford it, the fraudsters will put pressure on you by reminding you how close you are to receiving a sum of money much greater than the fees you’ve already handed over, and of how much you’ve already paid out.
• The fraudsters may also ask for your bank details so they can pay the inheritance directly into your bank account. But, if you hand over your bank details, the fraudsters can use them to empty your account.

Power Of Attorney Scam:
The Power Of Attorney Scam is where a person takes advantage of another by having them sign a financial Power Of Attorney, which grants them authority to access the other’s bank accounts and assets. After being granted the Power Of Attorney, the fraudster will then take the account monies and properties for their own use, often investing them in other areas so they are difficult to trace.

• Elder persons are particularly susceptible to financial Power Of Attorney Scams, because they often experience mental decline or injuries during aging. This is a form of elder abuse known as “Elder Financial Abuse” (see below) and is often committed by the elder person’s own relatives or close friends.

Charity Fraud:
Charity Fraud is the act of using deception to get money from people who believe they are making donations to charities. Often a person or a group of people will make material representations that they are a charity or part of a charity and ask prospective donors for contributions to the non-existent charity. Charity Fraud not only includes fictitious charities but also deceitful business acts. Deceitful business acts include: businesses accepting donations and not using the money for its intended purposes.

Telemarketing Fraud:
Telemarking can be categorized as fraudulent selling conducted over the telephone. Some fraudsters seem very friendly — calling you by your first name, making small talk, and asking about your family. They may claim to work for a company you trust, or they may send mail or place ads to convince you to call them.

• Watch Out: Often, scammers who operate by phone don’t want to give you time to think about their pitch; they just want you to say “yes.” But some are so cunning that, even if you ask for more information, they seem happy to comply. They may direct you to a website or otherwise send information featuring “satisfied customers.” These customers, known as shills, are likely as fake as their praise for the company.

Government Grant Scam:

“Because you pay your income taxes on time, you have been awarded a free $12,500 government grant! To get your grant, simply give us your checking account information, and we will direct-deposit the grant into your bank account!”

• Sometimes, it’s an ad that claims you will qualify to receive a “free grant” to pay for education costs, home repairs, home business expenses, or unpaid bills. Other times, it’s a phone call supposedly from a “government” agency or some other organization with an official sounding name. In either case, the claim is the same: your application for a grant is guaranteed to be accepted, and you’ll never have to pay the money back.
• The Federal Trade Commission (FTC), the nation’s consumer protection agency, says that “money for nothing” grant offers usually are scams, whether you see them in your local paper or a national magazine, or hear about them on the phone.
• Grant scammers generally follow a script: they congratulate you on your eligibility, then ask for your checking account information so they can “deposit your grant directly into your account,” or cover a one-time “processing fee.” The caller may even reassure you that you can get a refund if you’re not satisfied. In the end, you’ll never see the grant they promise and they will disappear with your money.

Investment Property Scam:
Investment Property Scams are usually spread by word of mouth and require individuals to invest large sums of money in real estate properties. Most promise either a large increase in the value of the property resulting in a large return on investment, or higher-than-market interest on contributed capital, or even both.

The “Investment Property” Set Up
An individual who purchased properties in a metropolitan area in the Midwest moved the property titles to companies under his control. The individual had family members on the East Coast recruit prospective buyers from the town in which the family members lived. The borrowers were told that the loan applications which they signed served as their membership in a ‘real estate buyer’s club’ that would acquire properties, hold the properties for a period of time, and sell these properties in the future for a profit. The buyers/borrowers were promised that while the properties were being held for future sale, they would be rented out and maintained to ensure a cash flow for the ‘real estate buyer’s club’ mortgage payments.

The End Result

• The perpetrator of the Investment Property Scam flipped the properties to the borrowers using inflated values.
• To the lenders, it was represented that the borrowers were individually purchasing a number of investment properties – 8 to 10 properties per borrower, instead of a group purchase.
• There was no property maintenance and there were no tenants.
• The lenders ended up with non-performing loans that were upside down (owing more than the properties are worth) in equity because the original values were inflated and the borrowers never actually made the down payment as represented.

Elder Financial Abuse:
Elder Financial Abuse spans a broad spectrum of conduct, including:

• Taking money or property
• Forging an older person’s signature
• Getting an older person to sign a deed, will, or Power Of Attorney through deception, coercion, or undue influence
• Using the older person’s property or possessions without permission
• Promising lifelong care in exchange for money or property and not following through on the promise

Who are the perpetrators?

• Family members, including sons, daughters, grandchildren, or spouses. They may:
  – Have substance abuse, gambling, or financial problems
  – Stand to inherit and feel justified in taking what they believe is “almost” or “rightfully” theirs
  – Fear that their older family member will get sick and use up their savings, depriving the abuser of an inheritance
  – Have had a negative relationship with the older person and feel a sense of “entitlement”
  – Have negative feelings toward siblings or other family members whom they want to prevent from acquiring or inheriting the older person’s assets
• Predatory individuals who seek out vulnerable seniors with the intent of exploiting them. They may:
  • Profess to love the older person (“sweetheart scams”)
  • Seek employment as personal care attendants, counselors, etc. to gain access
  • Identify vulnerable persons by driving through neighborhoods (to find persons who are alone and isolated) or contact recently widowed persons they find through newspaper death announcement
• Unscrupulous professionals or businesspersons, or persons posing as such. They may:
  • Overcharge for services or products
  • Use deceptive or unfair business practices
  • Use their positions of trust or respect to gain compliance

Who is at risk?

The following conditions or factors increase an older person’s risk of being victimized:

• Isolation
• Loneliness
• Recent losses
• Physical or mental disabilities
• Lack of familiarity with financial matters
• Have family members who are unemployed and/or have substance abusers problems

Why are the elderly attractive targets?

• Persons over the age of 50 control over 70% of the nation’s wealth
• Many seniors do not realize the value of their assets (particularly homes that have appreciated markedly)
• The elderly are likely to have disabilities that make them dependent on others for help. These “helpers” may have access to homes and assets, and may exercise significant influence over the older person
• They may have predictable patterns (e.g. because older people are likely to receive monthly checks, abusers can predict when an older people will have money on hand or need to go to the bank)
• Severely impaired individuals are also less likely to take action against their abusers as a result of illness or embarrassment
• Abusers may assume that frail victims will not survive long enough to follow through on legal interventions, or that they will not make convincing witnesses
• Advances in technology have made managing finances more complicated

If you suspect someone you know may be a victim of Elder Financial Abuse, make sure to report it to your Local Law Enforcement Agency right away.

ATMs are under siege more than ever from a type of Fraud called: Skimming. Skimming is where ATM thieves steal your PIN and account number using remote devices. Often done by sophisticated crime rings from the Eastern bloc countries, ATM Skimming is becoming a high-tech art that’s hard to detect.

• Scenario #1 – A device is used to capture your PIN and card data. This device mimics the card slot and reads the magnetic stripe on your card with your account number.
• Scenario #2 – A wireless video camera inside the ATM area. It can look as harmless as a brochure holder. Once the scammers have your number, magnetic strips are easy to make and thieves are able to easily reproduce ATM cards.
• Scenario #3 – Fake PIN pad are placed on top of the original ATM PIN pad. Unfortunately, with fake PIN pads, your ATM transaction will proceed normally and you won’t know a scammer has stolen anything until it’s too late.
• Scenario #4 – Fake ATM machines are placed in and around shopping centers and other public locations. Upon placing your card into the card reader, these machines collect your ATM PIN and account information. They do not dispense cash. Rather, a screen comes up that says that the machine is out of money or out of order.

The holiday season comes with an entirely different set of fraud scams. With many consumers spending more than usual this time of year, cybercriminals will no doubt try to take advantage of them through scams such as phishing emails, quick money schemes, and bogus gift cards. Below are some examples of scams to look out for.y or out of order.

• Black Friday/Cyber Monday Specials – Scammers often advertise big-ticket items to lure unsuspecting consumers to click on links. Bad guys build complete copies of well-known sites, send emails promoting great deals, sell products and take credit card information – but never deliver the goods.
• Free Vouchers or Gift Cards – A common Internet scam involves big discounts on gift cards. These sites usually request enough personal information for criminals to raid victims’ bank accounts. Social media site posts also offer phony vouchers or gift cards, with some being paired with holiday promotions or contests. Some posts may even appear to have been shared by a victim’s friend. Often, these posts lead to online surveys designed to steal personal information.

It’s important to be careful when giving out personal information over the phone; you never know who is on the other end. Here are some tips that can help protect you from Phone Fraud.

• Don’t give out your bank account information to anyone you don’t know. Scammers pressure people to divulge their bank account information so that they can steal the money in the account. Always keep your bank account information confidential. Don’t share it unless you are familiar with the company and know why the information is necessary.
• Know the signs for fraudulent telemarketing pitches. It’s illegal for telemarketers to ask for a fee upfront if they promise or claim it’s likely they’ll get you a credit card or loan, or to “repair” your credit. It’s also illegal for any company to ask you to pay or buy something to win a prize or to claim that paying will increase your chances of winning. And finally, it’s illegal to buy and sell tickets to foreign lotteries by phone.
• How you pay matters. If you pay for a transaction with cash, checks, or money orders, your money is gone before you realize there is a problem. Paying by credit card is safest because you can dispute the charges if you don’t get what you were promised. You don’t have the same dispute rights when you pay with debit cards or give your bank account number. Bank debits have become fraudulent telemarketers’ preferred form of payment.
• Where telemarketers are located matters. Some fraudulent telemarketers are deliberately located in other countries because it’s more difficult for U.S. law enforcement agencies to pursue them. It may be hard to tell where they are, because they may use telephone numbers that look like domestic long-distance. Be very cautious when dealing with unknown companies from other countries.
• Who’s calling… and why? The law says telemarketers must tell you it’s a sales call, the name of the seller and what they’re selling before they make their pitch. If you don’t hear this information, say “no thanks,” and get off the phone.
  What’s the hurry? Fast talkers who use high-pressure tactics could be hiding something. Take your time. Most legitimate businesses will give you time and written information about an offer before asking you to commit to a purchase.
• Why am I “confirming” my account information — or giving it out? Some callers have your billing information before they call you. They’re trying to get you to say “okay” so they can claim you approved a charge. Don’t do it.
• What time is it? The law allows telemarketers to call only between 8 am and 9 pm. A seller calling earlier or later is ignoring the law.
• Take control of the calls you receive. If you want to reduce the number of telemarketing calls you receive, place your telephone number on the National Do Not Call Registry. To register online, visit donotcall.gov. To register by phone, call 1.888.382.1222 (TTY: 1.866.290.4236) from the phone number you wish to register.
• Additional Telemarketing Red Flags – If you hear a line that sounds like one of the below, say “no, thank you,” hang up, and file a complaint with the FTC:- You’ve been specially selected (for this offer). – You’ll get a free bonus if you buy our product. – You’ve won one of five valuable prizes. – You’ve won big money in a foreign lottery. – This investment is low risk and provides a high return. – You have to make up your mind right away. – You trust me, right? – You don’t need to check our company with anyone. – We’ll just put the shipping and handling charges on your credit card.

To file a complaint with the Federal Trade Commission (FTC), click here.

Cyber Security is becoming more and more important as technology advances. Here are some tips to help protect you and your finances from online attacks.

• Keep your credit card, checking account, and Social Security numbers to yourself. Don’t enter them into websites or emails that you don’t know — even if they ask you to “confirm” this information. That’s a trick.
• Make sure your computer has up-to-date anti-virus software and a firewall installed. Ensure your browser is set to the highest level of security notification and monitoring to prevent malware issues and computer crimes.
• Sign-up for Verified by Visa or MasterCard Secure Code whenever you are given the option while shopping online. This involves you registering a password with your card company and adds an additional layer of security to online transactions with signed-up retailers.
• Passwords are an important aspect of computer security, whether at work or home. If your passwords are poorly created, you could compromise your sensitive information. It is up to you to create strong passwords, to protect those passwords and to change them frequently.
• WiFi. Avoid unknown WiFi networks. Use only encrypted networks when working with sensitive information, places like Starbucks and hotels or airports are not encrypted.
• Mobile Apps. Avoid downloading malicious Apps on your mobile device by verifying the company and checking the reviews. See below for PMCU Mobile security.
• Website Addresses. Look for “https” in the URL and the little padlock in the URL bar to indicate that it is a secure connection.
• How to protect yourself from email phishing specifically:- Beware if you are asked to contact a webmail address such as @Yahoo or @Hotmail. As a rule, legitimate law firms do not use them. – The FTC warns users to be suspicious of any official-looking e-mail message that asks for updates on personal or financial information and urges recipients to go directly to the organization’s Web site to find out whether the request is legitimate. – Never open unexpected or unfamiliar attachments in emails. – Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email to go out to its users with blatant errors. If you notice mistakes in an email, it might be a scam. – Threats. Have you ever received a threat that your account would be closed if you didn’t respond to an email message? Cybercriminals often use threats that your security has been compromised.
• Online and Mobile Banking at PMCU: Premier Members Credit Union has taken special steps to protect our member’s finances and information through our Online Banking program and Mobile Banking applications:- Both banking systems are protected with SSL encryption – Passwords are required to login – Inactivity Time-Out Period – Auto logoff any time you exit the application – Multi-Factor Authentication – Challenge Question Security – Out-of-band Enrollment – Dedicated Firewalls managed around the clock – Intrusion Detection System – Reverse Authentication. RA is the user selected security image shown at sign-in, letting you know that you are on a legitimate site – Internet access between the Credit Union and our members is provided by a secure Internet Service Provider (ISP) – Additional security for Online Banking and Bill Pay includes: robust authentication software and dedicated frame relay lines

Destroying old receipts and checking bank balances are good practices that can help to prevent fraudulent attacks from arising and/or minimize the effects should one occur. Here we will discuss some helpful tips.

• Check bank balances frequently. It pays to check your account frequently. If you don’t report fraud within 60 days, you have unlimited liability. Sign up for alerts and notice unusual withdrawals.
• Check in on your elders and watch for indicators like unpaid bills, large withdrawals, canceled checks, property missing, etc.
• Remember the old adage, “If it sounds too good to be true, it probably is.” Be skeptical on promises of high, fast returns. Nothing of that nature comes without high risk, so consider what you can afford to lose. Be wary of email or infomercial offers.
• Check everything out. Whether it’s a potential investment property, a charity asking for money or even a lawyer asking for money. Do your due diligence before handing over any information or money.
• Monitor your mail. If you receive bills, invoices or receipts for things you haven’t bought, or financial institutions you don’t normally deal with contact you about outstanding debts, take action.
• Never pay for anything upfront. Whether it is for “shipping,” “registration,” or any other kind of fee.
• Destroy and preferably shred receipts that contain your card details and any mail containing your name and address.
• Regularly check your credit report with major credit bureaus and follow up with creditors if your bills do not arrive on time.
• Retail Data Breaches: What PMCU Will Do: If we are informed that your card may have been included in a recent retail data breach, we will inform you in writing and – if necessary, reissue your cards to proactively protect your accounts against unauthorized transactions.

Additional Steps To Follow: – Stay calm. Consumers are not liable for fraudulent charges on stolen account numbers. – Check with the website of the retailer for the latest information. Type the store name directly into your browser. Do NOT click on a link from an email or social media message. – Additionally, if your card was compromised, consider putting an alert or freeze on your credit report with the three major credit reporting agencies. A credit freeze will prevent anyone from accessing your credit report or scores. Note: This means you cannot apply for new credit without lifting the freeze. If you shopped at the retailer with a credit card: – Monitor your credit card statements carefully (go online; don’t wait for the paper statement). – If you see a fraudulent charge, report it to Premier Members CU immediately so the charge can be reversed and a new card issued. – Keep receipts in case you need to prove which charges you authorized and which ones you did not. If you shopped at the retailer with a debit card: – Do all of the above as for credit cards, but pay very careful attention to your account. Debit cards do not have the same protections as credit cards and debit transactions withdraw funds directly from your account. – Contact Premier Members CU (303.657.7000) for more information, or if you want to preemptively request a new debit card or put a security block on your account.