Search
 
     HOME

 Online Banking - eTeller
 Online Bill Pay
 Touch Tone Teller
 EZCard Info
 Direct Deposit
 Member Resources
Royal Advantage
Car Buying Help
Consumer Alerts
Member Education Center
Annual Credit Report
Problem Gambling Awareness
 Locate an ATM
 Re-order Checks
 Online Forms
 AccountLock ™
 Card Fraud Prevention
 Life Insurance Products
 ATM & VISA Check Cards
 
 
Home > Services > Resources > Consumer Alerts
Security Central - Helping you stay safe online.
As with all banking transactions, whether in a branch, at an ATM or online, you should always be cautious to protect your identity. WestStar Credit Union has implemented extra security measures to protect your information. It is important that you do what you can to keep your information safe too. Here are some tips to help you stay safe online:
  • Never respond to an email asking for personal or login information.
  • Always make sure that the site address listed in the address bar of your web browser is correct (i.e. www.weststar.org) when logging in.
  • Let us know if you receive a suspected fraudulent email: call us at (702) 791-4777 or (800) 829-9328 or email us at eservices@weststar.org.
  • Review your credit report at least once per year for accuracy. You can receive one copy of your report free per year, using annualcreditreport.com
  • To learn more about how to protect yourself from all kinds of scams - visit the Nevada Department of Industry Fight Fraud website at http://fightfraud.nv.gov/
Weststar will never send you an email asking for your online ID, passcode or any other private or personal information.

See our Fraud Prevention brochure here.

ATM & VISA Check Card Fraud Policy
To protect our members from fraud, WestStar Credit Union may block the purchase ability of the VISA Check Card in foreign countries. If you plan on traveling outside of the United States, please contact us at 800-729-9328, so we can verify Visa Check and ATM availability for your destination.
For your protection, due to a high incidence of fraud, no Visa Check or ATM activity will be processed in the following countries.

Turkey - Effective: 07/14/2006

Alternative payment methods must be made, such as your WestStar Credit Union Credit Card.

Latest CONSUMER ALERTS:

Warning! Don't Be The Victim Of A Check Scam!

If someone sends you a check or money order then asks you to deposit the item into your account and wire transfer money out of your account, WATCH OUT! You may become the victim of a popular scam.

How does the scam work?
The scam usually occurs when you are selling merchandise via the internet or conversing in various "friendship" Internet Relay Chat "rooms". However, other variations of the scam include:

  • Receive overpayment for an item you placed for sale over the internet.
  • Receive notice you have won a foreign lottery or sweepstakes.
  • Promise of receiving a percent of money for the transferring of money for the transferring of funds to your bank account for safekeeping, usually from outside the United States.
  • Inheritance from a recently deceased distant relative you had no previous knowledge of.
  • Unsolicited emails, faxes or letters requesting an immediate response.

Regardless of the pitch, all scams involve you being contacted by individuals who agree to forward you a check or money order. After the item is deposited, you may be contacted and told an elaborate story and then asked to wire transfer back all or some of the money.

After you withdraw or wire the money from your account, it is then determined the check or money order you were given is a counterfeit. At this time, the check or money order will be returned to the credit union/bank unpaid and the full amount will be deducted from your account.

There are variations to this scam, but you need to stop and ask yourself a question: why would you wire money to a stranger you met through the internet or correspondence only?

For more information on Check Fraud visit www.FakeChecks.org.

Who is responsible for the loss to my account?
You are responsible for the check(s) and money order(s) you deposit into your account. Only you can determine the risk of the business transaction you entered in. You were the one whom made arrangements for the check to be sent to you. If the check or money order is counterfeit or is returned unpaid for any reason, you are fully responsible for any loss related to the bogus item. In most cases, the credit union/bank can immediately debit your account(s) or file litigation to recover the money.

Why did the credit union/bank allow me to withdraw the money?
Federal law required credit unions/banks to make deposited funds available to you usually within 1 to 5 business days. The fact that you can withdraw cash from your account shortly after depositing a check or money order does not necessarily mean the item you deposited is good. Counterfeit and bogus checks and money orders can sometimes take weeks to be discovered and returned to your credit union/bank unpaid.

Why didn't the credit union/bank know the check was bad?
At WestStar, our employees are trained to look for counterfeit items to prevent our members incurring a loss. Credit union/bank employees merely process check and money orders and in some cases cannot determine if the item is real or not. Remember, you are ultimately responsible for the items you submit to the credit union/bank.

If you believe you have been the victim of or are currently being solicited by a fraudster, contact your local police department immediately. If you want more information or are the victim of one of these scams, please visit the websites below:

www.lookstoogoodtobetrue.com
www.ic3.gov
www.usps.com/postalinspectors
www.ftc.gov
www.iafci.org

Go back to top

Text Messages Scam Alert - August 17, 2009

Several of our members called the Credit Union to inform us that they have received “TEXT MESSAGES” indicating, “Their card has been deactivated and to activate the card, they must call (702) 940-----." In addition, other members stated that they have received emails with the same messages and were asked to email back to " ----------@v.wcommunityalert."

Please do not respond to these inquiries. WestStar Credit Union does not communicate to its member in that fashion. If unsure, contact our Credit Union by using our main telephone number.

Go back to top

Work-at-Home Scam Alert for Mail Assistants: Internet Independent Workers - July 01, 2009

The latest scam to hit the Internet has just arrived from Nigeria: Jobs for people seeking part-time positions—called “mail assistants”— for work done at home. Vacancies are posted on Craigslist.com under the name of ABS Consulting. Based in the country of Luxembourg, ABS purports to have facilities throughout Europe, referred to as “Forward Luxembourg.” It claims to be a leading global provider of risk-management services.

Job seekers—typically college students looking for summer work—are told they will provide mail forwarding services for expatriates, international travelers, and seasonal workers around the world. They are asked to perform simple tasks:

  • Receive mail at home.
  • Scan the front of each envelope received.
  • E-mail scanned images to the company.
  • Ship accumulated mail biweekly, using prepaid UPS or FedEx postage labels provided via e-mail.

After two weeks on the job, assistants get an e-mail promising an $800 paycheck, plus an extra $200 bonus. But to test their “integrity,” they’re told they’ll get a check for $2,800—and must mail a check back to return the extra money.

The $2,800 check may look legitimate but—big surprise—it’s bogus. So instead of getting paid, the college student now has to pay the bank the full amount. Worse, the scammer now has access to the student’s checking account. And the student is committing a criminal violation by scanning victims’ mail.

The Postal Inspection Service is working to quickly shut down this scheme by attacking the problem from several angles. If you have information on this or similar scams report it online at https://postalinspectors.uspis.gov/ or call
1-877-876-2455, option 3.

Go back to top

New Money Moving Scam Uses Members' Personal Accounts - June 01, 2009

Credit union members seeking jobs have fallen victim to a new money moving scam. Member’s who have posted their resume on job search websites are hired by a company as a check-processing manager and signed a contract with the “new employer.” The job involved using their personal account for incoming funds. 

The scammer’s technique utilizes a member’s personal credit union account to move money. The original “unauthorized” funds are processed into the “newly hired” member’s account as an ACH deposit. The instructions are for the member to withdrawal the funds and then go to a Western Union location to wire the funds to the scammer’s “business partners.”

Credit Unions’ are then contacted by the originating financial institutions regarding the unauthorized ACH deposits from their member/customer’s accounts and the deposits are reversed from the member’s account. 

You are responsible for deposits into your account. Only you can determine the risk of the business transaction you entered in. You were the one whom made arrangements for the electronic funds to be sent to you. If the funds are returned for any reason, you are fully responsible for any loss related to the bogus items. In most cases, the credit union/bank can immediately debit your account(s) or file litigation to recover the money.


Go back to top

Economic Stimulus Package Scams - February 17, 2009

Identity thieves posing as representatives of the Internal Revenue Service are sending spam e-mails promising government economic stimulus packages. The message tells the user to download an attachment that is masked as a form you must fill out and send to the IRS to receive your check. However, the document really is an identity theft tool that steals the personal information entered in the form.

Another scam being used promises more information on how to get “economic stimulus grants.”  They tempt users with fake testimonials such as, “I found the grant I needed and filled out the forms and sent them in, and in about two weeks I received a check in my hand for $100,000.”  It leads to a marketing-type site in which you enter personal information such as salary range, e-mail address, mailing address, and date of birth purportedly to get a free CD that shows you how to claim one of these grants. To order the CD, you must enter credit card information for the postage and handling costs. You never get the CD—only a stolen identity.

Unfortunately, the threat of fraud due to phishing attempts continues to be very active.  Fraudsters are increasing in sophistication, and this type of activity shows no sign of slowing down. In these economic times fraudsters will try various ways to obtain your personal information for financial gain.

NEVER to respond to requests for information unless you initiated the request this includes e-mail, phone, text messaging or mail.

Go back to top
NCUA Email Scam - January 20, 2009

A fraudulent e-mail seeking credit card information (known as a "phishing fraud") has been circulating nationwide since January 16, 2009.

This fraudulent phishing email appears to be from NCUA and contains a link purportedly to obtain a subscription for the NCUA Express Subscription service. When that link is used, the recipient is directed to a "clone" of the NCUA Express Service site that seeks credit card information from those to whom the phish was sent. If you receive such an email, please ignore it, as it is fraudulent.

The NCUA does NOT charge for the Express Subscription service and does NOT solicit credit card information over the Internet.

Go back to top
FTC Consumer Alert—Phishing on Bank Failures, Mergers and Takeovers - October 22, 2008
Source: www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt089.shtm

Bank Failures, Mergers and Takeovers: A “Phish-erman’s Special”
If the recent changes in the financial marketplace have you confused, you’re not alone. The financial institution where you did business last week may have a new name today, and your checks and statements may come with a new look tomorrow. A new lender may have acquired your mortgage, and you could be mailing your payments to a new servicer. Procedures for the banking you do online also may have changed. According to the Federal Trade Commission (FTC), the nation’s consumer protection agency, the upheaval in the financial marketplace may spur scam artists to phish for your personal information.
Phishers (pronounced “fishers’) may send attention-getting emails that look like they’re coming from the financial institution that recently acquired your bank, savings and loan, or mortgage. Their intent is to collect or capture your personal information, like your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. Their messages may ask you to “update,” “validate,” or “confirm” your account information. For example, you may see messages like:

“We recently purchased ABC Bank. Due to concerns for the safety and integrity of our new online banking customers, we have issued this warning message... Please follow the link below to renew your account information.”

“We recently acquired the mortgage on your home and are in the process of validating account information. Please click here to update and verify your information.”

“During our acquisition of XYZ Savings & Loan, we experienced a data breach. We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below to confirm your identity.”

The messages direct you to a website that looks like the actual site of your new financial institution or lender. But it isn’t. It’s a bogus site whose purpose is to trick you into divulging your personal information so the operators can steal your identity and run up bills or commit other crimes in your name.
The FTC suggests these tips to help you avoid getting hooked by a phishing scam:

  • Don’t reply to an email or pop-up message that asks for personal or financial information, and don’t click on links in the message – even if it appears to be from your bank. Don’t cut and paste a link from the message into your Web browser, either. Phishers can make links look like they go one place, but actually redirect you to another.
  • Some scammers call with a recorded message, or send an email that appears to be from an institution, and ask you to call a phone number to update your account. Because they use Voice over Internet Protocol technology, the area code you call does not reflect where the scammers are. To reach an institution you do business with, call the number on your financial statements.
  • Use anti-virus and anti-spyware software, as well as a firewall, and update them regularly.
  • Don’t email personal or financial information. Email is not a secure way to send sensitive information.
  • Review your financial account statements as soon as you receive them to check for unauthorized charges.
  • Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.
  • Forward phishing emails to spam@uce.gov – and to the institution or company impersonated in the phishing email. You also may report phishing email to reportphishing@antiphishing.org. The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
  • If you’ve been scammed, visit the Federal Trade Commission’s Identity Theft website at ftc.gov/idtheft for important information on next steps to take.

For more tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information, visit www.onguardonline.gov.
The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad. 

October 2008

Go back to top

Hurricane Scams - September 5, 2008

Details
When Hurricane Katrina first hit in 2005, scams popped up within hours. Hurricane Gustav is no different, and Hanna, Ike and others will likely be the same in the days and weeks to come.

Online scams are likely to pop up in your inbox. How can you determine what is a scam and what is authentic? Chances are that any e-mail asking for donations is a scam. But the e-mail scammers are very tricky. They have created e-mails that sound authentic, tear at your heartstrings, and make you feel compelled to "donate" to disaster relief.

So, to help protect you from scams that are almost certain to find you, we provide the following information.

Phishing Scams
Prior to Hurricane Gustav's landfall, the Louisiana Attorney General's office started seeing bogus e-mails asking people to "confirm" their bank information before the hurricane hit. These e-mails sent people to bogus Web sites that could then be used by scammers for financial fraud and identity theft.
Also, Web sites that claim to be legitimate Hurricane Gustav relief organizations have been created. They ask people to donate money by giving your financial information. The donated money will go straight into the pockets of con artists. The scammers can use this information to steal your identity, as well.
Here's an example of what an e-mail could look like:

"Please give your charitable donations to the victims of Hurricane Gustav. The chaos and destruction experienced by the region and its victims is unimaginable. But you can help these people regain their lives by giving them some hope. Your donation will go a long way to giving these victims their lives back. Our prayers and compassion go out to them. Make a generous donation to the American Red Cross by (clicking this link)." [A bogus but legitimate-sounding domain name is listed here]

This scam sounds legitimate and plays on your emotions.

Viruses and Malware
These e-mails usually are geared to getting you to open them and click on the attachment, which then infects your computer with a virus or malware.
For example, the subject line of an e-mail might read something like "80% of city under water" or "Entire neighborhoods completely washed away." Attached are photos related to the subject line-either real or bogus. The attachments often contain viruses or malware that track everything you do on your computer or give the sender complete access to your computer.
Action: Delete e-mails such as this. Don't click on the attachments.


Variations of the Nigerian Fee Scam
In this scam, the sender plays on your emotions again. You are supposed to help someone retrieve large amounts of money that are, for some reason, tied up in relation to an area the hurricane has hit.
Action: As with any other scam e-mail, delete it.

Investment, Energy, and Security Scams
Since 10% of the natural gas and 5% of the crude oil that Americans consume is produced off the U.S. Gulf Coast, it is very likely that a hurricane in the Gulf of Mexico will produce some investment, energy and security scams. After Hurricane Katrina, the SEC reported that e-mails being circulated claimed certain penny stocks would skyrocket in value. Reasons varied. Some were supposed to rise because of "refinery glitches."
Action: Delete all e-mails promoting stocks, futures, and other investments related to any hurricane.

E-mails that relate to a disaster to sell unrelated products
What do weight loss products have to do with a hurricane? Nothing. But there are some that will try to sell products that have nothing to do with hurricane relief. Here's an example of what one of these emails might look like:
Subject: Entire street washed away
Officials predict that as many as 45 people were washed away when flooding destroyed this New Orleans neighborhood. Hours after Gustav struck, entire neighborhoods were no more. Winds in excess of 120 mph uprooted trees and flooding washed away any evidence of civilization. Read more... [Link to a weight-loss product]
Action: Ignore and delete these e-mails.

E-mails asking for individual donations to help a victim's family
These scams are simple. They are often just a one- or two-sentence e-mail asking for a donation. For example:
Subject: My younger sister has only the clothes on her back thanks to Hurricane Gustav. Please help her with a donation.
Action: Delete these e-mails.

Hate Web Sites
These Web sites claim a disaster is "the wrath of God." They might claim the victims were "wicked" and got what they deserved. Then they ask people to donate to them, either for financial or identity theft purposes.
Action: Delete these e-mails.

Chain Letters
Here's an example: "Every time this e-mail is forwarded, 25 cents will be donated to Hurricane Gustav victims." Completely bogus.
Action: Delete these e-mails and do not pass them along.

Scammers Claiming To Be Official Government Agencies, Banks, Credit Card Companies, Etc.
Scammers who try this will claim they can help victims by expediting insurance claims or donating money. They often use replicas of well-known logos, like credit card and insurance companies. The goal of these scams is to steal credit card, bank, and Social Security numbers, as well as other personal information.
Action: Delete these e-mails

Contractor Scams
Contractor scams are more common offline than online. Scammers pose as contractors and ask people for money so they can do immediate, upfront repair work. Of course, since they are not real contractors, they will never show up to do any repair work. Some real contractors also take advantage of the disaster by price gouging. Since there is a shortage of legitimate contractors, people are relieved to find someone to do their work. State attorney generals has already warned that their offices will prosecute price gouging.
Action: Be skeptical and deal with only reputable contractors.

Fee-based Spam
These e-mails offer to locate people you know who may have been a hurricane victim.
Action: Delete these e-mails.

Loss Prevention Recommendations:
In summary (and in addition to the advice above), here are four ways you can keep yourself safe from hurricane scams:

1. Use common sense. And remember, if it is spam, it's a scam.
2. Never donate from an e-mail request. It's almost certainly a scam. Never click on the links in e-mails.
3. Make sure any charity you donate to is legitimate. Find out how to tell if charities are legitimate here: http://www.scambusters.org/charities.html
4. Don't open attachments in unknown e-mails. There is a good chance they contain viruses or malware.

Go back to top

Phishing, Smishing, and Vishing: What's the Difference? - August 12, 2008

E-MAIL “PHISHING”
Phishing (pronounced "fishing") is a scam to steal valuable information such as credit card and Social Security numbers, user IDs, and passwords. In phishing, also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, credit union, bank, or retail establishment. E-mails can be sent to people on selected lists or on any list, and the scammers expect some percentage of recipients will actually have an account with the real organization.

LAND LINE TELEPHONE “VISHING” & VoIP (INTERNET PHONES “VISHING”)
Vishing, (Voice phISHING) also called "VoIP phishing for the Internet phones," is the voice counterpart to phishing. Instead of being directed by e-mail to a Web site, an e-mail message asks the user to make a telephone call. The call triggers a voice response system that asks for the user's card number or other personal or financial information. The initial bait can also be a telephone call with a recording that instructs the user to phone an 800 number or another area code within or outside of the United States.
In either case, because people are used to entering card numbers over the phone, this technique can be effective. Voice over IP (VoIP) is used for vishing because caller IDs can be spoofed and the entire operation can be brought up and taken down in a short time, compared to a land line telephone.

TEXT MESSAGE “SMISHING”
Smishing (SMS phISHING) is the mobile phone counterpart to phishing. Instead of being directed by e-mail to a Web site, a text message is sent to the user's cell phone or other mobile device with some ploy to click on a link. The link causes a Trojan to be installed in the cell phone or other mobile device.

New!  Mail LETTER “PHISHING”
This new scam occurs where the phisher is creating a letter and sending it through the mail to individuals to respond to the letter by calling a phone number. The phisher outlines in the letter that the individual must respond for their own protection. This scam is used in conjunction with other channels to steal valuable personal and financial information of the individual receiving the letter.

Go back to top

Beware of Tax Rebate Scams! - April 17, 2008

The IRS cautions people to be wary of individuals who are using the 2008 tax rebates to try to obtain private financial information in order to engage in identity theft or to steal money from your bank account.  

Generally, the IRS will not call you over the phone or send you an unsolicited e-mail.  If you receive a phone call or an e-mail asking for personal financial information (e.g., "we need your bank account number so that your tax rebate can be direct deposited" or "we can help you get your tax rebate sooner if you let us help you"), you should assume that the caller's motives are fraudulent and not provide the information. 

If you have filed a 2007 tax return, the IRS knows where to send you the rebate.  In addition, the IRS does not make it their business to determine if you have cashed your rebate check or in what bank account.  If you have instructed the IRS (on your tax return) to use direct deposit of refunds into your bank account then be especially cautious about answering questions from anyone about problems.  If someone calls you indicating there is a problem, assume the worst and insist that they send you an official letter. The IRS does not gather information by telephone.

The IRS provides further information about rebate scam on its website.   /link_bumper.php?xName=www.irs.gov&xURL=http://www.irs.gov/ http://www.irs.gov/newsroom/article/0,,id=178061,00.html

Go back to top

Cell Phones Text Message Scam- April 11, 2008

There is a new scam that involves unsolicited text messages sent to cell phones. The message urges the recipient to call a number provided for information about account discrepancies and then solicits individual account information and pin numbers.

Cell phone users should be weary of unsolicited text messages. Such messages should be deleted and all deleted text messages should be removed, if possible, as the perpetrators have been known to use Spyware1 in conjunction with their text message solicitation.

Such a scam could be used to obtain personally identifiable information and credit union account access information, for those who access their accounts using their cell phones.

Go back to top

You can help the Government fight Terrorism - Phishing Scam- March 17, 2008

This fraudulent e-mail starts by suggesting that the recipients can help the government fight terrorism and related money laundering by verifying their personal information. It attempts to lead consumers to a counterfeit Web site in an attempt to trick recipients into divulging financial data, such as credit card numbers, account user names, passwords and Social Security numbers. See sample below:

Notice to All Members!
Valued Member,
To help the government fight the funding of terrorism and money laundering activities, Federal law requires all Credit Unions to obtain, verify, and record information that identifies each person who has an account, including investors in transactions for which we act as advisor.

What this means for you:

If you are a member of any Credit Union please provide your name, social security number, address, and date of birth, financial information and/or other information that will allow us to identify you. We may also ask to see your driver's license or other identifying documents.
Please follow the link below to continue:

We appreciate your cooperation with this. Thank you.

Detecting a fraudulent e-mail can be difficult. Here are a few things to keep in mind:

  • Be suspicious of any e-mail with urgent requests for personal financial information.
  • Don't use the links in such an e-mail.
  • Phishing e-mails are typically NOT personalized.

    Go back to top

Internal Revenue Service Scam Alert - February 7, 2008

The Internal Revenue Service has issued an alert, warning that the IRS name and logo is being used by fraudsters attempting to access the taxpayer financial information through e-mail, telephone, and cell phone text messaging.  Note: The IRS does not ask for personal identifying or financial information via unsolicited e-mail, telephone calls, or text messaging. 

The following scams are being used to trick taxpayers into divulging financial account information for fraudulent purposes:

  • Taxpayers receive a phone calls telling them that they are eligible for a sizable rebate for filing their taxes early, and they are told to provide their financial account information for direct deposit.
  • Taxpayers receive e-mails that claim they are eligible for a tax refund of a specific amount, and they are instructed to click on the link in the e-mail to access the refund claim form, which requires them to disclose financial account information.
  • E-mail notifications addressed to individual taxpayers claim that their tax returns will be audited. The individual is instructed to click on the link within the e-mail and complete forms disclosing personal and financial account information.
  • Businesses, accountants, and “Treasury” managers are receiving bogus e-mails regarding tax law changes. To obtain information on publications for businesses, estates taxes, excise taxes, exempt organizations, as well as IRAs and other retirement plans, the recipient is instructed to click on a series of links. The IRS suspects that clicking on these links downloads “malware” onto the recipient’s computer, which can be used to search for financial records and other private information.
  • A person claiming to be an IRS employee telephones taxpayers to say the IRS has mailed them a check that has not been cashed. The caller then asks for verification of financial account information.
    If you receive an unsolicited e-mail purporting to be from the IRS, take the following steps:
    • Do not open any attachments to the e-mail; they could contain malicious code that will infect your computer.
    • Forward a questionable e-mail claiming to be from the IRS to phishing@irs.gov.
    • Use instructions contained in an article online at www.irs.gov titled “How to Protect Yourself from Suspicious E-Mails or Phishing Schemes.” http://www.irs.gov/individuals/article/0,,id=155344,00.html
    • Contact the IRS at 800-829-1040 to determine whether the IRS is trying to contact you about a tax refund.
    • Remember that taxpayers do not have to complete a special form to obtain a refund.
    • If you have received this, or a similar hoax, please file a complaint at www.ic3.gov.
    • If you have been the victim of a spoof e-mail or Web site, you should contact your local law enforcement, a U.S. Postal Inspector, or the FBI.
    Go back to top

    CUNA target of new card-activation phish attempt - October 30, 2007

    CUNA, (NOT CUNA Mutual Group), is being used as the subject of a phishing message targeting credit union members to collect personal account information, plastic card numbers, and passwords. If you receive this email do not click on the link (which will take you to a fake web page), just delete the message. 

    This new phishing-scam attempt using the Credit Union National Association's name, informs recipients about "irregular check card activity" and advises them to call a toll-free number to get any restrictions removed. Do NOT call the toll-free number. The call is a ploy to get personal account information, possibly for identity theft purposes.

    Recipients received a message as a:

    • "CUNA Alert: Irregular Check Card Activity"

    • "We detected irregular activity on check card on Oct. 25/2007. For your protection, you must reactivate your card. Call us immediately at 1.866.840.2863. We will review the activity on your account with you and upon verification, we will remove any restrictions placed on your account.

      Please disregard this notice if you have already accessed the website or spoken with one of our representatives."

    As a trade association for U.S. credit unions, "CUNA does not maintain any type of customer/member financial information” and WestStar Credit Union would never request personal identification information over the phone.

    And while this phone number has since been disabled, a new phishing e-mail with a different phone number started making the rounds on October 30, 2007. If you have responded to any e-mails of this type, please contact your financial institution directly.

    Also, another phish making the rounds earlier with CUNA's name on it comes from a gmail.com address and addresses "Credit Union National Association SERVICE." It says CUNA ensures security "by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service." It provides a "case ID" and a link to a fake website mimicking CUNA's.

    Loss Prevention Recommendations:

    • Report suspicious Internet sites and emails to the government and for additional protection tips visit the Internet Crime Complaint Center at www.ic3.gov or the Federal government’s consumer information center at www.consumer.gov/Tech.htm.
    • If you have been victimized by a spoofed e-mail or web site, you should contact your local law enforcement, US Postal Inspector, or FBI.
    Go back to top
    Online California Fire Scams - October 29, 2007

    Websense, Inc. announced that its security research team has discovered suspicious online scams designed by criminals to steal money from those donating to the California fire effort.

    “Unfortunately, as we saw with Katrina and several other recent emergencies, there are criminals who attempt to divert monies intended for the victims by creating bogus online donation Web sites and advertising them on high-traffic Web sites,” said Dan Hubbard, vice president of security research, Websense. “These criminals are trying to take advantage of the amazing outpouring of support locally, state-wide and internationally.

    Tips to for donating online:

    • Ensure you are dealing with legitimate organizationsv
    • Contact these organizations on your own.
      • Go to their Web site rather than clicking on a link in an email sent to you.
    • Remember that legitimate organizations will not aggressively approach people for money and donations.
    • Be mindful of groups reporting to be affiliated with legitimate organizations asking for donations or requesting you to visit their Web site.
      • They may be fraudulent or hosting malicious code designed to steal personal financial information.
    • Be wary of online auctions that claim to support the donation effort.
    • Report suspicious Internet sites and emails to the government and for additional protection tips visit the Internet Crime Complaint Center at www.ic3.gov or the Federal government's consumer information center at www.consumer.gov/Tech.htm.
    Thanks.

    Go back to top
    JQ Bank Grant Scam - August 20, 2007

    According to the Better Business Bureau, law enforcement and other agencies, a new type of online scam for grant money has surfaced. This scam appears to be another version of the "overpayment scam."

    Victims are solicited online regarding grants that may be available to them.  These grants may be for education, debt relief, low income subsidy, or any other type of “financial aid.”  Responding victims apply for their grant and are sent printed information along with a check, typically for $4,975.00.  They are then directed to a website for instructions.  The site instructs the victim to purchase a specific variety of stored value credit card (GREENDOT Reloadable / MoneyPak*) and load it with the grant broker’s “commission.”   They are promised a second, larger check after the stored value card number is e-mailed to the broker.  Of course, the card is quickly liquidated and the original check is later returned as counterfeit, or account closed. 

    If you responded to such an e-mail and provided any confidential account information, please notify your credit union immediately of the scheme. You should also change your account’s PIN, and take any additional action recommended by your credit union to protect your account.

    *GREENDOT Reloadable / MoneyPak stored value credit cards are legitimate cards but are being used as part of this scam.

    Scam Details:

    • A grant seems like a reasonable explanation for receiving a large sum of money and is very attractive to college students.
    • The counterfeit checks are often drawn on an active and verifiable account, typically at Wells Fargo.
    • Convincing printed information is provided to the victim with a plausible explanation for why funds need to be sent back to the broker. (Conflict of interest, regulations, etc…)
    • Money is transferred back to the scammer via stored value credit card. Thus, avoiding the suspicion often generated by wire transfers.  This method also facilitates further laundering of the stolen funds.
    OR:
    • Grant money is received for a mere commission of 10% of the check amount.
    • The receiver of the grant money deposits the check, and then via Electronic Funds Transfer, sends 10% of the check amount back through a given website.
    • The check is returned as counterfeit and the thief now has the depositor’s good money along with their bank account information.

    If you have been victimized by this scam, please contact your local law enforcement, US Postal Inspector, or FBI, and report the incident to Better Business Bureau at www.bbb.org and to the Internet Crime Complaint Center at www.ic3.gov .

    Go back to top

    NCUA phishing e-mail - May 18, 2007

    A recent phishing e-mail appearing to be from the National Credit Union Administration (NCUA) is targeting consumers', and their fear of security relating to the recent TJ Maxx Companies (TJX) data breach.  The false e-mail discusses the TJX Companies data breach, which was made public in January.

    This email notice warns that "magnetic strip information was being stored and your PIN may have been captured" and "strongly" urges NCUA's "members" to update their information within the next 48 hours.
    This false e-mail will ask you to click on a link to verify your credit union account registration. If you proceed to do so, the link is directed to a false website and asked for your credit union account number and PIN, along with other personal information.

    If you responded to such an e-mail and provided any confidential account information, please notify your credit union immediately of the scheme. You should also change your account’s PIN, and take any additional action recommended by your credit union to protect your account.

    If you receive an unsolicited e-mail alleging to be from the NCUA, take the following steps:

    • Reminder: WestStar Credit Union and NCUA do not ask credit union members for personal account information.
    • Anyone who has received a fraudulent phishing e-mail purportedly from NCUA should forward the entire e-mail message to Phishing@ncua.gov.
    • Do not open any attachments to the e-mail, in case they contain malicious code that will infect your computer.
    • Your can file a complaint with the following agencies:
    • If you have been victimized by a spoofed e-mail or web site, you should contact your local law enforcement, US Postal Inspector, or FBI.
    Go back to top
    E-Mail Fraud Alert - March 28, 2007
    SCENARIO/METHOD: NCUA Fraudulent Email

    A fraudulent email is being circulated claiming to be from “National Credit Union Association”. This message was sent to both the general public and to some credit union members that appeared to be from NCUA. This false e-mail asked for the recipient to click on a link to verify their credit union account registration. If the recipient proceeded to do so, the link directed them to a false website and asked for their credit union account number and PIN, along with other personal information.

    The subject of the email is “Credit Union account limitation”. The body of the fake message goes on to state:

    Credit Union is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service.

    Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience.

    This is a "phishing" attempt—Do not reply or click on any associated links or buttons.

    As a reminder:

    • Beware of an unsolicited email that threatens to close or suspend your accounts or online account access services or requests that you provide personal account information.
    • Never provide personal or account information in response to an unsolicited request of any kind (online via emails or by phone).
    • For your protection, we recommend that you carefully review your account transaction details on a regular basis through WestStar's eTeller Online Banking System.
    • If you believe the contact is legitimate, contact WestStar directly for verification. (702) 791-4777 or (800) 729-9328.
    If you responded to such an e-mail and provided any confidential account information, please notify WestStar immediately of the scheme. You should also change your account’s PIN, and take any additional action recommended by WestStar to protect your account.
    If you feel that you have received a fraudulent phishing e-mail purportedly from NCUA please forward the entire e-mail message to Phishing@ncua.gov.

    Additionally, you can file formal complaints concerning any suspected fraudulent e-mail with the Internet Fraud Complaint Center (IFCC) at ncua@ic3.gov. The IFCC is a partnership between the Federal Bureau of Investigation, and the National White Collar Crime Center.

    Go back to top

    SCAM ALERT - December 12, 2006
    SCENARIO/METHOD: 419 Scammers Launch Fake Shipping Websites

    Advance fee fraudsters operating from Amsterdam and Rotterdam have created copies of the websites of express transportation company DHL and Lufthansa Cargo to lure victims into paying transportation and advance fees for used motorcycles and cars that are never delivered.

    Many people are familiar with the old style 419 scam where an email claims to come from a person needing to transfer large sums of money out of the country. The scammers seem to have discovered a new way of making a quick buck.

    The scammers offer a used Suzuki Katana GSX-600 or a BMZ Z3 Roadster at sites such as Car.com or Autotrader.com for next to nothing. After the buyer responds, they are usually told that the cars are currently in Spain or another European country and that they will have to pay transportation costs. 

    The scammers then recommend the use of escrow services with slick websites that appear legitimate. Some fake escrows even warn you about internet fraud, or link to the Internet Fraud Complaint Center. A Dutch scam fighter, Ultrascan Advanced Global Investigations, has issued warnings about fake sites promoting DHL Shippers and Lufthansa Worldwide Cargo, as opposed to the real companies, DHL Worldwide Express and Lufthansa Cargo. Sites such as Carbuyingtips.com claim to have shut down over 600 fake escrow sites.

    Loss Prevention Recommendations

    • If you have been victimized by spoofed email or website, contact your local law enforcement, US Postal Inspector, or FBI.
    • Report the incident to Internet Fraud Complaint Center at www.ic3.gov 
    Go back to top

    CUNA ALERT - October 19, 2006
    SCENARIO/METHOD: FDIC Phishing Alert. Beware of Malicious Code

    The FDIC has received reports by businesses and consumers of a phishing e-mail that has the appearance of being sent from the FDIC. This phishing e-mail, similar to that sent on September 29th, appears to be from the FDIC and ask recipients to click on a hyperlink titled "Take the Corrective Action – Implement the LinkBank System." The fraudulent e-mails, which are purportedly from "Russell A. Rau, Assistant Inspector General for Audits," typically include a "Subject" line that states: "Compliance Examination for [recipient's name inserted]." 

    However, this is a new variation that includes a new and more dangerous hyperlink. When accessed, the hyperlink downloads an executable file to your computer. FDIC is currently analyzing the executable file; however, it is likely installing a keylogger or similar piece of malicious software. DO NOT click on the link provided in the phishing e-mail.

    Once on the page, users are asked to "certify" that they "will provide correct information in order to implement the LinkBank System." The "LinkBank System" is described as:

    "…a protocol developed by the FDIC and other federal agencies as a way to ensure that the standards for Online Banking security are met. This protocol is based on a client utility, safeConnect, that was developed to be installed on business computers which are used to open Online Banking sessions. This utility only interacts when an online session with a Financial Institution insured by the FDIC is opened, thus it will never interfere with any other applications."

    After clicking on the certification radio button, another page is opened that asks for bank name, username, and password.

    This e-mail is a fraudulent attempt to obtain personal information from consumers. Consumers should NOT to access the link provided within the body of the e-mail and, under any circumstances, not to provide any personal information through this media.

    The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers and financial institutions are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

    Go back to top


    Security Alert - September 20, 2006
    SCENARIO/METHOD: Bogus e-mail mimicking an e-mail from Card Services for Credit Unions (CSCU).

    This e-mail asks members to take a brief survey. When you click on the link in the e-mail, it takes the member to a site that looks like the CSCU Web site and asks for personal account information as well as plastic card information.

    CSCU DID NOT SEND ANY E-MAILS DIRECTLY TO CARDHOLDERS AND
    DOES NOT HAVE CARDHOLDER DATA.

    CSCU does not communicate with cardholders directly. Rather, all of our communication
    is through our member credit unions.

    As a reminder:

    Beware of an unsolicited email that threatens to close or suspend your accounts or online account access services or requests that you provide personal account information.

    Never provide personal or account information in response to an unsolicited request of any kind (online via emails or by phone).

    For your protection, we recommend that you carefully review your account transaction details on a regular basis through WestStar's eTeller Online Banking System.

    If you believe the contact is legitimate, contact WestStar directly for verification. (702) 791-4777 or (800) 729-9328.

    If you responded to such an e-mail and provided any confidential account information, please notify WestStar immediately of the scheme. You should also change your account’s PIN, and take any additional action recommended by WestStar to protect your account.

    If you feel that you have received a fraudulent phishing e-mail purportedly from NCUA please forward the entire e-mail message to Phishing@ncua.gov.

    Additionally, you can file formal complaints concerning any suspected fraudulent e-mail with the Internet Fraud Complaint Center (IFCC) at ncua@ic3.gov. The IFCC is a partnership between the Federal Bureau of Investigation, and the National White Collar Crime Center. 

    Go back to top

    CUNA Alerts - September 14, 2006
    SCENARIO/METHOD: FDIC Reports Fraudulent E-Mails

    E-mails fraudulently claiming to be from the FDIC are attempting to trick recipients into installing unknown software on personal computers. These e-mails falsely indicate that recipients should install software that was developed by the FDIC and other agencies. The software may be a form of spyware or malicious code and may collect personal or confidential information.

    The subject line of the e-mail includes the phrase, "Urgent Notification - Security Reminder." The e-mail requests that recipients click on a hyperlink that appears to be related to the FDIC, which directs recipients to an unknown executable file to be downloaded. While the FDIC is working with the United States Computer Emergency Readiness Team to determine the exact effects of the executable file, recipients should consider the intent of the software as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.

    The e-mail also asks financial institutions to "advertise and market the ProBank's existence to employees, suppliers, third-party service providers, and customers." Financial institutions should NOT advertise the existence of the software. The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers and financial institutions are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

    LOSS PREVENTION RECOMMENDATIONS:

    Do not click on the link in the suspect email.

    Keep your operating system and web browser patched along with running an anti virus system with up-to-date definitions.

    Do not open an attachment to an unsolicited e-mail unless you have verified the source .

    Do not be intimidated by an e-mail or caller who suggest dire consequences if you do not immediately provide or verify information. 

    If you believe the contact is legitimate, go to the company’s web site by typing in the site address directly or using a page you have previously book marked, instead of a link provided in the e-mail.

    Go back to top

    CUNA Alerts - July 26, 2006
    SCENARIO/METHOD: Fishing Scams Use Phones Instead of Fake Websites

    In a new twist, identity thieves are sending spam that warns victims that their credit union/bank account or PayPal accounts were supposedly compromised. However, unlike typical phishing emails, there is no website address in these phishing messages. Instead, the victim is urged to call a phone number to verify account details.

    The automated voice message says: "Welcome to account verification. Please type your 16-digit card number." The goal is to get the victim to enter their credit card number. In these reported scams, no mention of the credit union, bank or PayPal is made.

    Security experts tracking this scam and other instances of "vishing" , short for "voice phishing", say the frauds are particularly despicable because they imitate the legitimate ways people interact with financial institutions. In fact, some vishing attacks don't begin with an e-mail. Some come as calls out of the blue, in which the caller already knows the recipient's credit card number. This increases the perception of legitimacy, the caller ask for the valuable three-digit security code on the back of the card.

    Vishing appears to be prospering with the help of Voice over Internet Protocol, or VoIP, the technology that enables cheap and anonymous Internet calling, as well as the ease with which caller ID boxes can be tricked into displaying erroneous information.

    SCENARIO/METHOD: Customer Survey Phishing Scam

    The spam e-mail starts with: "The Online department kindly asks you to take part in our quick and easy 5 question survey. In return we will credit $50.00 to your account - Just for your time!" The e-mail goes on to describe how it only takes two minutes, your answers will help them. It is well done and looks authentic. Of course, the spam doesn't really take you to the credit union or bank website. Instead, it takes you to a scammer's site in China, Russia, Romania or ??. The web page itself and the initial questions they ask look quite authentic.

    The catch, of course, is that they say that in order to credit your $50 reward, they need your credit union or bank User ID and password, as well as your credit card number, expiration date, three digit security number, Social Security number, ATM PIN Number, zip code, mother's maiden name and email address.

    The ploy of using a $50 reward for a customer service survey can be an effective phishing lure.

    Go back to top

    CUNA Alert - June 28, 2006
    SCENARIO/METHOD: New Twist on “how” the Phishers Continue to Phish Credit Union Members!

    Phishers seek every opportunity to find individuals who are willing to provide information for the criminals to tap into a financial gain from credit union members. Once a member provides the personal and/or financial information, the fraudsters are off and running to create financial losses to the credit union and its members.

    The phishers continue to change their phony e-mails by including false fraud protection techniques as a new twist to convince members the e-mail is from their credit union with the added educational information. Because of everyone's fraud awareness, the phishers lure members to “take action” and provide information by using an “online banking” log-in which will re-direct this site to the fraudster.

    The "take action" the phishers are asking members to perform is:

    deactivate their card(s) temporarily to guard against fraud

    activate their card(s) by having them log on to an “online banking system” where the phishers are able to obtain member's card information.

    The phishers convince members there is no need to contact your credit union to validate the email or telephone request involving the deactivation and activation process. It’s critical that you know of the new twists in the phishing fraud arena and you should contact WestStar any time you believe you have received a fraudulent email.

    Go back to top

    CUNA Alert - Phishing E-mails - June 12, 2006
    SCENARIO/METHOD: Phishing E-mail Sent to Members

    Some phishes swimming the web waters are so realistic that even well-informed recipients have trouble distinguishing whether they are legitimate. The Credit Union National Association (CUNA) is alerting readers to one that is especially convincing.

    The phish e-mail purports to be from CUNA, Visa, and MasterCard. It claims that because of a recent phishing attack and identity theft, CUNA and the card companies have temporarily deactivated the recipient's debit card tied to a credit union account.

    It then asks the recipient to "reactivate" the debit card at the CUNA website and specifies separate links depending on whether the card is from Visa or MasterCard. Of course, the phish asks for the card number, a ploy to gather information that possibly could be used for identity theft or fraudulent transactions.

    "It's another 'spin' on phishing, and it's convincing enough that we have had a dozen calls this morning from consumers," said Dorothy Steffens, CUNA's vice president of web services, Tuesday. "At least they are beginning to question the messages before they reply," she said.

    The phish, addressed to "Dear Credit Union National Association Member," also says there is "no need to call us in response to a phone message we've left in the last three days unless you see any transactions you don't recognize." It then says that if there are problems to call the customer service number on the back of the debit card.

    CUNA warns recipients that it would never send an e-mail about a credit card deactivation and would never ask for personal information such as card numbers in an unsolicited e-mail. Recipients should not click on the links in the message. Instead, they should delete the message.

    Go back to top

    Phishing Scam Alert - May 1st, 2006
    SCENARIO/METHOD: Fraudulent e-mail claiming to be from CreditUnions.com

    It has come to our attention that a fraudulent e-mail claiming to be from CreditUnions.com was recently distributed. CreditUnions.com will never ask for any personal credit card or financial information via e-mail. We do not share our internal email lists with anyone, and have security in place to ensure that our internal databases are not being accessed. Neither CreditUnions.com nor its vendor partners are affiliated with this phishing scam.

    A sample of the email is shown below

    CreditUnions.com Inc, Online® Services - Security Notice

    You have received this email because you or someone had used your account from different locations or you or someone failed to login for several times. For security purposes we are required to open an investigation into this matter and lock your account.

    In order to unlock your online account, we require that you confirm some of your online account details. To help speed up this process, please access our website following the link bellow. This way we can complete the verification of your CreditUnions.com Account and have your account unlocked.

    <link removed>

    Please Note: If we do no receive the appropriate account verification within the next 48 hours, your account will remain locked and then suspended. The purpose of this verification is to ensure that your account has not been fraudulently used and to combat the fraud from our community.

    We appreciate your support and understanding and thank you for your prompt attention to this matter.

    Go back to top

    Phishing Alert - March 20, 2006
    SCENARIO/METHOD: CO-OP Phishing email asking for cardholder information.

    If you receive an email that purports to be from CO-OP Network asking for cardholder information, please note that the email is fraudulent as CO-OP Network never contacts credit union members directly and never requests personal account information. The email should be considered a deceitful attempt to obtain cardholder information with the intent of committing fraudulent activity against members's accounts.

    The following is a sample of the fraudulent email asking you to follow a link that will lead you to a form to be filled with your card information.

    From: CO-OP Network
    Sent: Tuesday, March 14, 2006 8:56 AM
    Subject: In attention of all Credit Union CO-OP Network customers
    Importance: High

    In attention of all Credit Union CO-OP Network customers,

    As the internet and the information technology enable us to expand our services, we are committed to maintaining the trust customers have placed in us for protecting the privacy and security of we have about you. In order to protect your information against unauthorized access, identify theft and account fraud we earnestly ask you to update you profile.
    To get started click here:

    https://www.coo-opnetwork.org/public/update_profile/index/htm

    If you received this notice and you are not the authorized account holder, please be aware that it is in violation of our policy to represent oneself as another Credit Union user. Such action may also be in violation of local, national and/or international law. CO-OP Network is committed to assist law enforcement with any inquiries related to attempts to misappropiate person information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the fullest extent of the law.

    Thank you for your patience as we work together to protect your account.

    Regards,
    CO-OP Network Customer Support Center.

    Go back to top

    Scam Alert - March 17, 2006
    SCENARIO/METHOD:Scam artist posing as Jury Coordinator

    Clark County officials warned Friday of a jury duty scam that has led to identity theft in Nevada and 11 other states. The scam artist poses as a jury coordinator who claims the victim failed to show up for jury duty. The "coordinator" then asks for a Social Security number, birth date and credit card information in order to execute an arrest warrant for not showing up in court.

    Court officials said they do not make follow-up phone calls to residents who do not report to jury duty. Court administrators also never ask for any personal information over the phone.

    In addition, arrest warrants are rarely served to prospective jurors who fail to report for duty. A courtesy letter is typically sent to remind residents of the previously mailed jury summons. Potential jurors who still do not respond are then sent a notice to show up in court. Only as a last resort does the court request a bench warrant, according to the county.

    General information about jury duty is available on the county's Web site, www.accessclarkcounty.com. Prospective jurors can also call 455-4472 for more information.

    Go back to top


    Phishing Alert - February 15, 2006
    SCENARIO/METHOD: IRS Phishing Emails - Tax Refunds

    The Internal Revenue Service and the Internet Crime Complaint Center have issued consumer alerts about an Internet scam in which consumers receive an e-mail informing them of a tax refund. One e-mail, which claims to be from the IRS, tells the recipient that they are eligible to receive a tax refund for a given amount. It then directs the consumer to a link that requests personal information, such as Social Security number and credit card information.

    Another e-mail titled "Refund Notice" claims to provide information to recipients regarding the status of their IRS Tax Refunds. The e-mail contains a link, which mirrors the true IRS web site. This site purportedly allows recipients to check the status of their IRS tax refund after providing the following information:

    • First and last name
    • Social Security Number or IRS Individual Taxpayer Identification Number
    • Credit card information
    The IRS has seen numerous attempts over the years to defraud the public and the federal government through a variety of schemes, including abusive tax avoidance transactions, identity theft, claims for slavery reparations, frivolous arguments and more. The IRS does not ask for personal identifying or financial information via unsolicited e-mail.

    If you receive an unsolicited e-mail alleging to be from the IRS, take the following steps:

    • Do not open any attachments to the e-mail, in case they contain malicious code that will infect your computer.
    • Contact the IRS at 1-800-829-1040 to determine whether the IRS is trying to contact you about a tax refund.
    • If you have received this, or a similar hoax, please file a complaint at www.ic3.gov.
    • If you have been victimized by a spoofed e-mail or web site, you should contact your local law enforcement, US Postal Inspector, or FBI.
    Go back to top
    Phishing Alert - February 15, 2006
    SCENARIO/METHOD: VISA Scam Email

    Please be aware of a new phishing scam that appears to be coming from Visa, but in reality Visa will never ask for cardholder information. Cardholders could receive an email (from VisaServices@visa.com or Visa@visa.com or something similar) that states something like this:

    Good afternoon, unfortunately some processings have been cracked by hackers, so a new secure code to protect your data has been introduced by Visa. You should check your card balance and in case of suspicious transactions immediately contact your card issuing bank. If all transactions are alright, it doesn’t mean the card is not lost and cannot be used. Probably, your card issuers have not updated information yet.
    That is why we strongly recommend you to visit our web-site and update your profile otherwise we cannot guarantee stolen money repayment. Thank you for your attention. Click here and update your profile.

    If anyone receives an email of this nature please email it to phishing@visa.com. This way we can track where hackers are setting up these bogus email addresses, and we can shut them down immediately.

    Go back to top

    Phishing Alert - February 15, 2006
    SCENARIO/METHOD: NCUA Fraudulent Email

    A fraudulent email is being circulated claiming to be from “National Credit Union Association”. This message was sent to both the general public and to some credit union members that appeared to be from NCUA. This false e-mail asked for the recipient to click on a link to verify their credit union account registration. If the recipient proceeded to do so, the link directed them to a false website and asked for their credit union account number and PIN, along with other personal information.

    The subject of the email is “NCUA Credit Union Administration - Urgent account verification”. The body of the fake message goes on to state:

    Dear FCU holder account,

    This notice informs you that your Credit union bank has joined our Federal Credit Union
    (FCU) network. For both, our and your security, we are asking you to activate anonline
    account on our database. After activation you can login on our system with your SSN and
    your Credit/Debit PIN number.

    You must visit the FCU activation page and fill in the form to activate your online account:

    In accordance with NCUA User Agreement, you can use your online account in 24 hours
    after activation. We thank you for your prompt attention to this matter. Please understand
    that this is a security measure intended to help protect you and your account.

    Thank you for your time.

    This is a "phishing" attempt—Do not reply or click on any associated links or buttons.

    As a reminder:

    • Beware of an unsolicited email that threatens to close or suspend your accounts or online account access services or requests that you provide personal account information.
    • Never provide personal or account information in response to an unsolicited request of any kind (online via emails or by phone).
    • For your protection, we recommend that you carefully review your account transaction details on a regular basis through WestStar's eTeller Online Banking System.
    • If you believe the contact is legitimate, contact WestStar directly for verification. (702) 791-4777 or (800) 729-9328.
    • If you responded to such an e-mail and provided any confidential account information, please notify WestStar immediately of the scheme. You should also change your account’s PIN, and take any additional action recommended by WestStar to protect your account.
    • If you feel that you have received a fraudulent phishing e-mail purportedly from NCUA please forward the entire e-mail message to Phishing@ncua.gov.
    • Additionally, you can file formal complaints concerning any suspected fraudulent e-mail with the Internet Fraud Complaint Center (IFCC) at ncua@ic3.gov. The IFCC is a partnership between the Federal Bureau of Investigation, and the National White Collar Crime Center.
    Go back to top

    Online Fraud Alert - December 30, 2005
    SCENARIO/METHOD: Phishing web page. Security Confirmation-online banking and bill pay service

    We have discovered "phishing" activity in which our Online Bill Pay and Online Banking users are presented a web page requesting personal information. This web page may be titled "Security Confirmation" and appears to come from within the online banking and bill pay service, but it is actually a fraudulent page caused by malicious code that has infected users' personal computers.

    If you see this web page, DO NOT PROVIDE YOUR INFORMATION and DO NOT SUBMIT THE FORM.

    Most anti-virus software providers have recently issued updated software which eliminates the malicious code. It is important that you update and run anti-virus protection software immediately to protect yourself.

    Please follow this link to learn more about online security.

    Go back to top

    Fraud Alert - December 19, 2005
    SCENARIO/METHOD: WestStar Scam. Fraudulent telemarketing.

    The holiday season is a ripe time for telemarketers who claim to be from companies representing your financial institution, prize distributing companies, and charities, but in reality are pocketing the fruits of other peoples' good will.

    It has come to our attention that WestStar Credit Union’s good name is being used in a telemarketing scam indicating you may have won airline tickets, trips, or may have even won a lottery. Telemarketing fraud is one of the largest and most serious consumer crimes in the United States of America.

    During the course of the conversation, a fraudulent telemarketer may identify your financial institution then ask you for a credit card number or for your checking account number. They may also try and obtain your personal information such as your social security number, date of birth, mailing address, or even your personal identification number (PIN).

    This information is then used to create checks drawn on your account, charge purchases leaving you with the bill, or may even attempt to take over your identity.

    Do not give personal information over the phone to anyone unless you have initiated the call to a reputable company or organization.

    If you receive a suspicious call on behalf of your financial institution, obtain as much information about the call as possible such as: name of caller, position held, callback number, reason for the call, etc., and immediately contact your financial institution.

    Go back to top

     
 
 
Home  | Accounts  |  Loans  |  Services   |  Rates  |  About Us   
Copyright © 2006-2009 WestStar Credit Union - All Rights Reserved    Privacy/Security Policy    Site Map