Scroll down and click the topics below to learn about some of the current fraud alerts that could affect you.
For more fraud resources or for information about what to do if you are a victim of fraud, please click here:
Recent Card Breach Could Increase Phishing
In the wake of the card breach, the next several days or weeks are critical for credit union members to be on the alert for any suspicious emails, text messages or phone calls requesting personal or financial information, especially card data. The card information that may be requested includes, cardholder billing address, 3 digit CVV2/CVC2 code found on the back of the card, or enrollment criteria/passwords for Verified by Visa or MasterCard SecureCode. This card information was not part of the recent Global Payments breach. Criminals may ask members for this information to add to the other card data they may have obtained from the breach to perform card present (key entered) or card-not-present (mail/telephone/internet) non-magnetic stripe transactions.
Remember, never respond to emails, text messages or phone calls requesting this type of information. If a you receive a suspicious request, please contact the credit union.
Posted April 2012
NACHA Phishing Email
- Update -
NACHA continues to receive reports that individuals and companies are receiving fraudulent emails that have the appearance of being sent from NACHA. The emails vary in content and appear to be transmitted from email addresses associated with the NACHA domain (@nacha.org). Some include fictitious names of NACHA employees and/or departments. Forward fraudulent emails claiming to be from NACHA to abuse@nacha.org.
-Original Alert -
Individuals and companies have reported receiving fraudulent emails claiming that an ACH transaction recently sent from a checking account was cancelled by the Electronic Payments Association. The email contains a link to a report the recipient is asked to view.
NACHA does not process ACH transactions nor does it communicate directly with individuals or companies about ACH transactions. Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow links in unsolicited emails from unknown parties or that seem suspicious in any way.
-Sample Email-
From:payments@nacha.org [mailto:payments@nacha.org]
Sent: Tuesday, February 22, 2011 7:32 AM
To: Doe, John
Subject: ACH transaction rejected
The ACH transaction, recently sent from your checking account (by you or any other person), was cancelled by the Electronic Payments Association.
Please click here to view report
Otto Tobin,
Risk Manager
Source: EPCOR and NACHA
Posted February 2011, Updated February 2012
Phony Prize Promotions and Sweepstakes Schemes
The Lafayette Police Department is warning senior citizens about phone scams promising potential lottery winnings. The caller may claim to be from Publishers Clearing House, the Internal Revenue Service, or other entities, and may pressure the elderly person to send them money to claim their prize. The caller may request some of the money be sent to locations in the United States, Jamaica, or other foreign countries, and usually involve the elderly using a commercial wire transfer company.
Please refer to the following information from the Federal Trade Commission’s website (www.FTC.gov):
Fraudulent telemarketers often “guarantee” that you’ve won valuable prizes, like vacations, cars or large sums of cash. But they want you to pay “fees” for shipping, taxes, customs or other supposed expenses. If someone asks you to pay to claim a “prize” or “free” gift, it’s a trick. You may get a cheap gift that is worth far less than the “fees” you paid, or you may not get anything at all.
If you get a call from out of the blue telling you that “you’re a winner”:
- don’t pay any money to collect supposed sweepstakes winnings. If you have to pay to collect your winnings, you’re not winning — you’re buying. Legitimate sweepstakes don’t require you to pay “insurance,” “taxes” or “shipping and handling charges” to collect your prize.
- hold on to your money. Scammers pressure people to wire money through commercial money transfer companies because wiring money is the same as sending cash. When the money’s gone, there’s very little chance of recovery. Likewise, resist any push to send a check or money order by overnight delivery or courier. Con artists recommend these services so they can get their hands on your money before you realize you’ve been cheated.
- remember that phone numbers can deceive. Internet technology allows con artists to disguise their area code so it looks like they’re calling from your local area. But they could be calling from anywhere in the world.
Fraudulent “ACH and Wire transfers” E-Mails
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC. The e-mails appear to be sent from various “@fdic.gov” e-mail addresses, such as “protection@fdic.gov,” “admin@administration.fdic.gov,” or “service@admin.fdic.gov.” They have various subject lines such as “Update for your banking account,” “ACH and Wire transfers disabled,” and “Banking security update.”
These e-mails and links are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT install any related files or software updates.
Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact bank customers, nor does the FDIC request bank customers to install software upgrades.
Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC’s Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to alert@fdic.gov. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.
For your reference, FDIC Special Alerts may be accessed from the FDIC’s Web site at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.
-Sample Email-
“Dear clients,
Your account ACH and Wire transactions have been temporarily suspended for your Security, due to the expiration of your security version. To download and install the newest Updates, follow this link. As soon as it is set up, your transaction abilities will be fully restored. Best regards, Online security department, Federal Deposit Insurance Corporation.”
Posted July 21, 2011
Federal Reserve Wire Network Scam
Some consumers have reported receiving fraudulent email messages from the Federal Reserve Wire Network that reference a wire transaction and instruct the recipient to click on a link beginning with federalreserve.gov. CAUTION: These e-mails were not sent by the Federal Reserve Banks. The Federal Reserve Banks deliver payment status information to our financial institution customers via our trusted channels, and do not communicate this information directly to consumers. If you receive an email like this, DO NOT click on the links and delete the email immediately.
Source: The Federal Reserve
Posted May23, 2011
Mortgage Transfer Scam
Homeowners in Nevada have received letters claiming their mortgage had been sold by its original holder to another organization. The mortgage transfer is actually something financial institutions really do, but in this case the letters came from scammers who told victims to send their future monthly payments to them.
If you ever receive such a letter, simply contact your current mortgage provider and check the details. If you have a Purdue Federal mortgage, you can rest assured knowing we retain servicing on your mortgage for the life of the loan so you will always make payment directly to us.
Source: Scambusters.org
Posted April 2011
Business Visa Email Scam
Purdue Federal members have reported receiving emails stating possible fraudulent charges have been made on their Purdue Federal Business Visa accounts. The emails tell recipients to click on a link to verify information.
If we suspect fraudulent charges on any of your Visa accounts, we will contact you regarding the charges; however, we will not ask you to click on an email link or provide your card information to us. If you believe you have received a fraudulent email, do not click on the links and contact your financial institution immediately.
Posted March 2011
Federal Reserve Phishing E-mail
Individuals and companies have reported receiving fraudulent emails claiming that a wire transaction recently sent from a checking account was cancelled by the Federal Reserve Wire Network. The email contains a link the recipient is asked to click to view details.
Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow links in unsolicited emails from unknown parties or that seem suspicious in any way.
-Sample Email-
From: fedwire@federalreserve.gov[mailto:fedwire@federalreserve.gov]
Subject: Your Wire fund transfer
The Wire transaction, recently sent from your checking account (by you or any other person), was cancelled by the Federal Reserve Wire Network.
Please click here to view details
Adam Diaz,
Fraud Department
Posted March 2011
Work-From-Home Scams
Work-from-home scams are gaining in popularity among criminals and can take many forms. Scam vicitims are often recruited by criminals through newspaper ads, online employment services, unsolicited e-mails and ads on social networking sites.
Remember to never wire money to a person you do not know and never wire money from a check someone has told you to deposit. If you deposit a fraudulent check and then wire money from that deposit, you are responsible for the loss.
Learn how these scams work and how to protect yourself.
Source: Federal Bureau of Investigations
Posted February 2011
Mystery/Secret Shopper Scams
Working as a mystery or secret shopper can be an easy, convenient way to earn some money. Mystery or secret shoppers are people who provide businesses with customer service feedback; however, if a company makes you buy a kit, pays you before you do the work, or tells you to send back some of the money it pays you then you’re likely dealing with a scammer. Check out the sample mystery/secret shopper scam letters below.
Sample Secret Shopper Scam Letters.pdf
Posted January 2011
Visa and Mastercard Scam
A new telephone-based credit card scam is circulating. Please be aware that if we suspect fraud on your Purdue Federal Visa, we will call you and identify ourselves as Purdue Federal; however, we will never ask you for any of your card information, including the security code on the back of your card.
The scam works like this:
Person calling says - ‘This is (name), and I’m calling from the Security and Fraud Department at Visa (or Mastercard). My Badge number is 12460, Your card has been flagged for an unusual purchase pattern, and I’m calling to verify.
This would be on your Visa (or Mastercard) card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a marketing company based in Arizona ?’ When you say ‘No’, the caller continues with, ‘Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?’ You say ‘yes’.
The caller continues - ‘I will be starting a Fraud Investigation. If you have any questions, you should call the 800 number listed on the back of your card and ask for Security. You will need to refer to this Control Number. The caller then gives you a 6 digit number. ‘Do you need me to read it again?’
The caller then says, ‘I need to verify you are in possession of your card’. He’ll ask you to ‘turn your card over and look for some numbers’. There are 7 numbers; the first 4 are part of your card number, the last 3 are the Security Numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the last 3 numbers to him.
After you tell the caller the 3 numbers, he’ll say, ‘That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?’ After you say no, the caller then thanks you and states, ‘Don’t hesitate to call back if you do’, and hangs up.
Posted January 2011
FDIC Phishing Email
Area residents have reported receiving an email claiming to be from the Federal Deposit Insurance Corporation (FDIC). The email states the recipients’ accounts have been denied FDIC insurance because of Patriot Act violations. It tells the recipients to click a link to verify their identity.
Neither the FDIC nor the NCUA (National Credit Union Administration) will contact you directly regarding verifying your identity on a bank or credit union account. If your financial institution needs additional information regarding your identity then your financial institution will contact you directly and will never ask you to verify your identity through an email link.
===Sample Email===
From: insurance@fdic.gov
Subject: Account Insurance from FDIC
To whom it may concern,
In cooperation with the Department Of Homeland Security, Federal, State and Local Governments your account has been denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act. While we have only a limited amount of evidence gathered on your account at this time it is enough to suspect that currency violations may have occurred in your account and due to this activity we have withdrawn Federal Deposit Insurance on your account until we verify that your account has not been used in a violation of the Patriot Act.
As a result Department Of Homeland Security Director Tom Ridge has advised the Federal Deposit Insurance Corporation to suspend all deposit insurance on your account until such time as we can verify your identity and your account information.
Please verify through our IDVerify below. This information will be checked against a federal government database for identity verification. This only takes up to a minute and when we have verified your identity you will be notified of said verification and all suspensions of insurance on your account will be lifted.
Failure to use IDVerify below will cause all insurance for your account to be terminated and all records of your account history will be sent to the Federal Bureau of Investigation in Washington D.C. for analysis and verification. Failure to provide proper identity may also result in a visit from Local, State or Federal Government or Homeland Security Officials.
Thank you for your time and consideration in this matter.
Donald E. Powell
Chairman Emeritus FDIC
John D. Hawke, Jr.
Comptroller of the Currency
Michael E. Bartell
Chief Information Officer
Posted January 2011