Refund and Recovery Scams – Federal Trade Commission

Scam artists buy and sell "sucker lists" with the names of people who already have lost money to fraudulent promotions. These crooks may call you promising to recover the money you lost or the prize or merchandise you never received — for a fee in advance. That's against the law. Under the Telemarketing Sales Rule, they cannot ask for — or accept — payment until seven business days after they deliver the money or other item they recovered to you.

How the Scams Work
Many consumers might not know that they have been scammed by a bogus prize promotion, phony charity drive, fraudulent business opportunity or other scam. But if you have unknowingly paid money to such a scam, chances are your name is on a "sucker list." That list may include your address, phone numbers, and other information, like how much money you've spent responding to phony offers. Dishonest promoters buy and sell "sucker lists" on the theory that people who have been deceived once have a high likelihood of being scammed again.

These scammers lie when they promise that, for a fee or a donation to a specific charity, they will recover the money you lost, or the prize or product you never received. They use a variety of lies to add credibility to their pitch: some claim to represent companies or government agencies; some say they're holding money for you; and others offer to file necessary complaint paperwork with government agencies on your behalf. Still others claim they can get your name at the top of a list for victim reimbursement.

The Federal Trade Commission (FTC), the nation's consumer protection agency, says claims like these often are false. Although some federal and local government agencies and consumer organizations help people who have lost money, they don't charge a fee. Nor do they guarantee to get your money back, or give special preference to anyone who files a formal complaint.

Seeing Through a Recovery Scam
Here are some tips to help you avoid losing money to a recovery scam:

  • Don't give money or your bank or credit card account number to anyone who calls offering to recover money, merchandise, or prizes you never received if the caller says you have to pay a fee in advance. Under the Telemarketing Sales Rule, it's against the law for someone to request or receive payment from you until seven business days after you have the money or other item in hand.

  • If someone claims to represent a government agency that will recover your lost money, merchandise, or prizes for a fee or a donation to a charity, report them immediately to the FTC. National, state, and local consumer protection agencies and nonprofit organizations do not charge for their services.

  • Before you use any company to recover either money or a prize, ask what specific services the company provides and the cost of each service. Check out the company with local government law enforcement and consumer agencies; ask whether other people have registered complaints about the business. You also can enter the company name into an online search engine to look for complaints.

Charitable Gifts-in-Kind FAQ – Federal Trade Commission

When you think about donating to a charity, you may think about donating money. But there’s another type of donation you may not be aware of — gifts-in-kind.

What are gifts-in-kind?
They are any non-cash donation from individuals and businesses to a charity. Common examples are food, clothing, prescription drugs, equipment and medical supplies.

How are gifts-in-kind used?
Charities give the products directly to those in need or to other charities for redistribution.

Are charities required to report gifts-in-kind like they report cash donations?
Charities are required to report their donations and program expenses on filings with the IRS (Form 990) and state agencies. Schedule M of the Form 990 contains information about gifts-in-kind. The Form 990 and/or financial reports should be available from the charity, online with your state, or at
But not all charities accurately report the value of gifts-in-kind.

How could false reporting of gifts-in-kind affect potential donors like me?
A charity might mark-up the value of goods to make their organization appear more financially successful than it really is. This helps the organization hide high fundraising and administrative costs, since they then appear to be a smaller percent of overall expenses than they actually are. This may falsely increase an organization’s ranking by charity watchdogs.

Is there any way to effectively measure the legitimacy of a charity?
When used and reported as intended, gifts-in-kind can be an important part of a charity’s programs. Worthy causes get much needed supplies, donors may get a tax deduction, and items that might otherwise be destroyed or discarded are put to good use. Charity watchdog groups, like the Better Business Bureau's (BBB) Wise Giving Alliance, Charity Navigator, Charity Watch, and GuideStar, say you can measure an organization by the way it spends its cash. Cash typically comes directly from individual donors. If a charity is using gifts-in-kind to inflate its operations and then spends most of its cash to pay executives or cover operating expenses, this should raise red flags, and you may want to consider donating to a different organization.

Electronics Buyback Scam Taken Offline - Federal Trade Commission
October 11, 2016

Alvaro Puig, Consumer Education Specialist, FTC

It seems like manufacturers are coming out with new smartphones, tablets and other devices at a faster clip year after year. People who upgraded and were looking to get some money back for their old devices may have been tempted by some websites that promised to pay top dollar. As a result of the lawsuit filed by the FTC and the State of Georgia, a federal court just put a stop to one company running several buyback websites because it wasn’t keeping up its end of the bargain.

Laptop & Desktop Repair, the company behind websites like,,, and, gave customers online quotes and promised they’d pay the quoted amount after getting the devices. But when the company received the customer’s device, it changed its tune and offered to pay as little as three percent of the original offer. That’s right, three percent!

If customers weren’t happy with the counter offer, they had a window of three to five days to reject it. Oh, I almost forgot to mention that the window included weekends—and the company was closed on weekends! And another thing, the company wouldn’t respond to customers’ emails. If customers called, the company hung up on them or put them on hold for long time. Seriously, I’m not making this up.

So, what should you do with your old device? You could:


  • Trade it in. Ask the manufacturer or retailer if they’ll take your old device and give you credit toward a new one.

  • Recycle it. Ask the manufacturer or retailer if they recycle old devices. You can also see the EPA’s advice on donating and recycling electronics.

  • Donate it. Contact your local charity and ask if they accept used electronics.

Better Business Bureau
September 15, 2016


This month, BBB's Scam Alerts turn five years old. What have we learned over the past half-decade? A lot, it turns out. To celebrate the anniversary, we are sharing our top five tips for spotting a scam.
Scam Alert's Top Five Tips:
Scammers are constantly coming up with new ways to fool victims. But most scams have a few elements in common.

  • Always be wary of "too good to be true." If a deal is significantly better, a price lower, or an offer greater than you can find elsewhere, be cautious. Keep in mind that businesses need to turn a profit. If a company's offer is so amazing that it's not sustainable, it could be a ploy.

  • Don't underestimate the power of a quick online search. An online search can go a long way in uncovering a con. Chances are that the scam has already fooled other people, and they have posted about it online. Be sure to check out BBB Scam Tracker for the latest (

  • Pay with a credit card and refuse unusual forms of payment. Protect yourself by paying with a credit card, which gives you additional protections such as the opportunity to dispute charges if the business doesn't come through. Be wary of anyone who requests alternative forms of payment, such as wire transfers, pre-paid debit cards, or gift cards.

  • Watch out for a change in routine. If an organization normally reaches you one way, be suspicious if you suddenly start receiving a different type of communication. For example, government agencies generally communicate through mail, but scammers impersonating them often call or send email.

  • Don't believe what you see. Con artists can spoof phone numbers, email templates, websites, letterhead, and social media accounts. Just because something looks real, doesn't mean it is. Instead of relying on your eyes, look for other warning signs.


Scammers say “Help Wanted”
June 14, 2016
by Bridget Small - Consumer Education Specialist, FTC

Criminals don’t like getting caught. So, when they want to send and receive stolen money, they get someone else to do the dirty work. Some scammers develop online relationships and ask their new sweetheart ( or friend to accept a deposit and transfer funds for them. Other cons recruit victims with job ads that seem like they’re for legit jobs, but they’re not. Law enforcement calls the victims ’money mules.’ If you get involved with one of these schemes, you could lose money and personal information, and you could get into legal trouble.

Scammers post ads for imaginary job openings for payment-processing agents, finance support clerks, mystery shoppers, interns, money transfer agents or administrative assistants. They search job sites, online classifieds and social media to hunt for potential money mules. For example, if you post your resume on a job site, they might send you an email saying, ‘We saw your resume online and want to hire you.’ The ads often say:

• the company is outside the U.S.
• all work is done online
• you’ll get great pay for little work

If you respond, the scammer may interview you or send an online application. He does that to collect your personal information and make the job offer seem legitimate. At some point, the scammer will ask for your bank account number, or tell you to open a new account, and then send you instructions about transferring money (

If you think you’re involved with a money transfer scam:
• stop transferring money
• close your bank account
• notify your bank and the wire transfer service about the scam
• report it to the FTC (

If you’re looking for work, check out the FTC’s tips about jobs and making money ( and warning signs of a job scam (




A false appeal to your sense of charity

by Aditi Jhaveri, Consumer Education Specialist

June 9, 2016

If you get a call asking you to give to a charity, you might be tempted to say yes without a second thought. But as with any call you get from someone asking for money out of the blue, pause and do some research to avoid fraudsters who try to take advantage of your generosity.

Unfortunately, there are for-profit companies — like American Handicapped and Disadvantaged Workers, Inc. (AHDW) — that pretend to be charitable organizations and lie about how they use donations. The FTC sued AHDW for deceiving people — and shut them down.

Here’s the story: AHDW’s telemarketers called and asked people to donate — either by giving money or buying overpriced household products from them. These telemarketers, often falsely claiming to be disabled themselves, implied that most of the money raised would be used to pay wages to disabled employees at the company. And as a bonus, people were told they’d get a free gift in the mail for donating.

In reality, most of the telemarketers weren’t disabled, and only a small portion of the company’s earnings were paid to AHDW’s few disabled employees. And those free gifts people got in the mail? They came with invoices, followed by harassing calls demanding payment for products people never ordered.

If you get a call about buying overpriced products to support a charity:


  • Tip: Do some research. Confirm an organization is really a charity before committing to spend extra money. That “charity” might be a for-profit company trying to trick you into overpaying for things you routinely buy. You can search for names on this list of tax-exempt organizations from the IRS, or check with the BBB or your state Attorney General.


  • Tip: Don’t pay for unordered merchandise. You can keep any gifts you get in the mail from a charitable organization that asks for contributions. If you didn’t order it, you don’t have to pay for it — even if someone sends a bill or calls you saying otherwise.


It’s legal for charities to call and ask for donations, even if your number is on the Do Not Call Registry. But it’s against the law for telemarketers to imply they’re from a charitable organization when they’re not.

Scammers can fake caller ID info

by Andrew Johnson, Division of Consumer and Business Education

May 4, 2016

Your phone rings. You recognize the number, but when you pick up, it’s someone else. What’s the deal?

Scammers are using fake caller ID information to trick you into thinking they are someone local, someone you trust – like a government agency or police department, or a company you do business with – like your bank or cable provider. The practice is called caller ID spoofing, and scammers don’t care whose phone number they use. One scammer recently used the phone number of an FTC employee.

Don’t rely on caller ID to verify who’s calling. It can be nearly impossible to tell whether the caller ID information is real. Here are a few tips for handling these calls:


  • Tip: If you get a strange call from the government, hang up. If you want to check it out, visit the official (.gov) website for contact information. Government employees won’t call out of the blue to demand money or account information.


  • Tip: Don’t give out — or confirm — your personal or financial information to someone who calls.


  • Tip: Don’t wire money or send money using a reloadable card. In fact, never pay someone who calls out of the blue, even if the name or number on the caller ID looks legit.


  • Tip: Feeling pressured to act immediately? Hang up. That’s a sure sign of a scam.

If you’ve received a call from a scammer, with or without fake caller ID information, report it to the FTC and the FCC.

Political Scammers by Catherine Fredman

January 5, 2016

Amid the onslaught of political phone spam consumers can expect this election year are new scams that Pindrop’s researchers have never seen before.

The basic scam starts with scammers spoofing a candidate’s phone number so that the call seems to come from campaign headquarters and inviting you to join a virtual “town hall” meeting with the candidate. The meeting sounds legitimate because the scammers have either patched together portions of previous town halls or use a talented voice actor to imitate the candidate. At a certain point, the call is interrupted and you’re asked to press #1 to make a donation. By this time, your emotions are involved and you think, “Yes! I want to support my candidate!” So you give out your credit card number. Not only have you handed over money to an unknown entity, you have opened the door to identity theft.

Tip: Never donate to a political campaign during an unsolicited phone call. “You don’t know whom you’re donating to,” warns Dewey. “There is no way to authenticate the person who’s on the call.”


Mobile Wallet Pickpockets

by Catherine Fredman

January 5, 2016

Scammers thwarted by the added protection of chip-embedded credit cards have a promising alternative: mobile wallets. Thieves increasingly tap funds by tapping into the accounts of others through Apple Pay, Google Wallet, Samsung Pay, Android Pay, PayPal, and others.

Dewey put the security of mobile wallets to a little test: First, he secretly copied credit card numbers and expiration dates from a few colleagues at Pindrop. A little Google investigating revealed the answers to “secure” identification questions (such as a colleague's mother's maiden name) needed to activate the colleague's card under Dewey’s mobile wallet account. Within minutes, Dewey had strolled over to Whole Foods and bought lunch for the office—paid for by his unwitting colleague. (The colleague was reimbursed.)

“It’s amazing how easy it was to add somebody else’s credit card info to my Apple Pay account,” Dewey recalls.

Tip: There will be new scams that will find new loopholes and workarounds to take advantage of new technologies. Check your credit card statements carefully for unexpected charges.

FBI – Federal Bureau of Investigation

June 2, 2016

The Internet Crime Complaint Center (IC3) is receiving an increase in complaints related to technical support scams, where the subject claims to be an employee (or an affiliate) of a major computer software or security company offering technical support to the victim. Recent complaints indicate some subjects are claiming to be support for cable and Internet companies to offer assistance with digital cable boxes and connections, modems, and routers. The subject claims the company has received notifications of errors, viruses, or security issues from the victim's internet connection. Subjects are also claiming to work on behalf of government agencies to resolve computer viruses and threats from possible foreign countries or terrorist organizations. From January 1, 2016, through April 30, 2016, the IC3 received 3,668 complaints with adjusted losses of $2,268,982.

Technical Details

Initial contact with the victims occurs by different methods. Any electronic device with Internet capabilities can be affected.


  1. Telephone: This is the traditional contact method. Victims receive a “cold” call from a person who claims the victim's computer is sending error messages and numerous viruses were detected. Victims report the subjects have strong foreign accents.

  2. Pop-up message: The victim receives an on-screen pop-up message claiming viruses are attacking the device. The message includes a phone number to call to receive assistance.

  3. Locked screen on a device (Blue Screen of Death - BSOD): Victims report receiving a frozen, locked screen with a phone number and instructions to contact a (phony) tech support company. Some victims report being redirected to alternate websites before the BSOD occurs. This has been particularly noticed when the victim was accessing social media and financial websites.

  4. Pop-up messages and locked screens are sometimes accompanied by a recorded, verbal message to contact a phone number for assistance.

Once the phony tech support company/representative makes verbal contact with the victim, the subject tries to convince the victim to provide remote access to their device.

If the device is mobile (a tablet, smart phone, etc.), the subject often instructs the victim to connect the device to a computer to be fixed. Once the subject is remotely connected to the device, they claim to have found multiple viruses, malware, and/or scareware that can be removed for a fee. Fees are collected via a personal debit or credit card, electronic check, wire transfer, or prepaid card. A few instances have occurred in which the victim paid by personal check.


Tips to help make you more sophisticated and less likely to become a victim of fraud in 2016


  • Credit repair fraudsters typically seek out individuals with lots of debt. You’ve likely seen pop-up ads online promising to fix your credit or erase your debt. The Federal Trade Commission (FTC) warns that many of them charge a fee but basically don’t do anything for you. In fact, some may sell your social security number, leading to big problems. Legitimate credit repair services are available that cost little or nothing.


  • Bank draft scams have increased as people turn to sites like eBay and Craigslist to purchase and sell valuables online. Even when sellers require bank drafts or cashier’s checks as payment, they’re not always protected since counterfeit documents can be easy to obtain nowadays. Sellers should insist on going to the bank with the buyer and witness the check being prepared. Alarms should sound if the draft or check is for more than the sale price and you’re asked for the overage in cash.


  • Internet money laundering has become a huge problem, costing some people thousands of dollars and even landing unsuspecting victims behind bars. The latest target audience: job seekers. Authorities find fraudulent activity is being conducted via popular job site listings. Some launderers even send direct emails to individuals and offer them a job they may not have applied for. Unfortunately, too many people are falling for these scams, especially those who are unemployed and desperately seeking a source of income. Job seekers should be cautious when an application requires processing payments or transferring funds, because doing so for an illegitimate source could lead to serious jail time. Never give social security or bank account numbers out over the phone or online, and remember: real employers will want to interview you before offering a job.


  • Identity theft is one of the fastest-growing financial frauds – in fact, it was the No. 1 complaint reported to the FTC in 2014. It is especially concerning because victims not only suffer monetary damages, but their reputation and credit may also be impacted. Crooks are hacking into various databases to steal personal information and assume a victim’s identity. Forged government documents top the list of the most common identification frauds, followed by credit card, phone/utilities and bank fraud. If you think you’re a victim, ask that a fraud alert be added to your credit report, then file an ID theft report with the FTC (1-877-438-4338 or


Scam du jour: Chip card scams

October 19, 2015
Colleen Tressler - Consumer Education Specialist, FTC

Recently, I told you about the new credit and debt chip cards designed to reduce fraud, including counterfeiting.

Now, I'm reporting on scammers who are trying to take advantage of the millions of consumers who haven't yet received a chip card.

Here's what’s happening: Scammers are emailing people, posing as their card issuer. The scammers claim that in order to issue a new chip card, you need to update your account by confirming some personal information or clicking on a link to continue the process.

If you reply to the email with personal information, the scammer can use it to commit identity theft. If you click on the link, you may unknowingly install malware on your device. Malware programs can cause your device to crash, monitor your online activity, send spam, steal personal information and commit fraud.

So how can you tell if the email is from a scammer?


  • There's no reason your card issuer needs to contact you by email — or by phone, for that matter — to confirm personal information before sending you a new chip card. Don't respond to an email or phone call that asks you to provide your card number. Period.

  • Still not sure if the email is a scam? Contact your card issuers at the phone numbers on your cards.

  • Don't trust links in emails. Only provide personal information through a company's website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the "s" stands for secure).




September 9, 2015


Are you a nanny or caregiver who lists your services on sites like,, or A few months ago, we warned about a scam that targets caregivers ( like you. Here’s a reminder: a con artist emails or texts an offer to hire you. The scammer also sends you a check and asks you to deposit it, keep some money for your services, and send the rest to someone else to — supposedly — pay for special items or medical equipment. But the check is fake, and it can take weeks for a bank to discover the forgery. If you deposit the check and withdraw the funds, you’ll wind up owing the bank all that money.


After the last post, we heard back from many people with great ideas to help avoid this scam:

  • Don’t deposit a check from — or send money to — anyone you don’t know.

  • Never share your bank account number — including with a potential client.

  • Be careful with potential clients who claim to be out of town or pressure you to deposit their check.

  • Check out your potential clients. Search online for their names, email addresses, phone numbers, and even the text of the message you received. Many people said that an easy search told them they were dealing with a scammer. 

  • Call MoneyGram (1-800-666-3947) or Western Union (1-800-448-1492) if you were tricked into transferring money. 

If you got a check through the U.S. mail, file a complaint with the U.S. Postal Inspection Service ( And, as always, please tell the FTC (





August 13, 2015


Unwanted phone calls or random text messages seem to come at all hours. They bug you at work, interrupt your dinner, or wake you up when you’re sound asleep. I think we can all agree they’re a real nuisance. Did you know they could also be a scam?


If your phone number is one of the more than 217 million numbers on the Do Not Call ( Registry, you’ve taken action to stop most unwanted sales calls. The law allows political calls, calls from charitable organizations, informational calls, calls about debts you owe, and phone surveys, as well as calls from companies you’ve done business with or gave permission to call.

If you get an unwanted sales call or a robocall ( - a recorded message that’s pitching a product or service— it’s probably a scam. The unscrupulous businesses behind these calls use auto dialers to make thousands of calls a minute and don’t bother to check if the numbers are on the Do Not Call Registry. Don’t press buttons to request to speak to someone or be taken off the call list. You’ll just end up getting more unwanted calls. Hang up and report it to the Federal Trade Commission at or 1-888-382-1222.


If you’re getting repeated calls from the same number, you might want to ask your service provider to block the number; for calls from different numbers, ask if they offer a service to block unwanted calls. You can also buy a call blocking device. Getting calls on your mobile phone? There’s an app for that.  Actually, there’s more than one.  Look in your mobile app store or marketplace.


What about those random text messages?  It’s illegal for a company to send you a text message if it doesn’t have your permission, barring a few exceptions (  If you get a random text message from a number you don’t recognize ( says you won something or asks you to confirm some personal information, don’t text back or click on links. Report it to your provider at 7726 (SPAM) and to the FTC at or 1-888-382-1222.





August 5, 2015


Imposters.  Impersonators.  Fakes.  Frauds.  Phonies.  You might call them by different names but these scam artists have one thing in common: they pretend to be someone they aren’t and tell you a bogus story to con you into wiring them money.


The crooks will give you a pretty convincing reason to wire money. They might say you owe the IRS taxes and you’ll be arrested if you don’t pay up. Or that you won a federal grant and have to pay a processing fee to get your money. Some even tell you a loved one’s in trouble and needs your help.

They might tell you to use a money wiring service to add funds to a 16-digit account number they give you—they say it’s your case number or account number, but it’s not. Once the transfer goes through, the money’s gone and you can’t get it back.


Government agencies will never ask you to pay by wiring money. Neither will legitimate businesses. If someone insists you pay by wiring money, it’s a scam. Don’t do it. Instead, report it to the Federal Trade Commission at ( or 1-877-FTC-HELP.





July 10, 2015


My grandma kept an eye out for cheaters. (No, not that kind.) Back in the day, if a salesman knocked on her front door, she waved them off. Before caller ID, she hung up on telemarketers. But a call from a phony debt collector, she might have fallen for that one!  Especially if the debt collector said she was responsible for her grandchild’s debt. 


Here’s what’s happening:  A fake debt collector ( calls you. They want to collect on a debt your grandchild (supposedly) failed to pay. They ask you to wire money (, send a prepaid card or give your credit card number – immediately. And if you won’t – or can’t – pay, that’s when the threats begin:

“Your grandchild will be arrested.”
“He’ll lose his job.”
“We’ll suspend her driver’s license.”

Unless you co-signed a loan, you’re never responsible for someone else’s debt.  In fact, debt collectors can’t legally tell you that someone – anyone – else even has a debt.


If you get one of these calls, stop. Don’t be rushed into sending money. Don’t verify any personal or financial information. And hang up if the caller threatens you. Debt collectors can’t do that. It’s not legal. Once you’re off the phone, report the call to the FTC (





July 20, 2015


You hear from us fairly often about imposter scams. In recent months, we’ve told you about IRS imposters (, romance scams (, and work-at-home scams ( We always give you tips on how to spot and avoid these scams. We tell you about the cases we’ve brought to shut down the scammers. But, as a civil law enforcement agency, we don’t often get to tell you about the criminal charges brought against the scammers, until today.


The Department of Justice (DOJ) recently announced ( the extradition of six Nigerian nationals from South Africa to Mississippi to face a nine-count federal indictment for various Internet frauds. These six people join 15 others who were previously charged with, among other things, conspiracy to commit mail fraud, wire fraud, bank fraud, identity theft, and money laundering.

What were the scams? According to the indictment, the defendants found and reached out to their potential victims through online dating websites ( and work-at-home opportunities ( In some cases, they carried on so-called romantic relationships with their targets, trying to get their victims to do things like re-ship merchandise purchased with stolen credit cards, deposit counterfeit checks, and send money to the defendants – whether via wiring money or sending prepaid debit cards.


Here’s where you come in. If you know someone who lost money or information to romance, reshipping, fake check, or work-at-home scammers, please tell them to visit DOJ’s announcement ( Why?  Because there’s a list of aliases and email addresses that the defendants allegedly used in carrying out these scams. If you recognize a name or email address, you could help in the investigation of these crimes.


It’s not every day you get to help lock up alleged bad guys.  Unless, of course, you work at the Department of Justice, the US Postal Inspection Service, or Homeland Security Investigations – all of which had a hand in this case.  


Consumers Targeted by Vishing Scam Should Call Agency’s Hotline (01/22/2014)

ALEXANDRIA, Va. (Jan. 21, 2014) – The National Credit Union Administration today warned consumers to beware of a new telephone fraud, known as a “vishing” scheme, that is using the agency’s name in an attempt to obtain personal financial information.

Several credit union members have been contacted by an automated phone call claiming to be from NCUA and notifying consumers their debit cards have been compromised. The call then asks the receiver to follow prompts, which request personal information, including sensitive financial data and personal identification information.

Anyone contacted by this so-called “vishing” scheme should immediately contact NCUA’s Consumer Assistance Center Hotline at 800-755-1030 or by email at to report the scam. Operators answer calls Monday through Friday between 8 a.m. and 5 p.m. Eastern.



ALERT - "SMISHING" SCAM (06/27/2013)


Mutual Security has received reports from some of our members that they have received text messages on their cell phones stating their credit card has been deactivated and that they must call a specific telephone number in order to reactivate it. 




“SMISHING”or SMS phishing, is a variant of phishing email scams that instead utilizes Short Message Service (SMS) systems to send bogus text messages. Smishing scams frequently seek to direct the text message recipient to visit a website or call a phone number, at which point the person being scammed is enticed to provide sensitive information such as credit card details or passwords.



As a reminder to all of our cardholders – When you are issued a Mutual Security Credit or ATM card, activation is only prompted with a sticker placed on the new card being received.


Should you have any questions, or have been affected by this type of fraud, please do not hesitate to contact our Card Services Department by calling 1-800-761-2400 option 5.



NCUA Alert Warns Of Phishing Scam (03/28/2013)

The National Credit Union Administration has warned of a new phishing scam using the agency's name in an attempt to obtain consumer debit card account numbers.

The scammers have set up an automated message, claiming to be from the NCUA, which erroneously informs consumers that their debit card has been deactivated. The consumer is then instructed to press 1 on their phone, and enter their 16 digit account number, to reactivate their card.

Consumers should be aware this is not a call from NCUA, and if they receive it, should notify NCUA's Fraud Hotline, toll-free, at 800-827-9650 or 703-518-6550 in the Washington, D.C., area, the agency said.

The NCUA provides fraud alerts, and avoidance and detection resources, on the fraud information center.



Fraud Alert - Infected Laptops at Hotels (08/15/2012)

The FBI recently reported that fraudsters are targeting travelers, both domestically and abroad through pop-up windows while they are establishing an Internet connection in their hotel rooms.


The report cites instances where a traveler's laptop was infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to set up the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available.


The FBI recommends that all individuals who travel take extra caution before updating software products through their hotel Internet connection. Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack. The FBI also recommends that travelers perform software updates on laptops immediately before traveling, and that they download software updates directly from the software vendor’s website if updates are necessary.


Anyone who believes they have been a target of this type of attack should immediately contact their local FBI office and promptly report it to the IC3’s website at The IC3’s complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The complaint information is also used to identify emerging trends and patterns.



NEW Text Message Phishing Scam (05-07-2012)


Mutual Security Credit Union has been notified that there is a new phishing scam being used to collect and access personal and account information.


This scam comes in the form of a text message sent to cellular phones. Below is an example of the messages that have been received by MSCU members and many members of other credit unions and customers of banks…


THE CREDIT UNION CENTER ALERT: Your card starting with XXXX has been DEACTIVATED. Please contact us at 203-YYY-ZZZZ.


THIS MESSAGE IS NOT FROM MUTUAL SECURITY as we are not in the practice of notifying our membership of any account issues via text messaging. If you have received this scam text message (or if you should ever receive one like this in the future), we strongly advise our members NOT to call the phone number provided in the scam text message.


Many cellular service providers offer methods of reporting spam/scam text messages directly to them, which we recommend that you do so immediately upon receiving any such message.


Further, should you ever receive any questionable text messages or emails, remember to NEVER provide any personal information. For any questions, or to report a scam/spam message to us, please contact our Member Service Center at 1-800-761-2400 and speak to one of our friendly and knowledgeable representatives.





You might have heard about online "phishing" scams designed to steal money from unsuspecting Web users, but now criminals are using another type of scam called "vishing" to commit the same crimes, which use the phone network to swindle people out of money.


Recently, Mutual Security has been notified by some of our VISA Credit Card holders of an automated call received on their cell phones from the 317 area code which appears to be a vishing attempt to gain cardholder information. We would like to remind our members to NEVER give out Credit Card numbers, PIN numbers, or other personal information when receiving a call, since the Credit Union would already have that information when we are contacting a member.


To help our members understand what these scams are, how they work and how they can protect themselves, Mutual Security Credit Union has put together this FAQ.


What is vishing?


The term "vishing" is a socially engineered technique for stealing information or money from consumers using the telephone network. The term comes from combining "voice" with "phishing," which are online scams that get people to give up personal information.


How does it work?


Typically attackers use a technique called caller ID spoofing to make it look like calls are coming from a legitimate or known phone number. It's a very similar technique to email spoofing, which makes e-mail addresses look like they are coming from a trusted source. But because people typically trust the phone service and caller ID, spoofing phone numbers can be particularly damaging.


And just like with online phishing attacks, which direct consumers to phony Web sites, vishing attacks usually have a recorded message that tells users to call a toll-free number. The caller is then typically asked to punch in a credit card number or other personal information.


How can a scammer spoof a phone number?


With voice over IP phone technology, caller ID spoofing is very easy to do. The traditional phone network works by connecting one circuit to another. Each circuit on either end of the call is assigned a phone number by the phone company. So changing the phone number of a caller was more difficult. Of course, there were people who had figured out ways to hack into the old phone network to do this, but it wasn't as easy as it is today with voice over IP technology. With VoIP services, there is no circuit. These services use the Internet, which assigns different devices on the network IP addresses instead of actual phone numbers. Phone numbers are actually assigned by the users themselves.


What can our members do to protect themselves?


Here is some advice from security experts:


  • Be aware. Consumers need to know that these scams exist. To find out more information, go to the FTC Website (

  • Be suspicious of all unknown callers. People should be just as suspicious of phone calls as they are of e-mails asking for personal information. And some experts suggest letting all calls from unknown callers go to voicemail.

  • Don't trust caller ID. Just because your caller ID displays a phone number or name of a legitimate company you might recognize, it doesn't guarantee the call is really coming from that number or company. As explained earlier, caller ID spoofing is easy.

  • Ask questions. If someone is trying to sell you something or asking for your personal or financial information, ask them to identify who they work for, and then check them out to see if they are legitimate.

  • Never provide credit card information or other private information to anyone who calls you.

  • Register your number with the National Do Not Call registry at ( Also, the Website provides a place where complaints can be filed.

  • Report incidents. Report vishing calls to ( or call (888) 382-1222. The FTC wants the number and name that appeared on the caller ID as well as the time of day and the information talked about or heard in a recorded message. If you think you've been a victim of a vishing attack, you can also visit the Internet Crime Complaint Center (


Email Threat


The FBI has issued a warning about a new malware attack targeting bank accounts. The malware is called Gameover and the FBI says it is able to defeat several forms of dual-factor authentication. The FBI suggests that consumers and businesses pay attention to suspicious emails purporting to come from NACHA, The Electronic Payments Association. NACHA does not traditionally send emails directly to businesses or consumers.


Receipt of a direct email from an organization such as NACHA should raise a red flag. If you receive any emails appearing to come from NACHA please delete them. Do not open or click on any links contained in the message.



Mutual Security would like to ensure that our members are aware of and understand the sustained and evolving nature of phishing attacks 

“NACHA” (the National Automated Clearing House Association) has been the victim of sustained and evolving phishing attacks in which consumers and businesses are receiving emails that appear to come from NACHA. The attacks are occurring with greater frequency and increased sophistication. Perpetrators may also be exploiting email addresses recently stolen from Epsilon. 
These fraudulent emails typically make reference to an ACH transfer, payment, or transaction and contain a link or attachment that infects the computer with malicious code when clicked on by the email recipient. The contents of these fraudulent emails vary, with more recent examples including a counterfeit NACHA logo and the citation of NACHA’s physical mailing address and telephone number.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.
Additional information and guidance on phishing is available on the
 National Credit Union Association (NCUA) website ( and on the NACHA website (


Action Requested


MSCU would like to caution our members NOT to open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom they do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. Any suspected fraudulent emails appearing to come from NACHA should be forwarded directly to to aid in their efforts with security experts and law enforcement officials to pursue the perpetrators.
If malicious code is detected or suspected on your computer, you should consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. MSCU would like to remind our members to ALWAYS use anti-virus software and ensure that the virus signatures are automatically updated. Additionally, you should ensure that your computer operating systems and your anti-virus software application’s security patches are installed and current.



Next Wave of ID Thefts Targeting Kids' SSNs 

Identity thieves are beginning to steal Social Security numbers of children, long before they're ready for a savings or checking account or a credit score - and that could threaten the nation's credit system, said an Associated Press report ( Aug. 3).

The thefts could be a problem for credit unions and other financial institutions because they rely on credit scores from FICO, Experian, TransUnion, and Equifax. But those scores could contain false information, planted by people who use stolen Social Security numbers to piggyback on the credit of someone else, according to Kansas City law enforcement agents.

Kansas City Assistant U.S. Attorney Linda Marshall and Julie Jensen, a special agent with the Federal Bureau of Investigation's office in Kansas City, said that in the fraud, online businesses use computers to locate dormant Social Security numbers, usually of children or long-term prison inmates who don't use them. The companies sell the numbers under another name to people who establish phony credit and run up huge debts without intending to pay.

The sellers skirt the law by referring to the Social Security numbers as "credit privacy numbers" or CPNs. They are also called "credit profile numbers" and "credit protection numbers."

Jensen discovered the scheme and says it is easy to create a false credit score using the CPNs, said the article.

The crooks have years to use the numbers before the child is old enough to apply for credit. That makes the fraud difficult to detect, and authorities can't estimate how prevalent the practice is.

The fraud is emerging because 25.5% of consumers have credit scores of 599 or below, which means they're poor credit risks. Many credit decisions are based on the credit scores provided by FICO and the three major credit reporting bureaus. But Jensen says those credit scores could contain false information.

FICO said it has tools for businesses to protect themselves, but the tools are expensive, the article said.



Fraud Email Phishing Activity Reported 


The National Credit Union Administration (NCUA) is reporting recently simulated NCUA email boxes. The fraudulent emails solicit credit union member participation in an Online Survey or Member Survey, and promise compensation of $40 as an inducement to respond to the email.


The emails are fraudulent, and may be an attempt to obtain confidential member information. NCUA does not solicit such information from credit union members. This is a phishing activity with no NCUA activity or approval. If you have received these emails please do not respond. If you have any questions or concerns please email NCUA at


Credit Union National Association is aware of phone calls, text messages, and emails being made about:


  • Account De-activation
  • Account Status Alert
  • Changes to Terms and Conditions
  • Irregular Activity


These e-mails and text messages ask that the customer call a number in order to have their account reactivated. Some may request that you leave callback information or provide your financial information directly. All of these messages are fraudulent. Please do not respond to these messages.



You are currently leaving Mutual Security Credit Union’s website. Third party links are only offered for your convenience. By accessing these links you will be leaving MSCU’s website and entering a website hosted by another party. You are encouraged to review the privacy and security policies of the site you are entering, which may differ from those practiced by MSCU. MSCU does not provide, and is not responsible for, the product, service, or overall website content available on third party sites.