Recovery Scams – Federal Trade Commission
Scam artists buy and sell "sucker lists" with the names of people
who already have lost money to fraudulent promotions. These crooks
may call you promising to recover the money you lost or the prize or
merchandise you never received — for a fee in advance. That's
against the law. Under the Telemarketing Sales Rule, they cannot ask
for — or accept — payment until seven business days after they
deliver the money or other item they recovered to you.
How the Scams
Many consumers might not know that they have been scammed by a bogus
prize promotion, phony charity drive, fraudulent business
opportunity or other scam. But if you have unknowingly paid money to
such a scam, chances are your name is on a "sucker list." That list
may include your address, phone numbers, and other information, like
how much money you've spent responding to phony offers. Dishonest
promoters buy and sell "sucker lists" on the theory that people who
have been deceived once have a high likelihood of being scammed
These scammers lie when they promise that, for a fee or a donation
to a specific charity, they will recover the money you lost, or the
prize or product you never received. They use a variety of lies to
add credibility to their pitch: some claim to represent companies or
government agencies; some say they're holding money for you; and
others offer to file necessary complaint paperwork with government
agencies on your behalf. Still others claim they can get your name
at the top of a list for victim reimbursement.
The Federal Trade Commission (FTC), the nation's consumer protection
agency, says claims like these often are false. Although some
federal and local government agencies and consumer organizations
help people who have lost money, they don't charge a fee. Nor do
they guarantee to get your money back, or give special preference to
anyone who files a formal complaint.
Seeing Through a Recovery Scam
Here are some tips to help you avoid losing money to a recovery
money or your bank or credit card account number to anyone who
calls offering to recover money, merchandise, or prizes you
never received if the caller says you have to pay a fee in
advance. Under the Telemarketing Sales Rule, it's against the
law for someone to request or receive payment from you until
seven business days after you have the money or other item in
claims to represent a government agency that will recover your
lost money, merchandise, or prizes for a fee or a donation to a
charity, report them immediately to the FTC. National, state,
and local consumer protection agencies and nonprofit
organizations do not charge for their services.
use any company to recover either money or a prize, ask what
specific services the company provides and the cost of each
service. Check out the company with local government law
enforcement and consumer agencies; ask whether other people have
registered complaints about the business. You also can enter the
company name into an online search engine to look for
Charitable Gifts-in-Kind FAQ – Federal Trade Commission
When you think about donating to a charity, you may think about
donating money. But there’s another type of donation you may not be
aware of — gifts-in-kind.
They are any non-cash donation from individuals and businesses to a
charity. Common examples are food, clothing, prescription drugs,
equipment and medical supplies.
Charities give the products directly to those in need or to other
charities for redistribution.
Are charities required to report gifts-in-kind like they report
Charities are required to report their donations and program
expenses on filings with the IRS (Form 990) and state agencies.
Schedule M of the Form 990 contains information about gifts-in-kind.
The Form 990 and/or financial reports should be available from the
charity, online with your state, or at guidestar.org.
But not all charities accurately report the value of gifts-in-kind.
How could false reporting of gifts-in-kind affect potential
donors like me?
A charity might mark-up the value of goods to make their
organization appear more financially successful than it really is.
This helps the organization hide high fundraising and administrative
costs, since they then appear to be a smaller percent of overall
expenses than they actually are. This may falsely increase an
organization’s ranking by charity watchdogs.
Is there any way to effectively measure the legitimacy of a
When used and reported as intended, gifts-in-kind can be an
important part of a charity’s programs. Worthy causes get much
needed supplies, donors may get a tax deduction, and items that
might otherwise be destroyed or discarded are put to good use.
Charity watchdog groups, like the Better Business Bureau's (BBB)
Wise Giving Alliance, Charity Navigator, Charity Watch, and
GuideStar, say you can measure an organization by the way it spends
its cash. Cash typically comes directly from individual donors. If a
charity is using gifts-in-kind to inflate its operations and then
spends most of its cash to pay executives or cover operating
expenses, this should raise red flags, and you may want to consider
donating to a different organization.
Electronics Buyback Scam Taken Offline - Federal Trade Commission
October 11, 2016
Consumer Education Specialist, FTC
It seems like manufacturers are coming out with new smartphones,
tablets and other devices at a faster clip year after year. People
who upgraded and were looking to get some money back for their old
devices may have been tempted by some websites that promised to pay
top dollar. As a result of the lawsuit filed by the FTC and the
State of Georgia, a federal court just put a stop to one company
running several buyback websites because it wasn’t keeping up its
end of the bargain.
Laptop & Desktop Repair, the company behind websites like
cashforiphones.com, cashforlaptops.com, ecyclebest.com,
smartphonetraders.com and sell-your-cell.com, gave customers online
quotes and promised they’d pay the quoted amount after getting the
devices. But when the company received the customer’s device, it
changed its tune and offered to pay as little as three percent of
the original offer. That’s right, three percent!
If customers weren’t happy with the counter offer, they had a window
of three to five days to reject it. Oh, I almost forgot to mention
that the window included weekends—and the company was closed on
weekends! And another thing, the company wouldn’t respond to
customers’ emails. If customers called, the company hung up on them
or put them on hold for long time. Seriously, I’m not making this
So, what should you do with your old device? You could:
Trade it in.
Ask the manufacturer or retailer if they’ll take your old device
and give you credit toward a new one.
Ask the manufacturer or retailer if they recycle old devices.
You can also see the EPA’s advice on donating and recycling
Contact your local charity and ask if they accept used
Better Business Bureau
September 15, 2016
BBB's Scam Alerts turn five years old. What have we learned over the
past half-decade? A lot, it turns out. To celebrate the anniversary,
we are sharing our top five tips for spotting a scam.
Scam Alert's Top Five Tips:
Scammers are constantly coming up with new ways to fool victims. But
most scams have a few elements in common.
wary of "too good to be true." If a deal is significantly
better, a price lower, or an offer greater than you can find
elsewhere, be cautious. Keep in mind that businesses need to
turn a profit. If a company's offer is so amazing that it's not
sustainable, it could be a ploy.
underestimate the power of a quick online search. An online
search can go a long way in uncovering a con. Chances are that
the scam has already fooled other people, and they have posted
about it online. Be sure to check out BBB Scam Tracker for the
Pay with a
credit card and refuse unusual forms of payment. Protect
yourself by paying with a credit card, which gives you
additional protections such as the opportunity to dispute
charges if the business doesn't come through. Be wary of anyone
who requests alternative forms of payment, such as wire
transfers, pre-paid debit cards, or gift cards.
for a change in routine. If an organization normally reaches you
one way, be suspicious if you suddenly start receiving a
different type of communication. For example, government
agencies generally communicate through mail, but scammers
impersonating them often call or send email.
believe what you see. Con artists can spoof phone numbers, email
templates, websites, letterhead, and social media accounts. Just
because something looks real, doesn't mean it is. Instead of
relying on your eyes, look for other warning signs.
June 14, 2016
by Bridget Small - Consumer Education Specialist, FTC
Criminals don’t like getting caught. So, when they want to send and
receive stolen money, they get someone else to do the dirty work.
Some scammers develop online relationships and ask their new
or friend to accept a deposit and transfer funds for them. Other
cons recruit victims with job ads that seem like they’re for legit
jobs, but they’re not. Law enforcement calls the victims ’money
mules.’ If you get involved with one of these schemes, you could
lose money and personal information, and you could get into legal
Scammers post ads for imaginary job openings for payment-processing
agents, finance support clerks, mystery shoppers, interns, money
transfer agents or administrative assistants. They search job sites,
online classifieds and social media to hunt for potential money
mules. For example, if you post your resume on a job site, they
might send you an email saying, ‘We saw your resume online and want
to hire you.’ The ads often say:
• the company is
outside the U.S.
• all work is done online
• you’ll get great pay for little work
If you respond,
the scammer may interview you or send an online application. He does
that to collect your personal information and make the job offer
seem legitimate. At some point, the scammer will ask for your bank
account number, or tell you to open a new account, and then send you
instructions about transferring money
If you think
you’re involved with a money transfer scam:
• stop transferring money
• close your bank account
• notify your bank and the wire transfer service about the scam
• report it to the FTC (https://www.ftccomplaintassistant.gov/)
If you’re looking for work, check out the FTC’s tips about jobs and
making money (https://www.consumer.ftc.gov/topics/jobs-making-money)
and warning signs of a job scam (https://www.consumer.ftc.gov/articles/0243-job-scams).
A false appeal to your sense of charity
by Aditi Jhaveri,
Consumer Education Specialist
FEDERAL TRADE COMMISSION
June 9, 2016
If you get a call asking you to give to a charity, you might be
tempted to say yes without a second thought. But as with any call
you get from someone asking for money out of the blue, pause and do
some research to avoid fraudsters who try to take advantage of your
Unfortunately, there are for-profit companies — like American
Handicapped and Disadvantaged Workers, Inc. (AHDW) — that pretend to
be charitable organizations and lie about how they use donations.
The FTC sued AHDW for deceiving people — and shut them down.
Here’s the story: AHDW’s telemarketers called and asked people to
donate — either by giving money or buying overpriced household
products from them. These telemarketers, often falsely claiming to
be disabled themselves, implied that most of the money raised would
be used to pay wages to disabled employees at the company. And as a
bonus, people were told they’d get a free gift in the mail for
In reality, most of the telemarketers weren’t disabled, and only a
small portion of the company’s earnings were paid to AHDW’s few
disabled employees. And those free gifts people got in the mail?
They came with invoices, followed by harassing calls demanding
payment for products people never ordered.
If you get a call about buying overpriced products to support a
some research. Confirm an organization is really a charity
before committing to spend extra money. That “charity” might be
a for-profit company trying to trick you into overpaying for
things you routinely buy. You can search for names on this list
of tax-exempt organizations from the IRS, or check with the BBB
or your state Attorney General.
It’s legal for
charities to call and ask for donations, even if your number is on
the Do Not Call Registry. But it’s against the law for telemarketers
to imply they’re from a charitable organization when they’re not.
Scammers can fake caller ID info
Johnson, Division of Consumer and Business Education
May 4, 2016
Your phone rings. You recognize the number, but when you pick up,
it’s someone else. What’s the deal?
Scammers are using fake caller ID information to trick you into
thinking they are someone local, someone you trust – like a
government agency or police department, or a company you do business
with – like your bank or cable provider. The practice is called
caller ID spoofing, and scammers don’t care whose phone number they
use. One scammer recently used the phone number of an FTC employee.
Don’t rely on caller ID to verify who’s calling. It can be nearly
impossible to tell whether the caller ID information is real. Here
are a few tips for handling these calls:
If you get a strange call from the government, hang up. If
you want to check it out, visit the official (.gov) website for
contact information. Government employees won’t call out of the
blue to demand money or account information.
received a call from a scammer, with or without fake caller ID
information, report it to the FTC and the FCC.
Political Scammers by Catherine Fredman
January 5, 2016
Amid the onslaught of political phone spam consumers can expect this
election year are new scams that Pindrop’s researchers have never
The basic scam starts with scammers spoofing a candidate’s phone
number so that the call seems to come from campaign headquarters and
inviting you to join a virtual “town hall” meeting with the
candidate. The meeting sounds legitimate because the scammers have
either patched together portions of previous town halls or use a
talented voice actor to imitate the candidate. At a certain point,
the call is interrupted and you’re asked to press #1 to make a
donation. By this time, your emotions are involved and you think,
“Yes! I want to support my candidate!” So you give out your credit
card number. Not only have you handed over money to an unknown
entity, you have opened the door to identity theft.
Tip: Never donate to a political campaign during an
unsolicited phone call. “You don’t know whom you’re donating to,”
warns Dewey. “There is no way to authenticate the person who’s on
Mobile Wallet Pickpockets
January 5, 2016
Scammers thwarted by the added protection of chip-embedded credit
cards have a promising alternative: mobile wallets. Thieves
increasingly tap funds by tapping into the accounts of others
through Apple Pay, Google Wallet, Samsung Pay, Android Pay, PayPal,
Dewey put the security of mobile wallets to a little test: First, he
secretly copied credit card numbers and expiration dates from a few
colleagues at Pindrop. A little Google investigating revealed the
answers to “secure” identification questions (such as a colleague's
mother's maiden name) needed to activate the colleague's card under
Dewey’s mobile wallet account. Within minutes, Dewey had strolled
over to Whole Foods and bought lunch for the office—paid for by his
unwitting colleague. (The colleague was reimbursed.)
“It’s amazing how easy it was to add somebody else’s credit card
info to my Apple Pay account,” Dewey recalls.
Tip: There will be new scams that will find new loopholes and
workarounds to take advantage of new technologies. Check your credit
card statements carefully for unexpected charges.
TECH SUPPORT SCAM
FBI – Federal Bureau of Investigation
June 2, 2016
The Internet Crime Complaint Center (IC3) is receiving an increase
in complaints related to technical support scams, where the subject
claims to be an employee (or an affiliate) of a major computer
software or security company offering technical support to the
victim. Recent complaints indicate some subjects are claiming to be
support for cable and Internet companies to offer assistance with
digital cable boxes and connections, modems, and routers. The
subject claims the company has received notifications of errors,
viruses, or security issues from the victim's internet connection.
Subjects are also claiming to work on behalf of government agencies
to resolve computer viruses and threats from possible foreign
countries or terrorist organizations. From January 1, 2016, through
April 30, 2016, the IC3 received 3,668 complaints with adjusted
losses of $2,268,982.
Initial contact with the victims occurs by different methods. Any
electronic device with Internet capabilities can be affected.
This is the traditional contact method. Victims receive a “cold”
call from a person who claims the victim's computer is sending
error messages and numerous viruses were detected. Victims
report the subjects have strong foreign accents.
message: The victim receives an on-screen pop-up message
claiming viruses are attacking the device. The message includes
a phone number to call to receive assistance.
screen on a device (Blue Screen of Death - BSOD): Victims report
receiving a frozen, locked screen with a phone number and
instructions to contact a (phony) tech support company. Some
victims report being redirected to alternate websites before the
BSOD occurs. This has been particularly noticed when the victim
was accessing social media and financial websites.
messages and locked screens are sometimes accompanied by a
recorded, verbal message to contact a phone number for
Once the phony
tech support company/representative makes verbal contact with the
victim, the subject tries to convince the victim to provide remote
access to their device.
If the device is mobile (a tablet, smart phone, etc.), the subject
often instructs the victim to connect the device to a computer to be
fixed. Once the subject is remotely connected to the device, they
claim to have found multiple viruses, malware, and/or scareware that
can be removed for a fee. Fees are collected via a personal debit or
credit card, electronic check, wire transfer, or prepaid card. A few
instances have occurred in which the victim paid by personal check.
Tips to help make you more sophisticated and less likely to become a
victim of fraud in 2016
repair fraudsters typically seek out individuals with lots of
debt. You’ve likely seen pop-up ads online promising to fix your
credit or erase your debt. The Federal Trade Commission (FTC)
warns that many of them charge a fee but basically don’t do
anything for you. In fact, some may sell your social security
number, leading to big problems. Legitimate credit repair
services are available that cost little or nothing.
scams have increased as people turn to sites like eBay and
Craigslist to purchase and sell valuables online. Even when
sellers require bank drafts or cashier’s checks as payment,
they’re not always protected since counterfeit documents can be
easy to obtain nowadays. Sellers should insist on going to the
bank with the buyer and witness the check being prepared. Alarms
should sound if the draft or check is for more than the sale
price and you’re asked for the overage in cash.
money laundering has become a huge problem, costing some people
thousands of dollars and even landing unsuspecting victims
behind bars. The latest target audience: job seekers.
Authorities find fraudulent activity is being conducted via
popular job site listings. Some launderers even send direct
emails to individuals and offer them a job they may not have
applied for. Unfortunately, too many people are falling for
these scams, especially those who are unemployed and desperately
seeking a source of income. Job seekers should be cautious when
an application requires processing payments or transferring
funds, because doing so for an illegitimate source could lead to
serious jail time. Never give social security or bank account
numbers out over the phone or online, and remember: real
employers will want to interview you before offering a job.
theft is one of the fastest-growing financial frauds – in fact,
it was the No. 1 complaint reported to the FTC in 2014. It is
especially concerning because victims not only suffer monetary
damages, but their reputation and credit may also be impacted.
Crooks are hacking into various databases to steal personal
information and assume a victim’s identity. Forged government
documents top the list of the most common identification frauds,
followed by credit card, phone/utilities and bank fraud. If you
think you’re a victim, ask that a fraud alert be added to your
credit report, then file an ID theft report with the FTC
Scam du jour: Chip card scams
Tressler - Consumer Education Specialist, FTC
Recently, I told you about the new credit and debt chip cards designed
to reduce fraud, including counterfeiting.
Now, I'm reporting on scammers who are trying to take advantage of the
millions of consumers who haven't yet received a chip card.
Here's what’s happening: Scammers are emailing people, posing as their
card issuer. The scammers claim that in order to issue a new chip card,
you need to update your account by confirming some personal information
or clicking on a link to continue the process.
If you reply to the email with personal information, the scammer can use
it to commit identity theft. If you click on the link, you may
unknowingly install malware on your device. Malware programs can cause
your device to crash, monitor your online activity, send spam, steal
personal information and commit fraud.
So how can you tell if the email is from a scammer?
reason your card issuer needs to contact you by email — or by phone,
for that matter — to confirm personal information before sending you
a new chip card. Don't respond to an email or phone call that asks
you to provide your card number. Period.
Still not sure
if the email is a scam? Contact your card issuers at the phone
numbers on your cards.
links in emails. Only provide personal information through a
company's website if you typed in the web address yourself and you
see signals that the site is secure, like a URL that begins https
(the "s" stands for secure).
REVENGE OF THE NANNIES
September 9, 2015
Are you a nanny or
caregiver who lists your services on sites like care.com, sittercity.com,
or craigslist.com? A few months ago, we warned about a scam that targets
like you. Here’s a reminder: a con artist emails or texts an offer to
hire you. The scammer also sends you a check and asks you to deposit it,
keep some money for your services, and send the rest to someone else to
— supposedly — pay for special items or medical equipment. But the check
is fake, and it can take weeks for a bank to discover the forgery. If
you deposit the check and withdraw the funds, you’ll wind up owing the
bank all that money.
After the last post,
we heard back from many people with great ideas to help avoid this scam:
Don’t deposit a
check from — or send money to — anyone you don’t know.
Never share your
bank account number — including with a potential client.
Be careful with
potential clients who claim to be out of town or pressure you to
deposit their check.
Check out your
potential clients. Search online for their names, email addresses,
phone numbers, and even the text of the message you received. Many
people said that an easy search told them they were dealing with a
(1-800-666-3947) or Western Union (1-800-448-1492) if you were
tricked into transferring money.
If you got a check
through the U.S. mail, file a complaint with the U.S. Postal Inspection
And, as always, please tell the FTC (https://www.ftccomplaintassistant.gov/).
STOPPING UNWANTED PHONE CALLS AND TEXT MESSAGES
August 13, 2015
Unwanted phone calls
or random text messages seem to come at all hours. They bug you at work,
interrupt your dinner, or wake you up when you’re sound asleep. I think
we can all agree they’re a real nuisance. Did you know they could also
be a scam?
If your phone number
is one of the more than 217 million numbers on the Do Not Call
Registry, you’ve taken action to stop most unwanted sales calls. The law
allows political calls, calls from charitable organizations,
informational calls, calls about debts you owe, and phone surveys, as
well as calls from companies you’ve done business with or gave
permission to call.
If you get an
unwanted sales call or a robocall
(http://www.consumer.ftc.gov/articles/0259-robocalls) - a recorded
message that’s pitching a product or service— it’s probably a scam. The
unscrupulous businesses behind these calls use auto dialers to make
thousands of calls a minute and don’t bother to check if the numbers are
on the Do Not Call Registry. Don’t press buttons to request to speak to
someone or be taken off the call list. You’ll just end up getting more
unwanted calls. Hang up and report it to the Federal Trade Commission at
https://www.donotcall.gov or 1-888-382-1222.
If you’re getting
repeated calls from the same number, you might want to ask your service
provider to block the number; for calls from different numbers, ask if
they offer a service to block unwanted calls. You can also buy a call
blocking device. Getting calls on your mobile phone? There’s an app for
that. Actually, there’s more than one. Look in your mobile app store
What about those
random text messages? It’s illegal for a company to send you a text
message if it doesn’t have your permission, barring a few exceptions
If you get a random text message from a number you don’t recognize
you won something or asks you to confirm some personal information,
don’t text back or click on links. Report it to your provider at 7726
(SPAM) and to the FTC at www.ftc.gov/complaint or 1-888-382-1222.
AVOIDING MONEY WIRING SCAMS
August 5, 2015
Impersonators. Fakes. Frauds. Phonies. You might call them by
different names but these scam artists have one thing in common: they
pretend to be someone they aren’t and tell you a bogus story to con you
into wiring them money.
The crooks will give
you a pretty convincing reason to wire money. They might say you owe the
IRS taxes and you’ll be arrested if you don’t pay up. Or that you won a
federal grant and have to pay a processing fee to get your money. Some
even tell you a loved one’s in trouble and needs your help.
They might tell you
to use a money wiring service to add funds to a 16-digit account number
they give you—they say it’s your case number or account number, but it’s
not. Once the transfer goes through, the money’s gone and you can’t get
will never ask you to pay by wiring money. Neither will
legitimate businesses. If someone insists you pay by wiring money, it’s
a scam. Don’t do it. Instead, report it to the Federal Trade Commission
at www.ftc.gov/complaint (http://www.ftc.gov/complaint) or
ATTENTION GRANDPARENTS: WATCH OUT FOR PHONY DEBT COLLECTORS
July 10, 2015
My grandma kept an
eye out for cheaters. (No, not that kind.) Back in the day, if a
salesman knocked on her front door, she waved them off. Before caller
ID, she hung up on telemarketers. But a call from a phony debt collector
http://www.consumer.ftc.gov/articles/0149-debt-collection), she might
have fallen for that one! Especially if the debt collector said she was
responsible for her grandchild’s debt.
happening: A fake debt collector
you. They want to collect on a debt your grandchild (supposedly) failed
to pay. They ask you to wire money (http://www.consumer.ftc.gov/articles/0090-using-money-transfer-services),
send a prepaid card or give your credit card number – immediately. And
if you won’t – or can’t – pay, that’s when the threats begin:
will be arrested.”
“He’ll lose his job.”
“We’ll suspend her driver’s license.”
Unless you co-signed
a loan, you’re never responsible for someone else’s debt. In fact, debt
collectors can’t legally tell you that someone – anyone – else even has
If you get one of
these calls, stop. Don’t be rushed into sending money. Don’t verify any
personal or financial information. And hang up if the caller threatens
you. Debt collectors can’t do that. It’s not legal. Once you’re off the
phone, report the call to the FTC (http://www.ftc.gov/complaint).
July 20, 2015
You hear from us
fairly often about imposter scams. In recent months, we’ve told you
about IRS imposters (http://www.consumer.ftc.gov/blog/my-very-own-irs-imposter-call),
romance scams (http://www.consumer.ftc.gov/blog/faking-it-scammers-tricks-steal-your-heart-and-money),
and work-at-home scams (http://www.consumer.ftc.gov/blog/work-home-job-going-pay).
We always give you tips on how to spot and avoid these scams. We tell
you about the cases we’ve brought to shut down the scammers. But, as a
civil law enforcement agency, we don’t often get to tell you about the
criminal charges brought against the scammers, until today.
The Department of
Justice (DOJ) recently announced
the extradition of six Nigerian nationals from South Africa to
Mississippi to face a nine-count federal indictment for various Internet
frauds. These six people join 15 others who were previously charged
with, among other things, conspiracy to commit mail fraud, wire fraud,
bank fraud, identity theft, and money laundering.
What were the scams?
According to the indictment, the defendants found and reached out to
their potential victims through online dating websites
work-at-home opportunities (http://www.consumer.ftc.gov/articles/0175-work-home-businesses).
In some cases, they carried on so-called romantic relationships with
their targets, trying to get their victims to do things like re-ship
merchandise purchased with stolen credit cards, deposit counterfeit
checks, and send money to the defendants – whether via wiring money or
sending prepaid debit cards.
Here’s where you
come in. If you know someone who lost money or information to romance,
reshipping, fake check, or work-at-home scammers, please tell them to
visit DOJ’s announcement (http://www.justice.gov/opa/pr/six-nigerian-nationals-extradited-south-africa-mississippi-face-fraud-charges).
Why? Because there’s a list of aliases and email addresses that the
defendants allegedly used in carrying out these scams. If you recognize
a name or email address, you could help in the investigation of these
It’s not every day
you get to help lock up alleged bad guys. Unless, of course, you work
at the Department of Justice, the US Postal Inspection Service, or
Homeland Security Investigations – all of which had a hand in this case.
Consumers Targeted by Vishing Scam Should Call Agency’s Hotline
ALEXANDRIA, Va. (Jan. 21, 2014) – The
National Credit Union Administration today warned consumers to beware of
a new telephone fraud, known as a “vishing” scheme, that is using the
agency’s name in an attempt to obtain personal financial information.
Several credit union members have been contacted by an automated phone
call claiming to be from NCUA and notifying consumers their debit cards
have been compromised. The call then asks the receiver to follow
prompts, which request personal information, including sensitive
financial data and personal identification information.
Anyone contacted by this so-called “vishing” scheme should immediately
contact NCUA’s Consumer Assistance Center Hotline at 800-755-1030 or by
email at email@example.com to report the scam. Operators answer calls
Monday through Friday between 8 a.m. and 5 p.m. Eastern.
ALERT - "SMISHING"
Mutual Security has
received reports from some of our members that they have received text
messages on their cell phones stating their credit card has been
deactivated and that they must call a specific telephone number in order
to reactivate it.
BE ADVISED: THESE
ATTEMPTS ARE A FORM OF FRAUDULENT ACTIVITY CALLED “SMISHING”.
a variant of phishing email scams that instead utilizes Short Message
Service (SMS) systems to send bogus text messages. Smishing scams
frequently seek to direct the text message recipient to visit a website
or call a phone number, at which point the person being scammed is
enticed to provide sensitive information such as credit card details or
THE CARD SERVICES STAFF OF MUTUAL SECURITY WANTS TO ADVISE YOU NOT TO
VISIT ANY INTERNET SITES OR CALL ANY NUMBERS THAT ARE BEING TEXTED TO
As a reminder to
all of our cardholders – When
you are issued a Mutual Security Credit or ATM card, activation is only
prompted with a sticker placed on the new card being received.
Should you have any
questions, or have been affected by this type of fraud, please do not
hesitate to contact our Card Services Department by calling
1-800-761-2400 option 5.
NCUA Alert Warns Of Phishing Scam (03/28/2013)
The National Credit
Union Administration has warned of a new phishing scam using the
agency's name in an attempt to obtain consumer debit card account
The scammers have set up an automated message, claiming to be from the
NCUA, which erroneously informs consumers that their debit card has been
deactivated. The consumer is then instructed to press 1 on their phone,
and enter their 16 digit account number, to reactivate their card.
Consumers should be aware this is not a call from NCUA, and if they
receive it, should notify NCUA's Fraud Hotline, toll-free, at
800-827-9650 or 703-518-6550 in the Washington, D.C., area, the agency
The NCUA provides fraud alerts, and avoidance and detection resources,
on the ncua.gov fraud information center.
Fraud Alert - Infected Laptops at Hotels (08/15/2012)
The FBI recently reported that fraudsters are targeting travelers, both
domestically and abroad through pop-up windows while they are
establishing an Internet connection in their hotel rooms.
The report cites
instances where a traveler's laptop was infected with malicious software
while using hotel Internet connections. In these instances, the traveler
was attempting to set up the hotel room Internet connection and was
presented with a pop-up window notifying the user to update a widely
used software product. If the user clicked to accept and install the
update, malicious software was installed on the laptop. The pop-up
window appeared to be offering a routine update to a legitimate software
product for which updates are frequently available.
The FBI recommends
that all individuals who travel take extra caution before updating
software products through their hotel Internet connection. Checking the
author or digital certificate of any prompted update to see if it
corresponds to the software vendor may reveal an attempted attack. The
FBI also recommends that travelers perform software updates on laptops
immediately before traveling, and that they download software updates
directly from the software vendor’s website if updates are necessary.
Anyone who believes
they have been a target of this type of attack should immediately
contact their local FBI office and promptly report it to the IC3’s
website at www.IC3.gov.
The IC3’s complaint database links complaints together to refer them to
the appropriate law enforcement agency for case consideration. The
complaint information is also used to identify emerging trends and
NEW Text Message
Phishing Scam (05-07-2012)
Mutual Security Credit Union has
been notified that there is a new phishing scam being used to collect
and access personal and account information.
This scam comes in the form of a
text message sent to cellular phones. Below is an example of the
messages that have been received by MSCU members and many members of
other credit unions and customers of banks…
THE CREDIT UNION
CENTER ALERT: Your card starting with XXXX has been DEACTIVATED. Please
contact us at 203-YYY-ZZZZ.
MESSAGE IS NOT FROM MUTUAL SECURITY as we are not in the practice
of notifying our membership of any account issues via text messaging. If
you have received this scam text message (or if you should ever receive
one like this in the future), we
strongly advise our members NOT to call the phone number provided in the
scam text message.
Many cellular service providers
offer methods of reporting spam/scam text messages directly to them,
which we recommend that you do so immediately upon receiving any such
Further, should you ever receive any
questionable text messages or emails, remember to NEVER provide any
personal information. For any questions, or to report a scam/spam
message to us, please contact our Member Service Center at
1-800-761-2400 and speak to one of our friendly and knowledgeable
You might have heard about online "phishing" scams designed to steal
money from unsuspecting Web users, but now criminals are using another
type of scam called "vishing" to commit the same crimes, which use the
phone network to swindle people out of money.
Security has been notified by some of our VISA Credit Card holders of an
automated call received on their cell phones from the 317 area code
which appears to be a vishing attempt to gain cardholder information. We
would like to remind our members to NEVER give out Credit Card numbers,
PIN numbers, or other personal information when receiving a call, since
the Credit Union would already have that information when we are
contacting a member.
To help our members
understand what these scams are, how they work and how they can protect
themselves, Mutual Security Credit Union has put together this FAQ.
What is vishing?
The term "vishing"
is a socially engineered technique for stealing information or money
from consumers using the telephone network. The term comes from
combining "voice" with "phishing," which are online scams that get
people to give up personal information.
How does it work?
use a technique called caller ID spoofing to make it look like calls are
coming from a legitimate or known phone number. It's a very similar
technique to email spoofing, which makes e-mail addresses look like they
are coming from a trusted source. But because people typically trust the
phone service and caller ID, spoofing phone numbers can be particularly
And just like with
online phishing attacks, which direct consumers to phony Web sites,
vishing attacks usually have a recorded message that tells users to call
a toll-free number. The caller is then typically asked to punch in a
credit card number or other personal information.
How can a scammer spoof a phone number?
With voice over IP
phone technology, caller ID spoofing is very easy to do. The traditional
phone network works by connecting one circuit to another. Each circuit
on either end of the call is assigned a phone number by the phone
company. So changing the phone number of a caller was more difficult. Of
course, there were people who had figured out ways to hack into the old
phone network to do this, but it wasn't as easy as it is today with
voice over IP technology. With VoIP services, there is no circuit. These
services use the Internet, which assigns different devices on the
network IP addresses instead of actual phone numbers. Phone numbers are
actually assigned by the users themselves.
What can our members do to protect themselves?
Here is some advice
from security experts:
Consumers need to know that these scams exist. To find out more
to the FTC Website
of all unknown callers. People should be just as suspicious of phone
calls as they are of e-mails asking for personal information. And
some experts suggest letting all calls from unknown callers go to
caller ID. Just because your caller ID displays a phone number or
name of a legitimate company you might recognize, it doesn't
guarantee the call is really coming from that number or company. As
explained earlier, caller ID spoofing is easy.
If someone is trying to sell you something or asking for your
personal or financial information, ask them to identify who they
work for, and then check them out to see if they are legitimate.
credit card information or other private information to anyone who
number with the National Do Not Call registry at donotcall.gov
Also, the Website provides a place where complaints can be filed.
incidents. Report vishing calls to www.ftc.gov (http://www.ftc.gov/) or
call (888) 382-1222. The FTC wants the number and name that appeared
on the caller ID as well as the time of day and the information
talked about or heard in a recorded message. If you think you've
been a victim of a vishing attack, you can also visit the Internet
Crime Complaint Center
The FBI has issued
a warning about a new malware attack targeting bank accounts. The
malware is called Gameover and
the FBI says it is able to defeat several forms of dual-factor
authentication. The FBI suggests that consumers and businesses pay
attention to suspicious emails purporting
to come from NACHA, The Electronic
Payments Association. NACHA does not traditionally send emails
directly to businesses or consumers.
Receipt of a direct
email from an organization such as NACHA should raise a red flag. If you
receive any emails appearing to come from NACHA please delete them. Do
not open or click on any links contained in the message.
Mutual Security would like to ensure that our members are aware of and
understand the sustained and evolving nature of phishing attacks
“NACHA” (the National Automated Clearing House Association) has been the
victim of sustained and evolving phishing attacks in which consumers and
businesses are receiving emails that appear to come from NACHA. The
attacks are occurring with greater frequency and increased
sophistication. Perpetrators may also be exploiting email addresses
recently stolen from Epsilon.
These fraudulent emails typically make reference to an ACH transfer,
payment, or transaction and contain a link or attachment that infects
the computer with malicious code when clicked on by the email recipient.
The contents of these fraudulent emails vary, with more recent examples
including a counterfeit NACHA logo and the citation of NACHA’s physical
mailing address and telephone number.
NACHA itself does not process nor touch the ACH transactions that flow
to and from organizations and financial institutions. NACHA does not
send communications to persons or organizations about individual ACH
transactions that they originate or receive.
Additional information and guidance on phishing is available on the National
Credit Union Association (NCUA) website (http://www.ncua.gov/Resources/FraudAlert/index.aspx) and on the
NACHA website (http://www.nacha.org/).
MSCU would like to
caution our members NOT to open attachments or follow Web links in
unsolicited emails from unknown parties or from parties with whom they
do not normally communicate, or that appear to be known but are
suspicious or otherwise unusual. Any suspected fraudulent emails
appearing to come from NACHA should be forwarded directly to firstname.lastname@example.org to
aid in their efforts with security experts and law enforcement officials
to pursue the perpetrators.
If malicious code is detected or suspected on your computer, you should
consult with a computer security or anti-virus specialist to remove
malicious code or re-install a clean image of the computer system. MSCU
would like to remind our members to ALWAYS use anti-virus software and
ensure that the virus signatures are automatically updated.
Additionally, you should ensure that your computer operating systems and
your anti-virus software application’s security patches are installed
Next Wave of ID
Thefts Targeting Kids' SSNs
Identity thieves are beginning to steal Social Security numbers of
children, long before they're ready for a savings or checking account or
a credit score - and that could threaten the nation's credit system,
said an Associated Press report (TheSunNews.com Aug.
The thefts could be a problem for credit unions and other financial
institutions because they rely on credit scores from FICO, Experian,
TransUnion, and Equifax. But those scores could contain false
information, planted by people who use stolen Social Security numbers to
piggyback on the credit of someone else, according to Kansas City law
Kansas City Assistant U.S. Attorney Linda Marshall and Julie Jensen, a
special agent with the Federal Bureau of Investigation's office in
Kansas City, said that in the fraud, online businesses use computers to
locate dormant Social Security numbers, usually of children or long-term
prison inmates who don't use them. The companies sell the numbers under
another name to people who establish phony credit and run up huge debts
without intending to pay.
The sellers skirt the law by referring to the Social Security numbers as
"credit privacy numbers" or CPNs. They are also called "credit profile
numbers" and "credit protection numbers."
Jensen discovered the scheme and says it is easy to create a false
credit score using the CPNs, said the article.
The crooks have years to use the numbers before the child is old enough
to apply for credit. That makes the fraud difficult to detect, and
authorities can't estimate how prevalent the practice is.
The fraud is emerging because 25.5% of consumers have credit scores of
599 or below, which means they're poor credit risks. Many credit
decisions are based on the credit scores provided by FICO and the three
major credit reporting bureaus. But Jensen says those credit scores
could contain false information.
FICO said it has tools for businesses to protect themselves, but the
tools are expensive, the article said.
Fraud Email Phishing Activity Reported
The National Credit
Union Administration (NCUA) is reporting recently simulated NCUA email
boxes. The fraudulent emails solicit credit union member participation
in an Online Survey or Member Survey, and promise compensation of $40 as
an inducement to respond to the email.
The emails are fraudulent, and may be an
attempt to obtain confidential member information. NCUA does not solicit
such information from credit union members. This is a phishing activity
with no NCUA activity or approval. If you have received these emails
please do not respond. If you have any questions or concerns please
email NCUA at email@example.com.
Credit Union National Association is aware of phone calls, text
messages, and emails being made about: