Financial Fraud: Stay Informed & Take Control

Scam Spotlight: 

“Zelle Fraud” Scam

With the increasing popularity of  “peer-to-peer” (P2P) payment services such as Zelle, CashApp and Venmo, fraudsters have tapped into new ways of accessing victim’s bank accounts. The trending “Zelle Fraud” Scam involves draining funds out of victim’s accounts using phishing techniques, in which victim’s receive fraudulent text messages from the target’s bank warning them of suspicious Zelle activity. When the link is clicked, cybercriminals are able to gain access to the victim’s bank information. Through the use of sophisticated voice phishing techniques, they gain access to user accounts.

TruWest will not contact you and ask you to provide personal information such as account number, social security number, or PIN number.

If you feel that you have been a victim of this type of fraud, please send an email describing the incident to BigTechPaymentsInquiry@cfpb.gov. Be sure to include Docket No. CFPB-2021-0017 in the subject line of the message. Consumers are entitled to Regulation E protection and are covered for this type of fraud.

Corporate Check Fraud

Reports of fake check scams are on the rise. Some individuals thought they received a payment for a new job (secret shopper or car wrap), others received an overpayment for something they sold online, and still others received prize money in the mail for a lottery or sweepstakes they had supposedly won. Regardless of the situation, the scammer’s goal is always the same – to convince you to deposit the fraudulent check and then send some of the money back. Some specifics have been reported to include a person named “Andrew Beck” and being signed by “Oprah Winfrey.” Another instance we are seeing are cashier’s checks with the name “Scott Griffith”, “Maria Lopez”, and “Katheryn Morales” in the remitter line. We are advising members to confirm the validity of any unexpected checks, prior to their deposit. If you happen to receive a check that you were not expecting, please do not negotiate the check. Please contact TruWest to make sure the check is valid.

How to protect yourself:

• If you’re suspicious about a check you received, ask yourself:
• Is the check for more than you expected?
• Did you receive specific instructions on how to deposit the check?
• Are you asked to send money back using an immediate form of payment such as, a money order, gift card, wire transfer, or mobile payment?
• Are you directed to act quickly to make the deposit and return the money?
• Does the person who sent the check keep asking when you’re going to send the money?
• If you answered ‘yes’ to any of these questions, don’t deposit the check.
• Be aware: It can take weeks for a bank to confirm a bad check once it’s deposited and you may be out the amount of the check and any money sent to the scammer.

For more information on how to identify and protect yourself from this type of fraud, please click here. There is information that can be reviewed on scams of this nature on the NCUA, the Federal Trade Commission, and the Maricopa County Attorney’s websites. If you were solicited or a victim, we encourage you to file a complaint with the Federal Trade Commission and if you received the check by mail, the United Postal Inspector. You are in the best position to report this instance as the victim and the person who received the check.  Filing a report is the best way to gather information on these fraudsters and help law enforcement.

Common Scams: 

• COVID-19 Scams
  It is important to be aware of scams that exploit current events, including a variety of COVID-19 scams. For more information on how to identify and protect yourself from this type of fraud, please click here.

  Also, you can check the IRS website to verify the authenticity of any COVID-19 related checks that you may receive. There, you can also find tools available to opt out, reschedule, or view stimulus-related funds as well.

• Account Takeover Phishing Scams
  Reports of account takeover phishing scams have recently increased. Members have been receiving fraudulent emails from companies such as MacAfee, Geek Squad, and Norton stating that they need to update their antivirus. A link is provided in the email to update their services but the link is often infected with malware.

  TruWest is advising all members to take the following precautions:

  • If you receive an email of this nature do not click on the link.
  • Do not call or text the number provided in the email. If you want to call, look up the company’s number online.
  • Never give your password out.
  • Make your passwords long, strong and complex.
  • Do not give your financial information out to someone who contacts you out of the blue.
  • It typically isn’t normal to refund a company in gift cards.
• Smishing and Shortened URLs
  Smishing (text message phishing) continues to grow in popularity. Smishing attacks can be difficult to catch, especially because both legitimate and phishy text messages tend to use shortened URLs. A URL is the web address of a page. Typically, the URL shows you where a link will take you. For example, a URL like https://blog[dot]knowbe4[dot]com/why-should-we-care-about-personal-smishing-attacks will take you to a blog post about personal smishing attacks.
  Because text messages have character limits, including a full URL is not practical. Instead, URL shortening programs are used to create a redirect link. For example, this shortened URL https://bit[dot]ly/3gUpTk1 will redirect you to the blog post mentioned above—or will it? There is no way for you to know where that shortened URL will send you. Cybercriminals often use this technique to redirect you to a malicious website or to a download page for malware. Don’t be fooled!

  Follow these tips to spot a potential Smishing attack:

  • Think before you click. Were you expecting this message? When did you give this company your phone number? Did you sign up for text notifications?
  • Be cautious of a sense of urgency. The bad guys often use words like “urgent” or “ATTENTION” to try and trick you into impulsively clicking a malicious link.
  • If you think the text message could be legitimate, try typing the shortened URL into a URL expander tool, such as GetLinkInfo or ExpandURL. These tools will reveal where the shortened URL will direct you, without taking you to the redirected site.
• Voice Changing “Catphish”
  In a recent phishing attack that targets single men, cybercriminals show us how they use modern technology to trick their victims. The scam starts with the cybercriminal posing as a single woman and befriending their target on social media. Then, they start building rapport with the target through various interactions. Eventually, the cybercriminal sends audio messages with a woman’s voice to convince their target that they are who they claim to be.
  The target doesn’t know it, but the cybercriminal is actually using a voice changing software to disguise their true identity. If the target falls for the fake audio messages, they receive a video file of their newfound love interest. Except, the file is actually a dangerous piece of malware designed to grant the cybercriminals access to the victim’s entire system.

  This tactic isn’t exclusive to romantic scams, so be sure to remember these tips:

  • Keep your social media accounts private and only accept friend requests from people that you know and trust.
  • If you meet someone online, be sure to verify their identity. You could use a search engine to find their other social media profiles or simply ask to have a video call to make a face-to-face connection.
  • Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!
• Tricky PDF Files
  Cybercriminals have a new favorite phishing lure: PDF files. A PDF is a standard file type that presents text and images in their original format regardless of which program you use to open the file. Unfortunately, this makes the use of PDFs a great way for cybercriminals to get creative and trick victims into clicking on malicious links.
  One common tactic for phishing with PDF files is to include an image that looks like something that you should interact with. The PDF may include a fake captcha image with the “I am not a robot” checkbox. Or the PDF may include an image of a paused video with a play button over the display. If you try to click the captcha checkbox or play the phony video, you’ll actually be clicking a link to a malicious website.

  Don’t fall for these tricks! Remember the following tips:

  • Never click or download an attachment in an email that you were not expecting.
  • Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!

  If you receive a suspicious email, be sure to contact your IT department or follow the specific procedure for your organization.

• Advanced Phishing Hidden in Plain Text
  Cybercriminals are using advanced tactics to disguise dangerous malware as harmless text files. Using a phishing email, the bad guys try to trick you into downloading a file attachment named “ReadMe_knl.txt”. Typically, files ending in .txt are plain text documents that can be opened in any text editing software. But in this case, the cybercriminals use a trick called Right-to-Left Override (RLO) to reverse part of the file name.
  The true name of the attached file is “ReadMe_txt.lnk.lnk”. It is not a plain text document, but actually, a command that instructs your computer to download the bad guy’s malware. Once the malware is installed, cybercriminals have complete access to your system. They can access everything from your browser history to your cryptocurrency wallet and they can even take photos using your webcam.

  Advanced phishing tactics can be intimidating, but you can stay safe by practicing the tips below:

  • Remember that bad guys can disguise anything, even file types.
  • Never click a link or download an attachment in an email that you were not expecting.
  • When in doubt, reach out to the sender by phone to confirm the legitimacy of the email.
• Classic Facebook Phishing
  While cyber threats continue to advance in new and intimidating ways, classic phishing methods are still a favorite among bad guys. Let’s take a look at a recent Facebook-themed phishing attack and see if you can spot the red flags:

  The email appears to come from Facebook and starts with “Hi User”. The body states that there is an issue with your account that you must log in to resolve. The email includes a link to “verify” your account and ends with the line “This link will expires in 72 hours, We appreciate your attention to this matter.” If you click the link, you are taken to a phony look-alike Facebook login page. Any information that you enter on this page is delivered straight to the bad guys.

  How many red flags did you see? Remember the following tips:

  • Question everything. For example, your name is part of your Facebook profile, so why is the email addressing you as “User”?
  • Look for a sense of urgency. In this example, the email gives you 72 hours to verify your account. Remember, the bad guys rely on impulsive clicks.
  • Pay close attention to the grammar and capitalization. For example, the words “This link will expires in…” should be “This link will expire in…”. Also in that same line, the word “We” is in the middle of a sentence, so this should be lowercase.
• VIN Cloning
  In recent years it has become common for criminals to gather legitimate VIN information from dealerships, parking lots and off the street, and then use that information to sell stolen vehicles. The stolen vehicles are often the same year, make and model as the legitimate vehicles.

  Once the stolen vehicles are located the authorities will seize them and return them to their rightful owner. This leaves innocent members with no vehicle and an unsecured loan.

  Tips to Consider:

  • Check the VIN on the National Insurance Crime Bureau’s website. https://www.nicb.org/vincheck
  • Utilize Carfax or AutoCheck
  • Review that the vehicle VIN matches the loan documents prior to signing

  A National Crime Prevention Council report states that as many as 225,000 stolen cars each year are subject to VIN cloning.

• Zelle Fraud Scam
  The Zelle Fraud Scam works when a fraudster calls a member from a number spoofed appearing to be the credit union. The fraudster then asks the member to answer some identifying questions, specifically their online user name and password. The fraudster then informs the member that they will be receiving a one-time passcode as another layer of verification and requests that the member provide them with that code. The fraudster now has everything necessary to access the members online banking. They typically then change the password and proceed to use online services to transfer funds.

  Zelle attempted to combat this scam by adding another layer of authentication with transaction details. However, the fraudsters are using the same tactics to bypass this additional security.

  Tips to Consider:

  • Never give out your user name and/or password! TruWest will never ask you for this information.
  • Consider whether the call makes sense. If it feels suspicious, trust your instincts.
  • If in doubt, hang up and call TruWest directly at 1 (855) 878-9378.

   

Financial Fraud Resources

TruWest is continually reviewing the safeguards we have in place to protect our member’s personal information. We aim to stay up-to-date on new and evolving tactics used by scammers, and we commit to updating our members as we learn of new schemes or variations in criminal maneuvers. The links below have additional information and resources that will help you work through your specific situation.