Text Smishing Fraud: 10/02/2023
Some Simplicity members have been targeted for "Smishing" attacks over the last few days with text messages attempting to send them to fraudulent sites.
These latest scams come in the form of text messages claiming to notify the members of an attempt to log in to their Simplicity CU online banking or fraud notifications for large transactions. While text notifications are an option we offer, you can see grammatical errors in the message which is a good indication that the messages are fraudulent. Along with those errors, the message prompts people to click on a link and enter their personal information. Fraudsters use messages like this to gather your personal and login information.
Please use caution anytime you get a text, call, or email appearing to be from Simplicity CU, especially if it includes some of these red flags.
While we, like many credit unions and banks, have a fraud notification system in place to call or text our members in case of fraud, we will never ask for your debit or credit card number or your PIN. If you get a call or text asking for that kind of information from anyone saying that they are Simplicity CU, Central City Credit Union, or our Fraud Department, hang up and contact us right away at 844.769.2667.
Call Spoofing Fraud: 6/8/2023
In this case, the Fraudsters call or text, claim to be the Fraud Department of Simplicity CU or Central City CU (our previous name), and ask for their debit card number to "verify transactions."
While we, like many credit unions and banks, have a fraud notification system in place to call or text our members in case of fraud, we will never ask for your debit or credit card number or your PIN. If you get a call or text asking for that kind of information from anyone saying that they are Simplicity CU, Central City Credit Union, or our Fraud Department, hang up and contact us right away.
If you have already received this call or text and provided your info, we can still help. Contact our Fraud Department immediately: 844.769.2667.
Call Spoofing Fraud: 4/19/2023
There have been reports of Call Spoofing Fraud from several Banks and Credit Unions in the area. On 4/18, our Call Center and Fraud Teams received word that fraudsters have also targeted Simplicity CU members.
From the Simplicity CU Call Center Team:
“We’ve had a few cases of members calling to say that “Simplicity” called them to verify fraud on their accounts. The caller ID showed the Simplicity CU phone number (844-769-2667). The fraudster asked the members to verify their personal info (Social Security Number, Date of Birth, Mother’s Maiden Name, and account numbers) and their online banking login ID.
Next, they attempted to access the member’s online banking by using that personal info and asking the member to “verify their identity” by giving them the 6-digit code sent when online banking detects a login from a new device.”
If fraudsters can collect enough personal information to access online banking, they can use services like SimpliPay and Zelle® to send themselves money or request a travel notification which may give them time to use stolen debit or credit card information.
Fortunately for the members that reported these calls, our Fraud Team was able to detect the suspicious activity and act quickly to protect their accounts.
While the Simplicity Team may call you for a lot of different reasons, we won’t ask you to provide online banking login info or account numbers. If you get a phone call from Simplicity CU asking you to “verify” that type of private information, hang up and call our Call Center Team right away: 844.769.2667.
Little Charges/Big Impact: 4/13/2023
In the last few days, we’ve seen an uptick in small, fraudulent charges appearing on debit cards across the US, especially commercial accounts.
The charges can be less than $2 and appear to be from legitimate companies, so the temptation might be to ignore them instead of taking the time to dispute such a minor charge.
Be aware, though: those charges could be the fraudsters testing to see if they’ve found a working card number. If the cardholder does nothing, the crooks will attempt to charge larger amounts until your money is gone, and you’re left short on cash, waiting for a resolution.
If you see any suspicious activity on your Simplicity CU debit or credit card, report it right away.
Debit Card Fraud: 1-844-202-5075
Credit Card Fraud: 1-855-309-0372
Local Smishing Scam: 11/9/2022
Our Call Center has gotten several calls from members reporting a suspicious-looking text directing them to call a phone number right away to fix a problem with their debit card.
Some of these texts include personal info like names and phone numbers to make them look more legitimate but don’t appear to come from Simplicity CU. The phone number people are told to call is not connected to us.
An example we were provided (we’ve recreated it for you here) had the type of spelling/grammar/syntax errors that make it easier to identify as a scam though the threatening language could cause just enough panic to make someone respond.
Simplicity CU does use a text system to notify members of fraud on their cards but those notifications identify us as the sender. If you get a text that seems suspicious to you please always feel free to contact us right away.
If someone is asking you to provide ANY personal or online banking information; specifically username, password, and the secure access code that gets sent when logging into online banking on a device that’s not registered, DO NOT give them that information. If a fraudster has access to that secure access code, that gives them the ability to get into your online banking information where account numbers can then be compromised and fraudulent activity can happen from there. Money can be depleted in and out of those accounts very quickly, especially in the event of depositing fraud checks via mobile remote deposit capture (RDC) where P2P payments, or external transfers are authorized by the fraudulent person.
Never provide your confidential banking or personal information to anyone other than a reputable merchant you trust. If you do, you risk being held responsible for any potential losses. If something does not seem legitimate, it probably isn't!
Always just delete texts, emails, or hang up on scammers. Call the merchant they claimed to be or call us with help on whether a scam or not.
Online Security and Avoiding Fraud
Don’t be a victim!
There are many types of fraud that are constantly evolving year after year. However, the majority usually have several things in common: a victim’s good nature, a victim’s lack of banking/financial knowledge, and/or a victim’s poor financial situation. More often the victims are very young or elderly.
Simplicity staff members stay alert for fraud and are constantly defending against it. However, not all cases can be prevented without the help and awareness of our member-owners. By working together, and identifying key components that trigger suspicion, we can pursue investigation early and partner with local and national anti-fraud efforts.
Staying ahead of the curve and being aware of the more common scams is the best way to avoid fraud. Most ongoing scams have similar traits, and they become easier to identify. Another thing to remember is that strangers don't give away money. Again, if it seems too good to be true... it probably is.
If you believe you have fallen victim to any type of fraud relating to your account(s), please call us at 844.769.2667 as soon as possible.
Learn more about protecting yourself against fraud at the Federal Trade Commission.
You’ve probably heard the phrase, “Imitation is the sincerest form of flattery,” but when it comes to impersonating websites, this couldn’t be further from the truth.
Phony websites may look like a real version of a website, but in fact, they may be a resource for gathering account information or credit and debit card numbers. They are often tied to fake social media sites, emails, limited-time offers, and ‘unbeatable’ deals.
Keep your accounts safe by paying close attention to web addresses to be sure you’re on your intended website. Watch for spelling errors and double-check that the customer service number is correct.
- Do not simply trust the look of an email: question the intent of the email. Is it ultimately asking you to verify or enter personal information?
- Before clicking on anything, check the email address of who sent it. If it doesn't look normal (email@example.com), it is likely spam or fraudulent.
- If you receive a suspicious email with a link from a known contact, confirm the email address is legitimate by calling or emailing the contact; do not reply directly to a suspicious email.
- Check for misspellings, poor grammar, or incorrect domains within any links (e.g., if an address that should end in “.gov” ends in “.com” instead).
- Do not trust a website just because it has a lock icon or “https” in the browser address bar. Always carefully check the URL to be sure that you’re on the right website.
Be aware of an internet email fraud form known as phishing. This practice refers to fraudulent email messages requesting confidential information. The information then allows the perpetrator to gain access to the victim's accounts and steal the victim's identity. This may include
Emails asking you to reset account information, restore access or for confidential information
Suspicious, unsolicited emails containing attachments or requiring members to send personal information to us via email or pop-up windows
Maintenance/Account Recovery emails
Please remember that Simplicity will never ask for personal or account information by email. However, if you do receive one of these types of emails above,
- Do not respond to the email in any way
- Do not click any links
- Do not open any attachments
- Do not provide any data to any websites
Below are the five common types of phishing attacks according to Meta Compliance.
Spear-Phishing: This type of targeted attack focuses more on stealing sensitive data from an individual or specific organization. Personal information that is specific to the target individual or company is used to seem more legitimate.
Vishing: This type of attack refers to “phishing scams that take place over the phone. It has the most human interaction of all the phishing attacks but follows the same pattern of deception. The fraudsters will often create a sense of urgency to convince a victim to divulge sensitive information.” These calls are usually made using a normal ID to make it appear safe to answer. For example, a hacker could pose as a representative at your bank or credit union and call to alert you that there has been questionable activity on your account. Once they’ve gained your trust, the hacker will ask for your personal account information and can use those details to commit identity fraud.
Whaling: This type of attack includes a high-level choice of target; it is an attempt to steal and misuse senior management’s private, personal information at a company/organization. Whaling occurs in the form of emails that are more sophisticated than phishing and are often harder to recognize due to their use of elite corporate language. The email will include personalized information about the target and organization.
Smishing: This type of attack is unique compared to its counterparts as it uses SMS text messages to gain access to personal information like credit card numbers, passwords, and more. The delivered text message usually includes a call to action to demand an immediate response or reaction.
Clone Phishing: The last type of attack involves “legitimate and previously delivered email [that] is used to create an identical email with malicious content. The cloned email will appear to come from the original sender but will be an updated version that contains malicious links or attachments.”
Reporting Fraudulent Activity
If you believe you are a victim of phishing, it is important that you change your password, monitor the activity in your account for a period of time and even contact credit reporting services to have a fraud alert attached to your credit report file.
Also, please notify Simplicity Member Call Center at 844.769.2667.
The most common check scams involve a person receiving a generous check instructing them to send cash or wire funds from the check proceeds to another person or company. What ends up happening is the check returns as a fraudulent check, and they are held responsible for the loss of the funds due to the return of the check. Below are common check scams that are seen on a daily basis.
The victim is mailed a check along with a letter stating they are the lucky lottery winner. The victim is then instructed to deposit the check and send a portion of the funds back to pay for the processing and taxes for the larger lottery winnings. The check that is attached to the letter will have been written off of a company or individual’s account that is in no way associated with the lottery.
Secret Shopper and Work-From-Home
Fraudsters create job postings or create a website advertising work from home jobs or to become a secret shopper to earn extra income. Often these sites advise the prospective victim to deposit a check and then to wire the majority of the money to a third party to purchase office equipment or to test the institution's customer service levels.
One of the trending internet check scams is found on sale sites such as Craigslist or eBay. The victim sells an item and receives a check for 2-5 times the agreed-upon sale price. The purchaser advises the Seller they wrote the check out for too much money by accident and for the Seller to send back the difference to them. Often the Purchaser will tell the Seller to keep the sales price of the item sold along with $50 for taking the time to wire the funds back to the Purchaser.
These types of scams typically involve connecting with the victim on social media sites or for online payday loan offers requesting the victim’s debit card and PIN number and/or the victim’s online banking username and password.
Debit Card Scams
The victim is contacted utilizing social media sites such as Facebook, Instagram, Twitter, etc. The fraudsters tell the victim that they need to use local bank accounts to conduct some business transactions and will leave some money in the victim's account for the use of their debit card and PIN number and/or online banking username and password.
Once the victim agrees, the fraudsters deposit fraudulent checks into the account via ATMs and/or remote deposit. The fraudsters then make ATM withdrawals and purchase Visa or GreenDot prepaid cards to convert into cash later. The victim is left responsible for the losses to the account due to their participation in the scam by giving their card and information to the fraudsters.
Payday Loan Schemes
The victims of this scheme are in need of a small loan to help make ends meet. The victim signs up with an online loan website and is quickly approved for a small loan with no questions asked. The fraudulent loan company will ask for the victim’s online username and password and states that they need the information in order to transfer funds to the victim’s account.
The fraudulent loan company then instructs the victim to send the money back to them to ensure the loan applicant (victim) is trustworthy. The fraudulent loan company actually deposited fraudulent checks into the victim’s accounts through the online banking application. The victim is left with a negative balance due to the checks deposited by the fraudulent loan company.
Order Credit Report: 800.685.1111
Report Fraud: 800.525.6285
Order Credit Report: 888.397.3742
Report Fraud: 888.397.3742
Order Credit Report: 800.888.4213
Report Fraud: 800.680.7289
Privacy Rights Clearinghouse
How You Can Protect Yourself
Simplicity CU knows the significance of protecting members' confidential personal and financial information. You should never disclose your private personal or financial information (e.g., Social Security number, account or card information, user IDs, and passwords) to anyone, either in person or over the phone, computer or mobile device, unless you know and trust the individual and you initiated the call or transaction.
Simplicity CU will never call and ask for your personal or financial information. If you receive a call, text, or email asking for this information, do not respond and notify us at 844.769.2667 immediately.
- If you are using Windows 7 or an older operating system, upgrade to a more current operating system, such as Windows 10. Microsoft is no longer providing product support, including security patches, for Windows 7.
- Use a firewall and install anti-virus, anti-spyware, and ad protection software on your device, and check for regular updates
- Never download software presented in pop-ups or emails from unknown senders
- Set your operating system, security and application software (such as Microsoft Office) to automatically check for updates
- Commit your user ID and password to memory. Do not record and store it in a place where someone can easily find it or use password memory/management programs.
- Do not use the same user ID and password on multiple sites
- Change your password frequently
- Always sign off Online Banking and Mobile App sessions
- Do not sign on to Online Banking from a public/shared computer
- Do not reply to suspicious emails, texts or voice messages on your computer, tablet, or phone
- Only use trusted third-party sites
- Safeguard your user ID and password. Sharing your online credentials with another individual, application, or company provides that party with the ability and authorization to access your accounts. SECU will not be liable for loss resulting from sharing your online credentials with a third-party except as applicable law requires.
- Monitor your accounts. You are generally not liable for online transactions you didn’t authorize that occur through the use of our online services. However, you should monitor your accounts and notify us as soon as possible when you detect unauthorized activity on any of your accounts. If you fail to notify us promptly, you may not get back all the money you lost. Please contact us at 844.769.2667 immediately if you notice any suspicious or fraudulent activity.
- Never share personal information by telephone, unless it is with a trusted entity with whom you initiated the call
- File documents that contain personal information in a safe place, and shred any unneeded documents containing personal information
- Pay attention to billing cycles, and contact creditors if bills do not arrive
- Review all financial statements regularly for fraudulent activity
- Review credit reports annually (free credit reports are available at Annual Credit Report.com)
- Do not carry your Social Security card or excess credit cards unless absolutely necessary
- Remember to use caution when checking your email or searching for popular key words and videos online
- Be cautious when selling items online or on social media. Some scammers will pay for items by sending you fraudulent checks in amounts higher than the selling price and then requesting you to wire the difference back to them.
- Only use peer-to-peer (P2P) payments to send money to trusted family and friends – P2P payments are not reversible once sent
Peer-to-peer payments, also known as P2P payments, are transactions that can be used for anything from splitting a $30 dinner bill between friends to paying your rent. These payment services allow the transfer of funds between two parties using their individual financial institution accounts or debit cards through an online or mobile app. Online services and apps that allow you to easily send and receive money are a fast-growing trend. Payment services, like Venmo, Zelle®, Apple Pay, Cash App, and Facebook P2P Payments in Messenger, are a virtual imitation of paying or receiving cash. These services make sending funds just as easy as paying with cash. However, you should only use these services when you are paying someone you know. Here are some tips to keep in mind.
Best Used Among Friends and Family
To lower the risk of being victimized by fraudsters, only conduct P2P transactions with people you know. Don’t use P2P payments to pay for items you purchase from unknown sellers on the Internet. Most peer-to-peer transactions are instantaneous and irreversible, a fact scammers are known to exploit.
Once you send funds, there is no recourse to get the funds back. If you accidently choose the wrong person in your contact list or enter the wrong number, the transaction cannot be stopped or reversed.
Don’t Use P2P Services for Business Purposes
P2P payment services are intended for personal use only. Most services have rules that prohibit their use for commercial purposes, such as the buying and selling of goods and services. Read the Terms and Conditions of your P2P service carefully, as some payments could be revoked, and your use of the service may be discontinued if you violate the provider’s terms.
Understand the Risks
Because P2P transactions are completed by a third party, the Credit Union does not have access to any information about these transactions even if they involve Credit Union accounts. In addition, P2P payment service providers are only responsible for transferring the funds. Once funds have been sent as authorized and received, they are no longer responsible for the transaction. If you paid for something but didn’t receive it or received damaged goods, you are usually on your own when it comes to a dispute. Before using a P2P service, research the provider’s customer support policies so you know what to expect. While these transactions are very convenient, you should view them as cash payments that can’t be retrieved.
What to Do if You Are a Victim of Identity Theft
- Contact one of the three major credit bureaus immediately to request a fraud alert, which places a notice on your credit report that you may have been the victim of fraud or identity theft. This alert encourages creditors to take extra steps to confirm your identity before completing a request for credit. One bureau will report the information to the other two, and your credit report will be mailed to you for review. The renewable fraud alert will be placed in your credit reports for one year.
- Contact Simplicity CU and any other financial institutions where you hold accounts, and immediately close all accounts that have been compromised
- Contact local law enforcement authorities and file an identity theft report
- Check with your local post office to see if any unauthorized change-of-address requests for you have been filed
- Visit the Federal Trade Commission’s Identity Theft website for more detailed information on how to recover from identity theft