Fraud Education

You’ve probably heard the phrase, “Imitation is the sincerest form of flattery,” but when it comes to impersonating websites, this couldn’t be further from the truth.

Phony websites may look like a real version of a website, but in fact, they may be a resource for gathering account information or credit and debit card numbers. They are often tied to fake social media sites, emails, limited-time offers, and ‘unbeatable’ deals. 

Keep your accounts safe by paying close attention to web addresses to be sure you’re on your intended website. Watch for spelling errors and double-check that the customer service number is correct.

• Do not simply trust the look of an email: question the intent of the email. Is it ultimately asking you to verify or enter personal information?
• Before clicking on anything, check the email address of who sent it. If it doesn't look normal (name@company.com), it is likely spam or fraudulent.
• If you receive a suspicious email with a link from a known contact, confirm the email address is legitimate by calling or emailing the contact; do not reply directly to a suspicious email.
• Check for misspellings, poor grammar, or incorrect domains within any links (e.g., if an address that should end in “.gov” ends in “.com” instead).
• Do not trust a website just because it has a lock icon or “https” in the browser address bar. Always carefully check the URL to be sure that you’re on the right website.

Be aware of an internet email fraud form known as phishing. This practice refers to fraudulent email messages requesting confidential information. The information then allows the perpetrator to gain access to the victim's accounts and steal the victim's identity. This may include

Emails asking you to reset account information, restore access or for confidential information

Suspicious, unsolicited emails containing attachments or requiring members to send personal information to us via email or pop-up windows

Maintenance/Account Recovery emails

​Please remember that Simplicity will never ask for personal or account information by email. However, if you do receive one of these types of emails above, 

• Do not respond to the email in any way
• Do not click any links
• Do not open any attachments
• Do not provide any data to any websites

Below are the five common types of phishing attacks according to Meta Compliance.

Spear-Phishing: This type of targeted attack focuses more on stealing sensitive data from an individual or specific organization. Personal information that is specific to the target individual or company is used to seem more legitimate. 

Vishing: This type of attack refers to “phishing scams that take place over the phone. It has the most human interaction of all the phishing attacks but follows the same pattern of deception. The fraudsters will often create a sense of urgency to convince a victim to divulge sensitive information.” These calls are usually made using a normal ID to make it appear safe to answer. For example, a hacker could pose as a representative at your bank or credit union and call to alert you that there has been questionable activity on your account. Once they’ve gained your trust, the hacker will ask for your personal account information and can use those details to commit identity fraud. 

Whaling: This type of attack includes a high-level choice of target; it is an attempt to steal and misuse senior management’s private, personal information at a company/organization. Whaling occurs in the form of emails that are more sophisticated than phishing and are often harder to recognize due to their use of elite corporate language. The email will include personalized information about the target and organization. 

Smishing: This type of attack is unique compared to its counterparts as it uses SMS text messages to gain access to personal information like credit card numbers, passwords, and more. The delivered text message usually includes a call to action to demand an immediate response or reaction. 

Clone Phishing: The last type of attack involves “legitimate and previously delivered email [that] is used to create an identical email with malicious content. The cloned email will appear to come from the original sender but will be an updated version that contains malicious links or attachments.”

Reporting Fraudulent Activity

If you believe you are a victim of phishing, it is important that you change your password, monitor the activity in your account for a period of time and even contact credit reporting services to have a fraud alert attached to your credit report file.

Also, please notify Simplicity Member Call Center at 844.769.2667.

The most common check scams involve a person receiving a generous check instructing them to send cash or wire funds from the check proceeds to another person or company. What ends up happening is the check returns as a fraudulent check, and they are held responsible for the loss of the funds due to the return of the check. Below are common check scams that are seen on a daily basis.

Lottery Winner
The victim is mailed a check along with a letter stating they are the lucky lottery winner. The victim is then instructed to deposit the check and send a portion of the funds back to pay for the processing and taxes for the larger lottery winnings. The check that is attached to the letter will have been written off of a company or individual’s account that is in no way associated with the lottery.

Secret Shopper and Work-From-Home
Fraudsters create job postings or create a website advertising work from home jobs or to become a secret shopper to earn extra income. Often these sites advise the prospective victim to deposit a check and then to wire the majority of the money to a third party to purchase office equipment or to test the institution's customer service levels.

Overpayment
One of the trending internet check scams is found on sale sites such as Craigslist or eBay. The victim sells an item and receives a check for 2-5 times the agreed-upon sale price. The purchaser advises the Seller they wrote the check out for too much money by accident and for the Seller to send back the difference to them. Often the Purchaser will tell the Seller to keep the sales price of the item sold along with $50 for taking the time to wire the funds back to the Purchaser.

These types of scams typically involve connecting with the victim on social media sites or for online payday loan offers requesting the victim’s debit card and PIN number and/or the victim’s online banking username and password.

Debit Card Scams 
The victim is contacted utilizing social media sites such as Facebook, Instagram, Twitter, etc. The fraudsters tell the victim that they need to use local bank accounts to conduct some business transactions and will leave some money in the victim's account for the use of their debit card and PIN number and/or online banking username and password.

Once the victim agrees, the fraudsters deposit fraudulent checks into the account via ATMs and/or remote deposit. The fraudsters then make ATM withdrawals and purchase Visa or GreenDot prepaid cards to convert into cash later. The victim is left responsible for the losses to the account due to their participation in the scam by giving their card and information to the fraudsters.

Payday Loan Schemes
The victims of this scheme are in need of a small loan to help make ends meet. The victim signs up with an online loan website and is quickly approved for a small loan with no questions asked. The fraudulent loan company will ask for the victim’s online username and password and states that they need the information in order to transfer funds to the victim’s account.

The fraudulent loan company then instructs the victim to send the money back to them to ensure the loan applicant (victim) is trustworthy. The fraudulent loan company actually deposited fraudulent checks into the victim’s accounts through the online banking application. The victim is left with a negative balance due to the checks deposited by the fraudulent loan company.

• If you are using Windows 7 or an older operating system, upgrade to a more current operating system, such as Windows 10. Microsoft is no longer providing product support, including security patches, for Windows 7.
• Use a firewall and install anti-virus, anti-spyware, and ad protection software on your device, and check for regular updates
• Never download software presented in pop-ups or emails from unknown senders
• Set your operating system, security and application software (such as Microsoft Office) to automatically check for updates

• Commit your user ID and password to memory. Do not record and store it in a place where someone can easily find it or use password memory/management programs.
• Do not use the same user ID and password on multiple sites
• Change your password frequently
• Always sign off Online Banking and Mobile App sessions
• Do not sign on to Online Banking from a public/shared computer
• Do not reply to suspicious emails, texts or voice messages on your computer, tablet, or phone
• Only use trusted third-party sites
• Safeguard your user ID and password. Sharing your online credentials with another individual, application, or company provides that party with the ability and authorization to access your accounts. SECU will not be liable for loss resulting from sharing your online credentials with a third-party except as applicable law requires.
• Monitor your accounts. You are generally not liable for online transactions you didn’t authorize that occur through the use of our online services. However, you should monitor your accounts and notify us as soon as possible when you detect unauthorized activity on any of your accounts. If you fail to notify us promptly, you may not get back all the money you lost. Please contact us at 844.769.2667 immediately if you notice any suspicious or fraudulent activity.

• Never share personal information by telephone, unless it is with a trusted entity with whom you initiated the call
• File documents that contain personal information in a safe place, and shred any unneeded documents containing personal information
• Pay attention to billing cycles, and contact creditors if bills do not arrive
• Review all financial statements regularly for fraudulent activity
• Review credit reports annually (free credit reports are available at Annual Credit Report.com)
• Do not carry your Social Security card or excess credit cards unless absolutely necessary

• Remember to use caution when checking your email or searching for popular key words and videos online
• Be cautious when selling items online or on social media. Some scammers will pay for items by sending you fraudulent checks in amounts higher than the selling price and then requesting you to wire the difference back to them.
• Only use peer-to-peer (P2P) payments to send money to trusted family and friends – P2P payments are not reversible once sent

Peer-to-Peer Payments

Peer-to-peer payments, also known as P2P payments, are transactions that can be used for anything from splitting a $30 dinner bill between friends to paying your rent. These payment services allow the transfer of funds between two parties using their individual financial institution accounts or debit cards through an online or mobile app. Online services and apps that allow you to easily send and receive money are a fast-growing trend. Payment services, like Venmo, Zelle®, Apple Pay, Cash App, and Facebook P2P Payments in Messenger, are a virtual imitation of paying or receiving cash. These services make sending funds just as easy as paying with cash. However, you should only use these services when you are paying someone you know. Here are some tips to keep in mind.

Best Used Among Friends and Family

To lower the risk of being victimized by fraudsters, only conduct P2P transactions with people you know. Don’t use P2P payments to pay for items you purchase from unknown sellers on the Internet. Most peer-to-peer transactions are instantaneous and irreversible, a fact scammers are known to exploit.

Once you send funds, there is no recourse to get the funds back. If you accidently choose the wrong person in your contact list or enter the wrong number, the transaction cannot be stopped or reversed.

Don’t Use P2P Services for Business Purposes

P2P payment services are intended for personal use only. Most services have rules that prohibit their use for commercial purposes, such as the buying and selling of goods and services. Read the Terms and Conditions of your P2P service carefully, as some payments could be revoked, and your use of the service may be discontinued if you violate the provider’s terms.

Understand the Risks

Because P2P transactions are completed by a third party, the Credit Union does not have access to any information about these transactions even if they involve Credit Union accounts. In addition, P2P payment service providers are only responsible for transferring the funds. Once funds have been sent as authorized and received, they are no longer responsible for the transaction. If you paid for something but didn’t receive it or received damaged goods, you are usually on your own when it comes to a dispute. Before using a P2P service, research the provider’s customer support policies so you know what to expect. While these transactions are very convenient, you should view them as cash payments that can’t be retrieved.

What to Do if You Are a Victim of Identity Theft

• Contact one of the three major credit bureaus immediately to request a fraud alert, which places a notice on your credit report that you may have been the victim of fraud or identity theft. This alert encourages creditors to take extra steps to confirm your identity before completing a request for credit. One bureau will report the information to the other two, and your credit report will be mailed to you for review. The renewable fraud alert will be placed in your credit reports for one year.
• Contact Simplicity CU and any other financial institutions where you hold accounts, and immediately close all accounts that have been compromised
• Contact local law enforcement authorities and file an identity theft report
• Check with your local post office to see if any unauthorized change-of-address requests for you have been filed
• Visit the Federal Trade Commission’s Identity Theft website for more detailed information on how to recover from identity theft