Never provide your confidential banking or personal information to anyone other than a reputable merchant you trust. If you do, you risk being held responsible for any potential losses. If something does not seem legitimate, it probably isn't!

Always just delete texts, emails, or hang up on scammers. Call the merchant they claimed to be or call us with help on whether a scam or not.

Common Scams

You’ve probably heard the phrase, “Imitation is the sincerest form of flattery,” but when it comes to impersonating websites, this couldn’t be further from the truth.

Phony websites may look like a real version of a website, but in fact, they may be a resource for gathering account information or credit and debit card numbers. They are often tied to fake social media sites, emails, limited-time offers, and ‘unbeatable’ deals. 

Keep your accounts safe by paying close attention to web addresses to be sure you’re on your intended website. Watch for spelling errors and double-check that the customer service number is correct.

  • Do not simply trust the look of an email: question the intent of the email. Is it ultimately asking you to verify or enter personal information?
  • Before clicking on anything, check the email address of who sent it. If it doesn't look normal (name@company.com), it is likely spam or fraudulent.
  • If you receive a suspicious email with a link from a known contact, confirm the email address is legitimate by calling or emailing the contact; do not reply directly to a suspicious email.
  • Check for misspellings, poor grammar, or incorrect domains within any links (e.g., if an address that should end in “.gov” ends in “.com” instead).
  • Do not trust a website just because it has a lock icon or “https” in the browser address bar. Always carefully check the URL to be sure that you’re on the right website.

Be aware of an internet email fraud form known as phishing. This practice refers to fraudulent email messages requesting confidential information. The information then allows the perpetrator to gain access to the victim's accounts and steal the victim's identity. This may include

Emails asking you to reset account information, restore access or for confidential information

Suspicious, unsolicited emails containing attachments or requiring members to send personal information to us via email or pop-up windows

Maintenance/Account Recovery emails

​Please remember that Simplicity will never ask for personal or account information by email. However, if you do receive one of these types of emails above, 

  • Do not respond to the email in any way
  • Do not click any links
  • Do not open any attachments
  • Do not provide any data to any websites
Below are the five common types of phishing attacks according to Meta Compliance.

Spear-Phishing: This type of targeted attack focuses more on stealing sensitive data from an individual or specific organization. Personal information that is specific to the target individual or company is used to seem more legitimate. 

Vishing: This type of attack refers to “phishing scams that take place over the phone. It has the most human interaction of all the phishing attacks but follows the same pattern of deception. The fraudsters will often create a sense of urgency to convince a victim to divulge sensitive information.” These calls are usually made using a normal ID to make it appear safe to answer. For example, a hacker could pose as a representative at your bank or credit union and call to alert you that there has been questionable activity on your account. Once they’ve gained your trust, the hacker will ask for your personal account information and can use those details to commit identity fraud. 

Whaling: This type of attack includes a high-level choice of target; it is an attempt to steal and misuse senior management’s private, personal information at a company/organization. Whaling occurs in the form of emails that are more sophisticated than phishing and are often harder to recognize due to their use of elite corporate language. The email will include personalized information about the target and organization. 

Smishing: This type of attack is unique compared to its counterparts as it uses SMS text messages to gain access to personal information like credit card numbers, passwords, and more. The delivered text message usually includes a call to action to demand an immediate response or reaction. 

Clone Phishing: The last type of attack involves “legitimate and previously delivered email [that] is used to create an identical email with malicious content. The cloned email will appear to come from the original sender but will be an updated version that contains malicious links or attachments.”

Reporting Fraudulent Activity

If you believe you are a victim of phishing, it is important that you change your password, monitor the activity in your account for a period of time and even contact credit reporting services to have a fraud alert attached to your credit report file.

Also, please notify Simplicity Member Call Center at 844.769.2667.

The most common check scams involve a person receiving a generous check instructing them to send cash or wire funds from the check proceeds to another person or company. What ends up happening is the check returns as a fraudulent check, and they are held responsible for the loss of the funds due to the return of the check. Below are common check scams that are seen on a daily basis.

Lottery Winner
The victim is mailed a check along with a letter stating they are the lucky lottery winner. The victim is then instructed to deposit the check and send a portion of the funds back to pay for the processing and taxes for the larger lottery winnings. The check that is attached to the letter will have been written off of a company or individual’s account that is in no way associated with the lottery.


Secret Shopper and Work-From-Home
Fraudsters create job postings or create a website advertising work from home jobs or to become a secret shopper to earn extra income. Often these sites advise the prospective victim to deposit a check and then to wire the majority of the money to a third party to purchase office equipment or to test the institution's customer service levels.


Overpayment
One of the trending internet check scams is found on sale sites such as Craigslist or eBay. The victim sells an item and receives a check for 2-5 times the agreed-upon sale price. The purchaser advises the Seller they wrote the check out for too much money by accident and for the Seller to send back the difference to them. Often the Purchaser will tell the Seller to keep the sales price of the item sold along with $50 for taking the time to wire the funds back to the Purchaser.

These types of scams typically involve connecting with the victim on social media sites or for online payday loan offers requesting the victim’s debit card and PIN number and/or the victim’s online banking username and password.

Debit Card Scams 
The victim is contacted utilizing social media sites such as Facebook, Instagram, Twitter, etc. The fraudsters tell the victim that they need to use local bank accounts to conduct some business transactions and will leave some money in the victim's account for the use of their debit card and PIN number and/or online banking username and password.

Once the victim agrees, the fraudsters deposit fraudulent checks into the account via ATMs and/or remote deposit. The fraudsters then make ATM withdrawals and purchase Visa or GreenDot prepaid cards to convert into cash later. The victim is left responsible for the losses to the account due to their participation in the scam by giving their card and information to the fraudsters.

Payday Loan Schemes
The victims of this scheme are in need of a small loan to help make ends meet. The victim signs up with an online loan website and is quickly approved for a small loan with no questions asked. The fraudulent loan company will ask for the victim’s online username and password and states that they need the information in order to transfer funds to the victim’s account.

The fraudulent loan company then instructs the victim to send the money back to them to ensure the loan applicant (victim) is trustworthy. The fraudulent loan company actually deposited fraudulent checks into the victim’s accounts through the online banking application. The victim is left with a negative balance due to the checks deposited by the fraudulent loan company.

IMPORTANT

If someone is asking you to provide ANY personal or online banking information; specifically username, password, and the secure access code that gets sent when logging into online banking on a device that’s not registered, DO NOT give them that information. If a fraudster has access to that secure access code, that gives them the ability to get into your online banking information where account numbers can then be compromised and fraudulent activity can happen from there. Money can be depleted in and out of those accounts very quickly, especially in the event of depositing fraud checks via mobile remote deposit capture (RDC) where P2P payments, or external transfers are authorized by the fraudulent person.

Resources

Equifax
Order Credit Report: 800.685.1111
Report Fraud: 800.525.6285
equifax.com

Federal Trade Commission
ID Theft Hotline: 877.IDTHEFT
consumer.gov/idtheft
ftc.gov

Experian
Order Credit Report: 888.397.3742
Report Fraud: 888.397.3742
experian.com

Identity Theft Resource Center
itrc@idtheftcenter.org
Contact: 888.400.5530
idtheftcenter.org

Trans Union
Order Credit Report: 800.888.4213
Report Fraud: 800.680.7289
tuc.com

Privacy Rights Clearinghouse
Contact: 619.298.3396
privacyrights.org

How You Can Protect Yourself

Simplicity CU knows the significance of protecting members' confidential personal and financial information. You should never disclose your private personal or financial information (e.g., Social Security number, account or card information, user IDs, and passwords) to anyone, either in person or over the phone, computer or mobile device, unless you know and trust the individual and you initiated the call or transaction.