North Alabama Educators Credit Union

"Phishing" and Fraud Alerts

ACH ALERT Issued 05/18/2011 - Fraudulent NACHA Emails

Background
Further to previous Members Memos and notices made available on our website since February 2011, NACHA has been the victim of sustained and evolving phishing attacks in which consumers and businesses are receiving emails that appear to come from NACHA. The attacks are occurring with greater frequency and increased sophistication. Perpetrators may also be exploiting email addresses recently stolen from Epsilon.

These fraudulent emails typically make reference to an ACH transfer, payment, or transaction and contain a link or attachment that infects the computer with malicious code when clicked on by the email recipient. The contents of these fraudulent emails vary, with more recent examples including a counterfeit NACHA logo and the citation of NACHA's physical mailing address and telephone number.NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.

Caution your customers not to open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom they do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. Direct them to forward suspected fraudulent emails appearing to come from NACHA to abuse@nacha.org to aid in our efforts with security experts and law enforcement officials to pursue the perpetrators.

If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software application security patches are installed and current.

HERE ARE SOME METHODS USED TO SCAM CONSUMERS

E-MAIL “PHISHING”
Phishing (pronounced "fishing") is a scam to steal valuable information such as credit card and Social Security numbers, user IDs, and passwords. In phishing, also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, credit union, bank, or retail establishment. E-mails can be sent to people on selected lists or on any list, and the scammers expect some percentage of recipients will actually have an account with the real organization.

LAND LINE TELEPHONE “VISHING” & VoIP (INTERNET PHONES “VISHING”)
Vishing, (Voice phISHING) also called "VoIP phishing for the Internet phones," is the voice counterpart to phishing. Instead of being directed by e-mail to a Web site, an e-mail message asks the user to make a telephone call. The call triggers a voice response system that asks for the user's card number or other personal or financial information. The initial bait can also be a telephone call with a recording that instructs the user to phone an 800 number or another area code within or outside of the United States.

In either case, because people are used to entering card numbers over the phone, this technique can be effective. Voice over IP (VoIP) is used for vishing because caller IDs can be spoofed and the entire operation can be brought up and taken down in a short time, compared to a land line telephone.

TEXT MESSAGE “SMISHING”
Smishing (SMS phISHING) is the mobile phone counterpart to phishing. Instead of being directed by e-mail to a Web site, a text message is sent to the user's cell phone or other mobile device with some ploy to click on a link. The link causes a Trojan to be installed in the cell phone or other mobile device.

New!  Mail LETTER “PHISHING”
This new scam occurs where the phisher is creating a letter and sending it through the mail to individuals to respond to the letter by calling a phone number. The phisher outlines in the letter that the individual must respond for their own protection. This scam is used in conjunction with other channels to steal valuable personal and financial information of the individual receiving the letter.

How to Protect Yourself from Identity Theft Scams:

Never provide your personal information in response to an unsolicited request, whether it is over the phone, mail, or over the Internet. E-mails and Internet pages created by phishers may look exactly like the real thing. They may even have a fake padlock that ordinarily is used to denote a secure site. If you did not initiate the communication, you should never provide any information.

If you believe the contact may be legitimate, contact the financial institution or organization yourself at a published telephone number. You can find phone numbers on account statements, phone books, or on the Internet. The key is that you should be the one to initiate the contact, using contact information you have verified yourself.

Never provide your password over the phone or in response to an unsolicited Internet request. A financial institution would never ask you to verify your account information online or over the phone in an unsolicited manner.

Review account statements regularly to ensure all transactions are correct. If your account statement is late in arriving, contact your financial institution to find out why. If your institution offers electronic access, periodically review account activity online to catch suspicious activity.

If you feel that your personal information has been compromised, contact your financial institution immediately. Suspicious contacts should also be reported to the Federal Trade Commission at www.consumer.gov/idtheft , or by calling 1-877-IDTHEFT.

FBI COUNTERFEIT CHECK ALERT CHECKLIST:

The Federal Bureau of Investigations (FBI) has prepared the following checklist to assist consumers from becoming a victim. If you can answer "YES" to any of the following questions, you could be involved in a FRAUD or about to be SCAMMED!

Is the CHECK from an item you sold on the Internet, such as a car, boat, jewelry, etc?

Is the amount of the CHECK more than the item's selling price?

Did you receive the CHECK via an overnight delivery service?

Is the CHECK connected to communicating with someone by email?

Is the CHECK drawn on a business or individual account that is different from the person buying your item or product?

Have you been informed that you were the winner of a LOTTERY, such as Canadian, Australian, El Gordo, or El Mundo, that you did not enter?

Have you been instructed to "WIRE", "SEND", or "SHIP" money as soon as possible to a large U.S. city or to another country, such as Canada, England, or Nigeria?

Have you been asked to PAY money to receive a deposit from another country such as Canada, England, or Nigeria?

Are you receiving PAY or COMMISSION for facilitating money transfers through your account?