The information contained on this page is intended for our members concerning phishing, identity theft, vishing and other fraud scams.

A group calling itself"Security First CU" (no relation to any bonafide credit union), or another plausible credit union name, sends a text message or email to an individual.  The message informs the recipient that their account is being closed, due to fraud.

The message requests the individual contact the "institution" to reactivate their account by calling a telephone number.  Some of these scams have utilized a 909 area code call-back number.

Calling that number results in an automated request to enter personal information, including credit card numbers. After numerous reports of illegal activity, the fraudster's telephone number has been shut down by the telephone provider.  However, it is likely that the fraud will continue, utilizing a different telephone number.

This fraud is an attempt to obtain personal information from consumers.  Consumers should NOT call the sender of this message nor take any other requested action.  Under no circumstances, should personal information be shared in response.  06/09/08

Recently, Land of Lincoln Credit Union has been the victim of numerous fraudulent phishing scams.  These e-mails are for the sole purpose of obtaining sensitive account information.  Land of Lincoln Credit Union will NEVER send out e-mails requesting account information.  Please DO NOT RESPOND, DOWNLOAD OR GIVE OUT ANY ACCOUNT NUMBERS INCLUDING YOUR DEBIT AND CREDIT CARD NUMBERS.

The types of e-mail requests being circulated include but are not limited to:

• Complete a survey and receive cash
• Your accounts or cards have been suspended
• Our on-line banking will be down; please confirm your account data                                05/08

• Vishing
• Phishing
• Identity Theft
• Identity Theft - U.S. Internal Revenue Service
• Obtaining your Free Credit Reports

Fraudulent Activity - Vishing

The NCUA has alerted us about "phishing" scams in which crooks send e-mails claiming to be from legitimate financial institutions, companies, or government agencies asking consumers to "verify" of "re-submit" confidential information such as bank account and credit card numbers, Social Security Numbers, passwords, and personal identification numbers. A variant on that approach using telephone systems, vishing, is increasingly being used to obtain this information from unwary consumers.

Consumers are becoming more aware that an e-mail they receive containing a link or other contact information could be malicious in nature.  So criminals are moving away from primarily using email as a method to gain confidential information to using methods victims are more familiar with, like calling a number.

In essence, vishing is the criminal practice of using social engineering and Voice over Internet Protocol (VoIP) telephony to gain access to private personal and financial information from the public for the purpose of financial reward.  The term vishing is a combination of "voice" and phishing.  Vishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations, are known to the telephone company, and are associated with a bill-payer.  The victim is often unaware that VoIP allows for caller ID spoofing thus providing anonymity for the criminal caller.  Vishing is attractive to criminals because VoIP service is fairly inexpensive, especially for long distance, making it cheap to make fake calls.  In addition, because it's web-based, criminal can use software programs to create phony automated customer call center service lines.

An example of a vishing scam is when a consumer receives a recorded message telling them that their credit card and/or financial institution account has been breached and to immediately call a number provided in the recorded message.  The phone number provided in the message leads the consumer to a "fraudulent call center" established by account information and login credentials in order to access the account.  A twist on this scam is when the recorded message provides the address of a fraudulent website for the consumer to access (instead of a telephone number) and to provide certain information to reinstate the supposedly affected account(s).

Vishing is very hard for authorities to monitor or trace.  To protect themselves, consumers are advised to be highly suspicious when receiving messages (telephone, email, or otherwise) directing them to call and provide personal, confidential, and/or account related information.  Rather than provide any information, the consumer should contact their financial institution or credit card company directly to verify the validity of the message using contact information they already have in their possession (i.e. do  not use contact information provided in the suspicious message).

************************************************************

What is phishing?

Phishing involves high-tech fraudsters who pretend to be a legitimate financial institution or credit card company.  Hiding behind the anonymity of the Internet, the fraudsters send out "official-looking" e-mails designed to trick consumers into divulging financial and personal information such as debit and/or credit card numbers, CVV2 values, PIN numbers, member account numbers, passwords, user names, Social Security Numbers, and other sensitive data.  In most cases, the e-mail claims there is an account problem or warns of a possible account fraud threat.  Either way the whole idea is to convince the consumer there is an immediate need to update their financial information.

The newest phishing scam- Do not respond to any e-mail that directs you to update your personal information by dialing a

telephone number.  Only use the customer service number on the back of your card. 

How should I handle a Phishing e-mail if I receive one?

DO NOT supply any of the personal information that is being asked.

If a phishing e-mail has been received and personal information has been given, report the situation in one of the following ways:

  By calling 877-428-4338 or

  By visiting www.consumer.gov/idtheft

If a Phishing e-mail has been received, but personal information has not been given, report the situation in one of the following ways:

  By calling 800-876-7060 or

  By visiting www.fraud.org

*************************************************************

           Suggested Steps to Reduce Your Vulnerability to Identity Theft

Protect Your Personal Information

• At home and at work, secure important documents that contain your personal information where they are protected from unwanted view or access.
• Carry only the necessary cards and identifying information in your purse or wallet.  Limit the number of credit cards or checks that you carry.  Don;t carry PIN numbers with your cards.
• Sign your credit and debit cards when you receive them.
• Pick up receipts from ATM's, restaurants, stores, and gasoline pumps.  Don't leave them lying around.
• Watch out for shoulder surfers watching you type in your PIN number at the cash register or ATM.
• Safeguard your Social Security number.
• Do not carry your Social Security card in your wallet.
• Do not pre-print your Social Security number on your checks or driver license, and do not use it on an unsecured web site.
• Ask why someone wants your Social Security number and how it will be protected before deciding to give it out.  (Financial institutions will require it before they can provide products and services.)
• Protect your mail.
• Deposit outgoing mail that contains personal information in a U.S. Postal Service blue collection box, hand it to a letter carrier, or take it to the Post Office if you can.  If you place outgoing mail in your own mail box for the letter carrier to pick up, don't use the red flag to draw attention to the waiting mail
• Remove incoming mail promptly from your mail box and consider some kind of lock mechanism to keep thieves out.  Have the Post Office hold you mail if you are going away.
• Use strong passwords to protect access to your sensitive information and financial accounts.
• Don't create passwords using easy to guess or easy to obtain personal information. like birth dates or a pet's name.  Make the passwords unique - e.g., mix letters with numbers and symbols. Change your passwords from time to time.
• Outsmart the "dumpster diver" by shredding documents containing sensitive information before throwing them out.
• Destroy expired or unneeded credit debit, or ATM cards so that the numbers and magnetic strip cannot be read.

Be Alert, Be Careful

• Check your consumer reports (i.e., credit reports) annually at least, and before making a major purchase like a home or car.  Dispute and remove errors or unknown accounts in the reports.
• Check bank and credit card statements and billing regularly.  Report unauthorized transactions immediately and then in writing.
• Contact your financial institution if your regular statements or bills don't arrive on time to see whether they were mailed, or possibly intercepted or diverted to another address.
• Be cautious about sharing your information.  Generally, refrain from giving personal information and account information out to others - via phone, fax, mail, or e-mail -- if you have not initiated the communication in the first place.
• Choose your tax preparer very carefully, if you don't prepare you own tax return.
• If the Internal Revenue Service (IRS) sends you a letter that leads you to believe someone may have used your Social Security number fraudulently, contact the IRS immediately.
• Read a company's privacy and security policy in order to understand how your personal information will be used, disclosed, and protected.

Added Tips for Online Safety

• Install a firewall on your computer.
• Use anti-virus, anti-spam, and anti-spyware software.  Keep the software updated.
• Use parental controls to protect children from unwanted spam and phishing e-mails.
• Keep your browser updated.
• Don't respond to requests personal information from unsolicited e-mails or pop-up windows.
• Visit a web site by entering the web address - or "URL" - yourself into your web browser, not by clicking a link in an e-mail.
• When downloading a program, game,etc.., reading the provider's statement of terms will let you know what else you might be downloading that you may not want.
• Check that you use secure web sites for sensitive communications or transactions.  When entering the URL, look for the "s" in the "https" and the lock icon in the bottom right of the screen.
• Clean the hard drive before discarding any personal computer.

What To Do If You Are, Or Think You Are or May Become, a Victim of Identity Theft

What the Experts Recommend

• Report lost or stolen credit, debit or ATM cards to financial institutions immediately and then in writing.
• Report unauthorized card transactions that show up on your monthly statements immediately; however, you also must write to the creditor at the address given for "billing inquiries," not the address for sending your payments, and include your name, address, account number and description of the billing error.
• Contact your or the pertinent financial institution if you find that a thief has taken over an existing account, like a checking account, or established new account in your name without your knowledge.  Follow up the complaint in writing.
• Contact the three nationwide consumer reporting agencies (i.e., credit bureaus) - Equifax, Experian, and TransUnion - to place a fraud alert in your file.
• One call to any one of them will be sufficient.  The company you call is required to contact the other two, which will place an alert in their versions of your file, as well.
• Obtain a free copy of your credit report from each of the three nationwide consumer reporting agencies once you place the fraud alert.  Check it carefully and dispute any errors or unauthorized accounts promptly.
• Keep good records of all your communications and any evidence of identity theft that you obtain.
• Contact law enforcement and file a police report.  You will be able to use the report to help clear up the record from the identity theft.
• Active duty military personnel deployed away from their regular duty station may place an Active Duty Alert in their file for 12 months (renewable).  This signal lenders to take a little extra care before issuing credit to someone claiming to be the deployed service man or woman.  One call to Equifax, Experian, or TransUnion is sufficient.  The company you call is required to contact the other two, which will place an alert in their versions of your file, as well.
• Report the incident(s) to the Federal Trade Commission (FTC), which keeps track of reported crimes and shares the information with law enforcement throughout the country.  The FTC also has information and materials that may help victims of identity theft in their efforts to restore their identity. www.consumer.gov/idtheft

************************************************************

U.S. INTERNAL REVENUE SERVICE

Identity Theft

• How you should protect your tax information
• From a tax perspective, how people may use your information
• What to do if it happens to you
• Some of the safeguards in place within IRS

Did you know that your social security number can also be used by Identity Theft crooks to file tax returns and get refunds using your name?

Generally, identity thieves use someone's personal data to steal his or her financial accounts, run up charges on the victim's existing d=credit cards, apply for new loans, credit cards, services or benefits in the victim's name ... but you need to be aware of some other potential areas where this type of fraud may occur - and they relate directly to your tax records.

What if an undocumented worker used your Social Security number in order to get a job?                                                                                                    

-That person's employer would report W-2 wages earned using your information to the IRS so it might appear that you did not report all of your income on your real return.

What if they filed a tax return with your Social Security number in order to receive a refund?

-When you file your real tax return, the IRS will believe that you have already filed, received your refund and that the real return is a second copy or duplicate.

The IRS, like the other government agencies you have heard from, is working hard to help victims of identity the AND we are doing our part to combat this crime.

When it comes to your tax records:

• If you do not prepare your own return, be careful in choosing your tax preparer - as careful as you would in choosing a doctor or a lawyer.  That person will have access to your personal financial records.
• You should also know that the IRS does not communicate with taxpayers through e-mail so if you receive any request for information in that format, it is fraudulent.

 Knowing these simple rules can help prevent identity theft.

If you do receive a notice from the IRS that leads you to believe someone may have used your social security number fraudulently, please notify the IRS immediately by responding to the person's name and number prints on the notice.

Examples of this might be:

• If you are contacted that the IRS has received more than one tax return for you; or
• If you receive a notice of unreported income from the IRS asking you to report wages you did not earn

The IRS has put processes in place to help victims of identity theft resolve issues like those just mentioned.  If you receive a notice, contact the IRS either by phone or in writing as directed in that notice.  IRS tax examiners will work with you and other agencies such as the Social Security Administration to help resolve these types of problems.

The Taxpayer Advocate Services can also help.  If you have attempted to resolve your problems through normal processes and are about to suffer a significant hardship, the Taxpayer Advocate Service had expert resources that can assist you.   Go to our the IRS web site at www.irs.gov and select the link at the bottom of the page for "Taxpayer Advocate" to learn more or call the toll free number at the bottom of the screen.

Taxpayer Advocate Service (877) 777-4778

As the IRS becomes aware of identity theft schemes that target taxpayer, the IRS will issue public warning so you can be on guard for these schemes.  You cna find those warning on the IRS web site www.irs.gov along with information about recent criminal prosecutions of the perpetrators of identity theft schemes that relate to tax administration.

Examples of current warning that are currently on irs.gov

Treasury, IRS Warn of Identity Theft Scheme Involving Bogus E-mail, Web site

IR-2004-60, April 30, 2004

http://www.irs.gov/newsroom/article/0,,id=122997,00.html  

IRS Warns of Scheme to Steal Identity and Financial Data

IR-2004-75, June 1, 2004

http://www.irs.gov/newsroom/article/0,,id=123621,00.html        

IRS Reissues Consumer Warning on Identity Theft Scheme; Scheme Now Targeting Caribbean

IR-2004-104, August 3, 2004

http://wwwirs.gov/newsroom/article/0,,id=127914,00.html    

Where Do You Report Suspected Tax Fraud Activity?

If you suspect or know of an individual or company that is not complying with the tax laws, report this activity.  Reports of suspected tax fraud can be made by phone, mail or your local IRS walk-in office.

By Phone:

You can contact the IRS toll free at 1-800-829-0433

International callers may call their US Embassy or call 215-516-2000 (this is not a toll free number).

By Mail:

Written correspondence can be mailed to the service center where you file your return. 

*************************************************************

Obtaining Your Credit Reports

How to Obtain Your Free Annual Credit Report:

- Log on to www.annualcreditreport.com

- Contact Equifax consumer reporting agency at www.equifax.com

-Contact Experian consumer reporting agency at www.experian.com

-Contact TransUnion consumer reporting agency at www.transunion.com

The contents of this page is informational only.  IRSE Credit Union does not guarantee or warrant the accuracy of the information contained on this page.