Phishing (pronounced: fishing), or online fraud: Phishing is an online-fraud technique that is used by criminals to lure you into disclosing your personal information, which then enables the thief to:
• Apply for and get credit in your name.
• Empty your bank account and charge expenses to the limit of your credit cards.
• Remove money from your accounts.
• Use a copy of your debit card to withdraw your money from anywhere in the world.
There is a phishing text scam going around that sends a text message stating it’s from “X Bank or Credit Union” and to call 951-231-4867. When calling, it requests for you to enter card and/or account information. THIS IS A SCAM.
If you’ve received this text, please do not release any information. If you have, contact your financial institution right away to have your card blocked.
Recent Card Compromises
Recently, we have seen some very aggressive tactics by people posing to work with IRS. These scammers are very aggressive with Members and use scare tactics such as threatening deportation, jail, and driver’s license revocation as forms of scaring member’s into sending the money.
Additionally, it is important for taxpayers to know that the IRS:
• Never asks for credit card, debit card or prepaid card information over the telephone
• Never calls without first mailing you a bill documenting the reason and tax year
• Never insists that taxpayers use a specific payment method to pay tax obligations
• Never demands that you pay taxes without an opportunity to appeal or question the amount owed
• Never requests immediate payment over the telephone and will not take enforcement action immediately following a phone conversation. Taxpayers usually receive prior notification of IRS enforcement action involving IRS tax liens or levies
Potential phone scam victims may be told that they owe money that must be paid immediately to the IRS or they are entitled to big refunds. When unsuccessful the first time, sometimes phone scammers call back trying a new strategy.
If you get a phone call from someone claiming to be from the IRS, here’s what you should do:
•If you know you owe taxes or you think you might owe taxes, call the IRS at 1.800.829.1040. The IRS employees at that line can help you with a payment issue, if there really is such an issue.
•If you know you don’t owe taxes or have no reason to think that you owe any taxes (for example, you’ve never received a bill or the caller made some bogus threats as described above), then call and report the incident to TIGTA at 1.800.366.4484.
•You can file a complaint using the FTC Complaint Assistant; choose “Other” and then “Imposter Scams.” If the complaint involves someone impersonating the IRS, include the words “IRS Telephone Scam” in the notes.
For more information, please visit the IRS website here www.irs.gov/uac/Newsroom/IRS-Repeats-Warning-about-Phone-Scams
Tax Return Phishing Scams – Email
Things you should know:
• The IRS will never initiate contact with taxpayers by email, text message, social media.
• Any legitimate IRS webpage will begin with irs.gov
• Don’t be fooled by close variations (such as irsgov, irs.net, or similar)
•Forward fraudulent email to firstname.lastname@example.org, then delete the original email immediately.
Thieves use Social Security number to file bogus tax returns and pocket tax refunds they are not entitled to.
Click here to view a more detailed list of various Tax Return Scams and what you can do to protect yourself.
There are have been calls made to some Members stating they are calling on behalf of Altura Credit Union. The number is 760-721-7669. This number is a legitimate business for a company named Pure Turbos. The company currently has a recording stating that if you did indeed receive a call from them, your card number may have been compromised.
If you received a call from that number, call us at 888-883-7228 or visit one of our locations to block you card and look over your account for any potential fraud.
Types of Social Engineering
A type of malware that prevents or limits users from accessing their system or select files, unless a ransom is paid to restore access.
Tip: Be proactive and protect against data loss by backing up your files and keeping them safe on a physical, external storage device.
An act of wrongfully obtaining and using another person’s information that involves fraud or deception.
Tip: Be diligent before posting personal information online and think carefully before sharing information through apps and websites.
A more recent type of phishing attack is IRS-related phishing, in which criminals disguise a phishing email to employees in human resources or payroll departments so that it appears to come from a company executive. Phishers do this to request information such as employees’ W-2 data or even social security numbers from companies. These phishing scams are particularly dangerous because the Form W-2 contains an employee’s name, address, Social Security number, income and withholdings, all of which compromises personal identity and data security and can be used to file fraudulent tax returns or even be sold on the Dark Net.
Vishing (phone call scam)is a social scamming method similar to phishing, except that scammers will try to trick the victim through a telephone call or even an Internet call such as Skype or FaceTime. As in other forms of phishing, the scammers target important personal information such as credit card data, passwords, emails and so on.
Smishing (Scams sent via text messages)
scams are so named because they’re like a phishing email, except sent via SMS, the technology underlying the typical text message.
How to Spot a Phishing Scam
Cybercrime is a critical threat with social engineering attacks becoming more sophisticated, realistic, and difficult to recognize. Phishing attacks are one of the most common forms of cybercrime. What does a phishing email look like? Review the indicators of a phishing email below to help you identify when received a phishing scam.
Generic subject line
Legitimate emails usually have detailed subject lines. A vague subject line can be a key indicator or of a phishing scam.
Hover over links included in emails to see the actual destination of the URL.
Improper use of copyright
Watch the improper use of copyright information. This is used to make the phishing email look official.
Phishing emails often contain misspelled words and bad grammar. This is a sign that the email did not come from a professional organization or a real person you may know.
Use your intuition and if something ‘feels’ wrong, consider calling the organization or office directly to validate the email.
Other warning signs
It’s likely that fraud is being tried when you are asked to:
• Click on a link in an email sent from an unknown sender. Even without entering personal information on the site, clicking on the link – even to unsubscribe – could install a virus or spyware on your computer and retrieve personal information without your knowledge.
• Provide personal information to an unknown source.
• Verify your account information with the threat of suspending your account.
• Sell an item with a promise of payment that is much more than the item is worth.
• Make direct monetary donations.
How to protect yourself from fraud
• Monitor your transactions- Review your order confirmations and credit-card and bank statements when you receive them to make sure that you are being charged only for transactions you made.
• Never reply to email messages that request your personal information.
• Don’t be intimidated by urgent email messages warning of the consequences of not following its instructions.
• Don’t click links in suspicious emails.
• Don’t send personal information in regular email messages- Regular email messages are not encrypted and are like sending a post card.
• Make sure the website uses encryption The web address should be preceded by https:// instead of the usual http:// in the browser’s Address bar.
• If you feel that the email is legitimate, contact the sender using a Web address or phone number that you know is valid, perhaps from a statement you’ve received.
• Report suspicious emails and phone calls to the Federal Trade Commission at http://www.ftc.gov/idtheft/ or call 1.877.ID.THEFT
• Never call the number given to you or displayed on your Caller ID (unless it’s a number from a friend, relative, etc.). Take the time to look up the legitimate number and then call it.
• Never give out any personal information – to anyone! This actually goes for any type of request for personal information. Just FYI: Legitimate companies do not ask for your social security number, national ID numbers, credit card numbers OR PIN’s via phone.
• Hang up if you get a suspicious call. Before calling back the legitimate number of the company, do a bit of research on internet. Most probably other victims will already have published information about it.
• You can also report Identity theft at: https://www.identitytheft.gov/
• Don’t reply to text messages from unfamiliar phone numbers, especially when it comes from a number that doesn’t have nine digits.
• Don’t provide any ATM card, Visa debit card, or Visa credit card information.
• Don’t trust text messages that directly request personal or financial information. Government agencies and banks won’t ask for sensitive data via text. Call the company directly to their dedicated phone number.
• Don’t click on a link contained in a text message unless you know the person who sent it. Even if you receive a message from a friend or family member, confirm that he or she meant to send it before clicking.
• Send Smishing messages to 7726 (SPAM), which helps mobile phone service providers identify and block them.
• Don’t share your mobile phone number on social media or online.
• Delete the message from your phone.