We have a Planned System Maintenance scheduled from 10pm on Saturday, February 24th to 4am on Sunday, February 25th. We apologize for any inconvenience this may cause.

Tenemos un mantenimiento del sistema planificado programado desde las 10 p.m. del sábado 24 de febrero hasta las 4 a.m. del domingo 25 de febrero. Pedimos disculpas por cualquier inconveniente que esto pueda causar.

Did you know?

Expanding your financial toolbox! Altura strengthens its commitment to Member education through a partnership with Balance.

Learn More

Small steps, big impact – take control of your financial future with Altura’s Credit Builder options.

Learn More

Don’t wait, invest in your future! Unlock financial wisdom with our FREE Member counseling services, covering everything from debt and budgeting to student loans and beyond.

Learn More

Ready to level up your career? Altura offers perks, benefits, and a chance to belong. Check out our careers page and apply!

Learn More

Don’t let finances hold you back! Altura’s $1,000 scholarships pave the way for graduating high schoolers to pursue their academic ambitions.

Learn More

Placeholder

Fraud and Common Scams

Protect Yourself from Tax Scams this Season: An Altura Member Guide

Tax season brings many things: filing forms, calculating deductions, and unfortunately, an opportunity for scammers. Don’t let them steal your hard-earned money or valuable information! As an Altura Member, we’ve got your back with this guide to staying safe during tax season.

Common Tax Scams:

  • Impersonation Scams: Scammers often pretend to be the IRS, state tax agencies, or even debt collectors. They may call, email, text, or send letters demanding immediate payment or threatening legal action.
  • Phishing Scams: Emails or texts containing malicious links or attachments that try to steal your personal information. They may appear to be from legitimate sources like tax authorities or financial institutions.
  • Refund Scams: Offers of inflated refunds or promises to “maximize” your return through illegal means. Be wary of anyone guaranteeing large refunds without understanding your unique tax situation.
  • Ghost Preparers: Unqualified individuals who prepare tax returns but avoid signing them, leaving you liable for any errors or fraud. Choose reputable and credentialed tax professionals.

Altura Member Tips:

  • Never share personal information over the phone, email, or text with anyone claiming to be from the IRS or another official entity. The IRS will never demand immediate payment or threaten arrest over the phone.
  • Verify all communication: If you receive a suspicious email or call, don’t respond directly. Contact the organization through their official website or phone number to confirm its legitimacy.
  • Beware of urgency tactics: Scammers often pressure you to act fast. Take your time to verify information and never feel rushed into making decisions about your finances.
  • Use secure channels: File your taxes electronically through a reputable software program or tax professional. Avoid sending sensitive information via email or unsecured websites.
  • Choose your preparer wisely: Select a credentialed and licensed tax professional with a good reputation. Ask for references and ensure they sign your return.
  • Stay informed: Regularly check the IRS website and Altura Member resources for updates on the latest scams and security tips.

Additional Resources:

IRS Scam Alerts: https://www.irs.gov/newsroom/tax-scamsconsumer-alerts

Federal Trade Commission: https://www.identitytheft.gov/

National Association of Enrolled Agents: https://www.naea.org/

American Institute of Certified Public Accountants: https://www.aicpa-cima.com/

Remember: If you suspect a scam, report it immediately to the IRS, Federal Trade Commission, or Altura Credit Union. By staying informed and vigilant, you can protect yourself and your finances during tax season and beyond.

Altura is committed to protecting your information and well-being. We hope this guide empowers you to stay safe and informed this tax season.

What is Spoofing?

Spoofing is when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity. Scammers often use neighbor spoofing so it appears that an incoming call is coming from a local number, or spoof a number from a company or a government agency that you may already know and trust. If you answer, they use scam scripts to try to steal your money or valuable personal information, which can be used in fraudulent activity. This video explains more.

How to Avoid Spoofing

You may not be able to tell right away if an incoming call is spoofed. Be extremely careful about responding to any request for personal identifying information.

  • Don’t answer calls from unknown numbers and even be skeptical if the number shows up as Altura Credit Union.  The bad actor could be spoofing Altura’s number to trick you. If you answer such a call, hang up immediately.
  • Always be suspicious of anyone calling you and asking for personal information about any accounts you have.  Even if they say they are from your financial institution.
  • If you answer the phone and the caller – or a recording – asks you to hit a button to stop getting the calls, you should just hang up. Scammers often use this trick to identify potential targets.
  • Do not respond to any questions, especially those that can be answered with “Yes” or “No.”
  • Never give out personal information such as account numbers, Social Security numbers, mother’s maiden names, passwords or other identifying information in response to unexpected calls or if you are at all suspicious.
  • If you get an inquiry from someone who says they represent a company or a government agency, hang up and call the phone number on your account statement, in the phone book, or on the company’s or government agency’s website to verify the authenticity of the request. You will usually get a written statement in the mail before you get a phone call from a legitimate source, particularly if the caller is asking for a payment.
  • Use caution if you are being pressured for information immediately.
  • If you have a voice mail account with your phone service, be sure to set a password for it. Some voicemail services are preset to allow access if you call in from your own phone number. A hacker could spoof your home phone number and gain access to your voice mail if you do not set a password.
  • Talk to your phone company about call blocking tools and check into apps that you can download to your mobile device. The FCC allows phone companies to block robocalls by default based on reasonable analytics. More information about robocall blocking is available at fcc.gov/robocalls.

Remember to check your voicemail periodically to make sure you aren’t missing important calls and to clear out any spam calls that might fill your voicemail box to capacity.

Fake text messages are also known as smishing attempts. Smishing is the fraudulent practice of sending text messages, purporting to be from reputable companies. These messages are intended to trick you into providing personal information, such as passwords, Social Security number or credit card numbers. The fraudsters then use this information to gain access to your bank account or email.

These text messages can be very convincing, as the criminals are trying to entice you to click on the link. Below are some examples of smishing attempts. Notice how convincing these messages appear to be legitimate:

 

 

What to do if you receive a Smishing text:

  • Block the phone number. If you are unsure how, reach out to your wireless carrier for help.
  • If you are unsure about whether or not the text is a scam, it’s best to contact the sender directly using a company phone number that you know to be legitimate.

What NOT to do:

  • Do not click on the link within the text message.
  • Do not reply to the text message. Replies can be used by the criminals to validate your phone number.
  • Do not be tricked by a local phone number. Fraudsters have technology that makes the text look like it is coming from a local number.

The Federal Trade Commission provides more resources to learn about Smishing attempts here: https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

There has been a recent increase in scam phone calls targeting our Members, including ones that originate from our inbound 888-883-7228 number, which we do not use to call OUT from. These calls are designed to trick you into giving out your personal information, such as your Social Security number, credit/debit card number, or account information.

It is important to remember that we will never call you and ask for your personal information. If you receive a call from someone claiming to be from Altura, hang up and call us back at the number on the back of your credit/debit card or at 888-883-7228.

We recommend that you follow these tips to protect yourself from scam phone calls:

  • Don’t give out your personal information to anyone who calls you unsolicited
  • Be suspicious of any call that asks for your personal information immediately
  • Hang up if you feel uncomfortable or pressured
  • Report any suspicious calls to the Federal Trade Commission at ftc.gov/complaint

Scam calls are designed to trick you into giving out sensitive information. Scammers may use a variety of tactics to try to get your information, such as:

  • Pretending to be from a government agency, such as the IRS or Social Security Administration
  • Pretending to be from Altura
  • Using threats or intimidation to pressure you into giving out your information
  • Telling you to pay in a specific way

Pay It Safe with Zelle®

Zelle® is a great way to send money to friends, family and others you trust, right from the Altura Credit Union app. With Zelle®, money moves directly from your bank account to another person’s bank account, typically arriving in minutes*.

We know getting money to friends and family quickly and safely is important, so we’ve provided some friendly reminders on how to “pay it safe” when you’re sending money with Zelle®. Additionally, you can watch the Zelle® Sending Money Safely video by clicking here.

1. Use Zelle® to pay friends, family and others you trust.

Fast and convenient, Zelle® is a great way to pay people you trust. Money is sent directly from your bank account to another person’s bank account, and can’t be canceled if the other person is already enrolled with Zelle®. Because of this, you should only send money to people you personally know and trust.

2. Know when Zelle® is a good payment option, and when another payment method is better.

Zelle® can be used to pay many important people in your life, for so many different reasons! Use Zelle® to pay your roommate back for takeout or split the cost of necessities with a neighbor. However, if you aren’t sure you will get what you paid for (for example, items bought from an online bidding or sales site), or you don’t know and trust the person you’re paying, we recommend you choose a different payment option. Neither Zelle® nor Altura Credit Union offers a protection program for authorized payments made with Zelle®.

3. Double check your recipient’s info.

One of the key benefits of using Zelle® is the ability to send money directly to another person’s bank account in minutes*. That said, it’s important you enter your recipient’s U.S. mobile number or email address correctly. Always double check your recipient’s contact info before you hit “send”!

4. Don’t share sensitive data with others.

As an added layer of protection, Zelle® will send you a Multi-Factor Authentication code to your mobile device to verify it’s you, but Zelle® and Altura Credit Union will never ask you to verbally share your code or online banking credentials. Your credentials should never be shared with others.

 

More Safety Tips

A new smishing attack has recently surfaced that targets iPhone users and their Apple ID. This attack sends a text message to you stating that your Apple ID is locked and that you need to click on the link and type in your Apple ID and password. Apple is not sending these. A malicious attacker is and wants to get your information.

Below is an example of how the text message looks:

Please be on the look out for texts similar to the one above.

Signs That It’s A Scam

  1. Scammers PRETEND to be from an organization you know.

Scammers often pretend to be contacting you on behalf of the government. They might use a real name, like the Social Security Administration, the IRS, or Medicare, or make up a name that sounds official. Some pretend to be from a business you know, like a utility company, a tech company, or even a charity asking for donations.

They use technology to change the phone number that appears on your caller ID. So the name and number you see might not be real.

  1. Scammers say there’s a PROBLEM or a PRIZE.

They might say you’re in trouble with the government. Or you owe money. Or someone in your family had an emergency. Or that there’s a virus on your computer.

Some scammers say there’s a problem with one of your accounts and that you need to verify some information.

Others will lie and say you won money in a lottery or sweepstakes but have to pay a fee to get it.

  1. Scammers PRESSURE you to act immediately.

Scammers want you to act before you have time to think. If you’re on the phone, they might tell you not to hang up so you can’t check out their story.

They might threaten to arrest you, sue you, take away your driver’s or business license, or deport you. They might say your computer is about to be corrupted.

  1. Scammers tell you to PAY in a specific way.

They often insist that you pay by sending money through a money transfer company or by putting money on a gift card and then giving them the number on the back.

Some will send you a check (that will later turn out to be fake), tell you to deposit it, and then send them money.

Source: https://www.consumer.ftc.gov/articles/how-avoid-scam

Amazon Scams

There is no shortage of online shopping during normal times, and the pandemic has accelerated our usage of online shopping, resulting in even more scams taking place on the largest retail store, Amazon. These scams and frauds are threats to both the consumer and business owner.

Consumer Threats

  • Phishing scams: This is one someone contacts you and pretends to be a representative of Amazon, offering a discount or asking for more information. Their goal is to gather more information to take your money or your identity. These can be in the form of a text or email and include links with viruses that can retrieve passwords.
  • Email Scams: Remember, Amazon will never ask for your personal details and will not list a customer’s email address or shipping address. Don’t be fooled by an authentic-looking address. Also, Amazon doesn’t ever ask you to login via an email. Even if the email looks legitimate, only logging in directly on Amazon will guarantee your account remains safe.

Seller Threats:

  • Failed Delivery Scam: When a customer says they didn’t receive a package when in fact they did. This can hurt the seller by depleting profits. A simple fix can be using a track-and-trace postage.
  • The Replace and Refund Scam: When a customer asks for a refund and then returns the item, except the item is not the one ordered but a previously purchased or stolen one of the same kind, that has been broken or is old. This scam can be countered by performing a quality test, then attaching a tamper-proof sticker.

(Source: blog.edesk.com)

Elder Fraud

Elder individuals tend to be more trusting and have more savings and assets. It is because of this that there are forms of fraud that specifically target the elderly, categorized as Elder Fraud.

Types of Elder Fraud:

  • Romance scam: Criminals pose as interested romantic partners on social media or dating websites to capitalize on their elderly victims’ desire to find companions.
  • Tech support scam: Criminals pose as technology support representatives and offer to fix non-existent computer issues. The scammers gain remote access to victims’ devices and sensitive information.
  • Grandparent scam: Criminals pose as a relative—usually a child or grandchild—claiming to be in immediate financial need.
  • Government impersonation scam: Criminals pose as government employees and threaten to arrest or prosecute victims unless they agree to provide funds or other payments.
  • Sweepstakes/charity/lottery scam: Criminals claim to work for legitimate charitable organizations to gain victims’ trust. Or they claim their targets have won a foreign lottery or sweepstake, which they can collect for a “fee.”
  • Home repair scam: Criminals appear in person and charge homeowners in advance for home improvement services that they never provide.
  • TV/radio scam: Criminals target potential victims using illegitimate advertisements about legitimate services, such as reverse mortgages or credit repair.
  • Family/caregiver scam: Relatives or acquaintances of the elderly victims take advantage of them or otherwise get their money.

Source: FBI.gov

Holiday Scams To Look Out For

When shopping online during the holiday season—or any time of year—always be wary of deals that seem too good to be true.

The two most prevalent of the holiday scams are non-delivery and non-payment crimes. In a non-delivery scam, a buyer pays for goods or services they find online, but those items are never received. Conversely, a non-payment scam involves goods or services being shipped, but the seller is never paid.

Similar scams to beware of this time of year are auction fraud, where a product is misrepresented on an auction site, and gift card fraud, when a seller asks you to pay with a pre-paid card.

Source: https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/holiday-scams

How To Avoid Holiday Scams

Practice good cybersecurity hygiene. 

  • Don’t click any suspicious links or attachments in emails, on websites, or on social media. Phishing scams and similar crimes get you to click on links and give up personal information like your name, password, and bank account number. In some cases, you may unknowingly download malware to your device.
  • Be especially wary if a company asks you to update your password or account information. Look up the company’s phone number on your own and call the company.

Know who you’re buying from or selling to.

  • Check each website’s URL to make sure it’s legitimate and secure. A site you’re buying from should have https in the web address. If it doesn’t, don’t enter your information on that site.
  • If you’re purchasing from a company for the first time, do your research and check reviews.
  • Verify the legitimacy of a buyer or seller before moving forward with a purchase. If you’re using an online marketplace or auction website, check their feedback rating. Be wary of buyers and sellers with mostly unfavorable feedback ratings or no ratings at all.
  • Avoid sellers who act as authorized dealers or factory representatives of popular items in countries where there would be no such deals.
  • Be wary of sellers who post an auction or advertisement as if they reside in the U.S., then respond to questions by stating they are out of the country on business, family emergency, or similar reasons.
  • Avoid buyers who request their purchase be shipped using a certain method to avoid customs or taxes inside another country.

Be careful how you pay.

  • Never wire money directly to a seller.
  • Avoid paying for items with pre-paid gift cards. In these scams, a seller will ask you to send them a gift card number and PIN. Instead of using that gift card for your payment, the scammer will steal the funds, and you’ll never receive your item.
  • Use a credit card when shopping online and check your statement regularly. If you see a suspicious transaction, contact your credit card company to dispute the charge.

Monitor the shipping process.

  • Always get tracking numbers for items you buy online, so you can make sure they have been shipped and can follow the delivery process.
  • Be suspect of any credit card purchases where the address of the cardholder does not match the shipping address when you are selling. Always receive the cardholder’s authorization before shipping any products.

Source: https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/holiday-scams

Other Ways To Avoid

Online shopping? Pay by credit card. Credit cards give you extra protection for most online purchases.

Buy gift cards for gifts, not for payments. Anyone who contacts you and demands that you pay them with a gift card, for any reason, is always a scammer.

Research charities before you donate. With the generous spirit of the holidays, and with year-end fundraising, it’s the season for donations. Make sure your donation goes where you want it to, not into the hands of a scammer. If someone calls, asking you to give to a charity, don’t let them rush you into making a donation. Instead, research the charity to make sure your donation counts.

Source: https://www.consumer.ftc.gov/blog/2019/12/top-tips-avoiding-scams-holidays

Romance Fraud

Romance scams, occur when a criminal adopts a fake online identity to gain a victim’s affection and trust. The scammer then uses the illusion of a romantic or close relationship to manipulate and/or steal from the victim.

The criminals who carry out romance scams are experts at what they do and will seem genuine, caring, and believable. Con artists are present on most dating and social media sites.

The scammer’s intention is to establish a relationship as quickly as possible, endear himself to the victim, and gain trust. Scammers may propose marriage and make plans to meet in person, but that will never happen. Eventually, they will ask for money.

Scam artists often say they are in the building and construction industry and are engaged in projects outside the U.S. That makes it easier to avoid meeting in person—and more plausible when they ask for money for a medical emergency or unexpected legal fee.

If someone you meet online needs your bank account information to deposit money, they are most likely using your account to carry out other theft and fraud schemes.

Source: FBI.gov

The ‘Zelle Fraud’ Scam: An example of a Smishing or SMS Scam

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle, a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it.

A recent story warned that scammers are blasting out text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text. Anyone who responds “yes,” “no” or at all will very soon after receive a phone call from a scammer pretending to be from the financial institution’s fraud department. The caller’s number will be spoofed so that it appears to be coming from the victim’s bank.

To “verify the identity” of the customer, the fraudster asks for their online banking username, and then tells the customer to read back a passcode sent via text or email. In reality, the fraudster initiates a transaction — such as the “forgot password” feature on the financial institution’s site — which is what generates the authentication passcode delivered to the member.

Ken Otsuka is a senior risk consultant at CUNA Mutual Group, an insurance company that provides financial services to credit unions. Otsuka said a phone fraudster typically will say something like, “Before I get into the details, I need to verify that I’m speaking to the right person. What’s your username?”

“In the background, they’re using the username with the forgot password feature, and that’s going to generate one of these two-factor authentication passcodes,” Otsuka said. “Then the fraudster will say, ‘I’m going to send you the password and you’re going to read it back to me over the phone.’”

The fraudster then uses the code to complete the password reset process, and then changes the victim’s online banking password. The fraudster then uses Zelle to transfer the victim’s funds to others.

An important aspect of this scam is that the fraudsters never even need to know or phish the victim’s password. By sharing their username and reading back the one-time code sent to them via email, the victim is allowing the fraudster to reset their online banking password.

Otsuka said in far too many account takeover cases, the victim has never even heard of Zelle, nor did they realize they could move money that way.

“The thing is, many credit unions offer it by default as part of online banking,” Otsuka said. “Members don’t have to request to use Zelle. It’s just there, and with a lot of members targeted in these scams, although they’d legitimately enrolled in online banking, they’d never used Zelle before.”

Otsuka said credit unions offering other peer-to-peer banking products have also been targeted, but that fraudsters prefer to target Zelle due to the speed of the payments.

“The fraud losses can escalate quickly due to the sheer number of members that can be targeted on a single day over the course of consecutive days,” Otsuka said.

To combat this scam Zelle introduced out-of-band authentication with transaction details. This involves sending the member a text containing the details of a Zelle transfer – payee and dollar amount – that is initiated by the member. The member must authorize the transfer by replying to the text.

Unfortunately, Otsuka said, the scammers are defeating this layered security control as well.

“The fraudsters follow the same tactics except they may keep the members on the phone after getting their username and 2-step authentication passcode to login to the accounts,” he said. “The fraudster tells the member they will receive a text containing details of a Zelle transfer and the member must authorize the transaction under the guise that it is for reversing the fraudulent debit card transaction(s).”

In this scenario, the fraudster actually enters a Zelle transfer that triggers the following text to the member, which the member is asked to authorize: For example:

“Send $200 Zelle payment to Boris Badenov? Reply YES to send, NO to cancel. ABC Credit Union . STOP to end all messages.”

“My team has consulted with several credit unions that rolled Zelle out or are planning to introduce Zelle,” Otsuka said. “We found that several credit unions were hit with the scam the same month they rolled it out.”

The upshot of all this is that many financial institutions will claim they’re not required to reimburse the customer for financial losses related to these voice phishing schemes. Bob Sullivan, a veteran journalist who writes about fraud and consumer issues, says in many cases banks are giving customers incorrect and self-serving opinions after the thefts.

“Consumers — many who never ever realized they had a Zelle account – then call their banks, expecting they’ll be covered by credit-card-like protections, only to face disappointment and in some cases, financial ruin,” Sullivan wrote in a Substack post. “Consumers who suffer unauthorized transactions are entitled to Regulation E protection, and banks are required to refund the stolen money. This isn’t a controversial opinion, and it was recently affirmed by the CFPB here. If you are reading this story and fighting with your bank, start by providing that link to the financial institution.”

“If a criminal initiates a Zelle transfer — even if the criminal manipulates a victim into sharing login credentials — that fraud is covered by Regulation E, and banks should restore the stolen funds,” Sullivan said. “If a consumer initiates the transfer under false pretenses, the case for redress is more weak.”

Sullivan notes that the Consumer Financial Protection Bureau (CFPB) recently announced it was conducting a probe into companies operating payments systems in the United States, with a special focus on platforms that offer fast, person-to-person payments.

“Consumers expect certain assurances when dealing with companies that move their money,” the CFPB said in its Oct. 21 notice. “They expect to be protected from fraud and payments made in error, for their data and privacy to be protected and not shared without their consent, to have responsive customer service, and to be treated equally under relevant law. The orders seek to understand the robustness with which payment platforms prioritize consumer protection under law.”

Anyone interested in letting the CFPB know about a fraud scam that abused a P2P payment platform like Zelle, Cashapp, or Venmo, for example, should send an email describing the incident to BigTechPaymentsInquiry@cfpb.gov. Be sure to include Docket No. CFPB-2021-0017 in the subject line of the message.

In the meantime, remember the mantra: Hang up, Look Up, and Call Back. If you receive a call from someone warning about fraud, hang up. If you believe the call might be legitimate, look up the number of the organization supposedly calling you, and call them back.

Source: https://krebsonsecurity.com/2021/11/the-zelle-fraud-scam-how-it-works-how-to-fight-back/

Protect Yourself from Tax Scams this Season: An Altura Member Guide

Tax season brings many things: filing forms, calculating deductions, and unfortunately, an opportunity for scammers. Don’t let them steal your hard-earned money or valuable information! As an Altura Member, we’ve got your back with this guide to staying safe during tax season.

Common Tax Scams:

  • Impersonation Scams: Scammers often pretend to be the IRS, state tax agencies, or even debt collectors. They may call, email, text, or send letters demanding immediate payment or threatening legal action.
  • Phishing Scams: Emails or texts containing malicious links or attachments that try to steal your personal information. They may appear to be from legitimate sources like tax authorities or financial institutions.
  • Refund Scams: Offers of inflated refunds or promises to “maximize” your return through illegal means. Be wary of anyone guaranteeing large refunds without understanding your unique tax situation.
  • Ghost Preparers: Unqualified individuals who prepare tax returns but avoid signing them, leaving you liable for any errors or fraud. Choose reputable and credentialed tax professionals.

Altura Member Tips:

  • Never share personal information over the phone, email, or text with anyone claiming to be from the IRS or another official entity. The IRS will never demand immediate payment or threaten arrest over the phone.
  • Verify all communication: If you receive a suspicious email or call, don’t respond directly. Contact the organization through their official website or phone number to confirm its legitimacy.
  • Beware of urgency tactics: Scammers often pressure you to act fast. Take your time to verify information and never feel rushed into making decisions about your finances.
  • Use secure channels: File your taxes electronically through a reputable software program or tax professional. Avoid sending sensitive information via email or unsecured websites.
  • Choose your preparer wisely: Select a credentialed and licensed tax professional with a good reputation. Ask for references and ensure they sign your return.
  • Stay informed: Regularly check the IRS website and Altura Member resources for updates on the latest scams and security tips.

Additional Resources:

IRS Scam Alerts: https://www.irs.gov/newsroom/tax-scamsconsumer-alerts

Federal Trade Commission: https://www.identitytheft.gov/

National Association of Enrolled Agents: https://www.naea.org/

American Institute of Certified Public Accountants: https://www.aicpa-cima.com/

Remember: If you suspect a scam, report it immediately to the IRS, Federal Trade Commission, or Altura Credit Union. By staying informed and vigilant, you can protect yourself and your finances during tax season and beyond.

Altura is committed to protecting your information and well-being. We hope this guide empowers you to stay safe and informed this tax season.

What is Spoofing?

Spoofing is when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity. Scammers often use neighbor spoofing so it appears that an incoming call is coming from a local number, or spoof a number from a company or a government agency that you may already know and trust. If you answer, they use scam scripts to try to steal your money or valuable personal information, which can be used in fraudulent activity. This video explains more.

How to Avoid Spoofing

You may not be able to tell right away if an incoming call is spoofed. Be extremely careful about responding to any request for personal identifying information.

  • Don’t answer calls from unknown numbers and even be skeptical if the number shows up as Altura Credit Union.  The bad actor could be spoofing Altura’s number to trick you. If you answer such a call, hang up immediately.
  • Always be suspicious of anyone calling you and asking for personal information about any accounts you have.  Even if they say they are from your financial institution.
  • If you answer the phone and the caller – or a recording – asks you to hit a button to stop getting the calls, you should just hang up. Scammers often use this trick to identify potential targets.
  • Do not respond to any questions, especially those that can be answered with “Yes” or “No.”
  • Never give out personal information such as account numbers, Social Security numbers, mother’s maiden names, passwords or other identifying information in response to unexpected calls or if you are at all suspicious.
  • If you get an inquiry from someone who says they represent a company or a government agency, hang up and call the phone number on your account statement, in the phone book, or on the company’s or government agency’s website to verify the authenticity of the request. You will usually get a written statement in the mail before you get a phone call from a legitimate source, particularly if the caller is asking for a payment.
  • Use caution if you are being pressured for information immediately.
  • If you have a voice mail account with your phone service, be sure to set a password for it. Some voicemail services are preset to allow access if you call in from your own phone number. A hacker could spoof your home phone number and gain access to your voice mail if you do not set a password.
  • Talk to your phone company about call blocking tools and check into apps that you can download to your mobile device. The FCC allows phone companies to block robocalls by default based on reasonable analytics. More information about robocall blocking is available at fcc.gov/robocalls.

Remember to check your voicemail periodically to make sure you aren’t missing important calls and to clear out any spam calls that might fill your voicemail box to capacity.

Fake text messages are also known as smishing attempts. Smishing is the fraudulent practice of sending text messages, purporting to be from reputable companies. These messages are intended to trick you into providing personal information, such as passwords, Social Security number or credit card numbers. The fraudsters then use this information to gain access to your bank account or email.

These text messages can be very convincing, as the criminals are trying to entice you to click on the link. Below are some examples of smishing attempts. Notice how convincing these messages appear to be legitimate:

 

 

What to do if you receive a Smishing text:

  • Block the phone number. If you are unsure how, reach out to your wireless carrier for help.
  • If you are unsure about whether or not the text is a scam, it’s best to contact the sender directly using a company phone number that you know to be legitimate.

What NOT to do:

  • Do not click on the link within the text message.
  • Do not reply to the text message. Replies can be used by the criminals to validate your phone number.
  • Do not be tricked by a local phone number. Fraudsters have technology that makes the text look like it is coming from a local number.

The Federal Trade Commission provides more resources to learn about Smishing attempts here: https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

There has been a recent increase in scam phone calls targeting our Members, including ones that originate from our inbound 888-883-7228 number, which we do not use to call OUT from. These calls are designed to trick you into giving out your personal information, such as your Social Security number, credit/debit card number, or account information.

It is important to remember that we will never call you and ask for your personal information. If you receive a call from someone claiming to be from Altura, hang up and call us back at the number on the back of your credit/debit card or at 888-883-7228.

We recommend that you follow these tips to protect yourself from scam phone calls:

  • Don’t give out your personal information to anyone who calls you unsolicited
  • Be suspicious of any call that asks for your personal information immediately
  • Hang up if you feel uncomfortable or pressured
  • Report any suspicious calls to the Federal Trade Commission at ftc.gov/complaint

Scam calls are designed to trick you into giving out sensitive information. Scammers may use a variety of tactics to try to get your information, such as:

  • Pretending to be from a government agency, such as the IRS or Social Security Administration
  • Pretending to be from Altura
  • Using threats or intimidation to pressure you into giving out your information
  • Telling you to pay in a specific way

Pay It Safe with Zelle®

Zelle® is a great way to send money to friends, family and others you trust, right from the Altura Credit Union app. With Zelle®, money moves directly from your bank account to another person’s bank account, typically arriving in minutes*.

We know getting money to friends and family quickly and safely is important, so we’ve provided some friendly reminders on how to “pay it safe” when you’re sending money with Zelle®. Additionally, you can watch the Zelle® Sending Money Safely video by clicking here.

1. Use Zelle® to pay friends, family and others you trust.

Fast and convenient, Zelle® is a great way to pay people you trust. Money is sent directly from your bank account to another person’s bank account, and can’t be canceled if the other person is already enrolled with Zelle®. Because of this, you should only send money to people you personally know and trust.

2. Know when Zelle® is a good payment option, and when another payment method is better.

Zelle® can be used to pay many important people in your life, for so many different reasons! Use Zelle® to pay your roommate back for takeout or split the cost of necessities with a neighbor. However, if you aren’t sure you will get what you paid for (for example, items bought from an online bidding or sales site), or you don’t know and trust the person you’re paying, we recommend you choose a different payment option. Neither Zelle® nor Altura Credit Union offers a protection program for authorized payments made with Zelle®.

3. Double check your recipient’s info.

One of the key benefits of using Zelle® is the ability to send money directly to another person’s bank account in minutes*. That said, it’s important you enter your recipient’s U.S. mobile number or email address correctly. Always double check your recipient’s contact info before you hit “send”!

4. Don’t share sensitive data with others.

As an added layer of protection, Zelle® will send you a Multi-Factor Authentication code to your mobile device to verify it’s you, but Zelle® and Altura Credit Union will never ask you to verbally share your code or online banking credentials. Your credentials should never be shared with others.

 

More Safety Tips

A new smishing attack has recently surfaced that targets iPhone users and their Apple ID. This attack sends a text message to you stating that your Apple ID is locked and that you need to click on the link and type in your Apple ID and password. Apple is not sending these. A malicious attacker is and wants to get your information.

Below is an example of how the text message looks:

Please be on the look out for texts similar to the one above.

Signs That It’s A Scam

  1. Scammers PRETEND to be from an organization you know.

Scammers often pretend to be contacting you on behalf of the government. They might use a real name, like the Social Security Administration, the IRS, or Medicare, or make up a name that sounds official. Some pretend to be from a business you know, like a utility company, a tech company, or even a charity asking for donations.

They use technology to change the phone number that appears on your caller ID. So the name and number you see might not be real.

  1. Scammers say there’s a PROBLEM or a PRIZE.

They might say you’re in trouble with the government. Or you owe money. Or someone in your family had an emergency. Or that there’s a virus on your computer.

Some scammers say there’s a problem with one of your accounts and that you need to verify some information.

Others will lie and say you won money in a lottery or sweepstakes but have to pay a fee to get it.

  1. Scammers PRESSURE you to act immediately.

Scammers want you to act before you have time to think. If you’re on the phone, they might tell you not to hang up so you can’t check out their story.

They might threaten to arrest you, sue you, take away your driver’s or business license, or deport you. They might say your computer is about to be corrupted.

  1. Scammers tell you to PAY in a specific way.

They often insist that you pay by sending money through a money transfer company or by putting money on a gift card and then giving them the number on the back.

Some will send you a check (that will later turn out to be fake), tell you to deposit it, and then send them money.

Source: https://www.consumer.ftc.gov/articles/how-avoid-scam

Amazon Scams

There is no shortage of online shopping during normal times, and the pandemic has accelerated our usage of online shopping, resulting in even more scams taking place on the largest retail store, Amazon. These scams and frauds are threats to both the consumer and business owner.

Consumer Threats

  • Phishing scams: This is one someone contacts you and pretends to be a representative of Amazon, offering a discount or asking for more information. Their goal is to gather more information to take your money or your identity. These can be in the form of a text or email and include links with viruses that can retrieve passwords.
  • Email Scams: Remember, Amazon will never ask for your personal details and will not list a customer’s email address or shipping address. Don’t be fooled by an authentic-looking address. Also, Amazon doesn’t ever ask you to login via an email. Even if the email looks legitimate, only logging in directly on Amazon will guarantee your account remains safe.

Seller Threats:

  • Failed Delivery Scam: When a customer says they didn’t receive a package when in fact they did. This can hurt the seller by depleting profits. A simple fix can be using a track-and-trace postage.
  • The Replace and Refund Scam: When a customer asks for a refund and then returns the item, except the item is not the one ordered but a previously purchased or stolen one of the same kind, that has been broken or is old. This scam can be countered by performing a quality test, then attaching a tamper-proof sticker.

(Source: blog.edesk.com)

Elder Fraud

Elder individuals tend to be more trusting and have more savings and assets. It is because of this that there are forms of fraud that specifically target the elderly, categorized as Elder Fraud.

Types of Elder Fraud:

  • Romance scam: Criminals pose as interested romantic partners on social media or dating websites to capitalize on their elderly victims’ desire to find companions.
  • Tech support scam: Criminals pose as technology support representatives and offer to fix non-existent computer issues. The scammers gain remote access to victims’ devices and sensitive information.
  • Grandparent scam: Criminals pose as a relative—usually a child or grandchild—claiming to be in immediate financial need.
  • Government impersonation scam: Criminals pose as government employees and threaten to arrest or prosecute victims unless they agree to provide funds or other payments.
  • Sweepstakes/charity/lottery scam: Criminals claim to work for legitimate charitable organizations to gain victims’ trust. Or they claim their targets have won a foreign lottery or sweepstake, which they can collect for a “fee.”
  • Home repair scam: Criminals appear in person and charge homeowners in advance for home improvement services that they never provide.
  • TV/radio scam: Criminals target potential victims using illegitimate advertisements about legitimate services, such as reverse mortgages or credit repair.
  • Family/caregiver scam: Relatives or acquaintances of the elderly victims take advantage of them or otherwise get their money.

Source: FBI.gov

Holiday Scams To Look Out For

When shopping online during the holiday season—or any time of year—always be wary of deals that seem too good to be true.

The two most prevalent of the holiday scams are non-delivery and non-payment crimes. In a non-delivery scam, a buyer pays for goods or services they find online, but those items are never received. Conversely, a non-payment scam involves goods or services being shipped, but the seller is never paid.

Similar scams to beware of this time of year are auction fraud, where a product is misrepresented on an auction site, and gift card fraud, when a seller asks you to pay with a pre-paid card.

Source: https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/holiday-scams

How To Avoid Holiday Scams

Practice good cybersecurity hygiene. 

  • Don’t click any suspicious links or attachments in emails, on websites, or on social media. Phishing scams and similar crimes get you to click on links and give up personal information like your name, password, and bank account number. In some cases, you may unknowingly download malware to your device.
  • Be especially wary if a company asks you to update your password or account information. Look up the company’s phone number on your own and call the company.

Know who you’re buying from or selling to.

  • Check each website’s URL to make sure it’s legitimate and secure. A site you’re buying from should have https in the web address. If it doesn’t, don’t enter your information on that site.
  • If you’re purchasing from a company for the first time, do your research and check reviews.
  • Verify the legitimacy of a buyer or seller before moving forward with a purchase. If you’re using an online marketplace or auction website, check their feedback rating. Be wary of buyers and sellers with mostly unfavorable feedback ratings or no ratings at all.
  • Avoid sellers who act as authorized dealers or factory representatives of popular items in countries where there would be no such deals.
  • Be wary of sellers who post an auction or advertisement as if they reside in the U.S., then respond to questions by stating they are out of the country on business, family emergency, or similar reasons.
  • Avoid buyers who request their purchase be shipped using a certain method to avoid customs or taxes inside another country.

Be careful how you pay.

  • Never wire money directly to a seller.
  • Avoid paying for items with pre-paid gift cards. In these scams, a seller will ask you to send them a gift card number and PIN. Instead of using that gift card for your payment, the scammer will steal the funds, and you’ll never receive your item.
  • Use a credit card when shopping online and check your statement regularly. If you see a suspicious transaction, contact your credit card company to dispute the charge.

Monitor the shipping process.

  • Always get tracking numbers for items you buy online, so you can make sure they have been shipped and can follow the delivery process.
  • Be suspect of any credit card purchases where the address of the cardholder does not match the shipping address when you are selling. Always receive the cardholder’s authorization before shipping any products.

Source: https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/holiday-scams

Other Ways To Avoid

Online shopping? Pay by credit card. Credit cards give you extra protection for most online purchases.

Buy gift cards for gifts, not for payments. Anyone who contacts you and demands that you pay them with a gift card, for any reason, is always a scammer.

Research charities before you donate. With the generous spirit of the holidays, and with year-end fundraising, it’s the season for donations. Make sure your donation goes where you want it to, not into the hands of a scammer. If someone calls, asking you to give to a charity, don’t let them rush you into making a donation. Instead, research the charity to make sure your donation counts.

Source: https://www.consumer.ftc.gov/blog/2019/12/top-tips-avoiding-scams-holidays

Romance Fraud

Romance scams, occur when a criminal adopts a fake online identity to gain a victim’s affection and trust. The scammer then uses the illusion of a romantic or close relationship to manipulate and/or steal from the victim.

The criminals who carry out romance scams are experts at what they do and will seem genuine, caring, and believable. Con artists are present on most dating and social media sites.

The scammer’s intention is to establish a relationship as quickly as possible, endear himself to the victim, and gain trust. Scammers may propose marriage and make plans to meet in person, but that will never happen. Eventually, they will ask for money.

Scam artists often say they are in the building and construction industry and are engaged in projects outside the U.S. That makes it easier to avoid meeting in person—and more plausible when they ask for money for a medical emergency or unexpected legal fee.

If someone you meet online needs your bank account information to deposit money, they are most likely using your account to carry out other theft and fraud schemes.

Source: FBI.gov

The ‘Zelle Fraud’ Scam: An example of a Smishing or SMS Scam

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle, a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it.

A recent story warned that scammers are blasting out text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text. Anyone who responds “yes,” “no” or at all will very soon after receive a phone call from a scammer pretending to be from the financial institution’s fraud department. The caller’s number will be spoofed so that it appears to be coming from the victim’s bank.

To “verify the identity” of the customer, the fraudster asks for their online banking username, and then tells the customer to read back a passcode sent via text or email. In reality, the fraudster initiates a transaction — such as the “forgot password” feature on the financial institution’s site — which is what generates the authentication passcode delivered to the member.

Ken Otsuka is a senior risk consultant at CUNA Mutual Group, an insurance company that provides financial services to credit unions. Otsuka said a phone fraudster typically will say something like, “Before I get into the details, I need to verify that I’m speaking to the right person. What’s your username?”

“In the background, they’re using the username with the forgot password feature, and that’s going to generate one of these two-factor authentication passcodes,” Otsuka said. “Then the fraudster will say, ‘I’m going to send you the password and you’re going to read it back to me over the phone.’”

The fraudster then uses the code to complete the password reset process, and then changes the victim’s online banking password. The fraudster then uses Zelle to transfer the victim’s funds to others.

An important aspect of this scam is that the fraudsters never even need to know or phish the victim’s password. By sharing their username and reading back the one-time code sent to them via email, the victim is allowing the fraudster to reset their online banking password.

Otsuka said in far too many account takeover cases, the victim has never even heard of Zelle, nor did they realize they could move money that way.

“The thing is, many credit unions offer it by default as part of online banking,” Otsuka said. “Members don’t have to request to use Zelle. It’s just there, and with a lot of members targeted in these scams, although they’d legitimately enrolled in online banking, they’d never used Zelle before.”

Otsuka said credit unions offering other peer-to-peer banking products have also been targeted, but that fraudsters prefer to target Zelle due to the speed of the payments.

“The fraud losses can escalate quickly due to the sheer number of members that can be targeted on a single day over the course of consecutive days,” Otsuka said.

To combat this scam Zelle introduced out-of-band authentication with transaction details. This involves sending the member a text containing the details of a Zelle transfer – payee and dollar amount – that is initiated by the member. The member must authorize the transfer by replying to the text.

Unfortunately, Otsuka said, the scammers are defeating this layered security control as well.

“The fraudsters follow the same tactics except they may keep the members on the phone after getting their username and 2-step authentication passcode to login to the accounts,” he said. “The fraudster tells the member they will receive a text containing details of a Zelle transfer and the member must authorize the transaction under the guise that it is for reversing the fraudulent debit card transaction(s).”

In this scenario, the fraudster actually enters a Zelle transfer that triggers the following text to the member, which the member is asked to authorize: For example:

“Send $200 Zelle payment to Boris Badenov? Reply YES to send, NO to cancel. ABC Credit Union . STOP to end all messages.”

“My team has consulted with several credit unions that rolled Zelle out or are planning to introduce Zelle,” Otsuka said. “We found that several credit unions were hit with the scam the same month they rolled it out.”

The upshot of all this is that many financial institutions will claim they’re not required to reimburse the customer for financial losses related to these voice phishing schemes. Bob Sullivan, a veteran journalist who writes about fraud and consumer issues, says in many cases banks are giving customers incorrect and self-serving opinions after the thefts.

“Consumers — many who never ever realized they had a Zelle account – then call their banks, expecting they’ll be covered by credit-card-like protections, only to face disappointment and in some cases, financial ruin,” Sullivan wrote in a Substack post. “Consumers who suffer unauthorized transactions are entitled to Regulation E protection, and banks are required to refund the stolen money. This isn’t a controversial opinion, and it was recently affirmed by the CFPB here. If you are reading this story and fighting with your bank, start by providing that link to the financial institution.”

“If a criminal initiates a Zelle transfer — even if the criminal manipulates a victim into sharing login credentials — that fraud is covered by Regulation E, and banks should restore the stolen funds,” Sullivan said. “If a consumer initiates the transfer under false pretenses, the case for redress is more weak.”

Sullivan notes that the Consumer Financial Protection Bureau (CFPB) recently announced it was conducting a probe into companies operating payments systems in the United States, with a special focus on platforms that offer fast, person-to-person payments.

“Consumers expect certain assurances when dealing with companies that move their money,” the CFPB said in its Oct. 21 notice. “They expect to be protected from fraud and payments made in error, for their data and privacy to be protected and not shared without their consent, to have responsive customer service, and to be treated equally under relevant law. The orders seek to understand the robustness with which payment platforms prioritize consumer protection under law.”

Anyone interested in letting the CFPB know about a fraud scam that abused a P2P payment platform like Zelle, Cashapp, or Venmo, for example, should send an email describing the incident to BigTechPaymentsInquiry@cfpb.gov. Be sure to include Docket No. CFPB-2021-0017 in the subject line of the message.

In the meantime, remember the mantra: Hang up, Look Up, and Call Back. If you receive a call from someone warning about fraud, hang up. If you believe the call might be legitimate, look up the number of the organization supposedly calling you, and call them back.

Source: https://krebsonsecurity.com/2021/11/the-zelle-fraud-scam-how-it-works-how-to-fight-back/

1 OF 1

Placeholder Text

Placeholder Text

Need More Assistance? We are Here to Chat.

Learn More About Membership