Transcript ING” Fraud Collection

“ING” Fraud
Collection
GPCE Credit Union has arranged a collection of scams,
outlining the most prevalent financial scams. We want our
members to be aware, not to become victims.
The scams included in this presentation include:
Phishing, Spear Phishing, Vishing, Smishing, Fake
Check Scams, and Skimming.
(Sources: Federal Trade Commission, About.com, Wikipedia, and Scamwatch.)
PHISH“ING” 
What is phishing? It is
the most preventable
financial scam and still
the most dangerous.
Phishing is a scam
where internet
fraudsters send spam
or pop-up messages to
lure personal and
financial information
from unsuspecting
victims.
Avoid Getting Hooked:

Don't reply to email or pop-up messages
that ask for personal or financial
information, and don't click on links in the
message.

Don't cut and paste a link from the message
into your Web browser — phishers can
make links look like they go one place, but
that actually send you to a different site.

Some scammers send an email that
appears to be from a legitimate business
and ask you to call a phone number to
update your account or access a "refund."
Because they use Voice over Internet
Protocol technology, the area code you call
does not reflect where the scammers really
are.

If you need to reach an organization you do
business with, call the number on your
financial statements or on the back of your
credit card.

Use anti-virus and anti-spyware
software, as well as a firewall. Update
them all regularly.

Don't email personal or financial
information.

Review credit card and bank account
statements as soon as you receive
them to check for unauthorized
charges.

Be cautious about opening any attachment
or downloading any files from emails you
receive, regardless of who sent them.

Forward phishing emails to [email protected]
– and to the company, bank, or organization
impersonated in the phishing email.

You also may report phishing email to
[email protected]. The
Anti-Phishing Working Group, a consortium
of ISPs, security vendors, financial
institutions and law enforcement agencies,
uses these reports to fight phishing.

If you believe you've been scammed, file a
complaint with the Federal Trade
Commission at www.ftc.gov/complaint, and
then visit the FTC's identity theft website at
ftc.gov/idtheft.

Victims of phishing can become victims of
identity theft. While you can't entirely control
whether you will become a victim of identity
theft, you can take some steps to minimize
your risk.
(Source: FTC)
SPEAR PHISH“ING” 
What is spear phishing?
In this case, it is not a
sport-fishing method. It is
an insidious variation of
phishing that targets
specific people and
groups.

Spear phishing attacks
are customized and can
be sent to a single
person at a time. Waiting
to see who
bites…Waiting to make
you the next victim of
fraud!
How Does It Work?



A spear phishing email usually includes a link that leads to a
spoofed or fake web site that requests your personal information. It
all looks very legitimate, and sometimes even the experts are
fooled by spear phishing emails.
Other spear phishing emails may contain a downloadable file.
They’re just as convincing, often appearing to come from an
employer or someone else that’s equally legitimate. But the file
contains malware of some kind that, once downloaded to your
computer, collects your personal information and transmits it to the
criminal when you’re online.
Spear phishing is a difficult scam to catch because the criminals
that use this method of stealing identities put extra time and effort
into the process. It takes time to put together the web sites and
messages that are used as bait. However, the pay-off is usually
much greater than the rewards of a simple phishing attack.
(Source: From Jerri Ledford, former About.com Guide)
VISH“ING” 
What is Vishing? It
is another form of
phishing AKA voice
phishing, in which
criminals use
phone technology
to ensnare their
victims in an effort
to obtain personal
financial
information.
Never Heard of Vishing?
The term is a combination of "voice" and phishing.

Vishing exploits the public's trust in landline telephone
services. Landlines were once only associated with a
physical location known to the telephone company and
associated with a bill-payer. Times have changed, making it
easier to hide the originating landline number.

Vishing is the criminal practice of manipulating people into
performing actions or divulging confidential information such
as passwords, access codes, or access to their personal
computer by lying, conning, or tricking them. It’s the hightech version of the old "confidence game."

Vishing is typically used to steal credit card numbers or
other information used in identity theft schemes from
individuals.
Example of Vishing:
1.
2.
3.
4.
5.
The criminal uses either a war dialer which automatically scans a list of
telephone numbers to call phone numbers in a given region or accesses a
legitimate voice messaging company with a list of phone numbers stolen
from a financial institution.
When the victim answers the call, an automated recording, often generated
with a text to speech synthesizer, is played to alert the consumer that their
credit card has had fraudulent activity or that their bank account has had
unusual activity. The message instructs the consumer to call the following
phone number immediately. The same phone number is often shown in the
spoofed caller ID and given the same name as the financial company they
are pretending to represent.
When the victim calls the number, it is answered by automated instructions
to enter their credit card number or bank account number on the key pad.
Once the consumer enters their credit card number or credit union account
number, the visher has the information necessary to make fraudulent use of
the card and/or to access the credit union account.
The call is often used to harvest additional details such as security PIN,
expiration date, date of birth, etc.
REMINDER: GPCE Credit Union will never call to verify your personal
information. If in doubt, members should hang-up immediately and call the
credit union directly. Our toll free number is 1-800-472-4723.
How Can I Protect Myself?
Vishing is very hard for legal authorities to monitor or trace.

Consumers are advised to be highly suspicious when receiving
messages directing them to call and provide credit card or credit
union numbers (account, routing, passwords, etc.).

Rather than provide any information, if speaking to a human ask
them for an incident number and then hang up.

Then place a call to the number printed directly on your credit card
or billing statement from a telephone number the credit union has
on file, usually your home land line. While consumer caller id is
trivial, to fake the credit union or credit card’s call center gets much
more reliable billing information provided by trunked 1-800 service.
By calling the number directly, you have a higher level of
confidence the other party you’ve dialed is who they claim to be. .
(Source: Wikipedia)
SMISH“ING” 
What is smishing? It is
a crime that capitalizes
on the current
popularity of cell phone
text messaging.

Smishing is a security
attack in which the
user is tricked into
downloading a Trojan
horse, virus, or other
malware onto his
cellular phone or other
mobile device.
How Does Smishing
Work?

Smishing uses cell phone text messages to
deliver the "bait" to get you to divulge your
personal information. The "hook" (the
method used to actually "capture" your
information) in the text message may be a
web site URL, however it has become more
common to see a phone number that
connects to automated voice response
system.
Example of Smishing:




This is an example of a smishing message in current
circulation: "Notice - this is an automated message from (a
local credit union), your ATM card has been suspended. To
reactivate call urgent at 866-###-####."
In many cases, the smishing message will show that it
came from "5000" instead of displaying an actual phone
number. This usually indicates the SMS (short message service)
message was sent via email to the cell phone, and not sent
from another cell phone.
This information is then used to create duplicate
credit/debit/ATM cards.
There are documented cases where information entered on
a fraudulent web site (used in a phishing, smishing, or vishing attack)
was used to create a credit or debit card that was used
halfway around the world, within 30 minutes.
(Source: Wikipedia)
FAKE CHECK SCAMS 
What is a fake check scam? It is a continuous trap that
costs members and credit unions millions annually.
“Congratulations, it’s your luCky day!
just won $5,000!”
you’ve
FAKE Check Scams:

…So, you’ve won a large sum of money and they are sending a
cashier's check to cover the taxes and fees. All you have to do to
get your winnings is deposit the check and wire the money to the
sender to pay the taxes and fees. You're guaranteed that when
they get your payment, you'll get your prize.

There's just one catch: this is a scam. The check is not good, even
though it appears to be a legitimate cashier's check.

The lottery angle is a trick to get you to wire money to someone
you don't know. If you were to deposit the check and wire the
money, your bank would soon learn that the check was a fake. You
would be out the money: The money you wired cannot be
recovered, and you are responsible for the checks you deposit even though you don't know they're fake.
Twist on Fake Check
Scams:
Literally, a dime-a-dozen! Similar scams are conducted all
the time. Beware of these other so called wind-falls of
good fortune:
Buying Club Memberships, Charity and Fund Raising
Fraud, Credit and Loan Offers, Government Grant
Scams, Identity Theft and Telemarketing, Medical
Discount Plans, Reloading Scams, Robocalls,
Sweepstakes and Lotteries, Travel Scams, Work-atHome and Business Opportunities.
Contact the Federal Trade Commission for more details
regarding each type of scam mentioned.
(Source: FTC)
FTC ADVICE:
The FTC has these words of caution for consumers who are thinking about
responding to any foreign lottery:
1.
2.
3.
4.
5.
If you play a foreign lottery —on the telephone or through the mail — you're
violating federal law.
There are no secret systems for winning foreign lotteries. Your chances of
winning more than the cost of your tickets are slim to none.
If you purchase one foreign lottery ticket, expect many more bogus offers for
lottery or investment “opportunities.” Your name will be placed on “sucker
lists” that fraudulent telemarketers buy and sell.
Keep your credit card and bank account numbers to yourself. Scam artists
often ask for them during an unsolicited sales pitch.
The bottom line: Ignore all phone solicitations for foreign lottery promotions.
If you receive what looks like lottery material from a foreign country, give it to
your local postmaster.
SKIMM“ING” 
What is skimming? It is a scam in which criminals steal from ATM
users and those who use their debit cards.

‘Card skimming’ is the illegal copying of information from the
magnetic strip of a credit or ATM card. It is a more direct version of
a phishing scam.

The scammers try to steal your personal information so they can
access your accounts. Once scammers have skimmed your card,
they can create a fake or ‘cloned’ card with your details on it. The
scammer is then able to run up charges on your account.

Card skimming is also a way for scammers to steal your identity
and use it to commit identity fraud. By stealing your personal
information and account numbers the scammer may be able to
borrow money or take out loans in your name.
Warning Signs of
Skimming:

A shop assistant takes your card out of your sight in order to
process your transaction.

You are asked to swipe your card through more than one
machine.

You see a shop assistant swipe the card through a different
machine to the one you used.

You notice something suspicious about the card slot on an
ATM (e.g. an attached device).

You notice unusual or unauthorized transactions on your
account or credit card statement.
How Can I Protect Myself?

Keep your credit card and ATM cards safe. Do not share your personal
identity number (PIN) with anyone. Do not keep any written copy of your PIN
with the card.

Check your credit union account and credit card statements when you get
them. If you see a transaction you cannot explain, report it to your credit
union as soon as possible.

Choose passwords that would be difficult for anyone else to guess.

If you are using an ATM, take the time to check that there is nothing
suspicious about the machine.

If you are in a shop and the assistant wants to swipe your card out of your
sight, or in a second machine, you should ask for your card back straight
away and either pay with a cheque or cash, or not make the purchase.
(Source: Scamwatch)
Thank you,


For taking the time to understand the
different types of “ING” Fraud. We hope
this information has been helpful to you.
If you have any other questions or concerns
regarding these or any other types of fraud,
or if you suspect you have been defrauded
call GPCE Credit Union and the proper
authorities right away.