Alerts

1/13/2010

Haitian Earthquake Relief Fraud Alert

The FBI today reminds Internet users who receive appeals to donate money in the aftermath of Tuesday’s earthquake in Haiti to apply a critical eye and do their due diligence before responding to those requests. Past tragedies and natural disasters have prompted individuals with criminal intent to solicit contributions purportedly for a charitable organization and/or a good cause.

Therefore, before making a donation of any kind, consumers should adhere to certain guidelines, to include the following:

Anyone who has received an e-mail referencing the above information or anyone who may have been a victim of this or a similar incident should notify the IC3 via www.ic3.gov.

1/11/2010

eAlerts and Text Alerts

Our eAlert system has been down since January 5th.  The system is now up and running and scheduled eAlerts have been sent. We apologize for the delay in your alerts and have taken precautionary steps to ensure this will not happen again.

11/02/2009

GRANDPARENT PHONE SCAM ON THE RISE
Attorney General John Kroger is warning Oregon families about scammers who pose as
grandchildren claiming to be in trouble and needing money immediately. The Oregon
Department of Justice’s Consumer Protection Hotline has received several recent calls about the “emergency scam,” also known as the “grandparent scam.” The scam targets grandparents with fake stories about family members stranded in Canada in urgent need of money.

The emergency scam usually goes something like this:
“Hi grandma, it’s me, your favorite grandkid! I am up in Canada right now with
my good friend John. Please don’t tell Mom and Dad, but I had an accident.
John and I are in a little trouble and need your help. We hit a car and needed to
hire an attorney. Can you please wire me $4,700 so I can pay my attorney and
come home? Please don’t tell Mom and Dad! I promise to pay you back when I
get home!”

There are several red flags that indicate a scammer is at work. Be wary of a caller who:
(1)Requests that money be wired in a very short time frame;
(2) Claims to be stuck in a foreign country;
(3) Insists on secrecy; and/or
(4) Gets some personal details wrong.

Scammers prey on the emotions of grandparents wanting to help their grandchildren. This is a
despicable scam, largely conducted by con artists in Canada. Before wiring money, grandparents should independently call and confirm the whereabouts of their family members. Behighly skeptical of any phone request for money wires. Ask personal questions to the callers to confirm their identity, about such things as schools attended, pet names, presents given or received, or names of other family members.

Oregonians who think they have been a victim of the “grandparent scam” should call the
Oregon Attorney General Consumer Hotline at 1-877-877-9392 (www.doj.state.or.us) and theFederal Trade Commission at 1-800-FTC-HELP (www.ftc.gov).

10/6/2009

Text Messaging Scam
Both members and non-members have called regarding a new wave of phishing. Criminals are now using text messaging to deliver messages asking members to reinstate their card with SOFCU Community Credit Union. To do this, members are asked to call a toll-free number and enter their account information. Please do not call or reply to these message. While we have many members' mobile phone numbers on file, we will only text you for alerts you have requested.

While the delivery method may be new, the subject and content is always the same. Phishing scams have been used for a few years now to try and grab a member's personal and account information. If you receive a phone call, email, text message, or even a letter in the mail that looks suspicious, please contact us by email at questions@sofcu.com, or call us at 541-479-2601. Suspicious messages, calls, etc. will many times state your account has been deactivated and ask you to contact the credit union via a toll-free telephone number or phony website. We will never contact you by any method and ask you to verify information, especially credit card numbers, account numbers, or PIN numbers.

Consumer Protection Hotline: 1-877-877-9392.  
Online: www.doj.state.or.us.  

 June 8, 2009

iPHONE SCAM

Attorney General John Kroger is warning consumers about a Web site that is being used to rip off consumers who try to buy an iPhone from it.  

The Web site is: CHUL8804.com.           

A Hillsboro man saw an ad for the Web site in Craig’s List in late May. It offered a new iPhone 3G 16GB for $465. The ad requested payment with a Green Dot MoneyPak card. The scammer took the money, but never sent the phone.  

The call back number he gave was for the City of Atlanta’s subway system.  

The Oregon Department of Justice is seeking to shut down the Web site. In the meantime, consumers should avoid it.

In addition, consumers should be extremely careful about paying for products in advance with Green Dot prepaid cards or wire transfer services, especially if they have not purchased from the vendor before.

 Oregon consumers who believe they been scammed or have questions about stimulus-related offers or scams should call the Attorney General’s consumer hotline at 1-877-877-9392. The Oregon Department of Justice is online at www.doj.state.or.us.  Written complaints can be sent to Financial Fraud/Consumer Protection Section, 1162 Court St. NE, Salem, OR 97301-4096.

3/31/09

The Conficker Worm

To access the press release from the FBIs website, click here: http://www.fbi.gov/pressrel/pressrel09/conficker033109.htm

3/13/09

There is a deceptive website posing as HUD. The website is:  http://bailout.hud-gov.us/  If anyone asks you about this website, advise them to stay away.

This website tries to dupe people into giving out personal information (known as “phishing”) - and because they’ve made their site appear to be an “official U.S. government website”, some people may fall prey to this scam.  Domain name registered in Germany, host in California.

An investigation has been requested.

2/23/09

Text Messaging Scam

Both members and non-members have called regarding a new wave of phishing.  Criminals are now using text messaging to deliver messages asking members to reinstate their card with SOFCU Community Credit Union.  To do this, members are asked to call a toll-free number and enter their account information.  Please do not call or reply to these message.  While we have many members’ mobile phone numbers on file, we are currently not text messaging anyone for any reason. 

While the delivery method may be new, the subject and content is always the same.  Phishing scams have been used for a few years now to try and grab a member’s personal and account information.  If you receive a phone call, email, text message, or even a letter in the mail that looks suspicious, please contact us by email at questions@sofcu.com, or call us at 541-479-2601. Suspicious messages, calls, etc. will many times state your account has been deactivated and ask you to contact the credit union via a toll-free telephone number or phony website.  We will never contact you by any method and ask you to verify information, especially credit card numbers, account numbers, or PIN numbers.

“Never give out personal information to callers”
Your Credit Union will not call you to ask for personal information. If you have a concern about a caller that says they are from the Credit Union or Visa, please hang up and call us. (541) 479-2601

01/24/09

12/16/08

FRAUD ALERT
There is an automated telephone scam that is calling out claiming that your card has been suspended. THIS IS A SCAM. Do not call the telephone number to re-activate your card or give out any of your information.


SOFCU Community Credit Union, or any other legitimate financial institution, will never call or email requesting your credit union user name, card numbers, password, PIN, or other personal identity information.

If you have received such a request and responded to it, please contact the credit union immediately so we may take appropriate steps to protect your accounts. Thank you.

12/08/2008
Circulation of Fraudulent E-mail Claiming to be From FBI Assistant Director,
Kevin Favreau Spam, purportedly from the FBI, continues to be an epidemic.
As with past spam attacks, the latest version uses an FBI official's name. The current spam e-mail claims to be an official order from the FBI's Anti-Terrorist and Monetary Crimes Division. Recipients are told they have been named the beneficiary of millions of dollars; however, the e-mail claims the FBI has stopped the transfer of these funds due to suspicion that they are related to terrorism.

Recipients are also given directions on how to obtain a "Diplomatic Immunity Seal of Transfer" which must be provided or they will face prosecution. Assistant Director Favreau is fraudulently listed as the "veteran special agent" who authorized the "official" order.

Do not respond, these e-mails are a hoax.

The FBI does not send unsolicited e-mails. Consumers should not respond to any unsolicited e-mails or click on any embedded links, as they may contain viruses or malware.

It is imperative consumers guard their personally identifiable information (PII). Providing your PII will compromise your identity!

If you have been a victim of Internet crime, please file a complaint at www.IC3.gov.

Message last updated on 12/02/2008

~TRAVELING THROUGH TEXAS OR FLORIDA~

READ THIS IMPORTANT MESSAGE

SOFCU has seen a large surge of credit and debit card fraud originating from both merchant and gas pump transactions in the states of Florida and Texas. We believe this fraud is originating from a yet unnamed and unannounced merchant breach, similar to the T J Maxx breach in 2007, due to the large number of financial institutions and individuals that have been affected nationwide.

To be proactive and protect all of our members - we have issued a membership wide block for the entire state of Florida and Texas. This block will prevent you from using your debit and credit cards for both purchases and charges of any kind in the State of Florida and Texas. If you plan on traveling to the states of Florida or Texas please contact SOFCU at msr@sofcu.com so we can remove the block from your individual account(s). SOFCU cares about its members, and apologizes for any inconvenience you experience because of this action. Be vigilant of your account, and check your statement history and home banking account history frequently. You will be notified by us if your account was compromised by this third party breach. For your protection, it is SOFCU's policy to close and block the account immediately, and reissue a new card number to you at our expense.

If you have any questions please do not hesitate to contact us at msr@sofcu.com or call us at 541-479-2601 or 1-877-266-2601

11/05/08
Online Banking and Direct Line

SOFCU will be running an update to the system this Friday night. We would like to let you know this may affect your ability to use the Home Banking & Direct Line Systems. The approximate time of the system update is 11 PM Friday November 7, 2008 through 2 AM Saturday November 8, 2008. We are sorry for any inconvenience this may cause you.

** SPECIAL NOTICE FOR MEMBERS THAT ARE PLANNING TO TRAVEL OUT OF THE COUNTRY **

If you plan to travel out of the country and will be accessing your SOFCU account electronically through ATM, Debit Card, or your Credit Card, please notify the Electronic Service Department at 877-266-2601

NEW TEXT MESSAGE SCAM

Please be advised, SOFCU Community Credit Union will not ask you to verify your financial information via text or email.

Since cell phones first reached mainstream use, the devices have been considered off limits to telemarketers, mostly because of the limited talk time and messaging on available service plans.

These kinds of schemes are always a problem, there are dishonest people trying to take advantage of others.

No Members have complained of being duped by the messages, but a few have called the credit union after the messages were received to check their legitimacy.

If a financial institution were to try to contact a customer about an account problem, it would probably do so by phone.

If you have any questions please contact your local branch.

4/18/2008
Verified@visa.com scam

If you revceive an email that appears to come from an email address verified@visa.com DO NOT REPLY. The email states, “Due to concerns, for the safety and integrity of your Visa Card account we have issued this warning message.

It has come to our attention that your account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website if you could please take 5 – 10 minutes out of your online experience and update your personal records so that you will not run into any future problems with the online service.
Once you have updated your account records, your online Account service will not be interrupted and will continue as normal.”

INTERNET CRIME REPORT The Top Scams of 2007
04/03/08 In 2007, the Internet Crime Complaint Center received 206,884 complaints, leading to a reported dollar loss of nearly $240 million, an all-time high. Pets, romance, and secret shoppers. They’re each among the top ruses used by Internet scam artists in 2007, according to a comprehensive report on online crime just issued by the Internet Crime Complaint Center, or IC3.

Here’s a rundown on how these scams generally work, along with other common frauds described in the report:

Pet Scams You see an online (or offline) ad selling a pet and send in your money, plus a little extra for delivery costs. But you never get the pet; the scam artist simply takes your money and runs. - You’re selling a pet. You’re sent a check that’s actually more than your asking price. When you ask about the overpayment, you’re told it’s meant for someone else who will be caring for the pet temporarily. You’re asked to deposit the check and wire the difference to this other person. But the check bounces and you lose the money you sent to what turns out to be a fraudster.

Secret Shoppers and Funds Transfer Scams You’ve been hired via the web to rate your experiences while shopping or dining. You’re paid by check and asked to wire a percentage of the money to a third party. Like the pet scam, the check is bad and you’re out the money you sent. As part of the scam, the fraudsters often use (illegally) real logos from legitimate companies. While renting out a property, you’re sent a check that is more than your rental fee and asked to wire the difference to someone else (are you seeing a trend here?). Or you take a job that requires you to receive money from a company and redistribute funds to affiliates via wire.

Adoption and Charity Frauds You get a spam e-mail that tugs on your heartstrings, asking for a pressing donation to a charity and often using the subject header, “Urgent Assistance is Needed.” The name of a real charity is generally used, but the money is really going to a con artist. One set of scams in 2007, for example, used the name of a legitimate British adoption agency to ask for money for orphaned or abandoned children.

Romance Fraud You encounter someone in an online dating or social networking site who lives far away or in another country. That person strikes up a relationship with you and then wants to meet, but needs money to cover travel expenses. Typically, that’s just the beginning—the person may end up in the hospital during the trip or get mugged and need more money, etc.

Fraud stats The report provides a complete breakdown of statistics on Internet crime in 2007. For the year, total complaints were down slightly with 206,884 submissions, but total losses were at their highest level ever, nearly $240 million. See the report for plenty more details about victims, perpetrators, and common categories of complaints. IC3, a joint venture of the FBI and the non-profit National White Collar Crime Center, serves as a central federal clearinghouse for all reports of Internet crime.

Resources:

2007 Internet Crime Report

National Press Release

Internet Crime Complaint Center website

Fraud Alert 2/12/08

IRS Warns of New E-Mail and Telephone Scams Using the IRS Name; Advance Payment Scams Starting

IR-2008-11, Jan. 30, 2008

WASHINGTON — The Internal Revenue Service today warned taxpayers to beware of several current e-mail and telephone scams that use the IRS name as a lure. The IRS expects such scams to continue through the end of tax return filing season and beyond.

The IRS cautioned taxpayers to be on the lookout for scams involving proposed advance payment checks. Although the government has not yet enacted an economic stimulus package in which the IRS would provide advance payments, known informally as rebates to many Americans, a scam which uses the proposed rebates as bait has already cropped up.

The goal of the scams is to trick people into revealing personal and financial information, such as Social Security, bank account or credit card numbers, which the scammers can use to commit identity theft.

Typically, identity thieves use a victim’s personal and financial data to empty the victim’s financial accounts, run up charges on the victim’s existing credit cards, apply for new loans, credit cards, services or benefits in the victim’s name, file fraudulent tax returns or even commit crimes. Most of these fraudulent activities can be committed electronically from a remote location, including overseas. Committing these activities in cyberspace allows scamsters to act quickly and cover their tracks before the victim becomes aware of the theft.

People whose identities have been stolen can spend months or years — and their hard-earned money — cleaning up the mess thieves have made of their reputations and credit records. In the meantime, victims may lose job opportunities, may be refused loans, education, housing or cars, or even get arrested for crimes they didn't commit.

The most recent scams brought to IRS attention are described below.

Rebate Phone Call
At least one scheme using the word “rebate” as part of the lure has been identified. In that scam, consumers receive a phone call from someone identifying himself as an IRS employee. The caller tells the targeted victim that he is eligible for a sizable rebate for filing his taxes early. The caller then states that he needs the target’s bank account information for the direct deposit of the rebate. If the target refuses, he is told that he cannot receive the rebate.

This phone call is a scam. No legislation has yet been enacted that would allow the IRS to provide advance payments to taxpayers or that determines the details of those payments. Moreover, the IRS does not force taxpayers to use direct deposit. Those who opt for direct deposit do so by completing the appropriate section of their tax return, with bank routing and account information, when they file; the IRS does not gather the information by telephone.

Refund e-Mail
The IRS has seen several variations of a refund-related bogus e-mail which falsely claims to come from the IRS, tells the recipient that he or she is eligible for a tax refund for a specific amount, and instructs the recipient to click on a link in the e-mail to access a refund claim form. The form asks the recipient to enter personal information that the scamsters can then use to access the e-mail recipient’s bank or credit card account.

In a new wrinkle, the current version of the refund scam includes two paragraphs that appear to be directed toward tax-exempt organizations that distribute funds to other organizations or individuals. The e-mail contains the name and supposed signature of the Director of the IRS’s Exempt Organizations business division.

This e-mail is a phony. The IRS does not send unsolicited e-mail about tax account matters to individual, business, tax-exempt or other taxpayers.

Filing a tax return is the only way to apply for a tax refund; there is no separate application form. Taxpayers who wish to find out if they are due a refund from their last annual tax return filing may use the “Where’s My Refund?” interactive application on this Web site, IRS.gov. The only official IRS Web site is located here at www.irs.gov.

Fraud Alert 1/16/08

The Justice Department continues to be aware of fraudulent spam e-mail messages claiming to be from the Department.

THESE EMAIL MESSAGES ARE A HOAX. DO NOT RESPOND.

The Department of Justice did not send these unsolicited email messages—and would not send such messages to the public via email. Similar hoaxes have been recently perpetrated in the names of various governmental entities, including the Federal Bureau of Investigation, the Federal Trade Commission, and the Internal Revenue Service. Email users should be especially wary of unsolicited warning messages that purport to come from U.S. governmental agencies directing them to click on file attachments or to provide sensitive personal information
Don’t open them, please delete them right away.

Fraud Alert Bulletin 12/20/2007
A band of credit card “skimmers” is presently attacking the Northwest. They have been in Oregon the last couple of weeks. This traveling criminal organization is running the “I-5” corridor in Oregon and Washington. They attach skimmers to ATM machines. They use the data to produce counterfeit ATM cards, removing funds from the victim’s account.

If you use an ATM, watch for Skimmer devices attached to your local ATM. If you find a Skimmer, remember a suspect is close, possibly hiding in the lot. Watch for vans or other vehicles.

Once the information is skimmed, the information needs to be correlated and placed on counterfeit ATM cards. Several days later, the Skimmers will start using the counterfeit cards at ATM's. They will normally move to another region to make the withdrawals, possibly in the same state. So... after normal banking hours, watch for anyone standing at an ATM for an abnormal amount of time, with a briefcase, backpack, or bag, pulling out and using multiple ATM cards. While emptying accounts, they will stay at one ATM for hours at a time. Tens of Thousands of dollars can be removed from one single ATM.

Fraud Alert Bulletin 12/18/2007
FRAUDULENT INHERITANCE SCHEME EMAIL CLAIMS TO BE FROM UNITED STATES DEPARTMENT OF STATE Criminals have added posing as the United States Department of State to their array of frauds. Fraudulent emails are being distributed claiming to have verified an inheritance from another country belonging to the victim. To make these emails appear legitimate, they contain information taken from the Department of State's website. The email contains a lengthy explanation of how the Department of State has verified that there is nothing fraudulent about the inheritance and names numerous international organization which are involved in monitoring the transaction to prevent fraud. After using false assurances to gain a victim's confidence that this fraud scheme is actually a legitimate inheritance, the criminals send a request for a payment which the criminals claim is required due to a discrepancy in the currency conversion or for taxes. This email purports to be from a foreign governmental agency. The criminals go so far as to follow up by advising the victim not to contact law enforcement or governmental authorities but to continue to communicate with the criminals' email accounts. THIS EMAIL IS A FRAUD. Be cautious when responding to requests or special offers delivered through unsolicited email: The Department of State does not make unsolicited contact with individuals regarding matters such as inheritances. The email addresses used in these frauds are spoofed versions of a Department of State email address. Cyber criminals will use the names of various government agencies or companies in their emails to attempt to secure new victims using the same scheme. Cyber criminals use the name of a government agency or law firm or use the identity of a government official, business person or reputable attorney to add an air of legitimacy to a scam. Cyber criminals claim that government agencies such as the FBI or the IRS will prosecute or investigate people who do not participate in their scheme as a form of intimidation. Please review the tips and public service announcements regarding other fraud schemes on www.ic3.gov, www.lookstoogoodtobetrue.com, and www.fbi.gov to help you avoid becoming a victim.

Fraud Alert Bulletin 10/18/2007
Known Information: Source: Statesman Journal, October 17, 2007 Tax kicker scam seeks access to bank data State officials say direct deposit is not an option for refunds It's the latest twist in a widespread identity-theft scam in Oregon known as phishing: Scammers claiming to work for the state's Department of Revenue have begun operating under the guise of helping taxpayers collect their kicker refund. "They offer to deposit the taxpayer's kicker refund in their bank account," said Jan Linn, the revenue department's customer service manager. "We're not able to provide direct deposit as an option for kicker refunds, so don't believe it," Linn said. The thieves reportedly call or
e-mail taxpayers and tell them all they have to do is give the caller their bank account number so their refund can be electronically deposited into the account. The revenue department said a handful of taxpayers have reported receiving such calls. At least one person has reported the scam to the Oregon Department of Justice. With the kicker refund season around the corner, state officials are warning Oregonians not to buy into the scam. Taxpayers are projected to get $1.1 billion in kicker checks no later than Dec. 15. The median refund is expected to be about $285. Internet and phone criminals have bilked millions of dollars from unsuspecting taxpayers across the nation in the past several years, said Bill Steiner, an Oregon spokesman with the Internal Revenue Service. "Anyone with a computer or phone is vulnerable to these scams," Steiner said. "People need to know that the IRS -- and I'm sure it's the same with the Oregon Department of Revenue -- will never ask you for your personal information because we already have it." SUBMITTED BY: SUBMITTED ON: Andee Rose 10/17/2007 1:25 PM Oregon Bankers Association
E-MAIL: PHONE: arose@banc-source.com 503-581-3522

Fraud Alert8/2007
CUAO has received multiple reports from the Eugene area of an active Phishing scam attempting to steal account information. The scam is similar to one occurring at First Tech CU earlier this week and widely covered in the media. The reports indicate that a call is received from an automated phone message identifying them as an actual credit union. The caller states they are from the “billing and payments department” of “XYZ” credit union, and instructs the person to enter their debit/VISA card number. If a number is not entered, the caller repeats the instructions several more times. If no information is provided, after several attempt to get the card number, the caller hangs up. If the number is provide the caller goes on to ask for additional information such as CVC and PIN. Credit unions receiving reports of these calls from the public or from members are advised to contact CUAO compliance department, local law enforcement, and their regulator. It is possible that the regulator can take appropriate steps to have the phone number, which is activating the scam calls, turned off so no further calls can be made. There is no evidence that actual credit union databases have been accessed to get the required member information. The calls seem to be random in nature and made to those who have accounts at the credit union named in the call and those who don’t. Credit unions are advised to make immediate contact with members to warn them against providing any personal or financial information over the phone or via email. Credit unions are also cautioned against any actual procedures that would generate valid credit union requests for information via phone or email. Below are some links you may share with your members on your website, newsletters, mailings, and statement stuffers.
http://www.phishinginfo.org/
http://www.fraud.org/tips/internet/phishing.htm


Fraud Alert 6/2007

FRAUDULENT EMAILS DO NOT RESPOND

If you have received the following email DO NOT respond.

SOFCU will NEVER email you asking you to update account information.

The following email is a scam if you have received an email such as this and responded to it CONTACT US IMMEDIATELY at 1-877-266-2601

Dear SOFCU Community Credit Union Member,

We recently have discovered that multiple computers have attempted to log into your SOFCU Community Credit Union Online Account, and multiple password failures were presented before the logons. We now require you to update your account information .
If this is not completed by June 14 , 2007, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes.

To continue please or on the link below to re-validate your account information :

Sincerely,

The SOFCU Community Credit Union Security Team

© 2007 SOFCU Community Credit Union

Updated 4/2007

  Internet Security Education

Please note: This card compromise happened at TJX Companies, Inc., not SOFCU Community Credit Union. SOFCU Community takes our obligation to protect the security and privacy of our members very seriously. If you have any questions or concerns, please don't hesitate to contact the Call Center at 1-877-266-2601.

Click here to learn more about how to protect yourself against fraud and identity theft.

*Visa's Zero Liability policy covers U.S.-issued cards only and does not apply to commercial credit cards, ATM transactions or PIN transactions not processed by Visa. Cardholders must notify card issuers promptly of any unauthorized use. Consult issuer for additional details or visit www.visa.com/security.

IMPORTANT PHISHING ALERT!!!
Verified and Shut Down.

A number of SOFCU Community Credit Union members have received e-mails which appear to be from SOFCU Community Credit Union and direct them to a link requesting personal and account information. Although they may appear legitimate, they are not from SOFCU Community Credit Union. We do not send e-mails requesting personal information for any purposes. If you have received this or any other e-mail appearing to be from SOFCU and have provided any information, please call the Electronic Service Department immediately at 541-479-2601 ext2176

What to do if you fall victim to phishing:
Contact your financial institution immediately and alert it to the situation.

If you have disclosed sensitive information in a phishing attack, you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name. Here is the contact information for each bureau's fraud division: