Alerts

** SPECIAL NOTICE FOR MEMBERS THAT ARE PLANNING TO TRAVEL OUT OF THE COUNTRY **

If you plan to travel out of the country and will be accessing your SOFCU account electronically through ATM, Debit Card, or your Credit Card, please notify the Electronic Service Department at 877-266-2601

NEW TEXT MESSAGE SCAM

Please be advised, SOFCU Community Credit Union will not ask you to verify your financial information via text or email.

Since cell phones first reached mainstream use, the devices have been considered off limits to telemarketers, mostly because of the limited talk time and messaging on available service plans.

These kinds of schemes are always a problem, there are dishonest people trying to take advantage of others.

No Members have complained of being duped by the messages, but a few have called the credit union after the messages were received to check their legitimacy.

If a financial institution were to try to contact a customer about an account problem, it would probably do so by phone.

If you have any questions please contact your local branch.

4/18/2008
Verified@visa.com scam

If you revceive an email that appears to come from an email address verified@visa.com DO NOT REPLY. The email states, “Due to concerns, for the safety and integrity of your Visa Card account we have issued this warning message.

It has come to our attention that your account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website if you could please take 5 – 10 minutes out of your online experience and update your personal records so that you will not run into any future problems with the online service.
Once you have updated your account records, your online Account service will not be interrupted and will continue as normal.”

INTERNET CRIME REPORT The Top Scams of 2007
04/03/08 In 2007, the Internet Crime Complaint Center received 206,884 complaints, leading to a reported dollar loss of nearly $240 million, an all-time high. Pets, romance, and secret shoppers. They’re each among the top ruses used by Internet scam artists in 2007, according to a comprehensive report on online crime just issued by the Internet Crime Complaint Center, or IC3.

Here’s a rundown on how these scams generally work, along with other common frauds described in the report:

Pet Scams You see an online (or offline) ad selling a pet and send in your money, plus a little extra for delivery costs. But you never get the pet; the scam artist simply takes your money and runs. - You’re selling a pet. You’re sent a check that’s actually more than your asking price. When you ask about the overpayment, you’re told it’s meant for someone else who will be caring for the pet temporarily. You’re asked to deposit the check and wire the difference to this other person. But the check bounces and you lose the money you sent to what turns out to be a fraudster.

Secret Shoppers and Funds Transfer Scams You’ve been hired via the web to rate your experiences while shopping or dining. You’re paid by check and asked to wire a percentage of the money to a third party. Like the pet scam, the check is bad and you’re out the money you sent. As part of the scam, the fraudsters often use (illegally) real logos from legitimate companies. While renting out a property, you’re sent a check that is more than your rental fee and asked to wire the difference to someone else (are you seeing a trend here?). Or you take a job that requires you to receive money from a company and redistribute funds to affiliates via wire.

Adoption and Charity Frauds You get a spam e-mail that tugs on your heartstrings, asking for a pressing donation to a charity and often using the subject header, “Urgent Assistance is Needed.” The name of a real charity is generally used, but the money is really going to a con artist. One set of scams in 2007, for example, used the name of a legitimate British adoption agency to ask for money for orphaned or abandoned children.

Romance Fraud You encounter someone in an online dating or social networking site who lives far away or in another country. That person strikes up a relationship with you and then wants to meet, but needs money to cover travel expenses. Typically, that’s just the beginning—the person may end up in the hospital during the trip or get mugged and need more money, etc.

Fraud stats The report provides a complete breakdown of statistics on Internet crime in 2007. For the year, total complaints were down slightly with 206,884 submissions, but total losses were at their highest level ever, nearly $240 million. See the report for plenty more details about victims, perpetrators, and common categories of complaints. IC3, a joint venture of the FBI and the non-profit National White Collar Crime Center, serves as a central federal clearinghouse for all reports of Internet crime.

Resources:

2007 Internet Crime Report

National Press Release

Internet Crime Complaint Center website

Fraud Alert 2/12/08

IRS Warns of New E-Mail and Telephone Scams Using the IRS Name; Advance Payment Scams Starting

IR-2008-11, Jan. 30, 2008

WASHINGTON — The Internal Revenue Service today warned taxpayers to beware of several current e-mail and telephone scams that use the IRS name as a lure. The IRS expects such scams to continue through the end of tax return filing season and beyond.

The IRS cautioned taxpayers to be on the lookout for scams involving proposed advance payment checks. Although the government has not yet enacted an economic stimulus package in which the IRS would provide advance payments, known informally as rebates to many Americans, a scam which uses the proposed rebates as bait has already cropped up.

The goal of the scams is to trick people into revealing personal and financial information, such as Social Security, bank account or credit card numbers, which the scammers can use to commit identity theft.

Typically, identity thieves use a victim’s personal and financial data to empty the victim’s financial accounts, run up charges on the victim’s existing credit cards, apply for new loans, credit cards, services or benefits in the victim’s name, file fraudulent tax returns or even commit crimes. Most of these fraudulent activities can be committed electronically from a remote location, including overseas. Committing these activities in cyberspace allows scamsters to act quickly and cover their tracks before the victim becomes aware of the theft.

People whose identities have been stolen can spend months or years — and their hard-earned money — cleaning up the mess thieves have made of their reputations and credit records. In the meantime, victims may lose job opportunities, may be refused loans, education, housing or cars, or even get arrested for crimes they didn't commit.

The most recent scams brought to IRS attention are described below.

Rebate Phone Call
At least one scheme using the word “rebate” as part of the lure has been identified. In that scam, consumers receive a phone call from someone identifying himself as an IRS employee. The caller tells the targeted victim that he is eligible for a sizable rebate for filing his taxes early. The caller then states that he needs the target’s bank account information for the direct deposit of the rebate. If the target refuses, he is told that he cannot receive the rebate.

This phone call is a scam. No legislation has yet been enacted that would allow the IRS to provide advance payments to taxpayers or that determines the details of those payments. Moreover, the IRS does not force taxpayers to use direct deposit. Those who opt for direct deposit do so by completing the appropriate section of their tax return, with bank routing and account information, when they file; the IRS does not gather the information by telephone.

Refund e-Mail
The IRS has seen several variations of a refund-related bogus e-mail which falsely claims to come from the IRS, tells the recipient that he or she is eligible for a tax refund for a specific amount, and instructs the recipient to click on a link in the e-mail to access a refund claim form. The form asks the recipient to enter personal information that the scamsters can then use to access the e-mail recipient’s bank or credit card account.

In a new wrinkle, the current version of the refund scam includes two paragraphs that appear to be directed toward tax-exempt organizations that distribute funds to other organizations or individuals. The e-mail contains the name and supposed signature of the Director of the IRS’s Exempt Organizations business division.

This e-mail is a phony. The IRS does not send unsolicited e-mail about tax account matters to individual, business, tax-exempt or other taxpayers.

Filing a tax return is the only way to apply for a tax refund; there is no separate application form. Taxpayers who wish to find out if they are due a refund from their last annual tax return filing may use the “Where’s My Refund?” interactive application on this Web site, IRS.gov. The only official IRS Web site is located here at www.irs.gov.

Fraud Alert 1/16/08

The Justice Department continues to be aware of fraudulent spam e-mail messages claiming to be from the Department.

THESE EMAIL MESSAGES ARE A HOAX. DO NOT RESPOND.

The Department of Justice did not send these unsolicited email messages—and would not send such messages to the public via email. Similar hoaxes have been recently perpetrated in the names of various governmental entities, including the Federal Bureau of Investigation, the Federal Trade Commission, and the Internal Revenue Service. Email users should be especially wary of unsolicited warning messages that purport to come from U.S. governmental agencies directing them to click on file attachments or to provide sensitive personal information
Don’t open them, please delete them right away.

Fraud Alert Bulletin 12/20/2007
A band of credit card “skimmers” is presently attacking the Northwest. They have been in Oregon the last couple of weeks. This traveling criminal organization is running the “I-5” corridor in Oregon and Washington. They attach skimmers to ATM machines. They use the data to produce counterfeit ATM cards, removing funds from the victim’s account.

If you use an ATM, watch for Skimmer devices attached to your local ATM. If you find a Skimmer, remember a suspect is close, possibly hiding in the lot. Watch for vans or other vehicles.

Once the information is skimmed, the information needs to be correlated and placed on counterfeit ATM cards. Several days later, the Skimmers will start using the counterfeit cards at ATM's. They will normally move to another region to make the withdrawals, possibly in the same state. So... after normal banking hours, watch for anyone standing at an ATM for an abnormal amount of time, with a briefcase, backpack, or bag, pulling out and using multiple ATM cards. While emptying accounts, they will stay at one ATM for hours at a time. Tens of Thousands of dollars can be removed from one single ATM.

Fraud Alert Bulletin 12/18/2007
FRAUDULENT INHERITANCE SCHEME EMAIL CLAIMS TO BE FROM UNITED STATES DEPARTMENT OF STATE Criminals have added posing as the United States Department of State to their array of frauds. Fraudulent emails are being distributed claiming to have verified an inheritance from another country belonging to the victim. To make these emails appear legitimate, they contain information taken from the Department of State's website. The email contains a lengthy explanation of how the Department of State has verified that there is nothing fraudulent about the inheritance and names numerous international organization which are involved in monitoring the transaction to prevent fraud. After using false assurances to gain a victim's confidence that this fraud scheme is actually a legitimate inheritance, the criminals send a request for a payment which the criminals claim is required due to a discrepancy in the currency conversion or for taxes. This email purports to be from a foreign governmental agency. The criminals go so far as to follow up by advising the victim not to contact law enforcement or governmental authorities but to continue to communicate with the criminals' email accounts. THIS EMAIL IS A FRAUD. Be cautious when responding to requests or special offers delivered through unsolicited email: The Department of State does not make unsolicited contact with individuals regarding matters such as inheritances. The email addresses used in these frauds are spoofed versions of a Department of State email address. Cyber criminals will use the names of various government agencies or companies in their emails to attempt to secure new victims using the same scheme. Cyber criminals use the name of a government agency or law firm or use the identity of a government official, business person or reputable attorney to add an air of legitimacy to a scam. Cyber criminals claim that government agencies such as the FBI or the IRS will prosecute or investigate people who do not participate in their scheme as a form of intimidation. Please review the tips and public service announcements regarding other fraud schemes on www.ic3.gov, www.lookstoogoodtobetrue.com, and www.fbi.gov to help you avoid becoming a victim.

Fraud Alert Bulletin 10/18/2007
Known Information: Source: Statesman Journal, October 17, 2007 Tax kicker scam seeks access to bank data State officials say direct deposit is not an option for refunds It's the latest twist in a widespread identity-theft scam in Oregon known as phishing: Scammers claiming to work for the state's Department of Revenue have begun operating under the guise of helping taxpayers collect their kicker refund. "They offer to deposit the taxpayer's kicker refund in their bank account," said Jan Linn, the revenue department's customer service manager. "We're not able to provide direct deposit as an option for kicker refunds, so don't believe it," Linn said. The thieves reportedly call or
e-mail taxpayers and tell them all they have to do is give the caller their bank account number so their refund can be electronically deposited into the account. The revenue department said a handful of taxpayers have reported receiving such calls. At least one person has reported the scam to the Oregon Department of Justice. With the kicker refund season around the corner, state officials are warning Oregonians not to buy into the scam. Taxpayers are projected to get $1.1 billion in kicker checks no later than Dec. 15. The median refund is expected to be about $285. Internet and phone criminals have bilked millions of dollars from unsuspecting taxpayers across the nation in the past several years, said Bill Steiner, an Oregon spokesman with the Internal Revenue Service. "Anyone with a computer or phone is vulnerable to these scams," Steiner said. "People need to know that the IRS -- and I'm sure it's the same with the Oregon Department of Revenue -- will never ask you for your personal information because we already have it." SUBMITTED BY: SUBMITTED ON: Andee Rose 10/17/2007 1:25 PM Oregon Bankers Association
E-MAIL: PHONE: arose@banc-source.com 503-581-3522

Fraud Alert8/2007
CUAO has received multiple reports from the Eugene area of an active Phishing scam attempting to steal account information. The scam is similar to one occurring at First Tech CU earlier this week and widely covered in the media. The reports indicate that a call is received from an automated phone message identifying them as an actual credit union. The caller states they are from the “billing and payments department” of “XYZ” credit union, and instructs the person to enter their debit/VISA card number. If a number is not entered, the caller repeats the instructions several more times. If no information is provided, after several attempt to get the card number, the caller hangs up. If the number is provide the caller goes on to ask for additional information such as CVC and PIN. Credit unions receiving reports of these calls from the public or from members are advised to contact CUAO compliance department, local law enforcement, and their regulator. It is possible that the regulator can take appropriate steps to have the phone number, which is activating the scam calls, turned off so no further calls can be made. There is no evidence that actual credit union databases have been accessed to get the required member information. The calls seem to be random in nature and made to those who have accounts at the credit union named in the call and those who don’t. Credit unions are advised to make immediate contact with members to warn them against providing any personal or financial information over the phone or via email. Credit unions are also cautioned against any actual procedures that would generate valid credit union requests for information via phone or email. Below are some links you may share with your members on your website, newsletters, mailings, and statement stuffers.
http://www.phishinginfo.org/
http://www.fraud.org/tips/internet/phishing.htm


Fraud Alert 6/2007

FRAUDULENT EMAILS DO NOT RESPOND

If you have received the following email DO NOT respond.

SOFCU will NEVER email you asking you to update account information.

The following email is a scam if you have received an email such as this and responded to it CONTACT US IMMEDIATELY at 1-877-266-2601

Dear SOFCU Community Credit Union Member,

We recently have discovered that multiple computers have attempted to log into your SOFCU Community Credit Union Online Account, and multiple password failures were presented before the logons. We now require you to update your account information .
If this is not completed by June 14 , 2007, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes.

To continue please or on the link below to re-validate your account information :

Sincerely,

The SOFCU Community Credit Union Security Team

© 2007 SOFCU Community Credit Union

Updated 4/2007

  Internet Security Education

Please note: This card compromise happened at TJX Companies, Inc., not SOFCU Community Credit Union. SOFCU Community takes our obligation to protect the security and privacy of our members very seriously. If you have any questions or concerns, please don't hesitate to contact the Call Center at 1-877-266-2601.

Click here to learn more about how to protect yourself against fraud and identity theft.

*Visa's Zero Liability policy covers U.S.-issued cards only and does not apply to commercial credit cards, ATM transactions or PIN transactions not processed by Visa. Cardholders must notify card issuers promptly of any unauthorized use. Consult issuer for additional details or visit www.visa.com/security.

IMPORTANT PHISHING ALERT!!!
Verified and Shut Down.

A number of SOFCU Community Credit Union members have received e-mails which appear to be from SOFCU Community Credit Union and direct them to a link requesting personal and account information. Although they may appear legitimate, they are not from SOFCU Community Credit Union. We do not send e-mails requesting personal information for any purposes. If you have received this or any other e-mail appearing to be from SOFCU and have provided any information, please call the Electronic Service Department immediately at 541-479-2601 ext2176

What to do if you fall victim to phishing:
Contact your financial institution immediately and alert it to the situation.

If you have disclosed sensitive information in a phishing attack, you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name. Here is the contact information for each bureau's fraud division: