Fraud Alert

DuTrac Community Credit Union makes every effort to ensure that your financial information is safe and secure.  DuTrac’s online systems are monitored and constantly updated with multiple security layers and procedures.  However, the security of your personal information does not rely on technology alone.  Ultimately, when dealing with fraudulent activity, each of us has a responsibility to protect ourselves. 

DuTrac Community Credit Union will never contact members via phone, e-mail, text message or cell phone to request personal information such as account numbers, passwords, debit or credit card numbers, expiration dates or (PIN) personal identification numbers.

To report a lost or stolen card credit or debit card, please contact DuTrac Community at (563) 582-1331, 1-800-475-1331 or after hours at 1-800-234-5354.

To report suspicious activity or if you have been a victim of fraud, please contact DuTrac Community Credit Union at (563) 582-1331, or 1-800-475-1331 or your local police.

Here are some of the most common scams and tips for guarding against fraud:

• FDIC Fraudulent E-mail Notice
• NACHA Phishing Scam
• Jury Duty Scam
• Skimming
• Pretexting
• Phishing
• Smishing
• Vishing
• Pharming
• Common International-Fraud Scenarios
• How To Avoid Foreign Fraud

FDIC Fraudulent E-mail Notice

Iowa Corporate Central Credit Union was notified on July 6 of a fraudulent e-mail circulating from the Federal Deposit Insurance Corporation (FDIC).

The subject line of the e-mails state: "you need to check your Bank Deposit Insurance Coverage."  The e-mail tells recipients that, "You have received this message because you are a holder of a FDIC-insured bank account.  Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets."  The e-mail then directs recipients to click on a link stating "You need to visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage."

This e-mail and associated website are fraudulent.  Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information or to load malicious software onto end users' computers and should not click on the link provided.

The FDIC does not issue unsolicited e-mails to consumers.  Financial institutions and consumers should NOT follow the link in the fraudulent e-mail. 

E-mail Scam Impersonates NACHA to Steal Account Information

DuTrac has received notification of a phishing scam via NACHA (the Electronic Payments Association, a non-profit association that oversees the Automated Clearing House (ACH) Network.  Random individuals and/or companies are receiving suspicious e-mail titled "Rejected ACH Transaction."  The e-mail tells the individual there is a problem with an ACH transaction, and includes a link to see the transaction report.

If the individual clicks on the link it directs them to a website that looks similar to the NACHA website.  Both the link in the e-mail and the related website are fraudulent.  The links on the website will automatically execute a virus that contains malware.

Any individual can report this phishing scam to any of the following agencies:

• Anti-phishing Working Group
• U.S. Department of Homeland Security
• U.S. Secret Service Electronic Crimes Division

Jury Duty Scam

• How it works:  The phone rings, you pick it up, and the caller identifies him/herself as an officer of the court.  They say you failed to report to jury duty and that a warrant is out for your arrest.  You say you never received a notice.  To clear it up, the caller says they'll need some information for "verification purposes" - your birth date, social security number, maybe even a credit card number.
• How to avoid it:   This is when you should hang up the phone.  Facing the unexpected threat of arrest, victims are caught off guard and may be quick to part with some information to defuse the situation.  With enough information, scammers can assume your identity and empty your bank accounts.

If you receive a suspicious call regarding jury duty, please call your local district court office or your local police department.  Protecting yourself is the key:  Never give out personal information when you receive an unsolicited phone call.

 Skimming

• How it works: Skimmers swipe your credit or debit card through a handheld device, or they install an overlay device—usually a slightly different color than the existing ATM machine or gas pump. The device gleans your private information—name, account number, expiration date, security features—off the magnetic stripe on the back of the card. The thief copies information from your card to a fraudulent one and sells it to a counterfeiter.
• How to avoid it: Try not to let your card out of your sight when shopping or when in a restaurant, and watch for devices on ATMs and gas pumps.

Pretexting

• How it works: A criminal gets your personal information under false pretenses, such as by calling and posing as a survey firm.  The information is then sold to people who may use it to get credit in your name, steal your assets, or investigate or sue you.
• How to avoid it: Never give out your financial information via phone or
  e-mail unless you initiated the contact.

Phishing

• How it works: Scammers send e-mails—often including the name and logo of a legitimate business or financial institution—luring victims to a "spoofed" or fake Web site where they're asked to enter personal information.
• How to avoid it: Beware of e-mails that: use a generic greeting (Dear Visa customer, or Dear friend) rather than your name, refer to an urgent problem, say that your account will be shut down unless you reconfirm billing or other personal information, or urge you to click on a link within an unsolicited message. Remember: A legitimate business or financial institution will never ask you to enter sensitive financial information via
  e-mail.

Smishing

• How it works: Smishing is phishing via SMS (short message service) and it's targeted at cell phone users who use text messaging.  You receive a text message along these lines: "We're confirming you've signed up for our dating service. You will be charged $2 a day unless you cancel your order." The message includes a Web link that routes you to the main phishing page, where you're prompted to download a program—a Trojan horse that turns your computer into a zombie controlled by hackers and used within a larger network to steal personal account information and perform other malicious activities.
• How to avoid it: Be cautious about deregistering from a service when you're sure you didn't make a formal arrangement with the sender. Be as vigilant about security for your cell phone as you are for your computer. If you have children who have cell phones, warn them about Smishing.

Vishing

This new attack consists of automated telephone calls made to members’ cellular telephones claiming to originate from VISA® security.  The automated call demands members enter information, such as their primary account number, card expiration date, or card verification value (CVV2), immediately through their cellular telephone to prevent account deactivation. 

While some members have been able to capture the caller ID of the incoming fraudulent call, most of the telephone numbers appear to be spoofed, meaning the number is one of an uninvolved third party.  This spoofing technique allows the fraudsters to mask the true source of the call.  Since account information is demanded as part of the initial call, there is no callback telephone number given that law enforcement can attempt to have disconnected, making the attack nearly impossible to defeat. 

If you fall victim to a phishing, vishing, or Smishing attack and have provided confidential account information to a fraudster, please contact one of DuTrac’s highly qualified Financial Services Consultant by e-mail at members@dutrac.org, by phone at (563) 582-1331, or 1-800-475-1331, or stop into any of our ten convenient office locations. 12/4/2009

• How it works: You receive a phone call from an automated random dialer informing you that your credit card has been used illegally and asking you to call a fake 800 number, where you'll be asked to confirm your account details. Or you may receive an e-mail asking you to call a toll-free number.
• How to avoid it: If you get a call asking you to give personal information, hang up and call the financial institution that issued your card, using the number on the back of the card. Your provider will know if the call is legitimate. Delete any e-mail requests making similar requests, and never provide personal information in response to an e-mail.

Pharming

• How it works: When you type in an Internet address and hit enter, you're redirected to a fake Web site where you're asked to submit personal information.  A hacker may have hijacked the legitimate site and is redirecting all traffic.  Malware such as viruses and Trojans may be directing you to the site.  A minor misspelling of the domain name (dutrac.org vs. durac.org) may trigger the redirection.  It may be DNS (domain name server) poisoning, which is most dangerous of all—a poisoned server is redirecting traffic to a Web site other than the one you requested.
• How to avoid it: Keep your firewall and virus-protection software up-to-date. Also, look for "https:" in the URL before entering sensitive information and for the closed padlock icon in your browser frame, separate from the vendor Web site window; these indicate secure sites.

Common international-fraud scenarios include:

• Inheritance scams promising a substantial legacy from a long-lost relative in exchange for payment of fees up front.
• Employment scams offering a work permit for a highly paid job abroad in exchange for substantial advance fees. In some cases, applicants may be responding to ads posted online or targeted as a result of an online posted resume.
• Online auction scams involving overpayment for the purchase of an item offered online at an auction site such as eBay. After refunding the amount of the overpayment and perhaps even sending the item to the purchaser, the seller discovers that the international money order used for payment was fake.
• Lottery scams use e-mails or letters to notify recipients that they've won the Spanish (or another country's) lottery, but must pay fees before collecting. Once they pay the fees, they discover their contact was fraudulent.
• Letter scam is a message arriving claiming a reputable authority figure in another nation needs help transferring millions of dollars to U.S. accounts, and offers a percentage if the recipient helps. But first the recipient must send an advance fee to cover the transaction costs, and often gets requests for other fees. The sender typically finds reasons to charge other fees until the recipient wises up. Then the sender disappears—with the money.
• Online dating services often snare lovelorn Americans.  After the American's interest is piqued, the online correspondent claims to have a sudden need for cash, often due to a personal tragedy.

How to avoid foreign fraud:

• Never send money to someone you don't know.
• Don't believe you can get something for nothing.
• Never expect to win a lottery if you didn't buy a ticket.
• Remember: If it seems too good to be true, it probably is.

• Join Today! Enjoy the benefits!
• Life Stages Products to fit your life style.
• DuTrac Financial Group Retirement, Insurance, Investments.
• First Community Trust Trust, Estate, Retirement & Investment Services.
• Switch Kit Become a member today!
• Calculators Calculate the payments.
• Mortgage Apply for a mortgage.
• Fraud Alerts Protecting You!