Email Money Transfer Spoofing (January 2012)

Please be advised that Email Money Transfer spoofing criminals have found another way to defraud members by sending them fake Email Money Transfers.  So far, two have been reported, and one of these came from a credit union that had only been offering Email Money Transfer Service for a month.

How is this happening?  It is believed the criminals are sending out these emails, example below, as phishing to see who will click on the spoofed link. Once the link is clicked, spyware or malware is loaded onto your computer.

The fraudulent Email Money Transfers can be identified by the recipient because the Sender (*) is not known to the recipient, there is no "To:" and the “Deposit Required” link when cursured over does not match the printed link in the email.

(*) Note: Because of social engineering and social networking in the future it is conceivable the person’s name in the email could be someone known to the recipient as these attempts get more sophisticated.

What can you do? DO NOT click on any links in the email. If you are not expecting the funds, you can contact the sender to verify its authenticity. Delete the email from your inbox and from your deleted items. And, as always, DO NOT disclose any personal information, personal access codes etc.

EXAMPLE

From: notify@payments.interac.ca [mailto:notify@payments.interac.ca]
Sent: January 12, 2012 8:19 AM
Subject: INTERAC e-Transfer from PETER DELIMA

Peter Delima has sent you an INTERAC e-Transfer (previously INTERAC Email Money Transfer).
Amount: $460.00 (CAD)

Sender's Message: money for alex Expiry Date: 14 Jan 2012

Action Required: To deposit your money, click here: https://etransfer.interac.ca/CA8pSB7h

Trouble with the link? Type it into your web browser address bar. Need help? http://www.interac.ca/consumers/faqs.php#emt

-------------------------------------------------------------------------------
What is an INTERAC e-Transfer? (previously INTERAC Email Money Transfer). If you use online or mobile banking at a participating financial institution, you can send and receive money quickly and easily. Email or text messages carry the notice while the financial institutions securely transfer the money using existing payment networks. If your financial institution does not yet offer INTERAC e-Transfer, you can still deposit transfers to any bank account in Canada. Click http://www.interac.ca/consumers/faqs.php#emt for details.

-------------------------------------------------------------------------------

Pour voir les détails du virement en français, cliquez sur le lien ci-dessous : https://etransfer.interac.ca/fr/CA8pSB7h

Grandparent Scam (January 2011)

Though the “Emergency Scam” (or sometimes referred to as the “Grandparent Scam”) has been around for years, the Canadian Anti-Fraud Centre warns the public to be on alert after noting a marked increase in the number of complaints in the last two months. Read more at the Government of Canada Anti-Fraud website.

Credit Card Scam (January 2011)

An article appearing in The Record on January 5, 2011, reported on a Canada-wide credit card scam where people are being asked to provide their 3-digit security number which appears on the back of a MasterCard or Visa.

The scam involves the caller contacting a person, claiming to be investigating suspicious purchases. The caller has the person’s address, phone number and credit card number making the claim seem authentic.

The caller then inquires about a ‘fake’ purchase and when the cardholder denies making the charge, the caller states that they will reimburse the funds but that they need the 3-digit number at the back of the card in order to process the refund.

The scam began in Alberta. The RCMP are continuing to investigate. Education Credit Union continues to encourage members from disclosing personal or financial information over the phone, through email or on the Internet. We will never initiate a call or email asking for card information, personal identification numbers, or any such detail.

Protecting Your Personal Information (July 2010)

Education Credit Union is encouraging members not to disclose personal or financial information over the phone, through email or on the Internet.

Be Wary of Phishing Emails

Members have reported the receipt of emails bearing the same characteristics as the following:

From: "service@cucardsonline.com"
Date: Wed, 14 Jul 2010 01:50:53 +1000
Subject: [Ref#58813934] System  Maintenance Alert
  
System  Maintenance

Tuesday,  July  13 from 10 p.m. to 4 a.m.

In order  for us to work faster and provide you high quality services, all accounts  must be renewed by Thursday, July 15 2010, 6 p.m., otherwise access to your  account will be restricted.

Please click  the link below in order to renew your online banking account.

www.cucardsonline.com

The Education Credit Union, including all of our affiliates and service providers, will never send you an email with a link asking for personal information.

If you receive such an email or any email similar to the one above, delete it. Do not click on the links and do not enter any personal information.

Email Scam

Recently several CHOICE REWARDS cardholders were contacted in an e-mail scam. In the e-mail, cardholders were informed of a non-existent program called Cash Points and were told to update their credit card account information to win 1,000 points. These e-mails are fraudulent - please delete this e-mail and do not click on the link in the message. The e-mail directs people to a fraudulent version of the cucardsonline.com site, where they're asked to enter information such as their social insurance number, mother's maiden name, credit card number and CVC number (the security code found on the back of a credit card). Please do not disclose any of your personal information over the phone or Internet. You can help protect yourself with these simple tips:

• Unlike phishing e-mails, we will never ask you to verify personal information in response to an e-mail
• Most fake communications convey a sense of urgency by threatening discontinued service
• Many fraudulent e-mails contain misspellings, incorrect grammar, and poor punctuation
• Links within the fake e-mail may appear valid, but deliver you to a fraudulent site
• Phishing e-mails often use generic salutations like 'Dear Customer', or 'Dear Account Holder' instead of your name
• The address from which the e-mail was sent is often not one from the company it claims to be

Keeping cardholders’ financial information safe is something we take very seriously. For more information on how we protect your information, please visit www.cuets.ca/privacy/index.html.

How to Avoid Phishing Scams (October 2009)

Phishing is a type of deception designed to steal your personal data such as credit card numbers, passwords or account data.

Con artists might send millions of fraudulent email messages that appear to come from websites you trust, like your bank or credit card company, and request that you provide personal information.

As scam artists become more sophisticated, so do their phishing email messages and pop-up windows. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate websites.

To make these phishing email messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate website. But it actually takes you to a phoney scam site or possibly a pop-up window that looks exactly like the official site.

These copycat sites are also called "spoofed" websites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the con artists.

How to tell if an email message is fraudulent

Here are a few phrases to look for if you think an email message is a phishing scam.

Verify your account
Businesses should not ask you to send passwords, login names, social insurance number or other personal information through email.

Your online account is suspended!
These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing email might even claim that your response is required because your account might have been compromised.

Dear valued customer
Phishing email messages are usually sent out in bulk and often do not contain your first or last name.

Click the link below to gain access to your account
Specially formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a website.

The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phoney website.

Con artists also use Uniform Resource Locators (URLs) that resemble the name of a well-known company but are slightly altered by adding, omitting or transposing letters. For example, the URL "www.ecusolutions.com" or "www.wcecu.com" could appear instead as:

www.solutions.com
www.verify-wcecu.com

Debit Card Skimming (August 2009)

Spread the word. Reducing losses from debit card skimming is everyone's responsibility. You have a role in fighting this crime, too.

1. Protect your PIN
   Shield the pad with your hand while entering your PIN and do not share it with anyone.
2. Protect your card
   Do not let your card out of your sight; accompany the cashier or server when they process your transaction.
3. Review your account transactions regularly
   Immediately report anything unusual to the credit union.
4. Report lost cards immediately
   Report lost or stolen cards, or cards that have been retained by any ATM, to the credit union right away. The number to call is:
   Within Canada 1-800-567-8111
   Outside Canada: 1-306-566-1276 (Call Collect)
5. Reduce your transactions limits
   Reduce ATM and POS limits to an amount you reguarly need. If you ever need to temporarily increase them, call the credit union.

To get more information regarding these issues, please visit our branch to receive informational pamphlets including Fraud, Protecting Your Identity, and Internet Transactions.

The Canada Revenue Agency (CRA) is warning taxpayers to beware of a recent scam where some Canadians are receiving a letter fraudulently identified as coming from the CRA and asking for personal information. The letter is not from the CRA. A PDF version of the letter is available on the CRA Web site at www.cra.gc.ca/alert.

The letter claims that there is “insufficient information” for the individual’s tax return and that in order to receive any “claims,” they will have to update their records. The letter attaches a form specifically requesting the individual’s personal information in writing, via fax or email, including information on bank accounts and passports. This letter is not from the CRA and Canadians should not provide their personal information to the sender.

All taxpayers should be vigilant when divulging any confidential information to third parties. The CRA has well established practices to protect the confidentiality of taxpayers’ information.

The CRA has notified the proper law enforcement authorities of this scam.

For information about this and other similar scams, or to report deceptive telemarketing activity, visit www.phonebusters.com, send an email to info@phonebusters.com, or call 1-888-495-8501.

E-mail virus threat (August 14, 2008)

Several credit unions advised Risk Management that their members have received unusual emails which purport to be sent on behalf of Carrington Mortgage Services.  These emails tell the recipient that:

“A payment to Carrington Mortgage Services LLC in the amount of $8,845.63 has been made from your checking account. For further information about this transaction, please download attached invoice file (Password for ZIP archive; “invoice”).

Research on the internet reveals that the apparent purpose of these emails is to have the recipients open the attached zip file which contains some form of Malware or virus that will infect the recipient’s computer.  Malware can do everything from hijack your computer using it to send spam to everyone in your own email program to more sinister applications like harvesting your passwords to your bank accounts and other private information. We refer credit unions to the two links below to websites with more information about these threats and the earlier version which was purportedly issued by United Parcel Service.  We expect similar emails from different companies will be received by credit union members in future.

Canadian Central warns about fraud attempts (July 25, 2008)

Credit Union Central of Canada warns that an organization calling itself Central Credit Union Capital Financial, or variations of that name, said to be operating out of 800 Decarie Boulevard, Montreal, has no connection with Canadian Central.
 
Emails from the bogus group appear to be an organized international scam set up to defraud innocent victims of cash and confidential personal information.  If you receive an email from this organization or are contacted by someone from this organization advising you that there are funds deposited for you and that you must establish your identity to have the funds released, do not to respond. 
You should not send any personal information, such passport information or driver's licence and you should report such contacts to your local police. If you have already provided personal information please report this to the Royal Canadian Mounted Police and the Ontario Provincial Police via their website at www.recol.ca/ or call 1-888-495-8501.

Fraud Warning (June 9, 2008)

Please note that an e-mail is circulating informing members that they have received funds and are required to complete and fax a document with personal information.

Here are the instructions required to activate an account:
Please use the bank telephone number as indicated below to access your Education Credit Union account as follows:

1. Dial the bank telephone 1 (416) 856-2146 press 1 for English then press 1
2. Enter your CCU account number = 4079423653305
3. Enter your 4 digit temporary account password = 3305 listen carefully and Press 3 to hear transaction on your account balance
4. Press 5 to change your temporary password
   

The e-mails are coming from admin@ccreditunions.com with reference to Jeff Mendel. Please advise your members that this e-mail is fraudulent, and advise them to take the necessary precautions.

Identity Theft

What it is and what you can do about it

Every year, thousands of people are victims of identity theft. While recent developments in telecommunications and computer processing make it easier for companies and consumers to reach each other, they can also scatter your personal information more widely, making life easier for criminals.

Identity theft is the unauthorized collection and use of your personal information, usually for criminal purposes. Your name, date of birth, address, credit card, Social Insurance Number (SIN) and other personal identification numbers can be used to open credit card and bank accounts, redirect mail, establish cellular phone service, rent vehicles, equipment, or accommodation, and even secure employment.

If this happens, you could be left with the bills, charges, bad cheques, and taxes.

How to fight identity theft

• Minimize the risk.
• Be careful about sharing personal information or letting it circulate freely.
• When you are asked to provide personal information, ask how it will be used, why it is needed, who will be sharing it and how it will be safeguarded.
• Give out no more than the minimum, and carry the least possible with you.
• Be particularly careful about your SIN; it is an important key to your identity, especially in credit reports and computer databases.
• Don't give your credit card number on the telephone, by electronic mail, or to a voice mailbox, unless you know the person with whom you're communicating or you initiated the communication yourself, and you know that the communication channel is secure.
• Take advantage of technologies that enhance your security and privacy when you use the Internet, such as digital signatures, data encryption, and "anonymizing" services.
• Pay attention to your billing cycle. If credit card or utility bills fail to arrive, contact the companies to ensure that they have not been illicitly redirected.
• Notify creditors immediately if your identification or credit cards are lost or stolen.
• Access your credit report from a credit reporting agency once a year to ensure it's accurate and doesn't include debts or activities you haven't authorized or incurred.
• Ask that your accounts require passwords before any inquiries or changes can be made, whenever possible.
• Choose difficult passwords – not your mother's maiden name. Memorise them, change them often. Don't write them down and leave them in your wallet, or some equally obvious place.
• Key in personal identification numbers privately when you use direct purchase terminals, bank machines, or telephones.
• Find out if your cardholder agreement offers protection from credit card fraud; you may be able to avoid taking on the identity thief's debts.
• Be careful what you throw out. Burn or shred personal financial information such as statements, credit card offers, receipts, insurance forms, etc. Insist that businesses you deal with do the same.

Are you a victim of identity theft?

• Report the crime to the police immediately. Ask for a copy of the police report so that you can provide proof of the theft to the organizations that you will have to contact later.
• Take steps to undo the damage. Avoid "credit repair" companies: there is usually nothing they can do, and some have been known to propose a solution—establishing credit under a new identity—that is itself fraudulent.
• Document the steps you take and the expenses you incur to clear your name and re-establish your credit.
• Cancel your credit cards and get new ones issued. Ask the creditors about accounts tampered with or opened fraudulently in your name.
• Have your credit report annotated to reflect the identity theft. Do a follow-up check three months after to ensure that someone has not tried to use your identity again.
• Close your credit union or bank accounts and open new ones. Insist on password-only access to them.
• Get new bank machine and telephone calling cards, with new passwords or personal identification numbers.
• In the case of passport theft, advise the Passport Office.
• Contact Canada Post if you suspect that someone is diverting your mail.
• Advise your telephone, cable, and utilities that someone using your name could try to open new accounts fraudulently.
• Get a new driver's licence.

If you suspect that someone has been using your SIN to get a job, or that your SIN has been compromised in some other way, contact Human Resources Development Canada at:

Social Insurance Registration
P.O. Box 7000
Bathurst, NB E2A 4T1
Email: sinnas@hrdcdrhc.gc.ca

To find out more about your privacy rights, call the Office of the Privacy Commissioner of Canada tollfree at 1-800-282-1376, or write:

The Office of the Privacy Commissioner
112 Kent Street
Ottawa, ON K1A 1H3
Email: info@privcom.gc.ca

Related Links:

• Member Awareness Booklet
• Identity Theft Shield through Pre-paid Legal Services
• Government of Canada website
• Member Scam Protection Brochure
• PhoneBusters website - Run by the Ontario Provincial Police
• Reporting Economic Crime Online (RECOL) - Internations, Federal and Provincial Law Enforcement Agency Partnership