“Re: Duplicate Payment” fraudulent email.
October 27, 2015
An email pertaining to be sent from Ulster Federal Credit Union is going around.
The email’s goal is to get the recipient to open an attachment referring to a duplicate payment.
The sender of the email is possibly firstname.lastname@example.org, which is a non-existent address.
The attachment is a compressed ZIP file, disguised as a text file to evade virus and malware scanners, and goes by the name ‘invoice.zip.txt’. The email content will read something like the following:
“Attached is the information for the duplicate payment of Invoice #36 for $53,612.07. We have applied it to your account as a prepayment. Let me know if you would like this to be applied to future invoices or refunded.”
The message is not signed by name, nor does it contain account numbers, the account holder’s name, or any real identifying information.
The Ulster Federal Credit union has not sent this email, and you should simply delete it without opening the attachment. If you did receive such an email and may have opened the attachment, please contact us at (845) 339-5544 and ask to verify your account.
About the ‘Dyre Wolf’ Malware
Apr 09, 2015
A recently discovered malware called ‘Dyre Wolf’ is behind fraud for millions of dollars. The malware, while specifically aimed at businesses, also affects individuals through a sophisticated social engineering technique:
First a user’s computer gets infected with a malicious program that will track the user’s online activity. Commonly, the infection happens trough attachments in emails pretending to be from trusted sources – such as people on your contact list. Once an infected user visits an Online Banking site, a fake page is displayed alerting the user that the page is temporarily down and to call a phone number listed for assistance.
Since the user is making the call, and the attackers can track the user’s whereabouts and timing, they are able to mount a very specific social engineering fraud attempt. Often they will succeed in getting the users’ online banking credentials and other information this way, simply by asking for them.
With the information in hand, the fraudsters then transfer large sums of money from the user’s account(s) through multiple wire transfers in order to hide their point of origin.
In some cases, attacks aimed at businesses have also included Denial of Service (DoS) attacks on the target company’s website, with the intention of distracting the business from discovering the fraudulent wire transfers.
Please stay aware of such fraud attempts! Do not open any unexpected email attachments even if it is from a trusted source. Keep a trusted antivirus program running on your computer, keep it up to date, and run frequent scans to find any malware infections. Ask your business IT department for advice if possible.
Also, be suspicious of uncommon website messages, especially if they ask you to contact a specific number that’s not our regular (800) 847-4283 or (845) 339-5544.
As always, we will never ask for any specific credentials, unless it’s to verify ID for a specific banking request you initiate. If you have any doubts or questions, play it safe, contact us directly and ask. It’s just common sense.
Fake VISA calls.
Jul 30, 2014
Members have reported getting automated calls from VISA, stating that their debit cards have been blocked.
These calls are frauds and should be ignored.
The calls continue on to suggest pressing 1 to “rectify the situation”. Nowhere in the call is Ulster FCU mentioned by name.
The fraudsters are apparently going through numbers in a local area, attempting to reach someone who will believe it’s message and proceed to give information to the fraudsters.
If you get such a call, simply hang up and ignore its message.
If you have incidentally given personal information, such as card numbers, account numbers, SSN, etc, please contact us immediately at (845) 339-5544 or (800) 847-4283 to have your account secured immediately.
Heartbleed Bug information.
Apr 11, 2014
Regarding the HeartBleed Bug:
The Ulster FCU is aware of, and has been investigating any of our internet connections that could be affected by the HeartBleed Bug that has been making headlines in the last few days.
The bug itself involves a programming error in the encryption software used for securing personal information, passwords, etc.
We are pleased to announce that our vendors have reported they are unaffected by the bug, meaning our crucial systems have no problem at this time and our member’s information remains safe and secure.
A generally recommended strategy in these cases is to change passwords for sensitive systems, however to do so only after the system has been proven clear of the bug. As our systems – including our Online Banking – are secure, we therefore suggest members log in to online banking and change their passwords. This can be done very simply after login, by going to the ‘User Profile’ menu and choosing ‘Change Password’.
Please contact us at email@example.com if you have any questions.
Dec 19, 2013
There is a developing story regarding a discovered data breach at retail giant Target. Information has been stolen on approximately 40 million credit and debit cards.
We are told the breach covered Target stores all over the country, and that affected cards were used in stores between November 27th and December 15th 2013. There are no indications at this time that the breach affected customers who shopped at Target’s online stores.
If you used your UlsterFCU credit/debit card at a Target store between the dates listed above, you should consider contacting us at (800) 847-4283 or (845) 339-5544 to have your card blocked and a new card issued.
National Credit Union Association calls.
Dec 13, 2013
Several institutions in our area are reporting that members have received automated phone calls stating that their debit cards have been deactivated. The calls proceed by asking for pin numbers and other information. The following is an example from a member’s cell phone (Caller ID said “901”):
”This is the National Credit Union Association. Your debit card has been disabled. Press 1 to talk to a representative”.
If you receive such a call, please be aware it is fraudulent, and do not give out any information. Instead, hang up, and call us directly to report the fraud attempt. If you have previously received such a call and are in doubts as to your account security, please also contact us at (845) 339-5544 or firstname.lastname@example.org.
Phishing scam – Fraudulent phone calls and text messages.
Oct 15, 2013
Please be aware that there is a scam circulating via phone calls from numbers (631) 789-6669 and (760) 843-0016, as well as text messages from email@example.com.
The text message or phone calls are stating that the cardholder has reached their limit on their account due to fraud and to please call the number given. The messages are stating to be from various financial institutions such as Beneficial Bank and Southern Commerce Bank. But any of the above details could change at any time.
Please be careful with any calls or message pretending to come from the Credit Union (or other financial institutions). Do no give out information like card numbers, pin, expiration dates, or any personal information like your SSN. If in doubt, call us directly at (845) 339-5544 or (800) 847-4283.
ULSTER FEDERAL CREDIT UNION
Walmart “Thanks for your order” email fraud.
May 17, 2013
The following is an abridged text copied from www.walmart.com:
“If you received an email on the morning of May 16th, 2013 with the title “Thanks for your Walmart.com order” from “Wallmart.com” (with two L’s) but you did not place an order, please know that this is NOT from Walmart.com, and appears to be a phishing scam attempting to gather information.
Do not click on any of the links in the email. Please delete the email. Then check your statements to see if any unauthorized charges were placed or are pending and monitor your statements.
For emails received from “Wallmart.com” (with two L’s), a Walmart order was not actually placed.
At this point it appears that no accounts were accessed, but you can delete any saved payment information and reset your password as a preventative measure.”
If you believe you have been victim of such a fraud attempts, please contact us immediately at (845) 339-5544 or in person at your local branch, to go through your options.
Phishing Attempt: ‘Update your E-mail account’
Dec 07, 2012
We’ve seen an old phishing email resurface recently. This email pretend to be from a school’s technical help desk, although it’s very vague about where from exactly. The aim of the email is to frighten the reader into thinking that they might lose their address by pretending some regular database cleanup. By clicking a link provided, one can supposedly confirm that one is still using the address and avoid deletion. BUT, the link leads to an anonymous database requesting all sorts of private information with the aim of stealing the user’s identity. Please be aware of this and simply delete the email if you receive it.
An example follows:
Dear E-mail User,
It has come to our notice that most of our email accounts have been opened with unprotected browsers/computers and most Users no longer use their email accounts. This has created room for spams, bulk and unsolicited emails. Our Help Desk want to deactivate all accounts which have been compromised.
To validated and confirm that you are actually the original owner of this account, you are to fill up the short form in the link below and click submit;
(Click Here To Update Your E-mail Account)
Failure to do this will have your account deactivated to avoid unauthorized usage.
Fraudulent phone calls requesting card numbers.
Nov 07, 2012
Several members have recently received fraudulent phone calls of automatic nature, pretending to be from the Ulster Federal Credit Union and requesting the member to verify their card number for security reasons, or their card would be turned off.
This call is a complete fraud, and a typical attempt at stealing your personal information by pretending to be securing it.
We never calls our members to verify card information. In fact, we never call members unless you have initiated the call first.
If you, or someone you know, have given card information to this scam attempt, please contact us immediately at (845) 339-5544 to have your card blocked and new one issued.
If ever in doubt about such calls, follow the golden rule: Hang up, and call us at (845) 339-5544 to verify before giving any personal information away.
Fake SMS with warnings about your card(s)
Oct 10, 2012
There are reports of SMS (text-messages) requesting the reader to call a certain 800 number or risk getting their cards closed.
If you receive any calls, emails, SMS text-messages, or other communication asking to validate your card information, please know that ANY SUCH REQUESTS ARE FRAUD-ATTEMPTS and not originating from the Ulster FCU.
A good rule of thumb: if in doubts, hang up and call us directly at (845) 339-5544 to verify. Never call the number indicated in such messages and never give any card information away to unknown callers.
Banking Trojan hijacks live chat to run real-time fraud
Mar 06, 2012
A new strain of financial malware is hijacking live chat sessions in a bid to hoodwink business banking customers into handing over their banking login credentials or into authorizing fraudulent transactions.
The assault – which targets business banking customers rather than consumers – kicks in when a victim logs into their online banking application.
Sessions are suspended, supposedly to run security checks (on the pretext that the “system couldn’t identify your PC”). Then a web-chat screen is presented to victims. But instead of talking to a customer service rep, the mark is actually chatting to cybercrooks, who will attempt to hoodwink victims into handing over login credentials or other information needed to authorize fraudulent transactions. Unbeknownst to the victims, the fraudsters are relaying authorization data to the victim’s bank during their conversation, carrying out a concurrent fraud in real time.
Please be aware that UFCU at present does not conduct any live chat sessions with members and that any such sessions pretending to be from UFCU is a fraud. Never give personal information through such channels. Call us at (800) 847-4283 if ever in doubts.
Scams to watch for in 2012
Dec 29, 2011
The American Association of Retired Persons (AARP) has compiled a list of the five most malicious scams consumers are likely to encounter in 2012. Read along to understand the tricks used and how to avoid them:
The Nigerian letter. In this advance-fee scam, someone unknown to the consumer offers promises of great riches. Lonely people in financial distress are usually targeted by scammers trying to take advantage of kindness generosity or greed. While this scam is old, new variations make it more effective in trapping the vulnerable and unwary. The questionable plea promising millions of dollars has been replaced by more clever approaches: a foreign business person trying to set up a domestic bank account, a parent trying to raise money to help free a hostage child, or a U.S. soldier trying to ship home war booty to help his dying mother. Data mining now allows the scammers to appear more legitimate by personalizing the messages.
- Never respond to these types of inquiries. Instead, delete any e-mails of this type and throw away any paper mail.
Exploitation through education. With this type of scam, fraudsters offer a “secret” system, manipulating the consumer’s emotions while promising riches or easy success. Middle-agers and seniors looking to change careers are usually targeted. Scammers entice the education-seeking unemployed with promises to get rich quick with the secret plan, win a high-paying job with the streamlined schooling, or pass a test for a chance at a nice government job. Victims often learn little they couldn’t find in their local library, but become burdened with thousands of dollars in bogus tuition and fees.
- Avoid making same-day decisions. Any career or education decision merits research and referrals.
Trumped up diagnoses of problems. Here, fraudsters exploit consumers’ lack of expertise, their trust in authority and any critical need. Most consumers are cautious when an auto mechanic discovers a previously undetected, but expensive, car repair. The mechanic has personal interest in pointing out the pricey problem. That same conflict of interest now appears in other industries. AARP cited hearing specialists who hawk hearing aids and financial planners pitching a brand of mutual funds as examples of scams exploiting consumers’ trust.
- Always separate the diagnosis from the product or service deliverer.
Facebook scams. An organization or person who doesn’t know the consumer may attempt to “friend” consumers via Facebook, exploiting the trust of the “safe” social-network environment. While Facebook keeps people connected, the walled-off environment of filtered contacts that consumers have learned to trust has also led them to a false sense of security that scammers take advantage of. Once “friended,” they link out of the safe environment to an external site where they can attack consumers viruses or pitched scam offers.
- Do not respond to, or “friend” any person or organization that you do not know.
Phishing. In “phishing,” a false entity asks for information it should already have–if it were the legitimate entity–and targets anyone with a bank or credit card account. Armed with consumers’ names, addresses and phone numbers, phishers call or e-mail consumers with requests to “verify” other personal information such as Social Security number, credit card information and banking data.
- Avoid making quick decisions and divulging any personal information. Discuss any financial decision over $500 with a friend or relative, and take at least 24 hours to mull it over.