About the ‘Dyre Wolf’ Malware
A recently discovered malware called ‘Dyre Wolf’ is behind fraud for millions of dollars. The malware, while specifically aimed at businesses, also affects individuals through a sophisticated social engineering technique:
First a user’s computer gets infected with a malicious program that will track the user’s online activity. Commonly, the infection happens trough attachments in emails pretending to be from trusted sources – such as people on your contact list. Once an infected user visits an Online Banking site, a fake page is displayed alerting the user that the page is temporarily down and to call a phone number listed for assistance.
Since the user is making the call, and the attackers can track the user’s whereabouts and timing, they are able to mount a very specific social engineering fraud attempt. Often they will succeed in getting the users’ online banking credentials and other information this way, simply by asking for them.
With the information in hand, the fraudsters then transfer large sums of money from the user’s account(s) through multiple wire transfers in order to hide their point of origin.
In some cases, attacks aimed at businesses have also included Denial of Service (DoS) attacks on the target company’s website, with the intention of distracting the business from discovering the fraudulent wire transfers.
Please stay aware of such fraud attempts! Do not open any unexpected email attachments even if it is from a trusted source. Keep a trusted antivirus program running on your computer, keep it up to date, and run frequent scans to find any malware infections. Ask your business IT department for advice if possible.
Also, be suspicious of uncommon website messages, especially if they ask you to contact a specific number that’s not our regular (800) 847-4283 or (845) 339-5544.
As always, we will never ask for any specific credentials, unless it’s to verify ID for a specific banking request you initiate. If you have any doubts or questions, play it safe, contact us directly and ask. It’s just common sense.
Fake VISA calls.
Members have reported getting automated calls from VISA, stating that their debit cards have been blocked.
These calls are frauds and should be ignored.
The calls continue on to suggest pressing 1 to “rectify the situation”. Nowhere in the call is Ulster FCU mentioned by name.
The fraudsters are apparently going through numbers in a local area, attempting to reach someone who will believe it’s message and proceed to give information to the fraudsters.
If you get such a call, simply hang up and ignore its message.
If you have incidentally given personal information, such as card numbers, account numbers, SSN, etc, please contact us immediately at (845) 339-5544 or (800) 847-4283 to have your account secured immediately.
Heartbleed Bug information.
Regarding the HeartBleed Bug:
The Ulster FCU is aware of, and has been investigating any of our internet connections that could be affected by the HeartBleed Bug that has been making headlines in the last few days.
The bug itself involves a programming error in the encryption software used for securing personal information, passwords, etc.
We are pleased to announce that our vendors have reported they are unaffected by the bug, meaning our crucial systems have no problem at this time and our member’s information remains safe and secure.
A generally recommended strategy in these cases is to change passwords for sensitive systems, however to do so only after the system has been proven clear of the bug. As our systems – including our Online Banking – are secure, we therefore suggest members log in to online banking and change their passwords. This can be done very simply after login, by going to the ‘User Profile’ menu and choosing ‘Change Password’.
Please contact us at firstname.lastname@example.org if you have any questions.
There is a developing story regarding a discovered data breach at retail giant Target. Information has been stolen on approximately 40 million credit and debit cards.
We are told the breach covered Target stores all over the country, and that affected cards were used in stores between November 27th and December 15th 2013. There are no indications at this time that the breach affected customers who shopped at Target’s online stores.
If you used your UlsterFCU credit/debit card at a Target store between the dates listed above, you should consider contacting us at (800) 847-4283 or (845) 339-5544 to have your card blocked and a new card issued.
National Credit Union Association calls.
Several institutions in our area are reporting that members have received automated phone calls stating that their debit cards have been deactivated. The calls proceed by asking for pin numbers and other information. The following is an example from a member’s cell phone (Caller ID said “901”):
” This is the National Credit Union Association. Your debit card has been disabled. Press 1 to talk to a representative”.
If you receive such a call, please be aware it is fraudulent, and do not give out any information. Instead, hang up, and call us directly to report the fraud attempt. If you have previously received such a call and are in doubts as to your account security, please also contact us at (845) 339-5544 or email@example.com.
Phishing scam – Fraudulent phone calls and text messages.
Please be aware that there is a scam circulating via phone calls from numbers (631) 789-6669 and (760) 843-0016, as well as text messages from firstname.lastname@example.org.
The text message or phone calls are stating that the cardholder has reached their limit on their account due to fraud and to please call the number given. The messages are stating to be from various financial institutions such as Beneficial Bank and Southern Commerce Bank. But any of the above details could change at any time.
Please be careful with any calls or message pretending to come from the Credit Union (or other financial institutions). Do no give out information like card numbers, pin, expiration dates, or any personal information like your SSN. If in doubt, call us directly at (845) 339-5544 or (800) 847-4283.
ULSTER FEDERAL CREDIT UNION
Walmart “Thanks for your order” email fraud.
The following is an abridged text copied from www.walmart.com:
“If you received an email on the morning of May 16th, 2013 with the title “Thanks for your Walmart.com order” from “Wallmart.com” (with two L’s) but you did not place an order, please know that this is NOT from Walmart.com, and appears to be a phishing scam attempting to gather information.
Do not click on any of the links in the email. Please delete the email. Then check your statements to see if any unauthorized charges were placed or are pending and monitor your statements.
For emails received from “Wallmart.com” (with two L’s), a Walmart order was not actually placed.
At this point it appears that no accounts were accessed, but you can delete any saved payment information and reset your password as a preventative measure.”
If you believe you have been victim of such a fraud attempts, please contact us immediately at (845) 339-5544 or in person at your local branch, to go through your options.
Phishing Attempt: ‘Update your E-mail account’
We’ve seen an old phishing email resurface recently. This email pretend to be from a school’s technical help desk, although it’s very vague about where from exactly. The aim of the email is to frighten the reader into thinking that they might lose their address by pretending some regular database cleanup. By clicking a link provided, one can supposedly confirm that one is still using the address and avoid deletion. BUT, the link leads to an anonymous database requesting all sorts of private information with the aim of stealing the user’s identity. Please be aware of this and simply delete the email if you receive it.
An example follows:
Dear E-mail User,
It has come to our notice that most of our email accounts have been opened with unprotected browsers/computers and most Users no longer use their email accounts. This has created room for spams, bulk and unsolicited emails. Our Help Desk want to deactivate all accounts which have been compromised.
To validated and confirm that you are actually the original owner of this account, you are to fill up the short form in the link below and click submit;
(Click Here To Update Your E-mail Account)
Failure to do this will have your account deactivated to avoid unauthorized usage.
Fraudulent phone calls requesting card numbers.
Several members have recently received fraudulent phone calls of automatic nature, pretending to be from the Ulster Federal Credit Union and requesting the member to verify their card number for security reasons, or their card would be turned off.
This call is a complete fraud, and a typical attempt at stealing your personal information by pretending to be securing it.
We never calls our members to verify card information. In fact, we never call members unless you have initiated the call first.
If you, or someone you know, have given card information to this scam attempt, please contact us immediately at (845) 339-5544 to have your card blocked and new one issued.
If ever in doubt about such calls, follow the golden rule: Hang up, and call us at (845) 339-5544 to verify before giving any personal information away.
Fake SMS with warnings about your card(s)
There are reports of SMS (text-messages) requesting the reader to call a certain 800 number or risk getting their cards closed.
If you receive any calls, emails, SMS text-messages, or other communication asking to validate your card information, please know that ANY SUCH REQUESTS ARE FRAUD-ATTEMPTS and not originating from the Ulster FCU.
A good rule of thumb: if in doubts, hang up and call us directly at (845) 339-5544 to verify. Never call the number indicated in such messages and never give any card information away to unknown callers.
Banking Trojan hijacks live chat to run real-time fraud
A new strain of financial malware is hijacking live chat sessions in a bid to hoodwink business banking customers into handing over their banking login credentials or into authorizing fraudulent transactions.
The assault – which targets business banking customers rather than consumers – kicks in when a victim logs into their online banking application.
Sessions are suspended, supposedly to run security checks (on the pretext that the “system couldn’t identify your PC”). Then a web-chat screen is presented to victims. But instead of talking to a customer service rep, the mark is actually chatting to cybercrooks, who will attempt to hoodwink victims into handing over login credentials or other information needed to authorize fraudulent transactions. Unbeknownst to the victims, the fraudsters are relaying authorization data to the victim’s bank during their conversation, carrying out a concurrent fraud in real time.
Please be aware that UFCU at present does not conduct any live chat sessions with members and that any such sessions pretending to be from UFCU is a fraud. Never give personal information through such channels. Call us at (800) 847-4283 if ever in doubts.
Scams to watch for in 2012
The American Association of Retired Persons (AARP) has compiled a list of the five most malicious scams consumers are likely to encounter in 2012. Read along to understand the tricks used and how to avoid them:
The Nigerian letter. In this advance-fee scam, someone unknown to the consumer offers promises of great riches. Lonely people in financial distress are usually targeted by scammers trying to take advantage of kindness generosity or greed. While this scam is old, new variations make it more effective in trapping the vulnerable and unwary. The questionable plea promising millions of dollars has been replaced by more clever approaches: a foreign business person trying to set up a domestic bank account, a parent trying to raise money to help free a hostage child, or a U.S. soldier trying to ship home war booty to help his dying mother. Data mining now allows the scammers to appear more legitimate by personalizing the messages.
- Never respond to these types of inquiries. Instead, delete any e-mails of this type and throw away any paper mail.
Exploitation through education. With this type of scam, fraudsters offer a “secret” system, manipulating the consumer’s emotions while promising riches or easy success. Middle-agers and seniors looking to change careers are usually targeted. Scammers entice the education-seeking unemployed with promises to get rich quick with the secret plan, win a high-paying job with the streamlined schooling, or pass a test for a chance at a nice government job. Victims often learn little they couldn’t find in their local library, but become burdened with thousands of dollars in bogus tuition and fees.
- Avoid making same-day decisions. Any career or education decision merits research and referrals.
Trumped up diagnoses of problems. Here, fraudsters exploit consumers’ lack of expertise, their trust in authority and any critical need. Most consumers are cautious when an auto mechanic discovers a previously undetected, but expensive, car repair. The mechanic has personal interest in pointing out the pricey problem. That same conflict of interest now appears in other industries. AARP cited hearing specialists who hawk hearing aids and financial planners pitching a brand of mutual funds as examples of scams exploiting consumers’ trust.
- Always separate the diagnosis from the product or service deliverer.
Facebook scams. An organization or person who doesn’t know the consumer may attempt to “friend” consumers via Facebook, exploiting the trust of the “safe” social-network environment. While Facebook keeps people connected, the walled-off environment of filtered contacts that consumers have learned to trust has also led them to a false sense of security that scammers take advantage of. Once “friended,” they link out of the safe environment to an external site where they can attack consumers viruses or pitched scam offers.
- Do not respond to, or “friend” any person or organization that you do not know.
Phishing. In “phishing,” a false entity asks for information it should already have–if it were the legitimate entity–and targets anyone with a bank or credit card account. Armed with consumers’ names, addresses and phone numbers, phishers call or e-mail consumers with requests to “verify” other personal information such as Social Security number, credit card information and banking data.
- Avoid making quick decisions and divulging any personal information. Discuss any financial decision over $500 with a friend or relative, and take at least 24 hours to mull it over.
Holiday Shopping Alerts
As the holiday season approaches, it is important to be aware of potential scams. Con artists are working hard to get their hands on your member’s money as well as personal and financial information. To help reduce the risk and protect credit union members, we offer a list of potential scams along with tips for a safer and smarter holiday shopping season.
Many consumers will be using their mobile devices and computers to conduct their holiday shopping and so will the cyber scammers! Mobile device scams are a top threat this year based on the increase in mobile malware and malicious apps. Consumers should be aware of all potential threats in order to safeguard their funds and personal information this holiday season.
Let’s work together to keep the scammers away from credit unions and your members. Potential scams and tips to be aware of and share with your members are listed below.
Holiday Scams and Tips
• Watch for mobile malware – especially deals for black Friday and cyber Monday.
• Be cautious when looking for free mobile apps – may be an attempt to steal information.
• Watch for malicious screensavers, ring tones and e-cards.
• Watch for purchase offers of fake anti-virus software – this scam may trick you into purchasing the software.
• Secure your computer – at a minimum, have anti-virus, anti-spyware and a firewall.
• Remember to turn off your computer when you’re done shopping.
• Watch for social media scams – phony Facebook and Twitter sites or other online promotions and contests.
• Beware of scammers advertising popular holiday items.
• Check out the seller of items – research before you buy.
• Don’t fall for the mystery shopping scam asking you to shop for $XX dollars (ex: $100).
• Online coupon scams may ask for your personal or financial information using email.
• Holiday phishing scams – Don’t fall for emails, text messages or phone calls asking for personal or financial information.
• Monitor credit, debit and account numbers used for your holiday shopping to help identify any unauthorized usage.
• Vacation scams – don’t post holiday pictures until you are back home.
• Lighted parking lots – survey the parking lot surroundings. Make sure you have your car keys in your hands before entering the parking lot.
• If an offer or item sounds too good to be true, it’s probably a scam.
• Report scams to the Federal Trade Commission at www.ftc.gov or call toll-free 1.877.ftc.help (1.877.382.4357)
Trojan Tricks You into Stealing Your Own Funds.
A new, intelligent type of Trojan infection has been detected that makes you give your own money away to the perpetrators.
The infection, which can be caught by opening infected sites or emails and inattentively accepting the malware to run, will sit dormant and unnoticed until you log into an online banking site. At that time, the malware will produce a fake message indicating that an error and incorrect deposit was made to your account. When inspecting your account balance, the malware will fake your current balance to show an incorrect amount corresponding to the supposed error.
The malware will then pretend to guide you to transfer the money back. In reality, however, it will transfer funds from your account to the perpetrators. You will then, literally, steal your own money and give it away.
Do not fall victim to this scheme. The Ulster Federal Credit Union will never communicate errors made through our online banking site, nor through emails ; Only by phone or in person.
We strongly recommend members verify and validate any claims of errors made, by calling us directly at (845) 339-5544.
For more information on this scheme, visit:
Malware Warning – Fake Emails from NACHA
Members should be aware of a series of emails containing links to malware and pretending to be from the Electronics Payments Association – NACHA.
The emails appear to originate from email@example.com, although this address has been falsified.
The NACHA logo appears at the top of the email body, with the following text:
The ACH transfer (ID: 61018868051501), recently initiated from your bank account (by you or any other person), was canceled by the Electronic Payments Association.
Transaction ID: 61018868051501
Reason for rejection See details in the report below
Transaction Report report_61018868051501.pdf.exe (self-extracting archive, Adobe PDF)
A longer description of NACHA follows (omitted here).
The email is a fraudulent attempt at infiltrating malware into a user’s PC with the ultimate goal of stealing personal information. It is also an example of the more sophisticated approach of modern malware- and phishing-attempts: The spelling in the email is perfect, and the origin address is faked to appear correct. By describing the link as a “self-extracting” PDF file, the perpetrators even circumvent the immediate ‘red-flag’ raised by an executable file.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.
If you receive this email, please ignore it and permanently delete it from your mailbox.
Verified by VISA scams
Credit unions across the country have reported an increase in card-not-present fraud involving Verified by Visa (VbV) transactions. Fraudsters are enrolling members’ Visa accounts in VbV and making fraudulent online purchases.
VbV is a security feature offered to cardholders to secure their online purchases over the Internet by authenticating the cardholder’s identity. Fraudsters are using social engineering tactics to obtain enough information to enroll cardholders in VbV. Cardholders are contacted by email (phishing), phone (vishing), or text (smishing) to obtain the information.
We have also learned that some cardholders who legitimately enrolled in VbV have been tricked to provide their VbV password to fraudsters through phishing scams. After the fraudster obtains the password from the cardholder, they will either use the password for online purchases or change the cardholder’s password.
Please be aware of these attempts of fraud and never give any information to unknown callers or through requesting emails without first verifying the source by calling us directly at (845) 339-5544 or emailing us at firstname.lastname@example.org
If you have any questions or believe you have been scammed, please contact us for assistance.
Chase Card Merchant Services ID Theft Attempt
Please be aware of an attempt of ID theft targeting our members. Several members have reported a phone call pertaining to be from Chase Card Merchant Services and asking for their Ulster FCU ATM card number, expiration date, and PIN.
The call is an attempt at ID theft. Do not give the caller any of the requested information and simply hang up.
The Ulster FCU will never call members and ask for this kind of information. If in doubts about any such calls, always hang up and call us directly at (800) 847-4283 or (845) 339-5544 to verify the validity of the call.
If you have already given any information to such a call, please let us know immediately at the above numbers so we can block your card. If you have any questions in this regard, please call us or email email@example.com.
Ulster Federal Credit Union
Security Tool Scam
There is yet another malware out on the internet, pretending to want to clean your PC from “danger”. Numerous people have fallen for this scam, mainly because the pop-up refuses to go away until you agree to pay for a software called ‘Security Tool’, and people see no other way out.
Do not buy the software, even if the pop-up refuses to go away! Not only will you get charged for an amount, often higher than what it is said to be, but your personal information will be at high risk for identity theft. You will also find the path to get your money back a very tedious procedure that could have been avoided.
Depending on your technical knowledge, there are several ways to remove the malware and get rid of the pop-up without giving in to the blackmail presented in the said pop-up:
1. Use the Windows System Restore tool to set your computer’s system files back to before the malware attacked (read
http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx for more information on the System restore tool).
2. Update your regular antivirus / antispyware program, restart your PC to Windows Safe Mode (read http://support.microsoft.com/kb/315222 for more information), then do a full scan of your PC.
3. Manual removal instructions for the technically savvy can be found here: http://www.bleepingcomputer.com/virus-removal/remove-security-tool.
4. Request the assistance of a local computer tech-support company.
November 16, 2009 Ulster FCU Members Targeted in Smishing Campaign
During the weekend of Saturday November 14th and Sunday November 15th numerous local cell phones received text messages pretending to be from the Ulster Federal CU. The message specifically stated:
“Ulster FCU Alert: Your CARD has been DEACTIVATED. Please contact us at 845-943-5636 to REACTIVATE your CARD.”
The message was a fake and not sent from the Credit Union. The number listed directed to a voicemail recording, again pretending to be from us, asking for card information and other identifying digits. The message is no longer available and has reverted to a “default” phone message.
As usual, the Ulster Federal CU DOES NOT contact members directly to request information such as card numbers, social security numbers, a.s.o., unless the member has contacted us first.
Many vigilant recipients called or emailed us to let us know of this scam attempts, and we are grateful to see that so many members and non-members alike didn’t fall victim to these fraud attempts, and even took the time and effort to report these scams promptly to the authorities. Thank you.
If you, or anyone you know, called the number and left any of the information requested, please call us immediately at (800) 847-4283 for assistance. For more information, read our webpage on ID theft, how to avoid it, and what steps to take if you have fallen victim to it, at http://www.ulsfedcu.org/id_theft.html.
If you have any concerns or question, please call us at the above number or email firstname.lastname@example.org
We have recently seen heightened activity of phishing attempts. Please be aware of this most recent one, where fraudulent emails pretending to be from Verified by VISA have been received by credit union members.
The message presents a Verified by VISA logo and a small Visa logo with a copyright notice on the bottom of the email. The email text is as follows:
Verified by VISA protects your existing Visa card with a password you create, giving you assurance that only you can use your Visa card online.
Simply activate your card and create your personal password. Youll get the added confidence that your Visa card is safe when you shop at participating online stores.
You may activate now by entering your card number over our secure server. To protect you card against fraudulent use. Thank you.
Please pay notice to the numerous spelling and grammatical errors in the text, as that often can be a clue to whether an email is legitimate or not. When in doubts, you can always contact us at (800) 847-4283 or at email@example.com to verify the legitimacy of such emails. Thank you.
SMS Messaging Scam Attempts
Ulster FCU members have complained to us about SMS messages received, pretending to be from other local credit unions. The messages read “This is an automated message from “Credit Union name”. Your ATM card has been suspended. To reactivate call urgent at” –followed by an 800 number.
The message is a scam attempt to steal personal information from members. Do not respond to it and simply delete it from your phone.
The Ulster Federal CU does not share any personal information about its members with anyone outside the Credit Union. We also do not contact members through any channels such as email or phone messages to verify any information, unless it is in direct response to a request from you.
If you have given any information out to such scams, please call us immediately at (800) 847-4283 so we can take proper measures to block your account from ID theft. You can also call us at the above number if you have any questions in this regard.
Ulster Federal CU members have received automated message calls this morning requesting verification of their card numbers, expiration date and PIN number. Although we have little information at present, caller-ID information suggests that the caller may be from a company named “Edge Development”. Please be aware of this and never give out such information over phone or email, without verifying directly with us first.
Please know, as always, that the Ulster Federal Credit Union will never call you to verify such information. If you receive a call as described above, please hang up and call us directly at (845) 339-5544 or (800) 847-4283 to report the fraud.
If you believe you have been a victim of ID theft, please call us so we can block your cards from fraudulent activity and assist in reporting the event to the proper authorities. You can read more information on ID theft and what to do about it on our webpage at http://www.ulsfedcu.org/id_theft.html.
Trojan Attack Masquerades as Airline E-Ticket Notice
E-mail messages that appear to come from airlines are being used to fool users into thinking that their credit card has been used to purchase airline tickets. The messages look like an “email from Northwest Airlines” or “message from United Airlines” and contain a realistic-looking receipt with an attachment “Your_ETicket.zip” or “eTicket.zip”. Users who click on the e-ticket file trigger the download of Troj/Agent-IPS, a data-stealing Trojan horse.
Please use best security practices when reviewing your e-mail and do not open any e-mails or attachments from unknown senders.
VISA / MASTERCARD Telephone Fraud Scam
Please be aware of a phone scam where perpetrators, pretending to call from either VISA or MasterCard, attempt to steal the three digit security code from your credit card.
The scammers introduce themselves with a fake name and title from the ‘Security and Fraud Department’. They’ll give a fake badge number and say your card has been flagged for an unusual purchase. The scammers will do most of the talking and apparently know all the information, only verifying it. They will present the card number, the bank that issued the card, and finally a purchase supposedly done with the card (For instance ‘Anti-telemarketing device for $497.99 from a Marketing company based in Arizona’).
When you assure them you didn’t make the purchase, the scammer will continue saying a credit will be sent to you. They will even know your address and ask if that address is correct.
The scammer will also provide you with a 6 digit ‘Control Number’ and finally ask you to verify that the card is truly in your possession by reading the three digit security code up from the back of the card. This is the only piece of information the scammers need and because they provide you with everything else, it’s easy to believe them and fall victim to the scam.
Never give any information to anyone calling from the Credit Union or credit card company. Instead hang up and call them yourself (1-800 VISA911 or 1-800-Mastercard) to verify that the call was authentic. You can also call the Ulster Federal Credit Union a 1-800-847-4283 if you have any questions.
Fraudulent Falcon Fraud Calls
Our Fraud Department has received numerous inquiries regarding phone calls, being received by credit union members, purporting to be from “Falcon” or “The Security Department at the bank”. These phone calls can either involve a live person on the other end or a pre-recorded message. Cardholders are being told that their account was compromised and that they need to provide the account number and other information to re-activate their card or to have a new card re-issued. These calls are frauds and can be disregarded.
• Falcon will never ask for any account information when they are calling to validate a transaction since they have all the account information.
• All Falcon will do is to validate a suspicious transaction and block the account if it is warranted.
• A blocked or compromised account will never be “Re-activated” using existing account information.
• If a call seems suspicious, hang up immediately and contact Ulster Federal CU at (800) 847-4283 for confirmation and assistance.
• Never provide any account information including account numbers, expiration dates, PIN’s, CVV2 codes, etc. to anyone over the phone.