Recent News

Latest Fraud Alerts.

Everyone in the Fairbanks North Star Borough is eligible to join!

For more membership information, click here.

Recent Articles

It's Your Money - read up on the latest information for members in this newsletter. 

Did you know?

You can obtain a free credit report once a year!

Find out more!

: Fraud & ID Protection :

Scams That Mimic Government Stimulus Package

Identity thieves posing as representatives of the Internal Revenue Service are sending spam e-mails promising government economic stimulus packages. The message tells the user to download an attachment that is masked as a form they must fill out and send to the IRS to receive their check. However, the document really is an identity theft tool that steals the personal information entered in the form.
Another scam being used promises more information on how to get “economic stimulus grants.” They tempt users with fake testimonials such as, “I found the grant I needed and filled out the forms and sent them in, and in about two weeks I received a check in my hand for $100,000.” It leads to a marketing-type site in which you enter personal information such as salary range, e-mail address, mailing address, and date of birth purportedly to get a free CD that shows you how to claim one of these grants. To order the CD, you must enter credit card information for the postage and handling costs. You never get the CD—only a stolen identity.

-------------------------------------

Phishing Scam Sounds like Official Telephone Call

This new phishing scam sounds like a legitimate telephone call. The cardholder is contacted to obtain the security code on the back of their VISA and MasterCard.

Under this scam, a telephone call is placed to a legitimate cardholder.  The caller claims to be a representative from VISA or MasterCard informing the cardholder of suspicious card activity. The caller provides details of an unusual transaction and asks if the cardholder made this purchase, which, of course, the cardholder did not. The cardholder is then asked to verify possession of the card. To do so, the cardholder is asked to read the three-digit security code on the back of the card. The fraudster then provides a control number in the event the cardholder needs to call back with questions, making the call seem legitimate.

The caller does not ask for the credit or debit card number, and that is why some members are fooled into believing the call is legitimate. But the fraudster already has the card number; what they don’t have is the three-digit security code from the back of the card, and that is what they are after with this scam.

NEVER give out any personal information in response to a phone call, email, or letter. It is better to be more cautious and avoid these scams. You can call the official number to your credit card or banking company to double check if it was a scam or not.

Current email/survey scam - DO NOT RESPOND!!!

A phishing scam survey was sent recently via email using SoAFCU logo's. This survey claimed that people who respond to this survey will receive $40 for simply filling out the survey. At the end of the survey, it requests the respondant to fill out their account number, user ID, and password or credit card info so that the $40 can be deposited. Please be aware that Spirit of Alaska FCU will NEVER request this information via email from our members. For a sample of what this phishing scam looks like click here. If you have filled out this survey please contact us at 459-5900 immediately.

-------------------------------------

Spirit of Alaska Federal Credit Union is committed to doing everything we can to help protect members from a variety of fraudulent activities. We are very diligent in protecting your account information with the highest level of security available for our website, E-teller, E-statement and other electronic services. However, members may be exposed to acts of fraudulent activity that are beyond the credit union's control and it is ultimately your responsibility to prevent and protect yourself from the unscrupulous acts that could cause you to be an unsuspecting victim of Identity theft or other fraud or scam. The following information is intended to help you in this endeavor.

Please feel free to provide us feedback on topics of interest in this area and we will do what we can to share the information with all members.

In an attempt to address the rising cyber crime threat, the FTC (Federal Trade Commission ) on January 10, 2006 unveiled an online tool designed to help consumers avoid becoming victims of Internet scams.

At the website, www.onguardonline.gov, consumers can take interactive quizzes designed to enlighten them about identity theft, phishing, spam and online-shopping scams. If the user selects a wrong answer, the program explains why that particular misconception about Internet security can lead to trouble.

Elsewhere on the site, consumers can find detailed guidance on how to monitor their credit histories, use effective passwords and recover from identity theft.

>>Test your knowledge about fraud and identity theft by clicking here.

Five federal agencies and 13 private organizations partnered to sponsor the OnGuard Online website. Information on the site is not copyrighted, and the FTC encourages companies and other organizations to download and widely disseminate the information.

"We're trying to make the information as accessible as possible, with tips so people can take action," said Nat Wood, the FTC's assistant director for consumer and business education. The increasing concern about online threats is one of the reasons we could put together such a blue-chip coalition for a program like this," says Wood. "E-commerce is great, but we just want people to have the tools to use it safely."

Be alert to what you receive in the mail - usually if it's too good to be true, it usually is. Consumers may receive a letter in the mail, an evaluation form, and a check. The letter states that they have been chosen to be a mystery shopper for several popular stores, Western Union and Money Gram and that the check is to be used towards shopping at these stores and sending funds through Western Union and Money Gram. All they need to do is evaluate their shopping experience. The check can only be activated if you call the phone number listed in the letter. By calling the phone number, the operator collects some information, and gives the victim a believable story on how the mystery shopping works, and information on where to send the Western Union and Money Grams. After that the victim goes and cashes a bad check, and sends real money through the wire services. Use caution on wiring money to people or businesses that you do not have a relationship established with. If you feel that you may have been a victim to a scam like this contact the financial institution you deposited the check to and any wire services involved.

Key logging is used in schemes to attack home banking products. Key loggers are software code that can hide within various software applications that are downloaded by members from the Internet. This embedded software, which acts like a Trojan horse, buries itself on the member's home computer. The key logger tracks all key strokes on the computer key pad, specifically looking for financial institution account and password information. Once it captures the data, it is passed back up through the Internet to the criminal who can utilize the information to take over the member's account. Use caution not to click on any links in suspect email. Use a good anti-virus system and keep it up to date.

Recently criminals seeking account information have applied new techniques to previously used schemes to improve their effectiveness. Members are urged to be aware of these emerging attack strategies. Please be on the alert to schemes that target CVV2 information and email notification with an alternate link to use during a network outages.

In a new twist to the traditional form of phishing, criminals use a form of vishing to acquire missing elements of information by developing a level of comfort through conversation with pieces of known information. In addition, they use a type of VolP technology that allows for spoofing of the Caller ID and makes the phone call appear to be more legitimate. They often times introduce a level of fear to facilitate extraction of personal or sensitive information. Please remember that the credit union will never call you for this information. Nor will most legitimate businesses.

Criminals have also combined two techniques to improve effectiveness of phishing schemes. Criminals focus on the card holder base of a specific institution. Card holders from a single financial institution are sent a bogus email advising them of an unexpected network outage while criminals simultaneously begin to subject the institution to a DDoS attack (Distributed Denial of Service). This attack involves sending the institution an overwhelming number of network requests to a single location, in hopes of creating an actual network overload and outage. Once the institution's web infrastructure is unable to respond to card holder requests, a phishing email is sent. This phishing email contains and "alternate" link that may be used until the issue is resolved. The link directs the user to a web page that may have a look and feel of the legitimate site, but in fact is simply a site that captures sensitive information. Please be on the look out for this type of attack. We occasionally may experience a network outage but will not have an "alternate" log-in site. If you feel you have been subjected to either of these schemes please contact Member Services immediately at (907) 459-5900.

Vishing Scams Use Phones Instead of Fake Websites. In a new twist, identity thieves are sending spam that warns victims that their credit union/bank account or PayPal accounts were supposedly compromised. However, unlike typical phishing emails, there is no website address in these phishing messages. Instead, the victim is urged to call a phone number to verify account details.

The automated voice message says: "Welcome to account verification. Please type your 16-digit card number." The goal is to get the victim to enter their credit card number. In these reported scams, no mention of the credit union, bank or PayPal is made.

Security experts tracking this scam and other instances of "vishing" , short for "voice phishing", say the frauds are particularly despicable because they imitate the legitimate ways people interact with financial institutions. In fact, some vishing attacks don't begin with an e-mail. Some come as calls out of the blue, in which the caller already knows the recipient's credit card number. This increases the perception of legitimacy, the caller ask for the valuable three-digit security code on the back of the card.

Vishing appears to be prospering with the help of Voice over Internet Protocol, or VoIP, the technology that enables cheap and anonymous Internet calling, as well as the ease with which caller ID boxes can be tricked into displaying erroneous information.

LOSS PREVENTION RECOMMENDATIONS :

• Never call a number you receive from a spam email, and certainly don't enter in any private information if you make a mistake and do call.
• If you want to call your bank, use the normal phone number you regularly use, not the phone number you get in an e-mail.
• Please know that we will never solicit personal/private information via e-mail or the phone.
• Never click on the link provided in an e-mail you believe is fraudulent.
• Do not open an attachment to an unsolicited e-mail unless you have verified the source.
• Do not be intimidated by an e-mail or caller who suggest dire consequences if you do not immediately provide or verify information.
• If you believe the contact is legitimate, go to the company’s website by typing in the site address directly or using a page you have previously book marked, instead of a link provided in the e-mail.
• Use the FTC (Federal Trade Commission) website, www.onguardonline.gov. Consumers can take interactive quizzes designed to enlighten them about identity theft, phishing, spam and online-shopping scams. Elsewhere on the site, consumers can find detailed guidance on how to monitor their credit histories, use effective passwords and recover from identity theft.

Many Spirit of Alaska members use EBay, Amazon and PayPal websites. Please do not ever give out any personal information such as account number, credit or debit card account numbers, personal identification numbers (PIN), passwords or social security number from an unsolicited email, fax, phone call or letter in the mail. Fraudsters are always evolving scams, so be particularly careful if you receive a message confirming an order you did not make, or a message advising you that your credit card will be charged for an order you did not make. Do not confirm any information from any link within an unsolicited email.

Visit the following links to learn more about protecting your financial assets from fraudulent email messages that may appear to come from EBay, Paypal or Amazon. Preparation and knowledge can prevent you from falling victim to the many phishing scams that target customers of these online companies.

• EBay
  
• Amazon.com
• PayPal

Be alert to an email fraud that is promising a portion or share of a high balance dormant bank account in South Africa. This scam has been around in various forms for several years. It can come in the form of a distraught widow attempting to access funds that are frozen as a result of a dead husband's past involvement in the government, or even an official who needs some type of assistance. What these scams have in common is a promise to share the money, usually millions of dollars, if you will only offer your bank or credit union account to receive the funds. They also require the utmost urgency and confidentiality. The poor victim who falls for this scam often finds themselves sending money for "various fees" necessary to process the transaction, only to find the transaction never transpires; or even worse, finding their own account cleaned out. The sad part is that the victim gave the information freely, thus contributing to the complications of recovering lost funds, if they can be recovered at all. Please be alert to this type of scam, or any offer that seems to good to be true. If is seems too good to be true it is most likely not true.

Phishing scams are becoming even more prevalent as people increase use of e-mail and the Internet to access and transfer information. Treat your email with the same level of caution as you would any offer, or request for personal information that you might receive in the mail. Use caution when you receive email messages that direct you to a website with a link in the message. Many times these unsolicited email messages appear to be coming from a reputable business, organization, or even a United States agency such as the FBI, but in fact are sophisticated phishing scams designed to play and manipulate your trust or fear in the legitimate organization or business. Things to be aware of are:

• Is the link actually going to the official company, organization or agency website? Generally, government agency websites end in .gov, and many nonprofit or credit union sites end in .org. While web address extensions have expanded to include others such as .coop and .net, most commercial business websites still rely on the .com extension. Know where the link is taking you!
• Is the email using graphics that are familiar to you? Many scams will use similar graphics, beware of mistakes and copy cat knock-offs.
• Are you being threatened that some type of consequence or problem will result by not responding to the message? Remember that unsolicited email is not an official notification process. If you suspect a problem call the financial institution, organization, or company directly with a telephone number you have on file from a legitimate source.
• Report any suspicious activity by the processes described below. Email and the Internet can be an excellent resource and tool to help people stay better connected and receive information efficiently and quickly, however, it is up to us, as smart and observant consumers, to help intercept and stop email and Internet fraudulent activity.

Phishing scams are scams that use email and fraudulent websites to elicit personal or financial information from unsuspecting people. Fraudsters send official-looking emails that appear to be from government agencies or legitimate businesses that ask for verification of financial and personal information such as account numbers, passwords, user names, SSN, and other sensitive data. Most often the message will also warn of possible fraud and contain a link to a fake website that very closely mimics a legitimate online business. Here are some tips from VISA and your credit union to help you protect you and your family from the phishing scam:

• Treat all unsolicited email requests for financial or personal data with suspicion. Do not reply to unsolicited email or respond by clicking a link within the unsolicited email message.
• Contact the actual business that supposedly sent the unsolicited email message to verify if it is genuine. Visit a website or use a phone number that you know to be legitimate.
• Look for the Lock. Prior to entering account information on any website, be sure to look for the "locked padlock" in the browser or the "https" at the beginning of the website address to make sure it is secure.
• Be cautious. Check your monthly statements to verify all transactions. Notify the credit union or other companies that you do business with immediately if you notice any erroneous or suspicious transactions.
• Report any suspicious activity to the FTC. Send the actual spam to uce@ftc.gov. If you believe you have been a victim of a fraudulent scheme, you should file a complaint at www.ftc.gov.
• A good resource for this topic is Anti-Phishing Working Group at http://www.antiphishing.org
• If you have been victimized by a spoofed e-mail or web site, you should contact your local law enforcement, US Postal Inspector, or FBI.

Additional resources to help you learn how to minimize your risk of damage from identity theft:

• www.ftc.gov/idtheft
• www.ustreas.gov
• www.antiphishing.org
• Equifax
• Home & Family Finance Resource Center

It is also a good idea to review your credit report once a year. The FACT Act makes it possible for everyone to receive a free credit report each year in an effort to prevent or minimize the effects of fraud and identity theft. To get your free annual credit report you must contact the Central Source as established by the three major credit reporting agencies.

You may contact the Central Source by calling toll free: 877-322-8228 (or 877- FACT ACT), or you may click this link: www.annualcreditreport.com.

+ back to top