New “Vishing” Attempt
April 16, 2014
We have received multiple reports of a “vishing” attempt. Members are receiving phone calls from an automated system notifying them that their debit card has been deactivated and asking them to enter their card number and PIN. If you receive a call like this, please do not respond and hang up immediately. If you believe you may have fallen victim to this scam and provided your confidential account information, please contact us immediately at (863) 688-3733 or toll free at (866) 913-3733 so we can take action to protect your account.
‘Heartbleed’ Security Bug Not a Threat to MIDFLORIDA
April 10, 2014
There have been widespread media reports on the newly discovered security bug nicknamed ‘Heartbleed.’ While we share in the concern of consumers across the nation, the security of our servers was never in question as we do not use the same technology that was susceptible to this type of attack. Members are always encouraged to change their user ID and password regularly as a best practice, but can rest assured that there was no risk of compromise from this threat on our website.
eNFACT Phishing Attempt
January 26, 2012
Recent reports outline that the company eNFACT, which normally works to prevent fraud on credit, ATM and debit cards for financial institutions, has become the victim of identity theft in a large scale phishing attempt. Emails under eNFACT’s company name have been reported as received by credit union members. The email indicates that the fraud detection company has identified a series of random purchases made out of the area using the member’s card (credit card, ATM card or debit card). The email goes on to say that if the series of transactions was not initiated by the member that they should contact eNFACT by visiting a legitimate looking website. Once the member is on the site to report the “fraudulent” transactions, they are asked a series of questions that provides their personal account and card information.
This phishing attempt is extremely clever and presents itself in a legitimate format – even going so far as to include a toll-free number for questions. However, while eNFACT does monitor card activity and may contact you to verify activity that is not normal for your use, they would not use this method nor would they ask for your card number, account number or other personal information.
If you receive an email like this, delete it immediately. If you feel as though you may have already fallen victim to this phishing attempt, please email email@example.com or call the Help Desk toll-free at (866) 913-3733 so we can take measures to protect your account.
May 23, 2011
Members have reported receiving a fraudulent text message from Grow Financial Federal Credit Union. The message states Grow Financial is working with MIDFLORIDA regarding fraud on the member’s account and instructs the member to call and verify account information and un-restrict their debit card.
Please be advised this message was not sent by Grow Financial. Members who may be in receipt of a text message like this should disregard the message. If you believe you may have fallen victim to this scam and provided your confidential account information, please contact us immediately at (863) 688-3733 or toll free at (866) 913-3733 so we can take action to protect your account.
Avoiding Facebook Scams
August 10, 2009
A new form of phishing has materialized on the popular social networking site, Facebook. The scam is known as Facebook phishing. Prompted by a Facebook message sent from a friend’s account, users are sent to websites constructed to mirror Facebook’s log-in page. They then enter an e-mail address and password. It perpetuates the scam by hacking into users’ accounts and re-sending the link to their friends in a message simply labeled “Hello” that contains the link.
Protect yourself from internet fraud by following these tips from Facebook:
- Use an up-to-date browser that features an anti-phishing black list.
- Use unique logins and passwords for each website you use.
- Check to see that you’re logging in from a legitimate Facebook page with the facebook.com domain.
- Be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional login.
Avoiding Foreclosure Rescue Scams
April 14, 2009
With the nation’s foreclosure rates on the rise, foreclosure rescue scams are also increasing. The scams target homeowners with substantial equity in their homes and often prey on the elderly, or people with low-incomes or blemished credit.
Perpetrators of the fraud typically promise to help homeowners who are in financial straits but instead charge exorbitant fees for services with little or no value, strip equity out of victims’ homes, or take ownership of the homes outright.
Three types of schemes are common:
- Phantom help – The purported rescuer charges high fees for no work or for services that the homeowner could have easily handled or obtained free from legitimate organizations.
- Bailout – A homeowner surrenders the title to the home after receiving a false promise that the he or she can remain as a renter and buy back the home later. The scam artist obtains possession of the home and most or all of its equity.
- Bait and switch – Victims are told they can refinance their homes but instead sign documents transferring the titles to scam artists, while the victims remain responsible for making the mortgage payments.
Businesses that perpetrate these scams often refer to themselves as “foreclosure consultants” or “foreclosure rescue specialists.” They use high-pressure sales tactics and distribute cards or flyers with messages such as “Stop foreclosure with just one phone call,” or “I’d like to buy your house.”
Homeowners in danger of foreclosure should work with their lenders to avoid foreclosure, consult a counselor approved by the U.S. Department of Housing and Urban Development (www.hud.gov), or seek advice from a government-sanctioned program, such as HOPE NOW (www.hopenow.com).
Smishing – New Scam Via Text Messaging
June 25, 2008
Credit unions across the country are reporting that their members are receiving unsolicited text messages. It’s an attempt at Smishing, the latest form of phishing. In Smishing, an e-mail tries to lure a recipient into giving personal information via SMS, the communications protocol used to send text messages to a wireless device. The recent scam is targeting credit union and other financial institution members.
In Smishing, the members receive a text message via cell phone warning that their bank account has been closed due to suspicious activity. It then tells them they need to call a certain phone number to reactivate the account.
Unsuspecting callers who dial the number provided in the text message will be taken to an automated voice mail box that prompts them to key in their credit card or debit card number, expiration date, and PIN to verify their information.
If you feel you have been a victim of Smishing or have a question concerning your account or credit/debit card, contact MIDFLORIDA immediately.
IRS Warns of New Scams Against Taxpayers
April 24, 2008
IRS has posted new warnings about phone and e-mail scams, both tied to this year’s economic stimulus payments and tax season, by fraudsters seeking to acquire taxpayers’ financial institution account numbers and other sensitive data.
In one of the scenarios, people have been contacted by phone and told by the caller that they need to provide their account numbers in order to get the stimulus payments. But IRS isn’t calling or e-mailing people for this information; it’s making the payments based on information in taxpayers’ tax returns.
In another case, people are receiving an e-mail with a link to a form where recipients are told they must provide information to receive their payments by direct deposit. IRS says the senders are probably really trying to get recipients’ personal and financial information so they can clean out their accounts. And taxpayers that want to receive tax refunds, or stimulus payment, by direct deposit are already instructed to provide the required information on their tax returns, it notes. For more on the latest scams reported by IRS, click here.
Federal Trade Commission Reports Spoofed Email
October 29, 2007
A bogus email is circulating that says it is from the Federal Trade Commission, referencing a “complaint” filed with the FTC against the email’s recipient. The email includes links and an attachment that download a virus. As with any suspicious email, the FTC warns recipients not to click on links within the email and not to open any attachments.
The spoof email includes a phony sender’s address, making it appear the email is from “firstname.lastname@example.org” and also spoofs the return-path and reply-to fields to hide the email’s true origin. While the email includes the FTC seal, it has grammatical errors, misspellings, and incorrect syntax. Recipients should forward the email to email@example.com and then delete it. Emails sent to that address are kept in the FTC’s spam database to assist with investigations.
Simply opening the email does not appear to cause harm. However, it is likely that anyone who has opened the email’s attachment or clicked on the links has downloaded the virus on their computer, and should run an anti-virus program. The virus appears to install a “key logger” that could potentially grab passwords and account numbers. More information about bogus emails, phishing, and virus protection is available at www.OnGuardOnline.gov.
The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to more than 1,600 civil and criminal law enforcement agencies in the U.S. and abroad. For free information on a variety of consumer topics, click http://ftc.gov/bcp/consumer.shtm.