DCCU Fraud Update:
Well, by now
you have probably heard that I got ripped off within my online DCCU
accounts. Now just how could that
happen? Don’t you view me as a computer
geek and savvy about phishing scams?
Well, I would’ve considered as much but now I feel like an absolute
buffoon. It was definitely a weaker
moment and one I would like back. Here
is a little review:
·
On
Saturday morn my bride woke me up to a suspicious transfer.
·
Instead
of one illegal transfer there were four of each $4350 equaling $17,400 total.
·
Changed
password and reported fraud and accounts were frozen.
What was the
culprit: I could use a lot of excuses, but ice and Jim Beam wasn’t one of them.
Multi-tasking was likely the problem (my wife has often warned me about that).
I was watching basketball and doing computing. After a little further review an
email phishing scam was the likely avenue in for the scammers.
Well, it is
VERY embarrassing to be open about this episode because I feel like a
fool. It’s a little like kids taught and
trained to not accept candy from a stranger.
Studies show no matter how much parents work on that training that a
good percentage of kids will ignore it.
Right now I feel like one of those kids.
Some have
asked what will be the end result, will I recover some of the lost money? I am of course pursuing that goal but the
fact is I do not know. I will report
further on that later. In the meantime,
below is the copy again of the fraudulent phishing email to DELETE. After that THERE IS A 2nd SCAM to
be aware of and some great tips offered up by Alan Price.
Subject: ATTENTION: Online Banking Security Alert FRAUD !!!
Please
note:
Very, Very Important!
IF you receive
the following email, please be aware that it is NOT from the DCCU. It
looks legitimate, but is NOT. Do not click on the link and do not give the
personal information requested - most particularly your Social Security
number. I have spoken to the Credit Union and forwarded this email
to them for follow up with their fraud department.
Amazing how
these crooks work, whether from a bank site, credit union or even your bundled
accounts for TV, internet and phone. Never give passwords, account numbers,
SS numbers, etc. when asked as the institution already has this information and
will not ask you to re-enter it over the internet.
Carole
Neubrand
DFW Delta
LINK
COPY OF FRAUDULENT EMAIL BELOW!!!!!
|
||||||
|
|
||||||
|
Dear
Customer,
Due to concerns, for the safety and integrity of the Delta Community Credit Union Online we have issued this warning message. It has come to our attention that your Delta Community Credit Union Online Banking information needs to be updated as part of our continuing commitment to protect your account for year 2012 and to reduce the instance of fraud on our website. If you could please take 3-5 minutes out of your online experience and update your personal records you will not run into any future problems with the online service. Once you have updated your account records your Delta Community Credit Union Online service will not be interrupted and will continue as normal. Please click xyz.com (actual link removed) to start the update process. If your account information is not updated within 24 hours then your ability to access your account will become restricted. Thank you. We apologize for any inconvenience. |
||||||
|
Copyright
© 2013 Delta Community Credit Union
All Rights Reserved |
||||||
+++++
Another DCCU SCAM to watch out for:
From: "noady@juno.com"
<noady@juno.com
Date: March 30, 2013, 4:26:43 PM EDT
To: mark@pilotcommunication.net
Subject: DCCU Hacking Episode
Date: March 30, 2013, 4:26:43 PM EDT
To: mark@pilotcommunication.net
Subject: DCCU Hacking Episode
Mark,
Thanks for the info about your unfortunate DCCU event.
FWIW, there's also a concurrent DCCU hacking scheme going on that people might want to watch for.
My wife opened her DCCU account yesterday to find a mysterious charge for $29.95 in her checking account. It had a clickable reference number next to it like a check. When she tried to click it, it wanted more info. She stopped and called the DCCU on the phone.
She learned that many DCCU members have recently had the same $29.95 fraudulent charge appear against their checking accounts. Some outfit called "Web World" has apparently found its way into the DCCU computers and is tapping people for this small amount.
The fix was to close down her existing accounts and open new ones...a rather complicated process best done in person at a branch as it involves redoing checks, direct deposit, ATM card, etc.
Delta put back the $29.95 in her new account. I hope they'll do the same for you !!
And she DIDN'T click on a bogus link in a phishing email. These crooks are able to find some other way into DCCU. If they can take $29.95, they can also take $17K.
Please don't use our name but feel free to pass along this info to our fellow Delta refugees. And thanks for all you do for us.
Bill
Thanks for the info about your unfortunate DCCU event.
FWIW, there's also a concurrent DCCU hacking scheme going on that people might want to watch for.
My wife opened her DCCU account yesterday to find a mysterious charge for $29.95 in her checking account. It had a clickable reference number next to it like a check. When she tried to click it, it wanted more info. She stopped and called the DCCU on the phone.
She learned that many DCCU members have recently had the same $29.95 fraudulent charge appear against their checking accounts. Some outfit called "Web World" has apparently found its way into the DCCU computers and is tapping people for this small amount.
The fix was to close down her existing accounts and open new ones...a rather complicated process best done in person at a branch as it involves redoing checks, direct deposit, ATM card, etc.
Delta put back the $29.95 in her new account. I hope they'll do the same for you !!
And she DIDN'T click on a bogus link in a phishing email. These crooks are able to find some other way into DCCU. If they can take $29.95, they can also take $17K.
Please don't use our name but feel free to pass along this info to our fellow Delta refugees. And thanks for all you do for us.
Bill
++++++
Tips on Security:
From: Alan Price <alan.w.price@gmail.com
Date: Sat, Mar 30, 2013 at 4:14 PM
Subject: How to protect yourself from internet and other thieves
To: Mark Sztanyo <marksztanyo@gmail.com
Mark,
Date: Sat, Mar 30, 2013 at 4:14 PM
Subject: How to protect yourself from internet and other thieves
To: Mark Sztanyo <marksztanyo@gmail.com
Mark,
OK. My voyage of discovery began when I received a
call from the DCCU wire transfer dept asking if
I had tried to transfer $100K from my checking account to an
address in China. I was astounded, of
course, and the DCCU very rightly wanted to verify that I
was me...and we went through a very extensive
id process via phone.
Seems that a person had hacked into my DCCU account,
transferred $100K from my HEL to my checking
account and then, had contacted the DCCU asking that this
money be wire transferred to China. They
were suspicious and played 20 questions with this person,
who knew a great deal about me, but did
not know my working dept #, which every pilot knows, and
other critical information. They told this person
they would contact him via the contact number listed on my
account.
This is where it got interesting...earlier that morning, he
had called my phone company posing as me, and reported
trouble on the line and asked that our home telephone be
transferred to "his" cell phone so he could take
some business calls while they sent a repair truck out.
Thus, when the DCCU called my home number, they
got "him" again...but they were still not buying
it. They persisted, and by this time, I received a call from the phone
company asking if the phone was now working...and said it
was never not working. Now, when the DCCU called,
they got me as the phone company has stopped the forward to
the thief's cell phone.
Two days before this attempted theft from the DCCU, the same
person I believe tried to penetrate my investment
accounts at Merrill Lynch but was foiled. He had my
account # and thought by calling ML he would be speaking
to a large company where no one knew anyone, but got my
investment advisor's administrative assistant who
knew me well and knew my voice. They foiled his plan but
this was the first clue something was amiss. I used
my laptop in Shanghai two days before all this began, but
did not access any of my financial accounts so if
someone penetrated my security, they were very clever.
There are many lessons learned, and I'll share only a
few:
1. Never, ever
use your laptop using a public Wi-Fi to access financial information.
Thieves can sit nearby in
a public place and use a "keylogger" program to
intercept and decipher your passwords. So, don't ever use
a public wi-fi for other than routine transactions, and this
goes for hotels while on the road. Don't do it!
2. At home, be sure you set us 128 bit encryption on your wireless router. Easy to do and you
never know when
someone is listening in.
3. Change your
passwords frequently. I know it's a pain but make a habit of doing
this on a periodic basis.
4. Set up telephone
passwords with your financial institutions AND your phone company.
Basically, if you set
up a password, no one can do anything to your accounts until
they provide this password. For example, I now
have an audio password with my phone company, with my
investment advisor, and with the DCCU and my
other bank accounts. When I call in, they ask me for my
password first thing - this is both the first line of defense
and the last thing a thief can penetrate. So simple but so
very important.
5. Freeze your
credit for both you and your spouse with all 3 credit reporting agencies
(Experian, TransUnion,
and Equifax). You can freeze your credit online with
each for a very nominal fee. Once this is done, you
will receive a PIN that allows you to "unthaw"
your credit when you wish to give someone access to your
credit history, such as when you refi, or apply for a new
credit card or loan. While this is a small hassle, it
is essential to do and will go a long way to prevent
unauthorized access to your accounts. I've found that
of the 3 credit agencies, Equifax is the most difficult to
deal with but not so bad as to not be worth the hassle.
If you have been the victim of a theft, like Mark recently,
fill out a police report and report to the US Government
dept of consumer affairs which you can access online.
Filing out a police report will allow you, in Georgia and
many other states, to freeze and thaw your credit history
without charge...this is by law. Don't expect the police
to do anything...my experience is that they are snowed with
similar cases to yours and simply do not have the
skill or resources to pursue each case. The DCCU was
able to identify the computer used to attempt the theft
from my accounts, and I dutifully reported this to the
police who promptly did nothing.
6. Be security
conscious. For example, do not ever respond to emails purporting to
be from your financial
institutions...they don't do business this way. Always give
them a call via phone to confirm when you get
suspicious emails.
Where it asks you to sign your credit cards, write in bold
letters "Ask for ID"...and when you present it, the
cashier should do just that. If stolen, this is a way
to prevent unauthorized use when someone tries to
present the card...they will not have appropriate ID.
Check your receipt when you make credit card purchases.
There is a version of a scam where the cashier
keeps cash from your credit card, when you did not ask for
cash back...so, check the receipt to insure the
amount is correct and there are not suspicious notations on
the receipt.
Phones are a huge target of thieves these days. Be security
conscious with your phones, and do not give
confidential information over the phone and be aware your
data base could be accessed and compromised.
Use a password to unlock your phone as a basic precaution.
Never, ever send confidential information via email.
If you need to send passwords, account numbers,
etc. to someone, send them a fax or find another means to
get it to them.
Stay situationally aware. Thieves may be watching you
physically or electronically, so your SA is
very important.
There are many others techniques but the ones I've listed
are from the school of hard knocks. One final
thought...LifeLock is good for what it does. Would not have
prevented access to your bank accounts, but
could prevent other types of illegal access...but, if you
freeze your credit history, you have done more than
any of these companies will ever do to prevent unauthorized
access to your credit history and accounts.
Stay well, be of good cheer, and peace be with you this Easter weekend.
Best regards,
Alan Price
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Full post disclaimer in left column. PCN Home Page is located at: http://pcn.homestead.com/home01.html
No comments:
Post a Comment