FTC warns of mortgage loan audit scam 5-11-10
Fraud
Awareness 12-21-09
Safety tips that
reduce your exposure to fraud 10-09
Fraud PreventionTheft – Prevention, Protection, Detection and ActionWe break down what identity theft is, what it can cost victims, and what you can do to protect your most valuable asset – your identity.
|
NACHA Phishing Alert (2/22/11) Email Claiming to be from the “Electronic Payments Association”
NACHA — The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA and signed by a non-existent NACHA employee. Specifically, this email claims to be from the “Electronic Payments Association” and appears to be coming from the email address “payments@nacha.org.” See a sample of the email below.
Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.
Always use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software applications security patches are installed and current.
Be alert for different variations of fraudulent emails.
With the number of scams circulating, it is always important to be on guard for the solicitor that claims he/she is from JHFCU, or even another financial institution, and requests sensitive information. Johns Hopkins Federal Credit Union will NEVER ask you to verify your sensitive JHFCU account or personal information via an unsolicited phone call, text message, or e-mail. Contact us at 410-534-4500 (or 1-800-JHFCU-70) immediately if you are asked for JHFCU account information by phone, email, text or any other suspicious manner, or if someone leaves you a message requesting information. If you are unsure, simply ask for their name (if it's by phone) and say that you will call them back at the JHFCU office. Either way, contact us if you are ever unsure of a recent communication you have had with JHFCU!
= = = = = Sample Email = = = = = =
From: payments@nacha.org [mailto:payments@nacha.org]
Sent: Tuesday, February 22, 2011 7:32 AM
To: Doe, John
Subject: ACH transaction rejected
The ACH transaction, recently sent from your checking account (by you or any other person), was cancelled by the Electronic Payments Association.
Please click here to view report
------------------------------------------------------------------
Otto Tobin,
Risk Manager
= = = = = = = = = = = = = = = = = = =
If you log in to your account and a screen appears asking for your Card Information (card number, card security code, and PIN) do NOT enter the information. There could be a Trojan or virus on your PC—please run a virus scan and/or have your PC checked by an IT security expert. Also, please report the occurrence to JHFCU by calling 410-534-4500. JHFCU will NEVER ask you to provide a card number or PIN on our website or via an email to confirm your identity, and you should consider any request for that information to be a fraudulent phishing attempt. (If a screen appears asking your Security Challenge questions, that is an appropriate screen—you can choose to enroll your PC to avoid those questions in the future).
More Information: click here
May 11, 2010 – Federal Trade Commission warning against a home foreclosure rescue scam that begins with “rescue” professionals offering audit services for a fee. In the scam, as explained in a recent FTC consumer alert, the homeowner pays several hundred dollars up front to have a “forensic loan auditor,” “mortgage loan auditor” or “foreclosure prevention auditor” backed by “forensic attorneys” review the homeowner’s loan documents to see if the lender complied with state and federal mortgage lending laws. The auditors claim their reports can be used to avoid foreclosure, accelerate the loan modification process, reduce loan principal or cancel the loan. The FTC notes that there is no evidence such an audit can result in any kind of mortgage relief, even if it’s done by a licensed, trained practitioner. It says if there are errors in the loan documents, the borrower may be able to sue, but the lender won’t be required to modify the loan to make it more affordable. Cancelling the loan, it adds, will mean loss of one’s home and an obligation to return borrowed funds to the lender.
The alert was posted on the FTC’s website Friday; for the full
alert go to: FTC
consumer alert
In
the past, some of our members have received fradulent e-mails claiming
to be from JHFCU. The e-mails claim that you have been locked out of your
account and want you to verify your identity, but they are really scams
trying to steal your identity. There are some indicators you can look
out for to tell whether an e-mail is from a legitimate source, like JHFCU
or the National Credit Union Administration (NCUA), or people scamming
for your personal information.
If you receive an e-mail from a seemingly legitimate organization, which may include an authentic-looking sender address and/or offical organization logos, look at it closely for the following tell-tale signs of phishing:
If you suspect the e-mail is fradulant, contact the purported sender to verify its authenticity. DO NOT respond to the e-mail or click on any of its links. The Credit Union keeps a running list of phishing e-mails that appeared to be from us, but did not actually come from JHFCU. To view these e-mails, click here. You may also read our identity theft article (PDF), which includes informaiton about phishing and ways to protect your personal information.
Get information about the availability of the Federal Trade Commission’s online guidance regarding steps to protect against identity theft.
1. What is malware?
Malware – formed from the words malicious and software
– is a general term used by computer professionals to refer to many
different kinds of computer software designed to infiltrate or damage
a computer system without the owner’s knowledge or consent. Malware
includes computer viruses, worms, trojan horses, spyware and many other
malicious and unwanted software types.
2. How can a malware infection occur?
Malware can infect a user’s computer through many paths, including
pop-up messages that ask users to download things, links in web pages
or e-mails, infected websites and many other methods that can sometimes
even be invisible to the user. Malware is often used in conjunction with
phishing scams.
3. What are the consequences of malware?
At a minimum, malware is a nuisance, sometimes displaying unwanted advertising
or using a user’s computer to send spam. At its worst, malware has
the potential to steal personal and financial information ranging from
browsing habits to e-mail address lists to online banking passwords and
even identity theft.
4. How can you protect yourself against mailware?
While there is no single fool-proof method, users should keep their anti-virus
software up to date and running and keep their operating systems and applications
updated with the latest patches from the manufacturers.
Other common suggestions include exercising extreme caution with e-mail links and attachments and using firewalls to protect information on personal computers. Also look for login windows or messages that appear strange or different, which could be signs that your computer has been affected with malware.
5. What should we do if one of our end users is affected by malware?
JHFCU cannot give specific remediation advice in connection with malware.
Just remember to remain vigilant to the risks of malware, phishing and
other suspicious activities by taking steps to minimize risk. 
First there was “phishing,” where potential thieves would try to get your personal information by sending you a fake e-mail claiming to be from a legitimate financial institution or company, like PayPal. Now scam artists have come up with a similar ruse, known as “vishing,” which is basically phishing by phone.
Vishing scams come in two varieties. The first is conducted solely by phone. A consumer is called, usually by an automated dialer, and told that the privacy of their credit card or bank account has been compromised. They are then told to call back a certain number immediately to “verify” their information.
The second type of vishing is just like the first, except that the intended victim gets an e-mail instead of a call. The message is like that of a phishing e-mail, but instead of clicking on a link, the person is asked to call a certain number.
Either way, when the consumer calls the number, they reach an automated voice response system that asks the consumer to enter things like their account number, password, birth date, and Social Security number. As the unsuspecting consumer enters the information on their keypad, the crook records their keystrokes.
If you are unsure of any call you receive from JHFCU, simply ask for their name and say that you will call them back at the JHFCU office (410-534-4500 or 1-800-JHFCU-70).
Be on the look out for text messages claiming to be from your financial institutions. These are most likely a scam. The message urges the recipient to call a number provided for information about account discrepancies and then solicits individual account information and pin numbers. Financial institutions will never alert you to a problem with your account through a text message. If you receive a text message claiming to be from a financial instituion it is most likely a scam. Do not respond to it and do not go to any websites they may direct you to.
Johns Hopkins Federal Credit Union will NEVER ask you to verify your sensitive JHFCU account or personal information via an unsolicited text message.
Along with the vulnerabilities that Microsoft patched Tuesday, the software giant's customers have a new problem to grapple with: a fake notification e-mail that looks remarkably legitimate.
Attackers are apparently taking advantage of Microsoft's Patch Tuesday to send legitimate-looking e-mails that include a Trojan virus. Trojan.Backdoor.Haxdoor allows attackers to execute files and steal information from compromised computers. The fake mailing includes a legitimate-looking PGP signature, as well as purporting to come from a real Microsoft employee.
Christopher Budd, a security program manager in the Microsoft Security Response Center, offers this perspective on the e-mails in a security posting:
We received some questions from customers about an e-mail that's circulating that claims to be a security e-mail from Microsoft. The e-mail comes with an attached executable, which it claims is the latest security update, and encourages the recipient to run the attached executable so they can be safe. While malicious e-mails posing as Microsoft security notifications with attached malware aren't new (we've seen this problem for several years) this particular one is a bit different in that it claims to be signed by our own Steve Lipner and has what appears to be a PGP signature block attached to it. While those are clever attempts to increase the credibility of the mail, I can tell you categorically that this is not a legitimate e-mail: it is a piece of malicious spam and the attachment is malware. Specifically, it contains Backdoor:Win32/Haxdoor."
Dancho Danchev at ZDNet's Zero Day ponders whether the timing of this malware campaign will affect its success rate.
"Compared to the recent targeted malware attack against U.S schools, and the massive fake CNN news items campaign taking advantage of client-side vulnerabilities, this one is definitely going to have a lower success rate--no matter the timing," Danchev writes.
Source: http://news.cnet.com/8301-1009_3-10066541-83.html; Posted by Steven Musil, (accessed 10-17-08).
Check to see if you need updates for your hardware or your devices:
Microsoft: http://www.update.microsoft.com/
