Member Security &
Fraud Prevention Tips

Scammers are taking advantage of fears surrounding the Coronavirus

Scammers are at it again, this time preying on the fears many have of the Coronavirus. They’re setting up websites to sell bogus products, and using fake emails, texts, and social media posts as a ruse to take your money and get your personal information.

Be on the lookout for these types of scams:

• Unemployment Benefits scams: Be wary of anyone reaching out regarding unemployment benefits due to a current fraud scam. Read more
• Testing scams: Scammers are selling fake at-home test kits or going door-to-door performing fake tests for money.
• Treatment scams: Scammers are offering to sell fake cures, vaccines, and advice on unproven treatments for COVID-19.
• Supply scams: Scammers are creating fake shops, websites, social media accounts, and email addresses claiming to sell medical supplies currently in high demand, such as surgical masks. When consumers attempt to purchase supplies through these channels, fraudsters pocket the money and never provide the promised supplies.
• Provider scams: Scammers are contacting people by phone and email, pretending to be doctors and hospitals that have treated a friend or relative for COVID-19, and demanding payment for that treatment.
• Charity scams: Scammers are soliciting donations for individuals, groups, and areas affected by COVID-19.
• Phishing scams: Scammers posing as national and global health authorities, including the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC), are sending phishing emails designed to trick recipients into downloading malware or providing personal identifying and financial information.
• App scams: Scammers are creating and manipulating mobile apps designed to track the spread of COVID-19 to insert malware that will compromise users’ devices and personal information.
• Investment scams: Scammers are offering online promotions on various platforms, including social media, claiming that the products or services of publicly traded companies can prevent, detect, or cure COVID-19, and that the stock of these companies will dramatically increase in value as a result. These promotions are often styled as “research reports,” make predictions of a specific “target price,” and relate to microcap stocks, or low-priced stocks issued by the smallest of companies with limited publicly available information.

Always remember:

• During times like these crooks are out in full force and you should never let anyone send you funds that they then request you send back.
• Independently verify the identity of any company, charity, or individual that contacts you regarding COVID-19.
• Check the websites and email addresses offering information, products, or services related to COVID-19. Be aware that scammers often employ addresses that differ only slightly from those belonging to the entities they are impersonating. For example, they might use “cdc.com” or “cdc.org” instead of “cdc.gov.”
• Be wary of unsolicited emails offering information, supplies, or treatment for COVID-19 or requesting your personal information for medical purposes. Legitimate health authorities will not contact the general public this way.
• Do not click on links or open email attachments from unknown or unverified sources. Doing so could download a virus onto your computer or device.
• Make sure the anti-malware and anti-virus software on your computer is operating and up to date.
• Ignore offers for a COVID-19 vaccine, cure, or treatment. Remember, if there is a medical breakthrough, you won’t hear about it for the first time through an email, online ad, or unsolicited sales pitch.
• Check online reviews of any company offering COVID-19 products or supplies. Avoid companies whose customers have complained about not receiving items.
• Research any charities or crowdfunding sites soliciting donations in connection with COVID-19 before giving. Remember, an organization may not be legitimate even if it uses words like “CDC” or “government” in its name or has reputable looking seals or logos on its materials. For online resources on donating wisely, visit the Federal Trade Commission (FTC) website.
• Be wary of any business, charity, or individual requesting payments or donations in cash, by wire transfer, gift card, or through the mail. Don’t send money through any of these channels.
• Be cautious of “investment opportunities” tied to COVID-19, especially those based on claims that a small company’s products or services can help stop the virus. If you decide to invest, carefully research the investment beforehand. For information on how to avoid investment fraud, visit the U.S. Securities and Exchange Commission (SEC) website.
• For the most up-to-date information on COVID-19, visit the Centers for Disease Control and Prevention (CDC) and World Health Organization (WHO) websites.

Fake CDC Emails

Watch out for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other government agencies or organizations claiming to offer information on the virus. The emails and posts may be promoting awareness and prevention tips, and fake information about cases in your neighborhood. They also may be asking you to donate to victims, offering advice on unproven treatments, or contain malicious email attachments. Here are some tips to help you keep the scammers at bay:

• Don’t click on links from sources you don’t know. It could download a virus onto your computer or device. Make sure the anti-malware and anti-virus software on your computer is up to date.
• Watch for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or experts saying that have information about the virus. The best sources for authoritative information on COVID-19 are www.cdc.gov and www.coronavirus.gov. You may also consult your primary care physician for guidance.
• Ignore online offers for vaccinations. If you see ads touting prevention, treatment, or cure claims for the Coronavirus, ask yourself: if there’s been a medical breakthrough, would you be hearing about it for the first time through an ad or sales pitch?
• Do your homework when it comes to donations, whether through charities or crowdfunding sites. Don’t let anyone rush you into making a donation. If someone wants donations in cash, by gift card, or by wiring money, don’t do it.
• Beware of fake government agencies promoted by fraudsters. Government agencies do not communicate through social media outlets, such as Facebook. Never pay a fee for a government grant. A government agency will never request an advanced processing fee to receive the grant. Please visit here to obtain the official list of U.S. federal grant-making agencies.
• Be alert to “investment opportunities.” The U.S. Securities and Exchange Commission (SEC) is warning people about online promotions, including on social media, claiming that the products or services of publicly-traded companies can prevent, detect, or cure coronavirus and that the stock of these companies will dramatically increase in value as a result.
• Be cautious of phishing emails and calls/texts claiming an individual’s government check is available and asking for account information for deposit.

Phishing emails may also claim to be related to:

• Charitable contributions
• General financial relief
• Airline carrier refunds
• Fake cures and vaccines
• Fake testing kits
• Government Checks

Inspector General Warns Public About New Social Security Benefit Suspension Scam

The Social Security Office of the Inspector General has received reports that Social Security beneficiaries have received letters through the U.S. Mail stating their payments will be suspended or discontinued unless they call a phone number referenced in the letter. Scammers may then mislead beneficiaries into providing personal information or payment via retail gift cards, wire transfers, internet currency, or by mailing cash, to maintain regular benefit payments during this period of COVID-19 office closures.

Social Security will never:

• Threaten you with benefit suspension, arrest, or other legal action unless you pay a fine or fee:
• Promise a benefit increase or other assistance in exchange for payment;
• Require payment by retail gift cared, cash wire transfer, internet currency, or prepaid debit card;
• Demand secrecy from you in handling a Social Security-related problem; or
• Send officials letter or reports containing personally identifiable information via mail.

If you received a letter, text, call or email that you believe to be suspicious, about an alleged problem with your Social Security number, account, or payments, hang up or do not respond. We encourage you to report Social Security scams using our dedicated online for at https://oig.ssa.gov.

Cyber Hygiene and Security Measures

The FBI is reminding you to always use good cyber hygiene and security measures. By remembering the following tips, you can protect yourself and help stop criminal activity:

• Do not open attachments or click links within emails from senders you don’t recognize.
• Do not provide your username, password, date of birth, social security number, financial data, or other personal information in response to an email or robocall.
• Always verify the web address of legitimate websites and manually type them into your browser.
• Check for misspellings or wrong domains within a link (for example, an address that should end in a “.gov” ends in .com” instead).

Seniors are being targeted through a Facebook post informing them that they can get a special grant to help pay medical bills. The link within the post takes them to a bogus website claiming to be a government agency called the “U.S. Emergency Grants Federation” where they are asked to provide their Social Security Number under the guise of needing to verify their identity. In other versions, fraudsters claim individuals can get additional money, up to $150,000 in some cases. The victims are asked to pay a “processing fee” to receive a grant.

Scammers continue to take advantage of lonely hearts

Millions of people, including credit union members, look to online dating or social networking sites to meet someone. But instead of romance, many unknowingly find a scammer. Cyberspace scammers are eager to take advantage of lonely hearts by setting up fake accounts on social media or dating sites to establish fraudulent relationships and get them to send money. In fact, the median loss of romance / sweetheart scams as reported by the Federal Trade Commission (FTC) is $2,600 and for people over 70 was over $10,000.

Scammers continue to fake online dating profiles using photos or other people to lure their victims. People reported losing $143 million to romance and sweetheart scams according to the FTC. The scammers strike up a relationship with their targets to build their trust, sometimes talking or chatting several times a day. The scammers quickly profess their love and tug at the victim’s emotions with fake stories and their need for money.

By using popular social media sites – like Instagram, Facebook, or Google Hangouts – scammers make the connection quickly and con their victims into wiring money or sending gift cards from vendors like Amazon.

Another variation is where victims are duped into providing online banking login credentials. The scammer then logs into the account and uses the account-to account/external transfer feature to initiate ACH debits against accounts at other institutions pulling funds into the victim’s account for deposit, or deposit fraudulent checks via mobile remote deposit capture. The victim is instructed to send the funds to the scammer by Western Union or MoneyGram. The ACH debits are subsequently returned to the credit union as unauthorized up to 60 days later, and checks are returned unpaid.

• A few red flags of these romance / sweetheart scams:
• String you along but never want to meet in person
• Scammers often say they’re living / traveling outside of the United States
• Hint they’re having money trouble and ask for money, personal info, or account number
• Often need money for emergencies, hospital bills, or travel.
• Never send money or gifts to a sweetheart you haven’t met in person – never wire money, put money on a gift or re-loadable card, or send cash to an online love interest.

It’s tax season and scammers are already at it. Please beware of the following:

• A scare campaign using robocalls claiming that law enforcement is going to suspend or cancel the call recipient’s Social Security number (SSN) in response to taxes owed. This scam often tricks people into calling these numbers back, even though according to the Federal Trade Commission (FTC), a person’s Social Security number will never get suspended. Remember, the IRS only contacts taxpayers through snail mail or in-person.
• Another tax scam involves emails and impersonators claiming to be from the IRS either reminding you to file your taxes or offering you information about your refund. These emails involve spoofed websites to collect any information you input thereby facilitating identity theft. They can also infect your computer with malware, allowing fraudsters to steal more data.
• Since many know that the IRS doesn’t ask for money over phone or email, scammers are sending out letters. This letter claims to be from the Bureau of Tax Enforcement and may mention the IRS, demanding immediate payment. While these letters look legitimate, the Bureau of Tax Enforcement does not exist.
• Scammers are posing as tax professionals, however, they are really ghost tax preparers that will take money to prepare your taxes but won’t sign the return, making it look like you did the work yourself. Ghost preparers often lie on the return to make you qualify for credits you haven’t earned or apply changes that will get you in trouble. Since they don’t sign, you’ll be responsible for any errors. At best, you’ll have to repay the money owed. At worst, you could be looking at an audit.

Fraudsters are always on the hunt for ways to scam consumers out of their hard-earned money, that includes gift cards too either bought online or in stores! Here are a few of the most common types of gift card scams:

Fake Online Listings Scam
You find an item advertised online such as concert or event tickets, a vehicle, pet, or rental property and are instructed to make a payment using a branded gift cards sold online, and provide your claim codes via email or phone. The item is often priced far below market value and the seller may claim they need to sell the item quickly because of a life event that creates a sense of urgency, such as moving, divorce, death of a loved one, or military deployment. The scammer also may claim that following a payment for the goods, you will receive the item and may even end a fake receipt. Always be suspicious of anyone who contacts you and demands money quickly; no legitimate seller would require you to pay for the item in gift cards.

Boss Scams
You receive an unexpected/unsolicited email or text message from your boss or a leader in an organization you are involved in requesting that you purchase branded gift cards and send the cards or the claim codes to that person. Typically, the message will say that the gift cards will be used for some purpose within the company (e.g., employee incentives, client appreciation, charitable donations). The scammer may claim they are out of town, in a conference call, or otherwise engaged and that is why they need you to make the purchase for them.

We suggest you immediately try to contact your boss or the leaders of your organization directly using a phone number/email that you know is theirs. Always be suspicious of anyone who contacts you and demands money quickly.

Unsolicited phone call from scammers claiming to be from Unitus
Scammers are using fake caller ID information to trick you into thinking they’re someone who can be trusted. The practice is called “caller ID spoofing,” and scammers can fake anyone’s phone number. You may receive an unsolicited call from someone stating they are a member of Unitus’ Member Service Department. They may say your account is frozen and you need to purchase a Unitus or branded gift card(s) and provide the claim codes over the phone in order to remove the freeze on your account. Other things they might ask for are your Unitus uOnline password, full credit card ID or credit union account number.

Unitus will never call or ask for sensitive information such as your account number, password, card number, PIN or 3-digit security code. If you receive a call, text, or email from someone claiming to represent Unitus requesting this information, please do not respond.

Family emergency scams
You receive an unexpected phone call or unsolicited email from an individual claiming to be a lawyer, law enforcement agent, hospital employee, or other representative for a family member in distress who needs your immediate financial help. Some callers may even try to impersonate your family member or friend. You may be instructed to purchase Unitus gift cards or another branded gift card to resolve the situation.

We suggest immediately contacting your family member directly using a phone number that you know is theirs, or contact another relative who can assist you. Always be suspicious of anyone who contacts you and demands money quickly.

Unpaid debt and tax scams
You receive an unexpected phone call or unsolicited email to make a payment for taxes, fines, bail money, utility bills, or other unexpected fees. The scammer may claim you owe a past due amount as a result of miscalculation of your taxes; or the scammer may claim that you are owed a tax refund, prize, or rebate but must first make a payment for administrative fees with a gift card.

If you receive a call from someone claiming to be from the IRS and asking for money, you should never give out personal information. Report the call to the IRS using their IRS Impersonation Scam Reporting web page or by calling the IRS at 1.800.366.4484.

Job offer scams
You receive an unexpected phone call suggesting you apply for a Unitus job where you can work from home. You may be told that you can work your own hours, and make thousands of dollars a month. Once the scammer informs you that you’ve received a job offer, they may request that you pay a start-up fee or purchase a starter kit with a Unitus gift card.

We recommend that you do not respond to employment opportunities from cold-callers, over email, or on websites claiming to be affiliated with Unitus. Any Unitus job opportunities will be posted on the Unitus Careers page, and will not require you to purchase equipment or pay any initiation fees.

Here are some ways you can keep your credit and debit cards secure.

• Download the Unitus Card Guard mobile app.
• Sign up for Unitus fraud text alerts.
• Sign your new credit or debit card immediately after receiving it.
• Never carry your PIN and card together. If you can memorize your PIN, shred any documents containing the number. If you prefer to have a reference copy, store it in a different place from your card.
• Shred or cut up your old cards as soon as they expire or are no longer active.
• Shred any receipts of purchases made using your card.
• If you suspect your card is lost or stolen, report it to Unitus immediately.

Sign Up For Text Message Alerts

For fraudsters, your computer can be a gateway to personal information. Stay secure with these steps.

• Install anti-virus and anti-spyware on your computer. There are many products available to deter criminals from accessing your personal information through your computer.
• Add a firewall to your computer to prevent unauthorized users from accessing your system.
• Install all software fixes (also called “service packs”) available for your computer programs as soon as possible. These often fix newly discovered security weaknesses.
• Use a current web browser. The newer the version, the more likely it is to keep you safe online.
• Activate a pop-up blocking tool. Pop-ups are still a favorite of fraudsters, hiding malicious software behind enticing offers like promises of cash or other prizes.

Learn More Ways To Prevent Fraud

Minimize your mobile risk with these steps:

• Keep your device software up to date for the latest security protection.
• Use a PIN or password to unlock your device. Make it different from your other passwords.
• Use a biometric login if your device has a fingerprint sensor.
• Only download apps from reputable sources such as the Apple App Store or Google Play Store.
• Be suspicious of email and social media requests from strangers. Social media sites are a favorite target for fraudsters.
• Always look for “https” in the URL when browsing or shopping online. This indicates an added level of security for that site.
• Don’t open text messages if you’re uncertain of the source. The message may contain malicious software that could compromise your device. When in doubt, delete the text.

Read More Mobile Banking FAQs

• Common types of fraud to be on the lookout for.
• Keep personal or account information tucked away in a single place where only you and trusted individuals know where to find it.
• Provide information only to trusted sources. Never give information to individuals with whom you did not initiate the contact, or have not confirmed their business or identity.
• Reduce the amount of mail sent to you. Envelopes can be stolen from your mailbox or trash. Choose electronic statement options (Unitus offers this service through uOnline or over the phone at our contact center).
• Opt-out of pre-approved credit offers by calling (888) 567-8688 or visiting optoutprescreen.com.
• Frequently monitor your account statements and history online for unauthorized transactions.
• Check your credit report for discrepancies on a regular basis. You can obtain a free credit report from each reporting agency once a year by visiting AnnualCreditReport.com.

Learn How To Stay Safe At ATMs