Fraud Archives - SRI Federal Credit Union

don't get caught up in an overpayment sacm!

All You Need to Know About Overpayment Scams

Great news – you’ve just received a check, and you’ve been overpaid! But there’s a catch: the check writer wants you to send the surplus back to them. Unfortunately, though, if you follow these directions, you’ll be buying right into a scam.

Overpayment scams are fairly common, and for the unaware, they can be difficult to spot. Let’s take a look at these scams and what you need to know to avoid falling victim to these ruses.

What is an overpayment scam?

In an overpayment scam, fraudsters target an individual who’s selling a large item online, such as a car. The scammer will reach out to the seller, offering to buy their car for more than the asking price. Then, they’ll send the seller payment in the mail.

At this point, the seller is thrilled. But, when the check comes, it brings with it a surprise – they’ve been overpaid. Soon after, the alleged buyer contacts the seller to ask them to refund the surplus. The seller may think it’s strange, but they comply, not wanting to keep money that isn’t theirs. The next thing they know, the original check hasn’t cleared and they realize they’ve been scammed. Not only have they not been paid for the purchase they believed the check writer was buying, but they’ve also lost the money they’ve sent back to the scammer.

Red flags

When selling an item on an online platform, look out for these red flags, which can alert you to a possible overpayment scam:

You’re offered more than your asking price for an item you’re selling online.
You get paid more than you’re owed for an item you’re selling.
You’re urged to act quickly and take up a buyer on an offer or risk having them pull the offer off the table.
You’re asked to refund an overpayment via wire transfer or prepaid debit card.

If you encounter any of these red flags while trying to sell an item online, do not engage with the “buyer.” Block their email address and mark it as spam to avoid further contact from the scammer. You may also want to report them to the platform you’re selling the item on to help stop them from reaching out to others.

How to avoid overpayment scams

The FTC offers the following tips for avoiding overpayment scams when selling online:

Always know who your buyer is. Confirm the buyer’s name, street address and telephone number independently.
Never accept payment for more than your selling price.
Never agree to finalize a transaction until the buyer’s check has completely cleared. This can take several days.
Never agree to wire funds back to a buyer.
Don’t be tempted by offers that urge you to “act now.” If a buyer is offering you a price that seems too good to be true, it may just be a scam. Slow down, and research the buyer thoroughly before reaching any agreements.
It’s best not to accept payment by a check from an unknown buyer.
If you do accept payment by check, ask for a check that’s associated with a local bank, or a bank with a local branch. This way, you can visit the bank to determine if the check is authentic. If you cannot get a check from a local bank, ask for the bank’s phone number and call it to verify its validity.
If cash is not an option and you want to avoid checks, consider an alternative method of payment, such as an escrow service or online payment service. If the buyer wants to use a service with which you are not familiar, verify its legitimacy before agreeing to accept payment from this service. You can research its website, customer service hotline, read its customer reviews and more.

If you’ve been targeted

If you believe you’ve been targeted by an overpayment scam, there are steps you can take to mitigate the damage.

First, report the scam to your financial institution, as they may be able to reverse the payment. Next, alert the FTC at ftc.gov so they can do their part in catching the criminals. Finally, you can let your local law enforcement agencies know about the scam and warn your friends and family about it as well.

Don’t get caught in an overpayment scam! Use this guide to stay safe.

Posted in Financial Literacy, Fraud, Hello World

Protecting Our Members After the NationalPublicData.com Breach

In today’s digital landscape, data breaches have become all too common. The most recent incident involves a hacker known as “USDoD,” who allegedly breached the systems of National Public Data, a company that aggregates data to provide background checks. This breach, which is believed to have started in or around April 2024, resulted in the theft of personal records that were later posted for sale and eventually released by other criminal groups onto the dark web.

As a credit union committed to the security and privacy of our members, we want to keep you informed about this incident and provide you with actionable steps to protect yourself from potential fraud and account takeovers.

Understanding the Breach

The breach at National Public Data exposed a significant amount of personal information. While this breach did not directly involve our credit union’s systems, the compromised data could still affect our members if their personal details were included. Currently, available information suggests that this breach involved personal information—such as names, addresses, contact information, and potentially Social Security numbers—not credit or debit card information. At this time, we do not believe card data was compromised in this event.

How This Could Affect You

Even though credit and debit card information was not compromised, the exposure of personal data still poses a risk. Cybercriminals may use this information to engage in identity theft, phishing scams, or account takeovers. They could impersonate you, gain unauthorized access to your accounts, or create new accounts in your name.

Steps to Protect Yourself

Monitor Your Accounts Regularly:
- Keep a close eye on your credit union accounts and any other financial accounts you may have. Look for any unfamiliar transactions or changes. If you notice anything suspicious, report it to us immediately.
Enable Two-Factor Authentication (2FA):
- Wherever possible, enable 2FA on your accounts. This extra layer of security requires you to verify your identity through a second method, such as a text message or an authentication app, making it harder for unauthorized users to access your accounts.
Update Your Passwords:
- Change your passwords, especially for any accounts associated with the email address or phone number potentially exposed in the breach. Use complex passwords that combine letters, numbers, and symbols, and avoid reusing passwords across different accounts.
Be Wary of Phishing Attempts:
- Be cautious of emails, texts, or calls that ask for personal information or prompt you to click on links. Fraudsters often use this information to trick you into giving away your credentials. Always verify the sender’s identity before responding.
Check Your Credit Reports:
- Regularly review your credit reports for any new accounts or inquiries you don’t recognize. You can obtain free credit reports annually from each of the three major credit bureaus at AnnualCreditReport.com.
Place a Fraud Alert or Credit Freeze:

Fraud Alert: A fraud alert is a warning placed on your credit report that tells creditors to take extra steps to verify your identity before issuing credit in your name. This can be particularly helpful if you believe your personal information may have been compromised, as it makes it harder for identity thieves to open new accounts.

How to Place a Fraud Alert:

- You can request a fraud alert by contacting any one of the three major credit bureaus (Equifax, Experian, TransUnion). Once you place the alert with one bureau, they are required to notify the other two, so your alert is added to all three of your credit reports.
- The initial fraud alert lasts for one year and can be renewed if necessary. You can also request an extended fraud alert, which lasts for seven years, if you have a police report or other documentation showing you’ve been a victim of identity theft.

Credit Freeze: A credit freeze (also known as a security freeze) is a more robust protection that locks your credit report, preventing creditors from accessing it entirely. This means that new credit accounts cannot be opened in your name while the freeze is in place. Unlike a fraud alert, a credit freeze does not expire and remains in place until you remove it.

How to Place a Credit Freeze:

- To place a credit freeze, you must contact each of the three major credit bureaus individually. Here’s how:
  - Equifax: Visit the Equifax website or call their automated line to request a freeze.
  - Experian: You can place a freeze online through the Experian website or by phone.
  - TransUnion: TransUnion also allows you to freeze your credit via their website or by calling their support number.
- You will be provided with a PIN or password when you place the freeze. Keep this information secure, as you’ll need it to lift the freeze if you want to apply for credit in the future.
- It’s important to note that a credit freeze does not affect your existing accounts, nor does it prevent you from using your credit cards. It only stops new creditors from accessing your credit report.
Report Suspicious Activity:
- If you believe your identity has been compromised, report it immediately to the Federal Trade Commission (FTC) at IdentityTheft.gov. Also, contact your financial institutions to notify them of the potential fraud.

Our Commitment to Your Security

At SRI Federal Credit Union, your security is our top priority. We are continuously monitoring our systems and taking proactive measures to protect your accounts. We also encourage you to take these precautions to safeguard your personal information. If you have any questions or concerns, please do not hesitate to reach out to our member services team.

Together, we can protect your financial well-being and maintain the trust you’ve placed in us.

Posted in Financial Literacy, Fraud, Hello World

All You Need to Know About One-Time Password Scams

One-time passwords (OTPs) are a crucial security feature in our digital age by offering an extra layer of protection for online transactions and account logins. Unfortunately, though, scammers often try to hijack these codes to steal sensitive information, money, or both.

Here’s what you need to know about one-time password scams and how to avoid them.

What is a one-time password scam?

One-time password (OTP) scams are designed to trick individuals into sharing their OTPs, which scammers then use to gain unauthorized access to accounts. Here are the various ways these scams go down:

Phishing scams. Here, cybercriminals send fake emails or text messages that appear to be from legitimate sources, such as credit unions or banks, online retailers, or social media platforms. These messages often contain urgent requests to verify your account or resolve an issue, prompting you to enter your OTP on a fraudulent website.
Vishing (voice phishing). In this scam, scammers call victims pretending to be from a reputable organization, such as a bank or government agency. They may claim suspicious activity on your account and request your OTP to secure your account, exploiting your trust and urgency.
Man-in-the-middle attacks. In this method, attackers intercept communications between you and a legitimate service provider. When you request the OTP, an attacker captures it and uses it to gain access to your account.
Social engineering. Scammers use psychological manipulation to trick you into revealing your OTP. They may impersonate friends, family, or colleagues, convincing you that sharing the OTP is necessary for a legitimate purpose.

Whichever method is deployed in an attempt to steal your OTP, the scammer will then use it to access your accounts and possibly steal your identity

Red flags

Avoid falling victim to a one-time password scam by watching out for these red flags:

Unexpected requests. Be cautious of unsolicited messages or calls asking for your OTP. Legitimate organizations typically won’t ask for your OTP unless you’re actively engaged in a transaction or login process.
Urgency and threats. Scammers often create a sense of urgency, claiming that immediate action is required to prevent account suspension or fraud. For example, a text message allegedly sent from your financial institution may claim you have 10 seconds to input the one-time password to verify your account. This tactic can make you act without thinking.
Unusual sender information. Check the sender’s email address or phone number carefully. Often, scammers use addresses or numbers that are slightly altered versions of legitimate ones.
Suspicious links. Hover over links in emails or messages to see the actual URL before clicking. Be wary of links that don’t match the official website of the organization they’re purportedly from.
Generic greetings and language. Scammers often use generic greetings like “Dear Customer” to send out mass emails. Their missives also tend to have spelling or grammatical errors. Legitimate communications are usually more personalized, professional, and proofread.

Protect yourself

Staying safe from OTP scams requires vigilance and adopting best practices for online security. Here are some steps you can take:

Never share your OTP. Treat your OTP like your password — never share it with anyone, even if they claim to be from a trusted organization.
Verify the source. If you receive a request for your OTP, verify the legitimacy of the request by contacting the organization directly using a known and trusted communication method.
Use multi-factor authentication (MFA). Whenever possible, enable MFA on your accounts. MFA typically involves a combination of something you know (password) and something you have (OTP), providing an additional layer of security.
Be wary of links. Avoid clicking on links in unsolicited emails or text messages. Instead, navigate to the organization’s official website directly through your browser.
Install security software. Use antivirus and anti-malware software on your devices to help detect and prevent phishing and other cyber threats.
Educate yourself and others. Stay informed about the latest scam tactics and share this knowledge with friends and family, especially those who may be less tech-savvy.

If you’ve been targeted

If you believe you’ve been scammed and/or have shared your OTP, take immediate action.

First, change the passwords on all affected accounts and those that have similar login credentials. Next, inform the host organization of the account that it’s been compromised. They can help secure your account and guide you on additional steps to take. Monitor your accounts in the ensuing weeks and months, keeping a close eye on your financial statements and account activity for any unauthorized transactions. Finally, file a report with your local consumer protection agency, the Federal Trade Commission (FTC), and the Internet Crime Complaint Center (IC3).

You may also want to consider identity theft protection at this time if sensitive information was compromised.

One-time password scams can be difficult to spot and wreak massive damage. Use this guide to learn about one-time password scams and how to prevent yourself from falling victim.

Stay safe!

Posted in Financial Literacy, Fraud, Hello World

All You Need to Know About Pig-Butchering Scams Category: Scams: Phishing Scams

You may have received a text or chat message in recent months about an attractive-looking investment opportunity. The message may have seemed to be sent mistakenly, but it’s all too real. In fact, it’s likely a pig-butchering scam.

Let’s take a look at these prevalent scams and how you can avoid falling victim.

What is a pig-butchering scam?

“Pig butchering” refers to the practice of fattening up a hog before slaughter. This scam, which originated in China, has been spreading around the world since COVID.

In a pig-butchering scam, a fraudster creates a fake online persona, usually accompanied by an attractive photo and a luxurious lifestyle that is showcased in more photos to flesh out their story. Then they’ll initiate contact with a target on dating or other social media platforms, pretending to have reached out by mistake. Somehow, they’ll transition from there into a chat about the target’s life, family, work and more. To make themselves sound more believable, the scammer will invent details about their own life. They’ll use this to create a real rapport with the target until they’re actual friends, albeit with only a remote connection.

Next, the scammer will start dropping hints about a fabulous investment opportunity. They’ll brag about their own success with this investment, sometimes even sharing screenshots of an alleged brokerage account with handsome earnings. They’ll try persuading the victim to invest in this “opportunity” as well, building on their growing relationship, until the victim agrees to join in the supposed opportunity.

Once the victim agrees to go along with the investment, the scammer will offer to help them with the investing process. They may explain exactly how to wire money to a crypto wallet and, ultimately, to a bogus brokerage. Sometimes, they’ll recommend that the victim starts with a modest investment, which will soon show a (fabricated) gain. They may even allow the victim to withdraw some funds, which will convince the victim that the investment is genuine.

Here’s where things get really ugly. Once the faux trust has been established, and the pig has been good and fattened, the scammer will persuade the victim to invest heavily in this “stock”. The victim, sure it is a legitimate opportunity that will only show gains, is more than happy to do so. They will even sometimes pursue mortgaging their house to get in on this investment. Other victims have liquidated their retirement savings or taken out loans. The scammer will continue to put pressure on the victim, watching gleefully as they pour more and more of their savings into the alleged investment.

When the victim has sunk a significant amount of money into the investment, the scammer will suddenly disappear, leaving the victim with a useless “investment” and no way to recover their funds.

Red flags

Watch out for these red flags that can alert you to a possible pig-butchering scam:

An interaction that happens by “mistake” morphs into a real relationship, often a romantic one.
You’re offered the opportunity to get in on an investment that seems too good to be true.
You’re urged to act quickly to take advantage of an investing opportunity.
You’re asked to invest via a crypto wallet or an investment app.
An investment opportunity has inconsistent or vague details.
You find it difficult or impossible to cash in on your larger “investments.”

Stay safe

Don’t get butchered! Follow these tips to stay safe.

First, thoroughly research every investment opportunity before dropping any of your funds in it. Next, only use a registered and secure investment platform or app. Stay away from investments that guarantee quick, high returns and press you to act quickly. Be wary of any strangers who’ve contacted you “by mistake” and insist on pursuing the relationship. As with any scenario, never share your sensitive information with an unverified contact.

If you believe you’ve been targeted by a pig-butchering scam, alert the FTC and your local law enforcement agencies. Do not engage with the scammer and be sure to block their number and/or email address from your devices. Finally, let your friends know the scam is happening in your circle.

Stay safe!

Posted in Financial Literacy, Fraud, Hello World, Uncategorized

Don’t Get Caught in an Investment Scam!

Investment is rarely without risk. Nearly every investment option carries with it the possibility of loss. What many don’t realize though, is that in addition to the typical risks, investing also carries the danger of falling prey to an investment scam.

Investment scams can include promises of high return for minimal investments that never materialize, scammers posing as financial planners and offering useless – even harmful – advice for a hefty fee, and illegal securities offered as IRA investments. However, the most common investment scam is the Ponzi scheme.

Let’s take a closer look at this scam and how you can avoid falling victim.

What is a Ponzi scheme?

Named for the original pyramid scammer Charles Ponzi, a Ponzi scheme is simply a sophisticated way that scammers rob from Peter to pay Paul. The orchestrator of the scheme will promise high returns to investors, often through a fictitious investment opportunity or business venture. Instead of using investments to generate profit, though, the scammer uses these funds to pay returns to their earlier investors. This creates the illusion of a profitable enterprise. The scheme grows, with more investors joining, and the scammers at the top of the pyramid making the most money. Eventually, the entire house of cards comes toppling down, with investors losing significant amounts of money.

How to spot a Ponzi scheme

Look out for these key characteristics of a Ponzi scheme to ensure you don’t get caught:

Unrealistic returns: Ponzi schemes promise consistently high returns far exceeding market averages and legitimate investment opportunities. These exaggerated returns are often said to be “guaranteed” or “risk-free,” playing on investors’ desire for quick wealth.
Lack of transparency: Scammers operate Ponzi schemes with little to no transparency or accountability. They may provide vague or evasive explanations regarding the source of returns or underlying investment strategy, making it difficult for investors to assess the legitimacy of the opportunity.
Promises of exclusivity: Ponzi schemes often use tactics like exclusivity or invitation-only memberships to create a sense of privilege and allure among potential investors. By positioning the opportunity as limited or exclusive, scammers exploit investors’ fear of missing out (FOMO) to drive participation.
Pressure to recruit new investors: If an investment opportunity requires you to recruit friends and family members as new participants, you’ve likely stumbled upon a Ponzi scheme.
Unregistered or unlicensed operators: Verify the credentials of the individuals or entities offering the investment opportunity. Legitimate investment professionals and firms are registered or licensed with regulatory authorities and adhere to strict compliance standards
Lack of audited financial statements: Request audited financial statements or documentation verifying the legitimacy of every investment opportunity. Ponzi schemes generally lack verifiable financial records or provide falsified documentation to create the illusion of credibility.

Protect yourself from Ponzi schemes

Ponzi schemes are fairly common, but with a little bit of knowledge and awareness, you can protect yourself from falling victim. Here’s how to protect yourself from Ponzi schemes:

Research every investment opportunity. Be sure to find out everything you can about a possible new investment, including the background of the individuals or companies involved, the track record of the investment manager, and the legitimacy of the underlying investment strategy.
Seek independent advice. Consult with a trusted financial advisor or investment professional before making any investment decisions. An objective third party can help you assess the risks and potential returns of the investment opportunity.
Diversify your investments. Avoid putting all your eggs into one basket by diversifying your investment portfolio across different asset classes, industries, and geographical regions. Diversification helps mitigate risk and protect against potential losses from fraudulent schemes.
Stay informed. Stay vigilant and educate yourself about common investment scams and warning signs of fraudulent activity. Knowledge is your best defense against falling victim to Ponzi schemes and other financial frauds.

If you’ve been targeted

If you believe you’ve been targeted by a Ponzi scheme or investment fraud, report it to the appropriate authorities as soon as possible so they can do their part in apprehending the criminals. You can alert the Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA) and the Federal Trade Commission (FTC) as well as your local law enforcement agencies.

Ponzi schemes and other investment scams prey on the universal desire for easy money, but the only beneficiaries from these ruses are the scammers at the top of the pyramid. Stay alert, and stay safe!

Posted in Financial Literacy, Fraud

Don’t Get Caught in an Emergency Scam!

It’s your grandson on the line and he’s in deep trouble! He’s telling you he’s been kidnapped for ransom, or perhaps he’s in trouble with the police and needs money for bail. Whatever the “emergency,” he’s asking you to wire money ASAP!

You may already be calculating how much you can send, but pause for a moment, because you’re likely being scammed. Here’s what you need to know about emergency scams and how to protect yourself.

How the scams play out

In an emergency scam, a target receives a phone call, email or text message allegedly from a close relative. The caller claims to have been caught in hot water, which can be anything from a kidnapping, an issue with the police, a car accident or even getting stuck overseas with no money. Sometimes, the call will include another party, such as the “kidnappers” or “police officers” who are supposedly involved in the emergency.

The caller will then ask the target to send over money as soon as possible using a wire transfer or prepaid debit card. They’ll also demand that this information not be shared with any other family members. They’ll claim to be embarrassed that they’ve gotten into this situation and ask that you honor their request to keep it quiet.

While emergency scams are commonly played out with a grandparent of an alleged caller, they can also target parents, uncles, aunts, and siblings of the “caller”. They may even call posing as a friend or old neighbor of the target in an attempt to lure them into the scam.

Unfortunately, if the target follows the directions of the caller and sends over money, these funds will go directly into the pockets of a scammer.

How emergency scams lure victims

If you’re reading the description of an emergency scam and thinking that no one could possibly fall for one of these ruses, think again. Scammers use several convincing methods to convince their targets that they are actually the callers they claim to be.

First, the scammer will troll the target’s social media pages to learn their name, home address, job details, date of birth, and any other details about their life. Sometimes, they’ll hack the target’s email account to get this information.

Next, scammers may pretend to be an “authority figure” who allegedly authenticates the caller’s story. They may pose as a lawyer, police officer, or even a doctor. Victims are often pulled into the scam when they hear an alleged authority figure on the call with their relative.

Finally, some scammers go the extra mile by using AI to clone the “caller’s” voice. They simply scrape an audio clip they find on the internet and then use a voice-cloning program to make the emergency sound legitimate, even though it never happened.

Red flags

Here are some signs that can alert you to the possibility of an emergency scam:

Your “relative” calls you to tell you about an emergency situation they’ve landed in, but they ask that you not share this information with any other family members.
You’re urged to act quickly.
You’re asked to send money via untraceable means, such as a wire transfer, prepaid gift card, or cryptocurrency.
You’re asked to share sensitive information over the phone.

Protect yourself

Follow these tips to keep yourself safe from emergency scams:

If a friend or family member calls you with an urgent request for funds, hang up and call them directly from a phone number they’ll recognize.
Never wire money or send a prepaid gift card to an unverified contact.
If you’re unsure whether a caller is actually your friend or family member, ask them questions about some of your shared memories to determine if the caller is actually who they claim to be.
Always be cautious and avoid acting rashly, regardless of the situation.
Don’t share your personal information with an unknown contact.
Don’t be afraid to share details of a phone call with other family members and friends, despite instructions not to do so.

Emergency scams play on the target’s emotions and assume they will act quickly to save their relative from a hairy situation. Stay calm and alert, and use the information here to avoid getting caught in an emergency scam.

Posted in Fraud, Hello World, Uncategorized

All You Need to Know About Spoofing Scams

Scammers have been at their game since time immemorial, but modern technology has weaponized them in new and dangerous ways. In particular, spoofing has become more sophisticated and difficult to spot. Let’s take a look at spoofing, how it works, and red flags that can alert you to a possible spoofing scam

What is spoofing?

Spoofing is the criminal act of disguising a communication from an unknown source to appear as if it’s being sent from a trusted and known contact. The ultimate goal of spoofing is to get the target to share their sensitive information and/or their money with the scammer. For example, a spoofer may pretend to represent a victim’s credit card company and lead them into sharing their account details.

Types of spoofing

Cybercriminals have a variety of ways to pull off their spoofing. Here are the more common forms:

Email spoofing

In email spoofing, an attacker sends an email message appearing to be from a known or trusted source. The emails typically include links to harmful websites or attachments that will infect the victim’s device with malware. Alternatively, the scammer may use social engineering to persuade the recipient to share sensitive information.

IP spoofing

In IP spoofing, an attacker tries to gain access to a system by sending messages via a bogus or spoofed IP address, which appears to be from a recognized, trusted source, such as one on the same internal computer network. The spoofed IP address will mask the true source, which is a third party that is out to infect the victim’s device with malware and steal their information.

Caller ID spoofing

Here, attackers make a phone call to a target that appears to be from a known caller. The scammer will often pose as the victim’s bank or credit union. The victim, believing they are speaking with a representative of their financial institution, will disclose their account information and even passwords, which can lead to the scammer emptying their accounts and/or stealing their identity. Sometimes, the scammer will provide the victim with a phone number to call, which will allegedly connect them with their bank or credit union. This number, of course, will only connect the victim to a scammer.

4. Facial spoofing

In this most recent form of spoofing, a scammer uses a photo or video of a target’s face to simulate their facial biometrics. This enables them to unlock accounts that can only be opened via facial recognition.

5. Website spoofing

In website spoofing, a scammer will create a bogus site that looks just like a reputable website that the victim often visits. Attackers will lure victims to this site for the purpose of stealing their login credentials and personal information.

Text-message spoofing

In this scam, also known as smishing, a victim will receive a text message on their personal device appearing to have been sent via a trusted source, such as the victim’s financial institution, place of work, or doctor’s office. The text will ask the victim to share personal information. They’ll often do so, mistakenly believing the sender of the text message to be who they claim to be.

Man-in-the-Middle (MitM) attacks

There are three players involved in MitM attacks: the victim, the party the victim is attempting to communicate with, and the “man in the middle”, otherwise known as the scammer who is intercepting the communications. In these spoofs, the scammer tries to eavesdrop on the interaction between the victim and the other party. Alternatively, they may try to impersonate the other party to get at the victim’s personal information.

Deepfakes and spoofing

Deepfakes is a relatively new and dangerous tool for spoofers. A deepfake is a fake image, video, or audio clip that has been edited to appear authentic. For example, a scammer may create a deepfake video using an image and audio recording of a celebrity and make it appear as if they are telling you to open a link or support a specific cause.

Scammers use deepfakes to trap victims and appear as if they represent a trusted source.

Protect yourself

Spoofing is a formidable danger for consumers across the economic spectrum, but with the right tools and knowledge, you can avoid falling victim to these scams. Here’s how to protect yourself from a spoofing attack:

Turn on your email’s spam filter and be sure to mark incoming emails that look suspicious as spam.
Use two-factor authentication and/or biometric logins when possible.
Use strong, unique passwords across all of your accounts.
Ensure your device’s security system is at its strongest setting and uses the most updated patches. If you haven’t already done so, it’s worthwhile to invest in robust security software.
Never click on links or open attachments that are sent from an unverified source.
Never share personal information online or over the phone with an unknown contact.
If you’re allegedly contacted by your financial institution and asked to provide your login credentials or account details to fix a supposed issue with your account, don’t respond. Instead, delete the message or abort the call and contact your bank or credit union directly to ask about any possible issues with your account.
Don’t take phone calls at face value, even with caller ID. If you suspect foul play, Google the phone number presented on the caller ID to see if it’s associated with scams.
Consider an app, like Hiya, that filters out known scammers, spoofers, and other nefarious numbers.
Opt to display file extensions in Windows. This will enable you to view any spoofed extensions so you can avoid opening malicious files.
Identify deepfakes by looking for small details that give them away. Zoom into the image or video to verify if the words and lip movements are in sync. Look for lip color that looks unnatural, unrealistic facial hair, exaggeratedly wrinkled or smooth skin, and non-existent moles.

Red flags

Look out for these red flags that can alert you to a possible spoofing attack:

Websites with a URL that is very similar to the URL of a reputable site.
Websites riddled with typos, unusual syntax, and spelling errors.
An alleged rep of your bank or credit union asks you to call a number that is not associated with your financial institution.
You’re asked to share your login credentials or account number with an unverified contact.
Familiar corporate branding, such as logos, colors, and call-to-action buttons within a message asking you to take an action that is not typical.

If you’ve been targeted

If you believe you’ve shared sensitive information with a scammer through a spoofing attack, there are steps you can take to mitigate the damage.

First, contact your financial institution to let them know about the attack. You may place a credit alert or a credit freeze on your accounts, making it difficult or impossible for a scammer to open a line of credit or take out a loan in your name. If you believe your identity has been stolen, check out identitytheft.gov to learn what your next step should be. Finally, change the passwords on all your accounts to protect them from further attacks.

Spoofing has gotten a lot more dangerous in recent years, but with proper awareness and basic protective measures, you can avoid getting scammed. Use the tips outlined here to stay safe.

Posted in Financial Literacy, Fraud, Hello World

6 Ways to Tell if a Website is Safe

In today’s digital age, where we rely on the internet for everything from furniture shopping to staying informed and entertained, safeguarding ourselves online is essential. The online landscape is filled with fraudsters using advanced techniques to exploit vulnerabilities. Accidentally stumbling upon an unsafe website can expose you to malware, including spyware that steals sensitive financial data and ransomware that locks your device and demands payment for its release. These threats can lead to devastating consequences such as drained bank accounts, fraudulent loans taken out in your name, and even identity theft. It’s crucial to stay vigilant and take proactive measures to protect yourself from online scams and threats.

Fortunately, with the right steps and protective measures, you can easily avoid unsafe websites. Here are six ways to tell if a website is safe and secure.

Look for an SSL certificate

Secure websites like ours will have an SSL, or a Secure Sockets Layer. An SSL is a digital certificate that verifies a website is authentic and will automatically encrypt all personal information and financial data. There are two primary indicators of an SSL, both of which are easily visible in the site’s URL that’s displayed in your web browser:

An ‘s’ after the ‘http’
A padlock icon

It’s important to note that most browsers will hide the beginning of the URL, which generally includes these two indicators of an SSL. However, you can easily read the entire URL by copying and pasting it to another tab, a Microsoft Word document or a Google Drive doc. Some browsers will also reveal this info if you hover over the left-hand side of the URL. In addition, clicking on the padlock icon will reveal more information about the site’s security.

Evaluate the URL structure

Next, look at the URL carefully. Are there any misspelled words? Does the URL mimic a well-known site or retailer? Scammers will often lure victims by creating bogus sites that look like they represent well-known companies. However, careful scrutiny of the URL will reveal basic spelling errors that give the scam away. You may also find that the site, which allegedly represents a famous company, belongs to a public domain, such as Gmail or Yahoo, as opposed to a private business domain, like Amazon.com. This, too, will tell you that you’re likely looking at a scam.

Look for the company’s contact info

Legitimate companies are eager to have you connect with them for any reason. They’ll generally display their contact information on their home page or provide a link through which to easily access it. Scammers, on the other hand, try to keep themselves as invisible as possible. You likely won’t find any tabs that say “Contact Us” or “About Us” on their website. You may find their email address on their site, but a phone number and street address will be glaringly absent or clearly made up.

Check the spelling and graphics

Authentic companies will take the necessary steps to make a professional impression on visitors to their website. Scammers, on the other hand, will not. Use their carelessness to your advantage by looking out for spelling mistakes and typos throughout the site. You can also be on the lookout for cheap design elements, including images that are clearly not original and logos that are poorly created. Each of these clues can signify a scammy website.

Take notice of your device’s security warnings.

If you enter a site’s URL into your computer and a warning pops up to alert you that the site you’re attempting to access is not safe, do not ignore it. You can choose to advance to this site, or back out. Unless you’re absolutely sure the site is secure despite the warning, it’s best not to choose to advance to the site. Websites that are flagged by devices generally do not pass the most basic security tests as detailed above.

Opt out of sites that flood you with pop-ups and links

Scammy websites will try to trick you into downloading malware through pop-ups and embedded links. Sometimes, the links will be used to generate ad revenue through clicks. Whatever the intent, it’s important to know that reputable sites will not flood your screen with pop-ups and random links for you to click. If you encounter a site like this, you’re likely looking at a scam and should exit as soon as possible. Then, close your browser and have your security system run a scan on your device to find any possible vulnerabilities or safety breaches.

Don’t get stuck on an unsafe site! Use the tips here to stay safe.

Posted in Financial Literacy, Fraud, Hello World

Don’t Let The P2P Scams In The Door

P2P platforms, like Zelle, Venmo and PayPal, have made life so much easier for many consumers. Paying your friend back for the $20 you borrowed while at the mall, splitting a meal and purchasing a shared gift are now as easy as a few quick screen swipes. Unfortunately, though, P2P scams are rampant and varied. Also, once money is transferred through a P2P service, it’s usually gone for good.

Here are six P2P scams to beware of:

Mystery money
In this P2P scam, a stranger “accidentally” sends the target money and then reaches out to them, asking for their money back. The target will see these funds in their P2P account and willingly return the funds. Unfortunately, though, because this money was added to the target’s account using a stolen credit card or checking account, the platform will ultimately flag the transaction as fraud and remove the funds. If the victim already forwarded the funds to the scammer, the platform will hold them accountable for the funds and potentially block their account.

Hidden credit card fraud
In this P2P scam, a fraudster will purchase an item listed on Craigslist or a similar site using a P2P service. They’ll pick up the item, or have it shipped to their home, and they’ll never be heard from again. Meanwhile, the P2P platform will eventually recognize that the funds for the purchase were fraudulently sourced, and will take the money back from the seller. The victim will be left without the item – and have no money to show for it.

Fake customer representative
Customer rep scams are an old story, but their appearance in the P2P world is only as old as these payment platforms. In this scam, a target experiencing difficulty with a transaction on a P2P platform inquires about assistance on social media. A scammer sees that inquiry, and then reaches out to the target, claiming to represent the platform and offering their assistance. If the target falls for the ploy, they’ll be directed to a bogus support site where they’ll be asked to enter their account details or credit card info. This, of course, leaves them open to identity theft and financial loss.

Utility scams
Utility scams pulled off via P2P platforms follow the same script as the classic scam in which an alleged rep from a utility company reaches out to a target, claiming their service will be shut off unless a payment is immediately made. In this variation, the scammer insists on payment via a P2P service. Unfortunately, once the payment is made to this “service rep,” it can be impossible to reclaim the funds.

Password scam
In this P2P scam, an alleged representative of a credit union or bank will reach out to a target via text, asking if they approve a recent large P2P transfer from their account. The target will respond with a quick “no.” Next, the scammer will call the victim, again posing as a rep of their financial institution, and offer to assist them in reclaiming the allegedly frauded money. To do so, the scammer claims, the victim will need to share their Zelle login credentials. Unfortunately, if the victim shares the one-time passcode, the scammer will have the info they need to change the password and access the victim’s Zelle account. The scammer can now send themselves money through the victim’s Zelle account.

Bogus receipts
In this variety of a P2P scam, a scammer will insert themselves into a legitimate P2P transaction by digitally manipulating a screenshot to make it appear as if they have completed a part of an ongoing deal and insisting that you now owe them money. In truth, though, the transaction was never completed and, if you send the money, you’ll be sending it directly to a scammer’s P2P account.

Stay safe

Follow these rules when using P2P platforms:

Only send and accept funds from people you personally know and trust.
Always confirm that you’re interacting with the correct person by verifying their phone number at every stage of the P2P transaction process.
Call the P2P platform’s customer service number directly to resolve errors. Similarly, reach out to SRI Federal Credit Union directly if you receive notification of an allegedly frauded account.
After completing a P2P transaction, check your checking account to confirm you’ve actually received the promised funds.
P2P services are enormously convenient, but each transaction carries the risk of fraud. Use the tips outlined here to stay safe from P2P scams.

Posted in Fraud, Hello World

Protecting Your Finances: How to Prevent Fraud in Your Credit Union Accounts

Hey there, savvy money manager! We’re living in an era where our wallets have gone digital, making it super convenient to handle our finances. But you know what else is on the rise? Yep, you guessed it – sneaky fraudsters and cyber tricksters. They’re eyeing your credit union and bank accounts, access to online banking and more. No worries, though! We’ve got your back with tips to help you keep your hard-earned cash safe and sound.

1. Be a Password Picasso:

Time to ditch those “123456” passwords, folks. Cook up something unique for each account – a mix of caps, numbers, and symbols. Let’s make those passwords as tough to crack as your grandma’s secret cookie recipe! And hey, while you’re at it, sprinkle in some two-factor authentication for that extra layer of security.

2. Play Account Detective:

Make it a habit to give your credit union statements, online banking moves, and HELOC transactions the eagle eye treatment. If anything looks fishy, call it out! Set up alerts to ping your radar whenever there’s a big change in your accounts – that’s your cue to go all Sherlock Holmes.

3. Keep Things Updated:

You know those software updates that pop up on your screen? Don’t swipe them away like last year’s fashion trends. They’re your secret weapon against sneaky hackers. Stay up-to-date on your devices, and those virtual bad guys will have a harder time knocking on your digital door.

4. Side-Eye Those Emails and phone calls:

Phishing is like the oldest trick in the book. These scammers send emails that look legit but aren’t. If an email asks for your personal info, like passwords or account numbers, don’t fall for it! Beware the crafty tactics of fraudsters who can spoof the phone numbers of your trusted financial institutions. These tricksters might call you, appearing to be your bank, credit union, or a retailer like Amazon, but don’t be fooled! Remember, authentic financial institutions will never ask you for verification codes or sensitive login information over the phone and retailers like Amazon will never transfer you over to your financial institution’s fraud department. If anyone does, it’s a major red flag. Stay savvy and keep your guard up against these shrewd scams to ensure your hard-earned money remains safe and secure. Remember, your financial intuition will never slide into your inbox or call you asking for a verification code to snoop around your account.

5. Safe Networks Only:

Picture this: you, sipping coffee at a cafe, handling your online banking on their free Wi-Fi. Now hit pause – that’s a prime-time spot for hackers to swoop in. Stick to secure networks for your money matters. Public Wi-Fi might be free, but the cost of compromised info is way too high.

6. Hide Your Docs:

Got important papers lying around? Lock them up like treasure! Keep physical copies of your bank docs, loan agreements, and IDs in a safe spot. For digital files, it’s all about the encryption. Password-protect those babies and keep them hidden from prying virtual eyes.

7. School Yourself:

Knowledge is power, folks! Your credit union and bank have your back with resources to school you on the latest fraud moves. Stay in the loop and read up – it’s like giving your brain a superhero cape against cyber baddies.

8. Sneak a Peek at Your Credit:

Peeping into your credit report isn’t just fun – it’s smart. Scan for anything odd. Did someone open a credit card in your name? Nope, not on your watch! Grab your free yearly credit reports and give ’em a good old once-over.

9. Be the Limit Setter:

Ever heard of setting transaction limits? It’s like locking your financial doors. Check if your credit union or bank lets you do this. If a scammer tries to hit you with a huge transaction, they’ll hit a brick wall instead.

10. Report, Report, Report:

Remember this golden rule: if you see something funky, say something! If anything smells off in your accounts, call your financial intuition right away. And remember, they’ll never text you for a verification code to hop into your account – that’s like giving a stranger your house keys.

There you have it, money maestro! With these easy-peasy steps, you’re arming yourself against the tricksters of the digital realm. So keep those passwords strong, your eyes sharp, and your financial instincts on point. Your money deserves nothing less than Fort Knox-level protection!

Posted in Financial Literacy, Fraud, Hello World