Resources — Fraud Protection We want to empower our members to avoid and recover from fraudulent activities. Here you will find our latest information on consumer fraud and identity theft. If you have any questions about the articles below, please contact Gesa. Never Give Out Your Personal Information Social Engineering Romance Scams Lottery Scams Craiglist Scams Compassion Scams Refund Scams Member Impacts of Scams Fraudulent Calls and Texts Lost or Stolen Cards or Checks Phishing and Vishing Mail Fraud OnGuard Cashier’s Check Fraud Free Credit Reports Consumer Reporting Agencies Additional Links Never Give Out Your Personal Information Gesa will NEVER ask you to provide private, secure information through email, a phone call, or text messaging, unless you initiated the inquiry with us. It seems that fake web sites, trying to steal private financial information, pop up every day. Gesa is no different than hundreds of other banks and credit unions. Occasionally, we all get hit with these phishing email scams that attempt to route the unsuspecting victim to a fake web site. If you have any lingering doubts about whether or not a phone call, email, or text is truly from Gesa, below are some tips that may help you. Even if the site LOOKS like a Gesa Online Banking page, if the URL (web address) is not correct, it’s a FAKE. If the email makes it sound urgent, wants you to change your information now, or “confirm” your information now, it’s fake. If the email or web site asks you for a credit card number, a PIN, a CVV number, or your passcode, it’s fake. If the email you’ve been sent asks you to help us “update our database,” it’s a fake. If the email asks you to click on a link to “restore access to your account,” it’s a fake. If the email provides you with a link asking you to change your passcode through that link, it’s a fake. Never use someone’s link in an email or a link on any other site to access Gesa’s Online Banking. Trust is a valuable commodity. These scammers are trying to win your trust in order to steal from you. Don’t let them. Social Engineering Have you given your personal information to anyone recently? Social engineering can happen through a phone call, text message, email, or in-person. These communications are designed to get you to do something, such as clicking on a link, entering your information into a website, or making you think something is wrong and that they have the solution. The messages typically create a sense of urgency. How do fraudsters do it? They can get your personal information from data breaches, social media, or by theft to name a few. They use the information to build a profile and socially engineer you. One of the more common social engineering scams we see takes place over the phone or text message. A member might receive a text claiming to be from the Fraud Department, asking you to verify recent charges on your account. What can I do? The best thing to do when someone calls you claiming to be from the credit union is to hang up and call Gesa’s Member Contact Center at (888) 946-4372. Gesa will never ask you over the phone for your full account number, online banking username, online banking password, ATM, debit, or credit card pin, CV2 (the 3 digit code on the back of your card), or your expiration date. Romance Scams These scams involve romantic intention towards a victim, gaining their affection, and then using that goodwill to commit fraud. Fraudulent acts may involve access to the victim’s money, bank accounts, credit cards, passports, email accounts, or personal identification. Warning Signs Asked to chat offline and keep the relationship a secret. Asked to wire money. Asked to give up your Online Banking credentials, account numbers, or PINs. Asked to receive/send funds from/to another party. What if you’re a victim? Cut off all contact with the scammer immediately. If you provided Online Banking information, immediately change your passwords. Contact Gesa Credit Union to report the fraud and put stop payments on any checks or wire transfers in and out of your accounts Visit ic3.gov to submit an online internet crime complaint. Lottery Scams Lottery scams often begin with an unexpected email notification, phone call, or mailing explaining that “You have won!” a large sum of money in a lottery. The target of the scam is then asked to pay “processing fees” or “transfer charges” so that the winnings can be distributed. Sadly they will never receive any lottery payment but will have lost the money they paid. Warning Signs You are told you’ll win a contest you did not enter. Offered “too-good-to-be-true” prizes. You must pay to win. Asked to receive/send funds from/to another party. What if you’re a victim? Contact Gesa Credit Union to report the fraud and put stop payments on any checks or wire transfers in our out of your accounts. Report the fraud to The Federal Trade Commission at www.ftccomplaintassistant.gov. Craiglist Scams Craigslist scams take on many shapes and forms: being overpaid on a sale, paying via an online escrow service and/or renting or buying unavailable property listings. Warning Signs The person only wants you to use their resources for payment. The person asks for personal information (Social Security Number or bank account number). The person rushes the transaction, making you feel leery about it. Asked to receive/send funds from/to another party. What if you’re a victim? If you’ve been scammed, contact the Federal Trade Commission (FTC) and file a complaint online or call their Toll Free hotline at 1.877.FTC.HELP (382.4357). Craigslist also recommends calling the local police for any scams that take place in person. Email Craigslist at [email protected] and detail the situation entirely. Compassion Scams Compassion scams involve a parent or grandparent being contacted by an “authority” who claims that the child/grandchild is in some sort of trouble (legal or medical) and will need funds wired immediately in order to help the child. Warning Signs Contacted by an individual claiming they are an “authority.” Asked to wire money. Asked to receive/send funds from/to another party. What if you’re a victim? Cut off all contact with the scammer immediately. Contact Gesa Credit Union to report the fraud and put stop payments on any checks or wire transfers in or out of your accounts Refund Scams Refund scams involve fraudsters that are using stolen tax information to file fraudulent tax refunds. These are then deposited into a stolen client’s account, and then moved to a cybercriminal posing as an IRS agent. The fake agent then informs the client that the refund needs to be returned. Warning Signs Contacted by an individual claiming they are contacting you to recover money, merchandise, or prizes you never received as long as you pay an advancement fee. Asked to wire money. Asked to receive/send funds from/to another party. What if you’re a victim? If you’ve been scammed, contact the Federal Trade Commission (FTC) and file a complaint online or call their Toll Free hotline at 1.877.FTC.HELP (382.4357). Craigslist also recommends calling the local police for any scams that take place in person. Cut off all contact with the scammer immediately. Scams Impact on Members Engaging in any potential scam may result in many negative impacts to you. Potential Impacts A loss of goods and/or money that cannot be traced or recovered by Gesa. Identify theft Negative impacts to your credit history. Loss of membership at Gesa Credit Union. Online Banking can be compromised. What can I do to protect myself from fraud? Do not send money. Do not engage with the scammer. Cut off all communication. Only deal with people locally and in person. Increase security settings on social media. Do not accept friend requests from people you do not know. Limit personal information that you post. Be a skeptic – if it appears too good to be true, it most likely is. Who should I contact if I think I’m a victim of fraud? Contact the local police. Report any suspicious correspondence via email to [email protected]. Report internet fraud to IC3 at www.ic3.gov/default.aspx. Fraudulent Calls and Texts From time to time, members and non-members will report fraudulent calls and text messages that purport to be from Gesa regarding debit/credit cards. As a reminder, Gesa will never ask you for personal information through a text especially your PIN or expiration date. If you believe you have given out your Gesa account information to an unauthorized source, please report your card stolen by calling our Member Contact Center during business hours at (888) 946-4372. For afterhours assistance please call (877) 745-4565 for a Visa Debit Card or (800) 442-4757 for a Visa Credit Card. If you have provided account information from another institution, please contact them directly by calling the number on your statement. Taking Action Gesa will alert the appropriate authorities who can shut down all known fraudulent phone numbers. Reported Numbers 347.474.7041 312.994.9999 213.799.0709 205.321.0411 815.625.0307 252.548.7666 509.770.2031 252.548.7666 208.758.0211 509.855.5517 Lost or Stolen Cards If you believe that your card is lost or has been stolen, immediately call one of the numbers listed below. Card Call Immediately Cash Rewards or Wise Credit Card (800) 449-7728 Business Visa® Credit Card (866) 820-4053 Visa® Debit Card or ATM Card (888) 946-4372 (M-F: 7am-7pm) (Sa: 8:30am-5pm) or (877) 745-4562 (After Hours) If you believe your card or checks have been lost or stolen, act immediately. Contact Gesa immediately using the appropriate phone numbers. Report the loss or theft immediately to local law enforcement where the loss or theft occurred. Depending on the situation, you may want to contact credit reporting services to make them aware of your loss. While it is not your fault if your checks or cards have been stolen, the reality is that such incidents can and do show up on credit history reports. Equifax Information Services: (800) 525-6285 TransUnion: (800) 680-7289 Experian: (888) 397-3742 Phishing and Vishing Some members have received fraudulent “phishing” email purporting to be from Gesa. The fraudulent email asks you to click on a link. The next page usually appears to be a Gesa Credit Union web site page. This is the beginning of the phishing attempt to defraud you. Never attempt to enter Gesa’s Online Banking through a link in an email. The purpose of these emails is to trick you into entering private and sensitive financial information, such as a PIN, user name, and other account information. With this information, an identity thief may gain access to your account information or use your credit to steal from you. What is Phishing? “Phishing” is the use of e-mail and fraudulent web sites to trick recipients into disclosing personal financial information, such as credit card numbers, Social Security numbers, account names, passwords, and addresses. Report Phishing The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement agencies, has initiated a phishing report email box. If you suspect you’ve received a phishing email, just forward it to [email protected]. It’s important to remember that Gesa will never ask you to enter sensitive and private information on a site through an email solicitation. Never trust a request for this type of information from an unsolicited email! Call Gesa’s Member Contact Center if you have any questions. Vishing Calls that Pretend to be Calls from Gesa Members and non-members are reporting some vishing that purports to be calls from Gesa. Most of these calls appear to be legitimate numbers that are being ‘spoofed’ onto Caller IDs so the real phone numbers cannot be tracked or shut down. Neither Gesa nor our systems have been compromised, and we are doing everything we can to get these scams shut down. Never give out personal information when the phone call or e-mail is unsolicited. However, if you do experience a loss, please notify Gesa within 60 days of the fraudulent transaction. Report information by calling (888) 946-4372, or email [email protected]. Mail Fraud Here are a few tips to keep you safe from mail fraud: If you do not have a mailbox with a lock, be sure to pick up your incoming mail every day. Or consider using a P.O. Box. Take outgoing mail to the post office. Shred all credit card offers before disposing of them. Make a list of bills and statements you receive and the dates you normally receive them. If you’re expecting a bill and you do not receive it, contact the issuer right away. If you feel that you’ve been a victim of mail fraud, visit the United States Postal Inspection Service website for more details. OnGuard In a cooperative effort, the Federal Trade Commission, the Department of Homeland Security, the U.S. Postal Inspection Service, the Department of Commerce, and the Securities and Exchange Commission (SEC), have launched a web site that provides practical tips to help consumers guard against online fraud and computer hacks. Just go to http://onguardonline.gov. OnGuardOnline.gov This site addresses the security issues of social networking sites, online auctions, tips on how to protect your family online, spam scams, phishing alerts, spyware, ID theft, and perhaps most valuable—a glossary, so that you can navigate the online world and know what you’re reading about! Habla Español? Don’t worry. The site is completely translated into Spanish for those who are more comfortable reading in that language. Just click on the link Español, or go to http://alertaenlinea.gov. Free Alerts The National Cyber Alert System delivers targeted, timely, and actionable information to help you secure your computer system. When you sign up by email, you can receive Alerts about immediate issues and vulnerabilities, and Tips with preventative and general advice about current cyber issues. You can sign up to receive these tips automatically. US-CERT is a partnership between the Department of Homeland Security and the public and private sectors. Cashier's Check or ``419 Advance Fee`` Fraud Online auction sites are a popular way to buy and sell collectibles, jewelry, even cars; however, Internet auction transactions are not always safe. The cashier’s check or “advance fee” fraud has become more prevalent as online auction sites and classified ads have gained popularity. In many cases, large ticket items lure this type of fraud artist to a victim. The typical fraud scenario is somewhat confusing, which is probably one of the reasons why the fraud artist is successful. This scam involves counterfeit cashier’s checks and money orders and has been growing in popularity. How the Scam Works Victims are generally people who are selling a personal item on the Internet, such as popular online auction sites, or in the classified ads. In this swindle, a “buyer” sends the seller a cashier’s check or money order that exceeds the purchase price of the item being sold. The seller doesn’t realize that the cashier’s check or money order is fraudulent. The seller is instructed to deposit the check and send the remaining funds (that exceed the selling price) back to the buyer in the form of a money order or cashier’s check, or even by wire transfer. By the time the seller’s financial institution discovers the fraud, the seller (the victim) has already mailed or wired the funds to the “buyer.” The victim is now responsible for the full amount of the fraudulent check or money order and the scam artist is nowhere to be found. Online Auction Safeguards Online auction fraud registers the largest number of complaints to the FTC’s Consumer Sentinel database. You don’t have to give up your affection for online auctioning yet. If you safeguard your identity, take your time transferring funds, and keep alert for possible scams, your risk of becoming a victim will be small. Use caution when dealing with foreign buyers and sellers. Beware if the buyer or seller asks you to send money quickly. Banks often take 10 days or more to determine if a cashier’s check is counterfeit. Do not ship the goods or spend any of the funds sent to you until 10 days to two weeks after you deposit the cashier’s check. Insist on a cashier’s check drawn on a local financial institution, or one that has a local branch. Insist on a cashier’s check for the exact amount. Check to make sure the financial institution is legitimate. These fraud artists tend to target vulnerable people, senior citizens, and young adults. Alert any family members who may be at risk. No legitimate company will offer to pay you by arranging to send you a check and asking you to wire some of the money back. If that’s the pitch, it’s a scam. Become familiar with any auction site you visit online. Find out what protections the auction site offers buyers and sellers. Don’t assume the rules are standard for all auction sites. Find out as much as you can about the other party you’re dealing with on an online auction site. Be wary of those who try to lure you away from the Web site with promises of a better deal. Save all transaction information. Protect your privacy. Never provide your Social Security number, driver’s license number, credit card number, or bank account information. Never agree to travel to meet your buyer or seller. Free Credit Reports Consumers may obtain a free credit report once every 12 months from each of the three nationwide consumer credit bureaus (Experian, Equifax, and TransUnion). AnnualCreditReport.com offers consumers a fast and convenient way to request, view and print their credit reports in a secure Internet environment. It also provides options to request reports by telephone and by mail. AnnualCreditReport.com is the only service authorized by the credit bureaus for this purpose. They recommend that as a security precaution, consumers should never provide their personal information to any other company or person in connection with requesting free annual credit reports under the FACT Act. AnnualCreditReport.com will not approach consumers via email, telemarketing or direct mail solicitations. You may access up to three credit reports, one each from each of the reporting bureaus. To keep tabs on your credit report throughout the year, it is suggested that you get a credit report every 4 months. For instance, in January, get your report from Experian; then in May, get the report from Equifax; then in September get the report from TransUnion. Or in any order you wish. That way, you can go through the whole year, keeping watch on your credit report. It’s a good way to check for possible fraud, ID theft or any other unusual activity on your account. Additional Fraud Protection Links The OCC Consumer Complaints and Assistance web site offers tips on the 419 Advance Fee scam, which is similar to a Cashier’s Check scam. (U.S. Department of the Treasury) The Federal Trade Commission’s web site about online shopping is a wealth of information on fraud schemes while shopping online. The Internet shopping experience can be marred by unscrupulous dealers unless you heed some of the shopping tips on this web site. Free Annual Credit Reports, through the FACT Act of 2003. Tax Fraud: If you believe you are a victim of identity theft and someone has assumed your identity to file federal income tax returns or to commit other tax fraud call toll-free (800) 829-0433 or http://www.irs.gov/uac/Taxpayer-Guide-to-Identity-Theft. Victims of identity theft that are experiencing difficulty filing their returns should call the IRS Taxpayer Advocates Office, toll-free: (877) 777-4778. Consumer Reporting Agencies If you’re a victim of fraud, what should you do? File a police report. Contact your local agency even if you feel that you have not suffered a loss. Scammers’ activity may not appear until a long time after. Be prepared. File an affidavit with your creditors. Most companies have an affidavit for situations such as these if you have suffered a loss or have become a victim. Contact your creditors. Make sure to keep records such as statements or creditor correspondence. Document any phone conversation with names of representatives, dates and times. Follow up in writing with all contacts that you have made on the phone or in person. Use certified mail and request a return receipt. Monitor your credit reports. Victims of identity theft should closely review financial records for several months after they discover the crime. Victims should review their credit reports once every three months in the first year of the theft, and once a year thereafter. Stay alert for other signs of identity theft.