Beware of Caller ID Spoofing – 3-7-18
Scammers are using fake caller ID information to trick you into thinking they are someone you trust, like a government agency, police department, financial institution or company you normally do business with. They then try to get you to give away valuable personal information. Here are some tips to help you protect yourself from Caller ID spoofing:
- If you get a suspicious call from the government or a business requesting personal information, hang up.
- Never give out or verify your personal financial information to a caller.
- Don’t wire money to a caller or send them money using a reloadable card.
Washington Businesses Targeted in Phishing Scam – 7-28-17
Washington state businesses have been targeted by an email phishing scam that appears to be from the Department of Revenue. These emails remind the businesses that endorsements must be renewed and encourages them to do so by following a provided link.
These emails are NOT from the Department of Revenue. Any official message regarding a business’ license endorsement renewal will be from email@example.com and only alert the business that they have a new message in their My DOR inbox.
If your business receives a suspicious email:
- Do not click any links, reply, or provide any information.
- Check the expiration date on your business license document.
- If your business license renewal is coming due, go directly to http://secure.dor.wa.gov and log in to your account.
Here’s a link to the Washington State Department of Revenue for additional information:
DocuSign phishing attempt reported – 5-17-17
Columbia Credit Union has been alerted of a phishing event that may have impacted members who recently signed documents through DocuSign’s digital transaction management system. During this phishing attempt emails may have been sent to members that “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software. Read more
Members report text scam – 4-5-16
Members have reported receiving text messages stating that unauthorized activity has been reported on their account and to enter their personal account information. Please beware that these texts are not from Columbia Credit Union, but are a “smishing” attempt to get your sensitive account information. A legitimate fraud alert from Columbia Credit Union does not ask members to enter card numbers, PINs, CVV codes or Social Security numbers. If you receive a similar message, do not provide any information and contact us immediately.
Members report text scam – 10-20-15
Members have reported receiving text messages stating their debit card has been blocked due to suspicious activity. To unlock their card, they are told to call a phone number and enter their full debit card number. Please beware that these texts are not from Columbia Credit Union, but are a “smishing” attempt to get your sensitive card information. A legitimate fraud alert call from Columbia Credit Union does not ask members to enter card numbers, PINs, CVV codes or Social Security numbers. If you receive a similar phone call, do not provide any information, hang up and contact us immediately.
Phone scam reported – 06-17-15
Members have reported receiving automated phone calls saying their debit card has been used for fraudulent activity and to enter their 16-digit card number. Please beware that these calls are not from Columbia Credit Union, but are phishing attempts to get your card information. A legitimate fraud alert call from Columbia Credit Union does not ask members to enter card numbers, PINs, CVV codes or Social Security numbers. If you receive a similar phone call, do not provide any information, hang up and contact us immediately.
Fraudsters use data obtained elsewhere to file fraudulent returns. TurboTax data remains secure. – 02-18-2015
You may have heard recent reports of suspicious activity detected within Intuit TurboTax Online. After seeing an increase in suspicious filings and attempts to file fraudulent state tax returns through TurboTax software, Intuit’s investigation found no end-user data was compromised, which includes any data from Columbia CU members who accessed TurboTax through personal online banking, and no vulnerability to their systems.
The company believes that the information used to file the fraudulent returns was obtained from sources outside the tax preparation process, including recent data breaches. Intuit has been working with state agencies to ensure that necessary precautions are in place for safe processing of state returns.
As a preventive measure, Intuit temporarily suspended the filing of state returns to add filters; the process is complete and all systems are open for filing returns. Concerned members may call Intuit at 800.944.8596 for support and filing assistance from specially trained identity protection agent. If you believe you are a victim of tax fraud, contact us immediately.
In addition, Intuit is providing identity protection services and free credit monitoring; access to all versions of its software; or assistance from one of Intuit’s credentialed tax experts who will prepare taxes for affected customers at no expense.
Learn more about fighting tax fraud:
- Blog post: Protect yourself from tax identity theft
- IRS limits number of direct deposits into a single account
- IRS Tax Scams/Consumer Alerts
- IRS Identity Protection: Prevention, Detection and Victim Assistance
- FTC Tax-Related Identity Theft
- FTC How to Keep Your Personal Information Secure
Fraudulent activity can spike after a widely publicized data breach, such as with Home Depot, when fraudsters target specific area codes or regions to scam potential victims. If you receive such a phone call, do not respond, hang up immediately and contact us to report the incident.
Increasingly, identity thieves are fishing for financial information via email or pop-up messages that appear to come from legitimate businesses and financial institutions. This technique is called Phishing. They lure victims into divulging Social Security numbers, account numbers, passwords and confidential information to commit fraud and steal from financial accounts or credit cards. Victims can take years to recuperate from the stolen funds and damaged credit. But if you understand the crime, you can help protect yourself from becoming a victim.
How to detect phishing scams:
Phishing emails are becoming more sophisticated. Some use the logo of a company or financial institution you trust. Others are linked to websites that closely mirror a reputable website. Luckily there are several identifying features and phrases that help you detect a scam.
- Verify your account: Columbia Credit Union will never ask you to verify your account number or send any confidential information via email. If you get an email or pop-up that asks you to do so, be very suspicious.
- Secure your account: Many phishing scams use scare tactics by suggesting that your account is compromised or violated. The scams urge you to update passwords or verify your account information to prevent unauthorized access.
- Threatens actions if you don’t respond: While the tone may be polite, the message usually has a sense of urgency. Phishing emails may threaten to close or suspend your account if action is not taken quickly.
- Spelling errors: Scam artists are getting more sophisticated, but many ugly attempts filled with misspellings still exist.
- Slightly altered website URL: Phishing websites may use similar URLs (website addresses) to that of a well-known company. By switching or adding a few letters, the address may look correct at first glance. Columbia Credit Union does periodically send emails with links to special offers or financial education on our website, but you can also access the information and secure online applications by going directly to www.columbiacu.org.
Protect yourself from Phishing Scams:
- Verify email validity. If you receive an email or phone call from Columbia and are unsure about its validity, please contact us immediately by calling our Member Service Call Center at 360-819-4000. You can also forward a copy of suspicious communications to firstname.lastname@example.org.
- Always use a secure email system. Don’t provide your personal or financial information through your personal email. It’s not a secure method of transmitting confidential information. If you want to respond to an offer from Columbia Credit Union or you want to initiate contact with us, please visit our secure website, www.columbiacu.org, where you can communicate through “Live Chat” or by clicking on the contact us link found on every page.
- Review credit card and bank account statements immediately. Check for any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or financial institution. E-statements are the quickest and safest way to receive your statement from Columbia. Learn more
- Use online security software. Update your computer with the latest security patches. Use anti-spyware software and anti-virus software.
- Be cautious about opening attachments or downloading files from emails. The thieves involved in phishing are expert hackers.
- Report suspicious calls or emails to the Federal Trade Commission at www.consumer.gov/idtheft, or by calling 1-877-IDTHEFT. Forward spam to the Federal Trade Commission at email@example.com and to the company impersonated in the phishing email. Contact Columbia Credit Union immediately if you receive an email from a sender you believe is fraudulently posing as Columbia Credit Union. Forward a copy of suspicious communications to firstname.lastname@example.org.
Beware of voice messages asking for personal information
You might have heard of “phishing” scams, in which identity thieves send emails claiming to be legitimate businesses asking consumers to verify or submit personal information. Now, thieves are increasingly turning to a scam called “vishing.”
Vishing, short for “voice phishing,” is when thieves seek personal information by telephone. A target might receive a voice message claiming that the customer’s credit card and/or financial account has been breached. The target is instructed to call a customer service number, which leads to a fraudulent call center established by the thief. The thief will ask for confidential account and login information. The message might provide a fraudulent website instead of a phone number.
Identity thieves are eager to use personal information to open accounts, run up debt and ruin the victim’s credit. Thieves might pretend to be from legitimate financial institutions, companies, or government agencies. They seek confidential information such as financial account and credit card numbers, Social Security Numbers, passwords and personal identification numbers.
Vishing is a convincing trick that uses scare tactics to pressure targets into giving up personal information. Because thieves use Voice over Internet Protocol (VoIP) to make the calls, they can even fool caller IDs and remain anonymous, making it very hard for authorities to trace them. Consumers should be very suspicious when receiving telephone or email messages directing them to provide personal information. Instead of calling the number provided, consumers should always contact their financial institution or credit card company directly to verify the message.
If you think you’ve been targeted in a vishing scam, please let us know. If you have any questions or concerns, please call Columbia Member Service at 360.891.4000.