Scam Warnings

Your VyStar Scam Watch: Be Informed. Be Aware. Protect Yourself

Identity Theft 911 - Protect What Matters Identity Theft can happen to anyone. VyStar’s partnership with identity Theft 911® provides services to members and their families, at no additional charge. If you suspect you have lost your identity through theft or other disaster, contact us as soon as possible.

 

Member Alert 6/20/14

MOBILE BANKING/BROWSER MALWARE

Svpeng is a new malicious malware, ransomware app for Android devices. Svpeng searches for specific mobile banking apps on the device, then locks the device and demands money to unlock it. In the U.S., Svpeng breaks into a mobile device through a social engineering campaign using text messages.

Svpeng capabilities include:

  • Spoofing legitimate banking applications
  • Stealing personal banking information
  • Capturing user input, including passwords
  • Sending SMS messages to premium numbers without user?s knowledge resulting in charges
  • Stealing SMS messages
  • Stealing contact information and pictures
  • Tracking user location

Dyreza or "Dyre" is a new family of banking malware that redirects the traffic to malicious servers, while end users think they have a secure connection with their legitimate online banking site.

Dyreza is spread through spam e-mail messages such as "Your FED TAX payment ID [random number]" and "RE: Invoice #[random number]." These messages contain a ".zip" file often hosted on legitimate domains, to minimize suspicion.

Opening this file infects the computer with the malware. Using a technique called "browser hooking" Dyrezea views unencrypted web traffic in the Internet Explorer, Chrome and Firefox browsers and captures an end user?s credentials by sending the user to malicious servers, while the end user thinks they are securely connected to their financial institution?s legitimate website.

Is my iPhone vulnerable to Svpeng and Dyreza? iPhones and Android devices use different operating systems. Svpeng specifically targets the Android operating system. Dyreza does not target mobile devices; it exploits Internet Explorer, Chrome and Firefox browsers.

How can my you protect yourself against threats like Svpeng and Dyreza?
Although VyStar Credit Union has not been targeted by Svpeng or Dyreza, we recommend mobile and internet banking users to employ security best practices to proactively mitigate this threat including:

  • Installing an antivirus app and keeping it updated
  • Avoiding installing Android apps from third-party websites or unreliable sources
  • Reading the permissions requested by every application before installing
  • Performing regular backup of data stored in Android devices
  • Protecting devices with a password
  • Not viewing or sharing personal information over a public Wi-Fi network

Member Alert 2/7/14

WATCH FOR $9.84 UNAUTHORIZED TRANSACTION ON CREDIT/DEBIT CARDS

The Better Business Bureau has issued a fraud alert about a raft of complaints all reporting the same niggling charge. This unauthorized charge has been showing up as a transaction on credit card and debit card accounts in the amount of $9.84. The business levying this fee may purport to provide “customer support” or it may simply identify itself as any one of a number of different websites. Please take care in reviewing your VyStar card account information. It is not clear how consumer card numbers are being stolen but the fraud appears to stem from an elaborate network of affiliate schemes that stretch from Cyprus to India and the United Kingdom. If you should spot an unexplained charge of $9.84 on your card, please report it immediately.


Member Alert 10/22/13

SCAM ALERT RELATED TO AFFORDABLE HEALTHCARE ACT

With the Affordable Healthcare Act (ACA) underway, agencies around the country are receiving numerous reports of identity theft when scammers solicit personal information under the guise of helping those victims sign up for the new program. Although investigators have not seen this in Jacksonville, we anticipate this to be a problem and want to warn people so they do not fall for this scam. Scammers are using the ACA as a way to fool victims into sharing their personal information.

How the Scam Works:
You receive a call from someone claiming to be from the federal government. The caller informs you that you've been selected to receive insurance cards through the new Affordable Care Act ("Obamacare"). However, before he/she can mail your card, the caller needs to collect personal information. Scammers do a lot to make their requests seem credible. For example, they may have your bank's routing number and ask you to provide your account number. They may ask for your credit card or Social Security number, Medicare ID, or other personal information. Sharing personal information with a scammer puts you at risk for identity theft. Scammers can use the information they obtain to open credit cards in your name or steal from your bank account.

How to Spot a Scam and Protect Yourself:

Con artists are taking advantage of the confusion and buzz surrounding the Affordable Care Act implementation. Here's what you can do to protect yourself:

Hang up, don't press any buttons and, if you received a voice mail message, don't call the scammer back. We all like to have the last word, but returning the phone call may just give the con artist information he can use.

The government typically doesn't call, text or email. Government agencies normally communicate through the mail, so be very cautious of any unsolicited calls, text messages or emails you receive. Also, if the government is contacting you, they should already have your basic personal info, such as your Social Security number.

Don't trust Caller ID. Scammers have technology that lets them display any number or organization name on your screen.
There is only one place to shop for a qualified health plan: www.HealthCare.gov, which is run by the FTC's Center for Medicare and Medicaid Services.

Who is Being Targeted?
Anyone can be the victim of this scam, but some groups are more likely to be targeted than others. The new law has special provisions for the following groups:

People 65 years or older
Persons with disabilities
Owners of small businesses

(This is a public service message from the Jacksonville Sheriff's Office)


Member Alert 06/11/13

Claims Process for Ponzi Scheme

The Claims Process for the Rex Venture/Zeek Rewards Ponzi Scheme has been approved by the U.S. District Court for the Western District of North Carolina and implemented. As of May 15, 2013, individuals who believe they have been affected by the scheme may file a claim using the online claim form located here:https://cert.gardencitygroup.com/zrw/fs/home. The claim process will be available until September 5, 2013.


Member Alert 01/26/12

Phone Phishing Attacks

Recent reports indicate an increase in phone phishing attacks on consumers and possibly credit union members. Individuals being targeted receive a phone call with a pre-recorded message. The automated message says the individual’s card has been closed and to re-activate the card they must enter their 16 digit card number, PIN, card expiration date, etc.  In some cases there is no number attached to the call.  This same type of phishing attack can also occur in a text message.

Don’t fall prey to these types of scams. VyStar Credit Union will never solicit personal or financial information. Do not respond to requests for information unless you initiate the request - this includes requests via e-mail, phone, text messaging or through the mail.

 

Member Alert 12/22/11

Malware/Phishing Scheme

It has come to our attention that a few of our members may be affected by a malware/phishing scheme when they log into Internet Banking. The scheme causes a "risk monitoring" message to appear that asks members to enter personal information (Social Security Number, Date of Birth, Mother's Maiden Name, etc.) for verification purposes. VyStar Credit Union will never solicit personal or financial information. Do not respond to requests for information unless you initiate the request - this includes requests via e-mail, phone, text messaging or through the mail.

 

Member Alert 12/21/11

ATM Fraud - Card Skimming

Recently, there has been a new type of fraud being perpetrated in the area. This type of fraud is called card “skimming”.

What is skimming? It's the illegal act of placing a skimming device (false face plate) over the card slot of an ATM. These devices can look legitimate and come in different shapes and sizes – often matching the equipment on the machine. A camera/mirror device may also be affixed to the ATM to observe victims entering their personal identification number (PIN). A false key pad is sometimes used. 

 

 

ATM SkimmingHow does skimming work? When someone inserts their card to perform an ATM transaction, the card travels through the skimming device and the magnetic information on the card such as the name on the account, account number, and PIN embedded in the magnetic strip is recorded. A camera/mirror is used to record the victim entering their PIN.

Once a card is swiped, the information contained in the magnetic strip is stored in the electronic skimming device. At a later time, the criminal will return to the ATM and retrieve the skimming device and camera/mirror to obtain the victim's stolen card information. The magnetic strip is copied onto another card and the stolen PIN is matched to it.

The ATM card account information as well as the matching PIN can be sold, used to order items online, to make counterfeit ATM/debit/credit cards or to withdraw money from the victim's accounts.

Most ATMs are not safe from this type of crime. Don't be a victim. When using an ATM always check the ATM equipment and the area around it closely for suspicious activity. Look for loose fitting (card slot) face plates. Be sure to hide your PIN whenever entering it into a machine. If you think a skimming device has been placed on an ATM, notify police immediately.

NOTE: When a skimming device is placed on an ATM, the cardholder/victim can perform their ATM transactions unaware that their information has been recorded. Skimming operations often occur after hours and over weekends so criminals can retrieve the information prior to normal business hours.

 
Member Alert 11/21/11
 
Tips for Institutions and Consumers
 
The American Bankers Association (ABA) would like to remind consumers that socially engineered schemes rely on methods financial institution would never employ. To avoid fraud:
  • Never give out personal or financial information in response to an unsolicited phone call, fax, e-mail or text.
  • Contact the financial institution to confirm the legitimacy of any e-mail that asks for the submission of personal or banking account information.
  • Check credit card and bank account statements regularly for unauthorized transactions, even small ones.
  • Make sure websites are secure when submitting financial information online. Check for padlocks or key icons at the bottoms of Internet browsers. Most secure Web addresses also use "https."
  • Report suspicious activity immediately to your financial institution or the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.
  • Contact your financial institution immediately if a phishy link may have been clicked or a suspicious communication responded to.

(This is a public service message from the American Bankers Association.)

 
Member Alert 06/15/11
 
Automated Phone Message Scam
 
We have heard that residents in the area have been receiving pre-recorded phone messages with the warning that their cards (from any financial institution) have had a hold placed on them. They are instructed to select a certain number to remove the hold at which point the card number is requested.  Please do not respond to these types of calls.
 

Member Alert 10/18/10

8 Smartphone Security Tips

Here are eight tips to staying safe on your Smartphone. Whether your Smartphone is used for business or pleasure, securing the computer in your pocket is just as important as securing the computer on your desk.

  1. Setting a password and auto lockout feature on your phone.
    Many of the applications on your Smartphone when launched are already authenticated for ease of use (e.g. Facebook, Internet Banking applications, etc.). Many of these applications contain confidential information that is easily accessible from your phone. Add to this the facts that while traveling, people tend to lose their phones in airports, cabs, and other public places. Setting a password is the simplest way to keep your confidential data safe if your phone goes AWOL during the hustle and bustle of every day activities. Make sure that your password is strong enough so that a thief can't easily guess it and that you employ an auto lockout feature that will lock the phone after a certain amount of inactivity.
     
  2. Always keep an eye on your phone while traveling or when you're on the go.
    When you are out dining or at locations where you might leave your phone unattended (e.g. park, beach, department store or shopping mall). Be vigilant and keep your phone on you or in a safe location out of sight so that it can't be stolen. Additionally, when you’re going through airport security, watch your phone as it enters the x-ray machine and retrieve it immediately when it comes out—thieves will often steal phones during the few seconds where people don't pay attention as they go through the security check point process. If you set your phone down on a counter or table, don't let it out of your sight.
     
  3. Don't click on links in text messages from people you don't trust.
    When you are out dining or at locations where you might leave your phone unattended (e.g. park, beach, department store or shopping mall). Be vigilant and keep your phone on you or in a safe location out of sight so that it can't be stolen. Additionally, when you're going through airport security, watch your phone as it enters the x-ray machine and retrieve it immediately when it comes out—thieves will often steal phones during the few seconds where people don't pay attention as they go through the security check point process. If you set your phone down on a counter or table, don't let it out of your sight.
     
  4. Keep Wi-Fi and Bluetooth off when you aren't using them.
    Airports, coffee shops, and hotels are especially attractive targets for hackers, as they can use Wi-Fi and Bluetooth to attack phones and steal information. The easiest way to stay safe (and conserve battery) is to turn Wi-Fi and Bluetooth off when you aren't using them. When you use Bluetooth, make sure it is in non-discoverable mode. When you use Wi-Fi, always try to use an encrypted network or use a VPN if your work has one, otherwise, hackers can easily "sniff" your data out of the air.
     
  5. Back up your data.
    Make it a habit to synchronize your Smartphone or device regularly to ensure you back up your data—it only takes a few minutes. If you happen to lose your phone or it gets damaged by environmental elements (e.g. rain, sand, etc.), you'll be up and running in no time.
     
  6. Apply software/firmware updates from your carrier or phone vendor.
    Carriers and phone manufacturers routinely provide software or firmware updates to fix security vulnerabilities that hackers can use to attack your phone. Even if you get a brand new phone, it may be out of date. Check on the carrier or phone manufacturer's website for any available updates and be sure to apply updates as soon as they are available in the future. Just like a desktop or laptop computer, staying up to date is your first line of defense from hackers and viruses.
     
  7. Only download applications from reputable sources.
    Getting a new phone? The first thing you will likely do is download apps—lots of them. You will probably download more apps on your phone than you have on your computer. Make sure to download responsibly: it is safer to use application marketplaces provided by your carrier or phone vendor than to download directly from the web. Some sites have hosted repackaged versions of popular mobile apps—such as Google Maps—that include spyware. Malware and spyware can still sneak in to marketplaces however, so be careful, especially with applications from unknown developers that have poor ratings or low download numbers.
     
  8. Safe Disposal of your Smartphone.
    Two important items to consider when disposing of your Smartphone:
    1. Make sure you have deleted all your personal information and restored your phone to factory defaults. Refer to your Smartphone manual for guidance on ensuring your phone has been purged of any and all sensitive data or information (e.g. contacts, email, pictures, texts, voicemail, authenticated applications, etc.)
    2. Cell and Smart-phones have been classified as hazardous material because of the electromagnetic radiation and electronic composition and can be very hazardous and damaging to the environment if not disposed of properly. Click here to learn how you can donate or dispose of your phone safely and in a responsible manner.

Member Alert 07/30/10

Cashier's Check Fraud

A scam has been reported that involves counterfeit cashier's checks using a credit union's information in the states of Alabama and Florida. It has been determined that the checks, each written for $4,800, were counterfeit.

Here are some Cashier's Check fraud red flags:

  • If you don't know the buyer, you simply cannot assume that a cashier's check is just as good as cash.
  • A stranger sends you a cashier's check out of the blue and asks that you deposit the money and send them a portion of it back usually by wire transfer.
  • A stranger wants to use a cashier's check to purchase a product and for various reasons, the cashier's check is made out for an amount in excess of the purchase price. Then, the buyer asks you to accept the full amount and send the overpayment back to them or to a third party.
  • If faced with any of these situations, it’s probably cashier's check fraud. Don’t send any money until you assure that the paying bank has actually paid the funds.

Member Alert 07/20/10

Automated Phone Message Attack

There are reports of an automated message attack in some areas of the country. This involves a pre-recorded phone messages that are being delivered to random consumers with the warning that their debit cards have been closed. When the consumer calls the telephone number provided by the fraudsters they hear a recording that requests a 16-digit card number and PIN. Please do not respond to these types of calls.

(This is a public service message from FICO.)


Member Alert 05/19/10

Text Message and Phone Phishing Attacks

Recent reports indicate an increase in text message and phone phishing attacks on consumers and possibly credit union members. Many of the individuals being targeted do not belong to the financial institution whose name appears in the text message or phone call. The automated message indicates the individual’s card has been de-activated and to re-activate the card, they must enter their 16 digit card number, card expiration date, PIN, etc. In some cases there is no number attached to the call.

Don’t fall prey to these types of scams. VyStar Credit Union will never solicit personal or financial information. Do not respond to requests for information unless you initiate the request - this includes requests via e-mail, phone, text messaging or through the mail.

(This is a public service message from CUNA Mutual Group.)


Member Alert 02/26/10

Beware of Telephone Sales Calls

Beware of telephone sales calls – they may be a scam. Recently it is reported that fraudulent calls are being made to unsuspecting victims where a representative tells the person they have been approved to lower their credit card interest rate. The representative (fraudster) asks for the victim’s current credit card balance and account number, and if the card balance is near the credit limit.

For individuals who have caller ID or can view the number of the representative calling, the number (253) 561-7905 will appear. When this number is dialed, there is no option to speak to a representative – only to be placed on a "do not call" list.


Member Alert 02/24/10

Tax Preparer Scams

Tax-filing season brings out tax-preparation fraud. The latest scheme involves tax refunds transmitted as a direct deposit or automated clearing house (ACH) credit.

In this type of fraud, the victim unwittingly provide the bogus tax preparer with personal information such as their name, social security number, bank account numbers, investment information and more so the preparer can complete the tax forms. The tax preparer scam usually inflates information to obtain a larger refund. Some victims have found their tax preparer has claimed children they don't have, day care expenses and so on.

The tax refunds are transmitted as a direct deposit (ACH credit) to a newly created account or to an existing account with an impersonator added as a joint owner. These accounts are established by an impersonator or a recruiter. Once the tax refund is deposited into the account, the impersonator or recruiter withdraws the tax preparation fee. The remainder of the ACH credit goes to the refund recipient.

Don’t be a victim of these types of scams which can range from filing false returns to convincing victims they don't need to pay income taxes. Be careful of preparers that base their fee on a percentage of promised refund or claim to know something special that can help you.

(This is a public service message from CUNA Mutual Group.)


Member Alert 01/08/10

Beware of Craigslist Recruitment Scams

Beware of advertisements that may appear on Craigslist as part of member recruitment scams nationwide. The ads solicit current credit union members and offer $75.00 or more for their assistance in gaining membership for ineligible individuals. This scam is targeting credit unions and members across the country.

Examples of Craigslist Recruitment Scams:

If your a XYZ Credit Union Member MAKE SOME EXTRA $$
This is NOT a scam! I am willing to call you and discuss extensively! I need a XYZ Credit Union Member to sponsor me into the credit union. I am willing to pay $100 USD for this service. Please email me and we can discuss this in detail. This is a 1 day process and I want to become a member for investment account/interest rate purposes.
Need to find a XYZ Credit Union Member
I was just approved for a visa credit card with XYZ Federal Credit Union and they called me and said that they can not process the application if I do not know any existing member or if I am not employed at one of the list of companies they have. To become a member you have to know a member. So now my app is on hold until I can find someone who is already a member. If you know someone, please tell them to contact me. I am willing to pay $500. And all they ask for is the members name and member number. Thanks.
ABC and XYZ Members Needed!!!
If you are a ABC or XYZ Federal Credit Union member we will pay you $75.00 per member to sponsor other that would like to join the credit union but do not meet the membership requirements. Please email for details.

Beware of these types of scams. Your credit union or its members would never conduct or be required to conduct business this way. Contact your credit union directly if you have any questions, concerns or suspicions.

(This is a public service message from CUNA Mutual Group.)


Member Alert 12/16/09

Holiday Fraud Prevention Tips

  1. Ensure that receipts reflect the correct transaction amount
  2. When performing a PIN transactions, ensure others are not capturing your PIN number
  3. When using a debit card, you may select “credit”, which requires a signature and extends the $0 member liability under the Visa / MasterCard association rules
  4. Review all accounts (checking, savings, credit card) activity daily
  5. Lower your credit line limit during the holidays
  6. When paper checks are converted at a merchant to an ACH, store voided checks safely to prevent counterfeit checks or unauthorized ACH transactions
  7. Be suspicious of emails from unknown parties; don’t open the email or click any links within them
  8. Access your credit union’s authorized website by typing the website into the address bar of web browser to avoid “spoofed” websites attempting to steal your information
  9. Shop online with trustworthy merchants who require security information such as address verification and the CVV2/CVC2 number on the back of your card
  10. When shopping in person or using an ATM, be aware of your surroundings and report any unusual activities to your credit union
  11. Never leave your purse, wallet, or cards unattended
  12. And finally, if an offer seems too good to be true, it probably is, so be cautious

Member Alert 12/03/09

Holiday Scams and Schemes

Fake charity websites: They're out there and asking, pleading for your credit card information. Stick with the well known ones.

Fake delivery invoices: If these fake delivery invoices are opened, they usually deliver some nasty malware onto the computer. If you owe someone money, they're going to call you or send invoice via snail mail.

Fake "New Friend Request" emails: These are sneaky, so be on the watch for these on Facebook and other social media sites.

Holiday e-Cards laden with computer viruses: One word describes these potentially virus-laden missives -- dangerous. Check with the person who supposedly sent it to you; if it doesn't jibe, delete! Even if legit, scan for viruses.

Unsecured, public area computers: Unsecured? Enough said. Many times key loggers and sniffers are placed on there by criminals to watch and record every key stroke. Even checking your email is dangerous on public area computers.

Fraudulent holiday-related websites: beware!

Job-related email scams: The recent FDIC warning on ACH fraud noted that money mules were being used to move the stolen funds. These scams are where the hackers hire those mules.

Auction site fraud: The classic fraud via sites such as eBay and others aren't going away. Buyer beware! If it looks or sounds too good to be true, walk away.

Password theft: This is done in myriad ways, so caution is the watchword. Also, remind your members to change their passwords frequently and not use the same password for every site they visit.

E-mail banking scams: Be watchful for the typical phishing, vishing, and smishing scams. Criminals are using more than just the computer to get what they want.

(This is a public service message from CU Info Security.)


Member Alert 12/03/09

Prevent Holiday Thefts – 10 Rules for Safer Online Shopping

  1. Shop only at Internet merchants you know and trust. If in doubt, check with the Better Business Bureau.
     
  2. Never share your Internet passwords with anyone. Use different passwords for different Web sites.
     
  3. Do not provide your social security number, birth date or mother's maiden name in an email or within a Web site. When an email asks for this kind of information, this is a sure sign that the sender is up to no good.
     
  4. Install the latest anti-virus software, anti-spyware and firewalls on your computer before shopping online. And keep them up-to-date with the latest patches. (Note: Buy these from a reputable software security vendor, not from an unknown security company; otherwise you may get infected with the malware you're trying to prevent!) Visit OnGuardOnline.gov or staysafeonline.info to learn more about security software, firewalls and other ways to secure your computer. To sign up for free cyber alerts and tips from the Department of Homeland Security visit: US-CERT.gov.
     
  5. Practice safe behavior when it comes to your email. If it looks weird, or comes from an unknown person, don't open it.
     
  6. Make sure the company is on a secure server by noting whether the Web address starts with "https." Check for a padlock icon at the bottom of the browser. Click on the icon and you should see the site address. This address should match the Web site address at the top of the page. If they don't match, you may be at a fraudulent Web site.
     
  7. During the holiday season (and year round) check your credit card and bank account transactions online. Don't wait for the bill to come in the mail. A little bit of monitoring can stop unapproved use of your credit cards or criminals dipping into your bank accounts. It's also a wise thing to check your credit reports on a regular basis for incorrect information that may be a sign of identity thieves at work.
     
  8. Keep printouts of the Web page describing the item you ordered and the price you're paying, any e-mail messages, and the page that shows the seller's name, address and telephone number.
     
  9. Never buy anything, no matter how good the advertised price is, from an unsolicited email (spam). When tempted to buy that replica watch because that's exactly what your friend wants, just imagine that same item being sold from a cardboard box out of the car trunk by an unsavory looking individual. Also remember, buying from a spammer could cost much more than the price of that cool replica watch -- giving your credit card information to unknown entities over the web may place your identity in jeopardy.
     
  10. Finally - Turn off the PC when you're done shopping. With the proliferation of broadband Internet access, many users now leave their computers on 'round the clock. This opens up the door for criminals who, once they've infected your PC, will turn it into their "robot" and commit cyber crime.

(This is a public service message from CU Info Security.)


Member Alert 05/07/09

PIN Reversal Rumor

Recently, false material has been circulated through email, blogs and TV regarding PIN (personal identification number) Reversal at ATMs. The rumor explains that by reversing the numbers of your PIN at an ATM (example: 1234 is keyed in as 4321) you signal an emergency and police will be dispatched to assist. Please be aware that PIN Reversal is not a valid security option at any ATM – this information is simply not true.

Always take the proper safety precautions when using ATMs. Our website provides ATM Safety Tips to help you avoid a problem.


Member Alert 04/06/09

Check Card Fraud Alert

Some VyStar members have reported a SCAM regarding a text message they have received that asks them to verify their Visa Check Card information or to call to find out why their debit/ATM card number xxxxxxxx is blocked. The text message purports to be from Southern Commerce Bankcard Confirmation and instructs the recipient to call either 877-824-6823 or 877-250-8413.

This text message has nothing to do with VyStar Credit Union. Do not respond.

If you have suspicions about anyone that contacts you or you suspect fraud may have occurred on your accounts, report it to your credit union at (904) 777-6000 or 1-800-445-6289.

It is very important that you monitor your account transactions, routinely. In addition, VyStar’s Electronic Security Protection (ESP) provides automatic protection for your debit, ATM and credit card services. Click here for more information.


Member Alert 03/20/09

ATM Fraud - Card Skimming

ATM SkimmingRecently, there has been a new type of fraud being perpetrated in the area.  This type of fraud is called card “skimming”.

What is skimming?  It's the illegal act of placing a skimming device (false face plate) over the card slot of an ATM.  These devices can look legitimate and come in different shapes and sizes – often matching the equipment on the machine. A camera/mirror device may also be affixed to the ATM to observe victims entering their personal identification number (PIN). A false key pad is sometimes used.

How does skimming work? When someone inserts their card to perform an ATM transaction, the card travels through the skimming device and the magnetic information on the card such as the name on the account, account number, and PIN embedded in the magnetic strip is recorded.  A camera/mirror is used to record the victim entering their PIN. 

Once a card is swiped, the information contained in the magnetic strip is stored in the electronic skimming device. At a later time, the criminal will return to the ATM and retrieve the skimming device and camera/mirror to obtain the victim's stolen card information. The magnetic strip is copied onto another card and the stolen PIN is matched to it. 

The ATM card account information as well as the matching PIN can be sold, used to order items online, to make counterfeit ATM/debit/credit cards or to withdraw money from the victim's accounts.

Most ATMs are not safe from this type of crime. Don't be a victim. When using an ATM always check the ATM equipment and the area around it closely for suspicious activity. Look for loose fitting (card slot) face plates. Be sure to hide your PIN whenever entering it into a machine.  If you think a skimming device has been placed on an ATM, notify police immediately.

NOTE: When a skimming device is placed on an ATM, the cardholder/victim can perform their ATM transactions unaware that their information has been recorded. Skimming operations often occur after hours and over weekends so criminals can retrieve the information prior to normal business hours.


Member Alert 02/20/09

Important Notice to Members

We have recently received a very large list of VyStar credit and check cards potentially impacted by the recent Heartland data compromise. This compromise took place during the third and fourth quarter of 2008, and has involved millions of cards throughout the nation. We understand that only credit card numbers and/or names were involved in the compromise. No personal information such as social security numbers, birthdates, addresses, etc. were taken. Because we are committed to ensuring your accounts are safe, we have systems in place to help us detect fraud on your account and will notify you if we detect suspicious activity. We urge all of our members to watch their check card and credit card transactions closely, and contact us if you suspect unauthorized activity on your account. VyStar's Internet Banking is a great resource to proactively view your account to ensure you haven't experienced any unauthorized charges.

FREQUENTLY ASKED QUESTIONS:

What is Heartland and what does it have to do with my VyStar credit card or check card? Heartland is a payment processing service that retailers use to process their credit and debit transactions from customers. It’s a back end process that is on the retailer side, not on the side of the financial institution.

What should I know about security and card fraud? The most important thing to remember is that you should never give out personal or account information to someone who calls you. If you are calling your Card Company or financial institution, always use the phone number on the back of the card. This will help ensure you're really speaking to the right person or company. Also remember that attempts at getting your personal information can come in any form. Do not respond to phone calls, emails, text messages or any other form of communication asking you to provide personal or account information.

How can I proactively protect myself against fraudulent card activity? VyStar Credit Union and Visa® are working closely together to catch any fraudulent behavior and protect your account. And remember, your Visa Check Card and Credit Cards are backed by Visa's Zero Liability policy, so even if your card or its number are ever lost or stolen, you won't be responsible for unauthorized charges. There are also some simple things you can do.

Protect your Personal Identification Number (PIN):

  • Never write down your PIN. Memorize it as soon as you get it.
  • Do not disclose your PIN to anyone. No one from any financial institution, the police or a merchant should ever ask for your PIN.
  • Beware of phishing emails. These are emails that appear to be from your credit union or online merchant asking for account information. Do not reply to them or click on any links. Visa, your credit union or any other legitimate online merchant will never ask for your PIN or other personal financial information via email.
  • At an ATM or PIN pad, enter your PIN discreetly, shielding the key pad with your hand.

What do I do if I spot suspicious activity on my account?

  1. Review your monthly statements to spot any unauthorized purchases. You can also monitor your account activity online at any time within Internet Banking at www.vystarcu.org.
  2. Review your credit scores for accuracy. Call any one of the three credit reporting agencies to receive your free annual credit report.
    Equifax
    800.525.6285
    Experian
    888.397.3742
    TransUnion
    800.680.7289
  3. If you spot any charges that you did not do using your credit card or check card, please contact us immediately at (904) 777-6000.
  4. You should also contact the three credit reporting agencies above to notify them of any suspected fraud or identity theft.
  5. Should you become a victim of identity theft, please contact us and our Theft Resolution (Identity Theft 911®) group will help you through the necessary steps to resolve the issues.

Who do I contact with questions or concerns? Our Call Center is available at (904) 777-6000 from 8:30 a.m. to 7 p.m. Monday through Friday and 9 a.m. to 3:00 p.m. on Saturday to answer any questions or concerns you might have.

Who should I contact if I feel that this is suspicious activity with my VyStar check card or credit card? Our Call Center is available at (904) 777-6000 from 8:30 a.m. to 7 p.m. Monday through Friday and 9 a.m. to 3 p.m. on Saturday. Contact Cardholder Services at 1-800-654-7728 after hours. Cardholder Services is available 24 hours a day, 7 days a week.

(This is an update from VyStar.)


Member Alert 1/9/09

New Phishing Activity

There have been several types of fraud attempts reported involving members that appear to be widespread geographically. Fraudsters are utilizing a variety of ways to obtain personal member information and are able to trick victims into divulging personal and financial information with the following schemes

  • Text messages sent to a member indicating they should call a specific number and provide credit card information based on a freeze on their account.
  • Computerized calls indicating possible tampering of their check cards and asked them to enter their 16-digit check card number. The phone number shown on Caller ID appears to be a legitimate number, possibly hijacked by the fraudsters.
  • Phone and text messages stating cards have been suspended and direct members to call a number to reactivate. When members call back, they are instructed to input their card numbers and PIN; counterfeit cards are then created and ATM/Debit card PIN-based transactions take place in foreign countries.
  • Fraudulent e-mail and text messages are sent to appear as if they are from the credit union. The credit union’s web site has been re-created by the scammer, who then asks members to enter their card numbers, expiration date, PIN, etc. Members are also being called in the middle of the night stating their cards are experiencing fraud, and they are then asked to provide personal information. Credit cardholders receive a telephone message from an unknown party who leaves a telephone number for the member to call. The caller ID read ‘economic relief.’ When members returned the call, they were prompted to press 1 to lower rates; a person then came on the line and asked for social security number, credit card number, etc.

VyStar Credit Union will never solicit personal or financial information. Do not respond to requests for information unless you initiate the request - this includes requests via e-mail, phone, text messaging or through the mail, and work with your internet provider or telephone carrier to shut down fraudulent sites or phone numbers.

(This is a public service message from CUNA.)


Member Alert 12/08/08

“Work-From-Home” Scams

Members have reported an increase in individuals losing money due to their participation in “work-from-home” scams. Potential employees are recruited through newspaper, email, and online employment services for jobs that promise the ability to earn money while working from the comfort of home. While these scams are not new, the current economic condition, combined with the upcoming holiday season, have led more customers to fall victim to these scams where they knowingly or unknowingly become mules for fraudsters who use their accounts to launder money or even steal from them.

For example, a customer may apply for a position as a “rebate processor,” “trading partner,” or a “currency trader.” Upon being hired, the new “employee” provides their bank account information to their employer or establishes a new account using information provided by the employer. The employee is instructed to wire money that is deposited into the accounts to drop boxes via Western Union. However, rather than processing rebates or trading currency, the customer is actually participating in a money laundering scheme where the fraudsters use the employee’s (mule’s) legitimate account to transfer stolen money to other accounts out of the country.

Tips for Avoiding Work-from-Home Scams:

  • Know who you’re dealing with.
  • Don’t believe that you can make big profits easily.
  • Be cautious about emails offering work-at-home opportunities.
  • Get all the details before you pay.
  • Find out if there is really a market for your work.
  • Get references for other people who are doing the work.
  • Be aware of legal requirements. Under Federal law, some types of work cannot be done at home.
  • Know the refund policy if you have to buy equipment or supplies.

(Information provided by BITS Financial Services Roundtable.)


Member Alert 10/23/08

Telephone Scam

Cardholders have received computer-generated calls claiming to be from their financial institution. The calls claim their accounts have been frozen and then direct the cardholder to call a toll-free number to leave their debit card information in order to reactivate any cards. The toll-free number includes a recorded message that asks the customer to key their account number, card expiration date and PIN.

Should you receive any questionable calls, please make sure you do not provide personal information. In addition:

  • Make sure you initiate the contact and that the institution verifies your identity with questions only you would know.
  • To verify whether a call is legitimate, call your institution or visit its website using phone numbers or internet addresses from your bank statement or account documentation.
  • Do not call back a number provided over the phone or click on a link in an email.
  • Most communications will include something that will concern or excite the victim.
  • If you have been a victim of a scam, file a complaint with local law enforcement and notify your financial institution.

As with all possible fraudulent situations, you are encouraged to take appropriate measures if a scam is suspected. Note: an excessive number of attempts at preauthorized small dollar amounts may be an indication of the intent to commit fraud.

(This is a public service message from Fiserv.)


Member Alert 10/22/08

FTC CONSUMER ADVISORY ON PHISHING EMAILS TIED TO BANK MERGERS

During October 2008, the Federal Trade Commission (FTC) released an advisory that warns consumers of fraudsters taking advantage of upheavals in the financial marketplace to sending phishing emails to collect personal and banking information. The FTC urges caution regarding e-mails that look as if they come from a financial institution that recently acquired a consumer's bank, savings and loan, or mortgage and provides advice about how to stay on guard against this type of scam. For information, see the advisory at http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt089.pdf or the FTC press release at http://www.ftc.gov/opa/2008/10/bankphishing.shtm

(This is a public service message from the Federal Trade Commission.)


Member Alert 9/11/08

Hurricane Scams Have Already Begun

Phishing Scams When Hurricane Katrina first hit in 2005, scams popped up within hours. Hurricane Gustav is no different, and Hanna, Ike and others will likely be the same in the days and weeks to come.  Chances are that any e-mail asking for donations is a scam, but the e-mail scammers are very tricky; they have created e-mails that sound authentic, tear at your heartstrings, and make you feel compelled to "donate" to disaster relief.  Web sites that claim to be legitimate Hurricane Gustav relief organizations have been created asking people to donate money by giving financial information and making a donation to the American Red Cross by clicking a bogus but legitimate-sounding domain name. If you want to make a donation through the Red Cross or another disaster relief organization, go to an organization's office itself, or the official Web site by typing in the domain name, like RedCross.org.

Viruses and Malware:  These e-mails usually are geared to getting you to open them and click on the attachment, which then infects your computer with a virus or malware.

Investment, Energy, and Security Scams Since 10% of the natural gas and 5% of the crude oil that Americans consume is produced off the U.S. Gulf Coast, it is very likely that a hurricane in the Gulf of Mexico will produce some investment, energy and security scams. After Hurricane Katrina, the SEC reported that e-mails being circulated claimed certain penny stocks would skyrocket in value. Reasons varied. Some were supposed to rise because of "refinery glitches."

Emails Look for emails asking for individual donations to help a victim's family; claims that a hurricane is "the wrath of God.", the victims were "wicked" and got what they deserved and then they ask for to donations to them, either for financial or identity theft purposes; mail claiming to be official government agencies, banks, credit card companies, Etc. that is asking for personal and financial account information; emails offering to locate persons that you know who are in the area affected by the hurricane, but requiring a fee to do so.

Contractor Scams Scammers pose as contractors and ask people for money so they can do immediate, upfront repair work. Of course, since they are not real contractors, they will never show up to do any repair work. Some real contractors also take advantage of the disaster by price gouging since there is a shortage of legitimate contractors.

In summary here are four ways you can keep yourself safe from hurricane scams:

  1. Use common sense.
  2. Never donate from an e-mail request. It's almost certainly a scam. Never click on the links in e-mails.
  3. Make sure any charity you donate to is legitimate. Find out how to tell if charities are legitimate here: http://www.scambusters.org/charities.html
  4. Don't open attachments in unknown e-mails. There is a good chance they contain viruses or malware.

(This is a public service message from CUNA.)


Member Alert 7/18/08

Financial Scam Alert – letters or emails from FinCEN

The Financial Crimes Enforcement Network (FinCEN) is reminding the public to be alert to ongoing financial scams that attempt to solicit funds from unsuspecting victims.

In some of these scams, individuals misrepresent themselves as FinCEN officials and try to trick victims into revealing confidential information. These scams may involve the fraudulent use of FinCEN's seal in a letter or email that claims to be an official correspondence. These scams often involve the enticement of a phony inheritance or sum of money, and claim that FinCEN is holding or blocking the transfer of funds.

Recipients of these letters or emails should not respond to such messages, and should not send money or provide any personal or confidential information. Those who believe that they are or have been a victim of a financial scam, should report this information to local, state, or federal law enforcement authorities.

FinCEN does not send unsolicited requests and does not seek personal or financial information from members of the public. FinCEN does not have authority to freeze assets or block funds transfers. In addition, these fraudulent letters or emails may purport to be from an overseas office of FinCEN. FinCEN does not have any offices outside of the United States.

(This is a public service message from FinCEN.)


Member Alert 06/30/08

Unsolicited text messages may be a Smishing Scam

Credit unions across the country are reporting that their member's are receiving unsolicited text messages. It's an attempt at Smishing, the latest form of phishing. In Smishing, an e-mail tries to lure a recipient into giving personal information via SMS, the communications protocol used to send text messages to a wireless device. The recent scam is targeting credit union and other financial institution members. In smishing, the members receive a text message via cell phone warning that their bank account has been closed due to suspicious activity. It then tells them they need to call a certain phone number to reactivate the account. Unsuspecting callers who dial the number provided in the text message will be taken to an automated voice mail box that prompts them to key in their credit card or debit card number, expiration date, and PIN to verify their information. If you have a question concerning your account or credit/debit card, contact VyStar Credit Union using a telephone number obtained independently, such as the phone number from your statement, a telephone book, or other independent means.

(This is a public service message from CUNA.)


Member Alert 06/25/08

More Smishing Attacks – service messages from credit unions

Smishing attacks have been reported by members of several credit unions.  Members have received Service Messages alleged to be from the credit union telling them that their account is being closed due to fraud.  The service message requests that the individual contact the institution to reactivate an account by calling a phone number with a 909 area code; calling that number results in automated requests to enter personal information, including card numbers.  If you receive one of these messages, do not respond at the number provided, call VyStar Credit Union at the number you normally use; 904- 777- 6000 or 800- 445-6289 and report the attempt so that your information can be protected.

(This is a public service message from CUISPA.)


Member Alert 04/25/08

2008 Economic Stimulus Refund Scams

  • Some people have received phone calls about the economic stimulus payments, in which the caller impersonates an IRS employee. The caller asks the taxpayer for their Social Security and bank account numbers, claiming that the IRS needs the information to complete the processing of the taxpayer's stimulus payment. In reality, the IRS uses the information contained on the taxpayer's tax return to process stimulus payments, rather than contacting taxpayers by phone or e-mail.

       
  • An e-mail claiming to come from the IRS about the "2008 Economic Stimulus Refund" tells recipients to click on a link to fill out a form, apparently for direct deposit of the payment into their bank account. The site, a copy of the IRS Web site, displayed an interactive page similar to a genuine IRS one; however, it had been modified to ask for personal and financial information that the genuine IRS interactive page does not require. This appears to be an identity theft scheme to obtain recipients' personal and financial information so the scammers can clean out their victims' financial accounts. In reality, taxpayers do not have to fill out a separate form to get a stimulus payment or have it directly deposited; all they had to do was file a tax return and include direct deposit information on the return.

It is important to note the IRS does not use e-mail to initiate contact with taxpayers about issues related to their accounts. If a taxpayer has any doubt whether a contact from the IRS is authentic, the taxpayer should call 1-800-829-1040 to confirm it.


Member Alert 02/21/08

FBI identifies recurring fraudulent e-mail scams

The FBI reports that cyber criminals are sending fraudulent e-mails to unsuspecting recipients about a complaint that has been filed with the Department of Justice, the Internal Revenue Service, the Social Security Administration, or the Better Business Bureau. They claim that the complaint names the recipient or their company.

The e-mails appear to be legitimate messages from the above departments. They address the recipients by name, and other personal information may be contained within the e-mail. The scam appears to be an effort to secure Personally Identifiable Information (PII), such as Social Security numbers and birthdates. The nature of these scams is to create a sense of urgency for the recipient to provide a response by clicking on a hyperlink, opening an attachment, or initiating a telephone call.

The FBI suspects this e-mail refers to a complaint that is in the form of an attachment, which actually contains virus software designed to steal passwords from the recipient. The virus is wrapped in a screensaver file, which most anti-virus programs are unable to detect as malicious in intent. Once downloaded, the virus is designed to monitor user name and password logins, and record the activity, as well as other password-type information, entered on the compromised machine.

  • If you have received these, or similar e-mails, file a complaint at www.ic3.gov. The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
  • If you have a question concerning your account or credit/debit card, contact your financial institution using a telephone number obtained independently, such as from your statement, a telephone book, or other independent means.

(This is an FBI Alert from CUNA)


Member Alert 02/06/08

IRS Alert – name and logo being used by fraudsters

The Internal Revenue Service has issued an alert, warning that the IRS name and logo is being used by fraudsters attempting to access the taxpayer financial information through e-mail, telephone, and cell phone text messaging.

Note: The IRS does not ask for personal identifying or financial information via unsolicited e-mail, telephone calls, or text messaging. 

The following scams are being used to trick taxpayers into divulging financial account information for fraudulent purposes:

  • Taxpayers receive a phone calls telling them that they are eligible for a sizable rebate for filing their taxes early, and they are told to provide their financial account information for direct deposit.
  • Taxpayers receive e-mails that claim they are eligible for a tax refund of a specific amount, and they are instructed to click on the link in the e-mail to access the refund claim form, which requires them to disclose financial account information.
  • E-mail notifications addressed to individual taxpayers claim that their tax returns will be audited. The individual is instructed to click on the link within the e-mail and complete forms disclosing personal and financial account information.
  • Businesses, accountants, and “Treasury” managers are receiving bogus e-mails regarding tax law changes. To obtain information on publications for businesses, estates taxes, excise taxes, exempt organizations, as well as IRAs and other retirement plans, the recipient is instructed to click on a series of links. The IRS suspects that clicking on these links downloads “malware” onto the recipient’s computer, which can be used to search for financial records and other private information.
  • A person claiming to be an IRS employee telephones taxpayers to say the IRS has mailed them a check that has not been cashed. The caller then asks for verification of financial account information.

If you receive an unsolicited e-mail purporting to be from the IRS, take the following steps:

  • Do not open any attachments to the e-mail; they could contain malicious code that will infect your computer.
  • Forward a questionable e-mail claiming to be from the IRS to phishing@irs.gov.
  • Use instructions contained in an article online at www.irs.gov titled "How to Protect Yourself from Suspicious E-Mails or Phishing Schemes." http://www.irs.gov/individuals/article/0,,id=155344,00.html
  • Contact the IRS at 800-829-1040 to determine whether the IRS is trying to contact you about a tax refund.
  • Remember that taxpayers do not have to complete a special form to obtain a refund.
  • If you have received this, or a similar hoax, please file a complaint at www.ic3.gov

 

MESSAGE OF THE DAY

Close