Current Scam Warnings
At VyStar Credit Union, we’re focused on keeping you, and your money, safe. Check back here for frequent updates regarding local, national and digital scams and other threats.
Zeus (aka Zbot) Trojan
Local reports of Zeus have been brought to our attention. Zeus, which was first detected in 2007, is the most widespread and effective banking trojan malware in the world. A banking trojan typically infects a victim’s devices via a malicious email attachment or through an infected website that the victim visits.
Once they take over the device, banking trojans are designed to recognize when the victim is visiting a financial institution’s website. The trojan then captures the victim’s personal information—such as login credentials, PIN number, etc.—using keylogging and other software that allows the criminals to manipulate the website and add seemingly legitimate pop-ups and forms that the victim fills out. Banking trojans can also redirect the victim to a fabricated website that looks deceptively similar to the authentic financial institution website, which dupes the victim into providing their sensitive information and can trigger a second factor authentication code, such as an SMS message. The Zeus trojan, in particular, rose to popularity because it has helped criminals steal hundreds of millions of dollars from its victims’ financial accounts.
Here’s how you can prevent a banking trojan like Zeus from infecting your computer:
- Don’t click on links or attachments in emails you did not expect to receive. This also applies to links on social media or texts received on your mobile device/smart phone.
- Ensure your computer operating system (Windows 7, 10, etc.) remain patched by setting updates to automatically install.
- Turn on Windows Firewall, if available.
- Ensure your computer has anti-virus software installed and ensure that it is:
- Set to automatically update with the latest malware definitions
- Set to automatically perform daily scans of your computer
Mobile device users should consider the following tips:
- Apple users: Avoid “jailbreaking” your device and install Apple system updates regularly.
- Android users: Never immediately install a system update that suddenly appears on your screen. Instead, check the Android blog to see if the update is legitimate. Installation of mobile security software is also essential for Android users.
Holding information hostage
Reports of threatening text messages and phone calls from scammers claiming to have personal information and/or a family member hostage have been reported in the Northeast Florida area. Scammers ask for money or their information will be made public or their family member will be hurt. While some information is of public record, if you receive a call or text of this nature, call the police and report it to the Better Business Bureau using their BBB Scam Tracker. Do not provide the caller money.
'WannaCry' ransomware
In the news today (May 15, 2017) is news of a new cyberattack noted as being the “biggest online extortion attack ever recorded”. Please note that VyStar was not affected by this.
'WannaCry' ransomware attack hit a 'limited number' of US companies representing many different branches of economy over the weekend, Homeland Security officials confirm to Fox News.
Here's what you can do to protect your PC:
- Install security patches timely. Set it for automatic downloads and installs.
- Keep your anti-virus software up to date.
- Always keep a backup of your computer and important files.
Google Docs Scam
A phishing email attack targeting Google users impacted millions across the country. Reports indicate that Google has shut the attack down. The messages can be identified by the recipients section, which show they were sent to “hhhhhhhhhhhhhhh@mailinator.com along with others who were Bcc’d. Delete the message. Do not open it.
If you believe you have been a target of this phishing attack and already opened the email:
- Reset your passwords immediately
- Refer to these steps on how to revoke Google permissions in Google
- Consider notifying your contacts that you were a victim of a phishing attack
Direct Deposit Text Scam
Members have been receiving text messages stating their direct deposits have been suspended. They are being asked to call 805-490-5546 and enter their debit/credit card number. This is not VyStar Credit Union. Do not enter your card number or any other information. Delete the message, do not reply.
Direct Deposit Text Scam
Members have been receiving text messages stating their direct deposits have been suspended. They are being asked to call 805-490-5546 and enter their debit/credit card number. This is not VyStar Credit Union. Do not enter your card number or any other information. Delete the message, do not reply.
Romance Scam
Romance scams involve phony online relationships that deceive the victim into handing over their cash. Here’s how it works: A criminal posts a fake profile and photographs on a dating website or social media platform, posing as someone looking for a relationship. When they find you—their target—on those sites, they engage you in romantic conversations through email, messages or chat sessions. Once they’ve won your trust and you’ve established a long-term online “relationship” with them, the person who claims to be “in love” with you tells you they have a problem and need you to send/receive money or packages on their behalf. Once you agree to push those items from one place to another, you’ve been caught in the money mule web.
Work-From-Home Scheme
Work-from-home schemes are bogus job offers that have been crafted to appear legitimate. You can typically encounter them in spam emails, on job search websites or on social networking sites. In actuality, these “opportunities” are just bait used by fraudsters to excite you and trick you into providing your account details so they can send you a large counterfeit check. (Sometimes no account information is provided; a check is just mailed to you with further instructions.) You’re then asked to transfer that money to a third party, usually located in a foreign country, through a wiring service for a small commission. The criminals may even go as far as inviting you for an interview or asking you to sign an employment contract. You may think you’ve scored the job of a lifetime, but the truth is that you will never get paid. Not only that, but now that your personal information has been stolen, you run the risk of losing money or being arrested.
Card Cracking
“Card cracking,” also known as “card popping,” is a ploy criminals use to target people who are in need of cash and trick them into facilitating fraud. It all starts with what seems to be a harmless post on social media outlets like Instagram, Facebook or Twitter that promises fast cash. After luring you in with the tempting deal, the con artist then fools you into giving them your financial account information, debit card number/PIN or online banking login credentials in exchange for a kickback (i.e., a small portion of illicit profits). They may also direct you to contact your financial institution and advise them that you will be traveling, even if you’re not. The fraudster uses that information to deposit counterfeit checks into your account and allows you to keep a portion of the money. The fraudster then quickly withdraws all the money from your funds before the financial institution catches on to the phony check. You are then forced to call the financial institution and falsely report that your information has been compromised—without mention that you gave the criminal your credentials—and ask that your money be returned, making you an accessory to the crime. Not only that, but you are also now on the hook for the stolen funds and may even be sentenced to time in prison.
Phishing Scheme - Targets W-2s
The Internal Revenue Service (IRS) warns payroll and human resource professionals of an emerging phishing scheme that has already claimed several victims within payroll and human resources departments. This phishing scheme purports to be from company executives (e.g., the chief executive officer) requesting employee payroll data, including W-2 forms and other personally identifiable information. The employees have responded and mistakenly emailed the requested information.
Example fraudulent emails received are as follows:
- “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”
- “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).”
- “I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.”
Text Message - Phishing for Debit/Credit Card Information
We have been alerted to a phishing scam. Some of our members have reported receiving a text message from a 410 area code. The text message states this is from the Fraud Department and your credit/debit card information needs to be confirmed due to a possible compromise. Once the call is returned, you're asked to enter your full card number and other card details.
Do not call the phone number or enter your card information. Delete the message, do not reply. VyStar's Fraud Department does not contact members to verify information in this way.
EMV-Chip Email Scam
According to Yahoo! Finance, there are reports of consumers receiving emails offering them an upgrade if their debit or credit cards have not yet had an EMV-chip sent by their credit union or bank. These emails are designed to look like they are from a consumer's financial institution. VyStar Credit Union has not sent an email regarding EMV-chip card upgrades. We will never ask for your card numbers through email. Do not reply with your personal information or click on any links if you receive this type of email.
Text Message Scam
Our members, the Better Business Bureau and news media have reported a text message scam. A text message similar to this is received:
The message asks the person to update information through a link on a website. When clicked, the link appears to be a banking website. Do not enter your internet banking or any other information. Delete the message, do not reply.