At VyStar Credit Union, we’re focused on keeping you, and your money, safe. Check back here for frequent updates regarding local, national and digital scams and other threats.
Please be aware that VyStar will never call you to request your personal information, such as your Social Security number, your date of birth, your credit/debit card number(s), the three-digit security code on the back of your credit/debit card or your Internet Banking username and password. If you receive a phone call from someone claiming to be a financial institution, insurance company or other organization requesting such information, you are most likely being contacted by an impostor. Do not give away your personal credentials. Instead, hang up and contact the company directly to confirm if the request is valid.
We have received reports from members that have received a text message that looks like the one pictured. This link is FAKE. Delete the text and please note VyStar will also not call or text you to request personal information. If the call or text sounds suspicious, please do not respond.
Because of the uncertainty many of us are feeling due to the coronavirus (COVID-19), scammers are viewing this time as an opportunity to capitalize on people’s fears and vulnerabilities. There’s no reason to panic, but you should be vigilant and take the appropriate precautions to ensure you and your finances remain secure.
One recent scam that has surfaced involves the upcoming stimulus checks the federal government will issue nationwide. Scammers are claiming to work for the government and are targeting individuals through calls, texts, emails and websites. They are asking for personal information in return for a stimulus payment.
Remember: Never provide information such as your Social Security number, bank account number, PayPal account information or anything else that could put your personal information at risk.
The Internal Revenue Service (IRS) specifies on its website that there is no sign-up required and no need to call regarding your stimulus check. Recipients will receive a notice by mail no later than 15 days after payment was distributed. That letter will indicate the amount of money sent, the delivery method used and a phone number to call if the funds did not arrive. For additional information regarding stimulus checks, please visit the IRS Coronavirus Tax Relief webpage.
We understand people may want to support local businesses and individuals who have been impacted by the coronavirus. However, it is important to verify the legitimacy of organizations and individuals to protect your personal information and accounts. Scammers are targeting victims by impersonating charities, medical professionals and health authorities.
Here is a list of additional COVID-19 scams that have recently surfaced:
As similar scams are likely to arise in the coming weeks and months, remember to be mindful and protect yourself and your finances.
Hackers have figured out that Zelle and similar apps can be used to commit fraud on your account. According to recent news reports, bank and credit union customers across the U.S. have received calls and text messages from scammers impersonating their financial institutions. The fraudsters state that your account appears to have been targeted by fraud, and then list several out-of-state transactions and ask you to confirm if they occurred—leaving you with the false impression they are trying to protect you.
You are then asked to verify your identity via a text code, not realizing the scammer is using this code to transfer funds out of your accounts through Zelle or similar apps. According to a recent NBC News article, “Thieves use spoofed calls, phone calls that look like they’re coming from an individual’s bank, and traditional hacking to access people's Zelle accounts…”
At VyStar, we will never contact you to request any of your personal information such as SSN, birthdate, card number, the three-digit code on the back of your card, a verification text code or your Internet Banking username and password. If you receive a call or text like this, hang up the phone or delete the text and contact us to confirm if the request is valid.
In addition, the Better Business Bureau has the following recommendations for reducing your chances of becoming a victim of fraud:
We have received reports from members that have received a text message that looks like the one pictured. This link is FAKE. Delete the text and please note VyStar will also not call or text you to request a one-time passcode. If the call or texts sounds suspicious, please do not respond to the text and hang up the call.
Please be advised that VyStar is aware of counterfeit Official Checks in circulation using the Credit Union’s name. These checks are being presented for payment nationwide in connection with various online employment opportunity scams involving mystery shopping.
Checks presented to date have been made payable in amounts ranging from $1,950 to $4,950 with various remitter names.
Potential victims of the mystery shopping scam have received correspondence accompanying the check, which contains the name of nationally known retail stores within the letterhead. The correspondence instructs the potential victims to confirm receipt of the packet by sending a text message to a phone number listed within the letter. The recipient is further instructed to either cash or deposit the funds at his or her financial institution as soon as possible. The letter informs the recipient to retain $200 - $400 for commission and fees. The remaining amount is to be used to purchase Walmart gift cards or Apple Store Gift Cards. The recipient may even be offered an additional monetary bonus if they complete the task within 24-48 hours because they know the bad check may not be returned within that time period.
Our Contact Center can validate whether or not an Official Check is legitimate, 904-777-6000.
Equifax Inc., one of the top three U.S. consumer credit reporting agencies, recently announced a data breach with potential impact to 143 million U.S. consumers. In their announcement, Equifax indicated “that criminals exploited a U.S. website application vulnerability to gain access to certain files.” Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017.
According to Equifax, the breached consumer data primarily includes:
Equifax has established the Cybersecurity Incident & Important Consumer Information website, which consumers can access to see if they were impacted by the breach. In addition, Equifax is offering free Identity Theft Protection and Credit File Monitoring to all U.S. consumers that can also be accessed from the Equifax website.
In addition, credit card numbers for approximately 209,000 U.S. consumers and dispute documents with personal identifying information for approximately 182,000 U.S. consumers were part of the Equifax breach.
VyStar recommends that you begin monitoring your accounts and card transactions to ensure fraud has not, or does not, occur. You can conveniently do so by reviewing your VyStar accounts and card transactions online via Internet Banking. VyStar offers several effective fraud prevention services, including our free Alert services and Zero Liability Protection. Please visit our Protection Center or call our Contact Center for more details.
A video scam claims bills can be paid online using fake routing numbers for a Federal Reserve Bank and other financial institutions, including credit unions. The scam claims electronic payments will be made through secret accounts or Social Security trust accounts in exchange for personal information such as a Social Security number.
These videos are being posted to social media sites, such as YouTube. The video instructs viewers through an online payment system and provided a fake routing number to use to pay bills. These payments are rejected and returned unpaid and can lead to service fees. The personal information entered into the system can be used for identity theft and fraud.
Any video, text, email, phone call, flyer, or website that describes how to pay bills using a Federal Reserve Bank or another financial institution's routing number or secret account is a scam. If you believe you have been a victim of this scam, please contact the VyStar Contact Center, 904-777-6000, or 800-445-6289.
A new Ransomware attack being reported in the news called “Petyawrap”, which has very similar characteristics to the WannaCry campaign reported back in May 2017. As we did with WannaCry, we will monitor this event and take action as appropriate.
Local reports of Zeus have been brought to our attention. Zeus, which was first detected in 2007, is the most widespread and effective banking trojan malware in the world. A banking trojan typically infects a victim’s devices via a malicious email attachment or through an infected website that the victim visits.
Once they take over the device, banking trojans are designed to recognize when the victim is visiting a financial institution’s website. The trojan then captures the victim’s personal information—such as login credentials, PIN number, etc.—using keylogging and other software that allows the criminals to manipulate the website and add seemingly legitimate pop-ups and forms that the victim fills out. Banking trojans can also redirect the victim to a fabricated website that looks deceptively similar to the authentic financial institution website, which dupes the victim into providing their sensitive information and can trigger a second factor authentication code, such as an SMS message. The Zeus trojan, in particular, rose to popularity because it has helped criminals steal hundreds of millions of dollars from its victims’ financial accounts.
Here’s how you can prevent a banking trojan like Zeus from infecting your computer:
Mobile device users should consider the following tips:
Reports of threatening text messages and phone calls from scammers claiming to have personal information and/or a family member hostage have been reported in the Northeast Florida area. Scammers ask for money or their information will be made public or their family member will be hurt. While some information is of public record, if you receive a call or text of this nature, call the police and report it to the Better Business Bureau using their BBB Scam Tracker. Do not provide the caller money.
In the news today (May 15, 2017) is news of a new cyberattack noted as being the “biggest online extortion attack ever recorded”. Please note that VyStar was not affected by this.
'WannaCry' ransomware attack hit a 'limited number' of US companies representing many different branches of economy over the weekend, Homeland Security officials confirm to Fox News.
Here's what you can do to protect your PC:
A phishing email attack targeting Google users impacted millions across the country. Reports indicate that Google has shut the attack down. The messages can be identified by the recipients section, which show they were sent to “firstname.lastname@example.org along with others who were Bcc’d. Delete the message. Do not open it.
If you believe you have been a target of this phishing attack and already opened the email:
Members have been receiving text messages stating their direct deposits have been suspended. They are being asked to call 805-490-5546 and enter their debit/credit card number. This is not VyStar Credit Union. Do not enter your card number or any other information. Delete the message, do not reply.
Romance scams involve phony online relationships that deceive the victim into handing over their cash. Here’s how it works: A criminal posts a fake profile and photographs on a dating website or social media platform, posing as someone looking for a relationship. When they find you—their target—on those sites, they engage you in romantic conversations through email, messages or chat sessions. Once they’ve won your trust and you’ve established a long-term online “relationship” with them, the person who claims to be “in love” with you tells you they have a problem and need you to send/receive money or packages on their behalf. Once you agree to push those items from one place to another, you’ve been caught in the money mule web.
Work-from-home schemes are bogus job offers that have been crafted to appear legitimate. You can typically encounter them in spam emails, on job search websites or on social networking sites. In actuality, these “opportunities” are just bait used by fraudsters to excite you and trick you into providing your account details so they can send you a large counterfeit check. (Sometimes no account information is provided; a check is just mailed to you with further instructions.) You’re then asked to transfer that money to a third party, usually located in a foreign country, through a wiring service for a small commission. The criminals may even go as far as inviting you for an interview or asking you to sign an employment contract. You may think you’ve scored the job of a lifetime, but the truth is that you will never get paid. Not only that, but now that your personal information has been stolen, you run the risk of losing money or being arrested.
“Card cracking,” also known as “card popping,” is a ploy criminals use to target people who are in need of cash and trick them into facilitating fraud. It all starts with what seems to be a harmless post on social media outlets like Instagram, Facebook or Twitter that promises fast cash. After luring you in with the tempting deal, the con artist then fools you into giving them your financial account information, debit card number/PIN or online banking login credentials in exchange for a kickback (i.e., a small portion of illicit profits). They may also direct you to contact your financial institution and advise them that you will be traveling, even if you’re not. The fraudster uses that information to deposit counterfeit checks into your account and allows you to keep a portion of the money. The fraudster then quickly withdraws all the money from your funds before the financial institution catches on to the phony check. You are then forced to call the financial institution and falsely report that your information has been compromised—without mention that you gave the criminal your credentials—and ask that your money be returned, making you an accessory to the crime. Not only that, but you are also now on the hook for the stolen funds and may even be sentenced to time in prison.
The Internal Revenue Service (IRS) warns payroll and human resource professionals of an emerging phishing scheme that has already claimed several victims within payroll and human resources departments. This phishing scheme purports to be from company executives (e.g., the chief executive officer) requesting employee payroll data, including W-2 forms and other personally identifiable information. The employees have responded and mistakenly emailed the requested information.
Example fraudulent emails received are as follows:
We have been alerted to a phishing scam. Some of our members have reported receiving a text message from a 410 area code. The text message states this is from the Fraud Department and your credit/debit card information needs to be confirmed due to a possible compromise. Once the call is returned, you're asked to enter your full card number and other card details.
Do not call the phone number or enter your card information. Delete the message, do not reply. VyStar's Fraud Department does not contact members to verify information in this way.
According to Yahoo! Finance, there are reports of consumers receiving emails offering them an upgrade if their debit or credit cards have not yet had an EMV-chip sent by their credit union or bank. These emails are designed to look like they are from a consumer's financial institution. VyStar Credit Union has not sent an email regarding EMV-chip card upgrades. We will never ask for your card numbers through email. Do not reply with your personal information or click on any links if you receive this type of email.
Our members, the Better Business Bureau and news media have reported a text message scam. A text message similar to this is received:
The message asks the person to update information through a link on a website. When clicked, the link appears to be a banking website. Do not enter your internet banking or any other information. Delete the message, do not reply.