Stagefright Android Text Message Vulnerability 7/2015
You may be hearing about the Stagefright vulnerability in the news. Stagefright is vulnerable to a remote code execution bug, allowing hackers to potentially infiltrate devices and access private information by sending a SMS message with a video in it.
If you use an Android device, as a security best practice, we recommend that you temporarily disable Multimedia Messaging Service (MMS). Disabling MMS will prevent media files from being sent to a device. Text messages and hyperlinks should continue normally. A description of the steps for disabling MMS is available at: https://www.twilio.com/blog/2015/07/how-to-protect-your-android-device-from-stagefright-exploit.html
You can also visit these sites below for additional information:
Scam Alert 3/2014
The Office of Consumer Protection at the Montana Department of Justice wants to alert you to a fast-moving phone scam called the largest of its kind, which is targeting taxpayers across the country. Victims have reported threats of license suspension, arrest and deportation.
What makes this timely scam so tricky? The scammers impersonate Internal Revenue Service (IRS) agents and demand payment for taxes owed, and often:
• know the last four digits of the victim's Social Security number;
• make caller ID appear as if the IRS is calling;
• send follow-up bogus IRS emails to support their scam; and
• call a second time claiming to be the police or Department of Motor Vehicles, and caller ID again supports their claim.
The IRS usually contacts people by mail, not by phone, about unpaid taxes. The IRS won't ask for payment using a pre-paid debit card or wire transfer, nor will they involve law enforcement or immigration agencies.
WHAT TO DO:
If you or a family member receives one of these calls, your best bet is to hang up. But if you do get into a conversation, don't give anyone money or credit card information over the phone and don't trust callers who use threats or insults to bully you.
Report the incident to the Treasury Inspector General for Tax Administration at 1-800-366-4484.
File a complaint with the Federal Trade Commission at www.ftc.gov. Add "IRS Telephone Scam" to the comments in your complaint.
If you owe or think you owe federal taxes, call the IRS directly at 1-800-829-1040 to verify information.
Call us at the Montana Department of Justice's Office of Consumer Protection at (800) 481-6896 or (406) 444-4500, or visit us at https://doj.mt.gov/consumer/for-consumers/
For more information, visit www.irs.gov.
Attorney General Tim Fox
Montana Department of Justice
Risk Alert - NCUA and CUAD warn of Vishing Scams 3/2014
The Credit Union Association of the Dakotas recently reported that credit union members in North Dakota have received "Vishing" calls that claim to be from the NCUA, telling them that their debit card has been blocked and asking them to follow a series of telephone prompts. Even though this alert involves North and South Dakota, this kind of scam can occur anywhere and credit unions should be warning their members of this incident.
The NCUA warns consumers to beware of this telephone fraud, known as a "vishing" scheme, that is using the agency's name in an attempt to obtain personal financial information.
According to CUAD, credit union members have been contacted by an automated phone call claiming to be from the NCUA and notifying consumers their debit cards have been compromised. The call then asks the receiver to follow prompts, which request personal information, including sensitive financial data and personal identification information.
CUAD recommends that anyone contacted by this so-called "vishing" scheme should immediately contact NCUA's Consumer Assistance Center Hotline at 800-755-1030 or by email at firstname.lastname@example.org to report the scam. Operators answer calls Monday through Friday between 8 a.m. and 5 p.m. Eastern.
The NCUA has stated that they neither seek personal information from consumers over the telephone nor handle day-to-day maintenance of member account information.
Target Increases Breach Numbers to 70 Million
Target Corp. announced Friday that personal information from as many as 70 million people may have been stolen in the data breach the company announced on Dec. 19. The announcement upped the ante on the nature stolen data.
The Minneapolis-based retailer had previously said about 40 million cards had been affected in the breach that lasted from Nov. 27 to Dec. 15.
Along with boosting the number, the company's announcement Friday added, "As part of Target's ongoing forensic investigation, it has been determined that certain guest information – separate from the payment card data previously disclosed – was taken during the data breach."
That includes names, mailing addresses, phone numbers or email addresses for up to 70 million people, the company said.
Information provided from the Credit Union Times, January 10, 2014.
Valley Federal Credit Union has mailed a letter to those members who were affected by this. To view letter, click here. Please do not hesitate to call us with any questions or concerns you may have.
Fraud Alerts & Information
Please be cautious when receiving a cashier check from any employment offered online. Shoppers, Car Wraps etc. There are so many scams out there. Please be sure you verify with the financial institution that the check was drawn on that it is a valid check before you deposit it or cash it! . Be extra cautious anytime they want you to wire them money back.
An extra step you can take to protect your identity is to check your credit score on an annual basis. Click on the provided link below for your FREE credit report.
Identity Theft: 01/28/2013
Which Accounts have this benefit? All consumer checking accounts include the identity theft recovery benefit.
You've Got an Advocate
No sign-up is necessary; you automatically have this benefit as part of you account. This benefit provides you and your family-three generations-managed recovery services to restore your good name, should you ever have an identity theft event. This includes services for you and:
- Your spouse or domestic partner
- Your dependents under age 25 with the same permanent address
- Your parents living with you or in elder care, with benefits extended up to 12 months after death
Our identity theft recovery benefits provide you and your family with the reassurance that if identity theft strikes, a professional is standing by, ready to restore your good name-no matter how long it takes.
Want to Be More Proactive?
Upgrade Your Plan
Be warned if someone is using your good name. Add daily monitoring of credit activity, recovery expense reimbursement with zero deductible, and more.....
$5.95 per month
IDSafe Choice Plus-Family
$9.95 per month
For more details click on link.
IRS E-Mail Scams 01/28/2013
Beware of e-mails purporting to be from the IRS or the U.S. Department of Treasury. Scam artists use tax season to phish for all sorts of personal information, including social security numbers, bank account numbers, pin numbers, names, birth dates, and other valuable information. These e-mails are often convincingly realistic, with government seals and intimidating language. Sometimes the e-mails will even ask the recipient to wire money in order to pay off "fines" or other fees. The e-mail may redirect the recipient to a website which is designed to look like a legitimate government website, but is in fact a fake site used by scammers to steal more information. The actual IRS does not solicit your personal information through e-mail. In fact, they already have your personal information. The real IRS website is http://www.irs.gov/ .
As of 01/28/2013
NACHA has alerted the financial services industry of a recent phishing attack where the email is purportedly sent by NACHA. The subject line of the email states, "Unauthorized ACH Transaction." The email contains a link to a fake web page infected with malware. Credit unions should advise employees and members to not click on the link. The email and the related website are fraudulent. Phishing emails frequently contain links to fake websites infected with malware (malicious software), such as Trojan keyloggers. Do not click on links contained in unsolicited emails from unknown parties, or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
Beware of Scam Regarding Your Credit / Check Cards 01/28/2013
With the holiday season approaching, shoppers increasingly use their credit and debit cards to make purchases at the mall, on the Internet, or over the telephone. When plastic card use increases this time of year, so do the scams.
A new twist on phishing aims to obtain the three-digit security code printed on the back of VISA and MasterCard credit and debit cards. The phishers are trying to get enough information to perform fraudulent card-not-present transactions (Internet, telephone, and mail-order purchases).
Under this scam, a telephone call is placed to a legitimate cardholder. The caller claims to be a representative from VISA or MasterCard informing the cardholder of suspicious card activity. The caller provides details of an unusual transaction and asks if the cardholder made this purchase, which, of course, the cardholder did not. The cardholder is then asked to verify possession of the card. To do so, the cardholder is asked to read the three-digit security code on the back of the card. The fraudster then provides a control number in the event the cardholder needs to call back with questions, making the call seem legitimate.
The caller does not ask for the credit or debit card number, and that is why some members are fooled into believing the call is legitimate. But the fraudster already has the card number; what they don't have is the three-digit security code from the back of the card, and that is what they are after with this scam.
The three-digit code on the back of the Visa or MasterCard card is a security tool used for non face-to-face transactions. When conducting transactions that are not face-to-face, many merchants will ask the shopper for the three-digit code to complete a card authorization. If the criminal obtains this three-digit number and already has your member's card number, card expiration date, and billing address, the criminal may be able to obtain authorization for fraudulent transactions.
Members should never give that code to anyone who may contact them by telephone, Internet, or mail. This security tool is used when a card-not-present transaction is performed, and during the transaction the merchant may ask for the code to complete the authorization process. Never respond to any e-mail, telephone call, voice message, text message, or letter received through the mail that requests personal and financial information, including the three-digit number on the back of the card.