×
Routing Number: 307070050
Search
Search Our Site
Type a word or phrase in the search field below. If you are unable to find the information you are looking for, please contact us.
Kirtland Federal Credit Union logo

Welcome To The Insighter!

Explore the latest happenings at Kirtland FCU and learn about important topics from around the financial world. Here’s your insight!

All Posts > Security

Security Fraud

Financial wellness—the ability to have a healthy financial life—hinges on budgeting, managing debts and making smart decisions for the long-term. Financial wellness allows you to handle medical bills, afford housing and transportation, and have access to the credit you need. Education and good habits go a long way toward being financially well!

But, in this technological age, there are many obstacles that can derail your financial wellness. A big one on that list? Identity theft.

In 2018, the Federal Trade Commission processed 1.4 million fraud reports totaling $1.48 billion in losses. The time and money a victim will spend trying to recover from identity theft is significant and can impact financial wellness. And the emotional toll that an identity theft can take could affect a victim’s job, relationships, and physical health. The growing prevalence of identity theft and fraud means that identity theft protection has to a be a part of the whole financial wellness package.
 

What YOU Can Do

  1. Monitor your credit report regularly - Catching discrepancies early can limit losses. Your credit report is free to you. Download yours at Free AnnualCreditReport.com and check for accounts or activity you don’t recognize.
  2. Consider dark web monitoring - While dark-web monitoring doesn’t actually scan these sites for your information, it can help detect your information if it appears when stolen data is uploaded to sell. Learn more about the dark web now
  3. Practice good identity theft habits - Keeping your important information secret, setting strong, unique passwords, and staying aware of popular scams can help prevent you from falling victim to an identity thief. Learn more about how to keep your identity safe.

Extra Protection

Kirtland FCU partners with Identity Fraud, Inc. to offer a comprehensive suite of protection products that help minimize your risk of becoming a victim of identity theft. Services can include:
  • SSN Monitoring – to catch thieves using your social security number
  • Credit Monitoring – to identify unusual activity so you can take action
  • Credit Card Monitoring – scours chat rooms and online activity for your credit card information to identify potential fraud
  • DataSweep Monitoring – to identify your personal information online and alert you
  • Identity Insurance – should the worst happen, you’ll be covered
  • Lost Wallet Services - a 24/7 support team that helps you act quickly to limit your losses, maintain your good credit, and replace your lost or stolen cards
  • Keystroke Encryption Software - helps protect your identity by encrypting your keystrokes and hiding them from hackers, malware and key loggers intent on stealing your sensitive credentials while using the internet.
  • 24/7 Unlimited Resolution & Prevention Assistance - Staff ready to assist you with fraud resolution, no matter what type or how you experience identity theft.
Cover yourself with these protective services, and more, for less than $3 a month!

Explore and sign up for Identity Fraud, Inc. coverage!

Security Fraud

“It’s an older scam, sir, but it checks out.”

If you’re holding a check, made out to you, you’re going to want to read this before cashing it. Fake check scams have been around for a long time. Technology has opened up new avenues of implementing the scam, but the scam itself remains relatively unaltered. If someone you don’t know wants to pay you by check, be aware—it could be a scam. It could start with someone offering to buy something you’ve advertised on Facebook or Craigslist. It could come in the form of a supposed job opportunity! Or, it could be an even more enticing story of a sweepstakes win! Whatever the method, this scam is still in play for one reason: it works.

According to the Better Business Bureau’s 2018 Scam Tracker Risk Report, check fraud exposure (the likelihood of being targeted by a given scam) nearly doubled from 2017 with a median loss of $1,500 per incident! Fake checks are also a tactic in other types of scams, including employments scams.

Three Common Check Fraud Scams
 
  1. The Craigslist Overpayment - This one doesn’t have to be on Craigslist, but it will begin with the victim listing an item for sale, in a newspaper or online on Facebook or Craigslist. A buyer will send the victim a check for the item in a greater amount than the buying price. They’ll make up a convincing excuse and ask the victim to deposit the check and then withdraw the overpaid amount and send it back, usually in the form of a gift card. The check will bounce, and the victim is on the hook for the whole amount.
  2. The Employment Advance - This tactic is a crossover with employment scams. Usually, the victim will receive a fantastic job offer and an advanced check to cover supplies or training. The rest of the story follows the same path as the overpayment scam above.
  3. Winners! - In this one, the victim will receive a check to cover “taxes” on a fictional prize. The victim then pays the “taxes”. A few days later, the check bounces, and the victim is left confused—and broke.



Source: BBB 2018 Scam Tracker Risk Report

If you do deposit a check that is not from a friend or family member, wait at least two weeks to be sure it clears before spending any of the money.

If the check is indeed fake and bounces, you will not be out any of your own money. If you’re receiving pressure to do so, it’s a big red flag that the check may be fake.


How To Avoid These Scams


You can save yourself a big headache by taking these simple steps.
  • Inspect the check
    • Is the amount what you expected? There is NO LEGITIMATE REASON TO WRITE A CHECK FOR MORE THAN A NEEDED AMOUNT. Make sure the check matches the transaction.
    • Also, check the personal details on the check. Look up the bank or business associated with the check and call to confirm its validity.
    • If certain items such as a signature, address, or bank logo that are usually on a check are missing, or words are misspelled, don’t cash it. 
  • Consider the reason for the check
    • Did you prompt the sending of the check, or did it suddenly appear in your mailbox? Take some time to do a little sleuthing. Research the person or company the see if the payment makes sense. Trust your instincts! If it seems too good to be true, well, it likely is.
  • Don’t use the money
    • If you have a check that doesn’t pass the sniff tests listed above, and you haven’t cashed it yet, DON’T. Contact your credit union to discuss your concerns. If you already cashed it or deposited it, don’t spend the money. Credit unions and banks are required to make your deposited checks available to you within a certain period—for example, a government or cashier’s check is required to be cleared one business day after deposit. If the check has not yet been identified as fake, that money would still be available to you, even though the check is bad. Once the bounce happens, banks and credit unions have the right to withdraw the check from your account, even if you already spent the funds. If your balance can’t cover that amount, you could be facing negative balances and many more headaches.
  • Alert the authorities

Security Fraud

Ah, technology.

Our high-tech world moves at lightning speed, with communication and tasks often happening in real-time. In many ways, security has lagged behind innovation. Now, new security measures such as two-factor authentication  have emerged to protect the vast amounts of information and money that is exchanged online. But criminals are beginning to exploit those extra security measures and options, and you need to be on the lookout for this latest ploy to access your accounts.

Financial partner CO-OP, which owns and operates credit union ATMs nationwide, recently warned Kirtland FCU of a tactic called ‘SMishing’—phishing (posing as a legitimate company) via SMS text messaging. And it’s effective because of the popularity of texting. According to the Pew Research Center, 97% of Americans send at least one text every day. 

What The SMish?
SMishing, according to CO-OP, is a text is designed to look like an automated text communication from a legitimate company. There are two different methods of SMishing that we’ll discuss: the SMished text alert and the SMished two-factor. 

SMished Text Alert
Criminals in possession your debit card details and other forms of personally identifiable information (PII) are spoofing credit union phone numbers in an effort to fool credit union members into thinking that the text messages are actually from the fraud department of a particular credit union. Fraudsters are sending text messages under the guise of trying to validate recent card activity and are including hyperlinks within some text messages.
 
Fraudsters are also using text messaging to deceive credit union members into providing card-related data and login credentials. A typical SMishing occurrence can begin with a member receiving a text message inquiring about a suspicious transaction on an account. In reality, the fraudster is looking to obtain other information from members such as debit card numbers, CV2 codes, expiration dates, PINs and other web login credentials.

Before we go into how to spot one of these texts, you should know that there ARE legitimate texts that can come in from your credit union (especially if you’ve registered for Text Alerts  Online Banking login, transaction alerts for your cards, or use Text Banking. But there are key differences between a SMishing text and a valid text transaction alert).
 
SMishing Text Contains Legitimate Text Contains
A vague reference to a bank or no reference at all An abbreviated version of  your credit union's name
No specific card information The last 4 digits of the card number
No specific transaction information The amount of the transaction detail
No merchant information Merchant details
Hyperlinked phone numbers and/or web addresses No hyperlinks
Requests for card numbers, CV2 codes, passwords, PINs, expiration dates Reply options of: YES, NO or STOP (to opt out)

The SMished Two-Factor

Have you opted in to two-factor authentication for your financial accounts? Many companies and financial institutions are now offering two-factor authentication  as a way to make logging in faster and safer by requiring not only a username and password but the entry of a one-time code, sent through a different channel (usually e-mail, text, or voice call). Which means that if a fraudster obtained your username and password to a specific account, they would also need to have access to your e-mail account or phone to obtain the one-time code—an unlikely situation. Thieves are now calling members, posing as credit union employees, to get you to turn over the code while you’re on the phone with them!

While on the phone with a member, the fraudster logs into a credit union Online Banking site. When the one-time code is sent to the member’s phone, the fraudster asks the member to provide the code as a means to validate the member. When the information is shared with the person the member believes is a credit union employee, the fraudster uses the code to finalize access to Online Banking, which is typically followed by changing the Online Banking password and transferring funds from member accounts.

How To Miss The SMish
  • Be aware! By simply knowing of the possibility of a SMishing attack, you can keep an eye out for the signs
  • Never provide information via text. A legitimate credit union employee or alert text will never ask for personal information to be sent over unsecured channels, and you will NEVER be asked for your Online Banking password or two-factor code outside of your login attempt.
  • Never click hyperlinks in texts. Legitimate requests to validate card activity will request a simple response of YES or NO. They will not include hyperlinks to other websites or ask for any personal info.
  • Don’t believe the caller ID. It’s amazingly easy to spoof a phone number—to make it look like a call is coming from a legitimate source.
  • When in doubt, check! You can always call the credit union (Kirtland FCU member, call 1-800-880-5328) to check on the validity of a transaction alert or to report a request for information that seems, well, phishy.
 

Security Fraud

As cybercrime and identity theft continues its relentless increase in both prevalence and sophistication, are you taking advantage of all the ways you can increase security for your own accounts?

Passphrases > Passwords

‘Password’ is a terrible password. So is 123456 (alarmingly, the most common password in the nation). Why? Because these passwords are simple and easily guessed. And while an overly simple password is easy to remember, choosing one is the equivalent of installing a lock made of cotton balls on your front door—not what you want protecting your identity and your money. The problem is that long and complex passwords are not only difficult to guess (which is good) but difficult to remember (bad for the user).

The National Institute of Standards and Technology has recently revised its recommendation of using complex passwords in favor of using a passphrase—a sequence of words and other text. Passphrases are naturally much longer than passwords, making them more secure (usually).  Longer passphrases result in more “randomness” generally, making it hard for computers to figure it out—shoot for 4-5 random words (not ones that form a sentence or borrow from quotes or sayings).

The difference between passwords and passphrases is eloquently illustrated by science comic blogger Randall Munroe (XKCD):



If you have the option to use a passphrase (no requirements for special characters and no limit on length) do so! You will likely find that many of your apps and websites have yet to implement this change in recommendation with their own password requirements, so if you cannot choose a passphrase, make the password as random and as long as possible and avoid these common pitfalls:
  • Don’t use family names, birthdays, or other information that could be found elsewhere. (Make it hard to guess.)
  • Don’t use the same password for every application. (Make it unique.)
  • Don’t use short or common passwords like QWERTY or 123456. (Make it strong.)
If you have access to a password protected computer, you can use a password manager like Dashlane or LastPass to generate and remember tough passwords for your logins. Some browsers will also generate and remember your passwords if you ask it to, but be careful about using this functionality if anyone else has access to your computer. And DON’T use this option if you’re on a public computer or connected to unsecured Wi-Fi. In fact, don’t log into any program while connected to an unsecured Wi-Fi. It’s scary easy to steal information over an unsecured Wi-Fi connection.

The Two-Factor Option

Have you set up two-factor authentication yet? Many programs now offer this secure method of login, and you should be taking advantage of it. Google, for example, offers two-factor authentication: when you type in your Google password to log into Gmail or another of Google’s apps, you’ll also be asked for a second entry of a six-digit code that is texted to your phone (or sent to you via the Google app on your phone). Once an account’s two-factor authentication is set up, a thief would not only have to possess your password but your physical phone to access your account


Don’t want to enter a six-digit password every time? You can set Google to remember a personal computer but require two-factor authentication on new devices. Or, if you have a security key like this Yubico, you’ll be prompted to plug it into your computer’s USB port or touch it to your phone to complete the two-factor authentication—literally a physical key for your account! And a physical security key is about as safe an option as you can find.

Many sites and apps offer two-factor authentication—Facebook, YouTube, Google, various password managers, and many financial institutions, including Kirtland FCU Online Banking!

Online—you should be here!

If you’re thinking, “Geez, it’s too risky to be online! I’m just going to do banking the old-fashioned way, with checks and branch visits,” you might want to reconsider. Most financial institutions offer some version of online banking options, and if you don’t claim yours and set up your own passwords and security, you leave the path clear for a thief to do it for you. And you won’t have any way of knowing something has gone wrong until you get your next banking statement a month later! Setting up Online Banking and checking your accounts often allow you to:
  • Catch fraud and theft early
  • Limit losses
  • Secure your accounts with your own passwords and options
Technology is changing and improving every day. Make sure to take advantage of the latest options offered by each account and login you set up.

To register for your Online Banking account with Kirtland FCU, give us a call at 1-800-880-5328.

 

Security Fraud

It’s a buzz term that gets thrown around during discussions of data breaches and identity theft— the “dark web”.

You may have even seen advertisements for services that are supposed to alert you—or even claim to be able to remove your information—when your information is discovered there. But what is the dark web, and how can you keep yourself safe if your information ends up on one of these sites?

The dark web is a network of websites that can only be accessed with a special browser that renders the user anonymous and untraceable. Sites on the dark web make up about 3% of all websites and while not every site accessible on the dark web deals in illicit activity, it’s easy to see the appeal for an identity thief. After a data breach, information often floods the dark web, offered up for sale as a bundle of information for as little as $10 per bundle.

Many services will offer to scan the dark web for your information. Finding it is one thing; eliminating it is another. The former will allow you to take action to protect yourself. The latter is all but impossible.

Beware any service offering to scan the entire dark web

Because that’s impossible. The ever-shifting landscape of the dark web makes it impossible to crawl every site. One of the major differences between the normal web and the dark web, besides the multiple re-routes built between a user and a site, is the suffix of the sites themselves: sites on the dark web often end in .onion and have an incomprehensible string of numbers and letters before it. The last count of onion sites according to a 2017 Vice article was 1,208,925,819,614,629,174,706,176. And it’s not unusual for a site to appear for 12 hours and then vanish. We can’t even count these sites accurately, never mind crawl them in any kind of reliable fashion.

What a site will do to “scan” for your information is likely to look at the latest data dumps: files of information that do often end up on the dark web.

If you do a scan, and your information is found on the dark web, here are a few things to remember.
  • No service can erase your information. There’s no putting the genie back in the bottle. You should be leery of any service offering to erase your information.
  • Consider account alerts. Early detection of fraudulent activity can help you limit losses.
  • Mitigation is the name of the game. If you are alerted that your information is on the dark web, the best idea is to freeze your credit to limit fraudulent activity with your social security number. You should also order new credit and debit cards.
  • Monitor your credit frequently. Look for any unusual activity so you can take swift action.
  • Practice good security hygiene. Keep your data and passwords as private as possible.  Read here to find out more

Security Fraud
 
2019 is sliding into fall, but the Social Security scam calls are still hot. And people are still losing scary amounts of money because of them.

NO, THAT’S NOT THE SOCIAL SECURITY ADMINISTRATION CALLING

Consumer protection agencies call it the "Social Security impostor scam."

You get a call with a warning that your Social Security number has been suspended because of suspicious activity or because it’s been used in a crime. You are asked to confirm your number or told you need to withdraw money from the bank and buy gift cards in order to resolve the situation.

The phone call may be a robocaller with a message to "press 1" or dial a particular number to speak with a "support representative" from the government to reactivate your Social Security number. Or it could be a live person making threats against you for crimes committed with your Social Security Number unless you confirm certain information or send money to clear up the charges.

DON’T BELIEVE THE CALLER ID

The scammers may even use technology to spoof your caller ID to make it look like the Social Security Administration is really calling.

In the last 12 months, people filed more than 76,000 complaints about Social Security impostors, reporting $19 million in losses. The median reported loss last year was $1,500, the FTC said.

People are asked to give up the personal identification numbers (PINs) on the back of gift cards or use virtual currencies like Bitcoin to pay. (According to the FTC's consumer alert, people withdrew money and fed cash into Bitcoin automatic teller machines.)

After handing over the gift card numbers to the "Social Security office," one consumer interviewed by Fraud.org was told he would receive a refund equal to the amount he paid to unfreeze his account from the Federal Reserve. Of course, the refund never came, and the man lost nearly $20,000.

The scammers can be clever, and they will try new stories and new methods in order to keep their scam effective and claim the most amount of money they can. With numerous data breaches that have hit corporate America, fraudsters may already have accurate personal information about you, including your real Social Security number. The information is used to build trust and make the call seem more legitimate, he added.

How you can stay safe:

According to Fraud.org and the FTC, here are some important things to remember:
  • Social Security will never suspend your number, according to Fraud.org. If anyone tells you something different, you're being scammed.
  • Social Security will never call you and demand money. No government agency will demand you pay something using gift cards or Bitcoin either.
  • Don't trust your phone's caller ID. Scammers can make it look as if the Social Security Administration is calling and even use the agency's real number.
  • Don't give your Social Security number, birth date, home address, or any other personal information, to a caller on the phone.

If you have a question, check with the real Social Security Administration. The administration will never contact you out of the blue. The agency's number is 1-800-772-1213.

Talk about the scam with friends, family and neighbors. Report government impostor scams to the FTC at ftc.gov/complaint.

No legitimate business will call you to request your Social Security number, including Kirtland Federal Credit Union. Feel free to hang up on these calls. If you would like to check the legitimacy of a call, you can always initiate a call to the business yourself to check.
 

Security Fraud

It’s errand day! Get some Social Security numbers, pick up the birth dates, and open the fraudulent accounts—it’s a busy day for a thief.

You’ve seen warnings to “protect your identity”. But what information is most dangerous in the hands of a thief. What are they looking for that you may not be thinking of?
  1. Your Social Security Number When the Social Security Administration began assigning to employees via post office “typing centers” in November of 1936, it would have been hard to visualize how integral that identifier would become in everyday life the following century. More than just a way to claim Social Security benefits, our Social Security number has been adopted as the primary piece of identifying information used to transact business with the government, with your employer, with your financial institutions, and more. And it’s GOLD for a thief, opening doors to other pieces of information that would make it easy for a thief to impersonate you while opening accounts and incurring debt under your number and your name.
  2. Your Birthplace and Birth Date Do you post your birth date on your social media pages? While it’s an easy way to keep friends in the loop, your birth date is often used as another personal identifier on government documents and with financial institutions. And coupled with other activity on social media such as joining a group for your high school class, a thief wouldn't have a hard time figuring out the month, day, and year of your birth. And having your birthday float around the internet, especially attached to your real name, can be dangerous should a thief come across the information. The same is true for your place of birth, a piece of information that’s often used as a secret question for online account access.
  3. Your Financial Account Numbers Your bank account numbers, your credit and debit card numbers, even account numbers for your healthcare are prime items for identity thieves. Your financial account numbers provide direct-line access to your money and your credit. Combined with other info like your PIN, full name, birth date, and Social Security number, an identity thief hits the jackpot with this information.
  4. Your Banking PINs Coupled with the account numbers we just talked about, your PIN is the key that unlocks the treasure for an identity thief. PINs can be swiped with equipment like cameras at an entry pad (like a gas station) or even just guessed. Despite warnings, many people continue to choose 1234 and other easy-to-guess combinations as PINs. And if a longer PIN is available, use the longer form. Longer is more secure.
  5. Your Card Expiration Dates and Security Codes If you’ve ever used your card online or over the phone, these are the two pieces of information that are required to process transactions in addition to the card number. You can prevent a thief from using your card online, even with the account number, by keeping this information out of a thief’s hands. Beware any phone call or e-mail that is asking you for this information—it isn’t harmless!
  6. Your Address (Home and E-mail) Phishing attacks  work because the thief dangles easy-to-look-up information about you, making their request for more information or money seem to legitimate. And your e-mail address is 50% of MANY online logins if you’re like many others. It may be impossible to keep this information entirely secret but avoid inserting it social media posts. No sense making it EASY for the thief, right?
  7. Your Driver’s License Number Frequently asked for on government documents, your driver’s license number can make it much easier for a thief to go to the motor vehicles department and get a copy of your ID printed (in combination with other pieces of information or forged documents). With a printed form of government-issued ID, a thief can wreak havoc on your credit and your life. It’s easier to mine other pieces of information and open fraudulent accounts in your name. This number should be treated with almost as much care as your Social Security Number. This also goes for passports, taking the theft international.
  8. Your Phone Number Another piece of information that can be almost impossible to keep private. But be aware that in a thief’s hands, your phone number is a line to you. In combination with a name, a simple phone call to you to gather more information or coerce you into sending money is all it would take for a big payday. Some phishing calls are sent to random number: the thief doesn’t know anything about you. But with a name and a number? The attack can be a lot more personalized and harder to detect.
  9. Your Full Name You may not think this is valuable information, but it sure makes opening fraudulent accounts easier! And since many online merchants ask for your name as it appears on your card to complete credit card transactions, it’s easier to guess how it appears with a full name.
  10. Your Affiliations, Members, and Employer Remember how little pieces of valid information can be used by a thief to turn a phishing call into a target spear phishing attack? These pieces of information are perfect for that use. For example, if a thief knows you work for ABC Corporation, he can do a little research to come up with a logo. Spoof an e-mail address from that company that looks legitimate with the ill-begotten logo, and he can send e-mails to you or that appear to be FROM you to others.
 

WHAT YOU CAN DO:

Some of this information is really hard to keep secret; some is completely in your control. Here are a few tips to stay aware and safe.
  • Do not carry your Social Security card with you. This is not wallet material. Leave it at home in a secure place with other important documents.
  • Don’t write this information down. Leaving your Social Security number or other important information laying around, even without other identifying info, isn’t a great idea.
  • Be aware of your surroundings. If you’re asked for your Social Security number or other information to complete a transaction that you initiated, make sure there isn’t anyone around to eavesdrop. And if you are asked for that information during a phone call that you did not initiate, do not reveal it.
  • Don’t have your place of birth as a secret question if that information is available publicly.
  • Don't write any of this information down.
  • Keep track of scams. Many types of scams try to trick you into sending your financial information to a scammer, including dating site scams and IRS scams. Read about the most common types of scams to watch out for. 
  • Don’t write it down. It can be tempting to write down your bank card numbers to use online or lend your card to a family member to run an errand. But once your number is out of your hands, you have no control over who sees it.
  • Don’t post seemingly innocuous information online. Social media is a well-stocked pond of information for a thief. Using your full name, real birth date, posting photos with your address in them, or posting an e-mail address in a public area of the web are bad ideas.
  • Set hard-to-guess PINs and passwords. 1234 and 2580 and 4444 are all equally bad PINs. Make your PIN harder to guess with non-repeating and non-sequential digits. And ‘password’ is a bad password.

The key to staying safe is keeping as much information private as possible. And, if it’s not possible, be aware that others can gain that information and use it against you. Double check suspicious e-mails and unsolicited phone calls before revealing additional information or responding to requests.
 

Security Fraud

When it comes to the risk of identity theft, death isn’t the end—it can often be the beginning.

It’s called ghosting, according to the AARP, and every year, the estates of 2.5 million deceased individuals are victimized by this form of identity theft.

Ghosting is a form of digital grave robbing. Using the personal information of a deceased individual, a thief can do a lot of damage before the deceased’s family even notices something is amiss. This is because it can take six months for financial institutions and credit-reporting bureaus to receive, share, or register death records. And since the dead don’t monitor their own credit, and it’s likely their family isn’t monitoring it either, a thief often has an extended period of time to commit further fraud.

Most often, a thief will randomly choose a Social Security number (not a targeted attack), but often ghosting is a crime of opportunity. Nearly 800,000 of those 2.5 million victims each year represent targeted attacks.

Thieves can glean personal information from obituaries, hospitals and funeral homes—information like birth date, home address, and full name. And with those pieces of information, a thief may be able to purchase the deceased’s Social Security number illicitly online.

In many instances, thieves will use the information they’ve gained to file tax returns under the identity of the dead and collect refunds. In fact, in 2011, the IRS paid out $5.2 billion in fraudulent returns.

While surviving family members are not responsible for fraudulent charges and tax filings, a thief can leave quite a mess to untangle in a loved one’s estate.

PROTECT THE ESTATE
  • Don’t list specific birth dates, maiden name, or other personal identifiers in the obituary.
  • Don’t publish home addresses within the obituary. Thieves have even been known to plan home burglaries for the time of the funeral.
  • Use certified mail with “return receipt” to send copies of the death certificate to each credit reporting agency (Equifax, Experian, and TransUnion) and ask them to place a “deceased alert” on the credit report. Certificates should also be sent to banks, insurers, brokerages, credit card companies, and mortgage companies where the deceased held an account. For join accounts, request the deceased’s name be removed.
  • Report the death to Social Security by calling 1-800-772-1213
  • Contact the state department of motor vehicles to cancel their driver license (to prevent duplicates from being issues to a thief)
  • Monitor the deceased’s credit with AnnualCreditReport.com.  It’s free!
  • Let your loved one’s credit union or bank know as soon as possible! Kirtland FCU can help prevent a fraudster from calling in and doing business as a deceased individual if we’re aware of the passing.
In the midst of grief, protecting a loved one’s identity may be the last thing on a family’s mind. But adding these simple steps to the handling of an estate can help you avoid a lot of headaches and frustration.
 

Security Fraud

What do you picture when you think of a “money mule”?
 
Literal interpretations aside, a money mule is a person who is used to transfer and launder illegally acquired money or merchandise (i.e. stolen!) on behalf of or at the direction of another. If you’re a fan of the popular Orange Is The New Black series, you seen an up-close dramatization of a money mule scheme when the main character unwittingly carries drug money onto an international flight.
 
But unlike in the hit series, you don’t have to be in a foreign country to play a money mule role—in fact, you don’t ever have to meet the criminal in person. In this high-tech world, a cyber actor can enter through your computer and, with the right leverage, persuade you to act illegally on their behalf.
 
The FBI recently issued a warning about this particular brand of confidence/romance fraud. Through online dating sites, a criminal finds a mark and begins to build a relationship, to create trust. And leaning on that trust, the cyber actor convinces the mark to open accounts under the guise of sending or receiving funds. If the account is flagged by the financial institution, the cyber actor will either direct the victim to open a new account or choose a new mark and begin again.

In other situations, the fraudster claims to be a European citizen or an American living abroad. After a few months of developing trust, the actor will tell the victim about a lucrative business opportunity.
 
“There are investors willing to fund the project!” says the criminal. “But they need a U.S. bank account to receive funds, and you can help!”
 
The victim is asked to open a bank account or register a limited liability company in the victim’s name and then to receive and send money from that account to other accounts controlled by the fraudster.

Dating sites are popular fishing spots for victims due to the inherent emotional risks that a victim is willing to take. And this isn’t a small scam: in fact, in 2018, the IC3 (Internet Crime Complaint Center) received reports from 18,000 people who claimed to have become victims of confidence/romance fraud. The aggregate losses reached $362 million – an increase of more than 70 percent from 2017.

HOW TO PROTECT YOURSELF

The following are warning signs that you’re being targeted in a money mule scam:
  •  A false profile picture. Online dating sites require a profile picture, and most criminals do not use their own faces. You can check where else the image is being used online by running a reverse image check. A photo that appears on several other sites or is tied to older fraud scams is a big red flag. To run a search:  
    • Right click on the image and select “Search for image.”
    • Right click again and select “Save image as” to save the photo to your device.
    • Using a search engine, choose the small camera icon to upload the saved image into the search engine.
  • Inconsistent facts. Most dating sites, while monitoring account activity and investigating complaints, do not conduct background checks for registered accounts. Anyone using a dating site can misrepresent themselves. Grandiose stories, vague answers, and inconsistencies should not be ignored.
  • Immediate attempts to talk or chat outside of the dating site.
  • Claims that your meeting was “destiny” or “fate”. This kind of language could be classic grooming behavior.
  • Contact who claims to be currently living, working, or traveling abroad. This includes stories of military service.
  • A request is made for assistance with personal financial or shipping transactions. Criminals may also report a sudden personal crisis in an attempt to justify the request.
No matter the red flags you see, the FBI advises that you NEVER:
  • Send money to someone you meet online, especially by wire transfer.
  • Provide credit card numbers or bank account information without verifying the recipient’s identity.
  • Share your Social Security number or other personally identifiable information that can be used to access your accounts with someone who does not need to know this information.
WHAT IF YOU BECOME A VICTIM?

Do you suspect you’ve been targeted by a criminal for assistance with illegal activities?
 
If you think you’ve been scammed, there’s no reason to be embarrassed— this scam takes advantage of your trust and willingness to help. But it’s important to take steps to limit damage and make sure the scam is reported
  • Discontinue contact with the criminal and cease any requested activities.
  • Report the activity to the Internet Crime Complaint Center, your local FBI field office, or both. Contact IC3. Local FBI field offices can be found online.
  • Contact your financial institution immediately upon discovering any fraudulent or suspicious activity and direct them to stop or reverse the transactions.
  • Ask your financial institution to contact the corresponding financial institution where the fraudulent or suspicious transfer was sent.
  • Report the activity to the website where the contact was first initiated.
It can be difficult to say no to someone you trust. But knowing the signs of this scam and how to react can save you a lot of heartbreak

1234Next