The Looks Too Good To Be True.com website was built to educate you, the consumer, and help prevent you from becoming a victim of an Internat fraud scheme.

The website was developed and is maintained by a joint federal law enforcement and industry task force. Funding for the site has been provided by the United States Postal Inspection Service and the Federal Bureau of Investigation. Key partners include the National White Collar Crime Center, Monster.com, Target and members of the Merchants Risk Council.

Here’s how phishing works:

You’ll receive an e-mail that appears to come from a reputable company like a financial institution or government agency, including one of the federal financial regulatory agencies.

The e-mail will warn you of a serious problem that requires immediate attention. It may use phrases such as, “Immediate attention required,” or “Please contact us immediately about your account.” It will then encourage you to click on a button to go to the institution’s Web site. You could be redirected to a phony site that looks exactly like the real thing. Maybe, it’s the company’s actual Web site, but a pop-up window appears to harvest the information.

You may be asked to update your account information, or provide information for verification purposes, such as your Social Security number, account number, password, your mother’s maiden name or your place of birth.

How to protect yourself:

1. Never provide your personal information in response to an unsolicited request whether over the phone or the Internet.
2. Never click on the link provided in an e-mail you believe is fraudulent.
3. If you believe the contact may be legitimate, contact the financial institution yourself. The key is that you should be the one to initiate the contact using contact information you have verified.
4. Never provide your password over the phone or in response to an unsolicited Internet request. (Do not be intimidated by an e-mail or caller who suggests dire consequences if you do not immediately provide or verify financial information.)
5. Review account statements regularly to ensure all charges are correct.
6. If you fall victim to an attack, act immediately. Alert your financial institution. Place fraud alerts on your credit files with the three major credit bureaus (Equifax—800-525-6285, Experian—888-397-3742, TranUnion—
   800-680-7289). Monitor your credit files and account statements closely.

REMEMBER: CFCU already has your personal information on file. We do not need and will not ask for it!

New Fraud Alert from NCUA — Vishing!

The NCUA has warned numerous times about "phishing" scams in which crooks send e-mails claiming to be from legitimate financial institutions, companies, or government agencies asking consumers to "verify" or "re-submit" confidential information such as bank account and credit card numbers, Social Security Numbers, passwords, and personal identification numbers. A variant on that approach using telephone systems, vishing, is increasingly being used to obtain this information from unwary consumers.

Consumers are becoming more aware that an e-mail they receive containing a link or other contact information could be malicious in nature. So criminals are moving away from primarily using email as a method to gain confidential information to using methods victims are more familiar with, like calling a number.

In essence, vishing is the criminal practice of using social engineering and Voice over Internet Protocol (VoIP) telephony to gain access to private personal and financial information from the public for the purpose of financial reward. The term vishing is a combination of "voice" and phishing. Vishing exploits the public’s trust in landline telephone services, which have traditionally terminated in physical locations, are known to the telephone company, and are associated with a bill-payer. The victim is often unaware that VoIP allows for caller ID spoofing thus providing anonymity for the criminal caller. Vishing is attractive to criminals because VoIP service is fairly inexpensive, especially for long distance, making it cheap to make fake calls. In addition, because it’s web-based, criminals can use software programs to create phony automated customer call center service lines.

An example of a vishing scam is when a consumer receives a recorded message telling them that their credit card and/or financial institution account has been breached and to immediately call a number provided in the recorded message. The phone number provided in the message leads the consumer to a “fraudulent call center” established by the perpetrator of the fraud. The perpetrator then attempts to obtain confidential account information and login credentials in order to access the account. A twist on this scam is when the recorded message provides the address of a fraudulent website for the consumer to access (instead of a telephone number) and to provide certain information to reinstate the supposedly affected account(s).

Vishing is very hard for authorities to monitor or trace. To protect themselves, consumers are advised to be highly suspicious when receiving messages (telephone, email, or otherwise) directing them to call and provide personal, confidential, and/or account related information. Rather than provide any information, the consumer should contact their financial institution or credit card company directly to verify the validity of the message using contact information they already have in their possession (i.e., do not use contact information provided in the suspicious message).

New Fraud Alert from NCUA - Text Messages

Beware of unsolicited text messages sent to your cell phone urging you to call the number provided for information about account discrepancies. The goal of these messages is to obtain your personal information for fraudulent purposes. Remember, you should never give out any information in response to any unsolicited e-mail, phone call or text message.

NCUA will continue to follow these issues and provide you with additional information as warranted.