internal revenue service "Stimulus refund" scam - march, 2010

Please be aware! The following fraudulent email has recently been received by many people, including some PGCCFCU members. The email comes with a form attached that requests banking account information in order to deposit your refund:

-----------------------------------------------------------------------------------------------
From: Internal Revenue Service [mailto:stimulusrefund@refdep.gov]
Sent: Sunday, March 07, 2010 11:06 AM
Subject: Very Important Note !

Dear Applicant:

After the last annual calculations of your fiscal activity we have determined that you are eligible to
receive a tax refund of $5480.23.
Please submit the tax refund request and allow us 3-6 days in order to process it.

A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.

Please submit the form attached to your email in order to complete your tax refund

Note: For security reasons, we will record your ip-address, the date and time.
Deliberate wrong inputs are criminally pursued and indicated.

Regards,
Internal Revenue Service

Copyright 2010, Internal Revenue Service U.S.A. All rights reserved.
-----------------------------------------------------------------------------------------------

sweepstakes check scam - february 17, 2010

Letters entitled "FINAL COMPENSATION NOTIFICATIONS" are being sent out on the letterhead of a company calling itself Alliance World Brokers, Inc.

The letter informs the recipient that they "are one of the winners of the CUSTOMERS COMPENSATION AND APPRECIATION BONANZA" - a prize of $100,000.

Accompanying the letter is a copy of a Prince Georges Community Federal Credit Union share withdrawal check in the amount of $3,950.00, "which is to assist you with paying the non-resident tax fee because you don't live in Canada." The letter further instructs the recipient to pay their $2,970.00 portion of the tax via MoneyGram or Western Union. After which the balance of your winnings ($96.050.00) will be sent to your via Federal Express.

Please be aware that this is a scam. The check and the award are fraudulent!

Click here to view a copy of the letter and the check

Don't Be A Victim of Smishing! - november 18, 2009

The holiday season is a popular time for scams. Recently non members and members of PGCFCU have been contacted by scam artists in “smishing” attacks through text messages.  In a smishing attack, members will receive a text message directing them to call a number regarding their federal credit union debit card. Once members respond, they are told there may be a possible fraud on the account and are asked to provide their card number and other personal information.

Remember, PGCFCU will never contact you through a text message requesting information about your accounts. We already have it!

Please contact PGCFCU immediately if you have received one of these texts.

mystery shopper Check Scam - november 16, 2009

Please be aware that we received a call this morning from a non member stating that she received a check with a Credit Union employee's signature and wanted to see if she could cash it at the Credit Union. According to the individual, she received this check as a mystery shopper promotion. These checks are fraudulent and will not be accepted.

If you have any questions or need assistance verifying the validity of these checks please contact us.

rejected ach transaction Scam - november 12, 2009

Random individuals and/or companies may have received a falsified e-mail with the subject title “Rejected ACH Transaction.”  This e-mail appears to be from NACHA – The Electronic Payments Association telling them that there is a problem with an ACH transaction they have originated.  The e-mail includes a link which redirects the individual to a fake web page which appears like the NACHA website and contains a link which is almost certainly an executable virus with malware. 

Please be aware that the e-mail did not originate from NACHA, the website is not that of NACHA’s. Do not click on the link in the email.

Sweepstakes Check Scam - October 9, 2009

Copies of Prince Georges Community Federal Credit Union share withdrawal checks have recently been involved in a sweepstakes scam.

• The address on the Check is our old address at 14446 Old Mill Rd.
• Recipients are instructed to cash the $3.960.00 check and wire $3,550.00 at Western Union to Canada Tax Department Attn: Jassica Curtis 16299 Yonja Street, Richmond Hill, Ontario, CA  L4C3E3

Please be aware. Click here to view a copy of the check.

Phone Scam Alert - August 27, 2009

DO NOT DIAL THE CALL BACK NUMBER PROVIDED OR THE NUMBER THAT IS ON YOUR CALLER ID...
large fees may apply.

We have had a few members call us stating that they received a phone call stating that their debit card has been compromised/deactivated.

Please be aware that this is not coming from our Fraud Detection service. Our Fraud Detection service only makes calls during 8am - 9pm and they will not ask for card numbers, they will only verify that transactions on your card are yours.

Do not provide any information if you receive a call/email or text concerning your PGCFCU accounts.

We are continuing to research this matter and will provide further information as soon as available. You can reach the call center at 301-627-2666 if you have received any suspicious calls or if you have any concerns.

Fraud Alert - August 14, 2009

Credit Union National Association (CUNA) is aware of phone calls, text messages, and emails being made about:

• Account De-activation
• Account Status Alert
• Changes to Terms and Conditions
• Irregular Activity

These e-mails and text messages ask that the customer call a number in order to have their account reactivated. Some may request that you leave callback information or provide your financial information directly. All of these messages are fraudulent. Please do not respond to these messages.

The Credit Union National Association is the trade association for credit unions in the US. CUNA does not maintain any type of customer/member financial information.

Additionally, your financial institution would never solicit your personal identification information via email. If you did respond to such a solicitation, you should contact your financial institution directly using the local phone number provided by your financial institution.

More Information on Internet Fraud        Report a suspicious email

Who's Calling? Recognize & Report Phone Fraud

Recognizing fraudulent callers is important; reporting them to the appropriate law enforcement authorities is critical, too. Visit the Bureau of Consumer Protection web site to learn more about how to protect yourself from phone fraud.

PGCFCU Internet/E-Mail Fraud Alert

PGCFCU wants to help you keep personal information safe.
PGCFCU is committed to keeping the personal information of our member secure. Because of the increasingly prevalent threats of identity theft, PGCFCU has taken security measures to provide accurate and through information to prevent the members from becoming victims.

Criminals have developed several clever tools to steal your personal information over the internet. Below are helpful general tips and keywords that will aid you in safeguarding your personal information and computer from identity thieves, phishing and scams.

What is e-mail fraud?
Fake e-mail messages sent to you for the purpose of obtaining personal and financial information are some of the most common e-mail fraud messages received by Internet users today. These fraudulent e-mails are called phishing.

Phishing e-mails are made to appear that they are from a legitimate company, typically a financial services organization, like a bank, credit union, or investment brokerage. Others state to be from other organizations that perform financial transactions using personal data; the most common of these claims to be from companies like PayPal, eBay, and America Online (AOL).

The phishing e-mails typically inform you that account information needs to be updated and that action must be taken immediately. The information they ask for ranges from user name and password all the way to name, address, and credit card information, depending on which legitimate company they are posing as.

How to recognize e-mail fraud.
Identifying phishing e-mails is not always easy as criminals are becoming more adept at learning from their past mistakes. However, there are generally certain clues that will give away a phishing e-mail, and the associated fake web page, that you can use when you are in doubt about the integrity of an e-mail message.

Companies with which you have no prior relation.
We all get e-mail messages from companies with whom we've never done business, that's just marketing, but you shouldn't get messages from those companies asking you to update account information, provide personal data, or otherwise imply an existing relationship. This should be your first clue that something isn't right with this e-mail message.

Generic message
These criminals typically do not know who you are; they just have your email address. They tend to either use no salutation at all, or will use phrases like Dear Customer.

The criminals can get your e-mail address many ways, but the most common is through viruses and worms planted on other users' computers. The viruses gather e-mail information from the address book of infected computer's e-mail client (like Outlook or Messenger) and report this back to the criminals. The viruses typically infect tens, if not hundreds, of thousands of computers at one time so given the size of most people's address books, the criminals can build a list pretty quickly. If you're on someone's address book and their computer is infected, the criminals can get your e-mail address.

Requests for personal or secure information.
This is what they are after. They'll indicate that you need to provide your user name and password or credit card number because they have lost it, are ensuring all of their customers are legitimate, or state that they are addressing a security breach and need you to "re-confirm" your information.

Where can you see samples of phishing e-mails?
A non-profit organization called the Anti-Phishing Working Group hosts a web site full of information about phishing as well as samples of select reported phishing e-mails in their Phishing Archive at www.antiphishing.org.

Which companies are most often spoofed in phishing e-mails?
According to the Anti-Phishing Working Group's web site, the most often US-based companies whose names are used by criminals for phishing e-mails include PayPal, eBay, Wells Fargo, Citibank, MSN, and US Bank. This doesn't mean that all communications from these companies should be treated suspiciously, but that the criminals know that these companies have many customers and their chances of finding a customer of one of these companies from the e-mail addresses they have harvested are much greater than if they posed as a smaller company.

What should you do if you receive a phishing e-mail?
First, do not respond to it either by hitting the "Reply" button or by clicking the links. The sender's address is usually fake, so responding that way won't do anything for you, and in the worst case could let the criminals know they have a valid e-mail address they can use for further activity. Clicking through the links will only take you to the phisher's fake web site where they may be able to download spyware and malware onto your computer.

If you want to take some course of action, report the phishing e-mail to the legitimate company or organization that has been spoofed in the e-mail. Most have online mechanisms, either forms or e-mail addresses, where you can communicate this to them. Legitimate companies generally post their phone number, usually a toll-free number; on their web site should you decide to call them instead.

You can also file a complaint with the Internet Fraud Complaint Center at www.ifccfbi.gov. They will probably not be able to address your specific incident, but by providing information to them they can warn others and investigate the crime.

Where can you find more information about phishing?

• Federal Bureau of Investigation: www.fbi.gov
• Federal Deposit Insurance Corporation: www.fdic.gov
• Federal Trade Commission: www.ftc.gov
• Internet Fraud Complaint Center: www.ifccfbi.gov
• National Credit Union Administration: www.ncua.gov
• US Cert (an agency of the Department of Homeland Security): www.us-cert.gov
• Anti-Phishing Working Group: www.antiphishing.org
• Microsoft Corporation: www.microsoft.com
• Privacy Rights Clearinghouse: www.privacyrights.org

Alert
Recently, there have been multiple e-mail fraud attempts, known as "Phishing”, that were initiated via e-mail sent to both the general public and to some credit union members that appeared to be from NCUA. This false e-mail asked for the recipient to click on a link to verify their credit union account registration. If the recipient proceeded to do so, the link directed them to a false website and asked for their credit union account number and PIN, along with other personal information.

NCUA does not ask credit unions members for such personal information. Anyone who receives an e-mail that purports to be from NCUA and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.

PGCFCU will never contact you though email or over the phone to verify account information. If you are solicited for confidential information in this manner do not give out your personal account information.

If you responded to such an e-mail and provided any confidential account information pertaining to your PGCFCU account, please notify PGCFCU immediately at 301-627-2666 or 1-800-952-7428. You will be instructed by one of our staff as to the appropriate course of action to be taken, depending upon what information was provided to the scam, which may include anything from changing your PIN to possibly closing any compromised share accounts.