The Ohio Bankers League is warning about a new identity theft scam that uses the telephone to steal personal account information. Voice phishing, also known as "vishing" or "voiching" uses voice response telephone systems to deceive consumers into revealing personal data. Consumers typically receive a recorded phone message asking them to input account information using their keypad or call their "bank" regarding a security breach on their account. The "bank" number given is to the scammers not the consumer's bank. Remember that banks do not request full account numbers, routing numbers or other personal financial information by telephone or email. If you are in doubt we encourage you not to respond but to hang up and call your bank.
Medicare Phone Scam
A Medicare phone scam has been reported in our area. Scammers are calling consumers presenting themselves as representatives of Medicare but they are simply trying to steal your personal and financial information. The scammers ask for your social security number and other personal information then proceed to ask for routing numbers and account numbers for banking information.
They are NOT calling for Medicare but are simply trying to steal your information. DO NOT give personal information to these callers. If you have any questions, hang up and call a published number for Medicare. If you have given any information to these scammers contact your bank or other financial institution for assistance.
Phishing Scam - ACH & Wire Fraud
The FDIC has seen a number of targeted phishing scams. They have issued an alert about attacks using phishing emails that claim your retail or commercial accounts have been suspended because of suspected ACH and wire fraud. These emails usually warn that your transactions have been suspended for security reasons then go on to say an attached document contains instructions to update your security. The FDIC warns the attachment likely unleashes malware to be installed on the recipient's PC. The FDIC warns all consumers, including retail and commercial, not to open these emails or the attachments and make sure your anti-virus software is up-to-date.
Email Scam - NACHA OR Electronic Payments Association
There have been reports of emails in our area that appear to be coming from NACHA. The emails warn that an electronic payment was rejected by the Electronic Payments Association. The email is not coming from NACHA, and NACHA would never contact a customer about any payments. Do not open the link or attachment, just delete the email. If you have opened the link or attachment you should run an antivirus scan or some other cleaning tool on your computer to see if it was infected with anything. You may find more information on the phony email at NACHA's legitimate website of www.nacha.org.
Fake VISA®/MasterCard® 'Security Incident' Notifications
Bogus emails purportedly sent by the VISA®/Mastercard® "Identity Theft Department" are targeting the cards' users by trying to convince them that a "security incident" has put their online banking and credit card credentials at risk. Unfortunately for those users who click a link included in the emails, the destination page is a phishing page. "Although the fake form is not hosted on a secure (https) site as all genuine online financial transactions would be, the scammers have made an attempt to make the process seem more authentic by providing a typical image based security code field," Hoax-Slayer reported. Users who enter the requested details will then be taken to further fake pages that request more financial and personal details. All information submitted on the bogus form will be sent to online criminals and used to make fraudulent transactions in the victim's name.
"USPS Delivery Problem" Spam Leads to Malware
Help Net Security reported on November 6th that fake emails seeming to come from the US Postal Service (USPS) telling customers that they have failed to deliver packages on time actually contain a downloadable trojan. Hoax-Slayer warned that the UPSP logo, delivery bar code, and shipping numbers make the spoofed notification look rather legitimate. However, the link that supposedly takes users to a printable shipping label with instructions to take it to the nearest "UPS" office will actually lead users to a compromised web site that will automatically download a file named Shipping_Label_USPS.zip. The file contains malware. At the time when the spam campaign was first spotted the Trojan had an extremely low detection rate.