JFCU logo

Security Alerts


error_outline Justice Federal will never call and ask for a Member’s personal and online banking credentials under any circumstances.


Covid-19 Related Cyber Scams

error_outline FBI Sees Rise in Fraud Schemes Related to the Coronavirus (COVID-19) Pandemic

Scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both. Don’t let them. Protect yourself and do your research before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding campaign; purchasing products online; or giving up your personal information in order to receive money or other benefits. The FBI advises you to be on the lookout for the following:

Fake CDC Emails. Watch out for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations claiming to offer information on the virus. Do not click links or open attachments you do not recognize. Fraudsters can use links in emails to deliver malware to your computer to steal personal information or to lock your computer and demand payment. Be wary of websites and apps claiming to track COVID-19 cases worldwide. Criminals are using malicious websites to infect and lock devices until payment is received.

Phishing Emails. Look out for phishing emails asking you to verify your personal information in order to receive an economic stimulus check from the government. While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information in order to send you money. Phishing emails may also claim to be related to:
• Charitable contributions
• General financial relief
• Airline carrier refunds
• Fake cures and vaccines
• Fake testing kits


READ FULL PRESS RELEASE

We advise Members to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19) that are on the rise. Scammers may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.

What to Do

Visit official government websites for the most accurate information.
Center for Disease Control: https://www.cdc.gov/coronavirus/2019-ncov/index.html
Virginia Department of Health: http://www.vdh.virginia.gov/coronavirus/

We recommend that you always be vigilant when online to avoid Phishing and Social Engineering Scams. Please see the following guidelines issued by the U.S. Department of Homeland Security, Cyber Infrastructure (CISA) on digital wellbeing.


Articles

8 Signs of Phone Tracking You Should Look Out For  LEARN MORE

Scams and Your Small Business: A Guide for Business  LEARN MORE

What are some common types of scams?  LEARN MORE

9 Ways to Identify a Phishing Website  LEARN MORE

What Is the Booking.com Scam and How Can You Avoid It?  LEARN MORE

Deep vs. Dark Web: What's the Difference and Which Is Most Dangerous?  LEARN MORE

Oregon & Washington CUs Warn of Imposter Text Scam Uptick  LEARN MORE

PayPal Scams are Increasingly Common: How to Detect Phishing Scams  LEARN MORE

PayPal Scams: Report Fake Communications  LEARN MORE

Best Buy scam alert! People are pretending to be members of the Geek Squad. How to spot it.  LEARN MORE

‘Pig-Butchering Scams’: What Are They And How Do You Protect Yourself? LEARN MORE

4 Reasons Why You Should Hover Over Links Before Clicking LEARN MORE

Cases of check fraud escalate dramatically, with Americans warned not to mail checks if possible LEARN MORE

Romance scams occur when a criminal adopts a fake online identity to gain a victim’s affection and trust. LEARN MORE


How Utility Scams Work: someone calls claiming to be from your gas, water, or electric company. They say your service will be cut off if you don’t pay them immediately. This is a scam. LEARN MORE

How To Spot, Avoid, and Report Tech Support Scams  LEARN MORE

Watch Out for ‘Grandparent’ Scams  LEARN MORE

Online Shopping Scams  LEARN MORE

Four steps you can take if you think your credit or debit card data was hacked  LEARN MORE

Scams Targeting Taxpayers  LEARN MORE

Jim Stickley: QR codes can be used to steal your passwords and credit card data WATCH VIDEO

Website Cookies and Online Privacy   WHAT IS A WEBSITE COOKIE    TYPES OF BROWSER COOKIES

If a Former FBI/CIA Director Can Be Targeted, So Can You — FBI LEARN MORE

How to Avoid Student Loan Forgiveness Scams LEARN MORE

How to Check Whether Your Computer Has Malware LEARN MORE

PayPal Phishing Scam Uses Invoices Sent Via PayPal LEARN MORE

The 8 Most Common Tricks Used to Hack Passwords LEARN MORE

FBI Fraud Alert: If you can answer "Yes" to any of the following questions, you could be involved in a fraud or about to be scammed! LEARN MORE

Using Caution with Email Attachments https://www.us-cert.gov/ncas/tips/ST04-010

Avoiding Social Engineering and Phishing Attacks https://www.us-cert.gov/ncas/tips/ST04-014

CBS NEWS: How to avoid coronavirus treatment scams WATCH VIDEO

COVID-19: Scammers are seeing this as an unprecedented opportunity to take advantage of consumers https://www.justice.gov/coronavirus/combattingfraud

ABC7 NEWS: Social Security scam: FBI, BBB warn of government imposter phone calls WATCH VIDEO




Security Alerts

ALERT! Online Maryland Unemployment Insurance claims may only be filed on mdunemployment.com on the Maryland Department of Labor website.

Why are we telling you this? Because there's something phishy going on.


LEARN MORE

Elder Fraud: Each year, millions of elderly Americans fall victim to some type of financial fraud or confidence scheme, including romance, lottery, and sweepstakes scams, to name a few.

LEARN MORE

HOUSTON, TX—“If it can happen to me, it can happen to you,” warns former FBI and CIA Director William Webster in a video message that urges older people and their loved ones to be wary of elder fraud schemes.

WATCH VIDEO

The primary purpose behind this observation is to raise awareness about the importance of cybersecurity. All employees have the foremost responsibility to protect the sensitive information of our members and, every one of us has a role to play to keep bad actors from breaching our systems.

More than 90% of the Cybersecurity breaches takes place due to social engineering. Social engineering is the act of exploiting human weaknesses to gain access to personal information and protected systems.

• Social Engineering takes place when a bad actor sends spam and/or phishing emails or leaves a voicemail to employees answering machine.
• Phishing Attacks occur when victims are tricked into providing confidential information by clicking on a link or an attachment in an email.
• Vishing Attacks happen when a bad actor leaves an urgent and official sounding voicemail to convince victims to act quickly or suffer severe consequences.

If you are not expecting an email from a sender, either delete that email or forward it to IT Administrator for review. When in doubt, call the sender and verify if they sent an email to you. Please review the attached document carefully to understand the red flags to identify a spam or a phishing email.

READ GUIDE

Is that text message about your FedEx package really a scam? You may be skeptical when someone you don’t know sends you a text message you didn’t expect and it tells you to click on a link.

LEARN MORE

Home User Online Banking Attacks: Jim Stickley, CEO of Stickley Security on an uptick in online banking attacks and tips to prevent them.

WATCH VIDEO

Many security-conscious people probably think they'd never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here's how one security and the tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse.

READ MORE

Never provide your online or mobile banking login to an outsider to deposit a check. THAT'S A SCAM! Remote Deposit is a simple and convenient way to deposit a check without having to visit a branch or ATM. Unfortunately, it also presents an opportunity for fraudsters looking to scam you out of your hard earned money.

NEVER give out your personal information to strangers. If you are ever offered money in exchange for your personal information, it's likely a scam.

How The Scam Works

A fraudster will find their victim through social media, email, or even through a post or ad on a site like Craig’s List. They will pose as an employer, or organization offering you a chance to earn or win some quick money. All you have to do is provide them with some information so that they can deposit a check to your account. They may even ask for the login and password for your online or mobile banking account.

Once they have your personal banking information, they will remote deposit a fake check into your account. Once the deposit has been made, they will ask you to send some money back to them via money order, person to person transfer, wire transfer, reloadable cards or even gift cards. By the time you realize the check is fake, it's too late, the funds were removed from your account by the scammer.

How To Protect Yourself

You can avoid falling victim to this type of fraud by following these simple tips:
navigate_next NEVER give out your personal information to strangers. This includes information like online/mobile banking logins, account numbers, PINs, or social security numbers.
navigate_next If you are ever offered money in exchange for your personal information, it's likely a scam.
navigate_next If someone ever sends you a check or a remote deposit and then asks you to send money back, it's likely a scam.
navigate_next Check your online/mobile banking statements regularly for signs of fraud. If you notice any strange or unfamiliar activity on your accounts, report it to us immediately.

What Are Money Mules?

A money mule is a person who transfers illegally acquired funds at the direction of a third party. Money mules generally receive a commission, in either a flat fee or percentage, for moving the money. In the most common type of money mule scheme, the criminal first deposits money into the mule’s bank account. The mule is then directed to transfer the money to another account or to withdraw the money in cash and deliver it to another party. The goal is to obscure the illegal origin of the money.

Types of Money Mules

The FBI classifies money mules into three types:
• Complicit mules — these individuals know that they are money mules and are complicit in the underlying criminal scheme. They might regularly open bank accounts at different financial institutions, openly advertise their services, and recruit other mules.
• Witting mules — these are people who disregard the warning signs that they are involved in illegal activities. They might have received and ignored previous warnings from bank personnel. Many witting mules began as unwitting mules.
• Unwitting mules — these individuals do not know that they are involved in a criminal scheme. They might genuinely believe that their activities are helping someone (e.g., their employer, an acquaintance, or their romantic partner). Unwitting mules are typically recruited as part of a scam.

How Unwitting Mules Are Recruited

Many unwitting mules are recruited through job offers with promises of easy money or instant cash. In such cases, the potential mule may be asked to open a bank account, a cryptocurrency wallet, or a business in their name. The initial communication may be an unsolicited email or instant message, a pop-up ad, or a job posting on social media, an online forum, or a job website.

Another common recruiting tool is the romance scam. In a romance scam, a criminal adopts a false online identity to gain a victim’s trust and affection. The criminal then convinces the victim to receive deposits and transfer funds through the victim’s financial accounts. Unwitting mules may also be recruited through extortion or investment schemes.

While anyone can be recruited as a money mule, the most targeted groups include college students, the unemployed, newly immigrated individuals, and the elderly.

How to Avoid Becoming an Unwitting Mule

To avoid becoming an unwitting money mule, look for the following red flags:
• Any request to move money through your bank account in exchange for payment
• A job offer that asks you to receive company funds into your personal account, or asks you to open a new bank account
• An employer that claims to be an overseas company seeking a local agent or representative (often to avoid high transaction fees or local taxes)
• Any job posting that involves transferring money
• A job posting that is poorly written, vague, does not describe the job duties or does not include education and experience requirements
• An acquaintance or romantic partner who asks you to receive or transfer funds
Money mules can be charged with serious crimes that include substantial fines and long prison sentences. Therefore, any request to accept or transfer funds should be treated with great suspicion.

PUBLIC SERVICE ANNOUNCEMENT

Better Business Bureau® Offers the Following Advice When Looking for a Personal Loan:
navigate_next Be careful where you put your information. Beware of applying for online loans through unfamiliar businesses or websites. Many of these online application sites are run by scammers or by people who sell your information to scammers.
navigate_next Don’t pay advance fees. Understand that any business operating by phone and charging insurance or other fees in advance of making a loan is operating illegally.
navigate_next Verify the address. Do not do business with anyone who cannot give you an address that you can confirm as legitimate.
navigate_next Read the contract. Read any contract carefully and make sure you understand all requirements before entering into any agreement.
navigate_next Don’t get tricked by “official-looking.” Official-looking loan documents and sophisticated looking websites are easy to copy or fake. Just because a business appears legitimate, doesn’t mean it is.
navigate_next Do your research. Find an Accredited Business using BBB’s Member Pages, and check out the company’s BBB Business Review before purchasing anything from a website.

Read the full article at www.bbb.org

Not What It's Cracked Up To Be

It may seem innocent, you see a post on a social media site announcing a contest, or, maybe a webpage that claims to have a celebrity affiliation is offering a gift card giveaway. The variations are endless, but here’s the tip-off that fraud is afoot. At some point, you’re asked for your bank account information, PIN number, or online banking credential. That’s when you can bank on the fact that those “innocent” offers aren’t what they’re cracked up to be, instead you stumbled upon a scam called “card cracking.”

How does the scam work?
Once card crackers have access to your account, they deposit multiple checks – usually remotely – and then make quick ATM or money order withdrawals. The goal is to get the cash in hand before the bank figures out the checks are phony.

That form of card cracking works like other scams involving the unauthorized use of your account data. You turn over your information for one purpose only to find out that scammers have used it for their own benefit.

But, that’s not the only kind of card cracking. In other variations, people respond to a text, video, or social media post promising fast cash or even explicitly promoting card cracking as an easy way to pay the bills. The account holder – often a student – will hand over their debit card number, PIN, or password and allow checks to be run through their account. In exchange, scammers will offer them a small piece of the action. The account holder may try to rationalize it as just a shady way to game the system, however, no legitimate business deposits checks that way. What’s really going on is fraud and account holders who cooperate with card crackers have stepped in the middle of it.

The scammers hope the payments are enough to keep the account holder from asking too many questions, but the question people should be asking is whether it’s worth the risk of involving themselves in criminal activity. Thanks to an ongoing card cracking crackdown, suspects are facing indictments, and people who let their accounts be used may be on the hook for the losses.

That’s not the only risk.
Scammers have been known to help themselves to funds legitimately in the account – tuition money or a paycheck, perhaps – or to go on a shopping spree with the person’s debit card. If the account holder was in cahoots with the card cracker, it’s tougher to argue that the transactions were entirely unauthorized.

If you are heading off to school or joining the work force and opening your first bank account, involvement in a scam like card cracking can threaten your financial future.

One tip that bears repeating:
No above-board contest, social media promotion, or job opportunity requires you to hand over your bank cards, PIN numbers, or online banking credentials. Never give anyone a crack at your account.

Source: Lesley Fair, Attorney, Division of Consumer & Business Education, Federal Trade Commission. To learn more, visit https://www.consumer.ftc.gov/blog/2015/07/card-cracking-not-what-its-cracked-be

Attorney General Focuses on Threats Posed by Technical-Support Fraud
Attorney General William P. Barr and multiple law enforcement partners today announced the largest coordinated sweep of elder fraud cases in history, surpassing last year’s nationwide sweep. The cases during this sweep involved more than 260 defendants from around the globe who victimized more than two million Americans, most of them elderly.

Read the entire press release at www.justice.gov

Did someone send you a check and ask you to send some money back? THAT'S A SCAM!
A fake check scam usually begins with someone sending you payment in the form of a check for any number of reasons. It could be payment for selling something online, phony prize money, or even payment for a job or service provided. The problem is, they send you too much money, and ask you to wire or transfer some back. By the time you or your financial institution realizes the check is fake, it's too late. The scammer already has the money you sent, and you’re stuck paying the rest of the check back to your financial institution.

Don’t fall for this scam. Learn more about the Anatomy of A Fake Check Scam at www.consumer.ftc.gov

Protect Your Money

The Fraud Research Center estimates that Americans lose $40-$50 Billion dollars to fraud every single year, and up to 17% of the adult population falls victim to some form of financial fraud in a given year.

Most of us believe that we’re too smart to fall prey to financial fraud, but successful fraudsters trick smart people out of their money by offering incentives that are just good enough to be true.

In fact, the typical investment fraud victim isn’t who you would think― wealthy, risk-taking and educated males were ranked most likely to fall victim to investment fraud and scams in a recent study conducted by the Fraud Research Center.

A key takeaway is that when it comes to investing, it pays to do research.

How to Spot an Investment Scam in 6 Steps

Financial fraudsters use sophisticated and effective tactics to get people to part with their money.

Here are six steps you can take to help you spot an investment scam.

1. Verify credentials. Don't fall for a fancy title or other trappings of success. Fraudsters hope that if they look successful, you won't bother checking their credentials. Investment professionals must register with FINRA, the Securities and Exchange Commission or your state securities or insurance regulator. You can use FINRA BrokerCheck, a free online tool to get information on brokers and investment advisers.

2. Don't chase "phantom riches." Be skeptical of investment pitches that guarantee a certain return or promise spectacular profits. They are what fraud-fighters call "phantom riches" that you will never see. No salesperson can make those kinds of promises. The reality is that every investment involves risk.

3. Ignore the "everyone is doing it" story. Don't believe claims that "everyone" is in on the deal. Be wary of a sales pitch that focuses on how many people are investing, without telling you why the investment is sound. Remember, affinity frauds are scams that prey upon members of the same social circle, religious group or ethnic background.

4. Refuse to be rushed. If the salesperson tells you that the offer is for a limited time only, or that investment opportunities are limited, consider it a red flag. A legitimate investment will still be there tomorrow.

5. Never feel obligated. Don’t borrow to invest. Don't invest because the seller gives you something for free. Salespeople count on those freebies to guilt you into buying what they are selling.

6. Arm yourself with information. Learn to spot the red flags of investment fraud so you can protect yourself and your loved ones from personal losses.

Investor protection is an integral part of the Financial Industry Regulatory Authority’s (FINRA) mission. Unfortunately, far too many investors fall victim to Ponzi schemes, pump-and-dump scams and other types of investment fraud. The good news is that fraud and the growing threat of identity theft can often be avoided.

FINRA will help you spot the red flags of fraud and identity theft, and avoid the persuasion tactics of fraudsters. It’s also vital to know the right questions to ask about investments and the people who pitch them—and where to go to verify the answers. After all, it’s your money—learn how to protect it.

To learn more, visit the Financial Industry Regulatory Authority (FINRA) website at http://www.finra.org/investors/protect-your-money