Holston Methodist Federal Credit Union, Where PEOPLE are worth more than money.
search
Personal Business About Us
Access Center
CU@Home: Login to your online account >
underhot
Home
About Us
Become a Member
Calendar of Events
CU Movement
Deposit Instructions
Employment
Fee Schedule
Notices & Disclosures
Privacy Policy
Scholarship Information
What's New
What's New

"Smishing” Scam Targets Credit Unions via Text Messaging

Credit unions across the country are reporting that their member’s are receiving unsolicited text messages. It’s an attempt at Smishing, the latest form of phishing. In Smishing, an e-mail tries to lure a recipient into giving personal information via SMS, the communications protocol used to send text messages to a wireless device. The recent scam is targeting credit union and other financial institution members. In smishing, the members receive a text message via cell phone warning that their bank account has been closed due to suspicious activity. It then tells them they need to call a certain phone number to reactivate the account.Unsuspecting callers who dial the number provided in the text message will be taken to an automated voice mail box that prompts them to key in their credit card or debit card number, expiration date, and PIN to verify their information.
If you have a question concerning your account or credit/debit card, contact Holston Methodist FCU using a telephone number obtained independently, such as the phone number from your statement, a telephone book, or other independent means.

What is Phishing?

Most likely you've seen them: email messages asking you to verify personal information over the Internet. The scam, popularly called 'phishing,' involves the use of replicas of existing Web pages to try to deceive you into entering personal, financial or password data. Often suspects use urgency or scare tactics, such as threats to close accounts. We here at Holston Methodist FCU will never ask you via email to verify account information. We will never use email to threaten account closure. Please know this, as one defense against phishing. Other safeguards to help protect you from phishing scams:
  • Be suspicious of any email messages that claim to be from us that use an urgent or scare-tactic tone.
  • Do not respond to email messages asking you to verify personal information.
  • Delete suspicious email messages without opening them. If you do open a suspicious email message, do not open any attachments or click any links.
  • Install and regularly update virus protection software.
  • Keep your computer operating system and Web browser current.
 

What is Pharming?

The scam popularly known as 'phishing' - email messages trying to deceive you into surrendering personal information over the Internet - today is well known. Competing with it more and more for headlines is a newer scam: pharming. 

Holston Methodist FCU wants to take a moment to offer you information about pharming, in our ongoing effort to keep our members informed about issues that could impact their online banking experience.

Phishing requires victims to voluntarily visit a criminal's website; pharming simply redirects victims to fraudulent websites without assistance. Pharming subverts a basic service of the Internet known as the 'Domain Name Service,' or 'DNS.' Each machine connected to the Internet knows the location of one or more DNS servers. This service translates a human-friendly URL name such as www.cucf.org into an IP address, which is a unique number that has been assigned to each web server on the Internet.

To execute pharming, suspects first must gain access to the DNS server used by many people, such as the server of an ISP. Once accessed, the suspect will replace the IP number for the financial institution's URL with the IP number of his or her fraudulent website. When this occurs, any person using that DNS server will be redirected, silently, to the fraudulent website.

The good news is pharming requires either an unpatched software/server vulnerability to exist on the DNS server itself, or the criminal needs an insider at the ISP or financial institution to make unauthorized DNS server changes. This is rare.

Please be assured that Holston Methodist FCUmanages and updates its DNS server's software to maintain a high level of security. We maintain the highest standards; our customers are protected from pharming that would result from a compromise of our DNS server.


How to Report Identity Theft

Holston Methodist FCU wants to offer you something we hope you never have to use. This article offers information about what to do if you become a victim of a phishing scam or identity theft.

Phishing, of course, involves the use of replicas of existing Web pages to try to deceive you into entering personal, financial or password data. HMFCU recommends that you never respond to email messages asking you to verify personal information. But accidents happen, and the following information could be useful if you've been scammed.

If you have given out your credit, debit or ATM card information:
  • Report the incident to the card issuer immediately.
  • Cancel your account and open a new one.
  • Review billing statements carefully after the incident.
  • If the statements show unauthorized charges, send a letter to the
    card issuer via regular mail (keep a copy) describing each questionable charge.
Credit Card Loss or Fraudulent Charges
Your maximum liability under federal law for unauthorized use of your credit card is $50 (policies vary). If the loss involves your credit card number, but not the card itself, you have no liability for unauthorized use; in general, you may only be liable for a very small amount but always check with your individual card company for their exact policy.
Your liability depends on how quickly the loss is reported. You risk unlimited loss by failing to report an unauthorized transfer within 60 days after your bank statement containing unauthorized use is mailed to you.
If you have given out your bank account information:
  • Report the theft to the bank as quickly as possible.
  • Cancel your account and open a new one.
If you have downloaded a virus or 'Trojan Horse':
  • Some phishing attacks use viruses and/or a 'Trojan Horse' to install programs called "key loggers" on your computer. These programs capture and distribute any information you type to the phisher, including credit card numbers, usernames and passwords, Social Security Numbers, etc.
  • If this occurs, you likely may not be aware.
  • To minimize this risk, you should:
    • Install and/or update anti-virus and personal firewall software.
    • Update all virus definitions and run a full scan.
    • If your system still appears compromised, fix it and then change your password again.
Check your other accounts - suspects may have accessed different accounts:
eBay account, PayPal, your email ISP, online bank accounts, and other e-commerce accounts.
If you have given out your personal identification information:
Identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes. If you have given this information to a phisher, you should do the following:
  • Report the theft to the three major credit-reporting agencies, Experian, Equifax and TransUnion Corporation, and do the following:
    • Request that they place a fraud alert and a victim's statement in your file.
    • Request a FREE copy of your credit report to check whether any accounts were opened without your consent.
    • Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft.
Identify Theft Resources:
www.consumer.gov/idtheft/
www.identity-theft-help.us/
www.identitytheft.org/
www.usdoj.gov/criminal/fraud/idtheft.html
www.ifccfbi.gov/index.asp
www.ftc.gov/bcp/menu-internet.htm
Notify your financial institution(s) and ask them to flag your account and contact you regarding any unusual activity:

Beware of Bogus IRS Phishing Scam
MADISON, Wis. (3/3/09)--A bogus e-mail that appears to be from the Internal Revenue Service (IRS) is making the rounds. It tells recipients they are about to be audited or are due a big refund. The Delaware Credit Union League is alerting its member credit unions about the scam.
The e-mail uses the IRS logo at the top, but the message is phony (MSNBC.com via Delaware Credit Union League Risk Alert March 2).
The scammers want consumers to click on a link in the e-mail that takes the recipient to the scammers' website--which looks identical to the IRS site.
The bogus site contains a form that asks for Social Security number, birth date, mother's maiden name, credit card information and an ATM card personal identification number.
With this information, scammers could charge items to consumers' credit cards and drain their bank and credit union accounts. The Social Security numbers could be used to access medical records and financial accounts, and even assume the consumer's identity.
The IRS will never send taxpayers an e-mail if it has to do with their account or private information. An unsolicited e-mail that purports to be from the IRS is bogus. Don't click on links or open attachments. Delete the e-mail.
 

CREDIT BUREAUS
Equifax:

www.equifax.com

1-800-685-1111
Experian:

www.experian.com

1-888-EXPERIAN (397-3742)
TransUnion:

www.transunion.com

1-800-916-8800


[ Home | Personal | Business | About Us ]
Privacy Policy Notices, Terms, and Conditions | Design & Hosting by Harland Financial Solutions, Inc.
Browser Requirements | Copyright © Harland Financial Solutions, Inc. All Rights Reserved.
Twitter Find Us on Facebook
CU@Home : Login to your online account > Bill Pay : Pay your bills online > e-Statements : Go Green! Sign up today > Sign Up for e-News : Stay informed and go green! eZCard Info > ScoreCard Rewards