Here's the IMPORTANT part on how the scam works. The caller then says, "I need to verify you are in possession of your card". He'll ask you to "turn your card over and look for some numbers. There are 7 numbers, the first 4 are part of your card number, the next 3 are the security numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card.

The caller will ask you to read the 3 numbers to him. After you tell the caller the 3 numbers, he'll say, "That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?" After you say No, the caller then thanks you and states, "Don't hesitate to call back if you do", and hangs up.

You actually say very little, and they never ask for or tell you the Card number. But, now the caller has everything necessary to make a purchase on your account.

The real VISA will never ask for anything on the card.

Telephone Phishing

Credit union members are receiving VoIP scam calls that are automated and insistent that the cardholder call a toll free number to update important financial information. Once the toll free number is dialed an automated phone system asks for the card number, PIN and expiration date. VoIP lines are telephone systems that utilize the internet instead of traditional telephone land lines to deliver communication services. The low cost of VoIP lines and relative ease with which they are obtained have led Phishers to quickly adopt this evolving technology to attack consumers on an entirely new level.

Loss Prevention Recommendations: 

• Do not to respond to any email or phone call that directs you to update your personal information by dialing a telephone number.
• Please report VoIP attacks to your local federal law enforcement agency. Most agencies now have cyber threat units that are well-versed in investigating these claims.
• Please remember, we will never solicit personal/private information via e-mail.

A New Phishing eMail with Malicious Code
The FDIC has received reports by businesses and consumers of a phishing e-mail that has the appearance of being sent from the FDIC. This phishing e-mail, similar to that sent on September 29th, appears to be from the FDIC and ask recipients to click on a hyperlink. However, this is a new variation that includes a new and more dangerous hyperlink. When accessed, the hyperlink downloads an executable file to your computer . 

Spoofed Caller ID is Phone Industry's Version of Phishing
Calling all caller-ID users: Don't be too sure that the number on your screen is legitimate. Identity thieves have figured out a way to manipulate the caller ID technology to masquerade as officials of churches, courthouses, and financial institutions, solely for the purpose of getting you to hand over your Social Security number or other sensitive information.

Spoofed caller ID is a new twist on phishing, which uses fake e-mails to fool computer users into divulging account and other personal information. But instead of using e-mail messages to trick consumers into clicking on bogus websites, spoofed caller ID involves bogus phone numbers and identification to trick consumers into thinking the caller is the real deal.

FTC Launches website to fight cyber crime.

At the website, www.onguardonline.gov, consumers can take interactive quizzes designed to enlighten them about identity theft, phishing, spam and online-shopping scams.   If the user selects a wrong answer, the program explains why that particular misconception about Internet security can lead to trouble.

Elsewhere on the site, consumers can find detailed guidance on how to monitor their credit histories, use effective passwords and recover from identity theft.

In order to insure that your personal information hasn't been stolen, everyone is entitled to 1 free credit report from each of the 3 major credit reporting agencies annually.  To request your free Experian, Equifax, and/or TransUnion credit reports, go to www.annualcreditreport.com  or call toll-free(877)322-8228.

You can also view what has been reported with regard to insurance claims history, employment history, and tenant history by going to ChoiceTrust Free Annual Reports.

Phishing - What is it and why do I care?

"Phishing" is a high-tech scam. "Phishers" use spam or pop-up messages to trick you into giving out private information like your passwords, credit card numbers, bank account information, or Social Security number.

This is what people used to call identity theft and it usually happened over the phone.  The scammer would call you and pretend to be someone from the credit union asking you to confirm your account information, credit card numbers, PIN numbers, or passwords. Since the scammer was restricted by the time it took to call each target, identity theft didn't take off until the advent of email spam and websites.  Now, it's really profitable and very widespread - it's happening daily! 

Here's how phishing works:

Spam is used to send the phishing messages. You'll receive an email or pop-up message that looks like it's from a business or organization that you deal with –

•  your Internet service provider (ISP), e.g. AOL, MSN, Yahoo, Earthlink 
•  your credit union or bank, e.g. Family 1, Citibank
• your online payment service, e.g. PayPal
• a government agency

The message typically states that you need to “update” or “validate” your information, and there's usually a threat that something bad will happen if you don’t respond.

So, you click on the link in the email and it takes you to what looks like the legitimate organization’s site - but it's not. The site looks so realistic that you are tricked into entering personal information. The scammer then steals your identity and runs up bills or commits crimes in your name.

It's big business. The US Federal Trade Commission reported that "9.9 million U.S. residents were victims of identify theft during the previous year, costing businesses and financial institutions $48 billion and consumers $5 billion in out-of-pocket expenses."  And that was in 2003.  It's just getting going....

You can do things to protect yourself: 

1. Change your behaviour when you receive suspicious emails and pop-up messages. Be wary. When in doubt, delete it. There are products available that have a 'Delete" box that you can use to check out the email before it ever hits your email program (e.g. Outlook, Outlook Express, etc). 
    
2. If you are suspicious about a web link, call the institution before entering the site.  Family 1 will never initiate any attempt to"update" or "verify" your personal information through an email.  Any message that asks you to enter confidential information about yourself, such as your password or PIN number - hit the "Delete" key!     
    
3. Install security software. Entering the internet without a firewall and an antivirus is like living without locks on the doors of your home or car.
    
4. Since some phishing emails contain software that track your activities on the Internet, make sure you're screening your incoming mail with up-to-date antivirus software that recognizes the latest threats as well as older ones, that can fix the damage, and that updates automatically.  
    
5. A firewall blocks all communications from unauthorized sources and helps make you invisible on the Internet. A firewall is especially important if you have a high-speed Internet connection. Hackers love to take over broadband machines because it allows them to spread spam even faster!
    
6. Finally, make sure you keep up-to-date with Microsoft's patches. The latest research shows that an unpatched Windows XP computer has a life expectancy of less than 20 minutes before it is compromised. That's less time than it takes to download the patches!  

This article was compiled using information from the newsletter article on Phishing published by Nick Boulton of Firetrust (www.firetrust.com).