FRAUD ALERTS
TAX SCAMS
It is tax time again and fraudsters will use this opportunity to attempt to scam consumers and businesses out of their hard earned money.
Fraudsters impersonate the real Canada Revenue Agency (CRA) by telephone or by email. Fraudsters are either phishing for your identification or asking that outstanding taxes be paid by a money service business or by pre-paid debit/credit cards. There are two variations:
1.There is notification by phone or email from the "CRA" claiming there is a refund pending. In order for the recipient to receive the refund they must provide personal information.
2.Consumers and businesses receive a notification by phone or email that they owe "back taxes" as the result of an audit. The payment must be made immediately to avoid a fine or the recipient is told there is an outstanding warrant that can be avoided if the payment is made promptly. In many cases, individuals are told they will be deported if the taxes are not paid right away.
Protect yourself
•Do not take immediate action. Verify that what you are being told is the truth.
•Ask yourself why the CRA would be asking for personal information over the phone or email that they likely already have on file for you as a taxpayer.
•Contact the CRA to confirm that you owe back taxes, or are entitled to a refund, before providing any personal or banking information.
•More information about fraud scams involving the CRA
http://www.cra-arc.gc.ca/scrty/frdprvntn/menu-eng.html
NEVERQUEST TROJAN VIRUS
We would like to direct your attention to a recent alert concerning a sophisticated Trojan virus called Neverquest Trojan. This virus lies hidden on malicious websites or infected computers and can steal usernames and passwords for people’s online banking accounts.
This virus has been created by a team of Russian cybercriminals. Once it has access to accounts, using the obtained usernames and passwords, it can empty them completely and is so advanced that security experts are warning that traditional antivirus software is not enough to keep users protected. Please click here to access the article issued by Mail Online.
Please remember to:
not store passwords in cookies or on your computers
only access official websites
keep all anti-virus and anti-spyware software protection up to date, with regularly scheduled scans programmed.
Learn more on how to protect your computer.
MOBILE BANKING PHISHING SCAM
People receive an alert (sample below), requesting that they call a toll free number because their account has been locked due to exceeding online attempts. The text messages reference a financial institution name, however the person receiving the text does not always have a relationship with the financial Institution referenced, which indicates that the text messages are being randomly sent.
Customers that call into the number will be prompted for their card number, expiry date, and their personal access code. DO NOT provide this information at any time, as this may lead to your account being compromised.
EMAIL PHISHING SCAM IMPERSONATES MASTERCARD CHOICE REWARDS
A phishing email claiming to be coming from cucardsonline.com asks members to click on a link that would appear to lead them to the MasterCard Choice Rewards website to enter personal information. This site is fraudulent. If you receive this email, Do not click on the link.
The fraudulent email may suggest that you have not logged in for a certain number of days, and need to update your information by logging in to the site. Do not do this. Although the link appears to go to the MasterCard site, it is really a copycat site created by thieves to steal personal and password information and possibly install a trojan horse virus on your computer.
If you receive such an email, immediately delete the email without clicking on the link.
CANADA STUDENT LOAN PROGRAM PRIVACY BREACH
A federal agency, Human Resources and Skills Development Canada (HRSDC), located in Gatineau, Quebec, has lost an external portable hard drive, containing personal information on 583, 000 Canada Student Loan borrowers who were clients of the Canada Student Loan Program (CSLP) from 2000-2006.
It is important to note that no banking or medical information was included on the portable hard drive.
HRSDC have issued letters to those individuals affected detailing the steps to be taken to mitigate the risk of harm.
If you have been affected by this breach, please contact Equifax and TransUnion so an alert can be placed on your credit bureau.
Equifax 1-800-465-7166 Transunion 1-800-663-9980
For more specific questions regarding the privacy breach, please contact the toll free number at 1-866-885-1866 or visit
http://www.canlearn.ca/eng/main/spotlighton/privacy/index.shtml
BEWARE OF CURRENT PHISHING SCAM
Credit Union Central of Canada is NOT requesting personal information from credit union members. It has come to our attention that a member of a Canadian credit union has received an email from “Credit Union Canada” requesting personal and work information, including their SIN number as a standard ‘security update’. The email includes a request that this information be provided via an attachment rather than be updated directly on their online account or within a branch. Please note that our Canadian Central would NEVER contact a client directly to request personal information.
This is the email the credit union member received:
"Dear CU Client, As the online banking security software keeps evolving, it is of utmost importance that you keep your information with Credit Union always up to date. In-line with the latest banking security, you are required to periodically update your profile informations. To update, you should download the attached html update file and open it with your favourite internet browser. Follow the instructions and click on continue. Attached update file is named 'credit_union_update.html'
Data loss and breach of online banking security is imminent if this update is not applied.
Thanks for Banking with Us, Credit Union Canada. "
Should you or one of your members receive this request for personal information, please: Contact your local authorities immediately and Report it to the Canadian Anti-Fraud Centre
http://www.antifraudcentre-centreantifraude.ca/english/home-eng.html
CREDIT UNION REPORTS ATTEMPTED EMAIL FRAUD
Be on the alert for any emails containing requests for personal or financial information. Ensure your computer protection is up to date (anti-virus software, spyware filters and firewall programs). Be sure to check your accounts, credit and debit card statements to ensure all transactions are legitimate. For further information, please contact North Sydney Credit Union.
LITTLE BLACK BOOK OF SCAMS
The Competition Bureau has launched The Little Black Book of Scams, a compact and easy to use reference guide filled with information Canadians can use to protect themselves against a variety of common scams. Consumers and businesses can consult The Little Black Book of Scams year-round to avoid falling victim to Internet scams, fake lotteries, romance scams, and many other schemes used to defraud Canadians of their money or personal information.
The booklet offers information on how theses scams work, how to recognize them, as well as practical tips on how consumers can protect themselves. It also debunks common myths about scams, provides contact information for reporting a scam to the correct authority, and offers a step-by-step guide for scam victims to reduce their losses and avoid becoming repeat victims.
To download your copy of The Little Black Book of Scams, click here.
FRAUDULENT ACTIVITY – HYPERWALLET
There have been attempts to fraudulently remove funds from credit union accounts through hyperWALLET. In each circumstance the fraudster was able to access the member’s account through MemberDirect and open a hyperWALLET without the member’s knowledge and request a funds transfer.
The first fraud was detected because of hyperWALLETs internal fraud detection procedures. In the other two situations, the member’s noticed the transactions immediately when viewing their accounts through Member Direct and contacted their credit union. HyperWALLET fraud detection procedures would have detected these transactions as fraudulent if the member had not been so quick in identifying them.
HyperWALLET is an online electronic payment service that allows users to transfer funds to and from their credit union account such as:
*Send and receive funds via email
*Transferring funds between other financial institutions
*Buy and sell Canadian and US dollars
*Send or receive online auction payments
*Send or receive invoices and payments
*Accept payments on your website
*Shop online privately
*Please note that HyperWALLET transactions are processed and coded as a bill payment through MemberDirect.
A hyperWALLET can only be opened through MemberDirect. The member must be set up on MemberDirect and the fraudster would need to have the member’s password and account information to open a hyperWALLET account.
The fraudster may obtain the account information through the computer the member uses for their MemberDirect banking by installing spyware, key loggers or virsues such as a Trojan horse. To protect themselves while banking online, members should review the recommended on-line banking practices and tips on protecting your PIN and personal information. Click Here
HyperWALLET uses the strongest security technologies available to protect customer-owner confidentiality and has a range of tools in place to verify the legitimacy of all hyperWALLET transactions.
SKIMMING AND ONLINE BANK FRAUD
Phishing Scam Using Name of Credit Union Card Services
FRAUD ALERT: A fraudulent email is being sent to some CUETS Financial customers. The email subject is "Your Attention is needed" and the senders' email is CUETS Financial messageid2217@cuets.ca
The email asks that you update your account information for your Credit Union MasterCard. If you have received this email or an email like this one, DO NOT follow the link or provide any personal information. Delete the email. This is a kind of fraud called phishing. Reputable financial institutions will NEVER use email to request personal account information.
If you feel your card information has been compromised, contact the 1-800 number on the back of your credit card for immediate assistance, or Card Services at 1-800-561-7849.