IBM Southeast Employees' Federal Credit Union

IRS Alerts Public to New Identity Theft Scams

August 4, 2009 - The Internal Revenue Service reminds consumers to avoid identity theft scams that use the IRS name, logo or Web site in an attempt to convince taxpayers that the scam is a genuine communication from the IRS. Scammers may use other federal agency names, such as the U.S. Department of the Treasury.

In an identity theft scam, a fraudster, often posing as a trusted government, financial or business institution or official, tries to trick a victim into revealing personal and financial information, such as credit card numbers and passwords, bank account numbers and passwords, Social Security numbers and more. Generally, identity thieves use someone’s personal data to steal his or her financial accounts, run up charges on the victim’s existing credit cards, apply for new loans, credit cards, services or benefits in the victim’s name and even file fraudulent tax returns.

The scams may take place through email, fax or phone. When they take place via email, they are called “Phishing” scams. The IRS does not discuss tax account matters with taxpayers by email. The IRS urges consumers to avoid falling for the following recent schemes:

Making Work Pay Refund - This phishing email, which claims to come from the IRS, references the president and the Making Work Pay Provision of the 2009 Economic Recovery Law. It says that there is a refundable credit available to workers, consumers and retirees that can be paid into the recipient’s bank account if the recipient registers their account information with the IRS. The email contains links to register the account and to claim the tax refund. In reality, most taxpayers receive their Making Work Pay tax credit, which was designed for wage earners, in their paychecks as a result of decreased tax withholding, not as a lump sum distribution from a federal fund. Additionally, consumers and retirees who are not wage earners are not eligible for this tax credit. For more information, visit the Making Work Pay Provision IRS webpage at http://www.irs.gov/newsroom/article/0,,id=204447,00.html and the 2009 Economic Recovery Law IRS webpage at http://www.irs.gov/newsroom/article/0,,id=204335,00.html.

Inherited Funds / Lottery Winnings / Cash Consignment - In this phishing scheme, recipients receive an email claiming to come from the U.S. Department of the Treasury notifying them that they will receive millions of dollars in recovered funds or lottery winnings or cash consignment if they provide certain personal information, including phone numbers, via return email. The email may be just the first step in a multi-step scheme, in which the victim is later contacted by telephone or further email and instructed to deposit taxes on the funds or winnings before they can receive any of it. Alternatively, they may be sent a phony check of the funds or winnings and told to deposit it but pay 10 percent in taxes or fees. Thinking that the check must have cleared the bank and is genuine, some people comply. However, the scammers, not the Treasury Department, will get the taxes or fees.

Form W-8BEN - In this scam, fraudsters modify a genuine IRS form, the W-8BEN, Certificate of Foreign Status of Beneficial Owner for United States Tax Withholding, to request detailed personal and financial information. This could include nationality, passport number, bank account and PIN numbers, spouse’s name and mother’s maiden name, or other personal or financial information or security measures for financial accounts. The scammers may use the genuine form number and name or may make up a new form number, such as W-4100B2. They either email or fax the form or letter. If only a letter, the letter itself contains the request for the personal and financial information. The letter, which claims to come from the IRS, states that the recipient will face additional taxes unless he or she quickly faxes the required information to the number provided by the scammer. In reality, taxpayers file the genuine Form W-8BEN with their financial institutions, not with the IRS. Additionally, the genuine W-8BEN does not request the taxpayer’s passport number, bank account number, security or similar information. For more information, review a genuine W-8BEN Form on the IRS website at http://www.irs.gov/pub/irs-pdf/fw8ben.pdf.

Refund Scam - The bogus email, which claims to come from the IRS, tells the recipient that he or she is eligible to receive a tax refund for a given amount. It instructs the recipient to click on a link contained in the email to access and complete a form for the tax refund. The form requires the entry of personal and financial information. The refund scam is the most common one seen by the IRS. Several recent variations on this scam have claimed to come from the Exempt Organizations area of the IRS. Some others have included the name and purported signature of a genuine or a made-up IRS executive. Taxpayers do not have to complete a special form to obtain a refund. Taxpayer refunds are based on the tax return they submit to the IRS.

How to Spot a Scam
Many email scams are fairly sophisticated and hard to detect. However, there are signs to watch for, such as an email that:

-Requests detailed or an unusual amount of personal and/or financial information, such as name, SSN, bank or credit card account numbers or security-related information, such as mother’s maiden name, either in the email itself or on another site to which a link in the email sends the recipient.
-Dangles bait to get the recipient to respond to the email, such as mentioning a tax refund or offering to pay the recipient to participate in an IRS survey.
-Threatens a consequence for not responding to the email, such as additional taxes or blocking access to the recipient’s funds.
-Gets the Internal Revenue Service or other federal agency names wrong.
-Uses incorrect grammar or odd phrasing (many of the email scams originate overseas and are written by non-native English speakers).
-Uses a really long address in any link contained in the email message or one that does not start with the actual IRS Web site address (www.irs.gov). To see the actual link address, or url, move the mouse over the link included in the text of the email.

What to Do
The IRS does not initiate taxpayer contact via unsolicited email or ask for personal identifying or financial information via email.
If you receive a suspicious email claiming to come from the IRS, take the following steps:

-Do not open any attachments to the email, in case they contain malicious code that will infect your computer.
-Do not click on any links, for the same reason. Also, be aware that the links often connect to a phony IRS Web site that appears authentic and then prompts the victim for personal identifiers, bank or credit card account numbers or PINs. The phony Web sites appear legitimate because the appearance and much of the content are directly copied from an actual page on the IRS Web site and then modified by the scammers for their own purposes.
-Contact the IRS at 1-800-829-1040 to determine whether the IRS is trying to contact you.
-Forward the suspicious email or url address to the IRS mailbox phishing@irs.gov, then delete the email from your inbox.

Genuine IRS Web site - The only genuine IRS Web site is IRS.gov. All IRS.gov Web page addresses begin with http://www.irs.gov/. Anyone wishing to access the IRS Web site should initiate contact by typing the IRS.gov address into their Internet address window, rather than clicking on a link in an email.

NCUA Vishing Fraud Alert
April 20, 2009 - Recently, there have been multiple fraudulent emails and telephone calls directed to the general public and Credit Union Members that appear to be from NCUA. A variant called Vishing uses telephone systems. A Vishing scam occurs when a consumer receives a recorded message telling them a credit card and/or financial institution account has been breached and to immediately call a number provided in the message. The phone number leads the consumer to a fraudulent call center where people are asked to supply or verify pertinent financial account, social security or credit card information.

NCUA does not ask Credit Unions Members for personal information. Anyone who receives an supposed email or phone call from NCUA that asks for account information should consider it a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the email or phone call.

If you receive a Vishing telephone call or text message, contact NCUA’s Consumer Assistance Hotline toll-free anywhere in the United States 800-755-1030 .

If you inadvertently respond and provide confidential account information, please notify us immediately. You should change affected accounts and PINs, and take any additional action recommended by us to protect your account. If you feel that you have received a fraudulent NCUA phishing email, please forward the entire email message to Phishing@ncua.gov.

Additionally, you can file formal complaints concerning any suspected fraudulent email with the Internet Crime Complaint Center (IC3) at www.ic3.gov. The IC3 is a partnership between the Federal Bureau of Investigation, the National White Collar Crime Center, and the Bureau of Justice Assistance.

Text Message & Email Fraud
April 13, 2009 - The Credit Union National Association (CUNA) is aware of a number of text messages and emails that are circulating under subjects like:

Account De-activation.
Account Status Alert
Changes to Terms and Conditions
Irregular Activity

These emails and text messages ask that the customer call a number in order to have their account reactivated. Some may request that you leave callback information or provide your financial information directly. All of these emails are fraudulent. Please do not respond to these messages. Report these suspicious emails to abuse@cuna.org and visit http://www.creditunion.coop/scams.html for more information.

The Credit Union National Association is the trade association for Credit Unions in the US. CUNA does not maintain any type of Member financial information. Additionally, your IBM Southeast EFCU would never solicit your personal identification information via email. If you did respond to such a solicitation, you should contact us directly using the local phone number provided on this website or your monthly statement.

Phishing Scams Mimic Government Economic Stimulus Package
February 11, 2009 - Two Phishing Scams have recently been reported:

1. Identity thieves posing as representatives of the Internal Revenue Service (IRS) are sending spam e-mails promising Government Economic Stimulus Packages.

2. Another Scam that is being used promises more information on how to get Economic Stimulus Grants.

Identity thieves posing as representatives of the IRS are sending spam e-mails promising government Economic Stimulus Packages. The message tells the user to download an attachment that is masked as a form they must fill out and send to the IRS to receive their check. However, the document really is an identity theft tool that steals the personal information entered in the form.

Another scam being used promises more information on how to get Economic Stimulus Grants. They tempt users with fake testimonials such as, I found the grant I needed and filled out the forms and sent them in, and in about two weeks I received a check in my hand for $100,000.00. It leads to a marketing-type site in which you enter personal information such as salary range, e-mail address, mailing address, and date of birth, purportedly to get a free CD that shows you how to claim one of these grants. To order the CD, you must enter credit card information for the postage and handling costs. You never get the CD, only a stolen identity.

Unfortunately, the threat of fraud due to Phishing attempts continues to be very active. Fraudsters are increasing in sophistication, and this type of activity shows no sign of slowing down.

Phishing Activity Appears To Be On The Rise
January 8, 2009 - Information received within the last week suggests an increase in phishing activity. The fraud appears to be widespread geographically and fraudsters are utilizing a variety of ways to obtain personal Member information.

Examples of recent reported phishing activity include the following:

Text messages were sent to Members indicating they should call a specific number and provide credit card information based on a freeze on their account.
Computerized calls to Members indicated possible tampering of their check cards and asked them to enter their 16-digit check card number. The phone number shown on Caller ID appears to be a legitimate number, possibly hijacked by the fraudsters.
Members were blanketed with phone and text messages stating their cards had been suspended and directed them to call a number to reactivate. When Members call back, they are instructed to input their card numbers and PIN. It is believed that counterfeit cards were then created and ATM/Debit card PIN-based transactions took place in Romania.
Fraudulent email and text messages are being sent to appear as if they are from the Credit Union. The Credit Union’s Web site has been re-created by the scammer, who then asks Members to enter their card numbers, expiration date, PIN and CVV2/CVC2 numbers. Members are also being called in the middle of the night stating their cards are experiencing fraud, and they are then asked to provide personal information.
Credit cardholders received a telephone message from an unknown party who left a telephone number for the Member to call. The caller ID read ‘economic relief.’ When Members returned the call, they were prompted to press 1 to lower rates, a person then came on and asked for social security number, credit card number, etc.

The Credit Union National Association (CUNA), not CUNA Mutual Group, has also been the subject of recent phishing attacks. Credit Union Members received email messages appearing to be from legitimate email addresses for CUNA and other Credit Unions stating “Your card has been deactivated.” The Members are directed to call an 800 number (there are multiple 800 numbers being used) to ‘activate’ their card and PIN. One aspect of this scam causing particular concern is the realistic nature of the call: a message indicates all operators are busy, callers hear music for several seconds, and then a normal sounding (non-computer generated) voice prompts them to leave their name and a callback number. Our understanding is they will receive a call back from an actual person making the request seem valid.

New Phishing Scam Sounds Like Official Telephone Call
November 25, 2008 - Phishing has a dangerous new twist. In telephone calls to Cardholders, criminals are attempting to obtain the three-digit security code printed on the back of VISA (CVV) and MasterCard (CVC) credit and debit cards. The phishers are trying to get enough information to perform fraudulent card-not-present transactions (Internet, telephone, and mail-order purchases).

Under this scam, a telephone call is placed to a legitimate Cardholder. The caller claims to be a representative from VISA or MasterCard informing the Cardholder of suspicious card activity. The caller provides details of an unusual transaction and asks if the Cardholder made this purchase, which, of course, the Cardholder did not. The Cardholder is then asked to verify possession of the card. To do so, the Cardholder is asked to read the three-digit security code on the back of the card. The fraudster then provides a control number in the event the Cardholder needs to call back with questions, making the call seem legitimate.

The caller does not ask for the credit or debit card number, and that is why some Members are fooled into believing the call is legitimate. But the fraudster already has the card number; what they don’t have is the three-digit security code from the back of the card, and that is what they are after with this scam.

The three-digit code on the back of the VISA or MasterCard card is a security tool used for non-face-to-face transactions. When conducting transactions that are not face-to-face, many merchants will ask the shopper for the three-digit code to complete a card authorization. If the criminal obtains this three-digit number and already has your Member’s card number, card expiration date, and billing address, the criminal may be able to obtain authorization for fraudulent transactions.

Never respond to any email, telephone call, voice message, text message, or letter received through the mail that requests personal and financial information, including the three-digit number on the back of the card.