Security Center

Reverse Instant Payment Scam Alert

Reverse instant payment scams occur when cybercriminals trick victims into sending them money through digital payment apps such as Venmo^®, Zelle^® and PayPal^® that allow users to instantly send funds from their bank accounts to other registered users, needing only the other user's phone number or email address. Cybercriminals will send their victims what appear to be automated text messages asking them if they have attempted to make an instant payment. When the victim replies "No" to the text, they then receive a reply saying that their financial institution's fraud specialist will be contacting them shortly. Cybercriminals who sound credible will then call the victim claiming to be fraud specialists, using sophisticated technology to have their caller ID appear to be the victim's financial institution's legitimate toll-free number. The cybercriminal will then tell the victim to secure their digital payment app account by removing their email address as the cybercriminal proceeds to add the email to an account they control so that when they ask the victim to send another instant payment to themselves over the app in order to "reverse" the payment referenced in the original text message, the payment goes to the cybercriminal rather than back to the victim.

Here's how you can spot a potential reverse instant payment scammer:

• You receive unsolicited requests to verify account information
• You are asked to transfer funds between accounts in order to prevent/reverse fraud - legitimate financial institutions like St. Anne's will never ask you to do that
• Unsolicited callers try to establish credibility by providing your personal information such as Social Security Numbers and past addresses - many criminals have gathered such information through large-scale data breaches over the past decade, so don't let this strategy fool you

Call St. Anne's directly at 1.877.STANNES if you receive an unsolicited request to verify account information - do not simply reply to unsolicited text, phone call or email requests.

For more details on reverse instant payment scams, please refer to the Federal Bureau of Investigation's (FBI) Public Service Announcement here.

Account Takeover Fraud Trend

Account takeover fraud occurs when a scammer has obtained sufficient credentials to pose as the cardholder to financial institutions. They can then execute changes to account or card-level settings that assist in the commission of fraud, including demographic changes (phone numbers, emails, passcodes etc.), increased limits, PIN changes and travel exemptions that suppress normal fraud monitoring. As an example, scammers may call you pretending to be from a fraud alert center. You may be sent a one-time passcode (OTP), and the scammer may ask you for that code as well as your member/account number and instruct you to reply "not fraud" on alerts by the real fraud alert contact center in response to suspicious account activity. The scammer may then use the information they tricked you into providing to change your card/account settings, allowing them to take over your account for their own use.

Here's how you can spot a fraud alert imposter and keep your account secure:

• Do not provide your full Social Security number, PINs or OTPs over the phone - a legitimate fraud alert contact center will never ask for this information
• Monitor your account activity through Online or Mobile Banking and report suspected fraudulent transactions
• Sign up for free SecureAlerts from St. Anne's to set up customized, real-time account notifications to know instantly when something important happens on your account through texts, push notifications emails or Online Banking Messages. Click here to register today.

St. Anne's takes your privacy and security very seriously. If you think you've been a victim of fraud, contact us immediately at 1.877.STANNES.

PHISHING SCAMS

Countless families and individuals are struggling financially during COVID-19. In a truly malicious response to the situation, scammers are lurking and launching phishing attacks claiming to offer financial assistance to those in need. These phishing emails impersonate local government where you are directed to click a link in the email for more information and receive financial assistance. If you click the link, you are taken to a phony government website that will ask for your personal information including your social security number. Don’t be fooled! Anything you enter here is sent directly to the cybercriminals.

Here’s how you can ensure your personal information stays secure:

• Never click on a link in an email that you weren’t expecting - even if the sender appears to be a legitimate organization
• Review official government websites and trusted news sources
• Use another means of communication to reach out to the sender, such as calling their official phone number—not the one listed in the suspicious email

protect yourself while online shopping

Due to COVID, the majority of us are going to be doing our shopping online. Here are some ways to protect yourself when doing online shopping:

• Review your credit card transactions often
• Create transaction alerts
• Avoid public Wi-Fi
• Verify that the websites you are visiting start with “HTTPS"
• Validate social media deals
• Set strong passwords

Fake login pages

A popular method used to steal your credentials is to use fake login pages to capture your login details. These types of attacks usually start with a phishing email that directs you to use a link in the email to "log in to your account". The emails are usually authentic-looking and present a seemingly-normal request. If you click this link, you’re brought to a login page that looks almost identical to the one you’re used to but is actually a fake page. Once you’ve entered your email and password on the fake page, you may be redirected to the real website–leaving you unaware that your login credentials were stolen.

How Do I Spot a Fake Page?

As the first line of defense, always navigate to your account’s login page by typing the web address in your browser, or using a bookmark that you’ve saved–rather than clicking through links in an email.

Also, be aware of the following tips to help you identify fake web pages:

• To be on the safe side, make sure the website starts with https:// before entering any personal information.
• Make sure that the website that you are on is correctly spelled and not mimicking a well-known brand or company.
• An excess of spelling, punctuation, capitalization, and grammar mistakes can indicate that the website was put together fairly quickly with no regard for professionalism.
• Look for reliable contact information. If you can find another way to contact the brand or company, reach out to them to confirm the email is real.
• Walk away from deals that are too good to be true. Some retailers will discount older merchandise but if the latest item is also heavily discounted, walk away. It’s probably too good to be true!

VISHING scam

There have been reports of members becoming targets in vishing scams. Vishing (phone-based phishing) involves one spoofing their phone number to appear the call is originating from wherever they please. It is a method commonly used to steal personal information from individuals as well as businesses.

Fraudsters are spoofing their phone numbers to make it appear like a call is coming from the victim’s financial institution (like a credit union). When the member answers the call they are told they need to confirm suspicious debit card transactions. The fraudster will then ask the victim to verify their CVV2/CVC2 code on the back of the card as well as the expiration date. Often, fraudsters will already have a copy of the victim’s card and need this information to reset their PIN number. Once they reset the PIN number, they are free to withdraw from the victim’s account.

Simply, never give any personal information over the phone. St. Anne’s will never request this information from you, nor would we ever need it. If you receive a phone call requesting these details from you, just hang up. Still unsure? Call the credit union directly to confirm the legitimacy of the call.

Security Alerts

The IRS noticed a significant increase in phishing attempts to steal money or tax data, therefore you must be on high alert.

Consumer Protection Information - Federal Trade Commission (FTC)

Identity Theft

Identity theft is the fastest growing crime in America today. It happens when fraudsters willfully and wrongfully obtain and use your personal data to defraud you. Learn how to protect yourself from becoming a victim.

Identity Theft - Federal Trade Commission (FTC)
Identity Theft - Protecting Your Identity and Safeguarding your Financial Information

Business Security

Running a successful business involves identifying and managing all kinds of risk. To help you protect your business from fraud and other security risks, St. Anne’s provides these helpful articles to take care of your business.

Corporate Account Takeover - Mass.gov

Online & Mobile Security

Technology has brought us easier ways to bank, shop, and manage our day-to-day lives. It’s also brought forth fraudsters who are using sophisticated technology to defraud you. Learn tips, tools, and strategies to protect your money and your technology.

Consumer Online Safety - Federal Trade Commission (FTC)

cyberSecurity

In today’s digital world, cybersecurity is becoming a top concern and cost for both businesses and individuals as our dependency on computers increases and users becoming more skilled. A majority of the population believes a cyber attack won’t happen to them, but it’s important to consider realistic data which gauges the likelihood of experiencing a cyberattack as one in four. Advancing technology allows us to complete more tasks online than ever before and find answers we need in a matter of seconds, but with this luxury increases the threat of cybercriminals who continually evolve their strategies and tactics to gain access to, and compromise unauthorized data. The best defense against these threats is to be mindful of your actions online and practice smart computer usage that will safeguard both your work and personal life. Take advantage of St. Anne’s smart tools such as CardValet^® - a mobile app that allows you to turn your card off/on if your debit card is lost or stolen to prevent fraud.

PURCHASING SCAMS

Don't be fooled when someone offers you more money for an item you are selling online!

It is a “red flag” when anyone responds to your posting or ad wanting to pay more for the item.  The buyer offers to use a cashier's check, personal check, or corporate check BUT at the last minute, comes up with a reason for writing the check for more than the sales price.  They ask you to wire back the difference after you deposit the check. However, when you deposit the check and after you have already wired the funds back, you find out that the check bounced leaving you liable for the entire amount.

Some tips to protect yourself are listed below:

• Don't accept a check for more than your selling price, no matter how tempting. Ask the buyer to write the check for the correct amount. If the buyer refuses to send the correct amount, return the check. Don't send the merchandise.
• If the buyer insists that you wire back funds, end the transaction immediately. Legitimate buyers don't pressure you to send money by Western Union or a similar company. In addition, you have little recourse if there's a problem with a wire transaction.