2/11/13 - Fraudulent Email Referencing the FFIEC and a Supeona
We have received reports that that emails stating that there is "an open subpoena regarding suspect financial activity on member accounts." PLEASE BE AWARE THAT THIS IS A SCAM! The wording in the messages varies, but all are malicious!
During the summer of 2011 and February 2013 fraudulent emails were sent out referencing the FFIEC along with account numbers and/or summons notifications, some from "Inform@ffiec.gov" and "Office@ffiec.gov".
The FFIEC does not send out any such emails and is not affiliated with these messages or their email address domains. If you receive any suspicious email please, under no circumstances should you reply to these messages, open any attachments, or click on any link within these messages! Please call PrimeSource at (509)838-6157 for assistance. Visit the PrimeSource Security Center for information on how to protect your accounts, and computer!
Credit union members are being recruited as money mules and unknowingly assist fraudsters in laundering stolen funds. Please be aware of this scam and on the lookout for any suspicious activity.
A number of credit unions have reported that their members are being recruited as money mules by fraudsters. Money mules unknowingly assist fraudsters in laundering stolen funds. The source of the stolen funds received by the money mules is often from account takeovers at other financial institutions through online banking systems.
Money mules are most often recruited through bogus job offers for payment processors, financial managers, or overseas representatives. Fraudsters typically find their potential money mules by searching websites where job seekers post their resumes. A key consideration in accepting the position is the ability to work from home. Upon accepting the job, the money mules are notified they will receive deposits to their accounts via ACH and/or wire transfer. In some cases, the money mules are instructed to open an account at a financial institution in order to receive the funds. The mules are instructed to not share details of their new job with anyone. Upon receipt of the funds, the mules are instructed to either wire the funds to an account at another financial institution (foreign and domestic) or send the funds to individuals via Western Union.The money mules keep a portion of the funds deposited to their accounts as wages.
In one case, a credit union member was recruited to assist a foreign company in purchasing heavy construction equipment. The fraudsters deposited the stolen funds to the member’s account via wire transfer. The member even received a bogus purchase invoice for the equipment from the fraudsters. The member was instructed to wire the funds to the equipment manufacturer’s account, which turned out to be a fraudulent account opened by the fraudsters.
The deposits made to the money mule accounts via ACH and/or wire transfer were actually stolen from deposit accounts at other financial institutions and investment accounts held at brokerage firms. Using sophisticated banking Trojans, such as Zeus, fraudsters steal the login credentials of online banking users and investors who access their investment accounts online. The fraudster logs into the account and transfers funds via ACH and/or wire transfer to the money mules’ accounts.
The money mules are recruited through means other than bogus jobs. Fraudsters often find their victims by searching online dating websites. The victim’s new-found love fabricates a story to dupe the victim into laundering stolen funds. In a common scam, a fraudster located overseas claims to have a friend in the United States and wants the friend to fly overseas for a visit; however, the friend cannot transfer money overseas to purchase the ticket. The lovelorn victim agrees to help his/her newfound love and receives a deposit to his/her account with instructions to wire the funds overseas.
Back to Top
2/13/12 - Email Claiming to be for Nacha
The subject line of the e-mail might read: “Unauthorized ACH Transaction” or may contain a notice that "A direct deposit to a creditor has not been applied," or other similar messages. These e-mails include links that will redirect an individual to a fake web page with links that almost certainly contain an executable virus with malware. Do not click on the link.
Both the e-mail and the related website are fraudulent. Be aware that phishing e-mails frequently have links to web pages that host malicious code and software. Do not follow web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software applications security patches are installed and current.
Be alert for different variations of fraudulent e-mails.
= = = = = FRAUDULENT Sample E-mail = = = = = =
Sent: Monday, February 13, 2012
To: Doe, John
Subject: Unauthorized ACH Transaction
Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:
Unauthorized ACH Transaction Report (DO NOT CLICK ON LINKS IN ANY SUSPICIOUS EMAIL!)
Copyright © by NACHA - The Electronic Payments Association
Back to Top
2/13/12 - Consumer Research Scam with a Bogus Check Attached
Please be aware of a letter in the mail that states you have been selected to participate in a paid Consumer Research Program. The Letter from American Consumer Opinion includes a bogus check in the amount of $1985.00 "to assist you with your assignment." The letter requests that you spend various amounts at certain business locations (receipt required) and then send the results via Western Union with a $130.00 fee. Do not attempt to cash this check or proceed! Please note: Anytime you are sent something that requires you to pay a certain dollar amount to receive free money, winnings or services, it is usually a SCAM!
Back to Top
REMEMBER: A PrimeSource Credit Union Employee will not call you and ask you to provide sensitive account verification information (we already have this information). If you have any doubt, DO NOT RESPOND and please call us directly for assistance at (509) 838-6157.
9/11/12 - FBI Warns of New "Drive-By" Virus - Exercise Caution and Do Not Open Files or Attachments
There is a new “drive-by” virus on the Internet, and it often carries “a fake message—and a fake fine” purportedly from the FBI. According to the Internet Crime Complaint Center the virus known as Reveton Ransomware, is designed to extort money from its victims.
Delete the Message and Do Not Open the File or Attachment!
Reveton is described as drive-by malware because unlike many viruses—which activate when users open a file or attachment—this one can install itself when users simply click on a compromised website. Once infected, the victim’s computer immediately locks, and the monitor displays a screen stating there has been a violation of federal law.
The bogus message says the user’s Internet address was identified by the FBI or the Department of Justice’s Computer Crime and Intellectual Property Section as having been associated with child pornography sites or other illegal online activity. To unlock their machines, users are required to pay a fine using a prepaid money card service. Warning! Do not proceed in paying the fine, which will NOT unlock the computer—this is a virus and a scam to get user’s to send money using a prepaid money card service!
One victim explains, “While browsing the Internet a window popped up with no way to close it. The window was labeled FBI and said I was in violation of one of the following: illegal use of downloaded media, under-age porn viewing, or computer-use negligence.
It listed fines and penalties for each and directed me to pay $200 via a MoneyPak order. Instructions were given on how to load the card and make the payment. The page said if the demands were not met, criminal charges would be filed and my computer would remain locked on that screen.”
The Reveton virus, used by hackers in conjunction with Citadel malware—a software delivery platform that can disseminate various kinds of computer viruses—first came to the attention of the FBI in 2011. Since that time, the virus has become more widespread in the U.S. and internationally. Some variants of Reveton can even turn on computer webcams and display the victim’s picture on the frozen screen.
The Internet Crime Complaint Center is getting dozens of complaints every day, noting that there is no easy fix for the virus. Unlike other viruses, Reveton freezes your computer and stops it in its tracks. And the average user will not be able to easily remove the malware.
If you have received the Reveton virus, or other suspicious internet content, contact the Internet Crime Complaint Center. In addition, you may want to consider consulting a computer repair business to help to remove the malware from the computer system.
Back to Top