MADISON, Wis. A new phishing scheme that uses a "call forwarding" component enables phishers to portray themselves as the victim when a financial institution calls to verify a bank transaction.

The phishing scheme asks the financial institution's member/customers, via e-mail, to verify their phone number immediately with the financial institution. If they do not confirm their phone number, their account will be suspended.

The phisher's instructions are:

Step 1: Go to your phone and dial *72;
Step 2: Dial 707-531-4910 (XYZ Bank secure line); and
Step 3: Your phone is confirmed. You will receive a call from us in one hour for final verification. If you have confirmed your phone, you can continue the update process.
By inputting these numbers, victims actually forward their calls to the phisher's redirect number. This will go on until the victims notice they aren't getting any verification calls.

Victims may also get a call from the phisher or an answering machine posing as their financial institution to query any transaction in that period. After they confirm the phone number, the caller asks them to update their personal information, including Social Security, bank account and credit card numbers.

This particular phishing scam was taken down Wednesday morning by an Internet Service Provider, and the telephone company took care of the phone number, according to SecureWorks, an Atlanta-based information security solutions provider. However, the company warns that variances of the scam likely are on the Internet, with a more complex set of "call forwarding" numbers.

Several other phishing scams have been reported by credit unions around the country:

Identity thieves sent members of North Island CU, a $1.5 billion asset, Chula Vista, Calif.-based credit union, bogus e-mails that claim to be customer surveys from the credit union. The e-mails use North Island's slogan and logo, and offer $20 to participants who complete the five-question survey (The San Diego Union-Tribune April 24). To obtain the $20, members must give out their account numbers and passwords, so the money can be "deposited" in their accounts. Thieves then use the information to steal money from the accounts.
Members of Hickam FCU, a $383 million asset, Honolulu,Hawaii-based credit union, received phony e-mails that purport to be from the credit union. The e-mails say the victim's account is inactivated and instruct the victim to click on a supplied link. When a member clicks on the link, the phisher tries to obtain the user's ID and password (Honolulu Advertiser April 24).
Fake e-mails appearing to be from Sun East FCU, a $314 million asset, Aston, Pa.-based credit union, ask members to compete a short survey, in return for a $20 reward that will be credited to their account. The credit union has shut down the site, but about 50-60 phishing e-mails were received by credit union members (Life is a Highway April 19).

Identity Theft Continues-Online and Off: 5 Ways You Can Avoid Getting Burned

While phishing-the fraudulent use of e-mails to get consumers to part with personal financial information-continues to be the number one means of identity theft, a number of sophisticated scams warrant staying alert during transactions that you make in stores and restaurants. Here are the five latest scams to be aware of both online and off:

1. Be skeptical of requests for personal information. The reason why phishing scams continue to grow, seemingly unabated, is because they work. Phishers have become increasingly sophisticated at using e-mails to drive consumers to Websites that appear to be legitimate. You best defense is to be skeptical. NEVER provide personal information unless you are very confident that the source you are providing information to is legitimate.

2. Change your passwords. It's a good idea to change the passwords for  your online accounts on a regular basis-particularly if you tend to use one password for several accounts. (Don't forget to write down your new passwords and keep them in a safe place just in case).

3. Type, don't link. Rather than access a Website from an e-mail link, type the Web address into your browser. This helps keep you from being linked to fraudulent sites.

4. Mind your card at ATMS. In one of the newest ATM scams, the scammer inserts a metal loop into the machine, that prevents the legitimate customers card from being read. The scammer poses as a customer and stands behind the victim, as he or she enters their PIN. On the third attempt to enter their PIN, the machine retains the victim's card because of multiple attempts to enter the PIN. The victim leaves, thinking that their card has been safely retained. However, the scammer extracts the card with the metal loop and because they have the victim's PIN, can start using the card with impunity.

5. Mind your card in restaurants and stores. It's the oldest trick in the book. Scammers rely on the fact that most shoppers don't look at their card when they get it back after the transaction. The victim may not notice for a long enough time for the scammer to go on quite a shopping spree. Always make sure that your card is the one that leaves the restaurant or store in your wallet.

First Alliance is pleased to announce AlertMe, a new credit-monitoring service designed to help members fight identity theft which is a growing problem that affects millions of Americans. AlertMe gives early warning of activity on your credit report. since credit report activity can be a sign of possible identity theft, early detection can help you catch problems quickly to minimize losses.

AlertMe monitors your Experian credit file daily. New accounts, credit cards over the credit limit, and address changes are just a few of the items AlertMe monitors.  If an activity occurs, AlertMe will send you an email alerting you to the activity.  You can log into the AlertMe Web site to read details about the activity and determine if it is suspicious. AlertMe will also send an email to remind you to order your annual free credit reports.
 
The AlertMe cost is $4.25 month. Quarterly and annual plans are available at a reduced rate.  Click here to learn more or to enroll.

Identity Theft: The Undercover Crime

Identity Theft occurs then someone poses as you while using your personal information. With just two pieces of information, clever thieves can steal your identity. They can take out loans in your name, open credit card accounts, run up balances, and destroy your credit rating in the process.  And you're left with the responsibility for the debts.

What are those two pieces of information?

Your name and your Social Security number. This is one reason why you should never give out your Social Security number unless you are absolutely certain who the receiving party is. You should also request that the recipient not divulge the number to anyone.

In fact, you should protect all documents that contain personal information. Don't give a thief a chance to link your name with any important number.

What to do to protect yourself

Always keep, then destroy when no longer needed, receipts that show your Social Security number, credit union numbers, credit card or loan number, or any financial account number.
Cancel all unused credit cards.
Don't carry your Social Security card, passport or birth certificate with you, unless necessary.
Before discarding them, always shred credit card solicitations, receipts, canceled checks and all financial documents that show your personal information.
Check your credit union credit card statement for unauthorized charges and contact us immediately.
Do not give out your Social Security number, mother's maiden name or credit card account number over the phone unless you are sure that the other person is legitimate.
Order a credit report once a year and alert the company to any errors or suspicious entries.
Ask credit reporting agencies to remove your name from lists that are sold to companies offering preapproved credit cards.
If your identity is stolen:

You may already know about identity theft and how an unscrupulous person can use your Social Security number and your name to pose as you, open credit accounts and steal their way into your finances. If you become a victim of identity theft, bankrate.com suggests you immediately take the following steps:

Contact creditors (retailers, utility companies, etc.) for any accounts that have been tampered with or opened without your knowledge. Put your complaints in writing.
Contact the three major credit bureaus. Equifax (800-685-1111), Experian (800-311-4769), and TransUnion (800-888-4213) and ask them to place a fraud alert on your credit report, and to include a statement that insists creditors call you for permission before any new accounts are opened in your name.
Inform the police that your wallet has been stolen. Fill out a police report, and ask to sign a written affidavit verifying that unauthorized transactions on your account are fraudulent. Send copies to creditors and credit bureaus as proof of the crime.
Consider contacting the Federal Trade Commission at www.ftc.gov. The agency has an on-line complaint form.
Change account passwords and  PINs. Avoid using your mother's maiden name or the last four digits of your Social Security number.
Notify the Social Security Administration to replace Social Security and/or Medicaid cards the the Department of Motor Vehicles to get a new driver's license.
For more information, visit the FTC's Identity Theft Resource Center:  http://www.ftc.gov/bcp/edu/microsites/idtheft//

"Vishing" Gains Traction as New Scam Method: Use of Land Line Phones by Identity Thieves is on the Rise

While most consumers are aware of the prevalence of "phishing"-receiving e-mails that appear to be from legitimate companies asking them for personal data that will be used to steal their identity and/or access their accounts-many are not aware of a new threat to their financial security known as "vishing."

"Vishing," short for "voice phishing" employees traditional telephone land lines (as opposed to cell phones) to get consumers to part with their sensitive financial and other information.

Here's how it works:

Identity thieves use Voice Over Internet Technology (VIOP) to extensively dial phone numbers in a particular region. If the phone is answered, an automated recording informs the consumer that there has been fraudulent activity on his or her credit card, and they should call a toll-free number immediately.

When the consumer calls the number, (which is answered by what sounds like a legitimate automated function of the credit card company) he or she is asked to enter their 16-digit credit card number, using the phone's keypad. While that information alone is enough to perpetrate fraudulent charges on the consumer's card, the "vishers" often use the opportunity to also get the consumer to part with other sensitive information such as their date of birth, PIN number, account number and any other information that they are willing to provide.

Protecting Your Identity

The best way to protect yourself against vishing, phishing and other scams is to be vigilant. If someone calls or sends you an e-mail regarding your account, don't provide them with any information about your account. If you want to check the veracity of any information regarding your account, dial a known number for the institution in question (check the phone book, a recent account statement or the company's website), then ask about the status of your account.

If someone calls you and you suspect they are vishing, alert the institution that the vishers are claiming to represent as well as your state Attorney General.

If you think you have been a victim of vishing or phishing, file a complaint at www.ftc.govandthe visit the Federal Trade Commission's Identity Theft website at www.consumer.gov/idtheft.

WARNING: New Credit Card Scam
Note, callers do not ask for your credit card number; they already have it. By understanding how the VISA & MasterCard Telephone Credit Card Scam works, you'll be better prepared to protect yourself.

The scam works like this: Person calling says, "This is (name), and I'm calling from the Security and Fraud Department at VISA. My badge number is 12460. Your card has been flagged for an unusual purchase pattern and I'm calling to verify. This would be on your VISA card which was issued by (name of bank or credit union). Did you purchase an Anti-Telemarketing Device for $497.99 from a Marketing company based in Arizona?"

When you say "No," the caller continues with, "Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before the next statement, the credit will be sent to (gives you the address), is that correct?"

You say "yes." The caller continues-"I will be starting a Fraud investigation. If you have any questions, you should call the 1-800 number listed on the back of your card (1-800-VISA) and ask for Security.  You will need to refer to this Control number. The caller then gives you a 6 digit number. "Do you need me to read it again?"

HERE'S THE IMPORTANT PART ON HOW THE SCAM WORKS. The caller then says, "I need to verify you are in possession of your card." He'll ask you to "turn your card over and look for some numbers." There are 7 numbers; the first 4 are part of the card number, the next 3 are the security numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the 3 numbers to him. After you tell the caller the 3 numbers he'll say, "That is correct, I just need to verify that the card has not been lost or stolen, and that you still have your card."

Do you have any other questions? After you say No, the caller then thanks you and states, Don't hesitate to call back if you do," and hangs up.

You actually say very little, and they never ask for or tell you your card number. In reality the $497.99 purchase was charged to your VISA card during that time.

What the scammers what is the 3-digit PIN number of the back of the card. Don't give it to them. Instead, tell them you'll call VISA or MasterCard directly for verification of their conversation.

TOP 10 TIPS TO AVOID CONSUMER SCAMS

From the Office of Attorney General Lori Swanson

1. Never disclose your credit card number, check routing information, or other banking information to telemarketers or other solicitors.

2. Do not believe claims that you need to pay in order to “collect your winnings” from a contest or to obtain a line of credit.

3. If you receive correspondence claiming that your financial institution or account has been jeopardized, do not immediately disclose your account or other information. Contact the company at a telephone number or address that is listed in the telephone book, or what you know to be an accurate contact for the company.

4. Be wary of solicitations asking you to wire money or send payment to a foreign country. It may be difficult for law enforcement officials to pursue lost funds outside of the jurisdiction of the United States.

5. Do not send payment or wire money to a third party in response to a cashier’s check or personal check “overpayment” in connection with your sale of a vehicle, product or service. Remember, just because the bank may make funds from a cashier’s check available quickly does not mean the check is good. Financial institutions can take up to a week or longer to verify that a given cahier’s check or personal check is legitimate.

6. Never respond to correspondence regarding a foreign lottery. These lotteries are illegal!

7. Do not open spam email or “click” on attachments, images, or links in e-mail messages, instant messages, or pop-up messages.

8. When shopping on line, always use a secure website (preferably one that offers encryption) or a well-known payment service. Do not disclose your pin numbers or other sensitive information in connection with a purchase unless you are absolutely positive that you are dealing with a reputable company.

9. Don’t be rushed. People often make poor decisions when they are hurried. Most victims of scams later realize that if they had taken their time and thought it through, they would not have agreed to disclose their information or send money to a given scam operator.

    10. If it sounds “too good to be true,” it is.

Protect Your Identity.