The Maine Credit Union League is sharing an update on a social engineering scheme that has come to their attention. Because two credit unions in Maine have reported similar scenarios to what is outlined below, we encourage you to learn more about Social Engineering Fraud and stay on alert.
A fraudster called a member claiming to be with Amazon’s Fraud Department. They informed the member that there was $10,000 worth of fraudulent charges posted to their account and that they would be receiving a call from their credit union’s fraud department to rectify the situation.
Shortly after, the member received a second call from someone claiming to be with the credit union. The phone number the individual was calling from was an out-of-state number. Keep in mind, that while an out-of-state phone number is typically a red flag, fraudsters can spoof numbers to appear like they are originating from a local institution.
The fraudster asked the member to verify their account information. They also asked them to go to Wal-Mart to purchase various gift cards to help recoup the fraudulent charges. Fortunately, the member called the credit union directly to verify the request and did not share any information.
Social Engineering and Vishing
What happened in this scenario is an example of a social engineering. This occurs when a false pretense is used—in this case, fraudulent Amazon account activity—to convince an individual to share personal information and/or request them to take action. Vishing calls like these typically have a sense of urgency to convince the caller to act fast. Further, gift card payment demands are an increasingly popular way for fraudsters to scam people into providing them money.
Reminder for Members
Social engineering attacks can happen to anyone. Review these tips to help protect yourself from this type of fraud:
– Never provide personal information in response to unsolicited messages or calls. Your credit union will never contact you and ask you to verify your account or PIN. Neither will a reputable company like Amazon. Don’t provide that information to anyone, no matter what they say.
– Only answer phone calls from numbers you recognize. If at any point you are uncertain about questions being asked or the call itself, hang up and call your credit union or the organization back using a phone number found through a trusted source such as the company’s official website or a financial statement.
*The same is true when responding to unsolicited emails or text messages. Never click on unknown links or share personal information.
*AND NOTE: scammers can actually spoof financial institutions’ phone numbers too, making it look like our number is calling, while pretending to be us. Always be on the alert **and NEVER give out personal information to someone calling you!**
– Avoid engaging with unsolicited callers. These fraudsters are trying to build a rapport with you to pressure you into sharing personal information or meeting a demand such as buying a gift card.
– No legitimate organization will EVER request payment in the form of a gift card.
* Scammers often demand gift cards because they are easy to purchase and aren’t traceable to any individual’s bank account.
*Keep this in mind if someone calls you claiming to be from a charitable organization and asks for a donation in gift cards.
– Regularly check your account online to see if there are any suspicious transactions that have occurred, especially if you are unsure about a call, email, or text message you’ve received.
– Contact your credit union or other financial institution immediately if you believe you are a victim of fraud. You also can report fraud to the Federal Trade Commission by visiting ftc.gov.
Be on the defense when it comes to fraud! If you’re ever unsure about something, the Team at Downeast CU is just a phone call away at 800-427-1223.
For our members’ convenience, links are available in this website to allow quick access to other sites that may be of interest. Clicking on a third party link will take you out of Downeast Credit Union’s website to an alternative website not operated by DECU. The Credit Union is not responsible for the content of the third party website and does not represent either the third party website or the member if you enter into a transaction. Privacy and security policies of the website to which you are linking may differ from those practiced by DECU.