Fraud can happen at any time, in any place. Synergent works with credit unions coast-to-coast, and we wanted to share a social engineering scheme that has come to our attention. We encourage credit unions to share what is transpiring with both your staff and members to keep them on alert.
A fraudster called a member claiming to be with Amazon’s Fraud Department. They informed the member that there was $10,000 worth of fraudulent charges posted to their account and that they would be receiving a call from their credit union’s fraud department to rectify the situation.
Shortly after, the member received a second call from someone claiming to be with the credit union. The phone number the individual was calling from was an out-of-state number. Keep in mind, that while an out-of-state phone number is typically a red flag, fraudsters can spoof numbers to appear like they are originating from a local institution.
The fraudster asked the member to verify their account information. They also asked them to go to Wal-Mart to purchase various gift cards to help recoup the fraudulent charges. Fortunately, the member called the credit union directly to verify the request and did not share any information.
Social Engineering and Vishing
What happened in this scenario is an example of social engineering. This occurs when a false pretense is used—in this case, fraudulent Amazon account activity—to convince an individual to share personal information and/or request them to take action. Vishing calls like these typically have a sense of urgency to convince the caller to act fast. Further, gift card payment demands are an increasingly popular way for fraudsters to scam people into providing them with money.
Reminder for Members
This is a great time to remind credit union members about social engineering attacks and offer some tips to help protect them from this type of fraud. We’ve outlined a few things to keep in mind below:
Never Share Personal Information
Never provide personal information in response to unsolicited messages or calls. Your credit union will never contact you and ask you to verify your account or PIN. Neither will a reputable company like Amazon. Don’t provide that information to anyone, no matter what they say.
Only Answer Phone Calls from Numbers you Recognize
If at any point you are uncertain about questions being asked or the call itself, hang up and call your credit union or the organization back using a phone number found through a trusted source such as the company’s official website or a financial statement.
The same is true when responding to unsolicited emails or text messages. Never click on unknown links or share personal information.
Avoid Engaging with Unsolicited Callers
These fraudsters are trying to build a rapport with you to pressure you into sharing personal information or meeting a demand such as buying a gift card.
Never Pay Organizations with Gift Cards
No legitimate organization will ever request payment in the form of a gift card. Scammers often demand gift cards because they are easy to purchase and aren’t traceable to any individual’s bank account. Keep this in mind if someone calls you claiming to be from a charitable organization and asks for a donation in gift cards.
Monitor Your Account
Regularly check your account online to see if any suspicious transactions have occurred, especially if you are unsure about a call, email, or text message you’ve received.
Contact your credit union or other financial institution immediately if you believe you are a victim of fraud. You also can report fraud to the Federal Trade Commission by visiting ftc.gov.
Synergent Is Here to Help
We will continue to provide education and insight regarding fraud trends we see. Our dedicated Payment & Fraud Consultants are available to provide guidance and assistance to credit union partners. Contact us today to learn more.