Cybersecurity and Scam Awareness

Watch Out for Phishing Scams - Jul 2025

Summer is a time to relax – but unfortunately, scammers don’t take vacations. Financial phishing scams are on the rise nationwide, and fraudsters are using new tactics to trick people into giving up personal and banking information.

We want to make sure you know what’s out there – and how to protect yourself.

Common Financial Phishing Tactics

Fake Texts and Emails from Financial Institutions

Scammers send messages that appear to be from a bank or credit union, claiming your account is locked or there’s suspicious activity. These messages often include a link that leads to a fake login page designed to steal your credentials.

Zelle or Payment App Scams

In other cases, fraudsters pose as fraud departments and tell people their account was compromised. They then walk the victim through “reversing” a transaction using apps like Zelle or Venmo – when in fact, money is being sent directly to the scammer.

Overdraft and Deposit Alerts

Some phishing messages claim there’s been a large deposit, or that you’ve incurred an overdraft fee. They’ll ask you to click a link or call a number to “resolve” the issue.

QR Code Scams

Phishing emails may now include QR codes that, when scanned, lead to fake websites that look like your financial institutions login page. These can be especially hard to detect if you’re scanning from your phone.

How to Protect Yourself

Don’t click links in unsolicited messages – If something seems off, go directly to your financial institution’s website or app.
Be cautious with urgent language – Phrases like “account locked” or “unauthorized charge” are often designed to cause panic.
Check the sender carefully – Watch for email addresses or phone numbers that seem suspicious or unfamiliar.
Never share your PIN or login info – Legitimate institutions will never ask for this by phone, text, or email.
Use multi-factor authentication (MFA) – This adds an extra layer of security even if someone gets your password.
Keep your software up to date – Updated apps and operating systems help block known security vulnerabilities.

If You’re Unsure, Reach Out

Never share your online banking credentials. NGFCU will never ask you for your password. If you ever receive a suspicious message, don’t engage with it – just contact NGFCU directly at 800.633.2848 or fraud@ngfcu.us. Staying informed is the best way to protect your money.

We’re committed to keeping our members safe and secure.

What’s the Deal with Data Breaches? - Jun 2025

Data breaches are becoming more and more common these days. You hear about them on the news all the time. So you might be wondering: what exactly is a data breach? A data breach is when secure information is taken from a trusted environment without permission. The bad guys can use this information to steal your identity, hack into your online accounts, or use the information for targeted phishing attacks to gather even more information about you.

However, just because the data was exposed does not necessarily mean it’s already being used by the bad guys. It only means that bad guys can easily gain access to it. There are steps you can take to protect your information even if you are exposed to a data breach.

How do I protect my information?

Use secure passwords. You may also want to try using a password manager.
Set up two-factor or multi-factor authentication.
Keep your personal information secure. Never share your passwords or personal information with anyone you don’t know. Shred documents with your personal information on them before throwing them away.

What do I do if my information was already exposed in a breach?

Don’t panic! Take a moment to assess the situation. Ask yourself: What sort of information was exposed? Do I need to notify my credit union or other entities? What steps should I take to make my information more secure now?

If your password was exposed, we recommend changing your password for all online accounts associated with that password immediately. Make sure the password is complex or use a password generator to create one for you. For extra security, you may want to set up two-factor or multi-factor authentication.
If your credit card number or credit union account number was exposed, we recommend calling NGFCU right away and canceling your card(s) immediately. Let us know that your information was exposed so we know to look out for charges that may be fraudulent.
If your social security number was exposed, immediately report that your social security number was stolen to the police, credit-reporting agencies, and the IRS. You may also want to sign up for a service that can monitor your identity or credit for added protection.

Scams Involving Apple Pay and Cash Withdrawals - May 2025

Preventing Elder Exploitation - Apr 2025

Elder financial exploitation is on the rise, and scammers are finding new ways to target seniors. We are committed to helping our members and their families stay vigilant against fraud and financial abuse. Here are some essential tips to protect yourself and your loved ones from falling victim to scams.

Common Types of Elder Financial Exploitation

Fraudsters use various schemes to exploit seniors, including:

Impersonation Scams: Scammers pretend to be government officials, tech support, or even family members in distress.
Romance Scams: Fraudsters form online relationships to manipulate seniors into sending money.
Investment Fraud: High-pressure sales tactics promise unrealistic returns on investments.
Lottery & Sweepstakes Scams: Victims are told they’ve won a prize but must pay upfront fees to claim it.
Caregiver or Family Exploitation: Trusted individuals misuse financial accounts or pressure seniors into giving them money.

How to Protect Yourself and Your Family

Stay Informed and Educate Your Loved Ones
- Discuss common scams with elderly family members. Awareness is the first line of defense. Encourage them to question unexpected financial requests.
Monitor Financial Activity
- Regularly review bank statements and credit card transactions.
- Set up account alerts to receive notifications of unusual activity.
- Consider adding a trusted family member as a joint account viewer (without granting withdrawal access).
Protect Personal Information
- Never share banking details, Social Security numbers, or passwords over the phone or online.
- Be cautious when responding to unsolicited calls, emails, or texts.
- Use strong passwords and enable two-factor authentication on accounts.
Be Skeptical of Urgent Requests for Money
- Scammers create a sense of urgency to pressure victims into acting quickly.
- Verify any request for financial help by calling the person directly using a known phone number.
Watch for Signs of Financial Exploitation - Look out for red flags such as:
- Sudden changes in spending habits or large withdrawals.
- Unexplained financial difficulty despite having adequate funds.
- Isolation from family members or reluctance to discuss financial matters.
Use Safe Payment Methods
- Avoid sending money via wire transfers, gift cards, or cryptocurrency, as these are common scam payment methods.
- If a deal seems too good to be true, it probably is.
Report Suspected Fraud Immediately - If you or a loved one suspect financial fraud:
- Contact your credit union or bank to report suspicious activity.
- Report scams to the Federal Trade Commission (FTC) at reportfraud.ftc.gov.
- Reach out to local law enforcement or adult protective services if financial abuse is suspected.

At NGFCU we are here to help you and your family safeguard your finances. If you have concerns about elder exploitation or need assistance setting up fraud protection services, visit us in person or contact us today.

Your financial security is our priority!

Protect Yourself from Disaster Related Scams - Mar 2025

Beware of Phone Spoofing - Feb 2025

How to Avoid AI Scams - Jan 2025

As artificial intelligence (AI) continues to revolutionize industries, it has also opened new doors for scammers. These fraudsters use AI to deceive individuals and organizations, creating risks for your financial security. At NGFCU, we prioritize your safety and are here to provide tips on how to recognize and avoid AI-driven scams.

Common AI Scam Tactics

Voice Cloning Scams
1. AI can replicate voices with just a few seconds of audio. Scammers might use this technology to impersonate loved ones, claiming to be in distress and requesting money urgently.
Deepfake Videos and Photos
1. Fraudsters can manipulate images or videos to impersonate trusted individuals or officials, convincing you to make payments or reveal personal information.
Phishing Emails and Messages
1. AI-generated content can create highly convincing phishing emails or texts that look like they’re from your credit union or other trusted entities.
Fake Job Offers or Investment Opportunities
1. Scammers use AI to draft compelling job offers or investment pitches, tricking victims into sharing personal data or transferring funds.

How to Protect Yourself

Verify Before Acting
1. If you receive a suspicious call, email, or message, verify its authenticity through independent means. Contact the person or organization directly using trusted contact details.
Beware of Urgency
1. Scammers often create a sense of urgency to pressure you into acting quickly. Take a moment to evaluate the situation before making any decisions.
Safeguard Personal Information
1. Be cautious about sharing personal details online or over the phone. Scammers use these to tailor their fraud attempts.
Monitor Your Accounts Regularly
1. Keep an eye on your financial accounts for unauthorized transactions. If you spot anything unusual, report it immediately.
Enable Multifactor Authentication (MFA)
1. MFA adds an extra layer of security, making it harder for scammers to access your accounts, even if they have your password.

How NGFCU Helps Protect You

Educational Resources: Stay informed with our webinars, newsletters, and alerts on the latest scam tactics.
Dedicated Support: If you suspect fraud, our team is here to assist you 24/7.

When in Doubt, Reach Out

AI scams can be sophisticated, but you’re never alone in protecting your finances. If you have any concerns or need assistance, contact NGFCU immediately. Together, we can outsmart the scammers and keep your financial future secure.

Your safety is our priority. Stay vigilant and informed!

Holiday Shopping Scams - Dec 2024

Stay Safe from QR Code Scams – Nov 2024

In today’s digital world, QR codes have made accessing information and making payments easier than ever. However, as convenient as they are, QR codes have also become a new target for scammers looking to steal personal and financial information. At NGFCU, we’re dedicated to keeping our members safe and secure. Read on to learn about QR code scams, how to recognize them, and simple steps to protect yourself from potential fraud.

How QR Code Scams Work

Scammers create fraudulent QR codes, which they place on fake ads, posters, or even on top of legitimate codes in public places. When scanned, these codes direct you to phishing websites that may look genuine but are designed to steal your personal or banking information. In some cases, these codes can prompt you to download malicious software onto your device.

Tips to Protect Yourself

Verify the Source: Only scan QR codes from trusted sources. Be cautious with codes in public places or on unfamiliar websites.
Double-Check URLs: When a QR code directs you to a website, take a moment to ensure the URL matches the expected destination. Look for misspellings or unusual web addresses.
Avoid Entering Personal Information: Never provide sensitive information, like your Social Security number or login details, on websites accessed via a QR code.
Use Built-In Security Features: Many smartphones show a URL preview before opening it. Always review this preview to ensure the link is legitimate.

What to Do If You’ve Been Scammed

If you think you may have fallen victim to a QR code scam, immediately:

Change any affected passwords, especially for financial or email accounts.
Report any suspicious activity to NGFCU.
Monitor your accounts for unusual transactions.

We’re Here to Help

As your trusted financial partner, NGFCU is here to answer your questions and help you protect your accounts. If you ever have concerns about a QR code or online security, don’t hesitate to reach out to us. We’re dedicated to keeping your finances safe and secure. Stay informed, stay alert, and stay safe!

Halloween and Fall Scams - Oct 2024

As the leaves change and Halloween approaches, it’s essential to stay alert against scams that can compromise your financial security. October is notorious for an increase in certain types of scams, particularly those that take advantage of seasonal events and emotions.

One prevalent scam during this time is the “Halloween Costume and Candy Scam.” Fraudsters often set up fake websites or social media ads offering costumes, decorations, and candy at deeply discounted prices. Unfortunately, many unsuspecting consumers fall victim to these scams, paying for items that never arrive or providing personal information that can lead to identity theft.

How to Protect Yourself:

Research Before You Buy: Always verify the legitimacy of online retailers before making a purchase. Look for customer reviews, check their contact information, and ensure the website has a secure connection (look for “https://”).
Be Cautious with Pop-Up Ads: As you browse for Halloween deals, be wary of enticing ads that promise unbelievable discounts. These can often lead to malicious websites. Instead, shop from reputable and well-known stores.
Use Trusted Payment Methods: When shopping online, opt for your NGFCU credit card or reputable payment services. These methods often provide better fraud protection than debit cards or wire transfers.
Check Social Media for Scams: Be cautious about promotions on social media. Scammers often use popular platforms to create fake accounts or pages that mimic well-known brands. Report suspicious accounts to the platform and avoid engaging with them.
Beware of Charity Scams: As the season of giving approaches, be cautious of solicitations for donations to Halloween-related charities. Always research organizations before donating, and consider giving to established charities that you know and trust.

If you believe you’ve encountered a scam, report it to local authorities and consider monitoring your credit report for any unusual activity. Staying informed and cautious will help protect you and your loved ones from falling victim to these seasonal schemes.

Beware of Crypto Extortion Emails - Sep 2024

As digital communication becomes increasingly prevalent, so do the risks associated with it. Recently, there has been a surge in crypto extortion emails targeting individuals and organizations. These emails threaten to release sensitive personal information unless a ransom is paid in cryptocurrency, typically Bitcoin.

Crypto extortion emails often claim to have access to your private data, such as passwords, personal photos, or other sensitive information. The sender may claim they’ve hacked your computer or email account and will expose your information unless you pay them a specified amount in cryptocurrency. These emails can be alarming and convincing, often appearing to come from a legitimate source. However, it is essential to know that these emails are often just scams. Cybercriminals use publicly available information or previously leaked data to create a sense of urgency and fear. Their goal is to trick you into paying the ransom without further investigating their claims.

Tips to Avoid Falling Victim to Crypto Extortion Emails

Do Not Panic or Respond: The first and most crucial step is to stay calm. Do not respond to the email or engage with the sender. Responding can escalate the situation and provide scammers with additional information.
Verify the Claims: Before taking any action, verify the claims made in the email. Check if your accounts have indeed been compromised by visiting legitimate websites like “Have I Been Pwned” to see if your email or passwords have been involved in a known data breach.
Update Passwords and Enable Two-Factor Authentication (2FA): If you suspect your accounts might be at risk, immediately update your passwords. Use strong, unique passwords for each account and enable 2FA wherever possible. This adds an extra layer of security to your accounts.
Report the Email: Most email platforms have an option to report the email as Spam or Phishing. Contact NGFCU directly if it claims to be associated with us. Reporting helps to block future attempts and protect others.
Educate Yourself and Others: Stay informed about common online scams and share this knowledge with friends and family. Awareness is the first line of defense against cybercrime.

Cybersecurity is an ongoing concern in today’s digital age, and staying vigilant is crucial. By following these tips, you can protect yourself from falling victim to crypto extortion emails. Remember, NGFCU is here to help you navigate these threats. If you have any concerns or receive a suspicious email, do not hesitate to contact us for assistance.

Stay safe and secure online!

Scholarship Phishing Scams - Aug 2024

Fraud Prevention and Phishing for Scholarship Scams: A Back-to-School Guide

As students gear up for the new school year in August, it’s an opportune time for fraudsters and scammers to take advantage of the busy and often stressful period. From financial fraud to phishing scams, students and their families need to be vigilant. This guide provides essential tips to help you stay safe and avoid falling victim to common back-to-school scams, particularly those involving scholarships.

Understanding Back-to-School Fraud

Fake Online Stores:
1. What it is: Fraudsters set up fake websites that mimic legitimate online stores offering school supplies at unbeatable prices.
2. How to avoid: Always verify the legitimacy of a website before making a purchase. Look for reviews, contact information, and secure payment methods (HTTPS).
Financial Aid and Scholarship Scams:
1. What it is: Scammers promise guaranteed scholarships or financial aid in exchange for an upfront fee or personal information.
2. How to avoid: Legitimate scholarships and financial aid opportunities never require payment. Use trusted sources like the official FAFSA website or your school’s financial aid office.
Identity Theft:
1. What it is: Personal information is stolen and used to open credit accounts or take out loans in your name.
2. How to avoid: Protect your personal information. Shred documents with sensitive information, use strong passwords, and monitor your credit report regularly.

Scholarship Phishing Scams

Phishing scams are a common method used by fraudsters to trick students into divulging personal information under the guise of offering scholarships. These scams can be highly convincing and sophisticated.

Recognizing Phishing Emails:
1. Suspicious Sender Addresses: Check the sender’s email address carefully. Phishing emails often come from addresses that mimic legitimate ones but have subtle differences.
2. Urgent or Threatening Language: Be wary of emails that create a sense of urgency or threaten negative consequences if you don’t act immediately.
3. Too Good to Be True Offers: If the scholarship offer seems too generous or guarantees money without much effort, it’s likely a scam.
Red Flags to Watch For:
1. Request for Personal Information: Legitimate scholarship providers will not ask for sensitive information like your Social Security number, bank account details, or passwords via email.
2. Unsolicited Communication: Be cautious of scholarship offers that come out of the blue, especially if you didn’t apply for them.
3. Links and Attachments: Avoid clicking on links or downloading attachments from unknown or suspicious emails. These can lead to phishing websites or malware.
Protecting Yourself:
1. Verify the Source: Research the scholarship provider independently. Look for official websites and contact information to confirm the legitimacy of the offer.
2. Use Official Channels: Apply for scholarships through official websites and trusted platforms. Avoid third-party websites that promise to find scholarships for you in exchange for a fee.
3. Report Suspicious Activity: If you receive a suspicious email, report it to your school’s IT department, the Federal Trade Commission (FTC), or the Anti-Phishing Working Group.

As you prepare for the new school year, make fraud prevention a priority. By staying vigilant and informed, you can protect yourself and your family from falling victim to back-to-school scams and scholarship phishing attempts. Remember, the best defense against fraud is to stay informed and verify all information before acting on it.

Wire Fraud - Jul 2024

Wire fraud is a threat that can lead to significant financial losses. Being vigilant and taking preventive measures is crucial to safeguarding your assets. Here are five essential tips to help you avoid becoming a victim of wire fraud.

Verify the Recipient: Double-check recipient info and confirm via a trusted contact method.
Be Wary of Phishing: Avoid sharing personal info from unsolicited emails, calls, or texts.
Use Secure Networks: Conduct financial transactions on secure, private networks with up-to-date security.
Monitor Accounts: Regularly check for unauthorized transactions in your financial statements.
Limit Sharing Personal Info: Only share personal and financial information when absolutely necessary and with trusted entities.

If you are involved in a transaction that involves a large payment via wire, such as a real estate purchase that requires payment of closing costs, make sure that you double and even triple check the wire payment instructions. In some cases, fraudsters pretend to be real estate or closing agents in order to perpetrate the wire scam.

Here are a few other wire scams that you should look out for:

Fake check scam – The victim unexpectedly receives a fake check and the scammer asks for a partial return of funds via a wire payment.
Government agency scam – Fraudsters pretend to be a government agency like the IRS and threaten the victim with harsh penalties if a wire payment is not sent.
Utility scam – The victim is threatened with having their utility services cutoff if they don’t provide payment.
Dating apps scam – Fraudsters build fake profiles on dating apps, make connections with unsuspecting users, and build trust until they eventually request money.
Tech support scam – This well-known scam involves the perpetrator contacting the victim informing them that their computer needs some type of repair, but they require payment to proceed.

Knowing of these scams and taking precautions can significantly reduce the risk of becoming a victim of wire fraud.

Summer Scams - Jun 2024

Phishing Scams - May 2024

Security Tips - Apr 2024

Sweepstakes Scams - Mar 2024

IRS Spoof Tax Scam - Feb 2024

AI Voice Cloning - Jan 2024

Watch for Delivery Scams - Dec 2023

Beware of Charity Scams - Nov 2023

Zelle Pay Yourself Scam - Oct 2023

Watch for 'Deepfakes' - Sep 2023

Stay Safe with "Free" Apps - Aug 2023

Watch Out for Scams Targeting Seniors - Jul 2023

Scams to Watch Out for in 2023 - Jun 2023

Smishing Attacks – May 2023

Voice Impersonation Scams - May 2023

Voice impersonation scams are on the rise and can be quite frightening. Artificial intelligence (AI) technology is making it easier and cheaper for scammers to mimic voices convincing people that their loved ones are in distress. According to the Federal Trade Commission (FTC), impostor scams were the second most popular type of scam in 2022, accounting for more the 36,000 reports.

Most of the imposter scams work the same way. The scammer impersonates someone trustworthy like a child, lover or good friend. The scammer then convinces the victim to send money because they are in distress. Regardless of the story (I'm in jail, I was robbed, etc), the scammer will ask for money... immediately.

Below is an example of a voice scam that actually happened in Regina, Saskatchewan.

The man calling Ruth Card sounded just like her grandson Brandon. So when he said he was in jail, with no wallet or cellphone, and needed cash for bail, Card scrambled to do whatever she could to help.
It was definitely this feeling of … fear,” she said. “That we’ve got to help him right now.”
Card, 73, and her husband, Greg Grace, 75, dashed to their bank in Regina, Saskatchewan, and withdrew 3,000 Canadian dollars ($2,207 in U.S. currency), the daily maximum. They hurried to a second branch for more money. But a bank manager pulled them into his office: Another patron had gotten a similar call and learned the eerily accurate voice had been faked, Card recalled the banker saying. The man on the phone probably wasn’t their grandson.
That’s when they realized they’d been duped.
We were sucked in,” Card said in an interview with The Washington Post. “We were convinced that we were talking to Brandon.”

If you receive a call like this, here are four tips to avoid becoming the victim of the scam:

Ask the caller a question that both you and the caller would know to validate the caller’s identity. Something like "what month is my birthday" or "what school do you go to"? If there is no response or the wrong response, the caller is an impersonator and simply hang up.
If you receive a call, put the call on hold (if you have that feature) and try calling the person directly. Remember that the caller ID can also be spoofed, so don't assume it is a legitimate if the caller ID matches the person's voice.
Tell friends and family about this scam, especially older family members that may become victims.
Have a secret code word or number that you share with family. If someone is really in distress, ask for the code word or number to verify the legitimacy of the caller.

Natural Disaster Scams - Mar 2023

How to spot, avoid, and report weather-related scams

Source: Colleen Tressler FTC. consumer.ftc.gov

From the relentless series of powerful storms that have battered California to the dozens of tornadoes that swept across six states, including Alabama, Georgia, and Kentucky, 2023 is off to a devastating start.

Whether you’re getting back on your feet or looking for ways to help people in hard-hit areas, learn how scammers operate — and how to avoid them.

Here are a few ways to spot the scammers who might try to take your money or personal information after a weather emergency:

Spot imposter scams. Scammers might pretend to be safety inspectors, government officials trying to help you, or utility workers who say immediate work is required. Don’t give them money, and ask for identification to verify who you are dealing with — before sharing personal information like your Social Security or account numbers.
Spot FEMA impersonators charging application fees. If someone wants money to help you qualify for FEMA funds, it’s a scam. Download the FEMA Mobile App to get alerts and information. Visit FEMA.gov for more information.
Spot home improvement and debris removal scams. Unlicensed contractors and scammers may appear in recovery zones with promises of quick repairs or clean-up services. Walk away if they demand cash payments up front, or refuse to give you copies of their license, insurance, and a contract in writing.
Spot rental listing scams. Scammers know people need a place to live while they rebuild. They’ll advertise rentals that don’t exist to get your money and run. The scammers are the ones who tell you to wire money, or who ask for security deposits or rent before you’ve met or signed a lease.
Spot charity scams. Scammers will often try to profit from the misfortune of others, sometimes using familiar-sounding names or logos. Check Donating Wisely and Avoiding Charity Scams before opening up your wallet.

Learn more at ftc.gov/WeatherEmergencies and report weather-related scams to the FTC at ReportFraud.ftc.gov.

Tax Time Scams - Feb 2023

Crypto Fraud - Jan 2023

Avoid Travel Scams - Dec 2022

Source: Federal Trade Commission, consumer.ftc.gov

You may get a call, a text message, or a flyer in the mail. Or maybe you'll see an online ad promising free or low-cost vacations. Scammers and dishonest companies are often behind these offers. You may end up paying hidden fees — or worse: after you pay, you might find out it’s all a scam.

Common Travel Scams

“Free” vacations

You’ve probably seen ads online for “free” vacations. Or you may have gotten emails, calls, or text messages saying you’ve won a vacation, even though you never entered a contest. If you respond to these offers, you’ll quickly learn that you have to pay some fees and taxes first — so your “free” vacation isn’t really free. A legitimate company won’t ask you to pay for a free prize.

Robocalls about vacation deals

You might get robocalls offering you vacation deals at a discounted price. Robocalls from companies trying to sell you something are illegal unless the companies got written permission, directly from you, to call you that way. If someone is already breaking the law by robocalling you without permission, there’s a good chance it’s a scam. At the very least, it’s a company you don’t want to do business with.

International travel document scams

You might see sites that claim to be able to help you get an international travel visa, passport, or other documents. These sites are just copycats of the U.S. Department of State website. But these sites charge you high fees, including fees for services that are free on the U.S. Department of State's website.

International driving permit scams

An international driving permit (IDP) translates your government-issued driver’s license into 10 languages. Scammers create websites to sell fake IDPs, or try to sell them to you in person or some other way. If you buy a fake IDP, you’ll be paying for a worthless document. But, even worse, you also could face legal problems or travel delays if you’re detained for using it to drive in a foreign country. Only the U.S. Department of State, the American Automobile Association (AAA), and the American Automobile Touring Alliance (AATA) are authorized to issue IDPs.

Vacation home scams

These days, it’s easy to connect directly with property owners who advertise their vacation homes online. But scammers are also trying to get your rental booking. For example, they hijack real rental listings and advertise them as their own, so when you show up for your vacation, you find out that other people are also booked for the same property. You have no place to stay, and your money is gone. Other scammers don’t bother with real rentals — they make up listings for places that aren’t really for rent or don’t exist.

Charter flight scams

You may get a flyer in the mail, see an ad, or hear from someone in your community about an offer to travel by private plane to some place you’d like to go. The offer may even include lodging and sightseeing tours. You think you’re signing up for a charter flight and vacation package, but after you pay, you find out it’s all a scam. The U.S. Department of Transportation’s (DOT) Special Authorities Division maintains a list of approved public charter flights. If the charter filing is not approved by DOT before the package is sold, you’re probably dealing with a dishonest charter operator.

Signs of a Scam

Scammers say it's a “free” vacation that you have to pay for. They often try to get your attention by saying you won something, but then making you pay to get it. If you have to pay, it’s not really free — and all those fees and taxes can add up to hundreds of dollars.

Scammers don't give specific details about the travel offer. The offer says you’ll stay at a “five-star” resort or go on a “luxury” cruise ship. But if the organizer can’t or won’t give you more specific details, like the address of the hotel or the cruise company's name, walk away.

Scammers say the only way to pay for your vacation rental is by wire transfer, gift card, or cryptocurrency. This is how they ask you to pay because once they’ve collected the money, it’s almost impossible to get it back. That’s a scam, every time.

Scammers pressure you to make a quick decision about a vacation package or rental. If someone says you have to decide whether to buy a travel package or rent a vacation property right away, don’t do it. Scammers want to rush you. So move on and find another option.

Scammers advertise premium vacation properties for super cheap prices. Is the rent a lot less than comparable rentals? Below-market rent can be a sign of a scam.

3 Ways to Avoid Travel Scams

Don’t sign or pay until you know the terms of the deal. Get a copy of the cancellation and refund policies before you pay. If you can’t get those details, walk away. Say “no thanks” to anyone who tries to rush you without giving you time to consider the offer.

Do some research. Look up travel companies, hotels, rentals, and agents with the words “scam,” “review,” or “complaint.” See what others say about them before you commit. Also, check that the address of the property really exists. If the property is located in a resort, call the front desk and confirm their location and other details on the contract.

Don’t pay with wire transfers, gift cards, or cryptocurrency. Dishonest travel package promoters might tell you to pay in one of these ways, but that’s a sure sign of a scam. If you pay with wire transfers, gifts cards, or cryptocurrency and there’s a problem with what you paid for, you’ll lose your money, and there’s likely no way to track it or get it back.

How to Shop for Travel

Get recommendations from trusted sources. Talk to family and friends or other trusted sources about good travel agencies, vacation rentals, hotels, and travel packages.
Check out comparison websites and apps. Travel apps can help you search for airfares and hotel rates, and some even give you fare alerts and real-time deals. But make sure you know whether you’re buying from the app company or the actual airline or resort. It can affect things like whether you can get a refund or travel points, and the price for services like changing or canceling a flight. Also, make sure you know whether you’re buying a ticket or just making a reservation.
Ask about mandatory hotel “resort fees” and taxes. You can’t compare rates for different hotels unless you know about all the fees. If you’re not sure whether a hotel’s website is showing you the total price, call the hotel and ask about a “resort fee” or any other mandatory charge. Also ask about taxes, which may be significant in many places.

If you’re buying travel insurance, be sure the agency is licensed. Find out whether an agency is licensed at the website of the US Travel Insurance Association. Make a copy of your insurance card to take with you when you go on the trip.

Check that charter flights are listed on the approved public charter flights of the U.S. Department of Transportation before you pay. Also, check out the charter’s operator with local travel agents to see if they know if the operator is legitimate, or contact the American Society of Travel Advisors. The U.S. Department of Transportation’s website has more tips on what to know about charter flights.

Report Travel Scams

If you think you may have been targeted by a travel scam, report it to

The FTC at ReportFraud.ftc.gov
Your state attorney general

Holiday Scams - Nov 2022

Source: Attorney General, Josh Stein ncdoj.gov

Don’t Get Taken During the Season of Giving

For most of us, the holidays are full of giving, getting and goodwill. But some bad actors use the holidays to take advantage of people’s generous spirits. They frequently target members of our communities who are older and more vulnerable to scammers and con artists.

To help ensure consumers and older adults don’t get taken during the season of giving, organizations across North Carolina are joining together to raise awareness of the common scams and frauds that can occur during the holidays, and share information to help protect North Carolinians from getting scammed. Together, we can help each other enjoy the holidays without getting taken by scams and frauds.

To access holiday scams resources for Spanish-speaking communities, please click here.

Holiday Mail Scams

As we buy and mail presents over the holidays, the high volume of mail and packages provides many avenues for scammers. Our deliveries can be easy targets for thieves and con artists.

When you’re expecting a lot of packages over the holidays, shippers will often provide us with updates on the status of our orders. Knowing this, scammers will send phishing emails pretending to be from companies like FedEx and UPS to lure us to phony webpages and get us to share personal information. Look closely at delivery notifications and email updates before you click on links or input information. And remember, UPS and FedEx won’t ask for personal information via email.
All of those packages stacking up outside your door can be tempting for thieves. Porch poachers might steal packages from your doorstep. Consider tracking your package so you’ll know when they’ve arrived. You can also set up a different delivery address with a neighbor who is home during the day or your workplace to ensure packages are delivered safely.
If you’re traveling for the holidays, consider having your mail held for you at the post office, so you don’t have to worry about theft and can collect all deliveries and letters at once when you return.

Holiday Shopping Scams

It’s no secret that shopping ramps up during the holidays, but scams do too. Be careful about how and where you share information, and beware of fraudulent retailers and organizations.

Protect your personal info. It’s easy to hit the “Buy” button from anywhere when you’re on your phone or on your laptop. But be sure you’re not sharing personal or credit card information over public Wi-Fi. Wait until you’re on a secure network to make a purchase.
Gift cards are a convenient gift for the holidays, but they also open the door to several scams. To ensure your gift card is protected, avoid the rack and ask for one directly from the counter.
There may appear to be deals galore over the holidays, and many of them are on social media – but not all of them are legitimate. Carefully read reviews, look for security credentials on websites, and research unfamiliar retailers before you take advantage of a discount.
Always pay by credit card and keep receipts so you can try to get refunds if there’s an issue.
Keep an eye out for common scams in your area with the BBB Scam Tracker.
For more frauds targeting senior citizens, visit the AARP Fraud Watch Network.
Seniors or older adults may also be scammed by being told they can get medical equipment with very little paperwork, and that Medicare will cover the cost.

Charity and Investment Scams

As you make charitable giving and investment decisions over the holidays, there are a host of resources to help you avoid the many scammers and less-than-reputable charities and organizations asking for your money.

Before you give, review the annual reports compiled by the NC Department of the Secretary of State Charitable Solicitation Licensing Division. Verify the organizations using sources like the NC Department of the Secretary of State, Better Business Bureau’s (BBB) Wise Giving Alliance, Charity Navigator, Charity Watch, or GuideStar.
Consider giving to charities you are familiar with personally, and whose work and benefits you can see in your local communities.
Often, phony charities will pick names that sound like familiar, reputable charities. Make sure you know the exact name of the charity you’re donating to, and look them up beforehand.
Go through the Smart Donor Checklist to ask questions that will help you determine whether or not to give to a specific charity.
When donating to veterans’ organizations, search the VA organization or representative first to make sure they’re legitimate.
Before making year-end investment decisions, make sure to do your research. Check multiple databases about investment opportunities, and call the Secretary of State’s Investor Hotline at 919-814-5400 or 800-688-4507. You can also browse their educational materials as you look to make investment decisions.
Regardless of whether you’re a teacher, a senior or a member of the military, there are probably specialty investment scams directed toward you. Learn what to look for, and what to avoid, here.
Review this list of investment frauds directed at seniors with the seniors in your family. Be sure they know to be on the lookout for scammers with these false claims.
Additional Investment Resources:

Imposter Scams

Scammers take advantage of trust between family members and loved ones, and the threat of law enforcement. When anyone is demanding money from you, be sure to ask questions to determine whether the situation is real or a scam.

Be on the lookout for scams that target military personnel and their loved ones. The military grandparents scam specifically targets elderly relatives with military members.
Grandparent scammers pretend to be family members or loved ones, desperate for money after an accident or serious situation. These con artists will prey on your emotions – be sure to check the story out first, and reach out to other loved ones to help confirm the claim. Don’t be taken by their demands for money or assistance.
Kidnapping scams are also on the rise – scammers will contact you and claim they have kidnapped your loved ones or a member of your family, demanding a ransom to release them.
Jury duty scammers work year-round, claiming to be from the sheriff’s office or local law enforcement, insisting you’ve missed jury duty or a court date and demanding you pay a fine. Remember that real law enforcement officials will never call you to threaten you with arrest or demand money. Hang up immediately and report the calls to your local police department.

If you think you or someone you know might have been scammed or contacted by a scammer, report it to the Attorney General’s Consumer Protection Division by calling 1-877-5-NO-SCAM or filing a complaint online at www.ncdoj.gov.

Amazon Texting Scam - Oct 2022

If you’re getting fake texts from scammers posing as Amazon, you’re not alone—here’s what you can do

Source: CNBC, written by Tom Huddleston Jr.

If it feels like more scammers and spammers are flooding your various inboxes, that’s because they probably are.

Fake text messages and e-mails carrying phishing attempts by virtual scammers have been on the rise since the start of the Covid-19 pandemic. And, one of the more prevalent methods scammers have been using recently is fake messages purporting to be from an Amazon representative, who might claim to be checking in about suspicious activity on your account or even a delayed package.

Typically, these phishing or “smishing” — aka SMS phishing — attacks are aimed at tricking you into believing you are communicating with a legitimate representative of the e-commerce giant. If you’re not careful, you might offer valuable personal information from your credit card information to login credentials for your online accounts, or click on malware-ridden links that infect your devices with viruses.

The Federal Trade Commission reports that U.S. consumers collectively lost roughly $5.8 billion from fraud in 2021, up 70% over the previous year. About a third of that came from imposter scams.

So, what can you do to make sure you’re not taken in by one of these increasingly prevalent spammer scams?

How to screen for scams

Don’t click any links, or share any personal information, unless you’re absolutely sure you’re actually speaking with an actual representative from Amazon, or any other legitimate company or organization.

The FTC notes that there are several tell-tale signs often associated with scammers, who can “use a variety of ever-changing stories to try to rope you in.” These include:

Promising you’ve won a free prize
Offering some form of low-interest credit
Alerting you to allegedly suspicious account activity
Saying there’s a problem with your payment information
Sending you a fake invoice

Amazon itself offers an online guide to help its customers identify suspicious messages posing as official Amazon communications. The company says that red flags include order confirmations for items you didn’t order and messages with grammatical errors or prompts to install software.

The company says that if you’re suspicious about a message requesting updated payment information, you should go to your online Amazon account’s “Your Orders” page. “If you aren’t prompted to update your payment method on that screen, the message isn’t from Amazon,” the company says.

Many scammers rely on “spoofing,” a practice that tricks your phone’s Caller ID into thinking you’re getting a text or call from someone you trust. In some cases, they even mimic your own number, making it seem like you’re calling or texting yourself.

So to be extra cautious, the Federal Communications Commission (FCC) recommends that you “never share your personal or financial information via email, text messages, or over the phone.”

How to block and report spammers

If you have any doubt over a particular text or e-mail’s legitimacy, the FTC advises you to contact the company or institution’s “verifiable customer service line.” Visit the company’s website to find a valid contact number or e-mail address, rather than responding to the message you’ve received.

The simplest way to stop receiving suspicious messages is to block the phone numbers or email addresses that are messaging you. You can also manage your phone’s filters to weed out calls or texts from unknown numbers.

Unfortunately, some scammers use different numbers or addresses for each message they send, leaving you playing a game of virtual Whack-a-Mole, constantly blocking suspicious numbers and e-mails as the scammers cycle through new ones.

At that point, consider reporting the spam and phishing attempts to your wireless carrier or e-mail service, along with government agencies — including the FTC’s online fraud complaint form and the Federal Bureau of Investigation’s Internet Crime Complaint Center.

If the suspected scammer is claiming to be representing a specific company like Amazon or a government entity, you can also try reporting the attempt to the actual organization. Amazon suggests visiting the company’s “Report Something Suspicious” page on its customer service section, where you can report any texts, e-mails or phone calls you’ve received that you suspect didn’t actually come from Amazon.

UPS Delivery Scam Email - Sept 2022

New UPS Delivery Scam Fools Victim Through Suspicious Email--Here's How to Identify and Avoid it

This article is owned by Tech Times - Written by Joseph Henry

A new UPS delivery scam involves informing the receiver that a parcel will now be delivered to his/her address. Through an email, the hackers notified the victim about their online order. The latest attack is reportedly created to be a trap since some cybersecurity experts can still be easily deceived by the malicious message.

The scam will tell the user that he/she has a package to receive, but the company is dealing with some problems during the delivery. Upon receiving the message, the hacker will now send a message to the person telling them that he/she needs to schedule an appointment for the date and time of delivery. The sender will also request the recipient to include the tracking number of the goods.

Although this type of attack is not new anymore, the scammers have intensified their plans to make it much harder for a person to decipher that it is a scam. Later, the victim will easily suspect that the request is real.

Do Not Click the Email With the Official UPS Web Address

Daniel Gallagher, a security expert, has tweeted that he saw an old phishing scam that already appeared before. The scam includes a malicious email that seems to be legit because of the UPS web address. Many people fall into this trap since some of them do not check the link.

Before accessing an unknown link, it's important to know if it uses a real domain for the web address. However, the recent scam was reportedly so tricky that even the experts could not identify the real from the fake one.

After clicking the link, the user will be directed to a web page that represents a real download page of UPS. Of course, the victim will think that this is a legit website and this is where the attack begins.

Furthermore, there will be a notification that will request the user to download a document. The file is a requirement for the easy delivery of the package.

Unfortunately, the content appears to be sketchy. It is a document disguised as malware made to trick the users. When it is now installed in the computer, it will now destroy the system of the device.

Besides Gallagher, some experts said that they have a hard time solving the puzzle behind the UPS delivery scam.

How to Protect Yourself From Package Delivery Scams

Since the pandemic, the cases of scams continue to increase. The hackers are taking the opportunity to deceive people relying on digital devices.

To protect yourself from package delivery scams, the Federal Communications Commission (FCC) said that you should not click any message from an anonymous source. The best thing that you can do is to call the legitimate number of the delivery company.

In addition, the US Postal Service also issued a reminder for the users about unsolicited text messages involving an upcoming USPS delivery. There are also additional warnings that will tell about the consequences of clicking the link.

It's also important to know that the delivery firms do not ask the user about their sensitive information through suspicious emails and messages.

Labor Day Deals and Online Shopping Scams - Aug 2022

Retailers aren’t the only ones hoping to capitalize on the upcoming long weekend shopping sprees, scammers are waiting to take advantage of consumers enjoying Labor Day discounts. While some shoppers will hit the mall, most will access the internet in search of sales or to coordinate a quick in-store item pickup. According to the Federal Trade Commission, in 2020 consumers reported losing over $3 billion to fraud, with almost $250 million lost to online shopping scams.

Whether you’re finishing back to school shopping or celebrating the unofficial end of summer, it’s important to avoid getting swept up in the excitement of Labor Day deals. If something sounds too good to be true, it probably is. Some promotions may give you an inflated number as the original price with a large Labor Day discount, ultimately adding up to the original price. To keep from over-spending, set a budget and stick to it when making decisions about what to buy.

Here are a few tips from the Office of Consumer Affairs and Business Regulation to help protect your identity, and your wallet as you click through this weekend’s bargains:

Use a credit card, or other reputable payment option. Paying for purchases with a credit card allows you to dispute charges if a problem occurs. The best practice is to use a third-party payment application such as Apple Pay or PayPal. Be cautious, avoid storing personal information online with vendors, and whenever possible check out as a guest.
Check out the merchant’s history and read customer reviews. Customer ratings can tell you about both the product and business. Reviews often prompt users to rate shipping, item description accuracy, quality, and price—all very important aspects of online shopping. But beware of fraudulent reviews left by scammers, businesses, or disgruntled ex-employees. Websites like Fakespot and ReviewMeta can help you filter reliable reviews.
Confirm the website that you are shopping with is secure. The quickest way to check for a secure site is to look for “s” at the end of “https” in the URL. This means there is encryption on the page to better protect your data. For example, when visiting online retailers, such as Amazon, the URL at the top of the page reads “https://www.amazon.com.”

How To Spot A Credit Card Skimmer - July 2022

Source: Forbes Advisor, written by Chauncey Crail

Card skimming theft can affect anyone who uses their credit or debit cards at ATMs, gas stations, restaurants or retail stores. A skimmer is a device installed on card readers that collects card numbers. Thieves will later recover and use this information to make fraudulent purchases. Skimmers can usually be spotted by doing quick visual or physical inspections before swiping or inserting a card.

Skimmers are most often found at ATMs and gas stations, but it’s possible for retail stores or restaurants to be involved in a skimming scam as well. Sometimes a tiny camera is planted to record cardholders entering a PIN number into an ATM. PIN numbers can also be stolen via fake keypads placed over a real ATM keypad. Skimmers and related technology can be hard to spot because thieves will attempt to make their devices blend in or match the style of the card readers.

How to Check for a Skimmer

Although skimmers can be hard to spot, it’s possible to identify a skimming device by doing a visual and physical inspection.

Before using an ATM or gas pump, check for alignment issues between the card reader and the panel underneath it. Skimmers are often placed on top of the actual card reader making it stick out at an odd angle or cover arrows in a panel. Compare the card reader to others at a neighboring ATM or gas pump and look out for any differences.

Gas pumps should have a security tape or sticker over the cabinet panel. If the tape looks ripped or broken, avoid using the card reader because a thief may have tampered with it. Try looking inside the card reader to see if anything is already inserted—if there is, it may be a thin plastic circuit board that can steal card information.

A physical inspection of a card reader and keypad can often reveal fraudulent devices. Feel around the reader and try to wiggle it to see if it can easily come out of place. The FTC has a photo example of a card skimming device on their website.

Authentic card readers are robustly manufactured, meaning if any part of the card reader can easily move around, then it’s probably been installed illegally by a thief. If the buttons on an ATM’s keypad are too hard to push, don’t use that ATM and try another one.

Other Ways Cards Can Be Skimmed

It’s much more difficult for a thief to install a card skimmer on a point-of-sale (POS) system at a retail store, but it can happen. Make sure the card reader looks as it should. If a restaurant is involved in a scam, there may be no way to know because cards are often handed to the server who can then swipe the card through a skimmer before giving it back to the customer.

How to Avoid Card Skimmers

Stay vigilant when using a credit card to pay for gas or when withdrawing cash at an ATM. If any part of a gas pump’s card reader looks suspicious, pay for gas inside with the cashier and let them know there may be a skimmer installed at the pump. Try to only use official bank ATMs instead of nonbank ATMs that are often found inside convenience stores or bars. Cover fingers with the other hand while entering a pin to block potential cameras. Don’t ever give a card to a credit card cleaner who claims he or she can clean the magnetic stripe or chip on a card to make it easier to read. These are often scams designed to steal credit card information.

What Happens If a Credit Card Is Skimmed?

Thieves will use stolen card information in a few different ways: a thief can make their own fake credit cards, make fraudulent purchases online or sell the stolen information on the internet. Luckily fraudulent charges on a credit card are easier to dispute than charges made using debit card information. Many credit cards have a zero liability policy, which means in case of fraud, the cardholder has no responsibility to pay back those funds to the issuer. A credit in the fraudulent amount will often be deposited back into the cardholder’s account and reflected on monthly statements.

When making purchases at a gas station, opt to use a credit card instead of a debit card to take advantage of this extra protection. Another option is to pay for gas inside with the cashier, where the POS system is less likely to have been tampered with.

Regularly monitor credit card activity by actively checking bank statements or (even better) by accessing the account online. Report suspicious activity as soon as possible by calling the number on the back of the card. Some credit cards have proactive alerts that will notify the cardholder if a potentially fraudulent charge is made. Often the next step is to receive a new credit card with a new card number by mail.

Bottom Line

Card skimming is a theft risk to remain wary of while shopping, using ATMs or fueling up. It is possible to spot a card skimmer by conducting a quick visual and physical inspection of a card reader before inserting a credit card. Look for odd card reader attributes or broken security tapes. If credit card information is stolen and used to make fraudulent charges, credit cards’ zero fraud liability policy will protect the cardholder from having to take the financial hit. Report suspicious activity as soon as it’s discovered. Usually, a refunded credit will be applied to a cardholder’s account and he or she will receive a brand new credit card by mail soon after.

Government Grant Scams - May 2022

Offers of free money from government grants are scams. Someone might offer you a grant to pay for education, home repairs, home business expenses, or unpaid bills. But they’re all scams. Here’s how to avoid a government grant scam, and how to report it.

How Government Grant Scammers Try to Trick You

Scammers reach you in lots of ways. You might see ads online for (fake) government grants. Scammers might call you, but use a fake caller ID so it looks like they’re calling from a federal or state government agency. Some send texts or emails, saying you may qualify for free money from the government.

Scammers make big promises. They might say you can use this so-called free money or grant to pay for education, home repairs, home business expenses, household bills, or other personal needs.

Scammers try to look official. Besides faking their phone number, they’ll pretend they’re with a real government agency like the Social Security Administration. Or, they’ll make up an official-sounding name of a government agency, like the Federal Grants Administration, which doesn’t exist.

Scammers ask you for information or money. Government grant scammers might start by asking for personal information, like your Social Security number, to see if you “qualify” for the grant (you will). Then they’ll ask for your bank account information — maybe to deposit “grant money” into your account or to pay for up-front fees. But sometimes, scammers will ask you to pay those fees with a gift card, cash reload card, money transfer, or with cryptocurrency. And that’s always a scam.

Scammers try to be convincing. They might even promise a refund if you aren’t satisfied. But that’s a lie. Once you give your bank account information, or pay fees, your money will disappear. And, you’ll never see the grant they promise.

What to Know About Government Grants

The government won’t get in touch out of the blue about grants. It won’t call, text, reach out through social media, or email you. It won’t offer you free government grants of any kind, much less grants to pay for home repairs, medical costs, or other personal needs. Real government grants require an application, and they’re always for a very specific purpose. Learn more (for free) at grants.gov.

Never share your financial or personal information with anyone who contacts you. Government agencies will never call, text, message you on social media, or email to ask for your Social Security, bank account, or credit card number. In fact, no matter who they say they are, don’t give out that information. Once a scammer has your information, they can steal money from your account, or your identity.

Don’t pay for a list of government grants — and don’t pay any up-front fees. The only place you can find a list of all available federal grants is at grants.gov. And that list is free. No government agency will ever contact you to demand that you pay to get a grant. And no government agency will ever ask you to pay with a gift card, cash reload card, by money transfer, or with cryptocurrency. Not for a grant, and not ever.

If you paid a scammer, act quickly. If you think you’ve sent money to a government impersonator like one of these grant scammers, contact the company you used to send the money. Tell the gift card, money transfer, or cryptocurrency company that it was a fraudulent transaction. Then ask them to reverse it.

What To Do If You Paid A Scammer

Scammers often ask you to pay in ways that make it tough to get your money back. No matter how you paid a scammer, the sooner you act, the better. Learn more about how to get your money back.

Report Government Grant Scams

When you report a scam, the FTC can use the information to build cases against scammers, spot trends, educate the public, and share data about what is happening in your community. If you spotted a scam, report it to the FTC at ReportFraud.ftc.gov.

Hackers Targeting Aerospace and Defense - Mar 2022

Warning over mysterious hackers that have been targeting aerospace and defense industries for years

Written by Danny Palmer, Senior Reporter on February 15, 2022 | Topic: Security | zdnet.com

An unknown criminal hacking group is targeting organizations in the aviation, aerospace, defense, transportation and manufacturing industries with trojan malware, in attacks that researchers say have been going on for years. Dubbed TA2541 and detailed by cybersecurity researchers at Proofpoint, the persistent cyber-criminal operation has been active since 2017 and has compromised hundreds of organizations across North America, Europe, and the Middle East.

Despite running for years, the attacks have barely evolved, broadly following the same targeting and themes in which attackers remotely control compromised machines, conduct reconnaissance on networks and steal sensitive data.

"What's noteworthy about TA2541 is how little they've changed their approach to cybercrime over the past five years, repeatedly using the same themes, often related to aviation, aerospace, and transportation, to distribute remote access trojans," said Sherrod DeGrippo, vice president of threat research and Detection at Proofpoint.

"This group is a persistent threat to targets throughout the transportation, logistics, and travel industries."

Attacks begin with phishing emails designed to be relevant to individuals and businesses in the sectors being targeted. For example, one lure sent to targets in aviation and aerospace resembles requests for aircraft parts, while another is designed to look like an urgent request for air ambulance flight details. At one point, the attackers introduced COVID-19-themed lures, although these were soon dropped.

While the lures aren't highly customized and follow regular templates, the sheer number of messages sent over the years – hundreds of thousands in total – and their implied urgency will be enough to fool victims into downloading malware. The messages are nearly always in English.

TA2541 initially sent emails containing macro-laden Microsoft Word attachments that downloaded the Remote Access Trojan(RAT) payload, but the group has recently shifted to using Google Drive and Microsoft OneDrive URLs, which lead to an obfuscated Visual Basic Script (VBS) file.

Interacting with these files – the names of which follow similar themes to the initial lures – will leverage PowerShell functions to download malware onto compromised Windows machines.

The cyber criminals have distributed over a dozen different trojan malware payloads since the campaigns began, all of which are available to buy on dark web forums or can be downloaded from open-source repositories.

Currently, the most commonly delivered malware in TA2541 campaigns is AsyncRAT, but other popular payloads include NetWire, WSH RAT and Parallax.

No matter which malware is delivered, it's used to gain remote control of infected machines and steal data, although researchers note that they still don't know what the ultimate goal of the group is, or where they are operating from.

The campaign is still active, and it's been warned that the attackers will continue to distribute phishing emails and deliver malware to victims around the world.

QR Code Scams - Feb 2022

Gift Card Scams - Jan 2022

Source: https://www.consumer.ftc.gov/articles/gift-card-scams (May 2021)

Someone might ask you to pay for something by putting money on a gift card, like a Google Play or iTunes card, and then giving them the numbers on the back of the card. If they ask you to do this, they’re trying to scam you. No real business or government agency will ever insist you pay them with a gift card. Anyone who demands to be paid with a gift card is a scammer. Read on to learn more about gift card scams.

What Gift Card Scams Looks Like

Gift cards are for gifts, not for payments. But they’re popular with scammers because they’re easy for people to find and buy, and they have fewer protections for buyers compared to some other payment options. They’re more like cash: once you use the card, the money on it is gone. Scammers like this.

If someone calls you and demands that you pay them with gift cards, you can bet that a scammer is behind that call. Once they have the gift card number and the PIN, they have your money. Scammers may tell you many stories to get you to pay them with gift cards, but this is what usually happens:

The caller says it’s urgent. The scammer says you have to pay right away or something terrible will happen. But you don’t, and it won’t.
The caller usually tells you which gift card to buy. They might say to put money on an eBay, Google Play, Target, or iTunes gift card. They might send you to a specific store — often Walmart, Target, CVS, or Walgreens. Sometimes they say to buy cards at several stores, so cashiers won’t get suspicious. And, the caller might stay on the phone with you while you go to the store and load money onto the card. These are all signs of a scam.
The caller asks you for the gift card number and PIN. The card number and PIN on the back of the card let the scammer get the money you loaded onto the card. And the scammer gets it right away.

How Scammers Convince You to Pay with Gift Cards

Scammers pretend to be someone they’re not to convince you to pay with gift cards. They want to scare or pressure you into acting quickly, so you don’t have time to think or talk to someone you trust. Here’s a list of common gift card scams and schemes:

The caller says they’re from the government — maybe the IRS or the Social Security Administration. They say you have to pay taxes or a fine, but it’s a scam.
Someone calls from tech support, maybe saying they’re from Apple or Microsoft, saying there’s something wrong with your computer. But it’s a lie.
You meet someone special on a dating website, but then he needs money and asks you to help him. This romance scammer makes up any story to trick you into sending him gift cards.
The scammer pretends to be a friend or family member in an emergency and asks you to send money right away — but not tell anyone. This is a scam. If you’re worried, hang up and call your friend or relative to check that everything is all right.
Someone says you’ve won a prize but first, you have to pay fees or other charges with a gift card. Remember: no honest business or agency will ever make you pay with a gift card. But also — did you even enter that sweepstakes?
The caller says she’s from your power company, or another utility company. She threatens to cut off your service if you don’t pay immediately. But utility companies don’t work that way. It’s a scam.
You get a check from someone for way more than you expected. They tell you to deposit the check, then give them the difference on a gift card. But that check will be fake and you’ll be out all that money.

What to Do If You Paid a Scammer with Gift Cards

If you paid a scammer with a gift card, tell the company that issued the card right away.

Contact information for popular gift card companies

Amazon

Call 1 (888) 280-4331.
Keep the Amazon card itself and your receipt for the Amazon card.
Learn about Amazon gift card scams and how to report them. Click on “Contact us.”

Ebay

Chat with eBay customer support, or have a representative call you back.
Keep the eBay gift card itself and your receipt for the eBay gift card.
Learn more about scams using eBay gift cards and how to report them.

Google Play

Report the gift card scam to Google.
Keep the Google Play card itself and your receipt for the Google Play card.
Learn about Google Play gift card scams and how to report them.

iTunes

Call Apple Support right away at 1 (800) 275-2273. Say “gift card” to connect with a live representative.
Ask if the money is still on the iTunes card. If so, Apple can put a freeze on it. You might be able to get your money back from them.
Keep the iTunes card itself and your receipt for the iTunes card.
Learn about iTunes gift card scams and how to report them.

Steam

If you have a Steam account, report gift card scams online. Click the “Purchases” option, then click, “I have charges from Steam that I didn’t make.” Then click, “Contact Steam Support.”
Keep the Steam card itself and your receipt for the Steam card.
Learn about Steam gift card scams.

Target

Call Target GiftCard Services at 1 (800) 544-2943.

MoneyPak

Report gift card scams to MoneyPak.
Keep the MoneyPak card itself and your receipt for the MoneyPak card.
Learn about MoneyPak gift card scams.

Don’t see your card on this list? Look for the company’s contact information on the card itself, or do some research online to find out how to reach the card issuer. If you can’t find the contact information or the card issuer doesn’t want to talk to you, report it to the FTC.

Safely Buying and Using Gift Cards

Remember that gift cards are for gifts, not for payments. So if you buy gift cards to give away or donate:

Stick to stores you know and trust. Avoid buying from online auction sites because the cards may be fake or stolen.
Check it before you buy it. Make sure the protective stickers are on the card and that they do not appear to have been tampered with. Also check that the PIN number on the back isn’t showing. Get a different card if you spot a problem.
Keep your receipt. This, or the card’s ID number, will help you file a report if you lose the gift card.

Report Fraud

If someone asks you to pay them with gift cards:

Report it to the Federal Trade Commission at ReportFraud.ftc.gov. Report it even if you didn’t pay. Your report helps law enforcement stop scams.
You can also report it to your state attorney general.
If you lost money, also report it to local law enforcement. A police report may help when you deal with the card issuer.

Scams That Rely on Emotional Connection - Dec 2021

Romance Scams

With the popularity of online dating apps and social networking sites, scammers have found another way to steal money from people. Here are a few tips to avoid losing money to an online romance scammer:

Never send money to someone you have not met in person
If the person asks for money for any reason, stop communicating with the person immediately
Do an online search for the type of job the person has. Many romance scams have similar job stories such as “oil rigger scam” or “US Army scammer”.

While these tips are very sensible, be aware of these scams for your own family members, especially younger adult members of your family that are using online networks to meet new people. If something a family member tells you about their new online romance sounds suspicious, speak up!

Family Emergency Scams

These scams can happen online, via text or on the phone. A scammer contacts you and tells you they are a close friend of a family member or a family member that you have little contact with. They will tell you that someone in your family needs your help. Stories like “your brother is in jail and needs bail money” or “your cousin’s car broke down and they need money to stay in a hotel”. The stories are endless.

The scams always include an urgent request for money and the scammer will play to your emotions to help a family member. The scammer will also ask you to keep the emergency a secret. If you receive a call or text with this type of request, here are a few tips:

Do not send any money immediately.
Hang up immediately and then contact the family member that is “in trouble” using the contact information you have. Do not use the contact information possibly provided by the scammer.
Reach out to another family member that can verify the emergency.

As with romance scams, most of these tips make perfect sense and many are unlikely to ever fall victim to these scammers. However, it is good to talk to your family members about these scams. Grandparents can be particularly vulnerable if the scammer pretends to be a grandson or granddaughter. The request of “please don’t tell Mom or Dad” will keep the scam a secret and some grandparents may be reluctant to admit they have been scammed.

While the thought of these scams is unpleasant, share these tips with your family.

And always, report the scam to the FTC at www.ReportFraud.ftc.gov. This reporting can help others before they fall victim to one of these scams. If you believe a scammer has gained access to your NGFCU accounts, notify us immediately at 800.633.2848.

Fraud Prevention Tips for Holiday Shopping - Nov 2021

The holiday shopping season isn't just a big season for consumer spending. It's also a peak time of year for fraud. And while fraud unfortunately happens year-round, it is particularly common around the holidays. With the significant increase in online shopping, consumers need to be extra vigilant about cybersecurity at this time of the year.

Here are some tips to avoid fraud during the holidays (and all year):

Use unique passwords. If you do not want to create unique passwords for every website you use, at least create unique ones for your online banking profile, PayPal account, credit card account, and other accounts linked to your financial information. And in all cases, do not use the same password for multiple financial accounts.
Use a secure network when shopping online. Do not make online purchases when using a public or unsecured WiFi.
Only shop from sites or stores you trust. Verify that you are on a store's actual website and trust your gut if something seems suspicious. Do not go to a site by clicking on an ad you received via e-mail or social media. Look at the name of company and go directly to their site.
Use a debit or credit card with anti-fraud features or fraud alerts like Mastercard^® or Visa^®. These features can help you catch and stop unauthorized transactions before they’re approved by your financial institution.
Monitor your credit card and banking accounts frequently. With online account access, daily monitoring is easy to do. Report any fraudulent or questionable charges as soon as you notice them. Set up email or text alerts on your credit and debit cards so you receive notice of any purchase or transaction immediately. If you don’t recognize the transaction, contact your issuer immediately.
Keep your devices up to date with software, browser and app updates. Fraud prevention technology is constantly improving, which means most software updates include security fixes that address new vulnerabilities.
Never give your financial or personal information over the phone to someone that initiated the call. Only give information on a call which you placed and are sure you are speaking to the desired company.
Be careful who you trust your login information to, even if it is a close friend or relative.

NGFCU is available 24/7/365 if you suspect any fraud on your account. Call 800.633.2848 to report any suspicious activity or if you believe your financial information has been compromised.

Protect Your Computer When Using Remote Access - Oct. 2021

With the disruption caused by the pandemic, many people are accessing their employer networks and computers from a remote location. Having the ability to do this is called remote access, and it has become an invaluable tool enabling employees to work from home. However, it is very important to make sure your remote access is secure.

There are several ways to keep your computer and data protected when using remote access. Here are a few tips to help you do just that:

Use Strong Passwords

 Your passwords should be a combination of upper and lower case letters, numbers, and symbols. Each password should be at least 12 characters long. Using a password generator is a simple way to create random passwords. Change your passwords frequently and create a unique password for each account or login. And of course, don’t share your passwords.

Software Updates

Many software updates contain security enhancements or patches. Install updates when they become available to protect your device from new malware or viruses.

Use Antivirus Software

Install reliable antivirus software and enable auto-updating so it is always up to date.

Enable Your Firewall

Firewalls monitor and filter incoming and outgoing network traffic based on established security protocols. It monitors attempts to gain access to your operating system and blocks unwanted incoming traffic and unrecognized sources. Be sure your firewall is ON.

Use a Secure VPN

Setting up a secure Virtual Private Network (VPN) means your remote desktop won’t be connected directly to the internet. Instead, your remote desktop will only be exposed to your local network. This limits the vulnerability to outside hackers.

Multifactor Authentication

Called 2FA or MFA, this adds another layer of protection to your device and requires more than one kind of credential to sign into or log into an account. Beyond the typical username and password, multifactor authentication requires a unique code that will be sent to you via SMS for verification.

Identify and Avoid Malware on Your Devices - Sept. 2021

Reports of ransomware scams have been headline news recently. Large companies are being targeted and have become victims of this security threat. Here is valuable information about this type of cyber-crime and how to avoid it.

Malware includes viruses, spyware, ransomware and other unwanted software that gets secretly installed onto your device. Once malware is on your device, criminals can use it to steal your sensitive information, demand payment to unscramble data encrypted by ransomware, and make your device vulnerable to even more malware.

How Malware Gets on Your Device

Malware can get onto your device when you open or download attachments, or visit a fake website. Here are some common ways that your device might get infected with malware:
Downloading free stuff like illegal downloads of popular movies, TV shows, or games
Clicking links in fake security pop-ups sent to your computer
Clicking on ads placed by scammers on websites you visit
Phishing emails that trick you into clicking on a link or opening an attachment

How To Know if You Have Malware

Look for unusual behavior from your phone, tablet, or computer. Your device might have been infected with malware if it:
Suddenly slows down, crashes, or displays repeated error messages
Won’t shut down or restart
Won’t let you remove software
Serves up lots of pop-ups, inappropriate ads, or ads that interfere with page content
Shows ads in places you typically wouldn’t see them, like government websites
Shows new and unexpected toolbars or icons in your browser or on your desktop
Uses a new default search engine, or displays new tabs or websites you didn’t open
Keeps changing your computer’s internet home page
Sends emails you didn’t write
Runs out of battery life more quickly than it should

How To Avoid Malware

Scammers try to trick people into clicking on links that will download viruses, spyware, and other unwanted software — often by bundling it with free downloads. Here are ways to avoid malware:

Install and update security software and use a firewall if available. Set your security software to update automatically.
Read each screen when you install new software. If you don’t recognize a program, or are prompted to install bundled software, decline the additional program or exit the installation process.
Get well-known software directly from the source. Sites offering popular software for free are more likely to include malware.
Pay attention to your browser’s security warnings. Many browsers come with built-in security scanners that warn you before you visit an infected webpage or download a malicious file. Don’t modify your browser’s security warnings. It could weaken the security.
Instead of clicking on a link in an email or text message, type the URL of a trusted site directly into your browser. Criminals send phishing emails that trick you into clicking on a link or opening an attachment that could download malware.
Don’t click on pop-ups or ads about your computer’s performance. Scammers insert unwanted software into pop-up messages or ads that warn that your computer’s security or performance needs attention. You might see a warning that says “suspicious activity detected on your computer. Contact a technician now at 888-888-8888.” These are tech support scams. Avoid clicking on these ads if you don’t know the source.

If you believe you may have malware on any of your devices that may have compromised your NGFCU accounts, call us at 800.633.2848 or email memberservices@ngfcu.us.

Mobile Device Security – Jan. 2021

Best Practices for Online Security – Dec. 2020

Safe Device Disposal – Dec. 2020

After you have transferred your apps and data to your new device, you'll need to decide what to do with your old device. Regardless of whether you intend to recycle it or trade it in for cash, make sure the hard drive is wiped clean. This will ensure that all your personal information, including user names, passwords, login credentials, files, etc. are not accessible to anyone.

Here is a short list of recommendations to protect your information:

Secure delete all files

Simply deleting files is not enough. Even if you can't see the file name, the data is still on your hard drive and accessible. Most operating systems have a utility for secure deletion of files. Check your device's specifications and follow the instructions.

Deauthorize your applications

Many software packages such as Microsoft Office or Adobe allow installation on a limited number of devices. Be sure to deauthorize these programs so they will be available to use on your new device. Each program will have instructions on the specific procedure.

Clear your browsing history

Most browsers save information about your browsing history and have settings that allow you to store user names and passwords. Just think of how many websites you visit that have your user name and password "remembered.” Locate the procedure to erase your browsing history for all your browsers, not just the one you use most often.

Uninstall all applications

If you have software that you purchased and installed on your hard drive, uninstall the programs so they are available to use again on your new device.

Remove the hard drive

If you intend to just dispose of your device, you can remove the hard drive entirely. While not easily done with many devices, it certainly ensures that your information is not shared. Then you can choose your preferred method of destroying the hard drive.

After you've done the above steps, you are ready to dispose of your old device. Since these devices do contain toxins, the best choice is to recycle if you intend to simply trash your device. Watch for events in your community that sponsor e-waste recycling. However, you may want to consider donating it or trading it in for cash value as well.

Keylogger Malware – Nov. 2020

Email Hacking – Oct. 2020

If you assume no one cares about your personal email, consider this: your personal email can provide a wealth of information to cyber criminals. Think of all the information that is included in your saved emails – receipts, password resets, links to bank statements and so much more. Not to mention, access to your address book.

Many people also use their email address as the login for financial accounts, online retailers and payment processors. If someone has your email and attempts to log into one of your accounts, they only need to click the "forgot password" and the password reset will go to your email, which has been taken over by the cybercriminal. Once the person updates your password, you are locked out and they are logged in.

You might have been hacked if:

Your email contacts are getting emails or messages you didn't send.
Your sent messages folder has messages you didn't send, or it has been emptied.
Your social media accounts have posts you didn't make.
You can't log into websites you frequently visit such as your online banking or your social media account.

Cyberattackers can also "spoof," or fake your email, but don't actually have access to your account. But you'll want to take action, just in case.

If you have been hacked:

Update your desktop and mobile operating systems, delete any malware and make sure your security software is up-to-date.
Change your passwords on all of your online accounts.
Check the advice your email provider or social networking site has about restoring your account if you have lost access.
Tell your email contacts about the hack so they don't become victims too.
Consider closing your email account and setting up a new one.

Steps to prevent hacking:

Use unique passwords for important sites, like your bank and email. This can be an overwhelming task, but you can use a Password Manager that provides a centralized and encrypted location that will keep a record of all these passwords safe. Password managers store login details for all the websites that you use and logs you in automatically each time you return to a site. When using a password manager you create a master password. The master password will control access to your entire password database. This password is the only one you will have to remember so it's important to make this as strong and secure as possible.
Use two-factor authentication whenever it is available. This provides a second layer of authentication such as a text or call to verify your identity.
NEVER click on links or open attachments in emails unless you know who sent them and what they are.
Download free software only from sites you know and trust.
Don't use public computers or Wi-Fi to access your most sensitive online accounts, especially accounts that have your financial information.
If you think a cybercriminal has gained access to your information – like your Social Security, credit card, or bank account number – go to IdentityTheft.gov to see the specific steps to take.

Source: Consumer.ftc.gov

SIM Card Swap Scams – Oct. 2020

Our cell phones contain contact information, text messages, e-mail access, auto-filled login credentials and much more. Imagine that your cell phone suddenly stops working: no data, no text messages, no phone calls. Then imagine calling your cellular provider only to discover that your SIM card has been activated on a new device. At this point, you are possibly the victim of a SIM card swap scam.

How the SIM card swap scam works:

With your cell phone number and personal information like name and address, a scammer can call your cell phone service provider and say your phone was lost or damaged. Then they ask the provider to activate a new SIM card connected to your phone number on a new phone – a phone they own. If your provider believes the story without additional verification procedures and activates the new SIM card, the scammer – not you – will get all your text messages, calls, and data on the new phone.
Imagine the damage a scammer – who now has control of your number – can do with all your information. Even if you have multifactor authentication (MFA) enabled on your financial accounts, which requires two or more credentials to log in, you are not protected. The scammer will receive the text message with the verification code they need to log in.
Armed with your login credentials, the scammer could log in to your bank account and steal your money, or take over your email or social media accounts. And they could change the passwords and lock you out of your accounts. To say the least, this situation is a nightmare.

How to protect yourself from a SIM card swap scam:

Don't reply to unsolicited calls, emails, or text messages that request personal information. These could be phishing attempts by scammers to get your personal information. If you get a request for your account or personal information, contact the company using a phone number or website you know is real. Companies you do business with, especially financial institutions, will never ask you to verify your information unless you have reached out to them first.
Limit the personal information you share online. Avoid posting your full name, address, or phone number on public and social media sites. An identity thief can use it to answer the security questions required to verify your identity and log in to your accounts. This includes those supposedly harmless Facebook posts from friends asking you to name your favorite color, movie, etc.
Set up a PIN or password on your cellular account. This is a very simple way to add security to your cellular account and can help protect your account from unauthorized changes. Check your provider's website for information on how to do this.

If you're the victim of a SIM card swap scam:

If you discover that your phone has lost your data, text, etc., contact your cellular service provider immediately to determine if you have been the victim of a SIM Swap. Your cellular company should be able to reverse the SIM card swap so you can take back control of your phone number. After you re-gain access to your phone number, change your account passwords.
Check your credit card, bank, and other financial accounts for unauthorized charges or changes regularly. If your phone stops working, use another device like a desktop computer or tablet as soon as possible. If you see anything suspicious, report them to the company or institution immediately.
If you think a scammer has your information – like your Social Security Number, credit card, or bank account numbers – go to IdentityTheft.gov to see the specific steps to take.
For more helpful information about this topic, take advantage of the free resources provided by the Federal Trade Commission at consumer.ftc.gov.

Computer Safety Tips – Sept. 2020

Scammers, hackers and identity thieves are looking to steal your personal information and possibly your money. But there are steps you can take to protect yourself. Here are a few tips to remember:

Update Your Software. Keep your software – including your operating system, your web browsers, and your apps – up-to-date to protect against the latest threats. Many software updates include improved security. If you have outdated software that you no longer use, delete it from your devices.

Protect Your Personal Information. Every time you are asked for your personal information – whether in a web form, an email, a text, or a phone message – think about why someone needs it and whether the request is legitimate. If someone is requesting your information without any initiation from you, always contact the company directly by going to their website or calling them yourself.

Protect Your Passwords. Here are a few ideas for creating strong passwords and keeping them safe:

Use at least 10 characters; 12 is ideal for most home users.

Try to be unpredictable – don't use names, dates, or common words. Mix numbers, symbols, and capital letters into the middle of your password, not at the beginning or end.

Don't use the same password for many accounts. If it's stolen from you – or from one of the companies where you do business – thieves have access to all of your accounts with the same password.

Don't share passwords on the phone, in texts or by email.

If you write down a password, keep it secure, out of plain sight.

Consider Turning On Two-Factor Authentication. Two-factor authentication requires both your password and an additional piece of information to log into your account. The second piece could be a code sent to your phone, or a random number generated by an app or a token. This protects your account even if your password is compromised. If you have the option to activate two-factor authentication, use it.

Give Personal Information Over Encrypted Websites Only. If you're shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for https at the beginning of the web address. That means the site is encrypted and your data is secure.

Back Up Your Files. No system is completely secure. Copy your files to an external hard drive or cloud storage. If your computer is attacked by malware, you'll still have access to your files.

For more helpful information about this topic, take advantage of the free resources provided by the Federal Trade Commission at consumer.ftc.gov.

Federal Reserve Fake Account Scam – Sept. 2020

Wi-Fi Security Tips – Aug. 2020

Wi-Fi hotspots in public places are convenient, but often they're not secure. If you connect to a public Wi-Fi network and send information through websites or mobile apps, it could be accessed by someone else.

Here's how you can protect your information when using public Wi-Fi:

Log in or send personal information only to websites you know are fully encrypted. You can tell if a site is encrypted by looking at the URL. It should start with https, not just http. As you navigate through a site, watch the URL for each page also. Not all pages on a site are encrypted.
Don't stay permanently signed into accounts. When you've finished using an account, log out.
Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to alerts many web browsers display when you attempt to visit fraudulent websites or download malicious programs, and keep your browser and security software up to date.
Consider changing the settings on your mobile device so it doesn’t automatically connect to nearby Wi-Fi. That way, you have more control over when and how your device uses public Wi-Fi.
Use a virtual private network (VPN) if you regularly access online accounts through Wi-Fi hotspots. VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can get a personal VPN account from a VPN service provider. In addition, some organizations create VPNs to provide secure, remote access for their employees. What's more, VPN options are available for mobile devices too. They can encrypt information you send through mobile apps.
Learn how to identify and access Wi-Fi networks that use encryption: WEP and WPA are common, but they might not protect you against all hacking programs. WPA2 is the strongest.
Install browser add-ons or plug-ins. They can help. For example, Force-TLS and TTPSEverywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren't encrypted. They don't protect you on all websites so watch for https in the URL address as mentioned above.
Take steps to secure your home wireless network.