SMH Federal Credit Union

BEWARE OF CURRENT SCAMS

SMH FCU DOES NOT CONTACT IT'S MEMBERS USING: AUTOMATED TELEPHONE SERVICES,
NO EMAILS ARE SENT TO MEMBERSHIP, AND
NO TEXT MESSAGES ARE SENT BY SMH FEDERAL CREDIT UNION!
ONLY CUNA MUTUAL IS ALLOWED TO MAIL OFFERS TO OUR MEMBERSHIP.

Currently there are CYBER THIEVES (also known as modern con or scam artists) Phishing, Vishing and Smishing Northwest Indiana residents using SMH FCU as a camoflauge.

If you replied to to one of the above and gave your personal information, CANCEL ALL ACCOUNTS IMMEDIATELY AND CONTACT YOUR LOCAL POLICE DEPARTMENT

PLEASE REPORT ALL INQUIRIES THAT YOU RECEIVE FROM ANY SOURCE CLAIMING TO BE SMH FCU TO JIM LEBRYK, MANAGER SMH FCU @ 219-836-0025. If you receive a email do not reply to the email, please forward it to jlebryk@smhfcu.com

PHISHING - EMAIL SCAMS
Cyber Thieves are sending out e-mails that link to a copy of our web site. The email asks you complete a short survey and at the end it states that a $99.00 Credit will be deposit to your account. *NO MONEY WILL BE DEPOSITED*
SMH FCU is NOT conducting any survey and does NOT have access to members personal email addresses!
THIS IS A SCAM!

Another is:
You have 1 new ALERT message
Please login to your SMH Federal Credit Union Online
and visit the Message Center section in order to read the message.
SMH FCU does not have on-line banking.
SCAM

Both cases bove are scams known as "Phishing". They are looking for your name and account number. They want your information to remove your money from your account.

VISHING - PHONE SCAM
The cyber thieves have been reported to call on weekend nights when our offices are closed. An automated system is used. The automated system informs you that "your SMH DEBIT CARD has been de-activated. To re-activate the card press one." Via the phone they are asking you for the information that they do not have.

If you have caller ID you will note that the caller's number is blocked. SMH FCU does not block our phone number.

They are looking for your name and account number. They want your information to remove your money.

SMISHING - TEXT MESSAGING SCAMS
Cyber Thieves use text messages trying to get you to respond with your personal information.

Phishing, Vishing, & SMiShing
Avoid getting taken, hook, line, and sinker!

Phishing, Vishing, and SMiShing are scams that use new technology in an attempt to obtain personal, non-public information from consumers to be used for fraudulent purposes, most notably identity theft. The following information will provide you with background on how these scams work, and tips to help you avoid getting taken.

Phishing
Phishing is probably the most common scam in which unsolicited, seemingly legitimate, e-mails are sent to consumers luring them to click on a link to verify account information, including asking for account numbers, social security numbers, passwords, and debit/credit card numbers, and expiration dates. The e-mails and phony websites realistically mimic the branding of a company by using similar colors, graphics, etc. They often use language to the effect that if the consumer does not perform the verification, their account will be subject to closure, suspension, denial of services, or other account restrictions.

Vishing
A consumer receives a call with a recorded message that states the consumer's credit card has been breached and to call the following phone number immediately. When the consumer calls the number, another message tells them that they have called account verification and please enter your 16-digit card number. This is an example of Vishing, short for voice-phishing, which uses a combination of phishing e-mails and Voice over Internet Protocol (VoIP). Through broadcast e-mails or random dialers, consumers are contacted and asked to "verify" information. Instead of clicking on a web link to verify their personal information, consumers are asked to call an 800 number. The 800 number is linked to an automated answering service/recorded message that directs the caller to input account information.

SMiShing
This brings us to SMiShing, a phishing attack sent by Short Message Service (SMS). SMS is a service that allows the transmission of text messages between mobile phones and handheld devices. An example message: "We're confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order." The message includes a link that, when accessed, takes the recipient to a phishing site where they are prompted to download a program - a Trojan horse.

Given that consumers use various devices to access not only personal, but company networks as well, proactive security measures should be taken to address the fact that employees haven't transferred the security mindset that they apply to their laptops to these devices. David Rayhawk, in a McAfee Avert Labs Blog, states, "Enterprises would be wise to keep a close eye on this issue, and think about policies for securing their mobile devices ahead of time, rather than playing catch up when it hits them, and begin to educate their employees about the potential risk now."

Tips to safeguard yourself from Phishing, Vishing and SMiShing:

Never respond to unsolicited e-mails or text messages; especially coming from people or companies that you do not have a relationship with or regarding services you have not signed up for. Contact the financial institution or merchant via the regular channels you use to communicate with them.
Remember, for privacy and security, financial institutions do not arbitrarily solicit non-public information from you. Typically they would already have information based on the relationship you have previously established with them.
When you are accessing secure accounts online, make it a habit to check for the small yellow lock in your browser window. If it's unlocked - you are not in a secure area of the Website.
If you receive a Vishing message, and you do want to check your account, disregard the recorded number and contact your financial institution through the customer service phone number on your statement or credit card.
Pay attention to the URL. Fraudsters cannot exactly mimic a company's website URL, but will often insert one letter or symbol to make it appear legitimate.
Keep a record of services you sign up for on your mobile devices. If you receive a SMiShing message for a service you don't think you signed up for - you probably didn't. Disregard the message.
When in doubt, do not respond to an email, voicemail or text message regarding an account. Contact your financial institution through regular channels.
If you receive multiple phishing, vishing or SMiShing messages from a financial institution, bring it to their attention to help them uncover the fraud.
Although these scams differ slightly in delivery and execution, they all use advances in technology and social engineering skills to hook you, they all give you a line about needing to "verify" your account or personal information, and, if you fall victim, the sinker is they will steal your identity and/or empty your accounts.

For more information on phishing attacks and trends visit the Anti-Phishing Working Group - www.antiphishing.org.