Security Corner

Beware of Unemployment Scams

As the economy reels from the impact of COVID-19, a record 22 million Americans have filed for unemployment insurance in the four weeks leading up to April 11.

Unfortunately, when there’s bad news, scammers aren’t far behind. The panicked rush to fill out claims, along with the overloaded unemployment websites and phone lines, provide the perfect cover for con artists looking to grab a dollar.

Here’s all you need to know about the circulating unemployment scams.

How the scams play out 

An unemployment scam can involve a con artist filing a claim in someone else’s name and then collecting their benefits or claiming to be employed in a place of business where they have never held a job. The victim will thus be denied their own benefits.

These cons can also take the form of a scammer impersonating a government employee offering to help the victim fill out their application for unemployment insurance. Unfortunately, the scammer is only out to get information to nab the victim’s benefits. Or worse, the scammer may use this information to steal the victim’s identity. Other times, while allegedly helping the victim fill out their forms, the scammer asks the victim to make a payment via credit card to receive their benefits. Of course, this money will go straight into the scammer’s pocket and the victim’s unemployment claim is never filed.

In yet another variation of the unemployment scam, fraudsters create bogus websites that look like official sites used to claim benefits. They lure victims to the sites via social media posts or emails. The victim willingly shares information and assumes they are actually filling out their unemployment forms

How to spot an unemployment scam

First, it’s important to note that there is no fee involved in filing or qualifying for unemployment insurance.

Second, government officials will never ask you to share personal information over the phone unless a phone appointment was preplanned and scheduled for a specific date and time.

Finally, sensitive information should never be shared on a site without first verifying its security. Look for the lock icon next to the URL and for the “s” after the “http” in the web address.

Protect Your Account & Money: Best Practices for Debit and Credit Cards

In these trying times it is important to keep your account, money and personal information safe from professional con-artists. Criminals utilize many techniques to trick you, such as disguising their phone number to look like a local caller or worse, make it look like they are calling from the Credit Union. Here are a few tips to help you keep your money safe.

If the Credit Union calls you regarding your debit or credit card:

  1. We will NOT ask you for personal information such as your Social Security Number, date of birth, address, unless we feel we need to identify you as the member.
  2. We will NOT ask you for your pin number, account number, credit or debit card number, username or passwords!
  3. Our third-party fraud department works 24/7 to help us monitor your account for any suspicious activity done with your debit or credit card. When they try to contact you, they will send a text, follow up with an email, call the home phone and then call your cell phone, usually within 5 minutes of each other. Make sure you respond to the contact information given to you. The following will then occur:
    • They will list the last 4 or 5 transactions for you to verify whether they are ones that you have done.
    • If they are all legitimate transactions, they will unblock your card.
    • If there have been any unauthorized transactions, they will block the card to prevent any further transactions, start the dispute process if necessary and tell you to call the Credit Union to get a new card.
    • They will NOT ask you personal information. 
  4. Whenever in doubt as to whether a call is legitimate, you should tell the caller you need to call them back.  We then recommend that you call the credit union directly to verify the call and the fraud activity on your card.

Best Practices:

  1. Please make sure your contact information is current with the Credit Union so that our card fraud department can contact you when needed: Address, phone numbers and a current email address. 
  2. If you call the Credit Union, we need to verify that we are talking to you, our member, and not an impostor. We may ask your personal information that we already have on file for you including date of birth, Social Security number and other information that only you should know.  
  3. Be cautious when signing up for “Free Trials or Discounted Offers.” This presents a perfect opportunity for criminals to obtain your information. When signing up for a “free trial,” please keep in mind that nothing is free. The fine print usually describes what needs to be done in order to prevent further charges in the future, such as, cancelling by a certain date, or returning the unused portion of the product.  Unfortunately, unless you follow their directions, these transactions are not disputable.

We want to help our members stay safe during these trying times. Please call the Credit Union at 716-372-6607 or 800-854-6052 with any concerns or if you think you may have received a call from someone attempting to get your information. 

Use caution when using the digital payment network, Zelle.

Recently fraudsters initiated a sophisticated 2-step scam targeting Zelle users:

  • The scam started with fraudsters sending account alerts to users via text message appearing to come from a financial institution warning them of suspicious debit card transactions on their accounts.
  • For those who responded to the text, the fraudsters called the Zelle users via telephone from a deceiving phone number and claimed they were from a financial institution’s fraud department. To verify the identity of the user, the fraudster told them they would receive a passcode via text message which would need to be provided over the phone.
  • The fraudsters use the “forgot password” feature for online banking which triggered multi-factor authentication and the passcode was sent via text. Users then gave it to the scammer. In other cases, the fraudsters triggered a Zelle transaction but needed the passcode to complete the transaction. They then immediately used the passcode to login to the user’s accounts.
  • Once logged into the account, fraudsters used Zelle to transfer funds out.

In a few cases, if users refused to provide the passcode, the impostors impersonated the user and social engineered their mobile phone carrier and were successful in porting the users’ mobile phones to a different carrier.  This allowed them to receive the passcode by using the “forgot password” feature.

  • Some institutions reported that these scammers successfully social engineered their service call center employees into changing mobile phone numbers on accounts, which allowed them to receive the one-time password (OTPs). In some cases, email accounts were hacked to intercept OTPs sent via email. Do we want to delete this section so members don’t think this happened here?

If you’ve been a target of this type of scheme or any other please contact the credit union immediately.  We would not ask for your personal information if we initiated the call to you.