Please contact us when traveling outside of Montana for debit/credit card usage.
You can send notice of travel via Card Services in our mobile app or by completing the Traveling Member Form.
4 ways to identify a tax scam
Tax filing season is of course a busy time of year for accountants. However, it’s also a bust time of year for scammers, as well.
According to a recent Federal Trade Commission report, of the $1.48 billion total reported fraud, consumers lost nearly $488 million to imposter scams in 2018. Fraud schemes range from debt collector calls or emails claiming you haven’t paid your taxes, to someone posing as an official from the IRS or local law enforcement agency threatening arrest, suspension of your driver’s license or some other penalty if you don’t immediately wire funds to pay your taxes. The scams have become increasingly sophisticated and hard to detect.
Here is what you need to know about the IRS:
The first contact from the IRS is through regular mail delivered by the United States Postal Service. The IRS does not initiate contact with taxpayers by email, text message or social media channels. Even if they call to set up appointments or discuss an audit, you would first receive notification by mail. Only after mailing an official notification of an audit can an auditor/tax examiner follow up by phone. Forward any suspicious emails to the IRS at [email protected]. Alleged IRS or tax-debt collection calls should be reported to (800) 366-4484.
Payments to the IRS are only payable to the United State Treasury. They do not accept payment in the form of prepaid debit cards, gift cards or wire transfers.
IRS agents will NEVER demand that you pay taxes without giving you the opportunity to question or dispute the amount they say you owe. They have to advise you of your rights as a taxpayer. They CANNOT threaten to bring in local police, immigration officers or other law enforcement to have you arrested for not paying your taxes. The IRS also has zero authority to revoke your driver’s license, business license or immigration status.
If an IRS representative calls or comes to a home or business unannounced to collect a tax debt or as part of an investigation, they will always provide two forms of official credentials: a pocket commission and a HSPD-12 card. You have a right to see the credentials and can call the IRS to verify the identity/information on the representative’s HSPD-12 card.
a HSPD-12 card. You have a right to see the credentials and can call the IRS to verify the identity/information on the representative’s HSPD-12 card.
Important Text Fraud Alert - 03/21/2019
Everyone please be cautious about a fraudulent text message that has been going around claiming to be coming from our Business department. The message comes from 888-250-3394 and tells you to contact “Sky FCU” @ 888-769-1827. The message was claiming to be from Sam. Be advised that this is NOT the credit union and is Fraudulent. Please DO NOT respond.
Important Tax Fraud Alert - 02/20/2018
The Internal Revenue Service today is alerting financial institutions to the proper handling of erroneous federal tax refunds resulting from an emerging fraud scheme that could affect thousands of people across the country.
Financial institutions using external leads process should include the reason the refund is being returned, i.e. refund is not the taxpayer’s. More information is available at Publication 5033, IRS External Leads Program: Fact Sheet on Submitting Leads.
Just days into the start of the 2018 filing season, the IRS identified a new scam in which cybercriminals have stolen client data from tax professionals and filed fraudulent refunds using real taxpayer information, including bank account and routing information for direct deposit.
The fraudster then contacts the taxpayer posing as an employee of a debt collection agency working on behalf of the IRS. They ask the taxpayer to take certain steps to return the refund, but actually the refund goes to the criminals.
IRS guidance to taxpayers who are victims asks them to contact the Automated Clearing House (ACH) department of the bank/financial institution where the direct deposit was received and have them return the refund to the IRS. The IRS also asks the taxpayers to call the agency toll-free at (800) 829-1040 (individual) or (800) 829-4933 (business) to explain why the direct deposit is being returned.
There is more information for taxpayers at Tax Topic Number: 161 - Returning an Erroneous Refund.
Montanans May Now Seek Compensation from Western Union
Montanans who were deceived into sending payments to scammers using Western Union’s wire transfer service may now apply for compensation from a $586 million fund administered by the federal Department of Justice. Learn More
Equifax Isn’t Calling
September 14, 2017
by: Lisa Weintraub Schifferle
Attorney, FTC, Division of Consumer and Business Education
Ring, ring. “This is Equifax calling to verify your account information.” Stop. Don’t tell them anything. They’re not from Equifax. It’s a scam. Equifax will not call you out of the blue.
That’s just one scam you might see after Equifax’s recent data breach. Other calls might try to trick you into giving your personal information. Here are some tips for recognizing and preventing phone scams and imposter scams:
- Don’t give personal information. Don’t provide any personal or financial information unless you’ve initiated the call and it’s to a phone number you know is correct.
- Don’t trust caller ID. Scammers can spoof their numbers so it looks like they are calling from a particular company, even when they’re not.
- If you get a robocall, hang up. Don’t press 1 to speak to a live operator or any other key to take your number off the list. If you respond by pressing any number, it will probably just lead to more robocalls.
If you’ve already received a call that you think is fake, report it to the FTC.
If you gave your personal information to an imposter, it’s time to change any compromised passwords, account numbers or security questions. And if you’re concerned about identity theft, visit IdentityTheft.gov to learn how you can protect yourself.
For more information about the Equifax breach, visit Equifax’s website, www.equifaxsecurity2017.com (This link takes you away from our site. Equifaxsecurity2017.com is not controlled by the FTC.) or contact their call center at 866-447-7559.
September 7, 2017
In regards to the Equifax breach, to place a credit freeze you will need to contact each credit bureau.
Contact each of the nationwide credit reporting companies:
After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze. You can check to see if you are impacted and for information about a free service they provide for those that are at risk.
As for the breaking news about Equifax we suggest you visit: www.equifaxsecurity2017.com
You'll need to supply your name, address, date of birth, Social Security number and other personal information. Fees vary based on where you live, but commonly range from $5 to $10.
Scammers “Spoofing” Law Enforcement Information on Caller ID
March 6, 2017
Consumers in a few Montana cities have reported scammers have been calling them and pretending to be agents from the Federal Bureau of Investigation FBI) and other federal, state, and local law enforcement departments. The impersonation attempts start with ‘spoofing’ the law enforcement department’s phone number on the intended target’s caller ID, or making it appear that the phone call is coming from a different number than the one it truly originated from. These scammers then try to obtain personal information, such as bank account numbers, from the person who answers the call by threatening to arrest or prosecute the victim for supposed ‘unpaid debts or taxes’.
Consumers are encouraged to either hang up the phone, or, if they think a law enforcement agency may be trying to get a hold of them, but they are not sure of the veracity of the call they received, to take the following steps:
- Ask the caller for his/her name and immediate supervisor
- Ask under what authority this call is being made
- Ask what court of jurisdiction they are operating within
- Hang up, find the law enforcement agency’s phone number from their official website (such as the city or county website) or in the phone book, and call the agency at that number to verify the information provided
- NEVER provide personal information over the phone to someone unless you initiated the contact (you called them) and you are certain you know who you are speaking to
NEXT STEPS: To get updates on the latest scams and identity theft attempts affecting Montanans, sign up for Consumer Alerts through the Office of Consumer Protection. To report an attempted scam, use OCP’s convenient online reporting form here. You can also call to speak with one of our investigators at (800) 481-6896 or (406) 444-4500, visit OCP’s homepage at https://dojmt.gov/consumer/ , or call your local law enforcement agency.
Observe Tax ID Theft Awareness Week by Brushing Up on the Basics
February 2, 2017
In honor of the Federal Trade Commission’s (FTC) Tax Identity Theft Awareness Week (January 30 – February 3), I’m encouraging all Montanans to read up on the most common tax identity theft scams and how to avoid them.
The IRS reported the average federal tax refund during the 2015 filing season was about $3,200. Montanans work very hard for their wages, and it’s unconscionable that identity thieves are stealing their well-deserved tax refunds. Fortunately, consumers can arm themselves with knowledge from the FTC, the IRS, the Department of Veterans Affairs, and others, including my Office of Consumer Protection.
Tax identity theft can happen in a number of ways. It includes someone filing a phony tax return using your personal information, such as your Social Security number, to collect your refund from the IRS. It also can happen if someone uses your Social Security number to get a job or claims your dependents on a tax return. These identity thieves can get your personal information in a number of ways, such as searching through your trash, stealing your mail, or posing as the IRS and asking for personal information over the phone. The FTC reports tax identity theft has been the most common form of identity theft reported for the past five years.
The FTC suggests Montanans take the following steps to protect themselves from tax scams:
- File your return early in the tax season if you can
- If you file electronically, don’t use unsecure, publicly available Wi-Fi hotspots at places like the library, coffee shops or a hotel lobby
- Mail your tax return directly from the post office
- Know the IRS won’t contact you by email, text, or social media; if the IRS needs information, it will first contact you by mail
- Respond to all postal mail from the IRS as soon as possible
- Shred copies of your tax return, drafts, or calculation sheets you no longer need
- Don’t give out your Social Security number (SSN) or Medicare number unless necessary; ask why it’s needed, how it’s going to be used, and how it will be stored
- If your SSN has been compromised, contact the IRS ID Theft Protection Specialized Unit at 800-908-4490
- Get recommendations and research a tax preparer thoroughly before you hand over personal information
- Check your credit report at least once a year for free at annualcreditreport.com to make sure no other accounts have been opened in your name
If you become a victim of tax identity theft , don’t panic. Tax identity theft victims typically find out their information has been compromised when they get a letter from the IRS saying that more than one tax return was filed in their name, or IRS records show they received wages from an employer they don’t know. If you get a letter like this, contact the IRS Identity Protection Specialized Unit at 800-908-4490 and visit IdentityTheft.gov to find more resources to help you report and recover from identity theft.
If you owe — or think you may owe — federal taxes , call the IRS at 800-829-1040 or go to irs.gov . IRS workers can help you with your payment questions. The IRS doesn’t ask people to pay with prepaid debit cards or wire transfers, and doesn’t ask for credit card numbers over the phone. When the IRS contacts people about unpaid taxes, they do it by postal mail first, not by phone.
NEXT STEPS: More information about tax identity theft is available from the FTC at ftc.gov/taxidtheft and the IRS at irs.gov/identitytheft . Report IRS imposter scams to the Treasury Inspector General for Tax Administration (TIGTA) online or at 800-366-4484, and to the FTC at ftc.gov/complaint . To get updates on the latest scams and identity theft attempts affecting Montanans, sign up for Consumer Alerts through the Office of Consumer Protection. To report an attempted scam, use OCP’s convenient online reporting form here. You can also call to speak with one of our investigators at (800) 481-6896 or (406) 444-4500, visit OCP’s homepage at https://dojmt.gov/consumer , or call your local law enforcement agency.
SCAM in Gallatin County
December 15, 2016
The Gallatin County Sheriff’s Office has received a number of complaints from citizens regarding a scam that is occurring within Gallatin County. The caller informs the person who answers that they have criminal charges pending and to send money for these charges to be stopped. The Caller ID may indicate the phone number is 406-582-2125. Although this number is the number to the Sheriff’s Office, it is a scam. Additionally, the caller may identify themselves as a member of the Gallatin County Sheriff’s Office. These phone calls are not originating from the Sheriff’s Office. Please do not respond to their requests.
Be Wary of Online Threats During Holiday Season
December 8, 2016
The holiday season brings to mind warm acts of kindness and generosity. Unfortunately, scammers and con artists are very active year-round. However, some of the most common web-based scams are easy to spot once you know what to look for, and hopefully that can bring peace of mind back to this joyful time. My Office of Consumer Protection recommends Montanans stay safe online by keeping an eye out for common social media and web-based scams and deceptive offers as Christmas approaches, such as:
Scam Smartphone/Tablet Apps – Apps are the latest technology being harnessed by scammers to steal personal information from consumers. Some of these scam apps, often offered for free and through alternative app marketplaces, are disguised to look like games, payment services, or department store shopping apps, but in reality they download malware onto the user’s device that steals usernames, passwords, credit card numbers, and more.
The best advice before downloading an app includes reading multiple reviews about the app. Also, many large companies have links to their apps from their official websites. Following these links to download an app guarantees the consumer is getting the real app and not a scam app designed to look legitimate.
Social media “Gift Exchange” posts — These scams are prolific on Facebook and other social media sites this time of year and go by many different names, such as the “Secret Sister Gift Exchange,” the “#LoveMatters Gift Exchange,” and more. This scam promises that by sending just one present participants can get up to 36 back through a chain-letter type process. However, not only is this considered a gifting pyramid scheme where the people who join in later are unlikely to receive anything in return, it’s also illegal under the Postal Lottery Statute. Additionally, it’s inadvisable to add personal information, such as a home address, to a list that will be shared with strangers. While the people who post these “gift exchange” invitations on their social media pages may not intend to be exposing their friends to a scam, the truth is they have no control over who gets a hold of the list of names and addresses as the group proliferates.
The best advice for those who want to spread the cheer at this time of year is to participate in a gift exchange with friends and family, and contact all participants by phone to set it up.
“Free” trials — Some online ads lure consumers in with the promise of “free samples” or “free trials” that require the customer only pay for the shipping of the product. However, somewhere in the fine print of the ad it states that the customer will be automatically signed up for a membership or recurring purchase of the service or product unless they cancel within a designated period of time.
The best advice to avoid “free trial” pitfalls is to read the fine print before entering any payment information online in order to understand all applicable charges. Alternately, set a reminder to cancel the trial service or product shipment within the designated time period to avoid continued payments. NEXT STEPS: To report an attempted scam, use OCP’s convenient online reporting form here. You can also call to speak with one of our investigators at (800) 481-6896 or (406) 444-4500, visit OCP’s homepage at https://dojmt.gov/consumer/, or call your local law enforcement agency.
Amazon.com Scam Hits Holiday Shoppers
December 7, 2016
Just in time for the holidays, crooks have come up with a credible-looking way to scam online shoppers.
How it Works:
- You get an e-mail that appears to be from Amazon.com stating your recent order cannot be shipped
- Claiming a problem with processing, the e-mail informs you that you won’t be able to access your account or place orders with Amazon until you confirm your information
- A “click here” link leads to an authentic-looking Amazon web page to confirm your name, address and credit card information
- After entering the information and clicking on a “save and continue” button, you are redirected to Amazon’s actual website
What You Should Know:
- The scam e-mail subject line will say “Your Amazon.com order cannot be shipped.”
- If the “from” line in the e-mail contains an Internet Service Provider other than @amazon.com, the e-mail is not from Amazon
What You Should Do:
- If you get an e-mail like this from Amazon (or any other online retailer), don’t click on the link!
- If you’ve recently ordered from Amazon and are concerned about missing an authentic update, use your web browser to independently (not through the e-mail) log in to Amazon.com and check under “Your Orders” to see if the e-mail’s details match any of your order information; if the information doesn’t match, then the e-mail is a scam.
Phishing Attacks Continue to Rise
November 1, 2016
Phishing attacks continue to be widespread, so it’s critical we continue educating our members about these types of attacks. Cybercriminals craft professional-looking and sounding communications — such as emails, social media messages, text messages, and phone calls — to trick individuals into providing private personal and/or financial information:
- Sky Federal Credit Union will NEVER use outbound communications to receive personal or financial information from our account holders
- NEVER respond to emails, text messages, or phone calls requesting personal or financial information
- There are various types of phishing scams, and there is different terminology used to identify the type of scam (aka “vishing” for phone calls and “smishing” for texts)
- Be particularly cautious when receiving emails with an unknown sender, unsolicited emails or text messages, or when opening links provided in unsolicited emails or text messages; it is best not to open these communications
Scammers Increasingly Turn to Text to Steal Personal Information
October 4, 2016
My Office of Consumer Protection (OCP) has recently received a number of reports of scam text messages that are designed to appear to be sent by banks, credit card companies or other financial institutions. I encourage all Montana consumers to learn the telltale signs of these types of scams, and to utilize OCP’s easy-to-use online reporting forms to alert my office. The online reporting system allows us to watch for trends in scams and to alert the public more quickly.
These fraudulent text messages usually contain a link to a website that may look legitimate, and may even have the financial institution’s name in the web address. However, clicking on the link may install damaging software on your device, or take you to a website that asks you to ‘confirm’ your identity by providing personal information such as your name, bank account number, credit card number, online banking user ID and password, and more.
A general rule of thumb to protect yourself from identity theft scams like this is to never provide personal or financial information via a phone call, email or text message exchange that you did not initiate. Instead, find a statement from your bank or credit card company and call the number or visit the web address listed on the bill. This way, you can be sure you are using legitimate contact information for the business, instead of potentially falling prey to a scammer.
The Federal Trade Commission recommends these additional tips for dealing with scam and spam text messages:
- Don’t reply to the text and don’t click on links provided in the message
- Delete any text messages that ask you to confirm or provide personal information; legitimate companies don’t ask for information like your account numbers or passwords by email or text
- Report these text messages to your wireless carrier; forward the original message to 7726 (SPAM) free of charge for subscribers of some wireless companies, including AT&T, T-Mobile, Verizon, and Sprint
- Place your cell phone number on the National Do Not Call Registry
- Review your cell phone bill for unauthorized charges, and report them to your carrier
NEXT STEPS: To report an attempted scam, use OCP’s convenient online reporting form here . The Federal Trade Commission and the Federal Communications Commission both accept complaints about scam and spam text messages, too. You can also call to speak with one of our investigators at (800) 481-6896 or (406) 444-4500, visit OCP’s homepage at https://dojmt.gov/consumer/ , or call your local law enforcement agency.
Yahoo Email Users Urged to Take Precautions After Breach
September 26, 2016
With more than 500 million Yahoo user accounts affected in a recently discovered data breach, my Office of Consumer Protection urges all Montana Yahoo account users to take a few simple steps to safeguard their identities.
The Yahoo account breach is the largest single-site breach in history and the company has stated the information stolen may include names, emails, telephone numbers, dates of birth, hashed passwords, and security questions and answers. While the Yahoo hack took place in 2014, it’s still a good idea to take action now to protect any information that has not been compromised.
Change your account password. Do this for both your Yahoo account and any other accounts that use the same or similar usernames and/or passwords.
Change your account security questions. Do this for both your Yahoo account and any other accounts that use the same or similar questions and/or answers.
Consider using Yahoo’s Account Key. The Account Key is an authentication tool that eliminates the need to use a password altogether.
Monitor all your accounts for suspicious activity. Don’t download attachments or click on links from questionable emails.
Yahoo also recommends that, while no email content or payment information was included in the breach, users monitor their credit reports and credit card activity. Additionally, potentially affected users may want to consider placing a “security freeze” or “credit freeze” on their credit file.
Yahoo has issued a statement to potentially affected users via email informing them about the breach. The email does not ask recipients to click on any links or contain attachments and does not request any personal information.
NEXT STEPS: To report an attempted scam, use OCP’s convenient online reporting form here . You can also call to speak with one of our investigators at (800) 481-6896 or (406) 444-4500, or call your local law enforcement agency.
NCUA Warns of Text Phishing Scam
August 23, 2016
The National Credit Union Administration has received consumer calls about a suspicious text message claiming to come from the agency.
The message reads: “National Credit Union Administration Alert for (recipient’s phone number). Contact 844-234-5445.”
This is not a communication from NCUA. The agency does not seek personal information through the internet or on the telephone.
Please contact NCUA’s Consumer Assistance Center at 1-800-755-1030 between 8 a.m. and 5 p.m. Eastern if you receive one of these messages. NCUA also recommends contacting your credit union and local law enforcement.
Bank Text Message Scam
August 17, 2016
Individuals are receiving text messages claiming to be from Wells Fargo stating, “Important notice from security department!”, with a link to click. PLEASE DO NOT CLICK ON THE LINK.
In most cases scam artists will attempt to retrieve confidential information from a potential victim by instructing them that their account funds are limited because of a failed authentication. The scammers state that they must authenticate the individual’s banking information. To do so they will need the recipient’s bank account information, PIN number and Social Security Number.
If you, or someone you know, receives any unusual email or text message requesting such information, do not respond. Instead, if you have an account at the institution contact the company by phone or in person to alert them of the scam. A financial institution will NEVER ask for your personal information in a text message. If you receive this text message, simply delete it.
Tax Con Artists Employ Multiple Tactics
August 1, 2016
Scammers have stepped up their illegal activities and are impersonating Internal Revenue Service agents with increased frequency. Fortunately, Montana citizens are reporting these IRS scams. In fact, these are the most frequent types of complaints received by the Office of Consumer Protection (OCP). Citizens tell us they receive both telephone calls and emails. While IRS agent impersonation scams seem to increase in frequency occasionally, OCP receives these complaints year-around.
I encourage all Montanans to learn the telltale signs of these types of scams, and to utilize OCP’s easy-to-use online reporting forms to alert my office to any IRS impersonators or other scams you may encounter. The online reporting system allows us to watch for trends in scams and to alert the public more quickly.
Here’s a recap of the most common tax-related scams OCP and the IRS report receiving:
Demanding Payment: Callers attempt to trick unsuspecting taxpayers into believing they owe taxes and that they should make payments immediately over the phone. The callers even go so far as to tell Montanans that they will take legal action unless the taxpayer immediately pays taxes from previous tax years. The callers demand payment by credit cards, prepaid debit cards, gift cards, or wire transfers.
IN FACT, the IRS first contacts people by mail — not by phone. Further, the IRS does not require a specific payment method for your taxes. Checks work just as well as credit cards or prepaid debit cards. In fact, the IRS will not ask for a credit or debit card number over the phone. Also, the IRS will never demand immediate payment over the phone. Nor will the IRS threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.
If you receive a call from a person who claims to be from the IRS and the person is demanding money from you, simply hang up. If you think you may owe taxes, call the IRS or the Montana Department of Revenue directly.
“Verifying” Information: Scam artists call saying they have received your tax return, and simply need to verify a few details to process your return. The scammer tries to get you to give up personal information such as a Social Security number or personal financial information, such as bank account or credit card numbers.
IN FACT, the IRS will never call or email you and ask you to verify your identity or ask you to provide sensitive personal and financial information.
Posing as Taxpayer Advocates: The IRS reports some taxpayers are receiving emails appearing to be from the Taxpayer Advocacy Panel (TAP) about a tax refund. TAP is a real organization that sometimes advises the IRS. However, these unsolicited emails are a “phishing” scam. The emails look like they are sent from legitimate organizations — but are really from scammers — trying to trick you into providing personal identification and financial information.
IN FACT, TAP does not have access to any taxpayer’s private information such as Social Security, credit card, or bank account numbers, or their passwords or PINs.
NEXT STEPS: To report an attempted scam, use OCP’s convenient online reporting form here . For IRS Impersonation Scams, the Treasury Inspector General for Tax Administration also has an online reporting form. You can also call to speak with one of our investigators at (800) 481-6896 or (406) 444-4500, visit OCP’s homepage at https://dojmt.gov/consumer/ , or call your local law enforcement agency.
Stay Cool by Steering Clear of Summer Paving Scams
June 15, 2016
Summertime in Montana means boats are brought out of storage, sunscreen comes out of the cabinet, and flowers pop out of the ground. However, the warmer weather also brings certain scammers out of the woodwork. The Office of Consumer Protection at the Montana Department of Justice wants to alert you to a door-to-door “paver scam” that is common at this time of year. Here’s how it works:
A “contractor” will pull up in front of a consumer’s house, usually in an unmarked van or truck and will knock on the consumer’s door claiming they have leftover asphalt from another job they were working on nearby. The scammer will tell the homeowner that since they are going to use leftover material, they can offer a low price and a lifetime warranty on the paving or patching of the homeowner’s driveway.
The “contractor” will then complete the work, sometimes without getting approval from the homeowner first. Alternatively, the homeowner might agree to have some areas of the driveway patched, but the pavers end up resurfacing the entire driveway. However, they often use substandard material that does not harden to an acceptable strength and will simply peel away from the driveway over time. The scammers will then demand a much higher price than was agreed on, if a price was agreed on at all. The con artists can become very aggressive and try to pressure the homeowner into paying them immediately, sometimes even threatening to tear up the driveway.
These cons are typically based outside of Montana and often move on to another community by the time the blacktop dries.
WHAT TO DO
Tip-offs to “fly-by-night” paver or home improvement swindlers include:
- Arrival in an unmarked truck or van;
- Door-to-door contractors claiming “We’ve just finished a job nearby and have material left over so we can do your job for a deep discount;”
- High-pressure sales tactics;
- Refusal to provide a written estimate, contract or references;
- Very low bids; and,
- The ability to “start tomorrow” on your project
If you are approached by a contractor, ask for a business card that shows their registration and licensing information. You can also verify they are registered to do business in Montana by searching for their company on-line at mtcontractor.com or by calling the Montana Department of Labor at (406) 444-7734.
If you decide to move forward with paving, get a written description of the work to be done and the cost. And don’t be afraid to say no. This should be a practice even if you make the first contact. It’s also a good idea to get at least three estimates on any repair or construction work.
To report an attempted scam, call your local police department, or the Montana Department of Justice’s Office of Consumer Protection at (800) 481-6896 or (406) 444-4500, or visit us at https://dojmt.gov/consumer/ .
Insidious Scammers Aim to Steal Employee
April 06, 2016 Information
Scammers are targeting businesses nationwide, including many in Montana, with a sophisticated “spear phishing” email scam that has compromised the personal information of thousands of Montanans.
“Spear phishing” is a more focused form of “phishing,” or posing as a legitimate source to gain access to sensitive personal identification and financial information. “Spear phishing” emails are sent to specifically targeted recipients and are designed to look like they were sent from someone the recipient knows and interacts with — possibly a business owner, a supervisor, a colleague, or a department manager. The email’s subject line and content are likely to be specific to the target recipient’s business responsibilities or interests.
“This ‘spear phishing’ scam is especially despicable because it takes advantage of the trust that colleagues build between each other,” said Montana Attorney General Tim Fox. “These scammers often research their intended target by exploring the target recipient’s LinkedIn and other social media pages to build a convincing email. It is easy to fall victim to those emails. Educating Montana businesses about the existence of these scams is the best defense we have.”
The Montana Office of Consumer Protection has received dozens of notices about the following specific “spear phishing” scam:
A person impersonating a company executive sends a scam email to a staff member. The email requests a list of employees’ W-2 information, such as employees’ names, addresses, social security numbers, and wage information. In reality, though, when the staff member responds with the W-2 information to the fake scam email, the scammer steals the personal information and uses it to commit identity theft. The scammer may even file fake tax returns to steal an individual’s tax refund money.
If you, or someone you know, receives an unusual email requesting such information, do not respond immediately. Instead, contact the company executive by phone or in person to ensure that the request for W-2 information legitimately came from within your business.
If you discover that personal information has been sent to a scammer, alert company executives to the scam immediately.
The incident should then be reported to the IRS at [email protected] and the Montana Department of Justice’s Office of Consumer Protection at (800) 481-6896 or (406) 444-4500, or online at https://dojmt.gov/consumer . More information regarding phishing scams can be found at https://www.irs.gov/uac/Report-Phishing .
Telephone Scam Seeking Personal Information
Dec. 17, 2015
The National Credit Union Administration is warning consumers about a telephone scam in which consumers are contacted by a caller claiming to work for NCUA and asking for personal and financial information.
The caller tells the consumer her or his credit card or debit card has been frozen or blocked. The caller then asks for the consumer’s Social Security number, account number, date of birth and home address to supposedly verify the information.
Consumers should not provide this or any other information to the caller.
NCUA would not request personal or financial information in this manner.
Active ATM Fraud Investigation
December 10, 2015
FICO Card Alert Service (CAS) has recently seen a significant increase in skimming device fraud perpetrated at convenience store ATMs. CAS is actively investigating potentially compromised convenience store ATMs in the following areas listed below.
ATM skimming is a type of fraud which occurs when an ATM is compromised by a skimming device, a card reader which can be disguised to look like a part of the machine. The card reader saves the users’ card number and pin code, which is then replicated into a counterfeit copy for theft.
The corresponding fraud has typically manifested as aggressive, high dollar ATM withdrawals in the same general geographic area as the compromised terminal(s).
CITIES WHERE COMPROMISED CONVENIENCE STORE ATMS WERE FOUND:
- Arizona: Mesa
- California: Huntington Beach, Long Beach, Los Angeles, Pico Rivera, San Pedro, Santa Ana, Santa Fe Springs, Seal Beach, Studio City, and West Hollywood
- District of Columbia
- Massachusetts: Lowell
- Maryland: Baltimore, Bowie, Brooklyn Park, Capitol Heights, Laurel, and Oxon Hill
- New Jersey: Edison and Hackensack
- New York: North Babylon, St. James
- Oregon: Portland
- Pennsylvania: Hatboro, Philadelphia, Pittsburgh, Ridley Park
- Virginia: Chesapeake, Alexandria, Arlington, and Virginia Beach
- Washington: Seattle
Other geographic areas may be targeted by organized criminal groups, and CAS anticipates that compromised convenience store ATMs will be found in additional locations. Please use the above list as general guidance.
8 Tips to protect yourself from ATM Skimming
Know What to Look For:
Skimmers are small electronic devices that fit over the slot you swipe (or push) your debit and credit cards into, which steal your card details. If anything seems out of place, unusually bulky, or poorly affixed to the machine, gently tug on it. If it moves or comes away from the ATM, it may be a skimming device.
The battery life of these devices is about two to four hours. When a few cards have been skimmed, the criminals remove them and move on to the next machine. They are usually only attached with glue or tape.
The FBI advises that you check for scratching around the card slot, adhesive tape or glue residue, and if the device can be removed, you should alert financial staff or call 911 immediately.
Look for Hidden Cameras:
Skimming is a two-step process because criminals can also obtain your PIN. This is often done with a pinhole camera hidden on or near an ATM. Look for anything that may have a tiny hole or slot for a camera to be placed inside, especially if it’s aimed at the keypad. These devices may be stuck to the top or side of the machine, or placed inside light fixtures above it. They are also likely to be temporarily affixed, so check any unusual components to see if they move or seem poorly applied.
Many ATMs will also have security cameras attached to them, and these are usually much more obvious and permanent. If in doubt, check with the financial personnel or seek out another machine.
Check the Keypad:
Some criminals have also used keypad overlays instead of cameras to capture customers’ PINs. These devices record keystrokes electronically, so check for anything that seems to have been placed over the top of the keypad that moves, seems unusual, or does not match the ATM.
Protect Your PIN:
Always use your hand to shield your PIN as you enter it, and be aware of anyone standing too close who may be attempting to watch. And never write your PIN down; memorize it.
Know Your Surroundings:
Machines with a lot of customers, especially in tourist areas, are the most likely to be targeted by criminals.
Look for an ATM that’s inside a financial institution or within the sight of a security camera, where scammers would be less likely to take a risk. Be wary of anyone loitering by machines, especially when using an ATM, and don’t let strangers help you with supposedly “broken” machines. It is not just ATMs that can be compromised. Gas stations that allow customers to pay at the pump are also at risk.
What to Do if You Fall Victim to Fraud:
You are not liable for any fraudulent transactions and, if you report it early, you will get the money back — but it may take some time. You have 60 days upon receiving a statement to report suspicious activity and are protected under federal law by the Truth in Lending Act and the Electronic Fund Transfer Act. To report any fraud to Sky Federal Credit Union, contact us at (800) 445-3328 and ask for our Card Services Department.
Get to Know Your Financial Institution:
Understand their policies for preventing fraud and their procedures for helping victims. It’s also a good idea to understand what your financials security procedures are and what they are for. The secret questions and multiple passwords might be annoying, but they keep your details safer. If you use an ATM regularly and the appearance of the card slot changes, contact their personnel to alert them as soon as possible.
Check Your Statements Regularly:
Criminals may only use stolen card details infrequently to minimize the chances that the financial will detect unusual transactions. It’s important to keep an eye out for anything on your statement that seems unlikely — or impossible.
If you don’t already use online banking, it’s worth considering. Being able to quickly access and search through your statements could help you to identify these transactions and allow you to report them much sooner.