MADISON, Wis. (8/13/12)--New types of scams--particularly the texting scams that are challenging consumers and financial institutions across the country--mean credit unions should change their focus slightly when educating their members and staff about fraud, says CUNA Mutual Group.
The text scams occur when a criminal sends a text message to a consumer's cell phone under false pretenses to trick the consumer into entering personal information with a bogus phone line or website so the criminal can use the information to raid the victim's account. They have occurred mostly in Georgia, West Virginia, Wisconsin, Florida and California, said Ann Davidson, CUNA Mutual's senior consultant, risk management.
News Now also has picked up media reports on text scams hitting credit unions in Pennsylvania, Arkansas, Georgia, Ohio and Michigan since early May.
A new education tactic is in order because consumers and media are asking how the criminals could have obtained their cell phone numbers and the fraudsters themselves have changed their focus on the type of information they are after.
Some consumers even perceive that their credit union's data were breached. Many believe they got the text through their e-mail address. Still others believe that only members of the specific credit union named in the bogus text were targeted. None of these beliefs are correct.
In text scams, "the credit union would not have been breached," Davidson told News Now. The cyber criminals "get the prefix of the phone carrier. For example, 354 may be a prefix number. They use phone dialers that automatically pick up numbers." Also, it is not just members targeted as victims. The predialers capture nonmembers' numbers within the prefix, too. "The text message comes through your phone number--not your e-mail address," Davidson said, adding that credit unions need to educate their members about that.
With cyber criminals shifting their focus to consumers' mobile devices such as cellphone, iphone or smartphone, major telecommunications carriers such as AT&T, T-Mobile and Verizon are offering a new service for consumers who receiving text spams that may involve scams.
"When consumers get a text they think is a scam, they can forward it to the number 7726. All three carriers use the same number " in an attempt to establish a communications industry standard for dealing with spam, Davidson told News Now.
When CUNA Mutual Group receives a report from a credit union about a text scam, it collects the number that the consumer was given to enter the account information and reports it to the carrier, working hand-in-hand to mitigate the losses. Sometimes the company will be told the number is used by a specific group being monitored. Other times, the phone number will be disconnected to prevent future losses.
CUNA Mutual Policyholders can report a risk alert and any losses to its Protection Resource Center on its website. Use the link. A sign-in is required.
Cyber criminals also may shift their focus from obtaining credit and debit card numbers to obtaining the consumer's banking account numbers, said Davidson. If they get the account number at the credit union, and the credit union's routing number, "they can make an ACH (automated clearinghouse) transaction." While this isn't happening yet, she cautioned credit unions to avoid publishing their routing number widely.
In preventing thefts due to text scams, "education is huge," Davidson said. Not only should credit unions educate members and consumers, they also should educate their call center staff. "Many times someone at the call center in an effort to help (members) provides excellent service--to the bad guys," she said. The latest trend in wire fraud is to call the call center to capture numbers and information.
Tell members/consumers to set up security systems on their mobile devices and to add their cell phone number to the Do Not Call registry, she said.
"To commit fraud, the criminal needs to break into your credit union. That's the key. Credit unions should ask, 'How are they getting in?' Is it through the Internet on the website, through calling the call center, or through the members? Once you determine that, you can minimize the losses."
Criminals' "fraud alerts" are beginning to blend in with legitimate alerts. "The majority of credit unions have at least one victim who responds to the scam," Davidson said. "Credit unions have done a tremendous job in educating consumers about e-mail fraud. Now they need to do it for text fraud, too."