Fraud Alerts

IMPORTANT SCAM ALERT: YVCU will never ask for your personal information through e-mail or by phone. Bogus e-mails and phone calls requesting personal & financial information have hit the Yakima area and some of our Credit Union members are receiving them.

Here is the information they are hoping you will provide to them:

  • Your ATM, Debit, Or Credit Card account number
  • Your PIN (Personal Identification Number)
  • Card expiration number
  • CVV number from the back of your card

Please do not respond. If you ever have any questions about correspondence you receive regarding your account, please contact a YVCU office.

See the articles below for more information on scams and how to protect yourself.

THE LATEST SCAM is an e-mail which appears to be from the "Good Guys". They warn you about recent scams and ask you not to respond. However, they still try to make you believe there is a problem with your account. They refer you to a phone number where they ask you to provide ACCOUNT NUMBER, PIN & CARD EXPIRATION DATE. See an example below. If you receive such an e-mail DO NOT RESPOND to their request.

Members and Non-Members may have received an e-mail that "appears" to be from Yakima Valley Credit Union.

This is an e-mail fraud attempt designed by hackers to obtain your personal information.

The e-mail has a link that sends you to a site similar to our Internet Branch site and requests you to supply your card information.

We urge you not to follow the links or enter any account information.

We are commited to safeguarding your personal information and it is important that your account stays secure.

The e-mail addresses used in the scam were not obtained from YVCU.

We will never ask members for personal account information in this manner.

For your security, your online banking profile has been locked .

Unlocking your profile will take approximately one minute to complete :

To reactivate your debit/credit card :

Immediately call (800) xxx-xxx Monday-Friday during office hours
or after hours and on weekends to reactivate your debit/credit card.
Use your YVCU account number in the activation process.


Copyright © 2007 Yakima Valley Credit Union All rights Reserved.

Protect Your Credit with Click Here!

AlertMe is a service that monitors your credit profile at the Experian credit bureau for material changes such as a new account, new address, delinquency, new credit report inquiry, judgments and liens. If such a change occurs, you will be notified by mail or e-mail of the change.  Specifics of the change can be retrieved on their website in a secure manner if you are an e-mail subscriber.  This is an excellent "early warning" tool to fight back against identity theft.  For a nominal fee, AlertMe monitors your credit report and quickly advises you of any sudden changes.  This will help you take corrective action sooner, saving you frustration, time, and money.  Click here to visit the enrollment page or for answers to additional questions. 

Avoiding Phishing Scams & Spoofs

The latest twist in Internet fraud is coming from criminals who won’t try to break into or hack your computer. They don’t have to. All they have to do is trick you into handing over personal financial information by impersonating your credit union in a bogus e-mail. The information is then used to obtain information to steal identities, obtain cash or create counterfeit card information.

The scam is called phishing (pronounced "fishing"), and it’s the fastest-growing type of Internet fraud. In February 2005, a reported 282 phishing campaigns were sent to millions of consumers – a 50% increase over January. These frauds make up more than half of the 15,000 monthly citizen complaints filed to the FBI's Internet crime center.

How phishing hooks the victim

A typical phishing scam works like this: An individual receives an e-mail, purporting to be from a business they deal with, such as their credit union or an online payment service.

They’re asked to "update" or “validate” personal information, such as Social Security numbers, dates of birth, passwords and the like, to keep their account “active.”

They’re directed to a "look-alike" Web site of the legitimate business, further tricking consumers into thinking they are responding to a bona fide request. Unknowingly, consumers are submitting their financial information not to the business but to scammers, who use it to order goods and services, and obtain credit.

Unfortunately, credit union members can be vulnerable to phishing, because scammers are playing on the trust people already have in their financial institutions.

Warning Signs of a Spoof E-mail:

Warning signs that an e-mail may be fake include a generic greeting, a false sense of urgency, information that seems too good to be true or requests for personal information such as credit card number, Social Security number or account password.

How to Spot a Spoof Web Site:

You can count on the fact that a spoof e-mail will take you to a fake Web site. You can also be sure that this spoof site will ask you to type personal information. There are often links in the e-mail that do not match up with the Web address it takes you to. Some sites may have a fake address bar to hide the mismatch, but don't include a secure lock icon at the bottom of the browser window. Authentic Yakima Valley Credit Union pages include https://www.yvcu.org, http://www.yvcu.org, or https://secure1.yvcu.org at the beginning of each address.

Examples of an invalid YVCU link would be:
http://signin.yvcu.org@12.34.56.7/
http://83.16.123.18/pp/update/htm?=https://www.yvcu.org/-cmd_login_access
http://secure1.yvcu.org.chepizza.com.ar/login.php?
Examples of valid YVCU links would be:
https://secure1.yvcu.org/asp/USERS/Common/Login/netlogin.asp
http://www.yvcu.org/pages/mortgage.php

Remember the following information to avoid being scammed:

Yakima Valley Credit Union or our affiliates (such as CUNA, CUNA Mutual, or NCUA) will not send an e-mail to you asking for your personal, credit card, password or account information. In fact, ANY legitimate company should not ask for such information in an e-mail. We will also never ask you to download an attachment. Attachments often contain viruses that harm your computer or may compromise your account.

Do not respond to any e-mail requests for personal financial information and delete any suspicious e-mails. Never disclose any personally identifying information if requested from an unsolicited e-mail or phone call. This includes credit union account information, card information, Social Security number, mother’s maiden name, or other private information. Never reveal a private PIN (personal identification number) or other credit union password. Be suspicious if you're asked to enter personally identifying information into an unexpected pop-up window – no matter how “official” it might look. Finally, always use the phone numbers, e-mail addresses & Web addresses that you have on file for the company rather than what is provided to you in a phone conversation, e-mail or Web site.

If you can determine the ISP hosting the imposter/spoofed Web site, contact the Internet service provider to request that the Web site be immediately disabled and all information pertaining to it be preserved for law enforcement.
If you have been victimized by spoofed mail, e-mails or Web sites, contact your local law enforcement, US Postal Inspector, or FBI.
If you have any doubt about whether an e-mail you receive is really from Yakima Valley Credit Union, here's how to report it:
  1. Forward the message to fraud@yvcu.org
  2. Don't alter the subject line or forward the message as an attachment. Doing so prevents us from investigating it further.

Once you have forwarded the e-mail to us, delete it from your e-mail account.

The National Credit Union Administration has made available a brochure in pdf format called, "Tips to Safely Conduct Financial Transactions Over the Internet". Click here to access the brochure.

ATM Urban Myth

An urban myth chain letter is being well circulated by e-mail stating that if a person is at an ATM and feels threatened or unsafe, they just need to enter their PIN (Personal Identification Number) in to the ATM backwards and that will signal the police. The information in the e-mail is false and should be deleted if received. No such system is in place.

Survey Scam

There are new phishing emails in the form of surveys asking for feedback on your financial institution. These messages are scams and should be deleted. The messages offer awards up to $500, but there is no monetary award for filling out the form -- this is an identity theft scam.

Protect Yourself Against Identity Theft!

You can reduce your chances of being the victim of identity theft by doing the following:

  • Review account transactions regularly;
  • Contact the companies you do business with using the phone numbers, e-mail addresses, Web sites or addresses you have on record rather than what might be provided to you in an e-mail, phone call or other communication;
  • Switch to a PO Box if your current mailbox isn't secure;
  • Have Social Security, pension, payroll, and other payments electronically deposited to your account;
  • Shred documents you no longer need that include account numbers and other personal information;
  • Keep other secure documents in a container that is fireproof and can be locked (Consider a safe deposit box!);
  • Check your credit report regularly. You can obtain a free credit report annually from all three credit reporting agencies. For more information, click here;
  • Keep your PINs (Personal Identification Numbers) secure: Don't write them where others can find them; Don't type them where others can see what you're entering; Don't share them with others who you don't trust to keep the information private;
  • Remember that no valid company will contact you with an urgent request to verify your personal and account information!

"Vishing" Scams Use Phone Instead of Fake Web Sites

In a new twist, identity thieves are sending spam that warns victims that their credit union/bank account or PayPal accounts were supposedly compromised. However, unlike typical phishing emails, there is no website address in these phishing messages. Instead, the victim is urged to call a phone number to verify account details.

The automated voice message says: "Welcome to account verification. Please type your 16-digit card number." The goal is to get the victim to enter their credit card number. In these reported scams, no mention of the credit union, bank or PayPal is made.

Security experts tracking this scam and other instances of "vishing", short for "voice phishing", say the frauds are particularly despicable because they imitate the legitimate ways people interact with financial institutions. In fact, some vishing attacks don't begin with an e-mail. Some come as calls out of the blue, in which the caller already knows the recipient's credit card number. This increases the perception of legitimacy, the caller asks for the valuable three-digit security code on the back of the card.

Vishing appears to be prospering with the help of Voice over Internet Protocol, or VoIP, the technology that enables cheap and anonymous Internet calling, as well as the ease with which caller ID boxes can be tricked into displaying erroneous information.

LOSS PREVENTION RECOMMENDATIONS :
  • Never call a number you receive from a spam email, and certainly don't enter in any private information if you make a mistake and do call. If you want to call the company noted in the e-mail or phone call, use the normal number you regularly use, not the one provided to you in the e-mail or call.
  • Never click on the link provided in an e-mail you believe is fraudulent.
  • Do not open an attachment to an unsolicited e-mail unless you have verified the source.
  • Do not be intimidated by an e-mail or caller who suggest dire consequences if you do not immediately provide or verify information.
  • If you believe the contact is legitimate, go to the company’s website by typing in the site address directly or using a page you have previously book marked, instead of a link provided in the e-mail.
(See more information below.)

Help From the Federal Trade Commission on Internet Scams

In an attempt to address the rising cyber crime threat, the FTC (Federal Trade Commission ) on January 10, 2006 unveiled an online tool designed to help consumers avoid becoming victims of Internet scams.

At the website, www.onguardonline.gov, consumers can take interactive quizzes designed to enlighten them about identity theft, phishing, spam and online-shopping scams. If the user selects a wrong answer, the program explains why that particular misconception about Internet security can lead to trouble.

Elsewhere on the site, consumers can find detailed guidance on how to monitor their credit histories, use effective passwords and recover from identity theft.

Five federal agencies and 13 private organizations partnered to sponsor the OnGuard Online website. Information on the site is not copyrighted, and the FTC encourages companies and other organizations to download and widely disseminate the information.

"We're trying to make the information as accessible as possible, with tips so people can take action," said Nat Wood, the FTC's assistant director for consumer and business education. The increasing concern about online threats is one of the reasons we could put together such a blue-chip coalition for a program like this," says Wood. "E-commerce is great, but we just want people to have the tools to use it safely."

Secret Shopper Scam

A variant of secret shopper and counterfeit check scams is showing up in several parts of the country. Capitalizing on the popularity of "mystery shopping," in which consumers are recruited to monitor the performance of retail businesses, scammers are making withdrawals from victims’ bank/credit union accounts. Secret Shoppers send the member a package by FedEx asking him/her to do a secret shopping assignment. The assignment was to cash a cashier's check and then send a Money Gram from the local Wal-Mart. The member thought he was monitoring Money Gram's performance, but the scammer, using the name "Secret Shoppers," sent a counterfeit check. The member had wired his own money, about $3,000 to the scammer.

The Internal Revenue Service and the Internet Crime Complaint Center have issued consumer alerts about an Internet scam in which consumers receive an e-mail informing them of a tax refund.

One e-mail, which claims to be from the IRS, tells the recipient that they are eligible to receive a tax refund for a given amount. It then directs the consumer to a link that requests personal information, such as Social Security number and credit card information.

Another e-mail titled "Refund Notice" claims to provide information to recipients regarding the status of their IRS Tax Refunds. The e-mail contains a link, which mirrors the true IRS web site. This site purportedly allows recipients to check the status of their IRS tax refund after providing the following information:
  • First and last name
  • Social Security Number or IRS Individual Taxpayer Identification Number
  • Credit card information

The IRS has seen numerous attempts over the years to defraud the public and the federal government through a variety of schemes, including abusive tax avoidance transactions, identity theft, claims for slavery reparations, frivolous arguments and more. More information on these schemes may be found on the criminal enforcement page at www.IRS.gov.

The IRS does not ask for personal identifying or financial information via unsolicited e-mail.

LOSS PREVENTION RECOMMENDATIONS : If you receive an unsolicited e-mail alleging to be from the IRS, take the following steps:
  • Do not open any attachments to the e-mail, in case they contain malicious code that will infect your computer.
  • Contact the IRS at 1-800-829-1040 to determine whether the IRS is trying to contact you about a tax refund. Taxpayers do not have to complete a special form to obtain a refund.
If you have received this, or a similar hoax, please file a complaint at www.ic3.gov.

A good resource for this topic is Anti-Phishing Working Group at http://www.antiphishing.org If you have been victimized by a spoofed e-mail or web site, you should contact your local law enforcement, US Postal Inspector, or FBI.

A new method scammers are using to commit identity theft: the jury duty scam.

Here's how it works:

The scammer calls claiming to work for the local court and claims you've failed to report for jury duty. He tells you that a warrant has been issued for your arrest.

The victim will often rightly claim they never received the jury duty notification. The scammer then asks the victim for confidential information for "verification" purposes.

Specifically, the scammer asks for the victim's Social Security number, birth date, and sometimes even for credit card numbers and other private information -- exactly what the scammer needs to commit identity theft.

So far, this jury duty scam has been reported in Michigan, Ohio, Texas, Arizona, Illinois, Pennsylvania, Minnesota, Oregon and Washington state.

It's easy to see why this works. The victim is clearly caught off guard, and is understandably upset at the prospect of a warrant being issued for his or her arrest. So, the victim is much less likely to be vigilant about protecting their confidential information.

In reality, court workers will never call you to ask for social security numbers and other private information. In fact, most courts follow up via snail mail and rarely, if ever, call prospective jurors.

Action: Never give out your Social Security number, credit card numbers or other personal confidential information when you receive a telephone call.

This jury duty scam is the latest in a series of identity theft scams where scammers use the phone to try to get people to reveal their Social Security number, credit card numbers or other personal confidential information.

It doesn't matter *why* they are calling -- all the reasons are just different variants of the same scam.

Protecting yourself is simple: Never give this info out when you receive a phone call. If information comes by mail, verify the legitimacy of the mailing by calling a phone number you have on record for the company, rather than the number provided in the mailed literature
MEMBERS Financial Services Your savings federally insured to at least $100,000 and backed by the full faith and credit of the United States Government. Equal Housing Opportunity