There's no typical fraud victim. Scammers don't care who you are, how old you are, or how much you earn. Anybody is fair game. Here are some common scams.
- Buyers in foreign countries offer to pay shipping charges and scam people who sell merchandise online.
- The buyer express-delivers a Cashier's Check for more than the selling price, and the check appears to be drawn on a U.S. bank.
- The buyer then asks the seller to return the overpayment by Western Union or MoneyGram.
- Here’s the scam—the Cashier's Check is not valid. But by the time it's returned as unpaid, the seller is overdrawn and responsible for the funds.
- You receive a letter or phone call telling you you've won a big lottery prize in a lottery you never entered.
- Then you're told that you must send money before you can collect.
- Legitimate lottery and sweepstakes administrators never charge fees to deliver your prize. If it sounds too good to be true, it generally is!
Myths about Cashier's Checks & Money Orders
- Don’t think that because you received a Cashiers Check or money order that it’s as good as cash.
- Advanced laser printers are making it easier for fraudsters to produce realistic-looking fakes, and financial institutions and post offices have both reported a dramatic increase in counterfeit activity.
- If you receive a Cashier's Check or money order from someone you don't know, don't assume it's legitimate—fakes can be returned unpaid, resulting in losses to our members.
- Federal regulations dictate the length of time a financial institution must make funds available to consumers. The release of funds on a deposit is not assurance that the Cashier's Check has been presented and paid. On the contrary, if a check is returned unpaid, it is not received by the accepting financial institution until several days or up to two weeks from the date it was deposited.
Red Flags for Fraud
If an offer sounds too good to be true, it probably is. Watch out for anything from anybody that asks you for personal information or for money up front.
- Never provide your account number, Social Security number or routing number. This information can be used to withdraw money from your account.
- Don't get involved with an online buyer from another country.
- Don't accept overpayments from buyers.
- Don't respond to e-mails, letters or faxes asking you to "deposit or clear money" through your account. When in doubt, delete! Or forward scam e-mails to the Federal Trade Commission (FTC).
- Don't respond to winning lottery letters on lotteries you didn't enter.
- If you've been asked to "wire," "send," or "ship" money to someone you don't know—DON'T. Recent scams have come from Canada, England, and Nigeria.
What To Do
If you think you may have been a victim of a financial scam, contact us at 800.XFCU.222 right away so we can take the steps necessary to secure your accounts.
If you've been contacted by a scam artist, report them to the Federal Trade Commission or call 877.FTC.HELP.
Phishing Phone Calls
Xceed recently received notification that a caller claiming to be an employee of Xceed Financial Credit Union contacted a member asking to verify transactions due to a card compromise. The member was asked to reset their PIN to “1234” and provide the card number. The callers telephone number was 888.654.5201 and they claimed to be located in a Texas contact center used when Xceed is busy.
- Xceed does not have a contact center in Texas
- Xceed will never initiate a call and request your personal information
- These calls are not being initiated by Xceed and are a phishing attempt to obtain personal and/or account information
- The telephone numbers may vary as it is common that multiple numbers are used in phishing attempts
If you suspect that your personal or account information has been compromised please contact us immediately at 800.XFCU.222.
Counterfeit Cashier's Checks
We are not aware of any Xceed Financial Credit Union members being targeted by this scam, but we have been informed by Coast Central Credit Union, Eureka, California, of counterfeit cashier's checks being circulated. The counterfeit items bear the institution's name using a correct routing number but are markedly dissimilar to authentic cashier's checks.
These counterfeit checks do not resemble the bank's authentic items and may be identified by the following:
- The Check amount is $3950.00.
- The Remitter is American Mega Lottery Payment out of Las Vegas, Nevada and London, England.
- The Check numbers begin with 121XXX, they have a six digit serial number.
Skimmer fraud perpetrated at stand-alone ATMs is on the rise!
An overlay skimmer is a device that fits over the card reader slot of an ATM or gas pump pay station. This skimmer is used to record the data contained on the magnetic strip on the back of a credit, check, or ATM card, including the account number. Skimmers are usually placed on stand-alone ATMs, such as those found at 7/Eleven stores, gas stations, or some Costco locations. They work because they’re nearly invisible, mimicking the ATM card slot and fitting like they’re part of the ATM. Some skimmers are multi-part – a card-reader sits in the ATM where the card is swiped, and a camera is hidden from view to capture the PIN as well.
One simple way to protect your account is to shield the keypad with one hand while entering the PIN with the other hand. This can also help block the view of “shoulder surfers.” In addition, stay vigilant when choosing an ATM, and examine each ATM before use to determine if the card reader looks legitimate. If the ATM seems to have been tampered with in any way, find a different ATM to use.
National Credit Union Administration (NCUA)-Impersonation Telephone and Text Messaging Scam
A new phone scam has been reported by the NCUA. Citizens are receiving phone calls and text messages from individuals who claim to work for the NCUA and asking for personal and financial information. The caller usually tells the citizen that his or her credit or debit card has been frozen or blocked. The caller then asks for the victim’s Social Security number, account number, date of birth, and home address to supposedly verify the information. Members should not provide this or any other information to the caller. The NCUA will not request personal or financial information in this manner.
Note that the NCUA will never:
- Make an unsolicited request for a member’s personal identification number.
- Request that a member share their personal information on a call that they did not initiate.
- Text message a member and ask them to call a number
Los Angeles County Sheriff's Department-Impersonation Telephone Scam
A new phone scam has been reported by the Los Angeles County Sheriff’s Department. Citizens are receiving phone calls from individuals who claim to be LA County Sheriff’s Department employees. The caller usually tells the citizen that a warrant has been issued for their arrest for failure to appear for Jury Duty. The caller will tell the victim that they have to pay a sum of money, or face arrest by a sheriff’s deputy. The caller will instruct the victim to either get a money order, conduct a wire transfer, of buy a gift card (usually Green Dot) and send it to a specific location to pay the fine.
Note that the LA County Sheriff's Department will never:
- Call to solicit money for fines.
- Solicit warrant information by phone.
- Ask for a money order, gift card, or wire transfer.
- Visit your home to collect a fee for a warrant.
Credit Union Account Reactivation Scam
We are not aware of any Xceed Financial Credit Union members being targeted by this scam, but members of Navy Federal Credit Union have received bogus emails stating that services on their account are being disabled. The bogus email includes a link that is supposed to re-activate the services – instead, clicking on the link facilitates identity theft by compromising the members’ machines and information.
Here’s what the email subject line looked like:
From: Navy Federal Credit Union
Subject: Online banking access compromised
If you receive anything similar to this email, do NOT respond and delete it immediately! Also, do not click any links in the email, download pictures, and do not “unsubscribe” or acknowledge the email in any way since that could compromise your security.
Online Safety Tips:
- Xceed Financial will never make unsolicited requests for your personal information, so never share your private info via email or on a call you did not initiate.
- Use extra caution when clicking on any link in an email.
- Watch out for pop-up messages. If you're visiting a website and get a prompt to update Flash, Java, or Acrobat PDF Reader in order to view content or a video, don't click. Only perform these updates when you see an update prompt while turning on or restarting your computer.
- Choose "friends" carefully. Social networking sites have made it easier for hackers to gather information about you. Be suspicious of people who attempt to "friend" you or become part of your professional network.
IRS-Impersonation Telephone Scam
An aggressive and sophisticated phone scam targeting taxpayers, including recent immigrants, has been making the rounds throughout the country. Callers claim to be employees of the IRS, but are not. These con artists can sound convincing when they call. They use fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.
Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card, depositing cash to a bank account, or wire transfer. If the victim refuses to cooperate, they are then threatened with immediate arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting.
Or, victims may be told they have a refund due to try to trick them into sharing private information.
If the phone isn't answered, the scammers often leave an “urgent” callback request.
Note that the IRS will never:
- call to demand immediate payment, nor will the agency call about taxes owed without first having mailed you a bill;
- demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe;
- require you to use a specific payment method for your taxes, such as a prepaid debit card;
- ask for credit or debit card numbers over the phone; or
- threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.
Xceed Financial Credit Union Impersonator
In the past, we learned of two situations where fraudsters have tried to gain people’s private information by pretending to be Xceed Financial. The individuals targeted were non-Xceed Financial members, and they both received loan offers/applications from an entity that called itself “Xceed Financial Inc.” Here’s what we know.
- The first person received a loan application by email. The “application” was a simple Word document that did not contain Xceed Financial’s exact name, logo, and address. This is how the email appeared (“xxxxx” was the recipient’s first name):
Date: Mon, Sep 3, 2012 at 11:08 AM
Please fill the form and e-mail back as soon as
possible. note that you must be working with proof of
income. you must be able to pay off in 3 yrs max.thanks
> ** CRAIGSLIST ADVISORY --- AVOID SCAMS BY DEALING LOCALLY
> ** Avoid: wiring money, cross-border deals, work-at-home
> ** Beware: cashier checks, money orders, escrow, shipping
> ** More Info: http://www.craigslist.org/about/scams
> This message was remailed to you via: firstname.lastname@example.org
> If this email is a scam or spam please flag it now:
- The second person received a “pop-up” while searching loan options/rates on the internet. The loan application provided to him was similar to the first one, but it was a better fake – it included Xceed Financial’s logo and address on the top.
If you have any questions or think you are being targeted by this imposter, please contact us (the REAL us!) immediately at 800.XFCU.222 (800.932.8222).
Fraudulent Emails Appearing to be from the FDIC
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that looks like it was sent from the FDIC. The FDIC has confirmed that it does not issue unsolicited emails to consumers or to business account holders. The email is an attempt to collect personal or confidential information, or to load malicious software onto the recipients’ computers.
Be on the lookout for this fraudulent email! Here’s what we know about it.
- The subject line reads “Changes in FDIC security requirements.”
- The e-mails are addressed to "Dear Client," and state, "Your account ACH and Wire transactions have been temporarily suspended for your Security, due to the expiration of your security version. To download and install the newest Updates, follow this link security." A hyperlink is then provided.
- The email concludes with, "As soon as it is set up, your transaction abilities will be fully restored. Best regards, Online security department, Federal Deposit Insurance Corporation"
- The following address is provided at the bottom of the message:
"FDIC Public Information Center
3501 North Fairfax Drive, Room E-1002.Section 515. Arlington, VA 22226
Fax Number: (703) 562-2296 Email Address: email@example.com"
Email Security Tips:
- Never click on a link in an email from an unknown source.
- If you receive this fraudulent email, do not click on the link provided and delete the email immediately.
Email/Telephone Phishing Scam
Xceed Financial and other credit unions (as well as banks) across the country have been notified that members are being targeted by a scam involving automated phone calls (robo-calls) and text messages informing them their credit or debit card has been blocked. The fraudsters are trying to obtain cardholder information, with the intent of committing fraudulent activity against member accounts.
Some members receive these calls at their place of employment. The message claims that the member’s card has been deactivated and asks the member to call a “Card Activation Line” phone number and enter their 16-digit card number, expiration date, and PIN.
Fraud Awareness Tips:
- Xceed Financial Federal Credit Union will never make unsolicited requests for your personal identification number.
- Never share your personal information on any call that you did not initiate.
If you think you may have been a victim of this or any other financial scam, contact us at 800.XFCU.222 right away so we can take the steps necessary to secure your accounts.
It has come to our attention that a few consumers have received loan offers from “Xceed Financial Inc.,”which is in no way associated with Xceed Financial Credit Union. We believe this to be a scam. The reported incidents were received by non-members of the Credit Union, and were linked to advertisements on Craigslist as well as internet “pop-ups.” The loan offers were accompanied by fraudulent loan applications, some of which even displayed our logo. If you receive such solicitation, please report it to us and/or the appropriate authorities.
As a reminder, to better protect yourself from this and other types of scams, consider the following preventive measures:
- Exercise caution when surfing the web.
- Visit only trusted sites and only click on search results for sites you know.
- Do your research to ensure legitimacy of an individual or company prior to sharing personal information or entering into transactions over the Internet.
- Be wary of unsolicited attachments and “pop-ups.”
- Trust your instincts – if an email, attachment or “pop-up” seems suspicious, don't open it.
- Turn off the option to automatically download attachments or allow “pop-ups.”
- Apply additional security practices, such as filtering certain types of attachments and “pop-ups,” and using a firewall.
Keep your software up-to-date. This includes your operating system, applications, and security-related software.
The National Association of Federal Credit Unions (NAFCU) recently informed Xceed that fraudsters, claiming to be from NAFCU, are contacting consumers, telling them their debit cards have been compromised, and instructing them to enter their 16-digit card numbers for verification purposes. NAFCU, however, does not call or email anyone to ask for debit card information. Should you receive one of these calls or emails requesting your financial account information or sensitive personal data, do not provide the requested information.
Phishing and Social Engineering Scams
We know that sometimes it’s hard to tell what is and is not a scam, and we’re here to help. The best thing you can do is to be vigilant – phishing and social engineering scams work because they seem legitimate. Scammers use techniques designed to lure you into providing personal or financial information by posing as a legitimate business. We’d like to remind you that Xceed Financial will never solicit your personal information via phone or email.
Be on the lookout for:
- Suspicious emails, including emails that come from an unknown source.
- Emails with attachments you don’t recognize or didn’t ask for.
- Don’t open attachments you don’t recognize. Delete the email if it seems suspicious.
- Don't provide personal or financial information in email, and don't respond to email solicitations for this information.
- Don't send sensitive information over the internet without checking a website's security.
- Suspicious phone calls, including those that solicit your personal information.
- Don’t give your SSN, account number, login ID, PIN, or password to an unknown source.
- Be cautious about incoming calls, especially if you don’t recognize the number.
- Don't give out personal information, or information about your organization, unless you are certain of a person's authority to have the information.
- To confirm a caller is legitimate, contact their company directly using information from previous statements provided to you.
If you think you’ve been a victim of phishing:
- Contact us at 800.XFCU.222 (800.932.8222).
- Ensure that your computer’s firewall, anti-virus, and spyware detection software is up to date.
- Run a virus scan on your computer and clean up any viruses or Trojans that are detected.
- Change your account access password from an uninfected computer. If you use the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
- Report the phishing attempt to the appropriate people within your organization, including network administrators.
- Contact the Federal Trade Commission at 877.FTC.HELP.
Anyone can be the victim of identity theft, regardless of age, gender, or economic status. The good news is that there are ways to reduce your risk, and steps to take if you’ve had your information compromised.
First and foremost, it’s important to protect your personal information, including your:
- Social Security Number
- Driver’s license number
- Date of birth
- Account Numbers
While one of these things on its own may not be enough to impersonate you, by combining several pieces of information, an identity thief could be successful.
Steps to keep your information safe may include:
- Shred mail and other paper statements with personal information
- Be wary of phone calls or other communications that “phish” for information (to learn more visit our phishing and social engineering page)
- Monitor your credit at www.annualcreditreport.com
If You Suspect ID Theft
If you suspect your identity may have been stolen, you should go to the Federal Trade Commission’s identity theft website at www.idtheft.gov or you call 877-IDTHEFT (877-438-4338). There you will find information on specific steps to follow, including placing a fraud alert with credit reporting agencies, placing credit freezes, and steps to repair your credit.