Important Member Alert: Wawa Data Breach

Wawa locations were found to have undergone a major data breach between March 4, 2019 and December 12, 2019 due to malware and anyone who used a card during this time period at any Wawa location may be at risk.

Chris Gheysens, CEO of Wawa – released the following statement about the data breach:  “I am very sorry to share with you that Wawa has experienced a data security incident.  Our information security team discovered malware on Wawa payment processing servers on December 10, 2019, and contained it by December 12, 2019.  This malware affected customer payment card information used at potentially all Wawa locations beginning at different points in time after March 4, 2019 and until it was contained.  At this time, we believe this malware no longer poses a risk to Wawa customers using payment cards at Wawa, and this malware never posed a risk to our ATM cash machines. Debit card PIN numbers, credit card CVV2 numbers, other PIN numbers, and driver’s license information used to verify age restricted purchases were not affected by this malware.  If you did not use a payment card at a Wawa in-store payment terminal or fuel dispenser during the relevant time frame, your information was not affected by this malware.  At this time, we are not aware of any unauthorized use of any payment card information as a result of this incident.”

  • View the entire alert message from Wawa’s CEO here.

If you visited any Wawa location during this time period and used a First Financial card, we urge you to monitor your First Financial account.  You can visit a branch location to replace your debit card, or contact our Member Relationship Center at 732.312.1500 to have a new Debit Card ordered due to suspicious activity on your account.  For First Financial credit cards, please call 866.820.3808 to receive a replacement card.

Enroll your First Financial Debit Card in Visa Purchase Alerts – you’ll get an email each time your Debit Card is used over an amount you set, when your card is used outside the country, or when your card is used to make a purchase online or over the phone.

As always, First Financial continues to monitor our member accounts for suspicious activity. If you have any additional questions or concerns, please give us a call at 732.312.1500 or email us at info@firstffcu.com.

‘Tis the Season (for Holiday Fraud)

The best time of the year is here, but it’s also a time of year when fraud increases too. If you are doing any sort of holiday shopping, be aware of the following scam tactics designed to steal your personal and financial information:

E-Skimming – This is what happens when a scammer gets control of an unsecure link within a website that you may be shopping on. Without even realizing it, you could be redirected to a malicious domain where a skimming code can capture your personal and financial information as you are making your purchase online. Such a skimming code would be sent to a remote server in real time where fraudsters would be collecting all your personal data. This data is often sold and then used to make fraudulent purchases in your name afterward. Before you click on any links in emails or on the web – make sure it’s a secure website (you’ll see an https at the top) and only open emails from trusted sources.

Social Media Scams – Sometimes social media platforms are used to set up a fake online store. The site will feature advertising messages and take payments, but unfortunately you will never receive what you ordered and your financial information may also be compromised in the process. When following a brand on social media, look to see if it’s a verified business (blue check mark in the profile) and look to see their website and contact details, number of followers, and the like. If something seems off or too good to be true, it probably is.

Porch Pirates – This is a big time of year when delivered packages often disappear from the doorstep of unsuspecting homes and businesses. Be sure to track anything ordered as it ships to you, look for a delivery confirmation from the retailer, and try to not leave packages out on your porch for hours on end. If you are going to be away from home when a package is delivered, ask a trusted neighbor or family member to pick it up and hold it for you.

Shipment Update Scam Emails – You may find that a fraudster sends you a fake email that tells you your item failed to deliver and then asks you for updated shipping and contact information. This is a scam! The email may look legit (though you will usually find a fake or unusually long email address with a slightly different domain name), but it often contains a link with malware that will steal your personal information if you click on it. The original retailer has all of this contact information and will not ask you for it again.

Donations to Fake Charities – Scammers know that people love to give back this time of year. A donation scam will often duplicate a charity website and get you to click on a link (which is malware) to donate money. Instead of going to the actual charity, your donation goes right into the pocket of a criminal. Do your research before you donate, ensure the site is legitimate and verified.

Additional steps you can take to help prevent fraud this holiday season:

  • Sign up for transaction alerts to receive emails and/or texts for all your credit and debit cards.
  • Pay careful attention to links in emails and on websites.
  • Try to avoid entering card information into website forms. Instead use PayPal or a digital wallet like Apple or Google Pay when you can.
  • Make sure your home computer and mobile devices have anti-virus protection and a firewall.
  • Only shop on well-known and verified websites when buying online.
  • Go directly to a retailer’s website yourself instead of through a social media ad.
  • Look for skimming devices at the ATM or a gas station pump.
  • Monitor your bank accounts on a daily basis and if you see a purchase that was not made by you, report it to your financial institution right away.

Follow the above tips for an enjoyable, safe, and risk free holiday season. Think First!

Article Source: CUNA Mutual Risk Alert 11/14/19

 

6 Summer Fraud Scams to Avoid All Year

Here are summer’s most prevalent financial scams that are catching consumers by surprise. However, many of these scams are ongoing all year long and you should be on the lookout for them constantly.

1. Gift cards, secret shoppers, and fake offers.

How the scam works: Consumers are drawn in by a phony email or social media post to become a “secret shopper” in exchange for some form of financial gain. When a consumer agrees to participate, the fraudster seals the deal by delivering a very large counterfeit check. The criminal then asks the consumer to deposit the check and purchase gift cards with the funds – keeping a small portion of the proceeds as compensation for being the “secret shopper.” The victim is asked to email photographs of the gift cards, front and back, so the criminal can use them immediately – before the counterfeit check has a chance to bounce.

The takeaway: The bounced check and all associated damages are the responsibility of the consumer because the criminal and his or her email address are long gone by the time the check bounces.

2. “You can never be too rich or too thin” and other email scams.

Some consumers are attracted to “get rich” and “get thin” offers, and unfortunately an age old diet scam has surfaced again, targeting consumers with spam emails. When an unsuspecting consumer signs up for the “self improvement” deal, that individual agrees to recurring billing for the proposed service.

The takeaway: This ongoing billing arrangement is difficult to stop. And, in some cases, the stolen card information used for payment is also used for other fraudulent purposes.

3. Counterfeit money orders.

Fake money orders are frequently used for online purchases from websites like Craigslist. The problem is that high quality counterfeit money orders are hard to distinguish from the real thing.

The takeaway: If you think you could potentially have a counterfeit money order, call the U.S. Postal Service verification line at 1-866-459-7822. The U.S. Postal Service can verify the authenticity of money orders 48 hours after they are issued – and they can also offer tips on how to recognize fake money orders in the future.

4. “MSN” help desk fraud.

This form of fraud is usually directed at the elderly. A criminal calls an unsuspecting consumer and warns that his or her PC – however seldom used, is riddled with viruses. The fake technician offers to assist, and then dispatches the victim to a local big box store to buy prepaid gift cards which are given as payment for the tech support services.

The takeaway: Losses to victims of this scam can soar well into the thousands – and the criminals are willing to take every nickel without remorse. Some big box stores have started to try and identify consumers who may be embroiled in these scams, but they can run into roadblocks when victims are either mentally incapacitated – or reluctant to admit they have fallen for a scam.

5. Card cracking.

This rip-off scheme typically victimizes the younger crowd. A fraudster reaches out to a young person via social media and convinces the potential victim that they can both benefit by helping each other out – with the young account holder receiving a small sum of $100 or so, as compensation for cooperating with the fraudster. The victim then gives the criminal access to his or her online banking credentials, so the criminal can deposit counterfeit checks into the account. The fraudster also typically requires the usage of the account holder’s debit card and, in some cases, accompanies the co-conspirator to an ATM to perform withdrawals against the counterfeit checks that have been deposited. This is especially troubling if the account holder is a minor in the company of an adult criminal.

The takeaway: All financial damages, including non-sufficient funds checks, fall back onto the young consumer. And that easy $100 profit? It was fake as well.

6. Direct mail scams.

Bogus but official looking letters are delivered every day to random consumers with stern requests for Social Security Numbers and other personally identifiable information. Some of these letters are printed on what looks like big bank letterhead and in all cases, there is at least one “official looking” hard copy form that the consumer is asked to fill out and return.

The takeaway: The addresses on these letters and the return envelopes provided are criminal addresses. They are not P.O. boxes belonging to actual businesses or financial institutions. The main objective in this instance is identity theft, and this scam has been known to be very convincing to consumers.

Bottom Line: An informed consumer is an empowered one. Recognizing the signs of fraud will reduce your risk of becoming an identity theft victim.  Don’t wait until it’s too late! Enroll in Sherpa identity theft protection from First Financial. The best part? You can enroll right online, 24/7. You can trust in First Financial and Sherpa to help keep your personal information protected. Packages begin at just $5.99 per month – so click here to enroll today!

Article Source: John Buzzard for Co-Op Financial Services

Don’t Fall Victim to These Phishing Scams

There are a number of unscrupulous types out there, waiting to take your hard earned money. One of the most common ways criminals try and scam you is to “phish” for your information. In these types of scams, you are asked to reveal personal financial information. This information can then be used to commit identity fraud — and can cost you in time and money.

Here are some phishing scams to be aware of:

You made a purchase. It usually involves an email message that claims to be sending you a receipt for a purchase at a major retailer. If you didn’t make that purchase, don’t open the PDF attachment! Even if you did, do not call the number in the document to make a dispute. Instead, look at your card statement independently to verify whether there was a purchase or not. For example, Apple is a common retailer used in this type of scam and if you look closely, the email message doesn’t come from Apple.com.

Lower your credit card interest rate. Who doesn’t want a lower interest rate on their credit cards? This phishing scam involves a phone call, and a recorded message telling you that you qualify for a lower rate. You then press a number, and you are prompted to enter your credit card number.  Hopefully you can see where this is going in terms of identity fraud …

Unlock your bank account. Some people have received phone calls claiming that their bank accounts are locked. If you receive a call like this, you might even be told that there has been some “suspicious activity on your account.” It sounds like your bank has locked down your account on your behalf. All you need to do to unlock your account is give them your account number.  And, unlike a credit card with its fraud protections, there isn’t much you can do if someone decides to drain your bank account. The moral of this story: your actual bank already knows your account number, you will never need to give it to them.

Hotel computer crash. According to Consumer Reports, the Better Business Bureau is reporting on an interesting scam that has cropped up. You receive a call on your hotel phone. The person on the other end claims to be from the front desk. The computer system has crashed, and all the data is gone — including your credit card data. All you have to do is give the information over the phone, and everything will be straightened out. This is a complete scam, and now the scammer has your credit card information to start using.

It is important not to give out personal financial information out unless you can verify the source. Additionally, don’t give out information over the phone when some calls asking for it. Always realize that your bank and credit card issuers won’t ask for your full account number; they already have it! Anyone who asks for your full account number for “security” or “verification” is probably almost always a scammer.

Bottom Line: Be on guard for phishing scams, whether they are perpetrated via email or over the phone. Keep your personal financial information private, and remember to verify information coming from others independently.

Article Source: Miranda Marquit for Moneyning.com

Don’t Fall for a Work From Home Scam

The promises of making it big by working from home are definitely out there, and most of the time it’s a scam. Though you may already be on high alert, online job scammers have gotten more sophisticated – and some may still slip past your radar.

Besides heeding the old adage that if it sounds too good to be true, it probably is – job seekers should consider the following questions when reviewing potential work from home opportunities:

  • Does the job listing include the hiring company’s name and/or does the recruiter or job posting match the company’s information?
  • Are there any upfront costs required to get the job? (Supplies, a minimum investment or training fees).
  • Are there any typos on the site or in any correspondence?
  • Are you being asked to provide personal information like a social security number, credit card number, bank information, or driver’s license?
  • Did they offer you a job on the spot without conducting an interview?

If the answer is yes to any of the above, experts say that’s a red flag, and the “dream opportunity” might become a nightmare.

Here are the 5 most common work from home scams:

Career advancement grant: This scam claims to come from the government, promising you a grant to pursue education or a certification. Scammers ask for your bank account information with the promise that they will deposit the bogus grant money directly into your account.

Data entry scams: There are legitimate data entry jobs that allow you to work from home, but these scammers ask for money up front and/or promise wages that are much higher than normal.

Pyramid schemes: If the only way to make money is by others losing money or paying you as they recruit others, it’s probably a scam. Plus, pyramid schemes are also illegal – so you could be charged with a crime too.

Online reshipping: Don’t ever repack items and forward them to customers outside of the United States. What you’re doing is transporting stolen goods, and not only will you never get paid, you could also be charged with a crime.

Rebate processor: This scam promises you a salary based on the number of clicks your ad receives. It charges a training fee up front for which you will never be reimbursed, and you’ll never receive that salary, either.

Scammers can be very creative in convincing you that a position or company is legitimate, so do your research. Check with sites like BetterBusinessBureau.com, FTC.com, and Scam.com to learn of recent employment scams.

Article Source: Myriam DiGiovanni for FinancialFeed.com

Important Member Alert: Tax Season Phishing Scams

It’s tax filing season, and the Internal Revenue Service (IRS) and state tax agencies have issued warnings related to a recent increase in sophisticated phishing emails. The emails appear to come from the IRS and demand a payment or threaten to seize tax refunds as a result of non-payment.

What is phishing? Phishing is a tactic cyber criminals use to collect an individual’s online banking, credit card, or other identifying account information. Once received, the cyber criminals can use your information and make transactions as you.

The tax refund season is the time of year in which the majority of tax related scams occur and there is increased vulnerability. This year, the IRS has reported a 60% increase in phishing emails attempting to steal taxpayer funds and tax-related information.

Phishing emails can be hard to detect. Often, intimidation tactics and urgent requests are commonly used by cyber criminals. The emails sent in a phishing attempt will appear to come from a trusted source, using a spoofed or compromised email address. Phishing emails usually contain stolen logos and often include hyperlinks to malicious websites, or contain attachments that are embedded with malware or viruses.

Targeted tax time victims have reported that their emails contained the following:

  • An email originating from IRS Online
  • Contained an attachment titled “Tax Account Transcript”
  • A subject line using the phrase “Tax Transcript”

In addition to email phishing scams, similar phone scams have also been reported. A common phishing phone attempt involved a caller claiming to be from the IRS and threatening victims with a lawsuit or arrest if a tax payment isn’t made immediately with a debit card.

To reduce your risk of falling victim to a phishing scam:

  • Remember that the IRS will never initiate contact with taxpayers via email, text, or social media network to request personal or financial information.
  • The IRS also will never call a taxpayer and threaten a lawsuit or arrest.
  • Do not click on links or open email attachments from an unknown or suspicious source. Even if the email appears to be from someone you know, subtle variations will be present in the sender’s email address (for example: JohnSmith1@abc.com instead of JohnSmithI@abc.com).
  • Another red flag for email recipients includes grammatical errors and spelling mistakes. Legitimate professional organizations and agencies typically do not contain such errors in their communications.
  • For more information on preventing and reporting tax scams to the IRS, click here.

Article Source: CUNA Risk Alert, December 2018