Important Member Alert: Tax Season Phishing Scams

It’s tax filing season, and the Internal Revenue Service (IRS) and state tax agencies have issued warnings related to a recent increase in sophisticated phishing emails. The emails appear to come from the IRS and demand a payment or threaten to seize tax refunds as a result of non-payment.

What is phishing? Phishing is a tactic cyber criminals use to collect an individual’s online banking, credit card, or other identifying account information. Once received, the cyber criminals can use your information and make transactions as you.

The tax refund season is the time of year in which the majority of tax related scams occur and there is increased vulnerability. This year, the IRS has reported a 60% increase in phishing emails attempting to steal taxpayer funds and tax-related information.

Phishing emails can be hard to detect. Often, intimidation tactics and urgent requests are commonly used by cyber criminals. The emails sent in a phishing attempt will appear to come from a trusted source, using a spoofed or compromised email address. Phishing emails usually contain stolen logos and often include hyperlinks to malicious websites, or contain attachments that are embedded with malware or viruses.

Targeted tax time victims have reported that their emails contained the following:

  • An email originating from IRS Online
  • Contained an attachment titled “Tax Account Transcript”
  • A subject line using the phrase “Tax Transcript”

In addition to email phishing scams, similar phone scams have also been reported. A common phishing phone attempt involved a caller claiming to be from the IRS and threatening victims with a lawsuit or arrest if a tax payment isn’t made immediately with a debit card.

To reduce your risk of falling victim to a phishing scam:

  • Remember that the IRS will never initiate contact with taxpayers via email, text, or social media network to request personal or financial information.
  • The IRS also will never call a taxpayer and threaten a lawsuit or arrest.
  • Do not click on links or open email attachments from an unknown or suspicious source. Even if the email appears to be from someone you know, subtle variations will be present in the sender’s email address (for example: JohnSmith1@abc.com instead of JohnSmithI@abc.com).
  • Another red flag for email recipients includes grammatical errors and spelling mistakes. Legitimate professional organizations and agencies typically do not contain such errors in their communications.
  • For more information on preventing and reporting tax scams to the IRS, click here.

Article Source: CUNA Risk Alert, December 2018

Phishing Scam Alert: Fake Invoices

Scammers have been relentless lately – here they are, back at it with a new twist on an old phishing scam.

Recently, scammers have been posing as well known tech companies and emailing phony invoices which show that you purchased music or apps from them. Check out our recent blog on these types of scams here. The scam emails tell you to click on a link if you did not authorize the purchase. If you get one of these emails, do NOT click on the link! This is a phishing attempt scheme.

What is phishing? When a scammer uses fraudulent emails, copycat websites, or texts to get you to share valuable information. The fraudsters then use this information to commit identity theft or other fraud in your name.

Scammers are also using phishing emails to get access to your computer or network – then they install programs like ransomware that can lock you out of important files on your computer.

Here are some tips to help keep your information secure:

  • Be suspicious if a business, government agency, or organization asks you to click on a link that then asks for your username or password or other personal data. Instead, type in the web address for the organization or call them. The link in the email may look right, but if you click on it you may go to a copycat website run by a scammer.
  • Be cautious about opening attachments. A scammer could even pretend to be a friend or family member, sending messages with malware from a spoofed account.
  • Set your security software to update automatically, and back up your files to an external hard drive or cloud storage. Back up your files regularly and use security software you trust to protect your data.

Lastly, report phishing emails and texts by forwarding them to spam@uce.gov and file a report with the FTC.

If you feel that any of your First Financial accounts may have been compromised as a result of a scam, please contact Member Services at 732-312-1500 Monday through Friday 8am-6pm EST, or Saturday 8:30am-1pm.

Article Source: Ari Lazarus for FTC.gov

Warning: Record Breaking Phishing Attack Attempts

phishing-scammerResearchers at Kaspersky Lab have documented a drastic increase in the number of web users who have been “subjected” to phishing attacks over the past year, according to a new report.

The Moscow-headquartered security firm found that 37.3 million people faced the prospect of being phished in 2012 to present day, an 87 percent increase over the same period between 2011 and 2012.

In its “The Evolution of Phishing Attacks” study, Kaspersky Lab studied threats faced by roughly 50 million customers running its security products.

For several years, Kaspersky researchers have been warning that phishing is the preferred method of online criminals to steal information and foist malware – almost always with the goal to profit – but the mechanisms to automate the process are becoming even more rapidly automated and commercialized with each passing year.

“The nature of phishing attacks is such that the simplest types can be launched without any major infrastructure investments or in-depth technological research,” the report said. “This situation has led to its own form of commercialization of these types of attacks, and phishing is now being almost industrialized, both by cyber criminals with professional technological skills and IT dilettantes.”

Phishing can be spread in various ways, with most attacks (89 percent) appearing in the browser, versus email (11 percent), the report states.

“Phishers use several different methods to trick their potential victims,” the report said. “In addition to the obvious need to create a detailed copy of a website that will be used to attack the victim, the criminals also prepare their cover story by using similar website URLs, replacing one or several characters in the name of the website, or using recognizable website names in the sub-domains.

“If the delivery channel for a phishing link is email or electronic documents (.doc, .odf, or others), malicious users will often resort to the hyperlink features typically available in most text editors and email clients,” the report added. “In this case, the text of the email or document will display the link to the real site, but the link will actually lead to the website created by the malicious users.”

As expected, popular brands like Google, Amazon and Facebook are common brands that are abused by phishing attacks, as well as banks and other financial institutions, according to the study. Most of the scams targeted users in Russia, the United States, India, Vietnam and the U.K.

Please be sure to monitor your personal information and be cautious of the sites you provide with your financial information. If you notice any fraudulent or suspicious activity on any of your First Financial accounts, contact us by calling 866.750.0100, e-mailing info@firstffcu.com or stopping into any one of our branches.

To protect yourself and your loved ones from identity theft, enroll in First Financial’s new ID Theft Protection products today!  Our products provide you with a professional Recovery Advocate who will do the work on your behalf, based on a plan that you approve. Should you experience an Identity Theft incident, your Recovery Advocate will stick with you all along the way – and will be there for you until your good name is restored. First Financial’s ID Theft Protection products include features such as lost document replacement, credit bureau monitoring, score tracker, and more.  For more details or to get started click here.

*Click here to view the article source.