Watch Out for Two of the Newest Scams in Town

September 10, 2024

Security Tips from the Pros at NASA Federal

Modern fraudsters are simply unrelenting, pumping out sneakier and more audacious schemes by the day. Because of this, it’s important to remain informed. And that’s why NASA Federal is pleased to share the following information with you on the two newest scams to hit U.S. consumers.

Mail Theft

There has been quite a bit of press recently about the mail theft occurring nationwide and the associated armed robberies perpetrated against U.S. Postal Service carriers. The main objective of these robberies is to acquire the master keys for blue USPS mailboxes (“the Blue Boxes”) so that fraudsters can steal the checks in the outgoing mail for altering, counterfeiting, or posting for sale online on the dark web.

“Because the media reports of these robberies against U.S. Postal Service carriers are so sensational and scary, people may not be making the connection that the criminal activity could actually impact them,” states Robert Hyde, Fraud Operations and Physical Security Manager at NASA Federal Credit Union. “That’s why it’s important to know how this scam work and how to protect yourself.”

Members have become accustomed to using the US Postal Service to mail checks to pay their bills, but unfortunately these checks are being stolen from the Blue Boxes, as well as right from members’ personal mailboxes. The stolen checks then have the payee’s names and amounts altered and negotiated elsewhere. Or, the member’s credit union account information is posted for sale on the dark web within a day or two of the theft. The stolen checks can also be used to perpetrate identity theft, with fraudsters opening fraudulent new accounts and loans utilizing the member’s name, account, and address information shown on the stolen check.

“There are simple ways to protect yourself and your accounts from these kinds of losses, like paying bills online with the vendor or using NASA Federal’s Online Banking or Mobile Banking,*” says Hyde. “But if you do have to mail checks, do so by making sure to put your mail in the Blue Boxes before the scheduled pick-up time shown on the mailbox, or by using the drop off slot inside the Post Office lobby rather than using an outside Blue Box.”

Also remember to sign up for NASA Federal e-Alerts so you can stay informed when unfamiliar transactions do occur.* Monitoring your credit by signing up at AnnualCreditReport.com or enrolling in an identity theft protection like Aura Identity Guard (nasafcu.com/identity-guard) are also smart moves. Should you identify any unfamiliar or unauthorized transactions, immediately report them to NASA Federal by calling 1-888-NASA-FCU. A Member Service Associate will be happy to assist you.

Account Compromises

Next, there’s a new scam targeting members through spoofed texts, emails and/or phone calls with the goal of obtaining members’ login information and taking control of their accounts. Fraudsters do this in one of two very devious ways.

In the first scenario, the member receives a text or email that is usually about the member being overcharged for a service such as Norton Antivirus or Microsoft software. If the recipient calls the number provided in the message to dispute it, he or she will end up talking to a fraudster who promises to provide an instant refund. The fraudster will then claim that the instant refund amount that was just sent was wrong.  

“The fraudster then tricks the member into sharing their computer under the guise of needing to login to Online Banking to see the overpayment,” explains Hyde. “What they’re really doing is capturing the member’s login information and then, by screen sharing, moving money from a line of credit or savings account to the checking account to make it appear that the member received the claimed overpayment.”

The member eventually hangs up, feeling satisfied that the overcharge has been reversed. However, that satisfaction is short-lived. Having previously captured the member’s Online Banking login credentials, the fraudster soon uses them to request a wire transfer or an ACH transfer to another bank account, ultimately emptying the account.

In the second scenario, the spoof text is from PayPal, Microsoft, or other well-known merchant about a charge on the recipient’s NASA Federal debit or credit card. When the recipient does not recognize the charge and replies “NO” to the text, he or she instantly receives a call from someone claiming to be from NASA Federal’s Fraud Department. For example, the caller will claim to be “Jack from the Fraud Department.”

“As the member talks to the caller,” explains Hyde, “the fraudster is social engineering the member into buying gift cards or providing account numbers, full social security numbers, dates of birth, mother’s maiden names, card numbers, expiration dates, and CVV2s.”

The fraudsters then call in to NASA Federal’s Call Center to set up Applepay, put a travel alert on the member’s Visa debit card, or transfer funds by wire transfer or ACH. The fraudsters will often have a partner call the NASA Federal Call Center while they are speaking to the member so that the partner can relay the answers that the member is willingly providing, including the PIN code that was just sent to the member’s smart phone. The card information is then tokenized on another smart phone and used to make fraudulent charges that ultimately empty the member’s account.

“The end result can be devastating for an account holder,” says Hyde. “But in both of these scenarios, the best way to protect yourself is pretty simple. If you receive a text message or email about a transaction you don’t recognize, look up the number of the sender (for example, Norton or Microsoft) instead of calling the number provided. In the case of a call from us, just end the call and contact NASA Federal directly. By remembering to never divulge personal information to an unsolicited texter, emailer, or caller, you will remain on the safe side.”

Remember that if you initiate a call to NASA Federal, we may ask for your personal information to verify that you are the true account holder. However, a call to you to verify a suspicious transaction should not require you to divulge detailed personal information.

As always, don’t hesitate to call us at 1-888-NASA-FCU to receive assistance on possible fraudulent charges. A Member Service Associate will be happy to help you confirm the validity of any questionable transaction. Doing so will only take a few minutes, but it could save you everything.

 

*Data and other wireless charges may apply

Federally Insured by NCUA