fbpx Skip to content

UPDATE : Recent Caller ID Spoofing

On Wednesday August 2nd, some members reported receiving calls from who they were led to believe were members of the Madison Credit Union Fraud Department. The calls were not from the Madison Credit Union Fraud Department. Scammers were caller ID spoofing our phone number. Scammers asked for personal account information which they would use to get access to members’ debit cards or to get access to their online banking account. Once inside a member’s online banking account, they would be able to set up a Bill Pay check payment or a Pay Anyone money transfer.

Caller ID Spoofing: Spoofing is when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity. Scammers often use neighbor spoofing so it appears that an incoming call is coming from a local number, or spoof a number from a company or a government agency that you may already know and trust. If you answer, they use scam scripts to try to steal your money or valuable personal information, which can be used in fraudulent activity.  –From the FCC website

We want to ensure our members that we have run thorough security scans and have found no breaches in any of our systems. We have also checked with our debit card company, Star, and confirmed they have also had no breaches. Unfortunately, financial institutions across the country have been targeted by these scammers using Caller ID Spoofing. A person’s data is gathered and they are linked to a specific financial institution. That information is saved along with other people’s from the same financial institution. Scammers will then spoof that financial institution to try to steal money from its members. 

If you have received one of these calls, please call us at 608-266-4750. If you gave your information to one of the scammers, please contact us immediately. If it is outside of our business hours, you can call the Star Debit Card fraud line at: 1-800-523-4175. We recommend you also change your username and password for your online banking account. In online banking or the mobile app click on the circle photo in the top right. There you can change your username, password, and security questions. You can also view your login history and password change history.

Madison CU Fail Safes

If a scammer were to get access to your account, there are a few fail safes that Madison Credit Union has in place. If the scammer tries to set up a Pay Anyone (person-to-person) transfer to move money out of your account, MCU will be notified that a new payee recipient was created in your account and we will need to approve the transaction before it can go through. That notification allows us to contact the member and verify the transaction was a valid transaction before approving it. This helped us recently catch fraud of a scammer trying to send $500 out of a member’s account.

If the scammer tries to send themselves a check through a member’s Bill Pay account, the member will receive an email saying a new payee has been set up in Bill Pay. The member can then login to their account and cancel the payment. Unfortunately, scammers are getting more sneaky and savvy in ways of conducting fraud. It is best to monitor your account activity regularly to be able to catch fraud quickly. Also, never give out your personal information over the phone.

No Legitimate Organization Will Ask for Your Personal Information

Unless you initiated a call to a company to make an over-the-phone order of a good or service, no legitimate organization will ask for your personal information. Legitimate calls from the Madison CU fraud department DO NOT ask for your personal information. The real Madison CU fraud department will only look to confirm transactions you have done on your account or your debit card. Our legitimate fraud department calls also DO NOT come from our Madison Credit Union office. They come from Nebraska and are generally a 1-800 number. A common number they use is: 800-327-8622.

FCC Tips to Avoid Falling Victim to Spoofing

Here is a video from the FCC describing spoofing:

 

You may not be able to tell right away if an incoming call is spoofed. Be extremely careful about responding to any request for personal identifying information.

  • Don’t answer calls from unknown numbers. If you answer such a call, hang up immediately.
  • If you answer the phone and the caller – or a recording – asks you to hit a button to stop getting the calls, you should just hang up. Scammers often use this trick to identify potential targets.
  • Do not respond to any questions, especially those that can be answered with “Yes” or “No.”
  • Never give out personal information such as account numbers, Social Security numbers, mother’s maiden names, passwords or other identifying information in response to unexpected calls or if you are at all suspicious.
  • If you get an inquiry from someone who says they represent a company or a government agency, hang up and call the phone number on your account statement, in the phone book, or on the company’s or government agency’s website to verify the authenticity of the request. You will usually get a written statement in the mail before you get a phone call from a legitimate source, particularly if the caller is asking for a payment.
  • Use caution if you are being pressured for information immediately.
  • If you have a voice mail account with your phone service, be sure to set a password for it. Some voicemail services are preset to allow access if you call in from your own phone number. A hacker could spoof your home phone number and gain access to your voice mail if you do not set a password.
  • Talk to your phone company about call blocking tools and check into apps that you can download to your mobile device. The FCC allows phone companies to block robocalls by default based on reasonable analytics. More information about robocall blocking is available at fcc.gov/robocalls.

Remember to check your voicemail periodically to make sure you aren’t missing important calls and to clear out any spam calls that might fill your voicemail box to capacity.

The Information is Out There

Sadly, we are living in a digital age where we cannot even trust the phone number that appears on our screens. With AI technologies and online tracking systems, scams will continue to become more elaborate. Scammers gather our information from many sources and sell it to the highest bidder through the dark web. There are websites that have much of your information free and open to anyone who looks. They use social media, any websites you visit, and public information about your property taxes. On these sites alone you can find current and previous addresses, phone number, and emails associated with your name. They can show what year you were born, where you were born, your job, and more. They also list suspected relatives and sometimes the relationships of those suspected relatives (spouse, child, mother, etc.)

This information is not exclusively collected from digital methods but some scammers even go through trash to see old credit card bills, medical records, bank statements, etc., slowly piecing together enough of your profile to commit identity fraud or to impersonate a trusted institution, like your credit union, with the final intention of stealing money.

The dark web is a hidden layer of the deep web, where users are anonymous and activity isn’t tracked. There are legitimate reasons to use the dark web, like protecting whistleblowers or sharing confidential information. But some users exploit the dark web and use it for illegal activities, such as buying or selling stolen personal information. 

Protect Yourself

Along with the above mentioned ways to protect yourself in the event you are contacted by a phone scammer, there are other more proactive ways that you can protect your information.

  • Create unique and strong passwords for each of your online accounts. Here are some Do’s and Don’ts of choosing a password.
  • Save passwords in a secure place. There are password managers that can help you securely save your passwords digitally.
  • Monitor your accounts regularly. You can set up account alerts and debit card alerts on your Madison Credit Union mobile app. See how here.
  • Hire a company that specializes in removing your information from the web and dark web. McAfee overs multiple, tiered pricing, solutions to do this. Here is an article from CNBS titled How to Delete Yourself From the Internet
  • Monitor or freeze your credit reports. You can monitor your credit reports at AnnualCreditReport.com. You are entitled to one free credit report each year from each of the three credit bureaus (TransUnion, Experian, and EquiFax). You can freeze your credit reports for free at each of the three bureaus. You will have to unfreeze your credit reports if you wish to apply for a loan, credit card, or for many rental agreements. Often you must create an account with the credit bureaus and unfreezing and freezing can be processed online once you have confirmed your identity with them.

_________

Don’t hesitate to call us at 608-266-4750 or email us at creditunion@madisoncu.com if you have any questions about your account or if you’d like further information about this incidence.