SnoCope Credit Union Go to main content
LOCATIONS/ATMs | RATES | CONTACT US | JOIN OUR TEAM |
Online Banking Login
Online Banking Login

Forgot Password?

New Enrollment?

About SnoCope Mobile & eServices Manage My Mortgage
Home > Financial Wellness > Fraud, Identity Theft & CyberSecurity Information

We at SnoCope have seen a drastic increase in fraud and account related cyber crime and want to give you the opportunity to learn ways to protect yourself, your finances and your family.  We have several resources available to you:

 

Take the Course!

Our Personalized Financial Wellness Program Enrich, has a course on: "Protecting yourself from identity theft and scams".  You can take this course and many others FREE, through Snocope.Enrich.org

To learn more about this course, click here.  There is 8 minutes of video and 2 exercises to complete with an action plan.

 

scam of the week

Stay up-to-date on hacker plots and new scams with our Scam of the Week.

Visit our Facebook Page and each Monday you'll see a new entry on the Scam of the Week to watch for.

 

September 9, 2024:  Fraud Victims Hit Again by Scammers Promising to Recover Stolen Cash"

Getting scammed is a life-shattering event. What could possibly make it worse? How about getting scammed again while trying to recover your losses?

That’s the idea behind a fraud refund scam or fraud recovery scam. It works like this: Scammers contact fraud victims offering to help them regain their stolen money. To recover the funds, the criminals will charge a fee, which they may call a retainer fee, a processing fee or an administrative charge.

They may claim to provide certain services (such as filing complaint paperwork on your behalf) or promise to speed up your reimbursement, the Federal Trade Commission (FTC) warns. They may also request your Social Security number or financial account information, which they need, they say, to deposit your refund (they might also claim to be holding your money for you).

Frequently, they disguise themselves as legitimate entities, from law firms to consumer advocacy organizations to government agencies.

The FBI warned in June that fake law firms have been targeting victims of cryptocurrency scams in particular, noting that between February 2023 and February 2024, cryptocurrency scam victims who were then victimized by fictitious law firms reported losing a total of more than $9.9 million.

Many other authorities have issued warnings about fraud recovery scams, including the FTC, the Financial Industry Regulatory Authority (FINRA), the Commodity Futures Trading Commission (CFTC) and financial institutions such as Ameriprise.

“Recovery offers can be tempting, especially if you’ve already lost a large sum of money and are anxious to reclaim any amount you can,” FINRA notes. “But engaging with these scams will only further your losses.”

“That’s what makes this so insidious,” says Elsie Kappler, an attorney in the FTC’s Division of Marketing Practices. “They know these people have already been scammed, so they know they’re really good targets.”

How fraud recovery scammers find victims

How does a scammer know you’re a fraud victim? Sometimes, the criminals who scammed you the first time may re-target you, claiming they can help you recover your losses. Frequently, however, your status as a fraud victim lands you on a list. Just as a real estate agent might create a list of potential homebuyers, scammers often do the same, building databases and buying, selling and trading information about victims. That info can include your name, address and phone number; the type of scam that victimized you; and the amount of money you paid, the FTC reports.

“Information is shared within criminal networks,” says Robert Mascio, director of FINRA’s Investor Education Outreach. “There’s a network of individuals that might know you’ve already been victimized, and they can come back to that individual to try and extract more money.”

Because criminals have data about your case, their recovery appeals can sound legit. They also know that victims are probably still reeling from the first fraud, which makes them susceptible to a follow-up. Strong emotions — embarrassment, grief, anger, shame, depression — are normal responses after you’ve been robbed, Mascio says. But your raw emotional state can affect your judgment, which scammers can exploit.

“Sometimes, people just don’t want to let go of the idea that they’re going to get that money back,” Kappler says. A recovery scam “takes advantage of human nature and our tendency to follow through on something we’re invested in, and to keep investing more time and emotional energy.”

How to protect yourself from fraud recovery scam?s

Ignore unsolicited offers. This is true of many scams. “If something is coming to you out of the blue — in this case, the chance for recovery — and you didn’t actively seek it, that’s definitely a red flag,” Mascio says. Start by not answering calls from unknown numbers.

Expect pressure tactics. Scammers often say you need to act fast to recover your funds. “Victims might think, ?'?Well, if I don’t act quick, I’ll lose even more money,'” Mascio says. “Whenever you’re given a short amount of time to do something, we get emotional, we get nervous, we start thinking, ‘OK, we have to do this quick?.?' And when that happens, rational thinking can go out the window.” ?

Pressure tactics are a clear warning sign, Kappler adds.

“If you’re entitled to have money back, there’s absolutely no reason why you need to act now or rush to wire them money,” she says.?

Watch for phony checks. Sometimes, the scammers will send a counterfeit check, often for more than what you lost, and tell you to deposit it, the FTC notes. Then they’ll say they overpaid and instruct you to return the balance.

“If somebody is giving you money and telling you to send them money back — or if somebody is asking you to pay to get money back — it’s a scam, plain and simple,” Kappler says. And once your bank discovers that you deposited a counterfeit check, “the bank may come knocking at your door asking for the money they lost,” she says.

Beware of up-front fees. Scammers may charge a fee to recover your money and ask you to pay it via a wire transfer, gift cards or a service such as Venmo. “If anybody’s asking for money up-front,” Mascio says, “that’s a clear indicator that it’s a scam.”

Research supposed credentials. Recovery fraud scammers pose as legitimate entities — from law firms to consumer watchdogs — to gain your trust. It’s a common tactic: Impostor scams, where a criminal pretends to be someone trustworthy, were the most common type of consumer fraud reported to the FTC in 2023, representing 33 percent of all complaints.

To uncover a scammer’s identity, start by using a search engine. If a supposed law firm contacts you, for example, enter the firm’s name with keywords such as “scam,” “fraud” or “complaint.” FINRA offers an online service called BrokerCheck to help you research financial institutions and professionals. You can also contact your state attorney general and inquire about complaints involving a particular company.

Understand how the feds work. Federal officials will never contact you through a personal or web-based email account. “If the government needs to reach you, they will send official documentation in the mail,” states the CFTC, a federal regulatory agency that has shared information on recovery fraud scams. Adds Kappler: “Neither the government nor any legitimate organization is going to call and say they want to give you money, but you have to pay them money. And they won’t ask for personal information.”

Report the fraud. If you’ve lost money in a recovery scam?, or you have information about the scammer, report it to the FBI’s Internet Crime Complaint Center (IC3.gov), and your state attorney general. Not every complaint leads to enforcement action, Kappler says, but the information can help officials to spot trends and sometimes identify scammers. ?

 

August 28, 2024:  When a QR Code Goes Bad - "Quishing!"

For today's Scam of the Week we bring in another new word into the scamuniverse - "Quishing". Not to be confused with Phishing which we have talked about in great detail. Quishing is using QR codes for malicious intent. We have introduced other forms of phishing that you should be aware of, like "vishing" (voice phishing – phone calls) and "smishing" (text messaging – SMS texting). The and now we have "quishing", the use of QR codes as phishbait. .

QR code phishing or quishing is a type of phishing attack that uses QR codes to lure victims into revealing sensitive information. Threat actors create a QR code that looks legitimate, such as one that appears to offer a discount or special offer, but in fact, it directs the victim to a fake website controlled by the attacker.

Once on the fake website, the victim is prompted to enter sensitive information such as login credentials or credit card information, which is then stolen by the attacker. Quishing attacks can be hard to spot, as the attackers create legitimate-looking websites and logos impersonating known brands. Delivery of these QR codes happens via email, social media, or even physical flyers.

Red flags to look for include:

  • Check the destination site of the QR code: Check for mistakes and misspelled words, shoddy design, low-quality photos, and insecure URLs as indicators that you’ve landed on a bogus website. Sites that are “secure” will use HTTPS rather than HTTP and will have a padlock icon next to their URL.
  • Preview the URL before accessing the link: Before directing you to the intended page, your phone will tell you the destination of the QR code. Check the URL to see if it seems safe. If the URL is shortened or unreadable, be extra cautious
  • Be cautious with QR codes in public places or in the mail: A public QR code or one you receive in the mail could have been added there by a threat actor or be easily altered. Avoid scanning these as much as possible to minimize the risk of infection


What should you do if you realize you scanned a fake QR code?

  • Change your passwords and secure your online accounts: Make sure you use strong passwords for your accounts, and to add an extra layer of security, enable two-factor authentication (2FA)
  • Disconnect from your Wi-Fi or cellular network: If you downloaded malware onto your device turn off any internet connection as soon as you realize the file might be corrupt. There is less of a risk that the malware may send your sensitive information to a hacker if there is no connection
  • Backup your important files: If your device is compromised, threat actors may steal private information like images or papers, or they may even encrypt your drive and demand a ransom. To be extra cautious, make a backup of your files on an external disk
  • Set up a fraud alert for your cards: If you entered your financial information, notify the credit bureaus as soon as possible. Fraud alerts and credit freezes make it more difficult for con artists to open credit cards or commit loan fraud

 

August 20, 2024 - Say YES Scam:

Scam of the Week "The say "YES" scam:

With all the robo-callers and unknown callers people are still asking folks on the other end of the line if they can hear them. But now it’s often scammers doing the asking, according to the Federal Communications Commission (FCC), which has warned consumers about so-called “can you hear me” scams — also known as “say yes” scams.

How it works: A criminal calls someone and asks a straightforward question like, “Can you hear me?” or, “Is this so-and-so?” in order to record the person saying “yes.” In theory, the scammer can later use the recording for nefarious purposes.

Finish reading Say YES Scam from AARP:   Click here

 

August 12, 2024 - Travel Scams taking advantage of CrowdStrike Outage

This week's Scam of the Week shows how scammers are taking advantage of the recent disaster of the CrowdStrike outage that wiped out IT services worldwide. Systems were affected globally, resulting in delayed flights, business closures, and more. However, what may be bad news for you could be good news for cybercriminals. Cybercriminals often seek to turn major events to their advantage by sending out phishing emails or text messages related to the event. By using a major event that you are familiar with, they hope that they can trick you into clicking on malicious links or attachments.

Shortly after the outage, cybercriminals began creating fake websites. The websites claim to belong to IT workers who can assist with troubleshooting the outage and restoring access to affected computers. There are files on the fake websites that appear to be software updates for Windows computers. However, these files actually contain malware. If you download them, malicious software can be installed on your computer, giving cybercriminals access to your personal data!

Follow these tips to avoid falling victim to any CrowdStrike-related scams:

This specific scam involves fake websites, but remember that cybercriminals will exploit this event in different ways. Be on the lookout for any suspicious activity related to the CrowdStrike outage.

Delta Airlines continues to report scammers offering rebates and free flights with fake emails weeks later.

Don’t download any files or attachments from websites or emails. Any troubleshooting related to the CrowdStrike outage should be addressed by your organization’s IT team.

Be cautious of unexpected calls, emails, or text messages that seem urgent to respond to. Cybercriminals will try to use this outage to trick you into acting impulsively.

 

August 8, 205 - Using Bitcoin ATMs to Move Money

Bitcoin ATM Imposter Scam

This week's Scam of the Week involves Bit Coin. I'm sure you've heard about it by now and it's become a favorite way for Scammers to get to your real money.

Is there a legit reason for someone to send you to a Bitcoin ATM? The short answer is NO. Will someone from the government send you to a Bitcoin ATM? NEVER.

Scammers succeed because they’re good at what they do — which is lying. So, if someone calls and says you have to act now because your money is at risk, you might listen if they’re convincing. They’ll scare you into keeping it a secret — even from your closest loved ones. Once they have you alarmed and alone, they’ll give you the solution to the problem they just created: “protect your money by moving it.” And that’s when they’ll send you to a Bitcoin ATM to “secure” your money. “Problem” solved? Not even close.

That’s because neither Bitcoin nor the ATM will protect your money. In fact, no cryptocurrency will. No matter what the caller says, there’s no such thing as a government Bitcoin account or digital wallet. There are no Bitcoin federal safety lockers. And only a scammer will give you a QR code to “help” you deposit your life savings in a Bitcoin ATM.

What they’re doing is trying to rush you into something you can’t reverse: giving your money to a scammer. So, if you get a call like this, remember:

Never move or transfer your money to “protect it.” Your money is fine where it is, no matter what they say or how urgently they say it.  Worried? Call your real bank, broker, or investment advisor. Use the number you find on your account statements. Don’t use the number the caller gives you. That’ll take you to the scammer.
Report it. Tell our bank or fund right away. Especially if you moved money. Then tell the FTC at www.ReportFraud.ftc.gov.

Then share this post with one person today? Scammers love this approach right now. But if we all tell one person, and they tell one person, we can make sure more people know how to stop this scam.

 

July 29, 2024 - Use Caution with FlowCode QR Codes

This week's Scam of the Week is about a relatively new type of QR code known as a Flowcode. This is part of our Fraud and Cybersecurity video that talks about Flowcodes. To see the information that can be harvested from your device see the Flowcode Privacy Statement attached. To attend the upcoming Fraud and Cybersecurity webinar in September, visit our website:

To view the video, click here

To view FlowCode Privacy Statement, click here

 

July 8, 2024 - Tolls Trouble Scam

Today's Scam of the week is one that utilizes our very own Washington State Good To Go program, and other toll programs across the Country. I got a text telling me my trip on I-405 Express Lanes cost me $4.15. I don't remember taking those lanes, but they are suggesting additional late fees if I don't follow the link to pay it.

Problems:

  • Anyone can steal the WSDOT Good To Go logo and a picture of the Narrows Bridge to make it look legit.
  • Look at the link they want me to go to, that's not a Washington State Finance website
  • The phone number this came from is Montreal Canada
  • Good To Go doesn't text. They send you an invoice for your tolls or you have a sticker on your vehicle and an active balance
  • If you typed in the URL address of the link, it doesn't go anywhere, meaning that the real URL is camouflaged in the link

If you clicked on the link under the pressure tactic to avoid late fees, you could give these scammers your credentials and payment methods. Below is the text from my phone so you can see what it looked like and maybe avoid something yourself.

WSDOT image

 

June 3, 2024 - Look-a-Like Documents Made Easy

This week's Scam of the Week is a bit more involved, and from a graphic designer's point-of-view, very concerning. Available to everyone now is online graphic design software with thousands of professional templates called Canva and Adobe Express and they can create almost anything, including fake documents and bad links (a continuation of last week's fake log in scam).

Cybercriminals often use legitimate websites like this in their phishing attacks as a way to get around the security systems that your organization has in place. A recent example of this is Cybercriminals are using Canva to create an official-looking document that contains a clickable, malicious link. Creating and storing this document on Canva allows the attackers to get through security measures because Canva is a legitimate website.

Once the scammers have created and stored their file on Canva or Adobe Express, they will send you an email that includes a link to this malicious file. The email claims the link leads to an important document that needs your attention. However, if you click this link, you are taken to the Canva/Express file and prompted to click another link in order to view the document mentioned in the email. Clicking this second link will redirect you to a phony login page for your email provider. Any information entered on this page will be sent directly to the scammers. Don’t be fooled!

Remember these tips:

  • Never click a link in an email that you were not expecting.
  • Call the sender to be sure the email and link are legitimate. Do not call the phone number provided within the email as it may be a fake number.
  • When you’re asked to log in to an account or online service, navigate to the official website and log in. That way, you can ensure you’re logging in to the real site and not a phony look-a-like.

 

May 28, 2024 - Fake Log In

This week's scam of the week, just happened to hit close to home with a family member this last week, so I thought I'd share. Scammers frequently try to trick you into clicking on malicious links in emails and texts by making them appear legitimate. In a recent scam, they are trying to trick you with an email that appears to be related to your Microsoft account. The email/text says that there has been some unusual activity on your account and that many of your account’s features have been locked (or the whole account is locked to protect your information). There is a link in the email or text, along with instructions to click it so that you can review all activity on your account.

If you click the link, you’ll be taken to what appears to be a authentic Microsoft login page. However, the login page is actually fake, and you won’t be taken to your Microsoft account if you enter your login information here. Instead, entering your user credentials on this page will allow cybercriminals to steal them. Once they have your username and password, they can use them to access your account and steal your personal information, sometimes this can contain your payment information for Window 365 and other products.

Follow these tips to avoid falling victim to this and other phishing scams:

  • Scammers will often try to scare you into acting impulsively, telling you or showing you how "urgent" something is or that you might "loose all your information". Always stop and think before clicking, especially if an email or text is instructing you to act quickly.
  • Pay attention to the details of the email/text. Phishing emails will often contain spelling and grammatical errors, or the wording of the email may seem unusual, use caution with abbreviations in texts.
  • Navigate to the official website in your browser, separate from the email or text being sent. Check your account status from the native home page that you went to direct

 

May 20 - Fake USPS Stamps

This week's Scam of the Week is about a popular topic on Facebook regarding USPS stamps that are on sale at huge discounts. Well, here's your first clue that something's wrong - a sale at the post office. But these posts make it sound so appealing and the Facebook comments sure make it sound legit. Well, they are either counterfeit or stolen. Counterfeit stamps are often sold in bulk quantities at a significant discount–anywhere from 20 to 50 percent of their face value. That’s a tell-tale sign they’re bogus. If you get caught using the bad stamps, you could be charged with a felony. But there's something worse - you've now given this shady group your credit card information (hopefully not your debit card) and goodness knows what they will do with it. As it turns out, a great many of these "for sale stamps" groups are based in China and is a front for hacking and account take over. So stay clear of these offers, if it's too good to be true, it likely is.

Watch a video on counterfeit stamps from USPS:  https://www.youtube.com/watch?v=MPzNdcJPLL4&t=3s

Watch a video from the postal inspector on how the USPS fights counterfeit postage: https://www.youtube.com/watch?v=Sq1hLWELs4w

To read more on this topic or how to report postage fraud, read this article: https://www.uspis.gov/u-s-postal-inspection-service-warns...

 

May 6, 2024 - Elder Abuse

This week's Scam of the Week is a few thoughts on elder abuse, something we see more and more of, so we want to share some things to look out for:

Financial Elder Abuse: The statistics are staggering for this type of financial crime. With persons 60 and older being the fastest growing segment of the population, one if four seniors will fall victim, with an estimated loss of over $40 billion each year.

Why are seniors at a higher risk? Several reasons make them a prime target for financial abuse. Older adults have bigger retirement accounts and are less aware of financial fraud dangers and scams. Those two, compounded with in-home caretakers or even family members that can easily steal and onset of dementia or Alzheimer’s increases the risk of poor financial decisions. Scammers are looking for someone that can be manipulated; which also makes loneliness a prime opportunity for them to gain trust and friendship from their victim.

Elder abuse is not limited to a certain social status, ethnic group or even health conditions; studies do show that women are at a higher risk.

Possible Warning Signs of Financial Abuse:

  • – Unpaid bills when they should have means to pay
  • – Out-of-character spending behavior
  • – New “best friends” who do not have the persons best interests at heart
  • – Sudden changes in an elder’s legal documents (will, trust, accounts)
  • – Abrupt or unexplained transfers of assets
  • – Confusion about recent financial arrangements or changes

General Prevention Tips:

  • – Talk about finances with your elder parents. Get assistance from a third-party resource; such as friends, financial professionals or online sources. We are happy to be that source of information for you.
  • – When possible, use checks and credit cards instead of cash
  • – Teach them to exercise caution when discussing their finances and other personal information over the phone, internet or someone they don’t know
  • – Always ask for more information in writing and get a second opinion before changing your power of attorney, wills, trusts or financial information
  • – If you suspect fraud or misuse, please contact us immediately
Go to main navigation