Fraudulent QR codes are the latest attempt by scammers to steal your information, so stay alert!

How do they do it?

Scammers are making fake QR codes and placing them where legitimate QR codes already exist. Areas to be cautious are parking meters, information boards, and advertisement posters. They will affix their fake QR codes over real ones. Once a person scans the fake QR code, they are directed to a phony site that will mimic the real one.

Members should also be wary of unsolicited emails, and physical mail. They may claim to be well-known retailers offering to good to be true deals, special offers or failed transactions that need your attention immediately.  

And let’s not forget social media. Hackers can take over one of your family’s or friend’s accounts and send messages containing QR codes, trying to convince you to scan them. They could claim it is a funny link or perhaps something holiday oriented. But remain cautious.

How do we combat this?

If you’re scanning a QR code in public, take a moment and look at it. Does it look like a sticker that was just placed over another QR code? Does it match the design or artwork associated with it? If you do scan it, does the site look legit? Are there a lot of grammatical errors? Is it asking you for personal information?

If you receive an email or mail, ask yourself a few questions. Was it expected? Does it seem too good to be true?                                                  Try contacting the sender directly, and not on the contact information they have provided.

If someone you haven’t spoken to in a while suddenly contacts you on social media asking you to scan a QR code, don't do it. If it is a friend or family, contact them directly. They may have been hacked and not even know it.

Phishing: These unauthorized emails that request sensitive information, offer "too good to be true" deals or opportunities are red flags. They often take the form of a message from a financial institution or recognizable company or brand asking you to provide account information, perform a task or send them personal information for an opportunity to earn more. These scams are often disguised as simple requests due to a computer error, or as part of a system upgrade or even an enhanced Internet security initiative. Sometimes they are worded to cause concern over access to your account, for example, “your account/credit card has been suspended.”

These fraudulent emails often contain links to a website that may look real but is not. The information requested may include account numbers, usernames, access codes and passwords. Do not enter your account information if you reach such a site.

Vishing calls: Account holders receive an automated or live phone call from a blocked source or unknown number stating that their card has been blocked, or offering a lower interest rate. Account holders are then asked to provide or enter their full card number and PIN or CV2 (security code on the back of your card) information to reactivate their card or lower their rate. Sometimes, if the calls go unanswered, a voicemail message is left instructing the account holder to contact a number to reactivate their account.

Text Smishing messages: Text messages (or SMS messages) referencing compromised cards, "too good to be true" deals/opportunities or suspended accounts are typical. A number or response request e.g. (reply YES if interested) is provided within the text (SMS) message for reactivation or acceptance. Most messages do not reference a particular financial institution name.

FAST will never call you to ask for your card number or personal data. If you receive a phishing email, text or call please delete the email or text message and do not click on any links.

If you have entered information about one of your FAST Credit Union accounts on a suspicious site, text message or phone call, please call our Member Center immediately at (559) 584-0922 so we can help you take the necessary precautions to protect your accounts.

Be assured that FAST's systems remain secure and are not the cause of these incidents. Often, the perpetrators of these fraud attempts target multiple financial institutions with the hopes of tricking Members into sharing their sensitive data.

We are committed to educating Members on how to avoid becoming victims of these types of scams.

FAST members may be contacted by a FAST representative in the event of suspicious activity on their account.

REMEMBER: FAST will never call you to ask for any log in credentials, passcodes, card number or expiration date.

Examples of text and email scams:

The Zelle / P2P fraud scam is widespread and has been making local and national news as the social engineering tactics used by fraudsters in this scam continue to evolve. A newer version of the scam has fraudsters, impersonating a Zelle user’s financial institution, conning the user into using Zelle to transfer funds to themselves using their mobile phone number under the guise that it will replace funds stolen from their account. However, the Zelle transfers go to the fraudsters.

Details

The Zelle / P2P fraud scam continues to result in large fraud losses for credit unions. Fraudsters continue to target members of credit unions; however, they’ve adapted to a newer version of the scam that has made headlines across the country.

Here’s How It Works:

• Fraudsters send text alerts to users – appearing to come from their financial institution – asking the users if they attempted a large dollar Zelle transfer.

• Fraudsters immediately call the users who respond ‘NO’ by spoofing the FI’s phone number and claim to be from the FI’s fraud department.

• Fraudsters tell the users the Zelle transfers went through, but the funds can be recovered.

Fraudsters tell the users in order to recover the stolen funds they must use Zelle to transfer the funds to themselves using the user's mobile phone number, but before doing so, the fraudsters instruct the users to disable their mobile phone number associated with their Zelle account.

Note: Fraudsters may have previously opened an account at the user’s FI (likely using a stolen identity) and establishes Zelle through the online or mobile banking channel linking the member’s mobile phone number to Zelle.

• When the fraudster links the user’s mobile phone number to the fraudster’s Zelle account, a 2-factor authentication passcode is generated and sent to validate the mobile phone number. The text message containing the passcode is actually sent to the user’s mobile phone; however, the fraudster cons the user into providing the passcode over the phone. (The text containing the passcode has the FI’s name which explains why fraudsters open a fraudulent account at the user’s institution.)

• The fraudster enters the passcode to activate the mobile phone number on their Zelle account.

• Users are instructed to Zelle themselves the funds.

The Zelle transfers actually go to the fraudsters.

Fraud Prevention Tips for Zelle

• Do not provide sensitive information to callers claiming to be from FAST. FAST will never ask for sensitive information such as Online Banking usernames, passwords or 6-digit multi-factor authentication codes when calling.

• A Zelle notification text from FAST will not ask for a Yes/No response.

• If you suspect you have been a victim of fraud, call FAST at 559-584-0922

If you received an unexpected check in the mail, it is a good idea to research it thoroughly before deciding to accept it. This is usually the first step in a fraud scam. Here are some ways to investigate it:

1. Did the check come with a letter? If so, read the letter carefully. Does it contain instructions? Many fraud scams start with a letter and a check. The letter will have instructions to send money or purchase a money order. Do an Internet search to find out if other people have received letters for the same purpose.
2. Look up the business that issued the check on the Internet. You’ll find the name of the business in the top left-hand corner of the check. If you find a listing online, call the business and ask them if they issued the check. Do not call the phone number provided on the check or in the letter as it could lead back to the fraudster.
3. If you have trouble finding any information, take the check to the financial institution on which it is drawn. They will be able to verify if the check is legitimate.
4. If you have concerns that the check you received may be a scam, bring the check and the accompanying letter to FAST so we can further investigate. You may also give us a call at (559) 584-0922 to discuss this with a member service representative.

Following these steps will help protect you from falling victim to a fraudulent check scam. If you deposit a fraudulent check into your account and spend the money (or send it to someone else), you will be held responsible for the dollar amount if the check bounces. This may result in a negative balance in your account. Even if the funds are made available to you, there is no guarantee that the check is legitimate.