Current Fraud Alerts & Warnings
In addition to the helpful tips posted on this site to educate and protect members against scams and fraudulent activities, DuTrac will also periodically add special alerts and warnings regarding current scams.
If you are unsure about any type of request for financial information, please contact DuTrac directly to confirm the validity of the message before sending money or releasing any information.
Recent Warnings and Alerts include:
- Area Residents Reporting Phone Scams
- Fraudulent Texts Targeting Area Residents
- FFIEC Warns of Malicious E-Mails
- Fraudulent Phone Calls Regarding SHAZAM Account Info
- CUNA Mutual Automated Phone Call Scam
- Unauthorized Pop-Up Messages on DuTrac.org
- VISA, MasterCard Warn of Security Breach
- BBB Complaint E-mail Scam
- Text Scam Targeting Credit Union Members
- Wire Transfer E-mail Scam
- SHAZAM “mishing” fraud attack
- FDIC Fraudulent E-mail Notice
- NACHA Phishing Scam
- Jury Duty Scam
DuTrac has been informed of area residents receiving phone calls indicating their credit/debit card will be or has been deactivated due to inactivity or other various reasons. The caller or message asks the recipient to give out card data or other personal information. These phone calls are fraudulent. Do not give any information to the caller and hang up immediately.
If you received a similar call and have already given out any account or personal information, contact your financial institution immediately and monitor your account for possible fraudulent or suspicious activity.
If you receive a questionable phone call - or if you are ever in doubt about the validty of a call - hang up and contact your financial institution directly.
Click here for a PDF of the press release from the Dubuque Police Department(Originally posted on 2/28/13. Updated on 5/1/13)
DuTrac has been made aware of a smishing scam circulating to several residents in the area via SMS text message. The fraudulent text indicates the recipient's card has been deactivated and asks them to call a phone number with a 309 area code.
This is a smishing scam. Do not reply to the text, call the number or provide any account information.
If you have received a similar text, simply delete the message. Do not call the number or reply to the text in any way.
If you have already given out any account information, please contact DuTrac immediately at (800) 475-1331 and monitor your accounts for suspicious or fraudulent activity.
DuTrac Community Credit Union will never request your account number via text message or e-mail. If there is ever any doubt about the validity of a call, text or e-mail, simply hang up/ignore the message and contact DuTrac directly.
The Dubuque Police Department also issued an alert regarding these text messages. Click here to read the statement.
The Federal Financial Institutions Examination Council (FFIEC) has posted an alert regarding fraudulent e-mails being sent from email@example.com, firstname.lastname@example.org and email@example.com. The e-mail usually references a FFIEC lawsuit or case number, regarding a "subpoena" or "suspect activity on an account." The wording may vary, but all messages are malicious.
The FFIEC does not send out any such emails and is not affiliated with these messages or their email address domains. Under no circumstances should you reply to these messages, open any attachments, or click on any link within these messages.
DuTrac has been notified by SHAZAM of a fraudulent attack in which financial institutions and merchants are receiving telephone calls from someone claiming to be from SHAZAM requesting billing and account information. Please Note: These calls are not from SHAZAM. The SHAZAM network does not call and request this type of information from financial institutions, merchants or cardholders.
If you have received a telephone call from someone claiming to be from SHAZAM asking for the information described above, please contact SHAZAM at the number listed below. Additionally, if you receive a telephone call from someone claiming to be from SHAZAM and are not sure whether the call is legitimate, please do not hesitate to hang up and call the telephone number listed below.
SHAZAM Client Support: (800) 537-5427 (option 2) or submit a service request online using SHAZAM® Web Rep (SHAZAM Access login required).
7/18/2012 -- CUNA Mutual Group has issued another alert regarding the recent resurfacing of an automated phone call scam. Victims receive automated calls, or "robo-calls," which play recorded messages claiming to be from a credit union (or bank). The calls may suggest the member's debit or credit card has been blocked and request verification of financial information such as account numbers, card numbers, or PIN. If you receive one of these calls, simply hang up.
If you received a similar call and entered your information, please contact your financial institution(s) immediately and monitor your accounts for fraudulent activity. As a reminder, never give your personal information out to an unsolicited phone call. Whenever in doubt, hang up and call your financial institution directly.
DuTrac wants to make you aware of a possible phishing scam we became aware of in recent days. When visiting the dutrac.org website, a message in the form of a pop up box reflecting the following information may be displayed:
Dear dutrac.org visitor
Your Credit Score may have changed recently. Please click here for your Free Score.
Thank you for visiting dutrac.org.
It then asks you to click on an “Accept” button to receive your Free Score. Please DO NOT click on the Accept button. This type of message is usually caused by malware on the user's computer and is not authorized by DuTrac or caused by DuTrac's website.
If you have any concerns or suspicions about a message from DuTrac, or if you have clicked on a similar message, please call DuTrac at (563) 582-1331 or (800) 475.1331.
UPDATE 4/2/2012 -- In a conference call Monday, April 2, 2012, Global Payments Inc. updated Wall Street analysts on the self-reported breach into its processing system revealed Friday and reported earnings two days ahead of schedule.
Paul R. Garcia, the chairman and chief executive, said the investigation continued but that the incident was “absolutely contained” and that there had been no “fraudulent transactions.”
The company investigation revealed that ...criminals did not obtain cardholder names, addresses and Social Security numbers. It created a website for consumers, www.2012infosecurityupdate.com, which will be live later Monday (April 2).
3/30/2012 -- The Credit Union National Association (CUNA) has confirmed that Visa and MasterCard are notifying card-issuing credit unions and banks of a possible massive data breach involving Global Payments, Inc., a U.S.-based third-party payment processor.
The potential data compromise incident at Global Payments, Inc. (an organization not in any way affiliated with DuTrac Community Credit Union) affects card account information from all major card brands. However, both Visa and MasterCard have confirmed their internal systems were not breached.
Affected account holders will be notified and, if needed, new cards will be reissued.
Members should monitor their accounts for suspicious or fraudulent activity. To report suspicious activity, or if you have been a victim of fraud, please contact DuTrac Community Credit Union at (563) 582.1331, (800) 475.1331 or your local police.
12/1/2011 -- The Better Business Bureau (BBB) has issued a scam alert cautioning businesses and consumers about an e-mail purporting to be from a bbb.org e-mail address. The e-mail contains a dangerous attachment regarding a complaint and appears to direct recipients to the BBB website. This is a scam – the BBB does not send complaints as attachments via e-mail.
The e-mail appears to come from a fake BBB employee claiming the recipient needs to review this matter and advise the BBB of their position. From there, the e-mail appears to direct the recipient to the BBB website, but actually directs them to an outside link. This e-mail is fraudulent and does not originate from the BBB. The e-mail attachment and link are malicious and you are strongly advised to not open the attachment or click on the link.
Should you receive such an e-mail, please disregard the message and report any information received to the Better Business Bureau’s Scam Source. Then promptly delete the e-mail. If you have clicked on the link, immediately do a virus scan.
To view an example of the e-mail text, click here.
11/15/2011 -- Members of an Eastern iowa credit union recently received fraudulent text messages looking to steal personal account information. Several members of Collins Community Credit Union received the phony texts, telling members their debit card had been deactivated and provided a phone number to call. The texts look legitimate, but the number is not associated with the credit union. If anyone receives a similar text, members are urged to contact your financial institution directly to confirm the message. To read the complete story, click here.
11/2/2011 -- DuTrac believes there is an ongoing phishing attempt being circulated via email. This particular phishing scam involves receipt of an email appearing to be from the Federal Reserve Bank (FRB), the Internal Revenue Service (IRS) and/or from NACHA (The Electronic Payments Association) and states that a wire transfer was canceled or that a checking account payment was recently returned and will ask you for your personal account information. These notices look official, but they are not. If you get this email, please delete it.
SHAZAM has been alerted to a “mishing” fraud attack that is targeting cardholders. The attack consists of a text message sent to mobile phones stating “Notice: Issues Found On Your Shazam 551729XX Mastercard. Please Call 13035780902!” This number currently hosts an automated recording demanding the entry of the PAN. Additional confidential information is then requested from the cardholder. These calls are fraudulent and have not been authorized by SHAZAM. As of Monday, November 8, 2010, SHAZAM has had this number disabled through the local service provider.
If you receive these text messages and telephone calls, do not release any information. If you have released information as a result of receiving one of these calls, please contact DuTrac immediately.
Iowa Corporate Central Credit Union was notified on July 6 of a fraudulent e-mail circulating from the Federal Deposit Insurance Corporation (FDIC).
The subject line of the e-mails state: "you need to check your Bank Deposit Insurance Coverage." The e-mail tells recipients that, "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets." The e-mail then directs recipients to click on a link stating "You need to visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage."
This e-mail and associated website are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information or to load malicious software onto end users' computers and should not click on the link provided.
The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.
DuTrac has received notification of a phishing scam via NACHA (the Electronic Payments Association, a non-profit association that oversees the Automated Clearing House (ACH) Network. Random individuals and/or companies are receiving suspicious e-mail titled "Rejected ACH Transaction." The e-mail tells the individual there is a problem with an ACH transaction, and includes a link to see the transaction report.
If the individual clicks on the link it directs them to a website that looks similar to the NACHA website. Both the link in the e-mail and the related website are fraudulent. The links on the website will automatically execute a virus that contains malware.
Any individual can report this phishing scam to any of the following agencies:
- Anti-phishing Working Group
- U.S. Department of Homeland Security
- U.S. Secret Service Electronic Crimes Division
- How it works: The phone rings, you pick it up, and the caller identifies him/herself as an officer of the court. They say you failed to report to jury duty and that a warrant is out for your arrest. You say you never received a notice. To clear it up, the caller says they'll need some information for "verification purposes" - your birth date, social security number, maybe even a credit card number.
- How to avoid it: This is when you should hang up the phone. Facing the unexpected threat of arrest, victims are caught off guard and may be quick to part with some information to defuse the situation. With enough information, scammers can assume your identity and empty your bank accounts.
If you receive a suspicious call regarding jury duty, please call your local district court office or your local police department. Protecting yourself is the key: Never give out personal information when you receive an unsolicited phone call.