In addition to the helpful tips posted on this site to educate and protect members against scams and fraudulent activities, DuTrac Community Credit Union will also periodically add special alerts and warnings regarding current scams.
If you are unsure about any type of request for financial information, please contact DuTrac directly to confirm the validity of the message before sending money or releasing any information.
Recent Warnings and Alerts include:
- New Business Email Compromise
- Alliant Energy Scam
- New Text Scam Alert
- Cedar Rapids Credit Card Scam
- Casey’s General Store Skimming Alert
- NCUA Warns of Website Scam
- Counterfeit Bills in Dubuque
- Kmart Credit Card Breach
- The Home Depot Credit Card Breach
- Fraudulent Telephone Calls Claiming to be SHAZAM
- Internet Explorer Flaw
- Heartbleed Bug Online Security Threat
- Area Residents Warned of More Fraudulent Texts
The FBI has issued an alert regarding the Business E-mail Compromise attacks. This scam continues to evolve and target businesses of all sizes.
In a recent Public Service Announcement, the FBI alerts businesses of executive emails being hacked in an attempt to request personally identifiable information or a W-2 from a Human Resources or Auditing Department. The intention in this variation of the compromise appears to target the stealing of personal data rather than facilitating fraudulent wire transfers.
Please be diligent in confirming all email requests of this manner.
Click here to visit the FBI’s website for further alert details.
A few local businesses have received a scam call from someone posing as the Alliant Energy Company claiming to shut off the power to their building if they do not bring money down to Dollar General right away. This should raise a red flag as Alliant Energy will not shut off power due to cold temperatures and Dollar General does not wire money. They could be targeting residential homes as well.
If you have received this call please contact your local police department.
Members have reported receiving text messages stating their check/cards have been blocked. This message is not being sent from DuTrac. If you have received this message please disregard it. Contact your local DuTrac office with any further questions or concerns.
The Cedar Rapids police department is warning community members about a credit card scam.
According to a statement issued by the police, citizens have been receiving phone calls claiming that their credit cards have been blocked and they need to enter their 16 digit card number to unblock them.
Financial institutions will never ask for credit or debit card numbers over the phone and you should never release your card information over the phone in calls you did not initiate. If you receive any of these calls please hang up immediately and do not provide any information.
Casey’s General Stores, Inc confirmed credit card skimming devices were found in six store locations:
- 11200 140th St. Pl., Davenport, IA
- 4150 W. US Highway 30, Grand Island NE
- 13941 Highway 6, Waverly, NE
- 705 2nd Avenue, Kearney, NE
- 108 W. 8th, Wood River, NE
- 15275 Weir Plaza, Omaha, NE
- 115 E. Nobes Road, York, NE
The devices were discovered at fuel pumps at the locations listed above and have been removed. Casey’s launched a company-wide examination of all pumps at all locations. Customers of the Nebraska locations who used the pumps between October 2 and October 10, 2015 and those who used pumps at the Iowa location between October 15 and October 21 should monitor their accounts for any unauthorized activity.
If you would like a new card issued please call The Members Group at 1-800-234-5354.
The Credit Union National Association released a statement warning consumers of a new online scam. The scammers are using a website with a similar design and logo to that of the National Credit Union Administration (NCUA) in attempts to convince consumers to provide sensitive information or send money.
According to the NCUA, consumers have received fraudulent emails from the National Credit Union website (which is not affiliated with the NCUA). Consumers should not provide information to this website or attempt to conduct financial transactions through it. The NCUA would not request personal or financial information in this matter.
Consumers who suspect they may have become victims of identity theft should immediately contact their local DuTrac office.
Learn more about this scam here or access the NCUA Fraud Hotline here.
The Dubuque Police Department have received reports of counterfeit bills circulating the area. The fraudulent bills have ranged from $10 to $100. Police are warning residents to be extra cautious when using money and carefully examine the bills.
If you believe you have a counterfeit bill please contact your local DuTrac office or contact the Dubuque Police Department. Other detection methods for counterfeit bills can be found here.
In a statement posted to Kmart’s website, the company stated Kmart’s IT team detected the payment data system had been breached and immediately launched a full investigation. Based on the forensic investigation to date, no personal information, debit card PIN numbers, email addresses or social security numbers were obtained by those criminally responsible. The data breach has been contained and the malware removed.
If you have not used your debit/credit card at a Kmart store, DuTrac does not have reason to believe your DuTrac card information was compromised in this latest breach. DuTrac continuously monitors for fraud and if we notice any irregular activity we will notify you individually.
DuTrac is asking all DuTrac cardholders that shop at Kmart to be mindful of suspicious emails with links or messages that request sensitive information, as well as suspicious emails with links or messages that request sensitive information, as well as suspicious phone calls attempting to get this type of information. If you suspect fraud, immediately place a call to the number on the back of your credit card for assistance or contact a DuTrac financial services consultant at (800) 475.1331.
In a statement posted to The Home Deport website, Tuesday, September 2, The Home Depot disclosed that they were investigating a possible breach of their payment data systems. Recent reports have confirmed that those systems have in fact been breached, which could potentially impact any customer that has used their payment card at a U.S. and Canadian Home Depot store, from April forward. The Home Deport further reported that they do not have any evidence that the breach has impacted stores in Mexico or customers who shopped online at HomeDepot.com.
The Home Depot is offering free identity protection services, including credit monitoring, to any customer who has shopped at a Home Depot store in 2014, from April on. You can learn more about the identity protection services and how to sign up for them athttps://homedepot.allclearid.com/.
If you have not used your debit/credit card at a Home Depot store, DuTrac does not have reason to believe your DuTrac card information was compromised in this latest breach. DuTrac continuously monitors for fraud and if we notice any irregular activity we will notify you individually.
DuTrac is asking all DuTrac cardholders that may shop at The Home Depot to be mindful of suspicious emails with links or that request sensitive information, as well as suspicious phone calls attempting to get this type of information. If you suspect fraud, immediately place a call to the number on the back of your credit card for assistance or contact a DuTrac financial services consultant at (800) 475.1331.
SHAZAM has been notified of an issue where cardholders are receiving fraudulent telephone calls from someone claiming to be from SHAZAM, Inc.
During these calls, the fraudster asks the cardholder for personal information, such as a primary account number (PAN) and PIN.
If you receive this call do not give out any of your personal information and please contact your local DuTrac branch immediately. You can do so by emailing email@example.com or calling (800) 475.1331.
Microsoft has announced a recently-discovered exploitable flaw within its Internet Explorer versions. Internet Explorer versions 6-11 are vulnerable and at risk.
This vulnerability can be exploited after a user visits a hacked or malicious website. According to Microsoft, “An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” Microsoft is currently working on a patch to fix this vulnerability, but no release date is currently known.
In the meantime, there are a few simple steps you can take to protect yourself.
1. Consider using a different browser such as Mozilla Firefox or Google Chrome.
2. Make sure your spyware and anti-virus software is up-to-date.
3. Use caution when clicking on links and opening emails from unknown addresses.
DuTrac will keep its members updated if there are any new development with the Internet Explorer flaw.
Due to DuTrac’s network and its system architecture, DuTrac can state that its network and related systems that contain member information are not susceptible to Heartbleed and that members’ funds and information continue to be safe and secure. DuTrac’s IT team has made, and continues to make, its ongoing review of its website and electronic delivery channels for security.
For members’ ongoing safety, privacy and security, the best protection against Heartbleed and other similar attacks, is to maintain strong passwords on any website that requires login credentials and to change those credentials regularly.
As always, DuTrac recommends members continue to monitor their monthly statements and accounts for unauthorized transactions or apparent fraud. If fraud or unauthorized transactions are noted, please contact DuTrac immediately for assistance.
The Dubuque Police Department has issued a statement regarding another text or “smishing” scam in the area. The fraudulent texts appear to originate with a financial institution, asking the recipient to provide personal information to confirm identity or a similar type of message. This is a scam. Do not reply to the text, call the number or provide any account information.
Although these texts may appear to come from a legitimate source, numbers on caller ID or text message can be masked to hide the actual originating number. Residents are urged to use caution whenever personal or account information is requested.
If you have received a similar text, simply delete the message. Do not call the number or reply to the text in any way.
If you have already given out any account information, please contact your local law enforcement, notify your financial institution(s) and begin monitoring your accounts for suspicious or fraudulent activity.
DuTrac Community Credit Union will never request your account number via text message or email. The best course of action is to contact your financial institution directly to confirm the validity of any questionable text, email or phone call.
Similar scams have also been reported in February and November of 2013.