Fraud Prevention and Security

What are they? Money mules are people who receive and move money that came from victims of fraud. Some of them are aware they’re supporting criminal activity, but others don’t realize that their actions are tied to fraud.

You could be supporting fraud if someone you don’t know sends you money and you agree to forward or transfer it. This often occurs when people are recruited through an online job ad or social media post promising easy money for minimal effort. Sometimes people agree to help a love interest they’ve met online or over the phone receive and send money. This is known as a romance scam.

What to do if you think you or someone you know may be involved in a money mule scam

Serving as a money mule can have serious legal and financial consequences for you. If you think you may have been involved in a money mule scam, here’s what to do:

1. Stop communicating with anyone who asked you to move money or property .
2. Notify your financial institution and consider changing your accounts.
3. Report the scam to local law enforcement and at reportfraud.ftc.gov.

This kind of fraud can involve anyone, so it’s important to stay alert and watch out for money mule scams.

For more information, visit the Department of Justice’s Money Mule Initiative web page.

Learn more about how to protect yourself and others from fraud and scams.

Scannable quick response codes (better known as QR codes) have become more commonplace in recent years, particularly at restaurants where they often replace physical menus. While most QR codes are legitimate, they also carry a risk of fraud — just like any other method of opening a link.

Keep these tips in mind to protect yourself from QR code scams:

• When you scan a QR code, check to confirm that the URL is correct; fake URLs often look very similar to the real web address, but with subtle typos or misplaced letters.
• Also take a careful look at the website and check for red flags such as distorted graphics, misaligned text, altered font, or general poor quality.
• Avoid making payments or entering your financial information via QR codes. Instead, manually type out a trusted URL.
• Avoid downloading apps from a QR code.
• Use your phone’s built-in camera to scan QR codes. Most phones don’t need a separate scanner app, and using one can put you at risk of downloading malware.
• When scanning a physical QR code, make sure it hasn’t been tampered with; scammers sometimes place stickers of fraudulent QR codes over the real ones.

Spring is prime season for many tax-related scams and identity theft. Watch out for the following red flags, and contact the IRS for assistance right away if you suspect you’ve been targeted for fraud.

• You receive a threatening call from someone claiming to be with the IRS. Some scammers pose as IRS employees to trick victims into paying fake tax debts. They may demand immediate payment, often in the form of gift cards or prepaid debit cards, and threaten you with arrest or other consequences if you don’t comply. Don’t fall for this — it’s a lie, and any money you send will be lost.
• There is unauthorized activity on your IRS account. If the IRS notifies you of activities on your account that you don’t remember taking — such as creating a new account in your name, accessing your account, or disabling your account — it might be a sign of identity theft. 
• Your e-filed tax return is rejected due to duplicate filing. If you e-file your tax return and the IRS rejects it because there is a duplicate filing under your Social Security number, it could be a result of fraud. 
• You receive a suspicious notice from the IRS. If you receive a letter from the IRS about a tax return you don’t remember filing, it might mean that someone has stolen your personal information. 
• Your IRS records include extra income you don’t recognize. If you are asked to amend your tax return because the IRS has records of unlisted income, check to see if you actually received the income and forgot to include it in your tax return. If you don’t recognize the income, it might be an indicator of tax-related identity theft.

Romance or online dating scams often start out simple and take time to develop. These criminals are savvy and take their time gaining a victim’s trust, often starting out with small deceptions before working their way up to major fraud. 

Internet dating scams tend to follow a similar pattern, so watch out for these red flags when you’re getting to know someone new online:

• An attractive stranger gets in touch through a dating or social media site, claiming to live in another part of the country or overseas. 
• They appear smitten and eager to get to know you, and they may quickly suggest moving your conversation to a more private channel, such as email or chat. 
• Over time, the relationship may start to feel close, but your plans to meet always fall through for one reason or another. 
• Eventually, they claim to have an “emergency” and ask to borrow money, usually in the form of gift cards, prepaid debit cards, or wire transfer.
• They promise to pay you back but never do, and instead they keep asking for more money.

Keep the following tips in mind to help guard against romance fraud:

• Take your time getting to know someone new, especially online. Ask a lot of questions, and be wary of any inconsistencies. 
• Don’t give out personal details such as your last name or place of employment to someone you’ve only met online.
• Check the person’s profile photo in an internet image search. If it shows up elsewhere with a different name attached, there’s a good chance it’s been stolen for fraud.
• Watch out for overly flirtatious or complimentary emails. When in doubt, paste the text into a search engine and see if any matches come up.
• Cut off contact immediately if you suspect someone may be trying to swindle you, and report that person to the dating app or website you are using.
• Don’t assume you’re safe just because you made the first move; many scammers create fake profiles as bait and wait for victims to get in touch.

In this widespread type of fraud, criminals pose as tech support staff from a trusted company to gain access to your computer. They may call you on the phone, but most often they will contact you through a pop-up window in your internet browser, claiming that your data or security is at risk and urging you to call a toll-free number immediately. 

If this happens to you, STOP.

• Do not click on any links or call the phone number provided.
• Do not send any form of payment, including gift cards.
• Do not provide information about your bank accounts or credit/debit card.
• Do not let anyone take control of your computer.

Take these steps to further protect yourself:

• Report the incident at ftc.gov/complaint, and include the phone number you were asked to call.
• Install security software from a reputable company and keep it up to date.
• If you need help with your computer, get help from a trusted professional; don’t just rely on an internet search.
• Spread the word if you are targeted by this type of scam. Raising awareness can help keep others safe.

If you receive an email or text message with the subject line “USPS Failed Delivery Notification” (or something similar), do not open it. These emails look almost identical to official notifications from legitimate shipping services like the USPS^®, UPS^®, or FedEx^®, but they contain fraudulent information. 

These messages instruct customers to click on a link to resolve a made-up delivery issue. Clicking on the link activates a virus, which can steal personal information such as usernames, passwords, or financial account information.

Gift cards sold through online auction sites are often fraudulent or stolen. To avoid getting mixed up in a costly scam, it is safer to purchase gift cards directly from the merchant or retail store. 

Avoid purchasing gift cards “off the rack” at retail stores. If gift cards are not stored behind a counter, thieves may steal the gift card code or use a device to scan the magnetic strip on the back of the card. They will then monitor the card online until it is activated and redeem the card's value online without you or the recipient knowing. 

When you buy a preloaded gift card, ask the cashier to scan the card to make sure the full amount is available. Also, check to make sure the packaging has not been tampered with or damaged. If you have the option, it is a good idea to register your gift card with the retailer as well.

Using your laptop, tablet, or smartphone at Wi-Fi hotspots in public places is convenient, but often those networks are not secure. Information you send through an insecure Wi-Fi connection might be accessed by someone else and stolen.

One way scammers do this is by setting up a Wi-Fi signal with the same name as complimentary one; this is known as the “evil twin,” and it works similarly to a phishing scam. If you connect to an evil twin network, your personal or financial information can be intercepted by the scammer during normal-seeming transactions. 

To protect your information when using public Wi-Fi hotspots, it is better not to use your credit card. Send information only to sites that are fully encrypted, and avoid using mobile apps that require personal or financial information while using a public network.

With more and more shopping being done online, members often report that they have placed orders for products that never arrive. In many cases, this is the result of fraud. 

Scammers post listings online for products they do not actually own. When they receive an order, they use a stolen credit card to purchase the item from a third party and have it shipped directly to the buyer. Then they charge the buyer’s credit card and keep the purchase price for themselves. They may also use the buyer’s credit card information to make further purchases to perpetuate the scam.

If you purchase an item from an online seller but receive the shipment from someone else, it is a strong indication of fraud. To avoid these scams, use caution and don’t provide payment information directly to the seller. Instead, always use a legitimate payment service to ensure a safe, legitimate online purchase.

Online fraudsters pose as legitimate delivery services and offer reduced or free shipping to customers through auction sites. They provide fake shipping labels to the victim and do not pay for delivery of the packages. Then the delivery service providers intercept the packages for nonpayment, and the victim loses the money they paid for the purchase.

To protect yourself, diligently check each seller’s feedback ratings, along with their number of sales and the dates on which feedback was posted. Be wary of any seller with 100% positive feedback, a low number of feedback postings, or ratings that were all posted around the same date.

Criminals are contacting MCCU members by phone or text to trick them into revealing their financial information. They may ask for your online banking login information, ask you to provide or “verify” one-time passcodes sent by text, or ask for your card numbers and account balances. If this happens, hang up.

Remember, MCCU will NEVER call, text, or email to ask for your online banking login credentials, or for your credit/debit card information — including your PIN or the three-digit code on the back of your card.

Some scammers use the names of well-known companies like Amazon or Apple to gain your trust and then tell you there’s something wrong with your account — a suspicious purchase, an account breach, or problems with an order or return. They will give you a phone number to call or instruct you to press 1 to speak with someone. Don’t do either. Hang up. It’s a scam, and they’re trying to steal your personal information.

Beware of offers for free or low-cost travel from companies you haven’t heard of or done business with before—especially if they contact you out of the blue saying you’ve won a “free vacation.” These so-called luxury travel packages often involve steep hidden fees or are entirely fake. Protect yourself by working only with travel companies you can verify are trustworthy, and by getting all the details (including cancelation and refund policies) in writing before you pay for anything. Beware of anyone who pressures you to “sign up to claim your prize,” and never give out your credit card number to anyone who claims they need it to “verify” your identity.

Scammers have been caught pretending to sell products in high demand, like masks and hand sanitizer. They establish a fake company website or Facebook page and accept payment for supplies but fail to deliver the goods. Eventually, the company website disappears and so does your payment. To be safe, don’t buy from a site or business you’ve never heard of before. Also, don’t click on links from an unrequested email or text.

Imposters can pose as representatives of a familiar charity. Never donate to a charity with cash, a gift card, or by wiring money.  Instead, go to the charity’s secure website and make the payment directly. Here are some additional tips to help you plan your donation.

Be wary of calls or emails from doctors or hospitals claiming to have treated a friend or relative for COVID-19 and demanding payment. If you suspect COVID-19 health care fraud, report it immediately online or call 800-HHS-TIPS (800-447-8477).

The Internal Revenue Service (IRS) warns taxpayers and tax professionals about a new IRS impersonation scam email. The email subject line may vary, but according to the IRS, recent examples use phrases like "Automatic Income Tax Reminder" or "Electronic Tax Return Reminder". The emails include links that are meant to look like the IRS website with details about the taxpayer's refund, electronic return or tax account. The emails also contain a "temporary password" or "one-time password" that purports to grant access to the files. However, these are actually malicious files. Once the malware files are installed on your computer, scammers may be able to secretly download software that tracks every keystroke, giving the bad guys access to information like passwords to your financial accounts. Don’t be fooled: the IRS does not send unsolicited emails and never emails taxpayers about the status of refunds.

The internet is full of great resources to make life more convenient, but just like in the physical world, it’s important to be careful with your valuables online — and keep in mind that in the digital world, information is the most valuable thing of all. 

Scammers, hackers, and other criminals are skilled at stealing sensitive data from unsuspected victims, such as their passwords, Social Security numbers, and financial account numbers. That’s why it’s important to learn how to secure your devices, network, and information.

General Tips

• Ensure use of the correct  mobile banking app.
• Ensure your mobile device is updated with current operating systems. These updates may include critical security updates or patches that assist in security effectiveness. 
• Consider password-protecting your mobile device.
• Install antivirus software on your mobile device. 
• Secure your accounts and devices with strong passwords. Use a minimum of 12 characters and avoid words that are common or easily guessed.
• Don’t use the same password for multiple accounts.
• Choose security questions that can’t be easily guessed or obtained from publicly available information.
• Be extra careful with accounts that contain personal information, such as social media, email, and bank or credit union accounts.
• Set up payment apps to require a passcode, PIN, facial recognition, or fingerprint authentication before making a payment.
• Don’t send account numbers, passwords, or other personal information by email or text message.
• Treat your passwords and security questions the same way you’d treat your wallet, cash, or credit cards — keep them protected and don’t save them to your device.
• Don’t store passwords on your phone. 
• Don’t use public Wi-Fi for online purchases or financial transactions. 
• Report suspected identity theft right away at IdentityTheft.gov.

Tips for Business Members

• Stay educated on risks associated with business e-mail compromise risks. A good resource is the Federal Bureau of Investigation. 
• Perform a mobile and online banking risk assessment at least once per year. Items to consider:
  • Are employees who have access to your business’s mobile banking app listed on the current corporate resolution with MCCU?
  • Do you run background checks on any business user of mobile or online banking?
  • Do you filter SPAM e-mails? 
  • Do you have firewalls in place to protect your network?
  • Does your device (mobile or computer) have updated antivirus software?

Just like any other payment method, Zelle can be targeted by criminals and scammers. Keep these important safety tips in mind to guard against fraud when using Zelle. 

• If you receive a call saying that a Zelle transaction is canceled, don’t give out any information over the phone — even if the caller claims to be from your financial institution. Hang up and contact your financial institution using a published phone number to ask about the transaction.
• Don’t rely on caller ID to verify who’s calling; it can be modified to show false information. 
• Refunds are not issued through Zelle. If someone calls and offers you a refund through Zelle, hang up and call your financial institution. 
• Your financial institution will never call to ask for information you received via text.
• Don’t let yourself be pressured into providing information immediately by phone, text or email. Scammers often create a false sense of urgency as a manipulation tactic.

Summer’s finally here, and for many of us that means it’s peak travel season. No matter where you’re off to this summer, follow these tips to avoid some common financial pitfalls while you’re away from home.

1. Set up online banking

MCCU’s free online banking platform lets you pay your bills, monitor your accounts, transfer funds, access your statements, and more — whether you’re at home or away.

2. Tell us your plans

It’s easy to inform us of your travel plans, right from online banking — just click the “travel notification” link or send us a message. Let us know your travel dates and where you’ll be going, and we’ll update your account to avoid disruption to your service. 

3. Scout out ATMs in your area

As an MCCU member, you have access to a network of thousands of surcharge-free ATMs across the country. When you need cash, use the MoneyPass ATM locator to avoid costly fees.

4. Download the MCCU-Mobile app

Our free mobile banking app offers all the same services as online banking, right from your smartphone. It even includes additional offerings like mobile check deposit, which lets you safely deposit paper checks using your phone’s camera, and Card Secure, which lets you control your debit card usage and spending on the go.

5. Avoid public WiFi

Public WiFi is easy to hack, so avoid it when you can — and most importantly, be sure never to make purchases or financial transactions unless you’re on a secure network.

6. Safeguard your documents

Keep your passport and other documents locked in your hotel safe when you aren’t using them. It’s also a good idea to keep a photocopy of your passport and credit cards, along with a list of important contacts in case your phone, wallet, or passport gets lost or stolen. (Just be sure to keep the copies locked up as well!)