Fraud Alert

SCAM ALERT – August 8, 2014

Russian hackers might have your info — now what?

 by Amy Hebert, Consumer Education Specialist, FTC

You may have heard about it in the news: reports that Russian hackers have stolen more than a billion unique username and password combinations, and more than 500 million email addresses, grabbed from thousands of websites. What should you do about it? We asked our resident expert, Maneesha Mithal, director of our Division of Privacy and Identity Protection.

Q. How do you know if your information was part of this hack?

A. You really don’t, so don’t take any chances. Change the passwords you use for sensitive sites like your bank and email account — really any site that has important financial or health information. Make sure each password is different so someone who knows one of your passwords won’t suddenly have access to all your important accounts. We have some tips for creating strong passwords — strong, as in hard to guess.

Some online services also offer “two-factor authentication.” To get into your account, you need a password plus something else, like a code sent to your smartphone, to prove it’s you. We recommend that people use this service when it’s available.

If you think your email account might already have been affected by a hack, here’s what you can do.

Q. Is creating new passwords enough?

A. Once you have strong passwords, you need to keep them safe. Think twice when you’re asked to enter usernames and passwords, and never provide them in response to an email. For example, if you get an email or text that seems to be from your bank, visit the bank website directly rather than clicking on any links — which could contain malware — or calling any numbers in the message. Scammers impersonate well-known businesses or the government to trick you into handing over your information.

Q. Is there anything else you can do?

A. It’s unlikely this will be the last time you’re affected by a hack or data breach. One way to increase the chance you’ll catch someone trying to misuse your information is to review your credit card and bank account statements regularly. If you see charges that you don’t recognize, contact your bank or credit card provider right away and speak to the fraud department.

You also can check your credit reports for free every few months at or call 1-877-322-8228. Your credit report includes information about your credit card accounts and other bills you pay, so it’s a good way to find out if someone has opened credit in your name. You’re entitled to a free report every 12 months from each of the three credit bureaus — Equifax, Experian and TransUnion. If it turns out you are a victim of identity theft, you can find the steps you should take to deal with it at

Last but not least, send this post to your family and friends to make sure they know what to do, too.

Q. How can someone make sure this doesn’t happen to them again?

A. Unfortunately, you can’t. But by taking these steps, you can lessen the odds scammers will get a hold of your information, and also minimize the consequences if they do.

SCAM ALERT: July 29, 2014

Court tells tech support scammers to pay up

by Nicole Vincent Fleming, Consumer Education Specialist

A U.S. District Court recently ordered the operators of several international tech support scams to pay more than $5.1 million for convincing people that their computers were riddled with viruses and then charging for bogus support services.

We’ve written before about tech support scammers. They call and claim to work for well-known companies like Microsoft, Norton or McAfee. They say your computer is infected with malware and then ask for remote access so they can “fix” it. Or they place ads in online search results to trick you into calling them.

You might have gotten a call like this:


A 2012 FTC crackdown on tech support scams led to the recent court order. Unfortunately, new scammers pop up quickly. If you get an urgent call from someone who wants remote access to your computer, hang up and report it at

SCAM ALERT: July 15, 2014

Drivers Beware of This E-ZPass Scam

By Christine DiGangi

As if driving on toll roads wasn’t already an annoying experience, drivers now have to watch out for a scam targeting E-ZPass users. The Metropolitan Transit Authority of New York (MTA) issued a warning to toll-road travelers to watch out for an E-ZPass phishing scam that popped up recently: It’s an email to consumers saying they haven’t paid a toll and need to rectify the debt as soon as possible.

How to Spot a Scam

Phishing is an identity theft strategy in which scammers impersonate a seeming legitimate company or person in an attempt to have you divulge your personal information or account credentials that can then be used by thieves to hijack your accounts. Email is essentially the master key to your life – bank accounts, social media and personal interactions – which is why it’s such a coveted target for identity thieves.

The fake E-ZPass email looks like it comes from the company (the bottom even shows a link to its phishing policy, next to its privacy policy and terms and conditions), and it asks the recipient to download the invoice for his or her unpaid toll. It’s pretty convincing, and if you’re the kind of person who gets flustered by a notice of outstanding debt, it’s easy to feel like you should download the bill and take care of it ASAP.

The real E-ZPass doesn’t send emails to people if they miss tolls. The same is true for a lot of companies following up on debts (like the Internal Revenue Service, for example), so if you receive an email asking you to pay up, you should call customer service before clicking anything.


Fraud Alert: October 16, 2013

New scam targets utility customers
Source: Duke Power

Duke Power recently emailed this fraud alert to residential and business electric customers to warn them of the ongoing scam.

Fraudsters have developed a clever and all-too-successful ruse to steal money from homeowners and small businesses across the country. All it takes is a phone call and a bunch of convincing lies.

These phone bandits claim to be from your local power company. They pretend they’re calling to let your know your account is delinquent and that service will be disconnected unless you pay it right away. To add credibility to their con, they often use “spoofing technology” that makes your caller ID display the name and phone number of the local utility.

“It’s a despicable scam,” said North Carolina Attorney General Roy Cooper. “They’re trying to scare you into giving them money by threatening to take away something that’s critically important to you. And they know that if they do this enough, they’ll get a few people who will do what they want.”

Duke Power received so many reports about these deceptive calls in its service territory (North and South Carolina, Ohio, Kentucky, Indiana and Florida) that it has launched a public awareness campaign. It included radio commercials, a message on billing statements, social media outreach, and a fraud-alert email sent to residential and small business customers.

It’s happening all across the country. When a scam works, it spreads. And that’s what’s happening with this one.

Protect yourself

Fraud experts say this scam is going to be around for a while, so you need to be alert and know the warning signs. It’s easy to spot once you understand how utility companies operate.

Your power company will never call you and threaten immediate service disconnection. A lengthy process takes place before the plug is pulled. Typically, multiple written notices are sent to the customer when the account is delinquent.

Your power company will never call and demand payment via a prepaid debit card.If you get a call like this, hang up. The caller might insist he is with your power company; the caller ID on your phone might display the name of your utility. But it is a scam—hang up.

If you’re concerned about your account, call the utility using a number from an old bill, or look it up on the Web. Don’t use the number on your caller ID.

Fraud Alert: August 12, 2013

There has been a Fraud Alert issued to local financial institutions. Members may be receiving text message from 832-510-2291 stating: “This message is regarding your compromised Visa card starting with 4056.”

Please beware of any texts messages, emails or phone calls allegedly from any financial institution that asks you to provide them with your Credit Card/ATM/Debit Card Number and/or PIN. If you receive such communications regarding your Pinnacle plastic card; please hang up or do not respond.

Pinnacle FCU does not solicit personal information via text, email or over the phone. If you feel that you have fallen victim to this scam, please report your card to one of the following numbers:

Pinnacle FCU VISA® Consumer Credit Card: (800) 558-3424
Pinnacle FCU VISA® Business Credit Card: (800) 552-8855
Pinnacle FCU Debit or ATM Card: (800) 528-2273

One of our partnered representatives will be able to assist you. If you have any questions, please feel free to contact us at 732.225.1505 ext. 250 or