COVID-19 Scams and Fraud

Financial Institutions and Government Agencies Impersonation

We are hearing that criminals are impersonating financial institutions and government agencies over email and voicemail and asking credit card account holders to provide personally identifiable information (PII).  Criminals in possession of card details and other forms of PII are spoofing phone numbers from financial institutions to fool cardholders into thinking that text messages and phone calls are actually coming from their financial institution’s fraud department. To help keep your member’s information safe, we encourage you to remind them that:

  • Neither you nor your credit union fraud department will ever ask them over the phone for their PIN, CV2 codes or Expiration Dates.
  • A text alert warning of suspicious activity on a card will NEVER include:
    • A link to be clicked. Cardholders should never click on a link in a text message that is supposedly from us.
    • Vague reference to a “Merchant” transaction; details should be included
    • Requests for cardholder data such as card numbers, PINs, CV2 Codes, Expiration Date
  • A text alert from us will always be from a 5-digit number and NOT a 10-digit number resembling a phone number.
    • A valid notification will provide information about the suspect transaction and ask the cardholder to reply to the text message with answers such as ‘yes’, ‘no’, ‘help’, or ‘stop’.
    • A text caller ID will be 20733 if you use the standard call center, or 37268 if you use the premium call center (please refer to FYI 17504 for more details).
  • A phone call from a call center agent will only include a request for the cardholder Zip code, and no other personal information, unless the cardholder confirms that a transaction is fraudulent.
    • Only then will the cardholder be transferred to an agent, who will ask questions to confirm the cardholder’s identity before going through the transaction history. If, at any point the cardholder is uncertain about questions being asked or the call itself, they should hang up and call us directly.
  • If a call is received by the cardholder, claiming to be your Call Center and asking to verify transactions, no information should have to be provided by the cardholder other than their Zip code, and a ‘yes’ or ‘no’ to the transactions provided.

WHO Impersonation

Criminals are contacting individuals and claiming to work for the World Health Organization (WHO) to solicit data. If you or a member is contacted by a representative claiming to be with WHO, verify their authenticity before responding and remember, the WHO will never:

  • Ask you to login to view safety information
  • Email attachments you didn’t ask for
  • Request you visit a link outside of www.who.int
  • Charge money to apply for a job, register for a conference, or reserve a hotel
  • Conduct lotteries or offer prizes, grants, certificates, or funding through email
  • Ask you to donate directly to emergency response plans or funding appeals

WHO also is warning the public about email phishing scams that ask people to provide personal information, click a suspicious link, and/or open a malicious attachment. According to its website, WHO will not transmit email from addresses ending in ‘@who.com,’ ‘@who.org,’ or ‘@who-safety.org.’ The organization also is encouraging people to visit their website instead of clicking links in emails.

The Federal Trade Commission is warning consumers to ignore online offers for vaccinations or cures claiming they can prevent the Coronavirus. Consumers also should do their homework before making donations to charities or crowdfunding sites to confirm the legitimacy of the organization, and never wire money or send gift cards.

The U.S. Securities and Exchange Commission is encouraging people to be cautious about investment opportunities in companies claiming “the products or services of that publicly-traded companies can prevent, detect, or cure coronavirus.”

Remember, criminals prey on peoples’ vulnerabilities and they pay attention to news headlines. By staying diligent and communicating about these latest threats with our members, credit unions can help prevent fraudulent activity.