Fraud and Consumer Alerts

How to Protect Yourself from Card Skimming

We have seen a dramatic rise in reported ATM card skimming cases over the past month.

ATM card skimming occurs when a criminal glues or tapes a magnetic card reader over the top of an existing card reader. This device fits over the top of the existing card reader and is built to look like the original card reader. In many cases, it’s nearly impossible to visually identify if there has been a skimmer placed on an ATM machine. We suggest the following three methods to protect yourself:

  • Shake and rattle the card reader. Card skimmers are placed over the top of the existing card readers using double sided tape and glue - They will not be securely fastened.  If you think something is loose, walk away and identify the owner of the ATM using the contact information on the ATM.
  • In order for a card skimmer to get your debit card information they need your pin number too. Card skimmers will often put a cover over the existing pin pad to get your pin number. Make sure to check the pin pad before typing. If it feels squishy or has a different feeling than normal, don’t use it!
  • Even if you don’t believe there is a card skimmer on an ATM machine, cover your hand while typing in your pin number. Card skimmers can have small cameras hidden on the ATM machines to extract pin numbers. 

Hackers Target IRS Website -- 4 Tips to Keep You Safe

A "sophisticated" organized crime group has stolen the personal financial information of more than 104,000 taxpayers directly from the Internal Revenue Service (IRS) website. According to the agency, the IRS recently identified a startling 200,000 attempts from the group to steal personal data.

The information that these criminals used to access the "Get Transcript" app from the IRS, includes Social Security numbers, phone number and addresses, and could easily lead to more targeted schemes. The agency says it will notify affected taxpayers about the incident, and provide free credit monitoring to those whose information was accessed.

The plot to steal this information and hijack nearly $50 million in refunds not only reveals a previous security breach, but exposes a wider new fraud that could cost Oregonians. The breach also highlights what could happen in the future if this personal information is sold on the "black market". Fraudsters who purchase this personal information could open bank accounts, credit lines and steal tax refunds in the future.

"I encourage all Oregonians to be alert for scams aimed at duping taxpayers into handing millions of dollars over to criminals like those who pose as IRS employees," said Attorney General Ellen Rosenblum. "If you believe you have been the victim of an IRS-related scam, please call the Oregon Department of Justice's consumer hotline, and we will help you find resources."

Attorney General Rosenblum has several tips to help protect your personal information and detect scams:

1. Use Multifactor Authentication: If this service is offered to you always turn it on. Usually it involves sending you a text with an additional code to enter when logging in.

2. Change Your Passwords: It is always a good idea to change your passwords a couple of times a year. Make sure these passwords are varied and unique, with capitals, numbers and special characters.

3. Don't Rely on Security Questions: Websites often use security questions such as "What is your mother's maiden name?" or "What high school did you go to?" to recover a user's account if the password is forgotten. Unfortunately, scammers can often guess the answers to these questions or find them online. Pick a question that only you know the answer to, or answer the question with an alternate password.

4. Monitor Your Credit: There are a number of free credit monitoring services out there that can help you keep track of your credit. It is best to check your credit often and immediately report any inconsistencies. Visit www.annualcreditreport.com or call 1-877-322-8228 to order a free credit report and review it for errors.

If you have fallen victim to an IRS-related scam, file a complaint with the Oregon Department of Justice online at www.oregonconsumer.gov or by phone at (877) 877-9392.

Hackers Targeting Starbucks Mobile Users

5/15/2015: Do you use a Starbucks application ("app") to pay for your coffee, pastries, or daily newspaper? If you do, you may be allowing criminals to siphon money from your bank account. The Oregon Department of Justice has learned scammers are changing the account passwords of some Starbucks customers and repeatedly transferring balances to themselves using an auto reload function available on the app. The number of transfers and the amount of money scammers could take is theoretically unlimited, as long as the customer has the auto reload feature turned on.

If you have the Starbucks app on your mobile device, Oregon Attorney General Ellen Rosenblum urges you to immediately turn off the auto reload function.

"It is important to remember that allowing apps access to your personal and financial information opens you up to significant risks, like theft. If you do choose to use mobile pay services, I suggest using strong, unique passwords and making sure any auto-pay or reload functions are turned off. Protect these mobile pay accounts like you would your bank account," said Attorney General Rosenblum.

You should also remember to:
• Not share your password with others.
• Have a different password for each account.
• Write down your password and store it in a safe place away from your phone or computer.
• Change your passwords several times a year.

If you think you have lost money to this scam, contact the Oregon Department of Justice online at www.OregonConsumer.gov or call 1-877-877-9392.

NCUA Warns Consumers about “National Credit Union” Phishing Scam

ALEXANDRIA, Va. (March 17, 2015) – The National Credit Union Administration has received reports of an online phishing scam that uses a website with a logo and a design similar to the agency’s own site in an attempt to convince unwary customers to provide information or send money.

Consumers have received emails from the National Credit Union website, which apparently originates in Australia and claims to offer services in the United States, Europe and the Commonwealth of Independent States. This website is not affiliated in any way with the National Credit Union Administration, a federal agency, and the emails are not from NCUA.

The emails attempt to persuade individuals to provide personal information, such as Social Security numbers, account numbers and login information, or transfer large amounts of money. Consumers should neither provide information to this website nor attempt to conduct any financial transactions through it. NCUA would not request personal or financial information in this manner. See NCUA’s Privacy Policy for more information.

Consumers receiving such emails should call NCUA’s Fraud Hotline toll-free at 800-827-9650 or 703-518-6550 in the Washington, D.C., area. Consumers should also contact the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center. NCUA also offers information about avoiding frauds and scams on its MyCreditUnion.gov website.

Consumers who suspect they may have become victims of identity theft should immediately contact their financial institutions and, if necessary, close existing accounts and open new ones. NCUA urges consumers also contact the three major credit bureaus—Equifax (800-525-6285), Experian (888-397-3742) and TransUnion (800-680-7289)—to request a fraud alert be placed on their credit reports.

Fake IRS Phone Calls Defrauding Taxpayers of Millions

If someone claiming to be an IRS agent calls and demands that you send a tax payment immediately, hang up. The IRS issued a warning this month that consumers across the nation are receiving a surge of aggressive, threatening phone calls from criminals impersonating IRS agents who demand immediate payment, sometimes under threat of arrest.

"If someone calls unexpectedly claiming to be from the IRS with aggressive threats if you don't pay immediately, it's a scam artist calling,” said IRS Commissioner John Koskinen. "The first IRS contact with taxpayers is usually through the mail. Taxpayers have rights, and this is not how we do business."

These phone scams remain near the top of the IRS’s annual “Dirty Dozen” list of tax scams. The Treasury Inspector General for Tax Administration (TIGTA) has recorded nearly 3,000 victims who have collectively been defrauded out of over $14 million.
Scammers alter their caller ID to make it look like the IRS calling, and use fake names and bogus badge numbers. They often leave “urgent” callback requests.

The IRS wants consumers to know that its agents will never:

  • Call to demand immediate payment, nor will the agency call about taxes owed without first having mailed you a bill.
  • Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  • Require you to use a specific payment method for your taxes, such as a prepaid debit card.
  • Ask for credit or debit card numbers over the phone.
  • Threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.
  • Use email, text messages, or any social media to discuss your personal tax issue involving bills or refunds.

The IRS also warns of phone scams asking for important personal information like social security numbers — sometimes claiming the consumer is due a refund — which can lead to identity theft.

How to Shop With Peace of Mind

Before you click, swipe, or tap to buy that “must-have” item on your holiday list, check out these tips to avoid becoming a victim of identity theft or cybercrime. General Credit and Debit Card Tips

  1. Be sure your card is returned following each purchase and that it is indeed your card.
  2. Wait for your card receipt. Never leave your card receipts at the checkout counter. Keep your shopping receipts with you, not in the shopping bags.
  3. Check your statements and watch for multiple or incorrect charges. Compare receipts to your account statements, and then destroy your receipts.
  4. Report unauthorized transactions to your financial institution immediately.
  5. Keep a list of all your card account numbers, as well as telephone numbers to call if your cards are ever lost or stolen. Make sure they're in a separate, secure place. When you get a new card, sign it immediately and don’t write your PIN on the card.
  6. When entering your PIN during a transaction, block the keypad from view of the cashier or other customers with your body or your hand.
  7. Also, your PIN can be stolen in other ways than someone seeing you type it in.

There is a heat signature left on non-metal keypads for about 15 minutes after you use it. Infrared cameras, which are easily purchased and attached to smartphones, can be used to measure this heat signature and obtain your PIN. You can prevent this by resting your fingers on other keys while typing in your PIN, which will make it more difficult for thieves to discover your combination. Running your card as credit instead of debit not only protects your PIN from preying eyes and predatory technology, but also keep your PIN and bank accounts safe in the event of a data breach.

Online and Mobile Shopping Tips

  1. Protect your mobile devices, computers, and merchant accounts with strong passwords. Use at least eight characters, with numbers, special characters, and upper and lower case letters.
  2. Update your technology. Be sure to keep the operating system, applications, and antivirus and security software updated on all of your computers and mobile devices.
  3. Limit your online shopping to merchants you know and trust, and be sure you are using each merchant’s correct website URL, rather than a misdirected, incorrect URL.
  4. Look for “https” in the URL when making an online purchase. The “s” in “https” stands for “secure” and indicates that communication with the webpage is encrypted.
  5. Pay for your online purchases with a credit card. Credit cards are protected by the Fair Credit Billing Act and may reduce your liability if your information is used improperly.
  6. Do not store your payment information. Many websites or apps let you store your credit or debit card information to make future transactions easier, but this will put your data at risk if the website is breached.
  7. Do not respond to pop-ups. When a window pops up, close it by pressing Control + F4 for Windows and Command + W for Macs.
  8. Do not give your financial or personal information over email or text. Be aware of unsolicited communications purporting to represent stores or charities.
  9. Do not use public computers or public wireless networks for your online shopping. Criminals can intercept traffic or use malware to steal credit card numbers and other confidential information via public Wi-Fi or computers.
  10. Set up payment and purchase alerts via text and email. If you notice suspicious activity, notify the credit union immediately.

Looking Forward: Additional Cyber Shopping Security Measures in 2015

We’re working hard to help you shop online, and use credit and debit cards with peace of mind of this holiday season. Look for continued improvements from retailers in the coming year.

By October 2015 both MasterCard and Visa have plans to issue chip-based cards to all customers and hold merchants with outdated equipment liable for any fraud that occurs after this point.

Take Action if You Encounter Problems With an Online Shopping Site

Contact the seller or the site operator directly to resolve any issues. You may also contact the following:• Your State Attorney General's Office - http://www.naag.org/current-attorneysgeneral.php
• Your State Consumer Agency - http://www.usa.gov/directory/stateconsumer/index.shtml
• The Better Business Bureau – http://www.bbb.org

Visit These Sites for Additional Information About Safe Online Shopping
• US-CERT (United States Computer Emergency Readiness Team) - http://www.us-cert.gov/cas/tips/ST07-001.html
• OnGuard Online - http://www.onguardonline.gov/articles/0020-shopping-online
• Microsoft - http://www.microsoft.com/security/online-privacy/onlineshopping.aspx
• Privacy Rights Clearinghouse - https://www.privacyrights.org/Privacy-When-YouShop
• Internet Crime Complaint Center - http://www.ic3.gov/media/2010/101118.aspx

Phone Scam Targeting Oregonians

The Oregon Department of Justice has learned about a phone scam targeting Oregon utility customers. Criminals posing as utility customer service agents are trying to get money and steal personal information by representing that customers' accounts are overdue and require immediate payment through unusual means.

The thieves are using sophisticated technology that makes it appear to Caller ID systems that the call is coming from the utility when it is not. If you receive a questionable call, hang up and contact your utility directly at their published toll-free phone number, not through the number provided by the scammers.

Pacific Power, Eugene Water & Electric Board, and Portland General Electric have confirmed the calls are fraudulent. (See Pacific Power's statement online at http://tinyurl.com/m3ny3dp, Eugene Water & Electric Board's statement online at http://tinyurl.com/maxn5xu, and Portland General Electric's statement online at http://tinyurl.com/lyv8xef. Other utilities' customers may be impacted as the scam continues.

If you lost money to this scam, contact the Oregon Department of Justice online at www.oregonconsumer.gov or call 1-877-877-9392.

Protecting Yourself from Data Breaches

Much work is being done by the payment card industry and financial institutions  to provide a more secure payment processing system that employs encryption and tokenization—which generates and transfers a unique code for each payment transaction, instead of the actual account number, expiration date, and account owner's name, which can be intercepted and counterfeited by hackers for unauthorized charges.

Until that happens, consumers should lock down their financial data and personal information, especially before the busy holiday shopping season begins. Here’s how.

  • Get a new replacement credit and debit card if yours was compromised. (Note: If you are a Valley Member we been proactive in contacting members whose cards were compromised and replacing them.)
  • Check your checking account and credit card activity online. You can sign up for online access or use a mobile banking app to access  your latest account information rather than waiting for the printed statement to come in the mail.
  • Be alert to post-breach phishing attempts. Hackers don’t always get everything they need to break into your accounts, so they will typically send your emails or even call on the phone to pose as your bank or card issuer to trick you into giving them the missing pieces, including mother’s maiden name, user name, password, date of birth, social security number etc.
  • If you have been compromised you should lock down your credit report with a security freeze. A security freeze essentially shuts off access to your credit history by new would-be lenders. If a hacker applies for a loan in your name, the creditor is less likely to approve it if he or she can’t see your credit file.  Freezes are typically free for victims of identity theft.
  • Get a free credit report from each credit bureau (Equifax, TransUnion, and Experian) by going to annualcreditreport.com and keep an eye out for fraudulent new accounts.  You’re also entitled to a free credit report from each bureau after you file a 90 day fraud alert, which you should do every 90 days if you’ve been a victim of any other data breach.
  • Ask merchants big or small if they are PCI-DSS compliant. If they don’t know or haven’t heard of these most basic security measures, pay with a credit card, rather than a debit card, because fraud theft from your checking/debit account can set off penalty fees for bounced checks.
  • Don’t waste money on costly identity theft protection services which can cost $120-$300 a year because you can do most of what they do for little or no cost.
  • Change your passwords regularly on your various financial accounts and use strong passwords to ward off hackers and protect yourself online.
  • Don’t panic, but take the breach threat seriously because this problem is now a fact of life until big payment card brands, financial institutions, and retailers improve the safety of the payment processing system.

As always, if you have any questions or we can help in any way, contact our Member Service team at 503-364-7999 or (800)273-6962.

Phishing Text Alert

On Friday, July 25th a member reached out to our Member Service team and informed us that he had received a text message that said “Possible debit card blockage. Please call 1-832-786-4843”

If you receive a message like this, here are some things to remember:

  1. Do not call or text this number! It is a scam. 
  2. If cards have been compromised members will always be reached out to by a phone call from Valley staff, not a text message.
  3. Valley is aware of the issue and will continue to post information regarding the phishing text online in our “Fraud and Consumer Alert” section.
  4. If you have concerns about your card, please call our staff and ask them to review your account. We are happy to take a closer look for you. 

If you believe your card has been compromised and it is after hours or on weekends, call:

  • VISA Debit Card - (888) 241-2510 (US)
  • VISA Debit Card - (909) 941-1398 (Outside US)
  • VISA Credit Card - (888) 241-2510
  • VISA Credit Card - (909) 941-1398 (Outside US)

Watch Out for Counterfeit Ticket Scams

Looking to score some hot tickets to that sought-after concert, art performance or sporting event? Counterfeit ticketing is on the rise, especially for major playoff and championship sporting events.

The Oregon Department of Justice is warning fans of all kinds to be on the lookout for scammers looking to swindle consumers with phony tickets.

Don't show up at the event with a worthless piece of paper. Attorney General Ellen Rosenblum offers the following advice to help Oregonians avoid ticket-related scams:

  1. Reconsider that eleventh-hour purchase. If you're looking to score last minute seats at a big event, you're more likely to encounter a scam artist. Most counterfeit tickets are sold right before the event, online or outside concert venues and arenas.
  2. Know the seller. Anyone can set up an online store or place an ad on Craigslist. Before transacting business with an unfamiliar source, conduct some basic internet research on the seller. Avoid anyone who refuses to provide contact information or wants to conduct the transaction over the phone or email. When purchasing on the secondary market, always ask for a receipt or money-back guarantee of authenticity.
  3. Put it on plastic. Avoid purchasing tickets from any seller who asks you to pay them by wire transfer, money order or a pre-paid debit card, like Green Dot Money Pack. Not only is the ticket likely to be fake, these methods of payment provide no recourse to consumers who are victims of a scam. Whenever possible use a credit card or account-to-account transfer service such as PayPal. If the tickets you purchased aren't delivered, are not as advertised, or are counterfeit, you can dispute the charge.
  4. Be skeptical of offers too good to be true. Scam artists often use the lure of cheaper tickets to swindle unsuspecting fans. Consumers should beware of any offer that sounds too good to be true. Check the seller's offer against the going rate of tickets sold directly from the venue, a promoter or an authorized ticket seller, either online or at the box office.
  5. Know how to spot a fake. Real tickets will often bear certain authenticity features to distinguish them from counterfeits. Learn how the tickets you want to purchase are supposed to look and feel; watch for flimsy paper, smeared ink or uneven margins.
  6. Location, location, location. Before making a purchase, ask the seller about the seats you will be purchasing with the ticket. Check ticket agencies for views of seating charts and the dates of games, concerts or shows scheduled for the venue. Confirm that the event will take place and that the section, row and seat number on your ticket corresponds with an actual location in the stadium or theater.
  7. Report fraud. If you have a problem with an online purchase or charge, try to work it out with the seller first. If you can't resolve the problem or feel you are the victim of a scam, file a complaint with the Oregon Department of Justice, at www.oregonconsumer.gov.

Tips from the Better Business Bureau:

Don't Get Tackled by Counterfeit Sellers

Target Credit Card Breach

Important: If you have shopped at Target between November 27, 2013 - December 15, 2013 and have used either your debit card, credit card, or your Target REDcard contact Valley Credit Union immediately. If a Valley Credit Union employee has contacted you within the last 48 hrs regarding your account the above message may be disregarded. Please continue to monitor your accounts as we work through this together.

Article: By now, most of us have seen the news release about the 40 Million Credit Cards compromised at Target this past week. Target has now confirmed that there has been a breach to their system that could affect shoppers who have used their credit cards during the time period of November 27, 2013 – December 15, 2013.

“Target says customer names, card numbers, expiration dates and three-digit security codes are at risk. The type of data stolen — also known as “track data” — could make it possible to create counterfeit cards by encoding the information onto any card with a magnetic stripe. If PIN data for debit transactions also was intercepted, thieves theoretically would be able to reproduce stolen debit cards and use them to withdraw cash from ATMs...”

“Target said on its website Thursday that it is working with a third-party forensics team to investigate the breach “and to examine additional measures we can take that would be designed to help prevent incidents of this kind in the future.” Financial institutions were notified immediately after the breach was discovered, the company said.”

Valley Credit Union advises our members to do the following:

  • Verify activity on your account using the online banking program.
  • Check account balance using the audio account: 503-364-2865
  • Always check monthly statement for all transactions on accounts.
  • Call members services to check transactions.

Valley utilizes additional software to identify suspicious transactions. In the event of fraudulent activity we will alert our members and block the account. Cards will then be reissued.

If you are a member and have a Target Red Card (Target’s reward Debit Card), you should contact member service immediately so we can take action to prevent fraud.

If you would like more information on the issue search Google News with the wording: “Target Credit Card Breach” or visit Target to hear their official statement.

10 Tips for Holiday Shopping!

November 26, 2013- Just in time for the holiday shopping season, Oregon Attorney General Ellen Rosenblum has 10 practical tips to help you watch your wallet, shop wisely, and protect your personal information online.

  1. Protect your personal information. Take the time to read the website's privacy policy and understand what personal information is being requested and how it will be used. If there isn't one posted, assume that your personal information may be sold to others without your permission.
  2. Know the seller. Anyone can set up an online store. Before you make a purchase from a seller you do not know, visit Be InfORmed, the Department of Justice's online database of consumer complaints. The database - available online at www.oregonconsumer.gov - will show if other Oregonians have expressed concern about a seller and how the seller responded to those concerns. Also, confirm the seller's physical address and phone number in case you have any problems or questions.
  3. Stay away from pop-up ads. Many pop-ups unleash viruses or spyware on your computer when you click on them. Do not click on these ads and make sure you have the latest firewall and anti-virus software installed on your computer to protect against any online attacks.
  4. Review shipping policies. Make sure that a retailer has not changed its shipping, return and exchange policy on Black Friday or Cyber Monday. Some retailers declare sales on these days are final and items purchased cannot be returned or exchanged. Also confirm the store does not charge a restocking fee on a returned item or charge excessive shipping and handling fees in an effort to recoup some of the cost on sale items.
  5. Keep a paper trail. Print and save records of every online transaction you make, including the product description, price, copy of your receipt, and any correspondence with the seller. These records will be important if you have a problem with the seller, product or service.
  6. Be skeptical of offers too good to be true. Scam artists often lure shoppers to their websites with outrageously low prices or offers of free products. Before you buy, shop around to get an idea of how much other retailers are asking for the same or similar items. Even at steep discounts, retailers tend to price similar items within a general price range. Remember: ʺif it sounds too good to be true, it usually is.ʺ
  7. Stick to secure websites. If you shop online, always verify that the website you are purchasing from is secure. Although there is no foolproof indicator, a secure or encrypted website address should begin with HTTPS rather than HTTP, and you should see the icon of a lock in the address bar.
  8. Use plastic wisely. Consider using a credit card instead of a debit card. Credit cards make fraud easier to discover because they give shoppers more time to notice unauthorized charges, notify their credit card company and promptly report any unauthorized transactions. If you notice unauthorized charges, notify your credit card company of the issue, and have them removed from your bill.
  9. Create a budget and stick to it. It is easy to get carried away when shopping online, and you may be inclined to spend more than your budget permits. Decide ahead of time how much you want to spend, and resist impulse buying, especially if you do not know how good a deal you are really getting.
  10. Report fraud. If you have a problem with an online purchase or charge, try to work it out with the seller first. If you can't resolve the problem, file a complaint with the Oregon Department of Justice, at www.oregonconsumer.gov.

Hang Up On Credit Card Imposter

November 19, 2013 - The Oregon Department of Justice has recently learned Oregonians are receiving pre-recorded messages from imposters claiming to be from MasterCard. The recordings claim the consumer's credit or debit card has been "locked" and they need to enter their 16-digit card number immediately to "unlock" the card.

MasterCard has stated it does not solicit personal or account information from cardholders in this or any other manner and that cardholders should not provide their account information in response.

Attorney General Ellen Rosenblum urges Oregonians to simply hang up the phone if they receive a recorded call seeking cardholder account information, such as account number or PIN. "DO NOT press a button to talk to a sales person, and never give personal information or credit card numbers over the phone unless you have initiated the contact or you are sure you know who you are dealing with," says Attorney General Rosenblum.

If you think you have fallen victim to these imposters, contact the Oregon Department of Justice online at www.oregonconsumer.gov or call 1-877-877-9392.

In general, consumers who have any concerns about the security of their payment card accounts should contact the financial institution that issued the card.