Below is a summary of the specific fraud attempts.
Please remember that ESFCU will NEVER ask you to verify your PIN. Please, do not give your personal or financial information to anyone over the phone. If you are unsure, please contact us. Call/text 620-342-3336.
Summary of Incident:
A credit union in our part of the country has recently experienced an influx of pin-based fraud with our debit cardholders. From what we have gathered, the member is receiving a text message appearing to be from the credit union, and even includes the correct phone number. This “alert” is very similar to legitimate fraud alerts. Around the same time, there is a small (usually $0.01) transaction attempted on the card (various merchants and locations are being used for this “test transaction”). This spikes a risk score, and the legitimate fraud department reaches out via email to verify the fraud with a real case number listed.
The “fraudster” somehow sees this legitimate alert and then calls the real fraud department, pretending to be the member cardholder and verifies NO fraud with the case number given, leaving the card open for transactions. The ”fraudster” then calls the member and gives them the real case number that was on the email and asked them to verify the Walmart charge (that is also on the fake text message) and tells the member that they believe they are seeing this fraud because they have given out their pin number and asks them to verify the pin so that they will know if this is correct or not.
The member gives the pin number and then the call ends and the “fraudster” then uses the card number with, what we assume is counterfeit cards, as a pin-based transaction at ATMs and grocery stores.
We have been told that, on at least one occasion, the fraudster told the cardholder they would take care of blocking the card and getting any lost funds back to the member’s account (presumably hoping that would deter the member from following up.)
We were notified yesterday from another Credit Union in Kansas that one of their members also received the same text message from the “fraudsters,” and the same sort of events happened and ATM withdrawals were made.