Reminder: TruMark Financial will never call asking for your account number, PIN, debit or credit card number (including the 3 digit code on the back), or any other personal identifying information. If anyone contacts you purporting to be from a financial institution or another agency and asks for personal information, money, or gift cards, please be diligent. Do not share any personal information with them. If you think you’ve become a victim of a scam, please call 1-877-TRUMARK. Please note: TruMark Financial may send texts and emails to the phone number or email address on record to verify identification before accessing your accounts.
Fraudsters constantly search for new and clever ways to lure money and personal information from unsuspecting people. At TruMark Financial, protecting your information is a priority. We are committed to raising awareness and educating employees and members to protect confidential information. Take action to protect your personal and financial information. Keep online and offline transactions secure by reviewing security alerts, recognizing common scams, and protecting your identity. Below are current scams to be aware of and how to reduce risk to you/your accounts:
In an email bomb scam, fraudsters find a way to compromise an account and then send an uncontrollable surge of spam email messages to fill up an email inbox. The email bomb is typically designed to distract the user from seeing valid emails generated due to fraudulent purchases or financial account updates or transactions.
A fraudster may call, email, or mail a letter asking for personal information (e.g., Social Security number, credit card number, bank account information, or password) in a phishing scam. They have a way of falsifying their identity and may even appear to be a known company or claim to be from a trusted financial institution. If you are unsure if the person who contacted you is authentic you should independently reach out to the business on your own using a known phone number or website instead of accepting an unsolicited contact. Most legitimate companies will not contact you this way asking for personal information.
Smishing scams have the same goal, but come in the form of a text message. They may try to get you to click on a link or send sensitive information.
If you are unsure if a text message is genuine contact the business directly using a known phone number or website instead of accepting an unsolicited contact.
One-Time Password Bots
Scammers are now using one-time password bots to trick people into sharing authentication codes that are sent to them via text or email. The bots may initiate a robocall or send you a text imitating a legitimate company. The voice bot tells you they need to verify if a charge is authorized and tells you to input the code that you received via text if you didn’t make the charge. In reality, the bot is attempting to log in to your account, which triggers the system to send you the code. If you share the code, the scammer can then log into your account. As a reminder, you should never share a one-time password with anyone. If you receive a one-time passcode via text from Apple Pay, Samsung, Pay, or Google Pay, and didn’t sign up for mobile wallet, do not give out or enter the one-time passcode into any system.
Fraudsters are turning to peer-to-peer payment apps as a means to steal money. In one case the fraudster may email, text, or call you pretending to work for your financial institution’s fraud department. They’ll claim that a thief was trying to steal your money through the peer-to-peer payment app and they will walk you through “fixing” the issue. Then they’ll instruct you to send money to yourself, but the money will actually go to their account. In another case, an unknown person may “mistakenly” send you money through a peer-to-peer payment app and ask you to send it back or forward it to someone else. If you do so and your financial institution later determines that their payment was fraudulent, the sum of the payment will be subtracted from your account. Always contact the peer-to-peer payment app directly if you receive money from an unknown person.
Card cracking schemes target college students or recent graduates who are likely cash-strapped and the fraudsters use social media to do it. Here’s how it works:
- A fraudster sends you a social media message to make quick cash
- Enticed by the promise of money, you provide the scammer a debit card, PIN, or online credentials, giving them direct access to your account
- The fraudster deposits a fake check in your account
- Money is withdrawn immediately at an ATM
- The fraudster gives the accountholder a kickback
- You call the credit union/bank to report a lost or stolen card or compromised credentials
- The credit union/bank reimburses the stolen funds to you
- You are now a criminal accomplice
Pop-up scams occur when cybercriminals take over a web browser with a hard-to-close window declaring that your computer is infected with viruses and pressures users to call a phone number for help. The phone number connects to a call center where high-pressure salespeople demand remote computer access. After “finding” serious but fictional problems, the scammers ask for hundreds of dollars for equally fictitious or useless repair and security services.
Mobile deposit scams may happen when a person receives an offer for a free smartphone and is asked to provide their bank information for a supposed “credit check”. The fraudster uses that information to access the person’s mobile banking app and then deposits a fraudulent check. The fraudster will withdraw cash against it before the financial institution spots the fake check, leaving the accountholder responsible for any funds withdrawn.
Post Office collection box theft
The rise of identity theft has criminals targeting your mail. There has been a significant increase in the amount of checks being intercepted, altered, and cashed after being dropped in USPS collection boxes.
USPS tips on how to prevent mail theft:
- The most secure way to send mail is through the local Post Office retail counter. If that is not feasible, the next safest way is to use the inside collection slots that deposit mail directly into the Post Office.
- If using the Postal Service’s outside blue collection boxes, never deposit mail after the last dispatch time. Each box has dispatch times printed on a label, and it will point you to the location for the latest pickup time in your area. Avoid depositing mail during the night, Sundays, and federal holidays.
- If you witness someone going into a collection box or mail delivery receptacle during non-postal work hours, contact your local police, and notify postal inspectors at 877-876-2455.
- Sign up for Informed Delivery so that you will be notified about mail that the USPS expects to deliver to your mail receptacle.
- Do not allow your mail to sit overnight in mailboxes. If you are going out of town, submit a mail hold order to pause your delivery of U.S. Mail.
- If you think you are a victim of mail theft, contact local law enforcement and the United States Postal Inspection Service. In addition to the Postal Service’s reward on mail thieves, robbery of an on-duty postal employee carries a reward of up to $50,000. Tips can be made anonymously via 877-876-2455, or postalinspectors.uspis.gov.