Visa Fraud News

Sun, Sand and Scams: Beware of the Timeshare Resale Scam

Do you own a timeshare property? Be warned; that unsolicited telephone call informing you that there’s a buyer interested in your vacation property might be coming from rip-off artists in what could be a timeshare resale scam.

In this type of scam, the fraudster calls a timeshare property owner claiming to have an interested buyer. The fraudster then asks the timeshare owner to sign a contract and pay a transaction fee – usually with a credit or debit card – before the alleged sale can proceed. In reality, the buyer never existed and the contract was for advertising services only. And once the fraudulent reseller has your money, don’t expect to hear back. The fraudulent reseller will typically avoid your calls, deny refund requests or stall.

Visa and the Federal Trade Commission have teamed up to offer the following tips to help you spot a timeshare resale scam:

Don’t agree to anything on the phone or online until you’ve had a chance to research the reseller. Contact the Better Business Bureau (www.bbb.org), state Attorney General (www.naag.org), and local consumer protection agencies (www.consumeraction.gov) in the state where the reseller is located. Ask if any complaints are on file.
Before you sign a contract with a reseller, get the details in writing and make sure that the contract spells out the services the reseller will perform as well as any fees, commissions, and any other costs you must pay and when.
Ask if the reseller’s agents are licensed to sell real estate where your timeshare is located. If so, verify it with the state Real Estate Commission. Deal only with licensed real estate brokers and agents, and ask for references from satisfied clients.
Ask how the reseller will advertise and promote the timeshare unit. Will you get progress reports? How often?
Ask about fees and timing. It’s preferable to do business with a reseller that takes its fee after the timeshare is sold.

If you believe you may be a victim of a timeshare resale scam and have not been able to resolve the issue directly with the merchant, call the financial institution that issued your credit or debit card to dispute the charge. You also can report your experiences to the FTC. For additional information on timeshare resale fraud including see Selling a Timeshare Through a Reseller: Contract Caveats and Time and Time Again: Buying and Selling Timeshares and Vacation Plans.

Global Payments Phishing Scam

We recently heard reports that, in the wake of the Global Payments data compromise, some scam artists are taking advantage of the news to try and extract card payment information directly from consumers. Callers pretending to be from Visa or a financial institution are asking consumers for payment card information and claiming they need it for fraud management or security reasons. This type of phishing scam is known as “vishing” or voice phishing. If you receive such a call, proceed with caution. Visa does not call or email cardholders to request their personal account information.

What this shows is that criminals are fast moving and opportunistic. They may take advantage of the fear, confusion and uncertainty that data breaches can create to perpetrate vishing and phishing scams without actually having any information originating from the breached entity.

Phishing can happen in many ways including by email, text message or phone. Here are four tips to keep in mind:

1. Consider all email requests for personal or payment information to be suspicious.
2. If in doubt, call the number printed on the back of your payment card and verify the request.
3. Don’t rely on your caller ID to verify the legitimacy of a caller. Fraudsters have ways of tricking the caller ID into thinking the call is from a different number or organization. Similarly, fraudsters can make the “From” line in an email address appear to come from someone or somewhere other than the actual source.
4. Just because an email has a company’s logo on it does not make it legitimate.

View our interactive graphic on how to spot an email phishing scam. For more advice on how to avoid phishing, click here. Report any suspicious emails or calls to phishing@visa.com or to the FTC’s Complaint Assistant.

If you believe your payment card data may have been compromised in a data breach, read our Fraud News post with additional helpful information.

If you suspect that you may have disclosed personal information such as your Social Security number to a fraudster, you may be at risk for identity theft. Contact your bank and one of the three nationwide consumer credit reporting bureaus – Equifax, Experian or TransUnion – immediately.

How We Help Protect Consumers in the Event of Third-Party Data Breach

When Visa becomes aware of a data breach at a third-party that handles payment card information, our first priority is to protect cardholders. We work closely with the breached entity and issuing banks in order to heighten monitoring of potentially compromised accounts and minimize fraud losses.

Knowing that your payment data may have been stolen is unsettling, but the good news is that in most cases stolen payment data is never actually used to make fraudulent charges. However, in the rare event that fraud does occur, we protect U.S. cardholders through our Zero Liability policy, which ensures that you won’t be held responsible for that charge.

We have numerous layers of protections in place to help keep our cardholders safe, but cardholders can play an important role in their security, too, by regularly monitoring their accounts for unusual activity and reporting suspicious charges to their issuers.

For more information on what to do in the event you believe your payment data has been compromised, click here.

Are You Sharing Too Much Information Online?

Equipped with enough personal information, identity thieves can wreak havoc with your finances, take over your bank account or make purchases using your payment information.

According to a new study released by Javelin Strategy & Research, incidents of identity theft rose 10 percent in 2011 compared to the prior year. Javelin advises consumers to pay close attention to what they share on social media sites. Even seemingly innocuous information such as your mother’s maiden name, your high school mascot or the name of your pet can help a thief gain access to your accounts.

Think you’re doing a good job of protecting your information? Take the following safety quiz to find out: http://www.idsafety.net/quiz.php

For safety tips on how to help protect your identity or to read more about Javelin’s study, click here. If you suspect you have been the victim of identity theft, contact Call For Action at 1-866-ID-HOTLINE or visit www.callforaction.org for free, confidential assistance.

Hang Up on Fraud

From time to time we receive reports from consumers letting us know they’ve received a telemarketing call from someone claiming to be from Visa and asking for personal information like a credit card or social security number. If you receive such a call -- proceed with caution. It could very well be fraud at work in a scam sometimes called “vishing” or voice phishing.

Visa does not call or email cardholders to request their personal account information. Also important to know is that Visa’s call centers do not make telemarketing calls.

Phone fraud takes on many forms, and you shouldn’t rely on your caller ID to determine whether the call you’ve received is legitimate. Fraudsters can trick your caller ID into thinking the call is coming from a different number or organization, a tactic known as phone spoofing. So if you get a fishy call from someone requesting your payment card information, hang up and report the situation to the FTC and your issuing bank. You can find your issuing bank’s phone number on the back of your credit or debit card. To limit telemarketing calls, you also can register your number with the FTC’s National Do Not Call Registry.

Be very careful about providing your account or personal information over the phone unless you initiated the communication yourself or have positively verified the source.

For more information on how Visa protects consumers, visit our website and read “Don’t Make a Scammer’s Vish Come True” on the Visa Fraud News blog.

Think you know how to catch a phish?

March 4 – 10 marks National Consumer Protection Week across the U.S. In support of this important week, we’re introducing @VisaSecurity on Twitter. Much like what we try to do on this website, @VisaSecurity will be a one-stop resource for consumers on the latest payment security news, including information on scams and fraud prevention advice.

In addition, we’re challenging consumers to see if they know how to catch a phish. A phish is an email that attempts to trick the reader into submitting valuable personal or payment information. These types of attacks are on the rise. According to RSA, phishing attempts jumped 37 percent in 2011 compared to 2010 and resulted in an average of $4,500 in stolen funds per attack.

Even more troubling is the fact that fraudsters are deploying increasingly sophisticated phishing tactics which can take the form of an email, text message, phone call or postal mail. Fraudsters can make their phish appear to be from banks, payment card companies and other organizations you know and trust. So remember, proceed with caution any time you’re asked to provide personal or payment information.

Think you know how to catch an email phish? Test your knowledge and learn the top five tips to avoid getting caught by the phishing hook here.

Super Bowl-bound? Read These Tips Before Planning your Trip

Planning to watch the big game live? Avoid the spate of Super Bowl scams that make the rounds this time each year by keeping the following tips in mind:

Tickets: Avoid ticket scams by buying your tickets from a legitimate, trusted merchant to ensure you aren’t left standing in the cold on February 5. Ticketmaster is listed on the NFL Super Bowl XLVI website as the official ticket exchange of the NFL. If you decide to buy from another source, the Better Business Bureau has a list of business reviews to help substantiate a business’ legitimacy. And don’t forget -- when going through the online checkout process, make sure the URL in your browser begins with “https.” The “s” stands for secure and means that the transaction information you enter is encrypted.
Hotel/Airfare: Fraudsters are also trying to make a buck selling bogus airfare and lodging packages. As with tickets, buy from a well-known travel agent or travel website. Additionally, if making a reservation through an agent or travel website, you also may want to call the airline or hotel separately after making your booking to ensure your reservation is in the system.
How to Pay: Paying with a credit card provides an extra layer of protection. The Fair Credit Billing Act allows consumers to dispute charges for goods or services that weren’t received.

For additional advice and tips, check out the BBB’s recent news brief.

Merchants Getting Snagged by Phishing Hook

There has been a trend in e-mail "phishing" scams aimed not at the usual suspects – consumers – but instead at merchants.

Fraudsters are using e-mails that look as though they are from legitimate financial institutions, transaction processors or other businesses to lure merchants into providing sensitive account information, passwords, login credentials or other payment transaction information.

The e-mail may also include a link, which when clicked, leads to the fraudster's website or computer where malicious software – “malware” – is downloaded to the merchant's computer and gathers private information.

As always, be wary of any requests for sensitive information. If you receive a suspicious email, do not click on any links. Instead, pick up the phone and call the company directly using a phone number you know is legitimate.

Keep Your Holiday Happy: Tips for smart, secure online shopping

The holidays are here and many shoppers are choosing to stay in and log on to get their Christmas shopping done. But when shopping from the safety of your own home, be careful to safeguard your personal information and avoid suspicious websites, emails and promotions.

A new CNET video explains several preventive measures consumers can take to stay safe. So go ahead -- put your feet up and enjoy a cup of hot cocoa as you finalize your gift giving…but keep these useful to tips in mind to ensure a very, merry fraud-free holiday:

Keep your computer’s virus protection up to date
Create strong passwords that aren’t easy to guess (hint: avoid these top 25 worst internet passwords)
Ignore emails from senders you don’t know, especially if the sender is requesting money or your personal information
Shop at stores you know and trust and, before entering your payment information, make sure the website’s URL begins with “https://” which indicates a secure connection

And remember: in the unlikely case that fraud does occur, Visa’s Zero Liability policy means you won’t be held responsible for fraudulent purchases made with your card or account information.

Happy Holidays!

Watch Out for Phishing Emails Purporting to Come from the BBB

The Better Business Bureau recently issued an alert warning businesses and consumers about and email phishing scam that appears to originate from a bbb.org email address. The fraudulent email asks consumers to follow up on a recently filed complaint and contains a malicious attachment and link.

If you receive such an email, do not open the attachment or click on the link. Instead, report any information directly to the BBB’s Scam Source and then delete it.

Phishing emails such as this have the potential to cause significant disruption to your computer and/or gather information without your knowledge. Always open suspicious emails with caution – particularly if it contains a request for personal information. If you have any doubts about an email’s trustworthiness, look up the sending institution’s or company’s phone number separately (don’t call any phone numbers listed in the suspicious email) and contact the company directly to verify the legitimacy of the inquiry.

For additional tips on how to stay safe online, see our Tips for Preventing Fraud at VisaSecuritySense.com.

Don’t be a Turkey this Thanksgiving: Be aware of discounted gift card scams before shopping this holiday weekend

With Black Friday and Cyber Monday just a few days away, it’s an opportune time to remind shoppers that there are some gift card discounts you should be weary of. While gift cards are budget friendly and save you the headache of trying to guess exactly what your loved ones want this Christmas, it’s important to be careful of scams when deciding where to buy a gift card.

The Better Business Bureau recently warned consumers to watch out for a discounted gift card scam that has surfaced recently. Here’s what the scam looks like: a shopper responds to an ad on Craigslist for a gift card that is being re-sold at a bargain price. When the shopper tries to redeem the card value at the store, the card either doesn’t work or has no value remaining on it.

Fraudsters are becoming increasingly sophisticated in their ability to trick consumers. The best way to avoid scams this holiday season is to visit www.visa.com/gift and find a reputable online or local merchant to purchase from. If you’re going to take your chances and buy a gift card from a stranger, let your common sense prevail: if it’s too good to be true, it probably is.

For additional tips on how to stay secure while shopping in stores and online this weekend, check out our fraud prevention tips at Visa Security Sense.

Small Businesses Fraud Tips from the Better Business Bureau

We recently came across this great set of security tips posted online by the Better Business Bureau. It was such a perfect reminder of all that is at stake, and the relatively simple steps each small business can take to help ensure no one falls victim to fraud.

Each year the BBB is inundated with complaints from small businesses caught in fraudsters' webs. Perhaps it is an invoicing scam or being duped into paying for something they neither asked for nor wanted.

There are costs to fraud that go far beyond and far deeper that the merely financial—the harm to a business’s hard-won reputation chief among them. The article was quick to remind us that often fraudsters are simply after data or an identity under which to perpetrate their further scams.
Knowledge and vigilance are keys to beating fraud. However, it never hurts to run down the list of well-known fraud types, so here they are:

Directory Scams – A fraudster calls your business asking to update an entry in an online or printed business directory. The services are billed and paid for, but no listing is ever placed.
Office Supply Scams – Fraudsters sometimes target small business owners by billing for office supplies that were never ordered hoping the business won't notice.
Overpayment Scams – Be wary when a customer "mistakenly" overpays and then asks you to wire a refund. Later, when your financial institution goes to withdraw funds on the original payment, the fraudster's account is empty. You do not get paid, and the refund you wired is gone.
Data Breaches – An unauthorized leak of data, such as your customers' social security and credit card numbers, birthdates, addresses and more, can devastate the trust you have worked so hard to build.
Vanity Awards – Beware of business "awards" in which you are required to pay for anything—trophies, plaques, and certificates. Many are just moneymaking schemes with no merit.
Stolen Identity – Fraudsters may pretend to be your company for the purpose of scamming your consumers. While you may not lose financially, the damage to your company's reputation can be devastating.
Phishing E-mails – Phishing e-mails have been targeting small businesses to break into their computer networks. Fraudsters will claim to be the IRS pursuing an audit or even the Better Business Bureau claiming to have received a complaint. Don't click on any links or attachments in a suspicious e-mail.

There seems to be no end to the creativity that fraudsters can muster in their attempts get your personal information or your money. Knowing their tactics and a few simple security tips—like these from the Better Business Bureau—you and your small business can beat fraudsters and stay fraud free.

And, as always, you can always stay up on the lasts fraud alerts and helpful security tips right here at Visa Security Sense.

Help Celebrate National Cyber Security Awareness Month

October is National Cyber Security Awareness Month. It’s also the first anniversary of launching Fraud News and the VisaSecuritySense.com website. The theme for National Cyber Security Awareness month this year is “Our Shared Responsibility.” Many consumers want to take an active role in managing and protecting their payment card account. In fact, a study by Javelin Strategy & Research found more than half of consumers view the responsibility for protecting financial accounts from fraud is equally shared between themselves and their financial institution.

With that in mind, like to mark the occasion by encouraging readers to review the many helpful tips we’ve offered here already. We hope VisaSecuritySense.com has played a part in empowering cardholders and business owners with information to help prevent fraud and increase awareness about important protections and available resources.

Visa joins with the National Cyber Security Alliance (NCSA) in marking National Cyber Security Awareness Month, now in its eighth year. The public-private partnership is focused on providing Americans with the information they need to stay safe online, whether shopping or surfing the Internet.

Additional National Cyber Security Awareness Month resources:

SMiSh Smash, Avoiding a Text Scam Bath

Recently, the Massachusetts Attorney General’s office reported that it has received hundreds of complaints from consumers who received text messages attempting to gain access to bank accounts and Social Security numbers. This is just the latest in a growing and persistent form of fraud known as SMiShing, for "SMS Phishing." In other words: text message fraud.

SMiShing usually involves a text to your mobile phone asking you to call a phone number and enter personal data, but sometimes it may be a link to a website where you are asked for private information.

Subtler SMiShing schemes may even appear totally harmless, asking for information that seems unimportant.But don't be fooled. If you respond to a text message, the fraudsters may be simply confirming the validity of your phone number, which then gets put in a database and sold down the line.

What should you do if you receive a suspicious text message from a bank or other party? The best and easiest tactic is to assume fraud first and call your financial institution—at a number you trust—to confirm the authenticity of the request. You can also report suspicious messages to the Federal Trade Commission at 1-877-FTC-HELP (382-4357) or www.ftc.gov.

Of course, be sure to visit VisaSecuritySense often for all the latest scam alerts and security tips to beat fraudsters at every turn.

Card Security Tips for the Savvy Summer Traveler

With the summer vacation season in full swing, it’s important to keep a few security tips in mind when it comes to traveling with payment cards. While most payment card transactions go through without problems, savvy consumers can help protect themselves from unauthorized purchases. Card security tips consumers should keep in mind while traveling include:

If traveling outside the United States, inform the bank that issued your card which countries you will be visiting, and for how long.
Keep a copy of your bank's name, its customer service phone numbers, and your Visa account number in a convenient place – separate from your card. Toll-free numbers may not work internationally. If you don’t have the bank’s direct number, dial Visa’s help line at 1-800-VISA-911 or 1-303-967-1096.
Report lost or stolen cards and/or unauthorized transactions to your financial institution issuer immediately.
Limit the number of payment cards and other personal information that you carry in your wallet or purse.
Be aware of your surroundings when entering your Personal Identification Number (PIN) at an ATM or at the checkout.
Don't leave your cards in your car’s glove compartment. An alarming number of payment card thefts are from car glove compartments.
Save and check all receipts against your statement.

Cyber Thieves Can Make Social Networking Risky Business

Social networking can keep us connected to family and friends and help us stay in touch with news in real time. However, today’s cyber criminals can view social networking sites as rich and valuable sources of personal data. Using crafty schemes, they can loot your private information piece by piece and gather enough data to raid your identity and online accounts.

Reduce your exposure. A few simple steps can minimize risk on social networking sites:

Get familiar with privacy and security settings.
Security and privacy settings can limit access to your information. Become familiar with them and update them often. Be sure to opt out of sharing your data when you add new apps.
Don’t give away your birth date.
The day, year and location of your birth can help an identity thief unlock your financial identity. Also, beware of giving away answers top common security questions such as your mother’s maiden name, high school or hometown.
I’m in Hawaii – make yourself at home.
It’s better to post vacation photos after you return, rather than letting potential burglars know when your home is empty. And, think twice before publishing your home address on social networking sites.
Don’t provide password clues.
Your social network profile can give away password clues such as your pet’s name or favorite football team. Your passwords should be unique and difficult to guess. For example, you could choose a password that doesn't contain a readable word, mix upper and lower case letters, or use a number or symbol in the middle of the word. Most importantly, don’t use the same password for every site you visit. Read here for more tips on creating tough passwords.
Don’t friend strangers.
Be wary of friending people online you don’t know in real life, even if they seem to be connected to people in your network. A 2011 survey showed that nearly 13 million U.S. adults will accept any social media connection request from a member of the opposite sex, regardless of whether or not they know that person. Just because someone is connected to a friend of yours doesn’t mean he or she is trustworthy.

Charity Scams: Reach Out, Be Smart

A recent blog post on Forbes.com highlighted, sadly, that criminals have been quick to jump on the tragedy in Japan as an open invitation to commit fraud. People around the world have received spam and phishing attempts seizing upon the desire to help.

Some fraud victims have been lured to fake YouTube, CNN, Facebook, or Twitter pages that are really just Trojan horse efforts to infect computers with malicious software. As the Japan tragedy confirms, cyber crooks will stop at nothing and they have at their disposal a number of electronic tools to perpetrate their crimes to get personal data, financial information, payment card numbers and more.

We thought it the perfect time to review a few of our tried-and-true fraud-busting tips:

Never click on an attachment or a link in an email you don't trust. Your computer could be infected with a virus or malware meant to steal your personal information.
Block pop-ups, they are a popular tool for fraudsters as a portal into your computer. They can even push bogus pop-ups to you via legitimate websites.
Never provide usernames, passwords, credit-card numbers, bank account details, Social Security numbers, or other personal information electronically unless you initiated the communication.
Especially for immediate tragedies, be vigilant and verify the legitimacy of the charities you are considering.
Keep your virus protection up-to-date and install a spam filter and an anti-spyware program.
Report any suspicious emails or other communications to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

As Japan has reminded us, it is natural to want to help victims of natural disaster. Don't let fraud or identity theft add to your grief: follow these simple steps and you can be sure that your donation goes to those who truly need it, and not into the waiting hands of a criminal.

As always, you can visit VisaSecuritySense.com to keep up on the latest fraud alerts and tips to make sure you stay fraud free.

Epsilon Email Security Breach

In a security breach, online marketer Epsilon has fallen victim to a hacker who gained access to client names and e-mail addresses from numerous well-known U.S. companies and institutions.

Luckily card fraud is not a primary concern with this compromise, but phishing and spamming could be. A criminal who now knows that you shop at a certain retailer can direct a very convincing phishing email to you. The email may seem more credible because you’re familiar with the supposed sender and it could reference your full name. This type of very directed phishing scam is called “spear phishing.”

Consumers should be on the lookout for spear phishing scams. If you receive a request by email asking for personal financial information, please use utmost caution and assume that it is fraudulent. You can also get some great tips for avoiding "spear phishing" e-mails in this fraud alert we put out just a few weeks ago.

While Visa was not affected by the Epsilon incident, this is another opportunity to remind you that Visa never solicits or requests personal financial data by email or phone.

As always, you will find lots of valuable anti-fraud and security tips, as well as all the latest security alerts, right here on VisaSecuritySense.com. With a bit of vigilance and a few time-tested tips, you can help protect yourself from fraud before it happens.

Fraud Targeting Small Businesses

It is encouraging when anyone posts an opening for a job, especially when that poster is one of America’s hardworking small businesses—the backbone of our economy and the key to a robust recovery.

It is with appropriate concern then that we have learned that these small businesses are increasingly falling victim to fraud and scams, particularly when posting new job openings.

It starts like this: Your business posts a job opening online only to be targeted by cyber criminals who send emails and resumes laced with malware, viruses and other programs of ill-intent that destroy data, slow computers or, worse, steal valuable personal information from your business. Most recently, a new type of malware has been discovered that gives hackers direct access to banking information.

In another form of fraud targeting small businesses, according to the IC3, the FBI's Internet crime unit, small business owners are receiving emails with a cleverly disguised, exceedingly convincing phony receipts that mask malware. The malware infests your computer, scooping up valuable sensitive financial information and sending it to the criminals. This scam has been particularly effective on sellers in online marketplaces.

Beating these new types of fraud is not complicated. Vigilance is key, says the IC3. A few tips are all it takes to protect your small business from fraud. First, be sure virus scan software is on and up-to-date. To further protect your business, the FBI even recommends not doing online banking on the same computer you receive email job submissions.

With a few insights and some simple steps, America’s small businesses can be sure they don’t fall victim to fraud. Be sure to return to VisaSecuritySense.com to stay on top of the latest fraud alerts and the easy tips you need to stay fraud free.

Did I Really Miss Jury Duty? (Or Was I Just the Victim of Identity Theft?)

Word is spreading of a new wave of an old sort of identity fraud. This type preys upon our collective civic responsibility. In this sting, a caller claims that you have failed to report for jury duty and that there is a warrant for your arrest.

The caller will likely claim your arrest is certain, but the matter can be resolved quickly over the phone...if you can just verify some personal information—your Social Security number, birth date and maybe even a bank or credit card account number. Fraudsters always seem to want the same data, no?

With this information, the criminal on the other end of the line can take your identity and use it get credit cards and loans, even expensive medical services all in your name.

Reports of "jury duty scam" first surfaced in 2006 and seem to be on the rise again. Don’t be fooled when your caller ID says the call is from a local courthouse either. Fraudsters can easily fool caller ID using "spoofing" products that let them steal the identity of any phone number they want, just as easily as they would like to steal your identity.

But, what if I really missed jury duty? How will I know? If you suspect you are the target of a jury duty scam, don’t give out any personal information. Check that the call is legitimate by calling the courthouse yourself and speaking with a clerk.

Fraudsters are clever, to be sure, but they can always be undone by caution and due diligence on the part of well-informed people like you. To make sure you stay fraud free, be sure to visit VisaSecuritySense.com frequently to keep up with the latest scam alerts and lots of helpful tips on beating card fraud and identity theft.

Be Wary of Fake Receipt Scam, Warns FBI’s Internet Crime Unit

If you’re a small business owner, you should be pay very close attention to that receipt in your e-mail inbox. That’s the warning recently issued by IC3, a division of the FBI tasked with investigating Internet crime.

A new scam takes particular aim at sellers at online marketplace websites. Criminals are generating very convincing, yet phony receipts, according to the IC3. In reality, the receipt is actually a form of malware – an executable file designed to scoop up a company’s sensitive financial information and transmit it back to the fraudsters.

“Many sellers on these markets will ask the buyer to send them a copy of the receipt should the buyer run into trouble, have orders go missing, lose the license key for a piece of software, and so on,” the IC3 bulletin explains. “The scammer relies on the seller to accept the printout at face value without checking the details.” Vigilance is the key, advises IC3.

Seniors at Risk for Scammers Seeking to Snare Passwords

Americans of all ages are logging on to computers in ever-greater numbers to conduct online banking and other financial transactions. Recently, AARP published tips to help seniors better protect their passwords from would-be hackers. The tips could not have come at a better time. According to the 2011 Identity Fraud Report released by Javelin Research, seniors are far less likely to use the privacy settings provided on social media sites.

Javelin’s James Van Dyke writes, “Think about the information that is available so freely, and tell me it doesn’t remind them of the questions customer service agents ask when giving you your lost password back: birthdate, social security number, favorite pet’s name, even the first car and high school name. Is anyone using Facebook to stay in touch with their high school classmates?”

Van Dyke urges seniors to place better protections such as anti-virus software on their computers and to refrain from posting personally identifiable information that can be used by criminals to guess passwords.

Get a Password Makeover for Stronger Security

Chances are, the password you’re using isn’t very strong. If you're like a large percentage of people identified in a survey on password use, you change passwords infrequently (if at all) and use just one password for all your accounts.

Weak passwords are an open invitation to criminals to wreak havoc on our financial accounts. For small business owners, it may be an open door into your payment system, placing your customers’ account information and their trust in you in jeopardy. Not only do some business owners have weak passwords, but often times they fail to change the default passwords that come with their payment systems – and are well known by hackers.

Fortunately, there are steps that you can take. An article in Slate summarizes rules from several experts on how to make your password less vulnerable to hackers, including:

“Choose a password that doesn't contain a readable word. Mix upper and lower case. Use a number or symbol in the middle of the word, not on the end. Don't just use 1 or !, and don't use symbols as replacements for letters, such as @ for a lowercase A—password-guessing software can see through that trick. And of course, create unique passwords for your different sites.”

By beefing up your password strength now, you can save yourself a lot of hassle later.

Phony White House e-Card Causes Holiday Hangover

A story by security blogger Brian Krebs serves as a reminder that one can never be too careful and that even tech-savvy professionals can be taken in by clever deceptions.

Just before Christmas, a criminal sent e-mail holiday cards purportedly from the White House. When the targeted victims clicked on the link provided, a malware virus known as ZueS was downloaded onto their system to steal password and other sensitive information. Along with the virus was a program designed to steal documents from the victim’s computer.

According to Krebs’ post, the criminal may have accessed a large number of highly sensitive documents from the computers of security-related professionals working in government.

A security rule of thumb holds that e-mails from senders you don’t know should be ignored, but this cagey criminal correctly surmised that for some, the flattery of receiving a holiday card from the White House would be too tempting to resist.

New Year, Renewed Vigilance to Online Fraud

As we were browsing Visa’s “Practical Money Skills” recently, we came across this article which reminds us why card security is so important these days, especially at this time of year.

The holiday season and the New Year are a magical time—a time for thinking of others, a time for gathering with friends, and a time for taking stock of all the good things in life. In other words, it’s a perfect time for a fraudster to pounce while our guard is down, especially when shopping online.

The New Year also means renewed vigilance to online fraud. It’s not hard; a few tips are all it takes. We’ve made our list. We’ve checked it twice. Here are Visa’s easy steps to foil fraud online in 2011 and beyond:

Secure is the cure. Learn how to tell if the site you are shopping is secure. Only shop sites that start with “https”. That “s” stands for “secure.” It means your personal data is protected. There are other security clues, too, like a padlock icon next to the address.
Keep it personal. Never send personal or financial information by email or to sites you don’t know and trust.
Inoculate to insulate. Keep anti-virus and anti-spyware software up to date. Never click a pop-up window or follow links in questionable emails. Create strong passwords.
Free, but at a price. Free trials are rarely free. Understand all terms and conditions. Note and understand suspicious pre-checked boxes before you order online.
Keep track. Review receipts before you hit “Submit” and regularly review your statements. Report suspicious or unauthorized charges immediately.
Stay alert. You can sign up for email or text alerts from your bank for transactions that meet certain rules you set such as charges over a certain amount or foreign purchases.

Of course, VisaSecuritySense.com is a great resource to help you beat fraud, online or off. In addition to all the great information you will find here, there are many other great resources out there waiting to help you foil fraud:

Visa’s “Practical Money Skills” website includes numerous tips on security in addition to its great advice on personal finance.
The National Cyber Security Alliance is chock-a-block with tips for fraud-free shopping.
The Federal Trade Commission offers great information about identity theft, privacy and information security.
Better Business Bureau provides an online database of businesses that meet the BBB Code of Business Practices and display the BBB Accredited Business seal.

A new year is a perfect time for reflection and looking forward. To ensure your new year is everything you expect, learn how to beat fraud at every turn.

Have a Holly, Jolly, Fraud-free Holiday

Much has been written lately about holiday fraud. This recent post from Javelin points out some lesser-known facts, separates a few identity-theft myths from reality, and reminds us we must be extra vigilant about fraud during the holiday season.

When shopping on or off-line, buying gifts, and making a charity donation, we can all take precautions to reduce our risk of fraud. An unhappy holiday can be avoided by taking a few simple steps. For starters, you’ll find a lot of great advice right here on VisaSecuritySense. Or, click over to our Visa Viewpoints blog, which focuses frequently on matters of fraud and card security.

The basics are easy. Here are just five top tips for beating fraud and ensuring this holiday season is the best ever:

Make a list. Review every receipt at the store before you sign.
Check it twice. Review statements every month.
Count your blessings and your cards. Report lost credit cards immediately.
Naughty or nice? Don’t get “shoulder surfed” at the ATM. Protect that PIN.
Weather outside frightful? If you’re shopping online, be on-guard. Keep security software up-to-date.

A holly, jolly, fraud-free holiday is easy, if you follow a few simple rules. This holiday season, you can rest assured that whenever you use your Visa there are multiple layers of security standing between you and fraud.

Happy holidays!

Sniffing Out a Charity Scam this Holiday Season

A devastating earthquake. A flash flood. A tender holiday plea to help a child in need. Some stories are almost beyond belief and the human tragedies are equally difficult to comprehend. Others tug at your heartstrings. But, believe it or not, there are scammers out there waiting for opportunities like these to prey on your emotions to get your personal data and steal your well-intentioned donations.

Though lots of charity, emergency relief and holiday giving websites are legitimate, many aren’t, and you need to know how to tell the difference. Even when the website is not a scam, a well-meaning donor must decide which organizations are the most efficient with their money and which are best able to respond meaningfully to the crisis at hand.

The safest and surest way to beat these web scams is to donate only to well known international relief organizations, like the Red Cross and others. However, if you find yourself considering a web donation to an organization you don’t know well, try to find out who is behind the site and carefully gauge their qualifications to solicit money.

If you can’t find out from the site who is running it, chances are that the owner is trying to hide something and it may not be legitimate. Then again, even if you determine the site’s owner, you must ask yourself if your donation is best spent with them, or with another, more qualified organization.

Regardless, all it takes is a little caution and a little research to avoid web scam altogether. To beat web scams this holiday season and beyond, you can check out the many tips available from Better Business Bureau. Another resource to indentify holiday scams this year is US-Cert.gov and the Federal Trade Commission’s Charity Checklist.

Did You Order a Virus?

FedEx is warning about fraudulent e-mails claiming to be FedEx tracking messages. But instead of real shipping information, this attachment carries a nasty computer virus. Be sure to review the information from FedEx to safeguard your personal information this holiday season

Don’t Make a Scammer’s Vish Come True

Like its sibling “phishing,” in which a fraudster uses bogus emails and websites to trick you to enter valuable personal data and credit card numbers, vishing is a new trend that uses phone calls to get such information. In fact, the word “vishing” is a combination of “voice” and “phishing.” Consumer Reports recently raised red flags about vishing—and a new variation via text messaging called “smishing”—in an article on its website.

Vishers use a recorded message system, an email, or sometimes a live person telling you there’s been an attempted fraud on your card and instructing you to call a third number to enter credit card numbers, expiration dates, personal identification numbers (PINs) and more. These calls sound legitimate, but beware: fraudsters can easily trick your callerID to display a number that appears to be from Visa, Inc. Before you know it your data, and soon your money, are gone.

Don’t make a scammer’s vish come true. Learn how vishing works and what to do any time a caller asks you for personal data such as social security numbers, dates of birth, credit card numbers, and more. Never give personal information to someone who calls you. Visa will never ask for your personal information, though we may call you to report suspicious activity on your account. Get an incident number, and then call back the number on your credit card, not the number the caller gives you. A few simple rules are all you need to beat vishing.

If you have received a call you believe to be vishing, please email Visa describing your experience at phishing@visa.com. We appreciate your input sincerely. Due to the high volume of emails, Visa is unable to respond to each message individually. We do, however, investigate each claim fully to shut down fraud at the source. The Federal Trade Commission likewise provides information and a fraud-reporting form on the web at FTC.gov/phonefraud.

How to Deconstruct a Social Engineering Scam

Let’s say you are a fraudster who wants to illegally access someone’s bank account or credit card, which do you think is easier: trying to guess the password, or getting the owner to tell it to you? The answer, surprisingly, is the latter. Winning someone’s confidence and getting them to freely tell their private information is a scam known as “social engineering” by those who practice it. And it works all too well.

Social engineering is a con, an elaborate lie in which the scammer pretends to be someone they are not to earn trust and get valuable personal information over the phone or via email. Of all the types of electronic fraud, social engineering is, perhaps, the most difficult to discern. Anyone can be a victim; in fact, there is a social engineering technique known as “whaling”—a play on “phishing”—that targets high-level corporate executives. Even CEOs have been victims—the bigger the better. Other scammers have been known to pretend to be bank or Visa employees to glean information from unwitting customers.

Regardless of the ruse, the safest, surest way to beat social engineering is to never, under any circumstances divulge personal information over the phone or, especially, via email. Also, understand that no employee of Visa or your financial institution would ever contact you and ask for such information.

Bottom line: protect your information as if it were worth more than gold … because it is.

Protect Yourself From Online Tactics

Tired of being charged for things you didn’t think you signed up for? A tactic known as a “negative option” is sneaking into more and more online transactions.

In case you didn’t know, negative options occur when you accept an online offer, often for a free trial or product, after which you will be billed for a recurring monthly charge. Some merchants may hide these offers and charges in the fine print. Without a careful eye, you may sign up for a monthly subscription when you really thought you were getting only a free trial or a free product.

Visa, along with partners such as the Federal Trade Commission (FTC) and Better Business Bureau (BBB), have created some simple tips to help you spot deceptive free trial offers and how to deal with unauthorized charges.

In addition to helping you arm yourself against this practice, Visa is trying to help combat the problem on our end. We carefully monitor our payment network to identify excessive levels of reported cardholder disputes, which may signal the use of deceptive marketing practices. When we spot a problem, we require that a merchant’s bank work with the merchant to correct the problem and reduce excessive consumer disputes, or risk termination of Visa acceptance privileges. Learn more about negative options, how you can protect yourself and what we’re doing to help at www.visa.com/negativeoption.

How Not to Get Speared by Phishing

These days, almost everyone communicates with their banks, credit card companies, and other financial institutions via email. This makes the potential for electronic scamming—also known as phishing—more likely. Most phishing is random. Scammers send out emails from a given bank or financial institution to a large group assuming that at least a few of the recipients will be customers of that particular bank and will respond.

As the public’s knowledge of phishing has become more sophisticated, so have phishers’ techniques. They are targeting emails and getting more clever, aiming for smaller groups or, even better, at single users. It is their precision that makes these emails so deceptive, and so successful. With a new technique, known as “spear phishing,” the scammers try to determine which bank or credit card company you use before sending their bogus emails. This targeting—or “spearing”—increases the apparent legitimacy of the request, and makes the phishing a little harder to spot by the consumer.

You can beat spear phishing, however. The first rule of electronic communication is that no legitimate bank or financial institution would ever ask you to “verify” your personal information via email. If you receive a communication from your bank or financial institution that you are unsure about, you can always call the phone number on the back of your card for more information.

If you receive an email you believe to be phishing, please let Visa know by forwarding it to phishing@visa.com. We appreciate your input sincerely. Due to the high volume of emails we receive, Visa cannot respond to each message individually. We do, however, fully investigate each claim to stop fraud at the source. The Anti-Phishing Working Group (APWG) also provides information on phishing at www.anti-phishing.org.

The National Cyber Security Alliance is another great source for tips to beat phishing. You can find them online at www.staysafeonline.org.

Curbing the “Data Pass” Tactic

U.S. Senator John D. Rockefeller, IV (D-WV), recently investigated an aggressive marketing practice known as “data pass.” Here’s how it works: you check out as you usually do from a familiar retailer, but then receive an offer for a discount or reward. These offers sometimes come from a different merchant that may make an additional monthly charge that is not adequately disclosed.

Visa agrees with Senator Rockefeller that such undisclosed marketing practices should be stopped. We value our customers and their confidence in the products we provide. We think deceptive marketing practices degrade the efficiency, reliability and security of electronic payments; at the end of the day, assuring your card confidence is our top priority.

To address this issue, we require Web merchants to prompt consumers to re-enter their card information in order to accept a subsequent offer from a third-party merchant. This reentering of information works to provide a clear signal to cardholders that a second purchase is occurring. While we’re doing our part, we also hope you’ll learn [http://corporate.visa.com/media-center/press-releases/press1011.jsp] more tips on how to protect yourself when shopping online.