Fraud Alerts & Scams

Current Alerts

In addition to the helpful tips posted on this site to educate and protect members against scams and fraudulent activities, SCCU will also periodically add special alerts and warnings regarding current scams.

If you are unsure about any type of request for financial information, please contact SCCU directly to confirm the message's validity before sending money or releasing any information.

Recent Warnings and Alerts Include:

April 12, 2024 - Unsecured Security app

In this week’s scam, cybercriminals are spreading malware by using a fake security app. They send you a text message that says a large financial transaction has just occurred using your bank account. It instructs you to call a phone number if you have not authorized the transaction. Of course, the transaction never occurred, and the cybercriminals are trying to scare you into acting impulsively.

If you dial the number, you’ll be connected to a cybercriminal who will instruct you to download a security app. The app is disguised as an official McAfee Security product and is designed to take control of your device. If you install it, cybercriminals will use it to steal your data, and they will have complete control of your phone. Once they have control of your phone, they can install other malware and access your personal information.

Follow these tips to avoid falling victim to a fake app scam:

• Only download apps from an official source, such as the Google Play Store or the Apple Store. Apps available on official platforms are tested for security and are far less likely to be malicious.
• If you receive an unexpected text message regarding a large transaction, contact your bank directly using the information provided on their official website. Do not communicate using the information provided in the text message.

Always stop and think before taking action. Scammers use scare tactics to create a sense of urgency to get you to act without thinking.

March 22, 2024 - Grandparent Scams Surge During Spring Break

With spring break upon us, it's crucial to stay vigilant against grandparent scams.

What is a grandparent scam?

In a typical grandparent scam, fraudsters exploit the trust and love between grandparents and their grandchildren. They often pose as a grandchild or other family member in distress, claiming to be stranded in a foreign location or facing legal troubles. In some scenarios, the fraudster will pose as a third party attempting to help their grandchild get out of a sticky situation. The scammer then urgently requests money to resolve the supposed emergency, often insisting that the situation be kept secret.

???? Watch out for these red flags:
1?? Urgent requests for money
2?? Requests for secrecy
3?? Unknown requestors claiming emergencies

? Tips to protect yourself:
1?? Verify the caller's identity independently
2?? Don't rush to send money
3?? Know your loved ones' usual habits

March 8, 2024 - Tax Attacks

Millions of people around the world are paying their taxes this time of year, and cybercriminals are hoping to get paid, too. In this week’s scam, they’re taking advantage of tax season by trying to trick you into opening an email and downloading a malicious PDF attachment. The email they send looks like a government form and includes a link to download the PDF attachment. The scammers even include helpful instructions for pasting the web page URL into your browser in case the link isn’t working.

Clicking the link will redirect you to a fake webpage and initiate a file download. Malware is installed on your computer once the file downloads. Remember, cybercriminals don’t only want your money—they also want your data! And they can use this malware to steal your user credentials and other personal data.

Follow these tips to avoid falling victim to a tax scam:

• The latest software versions for devices often contain security updates. Make sure that your devices are running the latest software updates recommended by your IT team.
• Follow your organization’s instructions for reporting any suspicious emails that you receive. Quickly reporting suspicious emails can help keep your organization safe!

Be skeptical of unsolicited emails from the government or other financial entities. Always double-check with the organization that sent the form if you have doubts about its authenticity.

March 1, 2024 - This fake app takes the cake

This recent scam is impressively complex. The cybercriminals start by impersonating law enforcement officers. They contact you, claiming that your bank account may have been involved in financial fraud. You’re then asked to download a mobile app to help them investigate further. If you download the app, the cybercriminal walks you through the steps to set this scam in motion.

First, you are given a case number. When you search for that number in the app, you’ll find legal-looking documents with your name on them. These documents make the scam feel more legitimate. Once your guard is down, the app asks you to select your bank from a list and then enter your account number and other personal information.

The most clever part of this scam is what the app does in the background. When you first install the app, it blocks all incoming calls and text messages. That way, you won’t be alerted if your bank attempts to contact you about unusual behavior on your account. If all goes as planned, the cybercriminals will steal your money and sensitive information before you know what happened.

No matter how advanced the app is, you can stay safe from scams like this by following the tips below.

• Only download apps from trusted publishers. Anyone can publish an app on official app stores or sites—including cybercriminals.
• Be cautious of scare tactics that play with your emotions. Cyberattacks are designed to catch you off guard and trigger you to reveal sensitive information.

If you’re contacted by someone claiming to be in a position of authority, like law enforcement, ask them to confirm their identity. Real officials will understand your concerns and can provide information that doesn’t require you to download an app.

February 23, 2024 - Remote Desktop robbery

In this recent scam, cybercriminals are trying to trick you into downloading software that they can use to access your computer. They start by sending you a fake email that appears to come from your bank. The email says that there is an issue with your account and that their team needs to investigate. Of course, there isn’t actually an issue, but the scammer offers to help you fix it.

Scammers often use fake emails to trick you into downloading malicious files. But in this scam, they have you download legitimate remote desktop software that is normally used by IT professionals to assist you. In this case, even though the software you downloaded is legitimate, the person who is asking you to install it is a scammer. If you allow them to access your desktop, they have full control of your computer. Then they can request passwords or other login information from you to gain access to your financial accounts and data.

Follow these tips to avoid falling victim to a remote desktop scam:

• Be suspicious of any unexpected emails claiming that there is an issue with your account. If you have reason to believe the request is genuine, contact your bank using a verified number or email address.
• Never give control of your computer to someone who contacts you, even if they claim to be from your bank or tech support.

Never share passwords or login information with anyone. This data is personal, and your bank will never ask you for it.

February 2, 2024 - I cant believe my credentials are gone

This Facebook phishing scam starts with a post from a friend that says, “I can’t believe he is gone. I’m gonna miss him so much.” The post contains a link to a news article or video, but when you click the link, you are taken to a web page that prompts you to log in to Facebook. If you enter your information, you are taken to an unrelated page. No news article exists, but scammers have just stolen your Facebook credentials using a phishing attack.

Scammers use compromised Facebook accounts to post these “I can’t believe he is gone” phishing links. The posts appear to come from your friends and family, which makes this phishing attack very convincing. If you fall for their tricks, scammers can then use your Facebook account to post the same message to your friends and family.

Follow these tips to avoid falling victim to a Facebook phishing attack:

• When possible, use multi-factor authentication (MFA) as an added layer of security for your accounts. The MFA will prompt you to provide additional verification before logging in, making it more difficult for scammers to compromise your account.
• A post from a friend may seem trustworthy, but their account could be compromised. Reach out to your friend over the phone or text to verify that their post was legitimate.

Remember, this type of phishing attack isn’t exclusive to Facebook. Scammers could use this type of attack on any social media platform.

January 12, 2024 - Easy Income is an easy scam

Countless people around the world are experiencing economic strain. It’s no surprise that cybercriminals are ready to take advantage of this situation. In fact, they’re using a unique social engineering tactic to gain your trust and steal your money.

In a recent scam, cybercriminals claim you can earn cash by simply liking YouTube videos. To convince you that the job is legitimate, they send you a few dollars after your first day of “work.” Later, you’ll be offered an opportunity to join an exclusive list of VIPs who make even more money. Of course, you’ll have to invest to become a VIP. How much? Up to $1,000. Once paid, you can expect the cybercriminals to take the money and run.

Follow these tips to stay safe from similar scams:

• Be cautious of offers that seem too good to be true. Cybercriminals will use unrealistic offers to lure you into their scams.
• This attack exploits the excitement and hope of earning easy money. Don’t let cybercriminals play with your emotions.

Legitimate businesses will never ask you to pay money to get a job. Anyone who asks you to do so is trying to scam you.

January 5, 2024 - Early tax reminder from the IRS 

The US Internal Revenue Service (IRS) recently held the eighth annual Security Summit. The IRS concluded the summit with a reminder to stay alert during the upcoming tax season. Specifically, they warned taxpayers and tax professionals to watch for phishing and smishing scams.

Tax scams aren’t specific to the US. Around the world, cybercriminals are readying their phishing emails and text messages (smishing). Handling your taxes is often a difficult task. So, bad actors use this sensitive topic to catch your attention or manipulate your emotions.

Follow the tips below to stay safe during tax season:

• Know what to expect from your local revenue agency. For example, in the US, the IRS typically contacts taxpayers by mail, not email or text.
• Always think before you click. Cyberattacks are designed to catch you off guard and trick you into clicking impulsively.

Use extra caution when handling tax documents. For digital documents, use password protection. For physical documents, keep paperwork in a secure location and shred anything that is no longer needed.

December 20, 2023 - USPS Scam During holiday season 

Many people are using the mail to send gifts to loved ones during the holidays. Michigan Attorney General Dana Nessel is warning residents about fraudulent smishing text messages purporting to be from the United States Postal Service (USPS) this holiday season.

“Hundreds of millions of packages are shipped each holiday season, and bad actors see that as a prime opportunity to scam you out of your hard-earned money,” said Nessel. “It is critically important for people to recognize a scam like this and avoid giving out their personal information. Clicking on fraudulent links can lead to identity theft, the installation of malware on your device, or it could lead to your contact information being sold to other bad actors who are also looking to take advantage of unsuspecting victims.”

Smishing is when the scammer sends a text message purporting to be from a trusted entity, and then entices the victim by claiming they must provide them with a password, account number, debit card, or even social security number. Oftentimes, the USPS smishing scam alerts the victim to an alleged delayed package, and then requires a purchase for updates.

In response, Nessel wants to remind residents of ways to protect their phone numbers and information:

• Don't share your phone number unless you know the person or organization well.
• Don't assume a text is legitimate because it comes from a familiar phone number or area code. Spammers use caller ID Spoofing to make it appear the text is from a trusted or local source.
• Don't provide personal or financial information in response to the unsolicited text or at a website linked to the message.
• Don't click on links in a suspicious text; they could install malware on your device or take you to a site that does the same.
• Don't reply, even if the message says you can "text STOP" to avoid more messages. A response tells the scammer or spammer your number is active and can be sold to other bad actors.
• Never follow a text's instructions to push a designated key to opt out of future messages.

This smishing scam is common and may look like the photo to the right. In addition to the sender’s email coming from a public domain instead of the organization's domain, the suggested link does not match the public facing website for the USPS and there are typos throughout.

December 8, 2023 - Post-Shopping scams

Have you finished your holiday shopping yet? Because cybercriminals are just getting started. There are thousands of shopping-themed scams this time of year, but those scams don’t end when your cart is empty. Cybercriminals continue to target shoppers with urgent phishing emails about their recent purchases.

Two common post-shopping scams are fake shipping delays and unexpected purchase confirmations. Typically, these scams include a sense of urgency designed to catch you off guard in the hopes that you will click impulsively. You may be directed to click a link for tracking information or download a receipt for an expensive order that you did not place. These emails can be alarming, but if you take your time, they are easy to catch.

Use the tips below to spot post-shopping scams:

• If you are expecting a package and receive a related email, look for details such as the order number, purchase date, and payment method.
• If you receive a notice from a retailer, don’t click any links in the email. Instead, use your browser to navigate directly to the retailer’s official website and look up your order there.

Remember to stop and look for red flags. For example, see if the email was sent outside of business hours or lists prices in a currency that you don’t typically use.

December 1, 2023 - A New Spin on Callback Phishing

Earlier this month, the United States Federal Bureau of Investigation (FBI) released an official advisory about the rise of callback phishing attacks. Callback phishing is when a phishing email directs you to call a number instead of clicking on a link. Typically, if you call the number in a callback phishing email, the cybercriminal will try to trick you into providing sensitive information. The FBI’s recent advisory outlined a new and more dangerous tactic.

In this scam, cybercriminals send an email claiming that you have a pending charge on one of your accounts. If you call the number provided, the cybercriminal will guide you on how to connect with them through a legitimate system management tool. System management tools are often used by IT departments to remotely connect and control your device. Once the legitimate software has been installed, cybercriminals can use it to sneak ransomware onto your device. With ransomware installed, sensitive information can be stolen and used to extort you or your organization.

Stay safe from similar scams by following the tips below:

• Be suspicious of emails that contain a sense of urgency. Cybercriminals use a sense of urgency as an attempt to catch you off guard and get you to click or act impulsively.
• Consider the context, timing, grammar, and other details of the email or call. For example, does your bank usually ask you to call in?

Avoid calling phone numbers provided in emails. Instead, navigate to an official website to find the best contact number.

March 31, 2023 - Dont fall for employment scams

Job-related scams are not new, but they are on the rise. Con artists are taking advantage of people who lost work during the pandemic. And those who are looking for work-from-home positions.  

Signs of an employment scam

Most job searchers go online and post their resume on job search sites or social media apps. Unfortunately, both legitimate employers and scammers also post job openings on these platforms. Watch for some of these red flags:

• You receive an unsolicited request for an immediate interview. 
• Poor spelling or grammar in a job offer email.
• The email comes from a personal email account rather than a business account. 
• The interview is conducted only online through video chats.
• Offers a salary that is higher than normal for that position.
• There are up-front money requests for things like start-up equipment or background checks.
• A job is offered without verifying work experience or asking for references.  

Variations of the employment scam 

1. When you are asked to pay up-front, you are promised reimbursement with your first paycheck. The scammers now have your money and possibly bank information. You will not receive a paycheck. 
2. They send you a check to cover start-up costs. You are asked to deposit the check and send money to their IT/equipment partner to cover these costs. The check is fake. It will sit in your account long enough for you to send the money. You will be notified that it was a fraudulent check. You are responsible for repaying the bank.  See Michigan Attorney General Counterfeit Check Scams.
3. You are hired to reship items sent to your home. You must inspect, repackage, and ship them to another location. You never receive payment for your work. When you confront them, they claim they are having issues with their payroll. Or they may claim the packages you sent were never received. They then take those costs out of your “paycheck.” You soon will be unable to communicate with them.
4. Some scammers create their own employee onboarding portals. You may be asked to log in and electronically enter your contact information. They may also request tax and direct deposit forms. You have unknowingly given your personal and financial information to the con artist.

Protect yourself

• Be suspicious of unsolicited emails. Especially if they come from unfamiliar sources. 
• Check that the email address comes from the company’s domain. It should not come from a personal or unaffiliated email.   
• Do an online search for that company using their name or the sender’s name.  Include the words “scam,” “review,” or “complaint.”
• Contact the company directly with the contact information you confirmed is theirs. 
• Check out the company on the Better Business Bureau's website. 
• Beware of a company that refuses to send written information or provide a physical street address before you commit to taking a job.
• Beware of any company that sends you a check and asks you to advance money out of your own bank account.
• Contact the Michigan Department of Attorney General, Consumer Protection Division, at 877-765-8388 to see if there have been any complaints filed against this company.

When searching online for a job

 Use safe and reliable sources, including:

• USAJobs.gov — is the federal government’s official site with job openings nationwide.
• CareerOneStop — is sponsored by the U.S. Department of Labor, CareerOneStop lists hundreds of thousands of jobs. It also links to employment and training programs in each state.
• USA.gov — hosts local government websites, which list any open positions they may have on their websites.
• Job Seekers – provides information about job opportunities in Michigan.
• SOM Job Openings – lists open positions with the State of Michigan. 

For more information, visit the Michigan Department of Attorney General's website for frequent alerts on various scams.

March 24, 2023 - That Last-minute spring break deal might just be a scam

Just like the groundhog says, winter isn't going away anytime soon. That fact has many of us looking for a warm getaway this spring, but beware. Scammers could be lurking on the other end of that sweetheart spring break deal.

How It Works

• You stumble onto a travel booking site that offers exclusive vacation deals, often for far below market value.
• You find a posting for a luxurious vacation rental listing at a lower-than-expected price.
• Your rental car search lands you on what appears to be the jackpot—a site offering great prices.
• You're using a popular vacation rental app, and the host asks you to pay upfront and through a means that is off the platform.

What You Should Know

• Scammers create bogus travel sites that often appear high up in search rankings because they've bought paid promotions. These sites often use the same language, colors, and logos as legitimate sites.
• Criminals create fake vacation rental listings that are often stolen from real listings and then altered. An unusually low price could indicate that a listing is not legitimate.
• Shady rental car sites may look like those of real companies, but the deals are fake. The thieves who set them up will simply take your money and then disappear.
• A host who asks you to pay for your rental home outside of the app is not someone you want to do business with.

What You Should Do

• Be skeptical of any pitch that offers steep discounts on travel and accommodations.
• Vet travel reservation sites before you book. Conduct a web search on the company name (along with the word "scam," "complaint," or "review") to read about other people's experiences.
• Pay for travel reservations and bookings with a credit card, which offers greater protection than other forms of payment.
• When renting a car online, type in the web address instead of using a search engine. This will reduce the chance of accidentally landing on a look-alike site.
• When using a vacation rental app, be suspicious if the host wants you to pay off-platform. For example, Airbnb only allows this for certain fees (such as local taxes), and Vrbo states that payments outside its checkout form are not eligible for its "Book with Confidence" guarantee.

March 10, 2023 - Hotel Phone Scammers

You arrive at your hotel and check-in at the front desk. Typically when checking in, you give the front desk your credit card (for any charges to your room). You go to your room and settle in. All is good. The hotel receives a call, and the caller asks for (as an example) room 620 - which happens to be yours. The phone rings in your room. You answer, and the person on the other end says the following: 'This is the front desk. When checking in, we encountered a problem with your charge card info. Please re-read your credit card number and verify the last three digits numbers at the reverse side of your charge card. Not thinking anything wrong, since the call seems to come from the front desk, you oblige.

But actually, it is a scam by someone calling from outside the hotel.

They have asked for a random room number, then asked you for your credit card and address info. They sound so professional that you think you are talking to the front desk.

If you ever encounter this scenario on your travels, tell the caller you will be at the front desk to clear up any problems. Then, go to the front desk or call directly and ask if there is a problem.

If there was none, inform the hotel manager that someone tried to scam you of your credit card information, acting like a front desk employee.

ANYONE traveling, please be aware!

FEBRUARY 24, 2023 -  Cybercriminals: Spear Phishing

Reddit, a popular online community, was the latest victim of a spear phishing attack. Spear phishing is a targeted email attack that looks like it’s from a trusted source, but it’s actually from cybercriminals in disguise.

In this recent attack, a cybercriminal set up a fake website designed to steal login credentials. Then, the cybercriminal sent phishing emails to Reddit employees. The emails prompted employees to visit the fake website and enter their credentials. Through this attack, the cybercriminal was able to access sensitive information from Reddit and steal internal company data.

Follow the tips below to stay safe from similar scams:

• Make sure that the sender is actually who they say they are. If the sender claims to be someone you know, reach out to them in person or by phone to verify.
• Remember that spear phishing attacks can happen to anyone. Think before you click, and never click a link in an email that you aren’t expecting.

Be careful with the information you share about yourself online. Cybercriminals can use this information to target you in phishing attacks.

February 17, 2023 - Top Lies Told by Romance Scammers

New data released by the Federal Trade Commission sheds new light on the lies that romance scammers use to take advantage of people—lies that reports to the FTC show cost nearly 70,000 consumers $1.3 billion in 2022.

Using data from the FTC’s Consumer Sentinel Network, the new data spotlight breaks down the most common lies that consumers reported being told when they were contacted by romance scammers last year.

Topping the list was scammers telling consumers that they needed money because a friend or relative was sick, hurt, or in jail – a lie consumers reported hearing in nearly a quarter of reports. The next most commonly reported lie was that the scammer had great investment advice to share with their newfound romantic interest, followed closely by the lie that the scammer was in the military or that they needed help making some sort of important delivery.

The data spotlight also highlights a growing tactic used by romance scammers: sextortion, when a romance scammer convinces a consumer to share explicit photos and then threatens to share those photos with the consumer’s social media contacts. The spotlight notes these reports have increased more than eightfold in the past three years, with consumers ages 18-29 six times more likely than older consumers to report this form of romance scam.

According to the spotlight, consumers most often report being contacted by romance scammers via social media, though they often push to move to other messaging apps. Consumers also reported losing more money by sending cryptocurrency than any other method.

The Federal Trade Commission works to promote competition and protect and educate consumers. Learn more about consumer topics at consumer.ftc.gov, or report fraud, scams, and bad business practices at ReportFraud.ftc.gov.

February 10, 2023 - Watch out for scams this tax season

In most countries, it’s cybercriminals' favorite time of the year: tax season. Taxes are a sensitive topic that can easily be used to catch your attention or manipulate your emotions. Over the next few months, cybercriminals will likely mention taxes in phishing attacks and disinformation campaigns.

Tax season is also a vulnerable time for your sensitive information. Tax documents from employers, banks, and other organizations typically include personally identifiable information. If cybercriminals get their hands on this information, they can use it to steal your identity, your money, and more.

Follow the tips below to stay safe during tax season:

• Always think before you click. Cyberattacks are designed to catch you off guard and trick you into clicking impulsively.
• Use extra caution when handling tax documents. For digital documents, use password protection. For physical documents, keep paperwork in a secure location and shred anything that is no longer needed.

Be suspicious of emails, text messages, and social media posts that contain shocking information about taxes in your country. These messages could be disinformation, which is false information designed to mislead you.

February 2, 2023 - Beware of Valentines day romance scams

LANSING – Michigan Attorney General Dana Nessel wants Michiganders to protect their hearts and wallets as we approach Valentine’s Day.

“Dating services – particularly online – can lead to more than romantic encounters,” said Nessel. “These services, as well as shopping for Valentine’s Day gifts, come with risks that bad actors will look to exploit. It’s important to know how to protect yourself so looking for romance doesn’t lead to financial ruin.”

To ensure consumers protect themselves, Nessel is reissuing her Romance Scams: Stay Safe and Avoid Financial Heartache Consumer Alert.

To protect yourself, Nessel recommends the following:

• Never give someone you haven’t met money. Scammers are savvy and play on your emotions to get the information they need to carry out their scam or get your money. The Federal Bureau of Investigation reports that in the United States, romance scams account for the highest financial losses of all internet-facilitated crimes.
• Be cautious with your personal information, including your financial information, contact information, and photographs of yourself.
• Never agree to meet for the first time in a private setting. Insist on a public place where there are sure to be other people around and tell a member of your family or a friend where you will be and when you will contact them again after the meeting. Arrange your own transportation to and from the meeting and have a working mobile phone with you, if possible, with a pre-programmed, one-touch emergency number. Make sure to leave all available information about the person you will be meeting with your contact.
• Conduct an online reverse image search to see where else the person’s image appears and whether it has been altered before you swipe right or pursue a relationship based on an online profile image. Watch this video to learn how to do that.
• Be suspicious if the other person refuses to talk on the phone or do a video call before you meet in person.
• If you’re signing up for an online dating service, read your contract (terms of the agreement) carefully before signing it – including all “fine print” – so you know exactly what you’re buying. Some contracts make it easy for the dating service to avoid responsibility but difficult for consumers to get their money back.

January 6, 2023 - Real Facebook, Fake Facebook support

Facebook pages are typically used by organizations and public figures to connect with their community. Anyone can make a Facebook page, even cybercriminals. Using social media, cybercriminals spoof brands and organizations to trick people into trusting them. In this recent scam, cybercriminals use real Facebook pages to impersonate Facebook itself.

The scam starts with a fake email that looks like it’s from Facebook. The email states that your account has been deactivated and will be deleted in 48 hours unless you click a link. If you click the link, you’re taken to a real Facebook post from a page named “Page Support” that uses the Facebook logo. The post directs you to click another suspicious link that takes you to a fake login page. If you enter your login credentials, you’ll give cybercriminals access to your Facebook profile and the ability to scam your friends and family.

Don’t be fooled! Follow the tips below to stay safe from similar scams:

• Watch out for a sense of urgency in emails. Phishing attacks rely on impulsive actions, so always think before you click.
• Remember that this type of attack isn’t exclusive to Facebook. Cybercriminals could use this technique on any other social media platform.

If you receive an urgent notification, verify that it's legitimate. Navigate directly to the organization's website or official app to view details.

December 30, 2022 - Smishing is 50% off!

Have you ever received text messages about special discounts or promotions for a service you use? Many legitimate organizations send promotional text messages to their customers. Unfortunately, cybercriminals are sending text messages with fake promotions to try to manipulate you.

In a recent smishing (SMS phishing) scam, cybercriminals send you a text message offering a discount that's only available for a limited time. The text message claims that the discount is for a common expense such as gas, an electricity bill, or even a car insurance policy. To claim your discount, the text message states that you need to click a link and enter sensitive information, including your bank account information. If you click the link and enter this information, cybercriminals can use it to access your bank account and steal your money.

Follow the tips below to stay safe from similar smishing scams:

• Think before you interact with a text message. Did you sign up for text messages from the organization? Is the text message similar to other text messages you’ve received from the organization?
• If an offer sounds too good to be true, it probably is. Verify any offers of discounts or promotions by contacting the organization directly.

Never tap on a link in a text message that you aren’t expecting. Instead, open your internet browser and navigate to the organization’s official website.

December 16, 2022 - Tik tok filter scams

The social media app TikTok is popular for its creative audio and visual filters. TikTok adds and removes filters frequently, so some users may look for ways to access filters that haven't been added. Now, cybercriminals are taking advantage of the demand for new filters to manipulate you into downloading malware.

In a recent scam, cybercriminals share malicious links across TikTok and other platforms. They claim that these links will download filters that haven't been added to the app. If you click the link and download the file, it may contain the filter you’re expecting. However, it may also contain malware that cybercriminals can use to monitor your device and steal your sensitive information, such as your login credentials.

Follow the tips below to stay safe from similar scams:

• Always think before you click. This type of cyberattack is designed to trigger you to click impulsively by offering exclusive content.
• Never download files from an unverified source. Files that install and run as expected could still contain malware without you knowing.

Enable multi-factor authentication (MFA) on your accounts when it is available. MFA adds a layer of security by requiring that you provide additional verification to log in to your account.

November 11, 2022- Zelle scams INCORPORATE utility bill payments.

There are numerous reports of scammers calling, emailing, and/or texting individuals claiming to be from their utility company – using look-alike phone numbers. The scammer states that they did not receive payment for their utility bill and their service will be turned off. However, if they “Zelle” funds to the company immediately, their services will continue. Faced with the urgency of service disconnection from utility companies (e.g., electricity, water, etc.), the individuals agree to make the Zelle payment before thinking of the potential ramifications. In some cases, the fraudster’s even have Spanish-speaking “utility employees” to assist those that do not speak English.

The use of Zelle and other P2P services has increased in the last several years. The delinquent utility bill scam is different than the traditional Zelle scam, where the fraudsters initiate the Zelle transfers after successfully resetting members’ online banking passwords. A group of U.S. Senators are pushing the CFPB to use its rulemaking authority under Reg E and the Electronic Fund Transfer Act (EFTA) to provide more protection to consumers victimized in Zelle-related scams. Reg E provides protection to consumers for “unauthorized EFTs” but not when they’re scammed into initiating the Zelle transfers themselves, with the exception of a “token error” that occurs in the new version of the Zelle / P2P scam (referred to as the “Zelle yourself scam”). 

• Only use Zelle to send funds to friends and family members
• Do not send money to someone you do not know
• Do not provide your login credentials or one-time passcode to anyone

Victims of P2P fraud should report it to the FBI IC3.gov or call their fraud hotline at 833-FRAUD-11.

October 21, 2022 - Beware of scammers taking advantage of THE Federal student loan debt forgiveness program

Michigan Attorney General Dana Nessel is reminding Michiganders to be on the lookout for scammers now that the U.S. Department of Education has made available the application for student loan debt relief announced by the Biden Administration.

Here are the highlights of the announced loan debt relief:

1. The current student loan repayment pause has been extended a final time until December 31, 2022, with payments resuming in January 2023.
2. The U.S. Department of Education will provide up to $20,000 in debt cancellation to Pell Grant recipients with loans held by the Department of Education and up to $10,000 in debt cancellation to non-Pell Grant recipients. Borrowers are eligible for this relief if their individual income is less than $125,000 or $250,000 for households. The application for relief is available here.
3. The previously announced limited Public Service Loan Program (PSLF) waiver is still in effect until October 31, 2022. The Public Service Loan Forgiveness (PSLF) program forgives the remaining balance on your federal student loans after 120 payments working full-time for federal, state, Tribal, or local government; military; or a qualifying non-profit. The limited PSLF waiver allows borrowers to receive credit for past periods of repayment that would otherwise not qualify for PSLF. For more information on eligibility and requirements, go to the public service loan forgiveness website.

AG Nessel encourages residents to follow these tips to avoid scams seeking to take advantage of borrowers' eagerness to obtain debt relief.

1. For more information about this relief, visit the Federal Student Aid website and/or their loan servicer. Do not provide your personal or financial information in response to unsolicited emails, phone calls, or texts either purportedly from the federal government or a company claiming to be able to assist you with obtaining the announced relief.
2. Don't agree to pay anyone for assistance in obtaining this relief.
3. Don't be rushed. To get you to act fast, scammers say you could miss qualifying for repayment plans, loan consolidation, or loan forgiveness programs if you don't sign up right away. Take your time and check it out.
4. Don't give away your FSA ID. Some scammers claim they need your FSA ID to help you, but don't share your FSA ID with anyone. Dishonest people could use that information to get into your account and steal your identity.

The opportunity for debt forgiveness is also an opportunity for scammers to try and gain access to your personal and financial information, said Nessel. It is important to remember that the federal government will not proactively email or text you to take advantage of this program. Residents should rely on legitimate sources for information and not fall for messages that create a sense of urgency or demand financial information.

Those who wish to make a report about potential scams can do so with the Attorney General's Consumer Protection team by filing a complaint online or by calling 877-765-8388.

September 2, 2022 - Callback phishing scams

While making a phone call may seem harmless, you should always consider who's on the other end of the line. Cybercriminals can use callback phishing scams to trick you into calling them directly. Once you’re on the phone, cybercriminals will ask you to share sensitive information or grant them access to your device.

In one scam, cybercriminals send you an email that says you’ve subscribed to a service with automatic payments. The email also includes a phone number that you can call if you have any questions. When you call the phone number, the ccybercriminals will ask for remote access to your desktop so that they can cancel the subscription for you.

If you grant remote access, the cybercriminals will attempt to change your permissions so they can access your desktop later. Then, they can use ransomware to lock you out of your desktop and threaten to release your personal information unless you meet their demands.

Don’t fall for these types of scams! Follow the tips below to stay safe:

• Cybercriminals often use fake invoices to trick you into clicking or calling impulsively. Always think before you take action!
• Never call a phone number provided in a suspicious email. Instead, visit the organization’s official website from your browser to find their contact information.

Never grant remote desktop access to any unverified agents or organizations. In most cases, legitimate support representatives will be able to solve your problem over the phone or via email.

August 26, 2022 - Sweepstakes and lottery scams 

Who wouldn’t want to win thousands or even millions of dollars or the chance to go on a luxury vacation? There are many legitimate sweepstakes and contests out there, and the idea of winning some fabulous prize can be mighty alluring. Con artists get that, and they exploit your eagerness to score that big check or dream trip.

 In 2021, the Federal Trade Commission (FTC) received more than 148,000 reports of fraud involving prizes, sweepstakes, and lotteries, up 27 percent from the year before. Victims collectively lost $255 million. 

The initial contact in a sweepstakes scam is often a call, an email, a social media notification, or a piece of direct mail offering congratulations for winning some big contest. But there’s a catch: You’ll be asked to pay a fee, taxes, or customs duties to claim your prize. The scammers may request bank account information, urge you to send money via a wire transfer, or suggest you purchase gift cards and give them the card numbers. 

Once they ensnare someone, they'll keep coming back, staying in contact for months or even years, promising the big prize is only one more payment away and often enlisting victims as unwitting "money mules" to transfer funds stolen from others. If you stop paying or cut off contact, they may threaten to harm you or a loved one or to report you to authorities, according to the U.S. Embassy in Jamaica, the country of origin for many lottery cons. 

Warning Signs

• You get a call or an online solicitation claiming you've won a prize in a sweepstakes you don't recall entering or haven't heard of before.
• You're told you need to make an upfront payment to collect the prize.
• Someone calls you and says they have a winning lottery ticket but need help paying a fee to collect on it. According to the North American Association of State and Provincial Lotteries, “Once a ticket is bought, no money is EVER required to claim a prize.”

The Do's and Dont's

• Do look carefully at the envelopes of purported sweepstakes mailers. If your entry form or congratulations letter was sent bulk rate, it means a lot of other people got the same mailing. 
• Do hang up on cold calls claiming to be from well-known contests like the Mega Millions lottery or Publishers Clearing House (PCH) sweepstakes. They will not call you out of the blue to tell you you've won.
• Do read the fine print on a contest form and make sure it isn’t missing legally required info such as the start and end dates of the contest, the methods of entry, descriptions of prizes, and various legal disclaimers. 
• Do carefully check for your odds of winning, and be especially leery of contests that don't disclose it.
• Do beware of your own eagerness. 
• Don’t ever pay a fee to claim a prize you’ve supposedly won or to improve your chances of winning. 
• Don’t wire money to or share gift card numbers with someone claiming to represent a contest or lottery. “Both payment methods are a sure sign of a scam,” the FTC warns. 
• Don't provide personal or financial info to anyone who contacts you about a lottery prize.
• Don’t deposit supposed winnings that come in the form of a partial-payment check, accompanied by instructions to return a portion to the contest sponsors. The check will bounce, and you’ll likely have to repay your bank for any withdrawals from that deposit, including what you sent the scammers.
• Don’t believe social media messages or posts purporting to be from celebrities or business moguls offering a big cash giveaway. 
• Don’t call a number with an 876, 809, or 284 area code to confirm that you’ve won a prize. Those codes belong to Caribbean countries (respectively, Jamaica, the Dominican Republic and the British Virgin Islands) that have become hotbeds for contest frauds and other phone scams. 

August 12, 2022 - payment apps (P2P Apps) and Scams

Within the last thirty days, the Department of Attorney General has received numerous complaints of scams involving payment apps such as Zelle, Venmo, Cash App, and PayPal. Many consumers use these payment apps to easily and conveniently pay others. Unfortunately, scammers have adapted their tactics to take advantage of the quick and often anonymous access to cash that they provide.

What to look out for:

• Scammers impersonating your bank may call to alert you about suspicious activity on your account
• Fraudsters may reach out claiming to represent a fraud department or merchant and ask you to confirm information such as your bank account username and password
• Fraudsters may try to convince you that you've been paid more than you were owed.

Protect Yourself:

• P2P apps are not federally insured, regulated, or supervised, even if they partner with an FDIC-insured bank.
• Review the app's fraud protection policies and understand whether and how you can recover funds if a problem arises.
• When sending money using a P2P app, the payments and transfers are instant and mostly irreversible. Link your money transfer app to a credit card rather than a debit card or your bank account.

If you think you are a victim of a scam involving peer-to-peer payment apps, you can file a complaint with the Federal Trade Commission. For concerns about P2P services, contact the Consumer Financial Protection Bureau.

July 22, 2022 - utility imposter scam

The Department of Attorney General has received numerous calls regarding a new utility imposter scam claiming to be from DTE and an immediate need for payment to avoid shut-off.

What to look out for:

• A call claiming to be from DTE, stating they are sending field staff to turn off electricity because of nonpayment.
• Immediate payment, through a debit/gift card or pay app (Zelle) is required to avoid electricity shut-off.
• A promise of returning the funds if it's later determined was made.
• The number on the caller ID shows DTE's real toll-free number.

Protect Yourself

• Neither form of payment is regulated, and both are irreversible and untraceable.
• Utility companies will never demand payment be made immediately or ask for payment in an unusual payment form.
• Utility companies won't make unannounced visits to collect a bill or threaten shut-off.

Scammers can be convincing and often target those who are most vulnerable, including senior citizens and low-income communities. They also direct their scams at small business owners during busy service hours. However, with the right information, utility customers can learn to detect and report these predatory scams.

July 1, 2022 - Prime Time for Amazon Prime Day Scams

Amazon Prime Day 2022 is approaching, which means that you might be expecting some Amazon deliveries soon. While you may use Prime Day for awesome deals, cybercriminals use Prime Day for awful scams.

Cybercriminals may take advantage of Prime Day in different ways, but there are some common scam tactics that they typically use. For example, they may include the Amazon logo in their phishing emails to make their emails seem more legitimate. Their emails may also include links that send you to fake Amazon login pages.

If you enter your Amazon login credentials on one of the fake pages, cybercriminals can use these credentials to change your Amazon account password and log you out of your account. Then, they can make purchases using your saved payment information.

To keep your Amazon account secure, follow the tips below:

• If you receive an email from Amazon about an upcoming delivery or an account update, don’t click any links in the email. Instead, log in to your Amazon account directly from your browser to check on the issue.
• Enable multi-factor authentication (MFA) on your Amazon account. MFA adds an additional layer of security by requiring you to present two or more verification factors to log in to your account.

Cybercriminals often use scare tactics to trick you into clicking links without thinking. If you receive an email that urges you to take immediate action, stop and evaluate the message before you click any links.

June 24, 2022 - 5 surefire phrases that you’re talking to a scammer on the phone

It can be challenging to determine if that text message, email, or video is legitimate or just another scam. There are usually telltale signs, like spelling errors, that give away the scammer's intentions. But it's not so easy when you speak to someone over the phone.

Unlike electronic communication, humans can quickly adapt to any situation, changing their story or deflecting questions. No matter how crafty the crook is, there will always be certain words or phrases they say to tip you off that it’s a scam.

Read on for five things to listen out for if you suspect the caller might be a scammer.

• We need your Medicare number

  One of the most common scams is asking for your medical insurance number. You might receive a phone call from a fake laboratory, clinic, or doctor's office, with the caller claiming they need to do further tests. They'll need your Medicare number to process the order.

  As soon as you hear that, hang up. AARP points out that this scam bills Medicare for unnecessary tests, many of which it doesn't cover.

• We can help with a refund

  A regular claim from scammers, they offer to help you get a refund from a recent unauthorized Amazon purchase. Obviously, no such transaction took place, and your Amazon account is still secure.

  The caller will ask for your banking details or other personal information, and giving it can put you at risk of fraud and identity theft. Hang up the phone and contact Amazon directly if you think you have business with the company.

• Your electricity will be shut off by the end of the day 

  Nobody wants to get a phone call about shutting off their utilities, and scammers know the panic it can cause. In this scam, the caller will claim to be from the local electricity or water company and claims your account is past due. You can prevent this by paying the outstanding balance immediately.

  AARP explains that utility companies send an email first, and scammers use robocalls for this scam. So end the call and phone your utility provider through its official number to find out the true status of your account.

There's always a tech angle

Some scammers use confusing terms to bully into a conversation or your bank account. They know that there is a good chance senior citizens will act without asking questions, especially when it involves technology they know little about. Here are more signs you’re talking to a phone scammer:

• We need you to download this to your phone

  Usually aimed at the elderly, a scammer pretends to be from a well-known tech company. While the reason they claim to be calling varies, it usually involves claims that your device is infected with malware and they can help remove it. Hang up the phone immediately!

  Legitimate tech companies will never call you out of nowhere, claiming to know your device is infected with malware. The scammer instructs the victim to download a particular app, but it's nothing more than malware or an application to take complete control of your device.

• Your social security check has been frozen

  In this scam, a robocaller will claim that there is a freeze on your Social Security check, and you must pay to prove your identity.

  This will never happen, as no federal or state government official will ask for payment or further personal details over the phone unsolicited. Hang up the phone immediately and report the call through the Office of the Inspector General's fraud hotline at 1-800-269-0271.

June 16, 2022 - Beware of phishy facebook messages

In a new scam, cybercriminals have been using compromised Facebook accounts to send links to fake login pages. This scam is gaining popularity, with over eight million people viewing just one of the phishing pages so far this year.

In this scam, cybercriminals hack users’ Facebook accounts and then use these accounts to send messages to the users’ Facebook friends. When a user clicks on a link from one of these messages, they are directed to a fake Facebook login page. On this page, the user is asked to enter their email and password to verify their credentials.

If you fall for this scam, any credentials that you share will be delivered directly to the cybercriminals. The cybercriminals could then log in to your Facebook account and send similar links to your Facebook friends. It's important to remember that cybercriminals can also use ad tracking tools to receive money from visits to these pages. They profit from every click!

Follow these tips to stay safe from phishy messages:

• Hover your mouse over links before you click. Watch out for links that are suspiciously long or show a domain for a different website than the website you want to visit.
• If you receive a suspicious Facebook message, reach out to your Facebook friend by email, text message, phone call, or another app. If they didn’t send you the message, let them know that their account has been hacked and they should change their password immediately. Do not reply to the suspicious message.

Stay informed about the latest scams and how you can stay safe. Information is one of our most powerful tools against cybercriminals.

June 3, 2022 - keep yourself safe from malicious search results

Search Engine Optimization (SEO) is a technique that helps websites appear more often in search engine results, and rank higher than other websites. Legitimate websites use SEO such as easy-to-remember URLs and relevant keywords. Unfortunately, cybercriminals can also use SEO for their malicious websites.

Some of the ways cybercriminals use SEO is by adding tons of popular keywords to their website and creating multiple links that redirect you to their website. Cybercriminals can also pay third parties to visit their website, which makes the website appear more reputable and popular to search engines. If you visit one of these malicious websites, you may be tricked into downloading a malicious file or providing your personal information.

Follow these tips to keep yourself safe from malicious search results:

• Always hover your cursor over a link before you click, even when using a search engine. Look for spelling mistakes and overly long URLs that can hide a website's true domain.
• Avoid search results that include a long list of random or repeated words and phrases. That website could be using excessive keywords to draw in traffic.

Visit trusted websites directly by entering the URL in your browser’s address bar, instead of using a search engine to find the website.

May 20, 2022 - How to Spot a Credit Card Skimmer at Gas Pumps and Avoid Getting Scammed

Drivers are keeping a close eye on gas prices, but a lack of cheap gas isn't the only issue you might face when filling your tank. A gas pump skimmer can do a real number on your bank account.

Gas-station fraud commonly occurs with the use of skimmers, small devices that thieves place on or above the card readers at gas pumps (and ATMs) to copy and steal your credit card information. They used to be found primarily in cities, but the scam has spread into rural areas, and everyone should be on alert for these devices.

One of the best ways to avoid being a victim of a gas pump card skimmer is to take the extra few minutes to pay inside. 

What are credit card skimmers?

Credit card–skimming devices are installed on point-of-sale terminals, allowing thieves to take information off your card when you swipe it. "A credit card skimmer is a device that transfers data from your credit card's stripe," says Chris Hauk, consumer privacy champion at online privacy and security site Pixel Privacy. "Skimmers are usually found on gas pumps or other point-of-sale devices, in areas that aren't being monitored every minute of the day, as this allows the bad guys time to install a skimmer on a pump without being observed."

Do card skimmers work on chip cards?

Credit card skimmers do work on chip-enabled cards; however, they read the magnetic strip on your card, not the chip, so avoid the strip reader when possible.

How can I protect myself at the gas pump?

Educating yourself on how to spot a credit card skimmer and what card skimmers do is a good first step in protecting yourself from gas-pump fraud. As a rule of thumb, exercise awareness anytime you're using a public pay station or when your card leaves your sight. A shop employee who takes your card into another room to run the transaction could be dipping the card into a skimmer, for instance. And pumps that aren't in the gas station attendant's line of sight give thieves an opportunity to attach a skimming device.

Stay safe when filling your tank by following the experts' tips below.

• Whenever possible, choose the pump closest to the building. They're closest to employees and the least likely to have been tampered with.
• Avoid using a debit card, if possible. Should you be forced to use debit, run it as a credit card so you don't have to enter your PIN. Debit purchases take the money right out of your account, while credit purchases have a lag time for payment and often offer zero fraud liability.
• Avoid the PIN pad. "If at all possible, always use the chip or the Apple Pay–type payment system," Bischoff advises. A chip-enabled card is safer than swiping your credit card, and Apple Pay creates a unique code for each transaction, which offers some built-in protection.
• Gas station gift cards. They don't have any of your personal information connected to them, and since they have a limited value, your potential losses—should a scammer somehow get the numbers—would be relatively minimal.

May 6, 2022 - The Keep-it-simple scam

In a new scam, cybercriminals use short, simple phishing emails to try to sneak past security-aware employees. The scam itself is a typical credential-stealing phishing attack: You receive an email notification stating that some of your emails could not be delivered. To review these emails, you are directed to click a link. If you click the link, you are taken to a fake login page and any credentials that you enter on the page will go straight to the cybercriminals.

What makes this scam unique is the simple phishing email. The email looks like a plain text alert with only a few lines of information and no images or logos. With so few details to look at, it could be difficult to determine if the email is legitimate. To match the plain text design, the link in the email is a long URL instead of the usual “Click Here” type of link. Cybercriminals want you to trust the URL, but if you hover your mouse over the link, you’ll find that the link does not lead to the URL shown in the email.

Follow the tips below to help you stay safe from similar, simple scams:

• Never click on a link in an email that you were not expecting, even if it appears to come from a program or application that you use.
• When you receive an alert email, ask yourself questions such as: Did I sign up for email notifications? Have I received alerts like this in the past?

If you think the notification could be real, log in to the program or application directly instead of clicking the link in the email.

April 15, 2022 - Beware of 'Vishing' Scams

Voice phishing, or “vishing”, is a phishing attack conducted by phone. Vishing is a classic tactic that cybercriminals continue to use today. Recently, cybercriminals launched a vishing attack that impersonates Europol, the law enforcement agency of the European Union (EU). Using advanced techniques, cybercriminals disguise their phone numbers to display as an official Europol number on your caller ID.

The call starts as an automated message, stating that your personal data has been compromised and to press the 1 key to continue. If you press 1, you’re greeted by a real person who sounds polite and professional. The caller offers to help, as long as you give them information such as your name, address, and identification number. Any information you provide will be delivered straight to the cybercriminals.

Follow these tips to stay safe from similar scams:

• Never trust your caller ID. Cybercriminals can spoof phone numbers to look like a familiar or safe caller.
• If you did not initiate the call, do not provide personal information over the phone.

If you’re not sure if a call is coming from a legitimate organization, hang up. Then, find the official phone number for the real organization and call them directly. Don't call the suspicious phone number again.

March 26, 2022 - Beware of Puppy Scams

LANSING – Michigan Attorney General Dana Nessel is sharing her newest video focused on consumer protection.

The video, which is now available on the Department’s YouTube page, highlights the importance of doing your research before adding a four-legged family member.

“While we saw a spike in pet adoptions and purchases at the beginning of the pandemic, the possibility of bad actors looking to scam pet lovers remains a concern at all times,” Nessel said. “It remains imperative that future pet owners do their research before committing to anything. And if you think you encountered a scam, contact my Consumer Protection Team right away.”

Some important reminders are included in AG Nessel’s Puppy Scams Consumer Alert:

• Research the breed: Take the time to understand ideal breeding conditions, common health issues, and their average selling price if you’re looking at different breeders.
• Research the breeder: Conduct a thorough internet search of the breeder from whom you intend to purchase the puppy. You should also search the email address that is advertised on the breeder’s website or that the breeder uses to contact you, as scammers often use the same email address across multiple websites. Finally, if the breeder’s website contains testimonials, conduct an internet search of the text of the testimonial. If the same or similar text appears on other websites, the breeder is likely a scammer.
• Do not purchase a puppy sight-unseen: If you are unable to do so, request that the breeder video chat with you or send you a photo or video with your name and the date written on a piece of paper next to the puppy. Be sure to do this before making any sort of deposit. In addition, request to see the premises and the mother. Avoid breeders who offer to meet you at a “convenient” public location and will not allow you to see where the animals are kept.
• Use a credit card to make the purchase: Avoid wiring money, sending gift cards, or sending money using apps such as Venmo, Zelle, or CashApp, as such transactions cannot be refunded and are not traceable. Use a credit card to the extent possible, which will allow you to dispute a purchase.
• Retain all documents and communications from the breeder: In the event, you must document fraud, be sure to retain all records of the sale, including screenshots of the original advertisement, written communications, and any other paperwork associated with the breeder.
• Consider contacting your local shelter: Most shelters are looking for adopters or foster to prevent overcrowding and to relieve stress on the animals. Many animals at the shelter are immediately available for adoption. Shelters also may be able to offer references to reputable local rescues or breeders.

Your connection to consumer protection is just a click or phone call away. Consumer complaints can be filed online at the Attorney General's website, or if you have questions call 877-765-8388.

March 18, 2022 - Beware of Auto insurance refund scams

LANSING – Michigan Attorney General Dana Nessel is providing important consumer protection reminders as auto insurers issue $400 per-vehicle refunds to eligible Michigan policyholders.

“These refund checks come at a time when many Michiganders have faced financial hardships, and I appreciate the bipartisan work done to achieve this win for drivers,” AG Nessel said. “Unfortunately, these refunds will likely attract bad actors who will turn this surplus into a scam. Remember, these are automatic payments back into your account. No one will call, write or email you for information prior to disbursing the money. And if you are contacted by someone claiming to need personal information before receiving your $400, remain skeptical and report it to my Consumer Protection Team.”

Governor Gretchen Whitmer and Michigan Department of Insurance and Financial Services (DIFS) Director Anita Fox said last week insurers are required to disperse the refunds to eligible Michiganders no later than May 9, 2022.

“Our bipartisan auto insurance reform will soon put $400 per vehicle back in the pockets of Michigan drivers,” Gov. Whitmer said. “The refund checks will be automatically deposited into your bank account or mailed to your home, and I appreciate Attorney General Nessel for her leadership as we protect Michiganders against potential scammers. Remember, no one will contact you for information before you receive your refund. If someone contacts you and attempts to fish for personal information, report the incident to the Attorney General’s Consumer Protection Team. We will stay focused on getting things done for Michiganders and finding more ways to put money in people’s pockets as families face rising costs.”

“Any time there's a widespread distribution of money to consumers, criminals will try to take advantage, but DIFS and the Attorney General’s office remain committed to protecting Michigan consumers,” Director Fox said. “You do not need to take any action to receive your refund. It will be issued automatically by your insurance company and only as a direct deposit or mailed to you as a check. If you have any questions about the MCCA refund, I encourage you to call your insurance company or agent directly or contact DIFS with any additional questions Monday through Friday 8 a.m. to 5 p.m. at 833-ASK-DIFS.”

One type of scam that could arise during this process is an impersonation scam – a bad actor may pretend to be with an insurance agency or government agency and contact an unsuspecting consumer under the guise of discussing their refund.

For that reason, Nessel is reissuing her consumer alert focused on warnings to avoid falling for an imposter.

Refund details:

• Anyone who had a vehicle, motorcycle, or RV that was insured by a policy that meets the minimum insurance requirements to operate on Michigan roads as of 11:59 p.m. on October 31, 2021, is eligible to receive a refund for that vehicle.
• Eligible Michigan policyholders will receive $400 per vehicle or $80 per historic vehicle.
• Refunds must be delivered in the form of checks or ACH deposits. Gift cards, premium discounts, and credits against current or future balances are not allowed.

Eligible consumers who do not receive their refunds by the May 9 deadline should contact their auto insurer or agent. If consumers have questions or concerns that cannot be resolved directly with their insurer, they should contact DIFS by calling Monday through Friday 8 a.m. to 5 p.m. at 833-ASK-DIFS (833-275-3437) or by emailing autoinsurance@michigan.gov.

To help Michiganders learn more about these refunds, DIFS has launched a consumer FAQ page at Michigan.gov/MCCArefund. The webpage contains important information and answers common questions about the refund timeline, eligibility requirements, and tells consumers what to do if they have questions or concerns about their refunds.

Your connection to consumer protection is just a click or phone call away. Consumer complaints can be filed online at the Attorney General's website, or if you have questions call 877-765-8388.

March 11, 2022 - Be Cautious Before you Click a PayPal Link

There are several ways to send and receive money worldwide, but almost half a billion users prefer PayPal. The payment system is so popular that in the last quarter of 2021, it processed 5.3 billion transactions. 

Unfortunately, as we have seen on many occasions, being the top player in an industry also makes you one of the biggest targets for hackers and scammers. In worrying trends, criminals use sophisticated phishing attacks to steal your financial details.

PayPal regularly sends out communications about service updates and policy changes, but not all messages are legit. Fraudulent emails claiming to be from PayPal made up around 38% of all phishing attacks last year.

The phishing email will include a link that takes you to a spoofed PayPal page in many cases. Once you have logged in to the bogus page, the criminals capture your details and make off with your money. The email's content will differ depending on the scam. It usually revolves around verifying your profile, checking suspicious transactions, an exciting promo that you could benefit from, or some other campaign requiring you to sign in to your account.

What you can do about it

Phishing emails are widespread these days. The good news is that you can take precautions to avoid falling victim. Here are some helpful suggestions:

• Don't click on links and attachments that you receive in unsolicited emails.
• If the message gives you a sense of urgency, delete it.
• Spelling and grammar errors are big red flags.
• Use two-factor authentication and password managers for better security.
• Keep your operating systems, apps, and devices updated with the latest official software and patches.
• Always have a trusted antivirus program updated and running on all your devices. 

March 4, 2022 - Watch out for scams related to ukraine

The recent war in Ukraine has gathered a lot of attention. Unfortunately, cybercriminals often take advantage of world events to prey on your emotions. Now more than ever, it’s essential to watch out for phishing attacks and disinformation campaigns.

Cybercriminals may use several different tactics to scam you. For example, cybercriminals may try to trick you into sending money using cryptocurrency. The cybercriminals may take advantage of your sympathy by pretending to be Ukrainians who need financial assistance.

Cybercriminals may also try to catch your attention and manipulate your emotions by spreading disinformation. Disinformation is false information designed to mislead you intentionally. Cybercriminals may spread disinformation in the form of emails, text messages, or social media posts.

Don’t fall for these scams. Follow the tips below to stay safe:

• Avoid making donations to unknown users. If you would like to donate to support a cause, donate directly through a trusted organization's website.
• Watch out for social media usernames that only consist of random letters and numbers. These accounts may be run by bots instead of legitimate users.

Stay informed by following trusted news sources. If you see a sensational headline, be sure to do research to verify that the news story is legitimate.

February 25, 2022 - Fake Qr codes

QR codes have become increasingly popular in recent years, mainly due to social distancing efforts and a need for contactless services. They are commonly used to access restaurant menus, discount codes, and make payments. Unfortunately, cybercriminals have taken advantage of this tool, creating fake QR codes that trick you into providing your personal information.

Since custom QR codes are easy to generate, cybercriminals can easily create fake codes for malicious purposes. For example, cybercriminals could place a fake code in a coffee shop, encouraging you to connect to free Wi-Fi. Or, they could place the phony code on a parking meter, enticing you to make a quick and easy payment. However, if you scan these fake QR codes, the cybercriminals may steal your payment information or redirect you to a malicious website.

Follow these tips to stay safe from QR code scams:

• Cybercriminals use the convenience of QR codes to trick you into acting impulsively. Always think before you scan.
• Be cautious of QR codes without labels or codes that promise outrageous deals. Remember that if an offer seems too good to be true, it probably is!

Don't share payment information or personal details via QR codes. Instead, navigate directly to a safe website to make the payment or share the details.

February 12, 2022 - Beware of Valentines day romance scams

LANSING – Michigan Attorney General Dana Nessel wants Michiganders to protect their hearts and wallets as we approach Valentine’s Day.

“Dating services – particularly online – can lead to more than romantic encounters,” said Nessel. “These services, as well as shopping for Valentine’s Day gifts, come with risks that bad actors will look to exploit. It’s important to know how to protect yourself so looking for romance doesn’t lead to financial ruin.”

To ensure consumers protect themselves, Nessel is reissuing her Romance Scams: Stay Safe and Avoid Financial Heartache Consumer Alert.

To protect yourself, Nessel recommends the following:

• Never give someone you haven’t met money. Scammers are savvy and play on your emotions to get the information they need to carry out their scam or get your money. The Federal Bureau of Investigation reports that in the United States, romance scams account for the highest financial losses of all internet-facilitated crimes.
• Be cautious with your personal information, including your financial information, contact information, and photographs of yourself.
• Never agree to meet for the first time in a private setting. Insist on a public place where there are sure to be other people around and tell a member of your family or a friend where you will be and when you will contact them again after the meeting. Arrange your own transportation to and from the meeting and have a working mobile phone with you, if possible, with a pre-programmed, one-touch emergency number. Make sure to leave all available information about the person you will be meeting with your contact.
• Conduct an online reverse image search to see where else the person’s image appears and whether it has been altered before you swipe right or pursue a relationship based on an online profile image. Watch this video to learn how to do that.
• Be suspicious if the other person refuses to talk on the phone or do a video call before you meet in person.
• If you’re signing up for an online dating service, read your contract (terms of the agreement) carefully before signing it – including all “fine print” – so you know exactly what you’re buying. Some contracts make it easy for the dating service to avoid responsibility but difficult for consumers to get their money back.

February 11, 2022 - Cybercriminals go for the gold

Last week, the opening ceremony of the 2022 Olympic Winter Games took place in Beijing. With representatives from 91 countries, the Olympics are watched by billions of spectators from all over the world.
Unfortunately, cybercriminals often use worldwide events like the Olympics to catch your attention and manipulate your emotions. As the games continue, be extra cautious of any emails, text messages, and social media posts that mention the Olympics.
Remember these tips to help you stay safe:

• Watch out for sensational or shocking headlines about participating countries and athletes. These headlines could lead to articles that contain misinformation or false information designed to mislead you intentionally.
• No matter how exciting or disappointing the news is, always think before you click. Cybercriminals target your emotions in hopes of tricking you into acting impulsively.
• Stay informed by watching official Olympic broadcasts and checking trusted news sources

December 15, 2021 - Amazon Scam

Be on the alert because there's a new Amazon scam in town. Some of our members have received calls from Amazon customer service telling them that they have a fraudulent charge on their account. Be aware this is a SCAM!

Scammers call with an automated message, pretending to be Amazon customer service. They tell you that there was a fraudulent charge on your account, then they tell you they can help you fix it. "The con artists will either outright ask for credit card and account login details. Or, they will request remote access to your computer under the guise of “helping” to solve the issue for a fee. Please remember that it is illegal for a company to charge a fee to investigate credit or debit card fraud.

Please hang up when you receive this kind of call. Log into your Amazon account online and check your purchase history if anything is out of the ordinary, contact Amazon directly and monitor your SCCU account online through Online Banking and or Mobile Banking.

Please help Soo Co-op Credit Union get this information out to our community. Please SHARE!!!

December 3, 2021 - Order Confirmation imitation 

If you’ve started your holiday shopping, you may have received purchase confirmation emails from Amazon, one of the world’s most popular retailers. Unfortunately, cybercriminals have also been sending their version of these emails. In a new scam, cybercriminals impersonate Amazon to send fake purchase confirmation emails in hopes of receiving a unique holiday gift: your credit card information.

In this scam, cybercriminals send you a fake purchase confirmation email that appears to come from Amazon. You can review details about the phony purchase in the email, such as the payment amount and your mailing address. To check the purchase further, you can click a “View or manage order” button in the email. If you click this button, you’ll be taken to Amazon’s actual website, but you won’t be able to find information about the purchase. As a last resort, you can call the customer service phone number in the email. If you call, you’ll be asked to provide your credit card number and CVV number to cancel the purchase. Instead of canceling the purchase, you’ll grant cybercriminals access to your credit card.

Don’t fall for this scam! Follow the tips below to stay safe:

• Watch out for fake customer service phone numbers. If you need assistance, check the vendor’s website to find their customer service phone number or email address.
• Don’t click links in emails you weren’t expecting. If you click a malicious link, malware or other malicious software may be downloaded onto your device.

Don’t share sensitive information over the phone, such as credit card numbers or social security numbers.

November 12, 2021 - Phishing starts earlier and earlier 

It’s only early November, but you have probably already seen Christmas trees sold in stores. This is a trend known as “seasonal creep,” in which retailers start selling seasonal items in advance of the actual season. Did you know that cybercriminals also follow this trend?

For example, Black Friday and Cyber Monday traditionally fell after Thanksgiving in the United States. However, these international shopping events now start as early as November 1. Cybercriminals take advantage of this trend by sending phishing emails disguised as advertisements and phony purchase receipts long before the holiday season begins.

Follow the tips below to shop safely this holiday season:

• Never click a link from an email or text message that you weren't expecting, even if the link appears to be for a store you recognize. Instead, use your browser to navigate directly to the retailer’s official website.
• Watch out for malvertising. Malvertising is when cybercriminals try to phish shoppers through ads on social media and other websites. Always think before you click!
• Be cautious of advertisements that promise outrageous deals. Remember that if something seems too good to be true, it probably is!

November 5, 2021 - Real People in fake call centers

The newest trend in cybercrime is the use of cybercriminal-controlled call centers to trick you into providing your bank or credit card information. Cybercriminals try to use real people in fake call centers to convince you that a scam is legitimate.

A recent call center scam starts with an email that appears to be an invoice for a very large purchase. It is not clear what company this invoice is from or what was purchased, but the payment amount is listed six times. The email also starts and ends with a line directing you to call their number if you did not authorize the transaction. If you call the number provided, a representative happily offers to refund you. But first, they’ll need your bank or credit card information. Unfortunately, the representative is actually a cybercriminal who plans to use your payment information for their own devious purposes.

Follow these tips to stay safe from this social engineering attack:

• The invoice in this attack is specifically designed to cause alarm and frustration. Cybercriminals target your emotions in hopes of tricking you into acting impulsively. Always think before you click.
• A valid phone number doesn’t mean that an email is legitimate. Cybercriminals are real people who can lie over the phone, just as they lie in phishing emails.

Instead of calling the provided number, reach out to your bank or credit card company to verify the details of the transaction. If by chance there has been unauthorized usage, your bank or credit card company can help correct the issue.

October 21, 2021 - Beware of Medicare Open Enrollment Scams

The open enrollment period for changing Medicare Advantage and Part D prescription plans ends December 7. While Medicare-related fraud is a year-round concern, Medicare recipients should be especially alert for fraudsters during the open enrollment, when scammers use the increased public attention about Medicare choices as an opportunity to strike. Take precautions to avoid becoming a victim of identity theft or Medicare fraud by guarding your Medicare number — and other personal information. Shop and compare plans to ensure you are getting the plan that best meets your needs, and don’t fall for high-pressure sales pitches.

Tips to avoid scams:

• Never give your Medicare number or other personal information to an unexpected caller or someone who makes an unsolicited request for it.
• Be suspicious of anyone who calls and claims to be able to help you sign up for coverage but needs to confirm your Medicare number, or asks for your Medicare number just to provide you enrollment information.
• If a caller says they’re from Medicare and asks for your Medicare number or other personal information, hang up. The Center for Medicare and Medicaid Services will never call to ask for or check Medicare numbers.
• Don’t trust caller ID. Scammers use technology to hide their real numbers and instead show numbers that seem legitimate. If the caller ID shows a 202-area code or says “government,” it could be anyone calling from anywhere.
• Don’t respond to a telemarketing call relating to Medicare. Hang up on robocalls or other telemarketing calls pitching insurance plans.
• Anyone who tries to sell you Medicare insurance while claiming to be an “official Medicare agent” is a scammer. There are no Medicare representatives. If someone comes to your door claiming to be from Medicare, remember Medicare does not send representatives to your home.
• Ignore anyone who calls saying you must join their prescription plan or you will lose your Medicare coverage. The Medicare prescription drug plan (also known as Part D) is completely voluntary.
• Be alert for mailers that appear to be government communications but are actually advertisements for private companies. These mailers will sometimes have a disclaimer, but it is buried in small print. Read carefully!

If you need help with Medicare, call 800-MEDICARE or visit the Medicare website.

Michigan consumers can also call 800-803-7174 for the Michigan Medicare/Medicaid Assistance Program if you suspect a potential scam or need help making a health benefits decision.

October 8, 2021 - Remain Vigilant to Ongoing Cybersecurity Threats

Malicious online activity continues to intensify by the day, and it is becoming increasingly important for each of us to remain vigilant. One such example is spear phishing. 

What is spear phishing?

This is a more targeted phishing attack towards a specific individual, organization, or business. Malicious actors may target your members by sending emails that appear to come from your credit union and they will often include links that would direct members to websites that are built to look very similar to yours.

It’s important to remind both employees and members that this type of phishing is occurring. Similar to how your members could fall for something that appears to be from your institution, your employees could fall victim to this as well. It is important to remind your staff to analyze communications appearing to come from organizations that you work closely with.

Here are a few tips:

• Verify the sender’s email address: Look at the email address that each email comes from. Does part of the address look suspicious? Does the domain match with whom the sender claims to be associated?
• Check links in emails: Use your mouse to hover over links in emails. Does it look correct? Or does something seem off?
• Think before you click: Take your time when analyzing the email.

When in doubt call: If you ever have any concerns or questions about the legitimacy of an email you received, contact the organization right away. Even if the suspicious activity is in the form of a phone call and they ask you for your credentials, we recommend that you tell them that you will call them back. Additionally, be sure to call the number you have on file, not the number they provide to you.

September 17, 2021 - Phony LinkedIn Job Postings

It was recently discovered that job postings on LinkedIn aren’t as secure as you might expect. Anyone with a LinkedIn profile can anonymously create a job posting for nearly any small or medium-sized organization. The person creating the post does not have to prove whether or not they are associated with that organization. This means that a cybercriminal could post a job opening for a legitimate organization and then link applicants to a malicious website.

Worse still, cybercriminals could use LinkedIn’s “Easy Apply” option. This option allows applicants to send a resume to the email address associated with the job posting without leaving the LinkedIn platform. Since the email address is associated with the job posting and not necessarily the organization, cybercriminals can trick you into sending your resume directly to them. Resumes typically include both personal and professional information that you do not want to share with a cybercriminal.

Follow the tips below to stay safe from this unique threat:

• Watch out for grammatical errors, unusual language, and style inconsistencies in LinkedIn job postings. Be suspicious of job postings that look different compared to other job postings from the same organization.
• Avoid applying for a job within the LinkedIn platform. Instead, go to the organization’s official website to find their careers page or contact information.

If you find a suspicious job posting on LinkedIn, report it. To report a job posting, go to the Job Details page, click the more icon, and then click Report this job.

JUne 16, 2021 - AMAZON PHONE SCAM

Phishing schemes and cyber attacks are reaching scary levels of sophistication. Most recently a ruse involving fraudulent Amazon phone calls has become widespread. Members have reported receiving a phone call from someone posing as Amazon customer service. The fraudulent call informs the member of recent issues on their accounts, such as suspicious Amazon charges or outstanding account balances. The member is then instructed to provide financial details such as bank account information and credit card numbers as well as remote access to their computer in order to resolve the alleged account issues.

How to spot the "Amazon Scam":

• Be skeptical of unsolicited calls. Some departments at Amazon will call customers, but Amazon will never ask you to disclose or verify sensitive personal information or offer you a refund you do not expect.
• Amazon will never ask you to make a payment outside of their website and will never ask you for remote access to your device.
• Amazon will never send you an unsolicited message that asks you to provide sensitive personal information.
• Any customer who receives a questionable email or calls from a person impersonating an Amazon employee should report them to Amazon customer service immediately.

For more information on the Amazon Phone Scam read more at Michigan.gov.

February 5, 2021 - AG Nessel, UIA Alert Residents to Tax Form for Victims of Identity Theft in Unemployment Claims

Michigan Attorney General Dana Nessel and the Michigan Unemployment Insurance Agency are letting individuals know of important tax documents for people who may be victims of identity theft as a result of widespread fraudulent unemployment claims in 2020.  Read more.

November 19, 2020 - Watch out for holiday fraud and scams

As the holidays approach, merchants are preparing for a continued increase in online sales as a result of store closures and restrictions due to the COVID19 pandemic. Members should be aware of scams that target the convenience of online shopping such as fake or spoofed websites and pop-ups, skimming, porch pirates, or impersonations for your curbside pickups. As you put together lists of gifts and purchases for the upcoming holidays, it can be easy to let your guard down. Make sure you are aware of the latest fraud and scams targeting shoppers during this holiday season. Click Here to learn more!

August 28, 2020 - “Are you human?” New Attack Uses a CAPTCHA as Camouflage

Have you ever found yourself staring at a wobbly letter trying to decide if it is an X or a Y, just to prove to a website that you’re not a robot? This funny little test is called a CAPTCHA and it is used to help prevent automated malicious software, known as “bots”, from accessing sensitive information. Unfortunately, cybercriminals are now using CAPTCHAs as a way to make their phishing scams seem more legitimate.

In a recent Netflix-themed attack, scammers are sending a phishing email that claims "your payment did not go through and your account will be suspended in the next 24 hours". To resolve the issue, you're instructed to click on a link in the email to update your information. If you click the link, you’re taken to a CAPTCHA page. Once you pass the CAPTCHA, you’re redirected to an unrelated webpage that looks like a Netflix login page. Here you’re asked to enter your username and password, your billing address, and your credit card information. Don’t be fooled! Anything entered here is sent directly to the cybercriminals.

Remember these tips:

• Phishing emails are often designed to create a sense of urgency. In this case, “your account will be suspended in the next 24 hours”! Think before you click, the bad guys rely on impulsive clicks.

• When an email asks you to log in to an account or online service, log in to your account through your browser and not by clicking the link in the email. That way, you can ensure you’re logging into the real website and not a phony look-alike.

• Remember, anyone can create a CAPTCHA webpage, so don't fall for this false sense of security.

Stop, Look, and Think. Don't be fooled.

July 20, 2020 - What you need to know about romance scams

Millions of people turn to online dating apps or social networking sites to meet someone. But instead of finding romance, many find a scammer trying to trick them into sending money. Click here to read about the stories romance scammers makeup and learn the #1 tip for avoiding a romance scam.

June 15, 2020 - Exploiting the Coronavirus: Supermarket Spoofs

Grocery delivery services have been quite popular during the COVID-19 pandemic. These services help support social distancing, reduce the number of shoppers in each store, and allow at-risk patrons to safely buy essential items. Unfortunately, the popularity of these delivery services has caught the attention of cybercriminals. The bad guys are now spoofing supermarkets that offer delivery services in hopes of stealing your personal information. It starts with a phishing email that urges you to log in to your supermarket’s website using the link provided. Clicking the link takes you to a fake login page for your local supermarket. The page asks you to select your email provider (Gmail, Apple, and so on) and then log in to connect your account. Don’t be fooled! Connecting your account actually delivers your email credentials to the bad guys.

Remember the following tips:

• Never click on a link within an email that you weren’t expecting.
• Remember that email addresses can be spoofed. Even if the email appears to be from a familiar organization, it could be a phishing attempt.
• When an email asks you to log in to an account or online service, log in to your account through your browser-not by clicking the link in the email. That way, you can ensure you’re logging into the real website and not a phony look-alike.

April 8, 2020 - Say no to Scams

PLEASE SHARE THIS INFORMATION WITH FRIENDS AND FAMILY!!!

It's so easy to become a victim. It can happen so fast. Before you know it, you've clicked "send" and you’re out hundreds or even thousands of dollars.

Scam artists are working full-time at ripping you off. And after one scam bites the dust, the scam artists are ready with another one. It's no wonder so many people fall prey, scam artists make it very easy and they are so convincing.

There's no typical fraud victim. Even some of our members have fallen prey to these scams! Scammers don't care who you are, how old you are, or how much you earn. They're just after your hard-earned money.

Here are some tips so you don’t become a victim:

• Spot imposters. Scammers often pretend to be someone you trust, like a government official, a family member, a charity, or a company you do business with. Don’t send money or give out personal information in response to an unexpected request — whether it comes as a text, a phone call, or an email.
• Don’t believe your caller ID. Technology makes it easy for scammers to fake caller ID information, so the name and number you see aren’t always real. If someone calls asking for money or personal information, hang up. If you think the caller might be telling the truth, call back to a number you know is genuine.
• Don’t pay upfront for a promise. Someone might ask you to pay in advance for things like debt relief, credit and loan offers mortgage assistance or a job. They might even say you’ve won a prize, but first, you have to pay taxes or fees. If you do, they will probably take the money and disappear.
• Talk to someone. Before you give up your money or personal information, talk to someone you trust. Con artists want you to make decisions in a hurry. They might even threaten you. Slow down, check out the story, do an online search, consult an expert — or just tell a friend.
• Don’t deposit a check and wire money back. If a check you deposit turns out to be a fake, you’re responsible for repaying the bank.
• Hang up on robocalls. If you answer the phone and hear a recorded sales pitch, hang up! These calls are illegal, and often the products are bogus. Don’t press 1 to speak to a person or to be taken off the list. That could lead to more calls.

Soo Co-op Credit Union will NEVER ask for your personal or financial information via email or text message or phone. But many scam artists will! We recommend that you approach all unsolicited e-mail, phone calls, and text messages with a degree of suspicion