Current Fraud Alerts
NOVEMBER 14, 2024:
PHISHING TEXTS DISGUISED AS ZELLE® ALERTS:
Fraudsters are contacting Avadian members, pretending to be Avadian employees attempting to verify Zelle transactions. They are asking Avadian members for the last four digits of their Social Security Numbers and account numbers.
Remember: Avadian will never ask for this information to verify incoming or outgoing Zelle transactions. |
NOVEMBER 13, 2024:
Fraudsters are calling Avadian members, pretending to be Avadian employees and asking for their Avadian debit card PINs.
Remember: Avadian will never ask for your PIN. |
JUNE 28, 2024:
Fraudsters are sending texts and emails claiming there are fraudulent transactions on members’ accounts.
Do not click on links in text messages that claim there are fraudulent transactions on your account. It is imperative that you know no breach has occurred at Avadian. |
JUNE 26, 2024:
Fraudsters continue to text and call Avadian members, pretending to be Avadian employees and seeking information in a variety of ways.
Read the instructions that accompany secure access code carefully.
Remember not to click the links in texts or emails that you are not expecting. Enter the URL directly yourself or use the Avadian app. |
I got a text, call, or email from a fraudster claiming to be an Avadian representative. What do I do?
Believe you’re a victim of fraud? Find out what to do next here.
Identifying Fraud
One of the best ways to protect yourself against scammers is to understand what they want and the ways they go about getting it.
In short, they want access to your money or your personal information.
To do so, they have a number of tactics, including theft or tricking you into giving them the information, usually by pretending to be someone else or playing on your heartstrings. Along the way, they are often creating urgency and panic to prevent you from thinking clearly.
It’s important to know that specific tactics are constantly changing, but we hope that by understanding what they want and their tactics, you will be able to recognize the red flags and successfully navigate a fraud attempt.
Believe you’re a victim of fraud? Find out what to do next here.
Target: Online Banking Credentials
They can obtain access to your money by tricking you into giving them your online banking username and password. They do this in a number of ways. Some of the ways they do this include the following:
- They send you a link via text or email in which they say there is fraud on your account. The link via sends you to a website that looks legitimate but is a fake. When you enter your username and password, it goes to them.
- They send you a secure access code that you give back to them to “confirm your identity.” When a fraudster’s on the other end of this message, you’re helping them access your account.
- They send you a link to make a payment, but the link has malware, allowing them to access your device and steal your information.
- They call you and say that your phone or computer has been compromised and ask you to click a link giving them access to your device so they can resolve the problem. And now that they have access to your device, they can find online banking credentials and other information.
Take a look at what the Federal Trade Commission has to say about phishing scams.
Remember: Avadian nor any other legitimate partner institution will ask you to provide your online banking username or password nor ask for access to your computer while you log in to your online banking account.
Believe you’re a victim? Find out what to do next here.
Target: Get You to Send Them Your Money
Sometimes they don’t even try to get your online banking information; instead they’ll manipulate you into sending them money in a variety of ways:
- One such fraud involves sending you a check in exchange for work as a “secret shopper” or by having your car “wrapped” in advertisements. They’ll ask you to cash the check and send a portion back to them only for you to discover the check is bad and the money you’ve sent them is gone.
- In another scam, you’re told you won a sweepstakes but need to send them money to pay taxes or fees on your winnings. You send them the money, and when you get the check for your winnings, it’s bad. Again, your money is now gone.
- The “grandparent” scam starts with your receiving a call from someone impersonating your grandchild. Your “grandchild” is in trouble (arrested, medical bills, car trouble) and asks you to send money without telling anyone about it.
- Fake sellers on online marketplaces get you to agree to purchase an item and send the payment but never send the item you believed you purchased.
- Cash flipping occurs when fraudsters request banking information with the promise to send money if you send some of the money to other people. The money gets deposited to the account so the transaction appears legitimate until money starts leaving the account - in higher amounts than what was initially deposited.
- Gift card scams involve sending you a text from your “boss” asking you to buy gift cards and send them the numbers. The problem is, the text is a fake, and you’ve spent your money on gift cards and sent the gift cards to scammers.
- Fake websites will offer deals that are simply incredible. And we mean that literally – the deals are not credible. Those hard-to-find sneakers aren’t really 90% off. And when you enter your payment information, you’re giving it straight to fraudsters, who now will use it.
To learn more about these types of scams, check out this blog we wrote.
Remember two things: if it seems too good to be true, it probably is. And if you aren’t sure who you’re talking to, hang up and call back, entering the numbers yourself.
Believe you’re a victim? Find out what to do next here.
Target: Your Personal Information
With your personal information, they can steal your identity and apply for loans in your name. Some of the ways they obtain this information includes…
- stealing your ID, credit cards, or debit cards.
- stealing your financial statements from the trash or mailbox.
- installing skimmers on ATM machines, gas pumps, cash registers, and more.
- intercepting personal information when you use public Wi-Fi.
- “phishing” via fraudulent emails, texts, and calls.
- sending you a notice that you won a prize from a contest you never entered but you must send your personal information to claim the prize.
Read what the U.S. General Services Administration has to say about identity theft.
Remember: lock your doors, check your mail daily, sign up for e-Statements, be careful using public Wi-Fi, and again, if it seems too good to be true, it probably is.
Believe you’re a victim? Find out what to do next here.
Tips for Protecting Yourself
Don't give out any personal information or your PIN. Avadian nor any other legitimate partner institution will ask you to provide your online banking username or password nor ask for access to your computer while you log in to your online banking account
If the email or phone call seems strange or out-of-place, it's probably fraud. Avadian will never call you or email you asking you to share any personal information.
When in doubt, don't. That's what our head of IT Security always says. If something seems too good to be true or strange, it probably is. Don't answer calls from numbers that are unfamiliar or click on emails if the content of the email seems off-putting.
Be able to identify their tactics. If you receive an email asking for money, scammers will typically ask you to send funds via money order, Green Dot Cards, iTunes cards, or gift cards.
Stop and ask someone else. Get a second opinion before you send money.
Be careful how you pay. It’s safer to pay with a credit or debit card by inserting your chip-enabled card into the reader or utilizing tap-and-go payment technology than it is to swipe your card.
Stay on top of your accounts and credit. Set up alert notifications on your account(s) for transactions, withdrawals, balance thresholds. Monitor your credit report to make sure no one has opened an account in your name. Avadian makes it easy to do set up alerts and check your credit report in online banking.
How Can I Know What’s Real?
Secure Access Codes
Secure Access Codes (SAC) are often used to verify your identity. They can be used when you log in to an account online or when you call Member Services.
Here are some tips to remember about SACs:
- Did the SAC go to the phone number or email you would have set up as a delivery option with the provider? If you didn’t, don’t provide the SAC to anyone asking for it.
- Did you set up SAC delivery preferences with the financial institution or company that is supposedly calling you? If you didn’t, don’t provide the SAC to anyone asking for it.
- Does the action match the language on the message you received? For instance, many SAC messages will say “We will never ask for this code” or “Never give this to anyone,” so if the caller asks for it, hang up.
- Did you initiate a request that might require a SAC? If you didn’t request help from the financial institution or company, don’t provide the SAC to anyone asking for it.
- Have you received any alerts about log-in attempts or SACs sent? If not, don’t give it.
Websites
As we mentioned earlier, fake websites can be used to obtain your online banking credentials or your payment information. They look real, so you enter your information and give the scammers everything they want.
So how can you know that a website is real?
- Look for the lock in the address bar on the website. You can even click the lock symbol to confirm the security certificate matches the site you’re on.
- Look for https:// at the beginning of the URL. The “s” stands for secured and shows you that it’s an authenticated site. Since most fake sites will likely be shut down before too long, they don’t bother trying to have it authenticated.
- Check for misspellings in the URL.
- Enter the URL yourself instead of clicking on links, especially if you’ve gotten a text or email that is sending you to a website where you’ll need to log in.
Links in Emails
If you aren’t sure if the email you’ve received is legit, a closer look will give you some clues.
- Who is it from?
- Is it from someone you usually get emails from?
- If it is supposedly from someone or an organization you know, does the sender’s email address match the sender’s name? Is the domain name different than what you’d expect (i.e. does an email supposedly from your financial institution have a gmail.com address)?
- Who is it to?
- If it says, “Dear Sir or Madam,” that’s a red flag. If you know the sender, they’ll include your name, and even businesses can customize your name if they include a greeting.
- Are there tons of typos or does it look unprofessional?
- Many fraudulent emails contain many typos or unusual turns of phrases or dates. Others have poor design with weird fonts, many colors, or bad clip art.
- What about the links?
- If you are looking at the email on a computer, you can hover over the link and it will show you the URL to which it is directing you. If it doesn’t seem to fit the purpose of the email, don’t click it.
Received a Phishing Attempt From a Fake Avadian Representative?
So you got an email, text, or phone call, and your fraud radar went off so you shut down the exchange? Well done! You’ve become a fraud fighter.
We’d love it if you’d take a few minutes to send us some info so we’ll be in the know about active fraud attempts.
Send us a secure message in online and mobile banking to let us know what happened. Log in to online banking and select “Messages” near the bottom of the menu then select “Fraud Notifications” in the drop-down menu. Provide us with as much information as you can:
- Channel (text, email, phone call)
- Any personal information the fraudster had or was asking you to confirm (name, address, online banking credentials, Social Security Number)
- If they sent you a text or an email, a screenshot would be helpful.
The more information you can give us, the better we can protect your account and the accounts of other Avadian members.
Victim of Fraud? What to Report and How to Report It.
So what do you need to report – and how do you report it -- if you believe you may be a victim of fraud?
Compromised information. Whether you gave someone information over the phone, clicked a link in an email, allowed access to your device, what’s important is the next step:
Contact Avadian and any other financial institution you use immediately and report what has happened to put your accounts on hold. You’ll also want to change your username and passwords for online banking frequently and sign up for identity theft protection.
Missing checks or debit card. Stolen check or a new debit card that never arrived by mail as expected?
Contact Avadian or the appropriate financial institution immediately so you can freeze your card or put your account on hold.
Transactions you don’t recognize?
Notify Avadian or your financial institution immediately to dispute the transaction. You can do this within online banking for your Avadian account.
Unfamiliar account log-in alerts. If you receive an alert about account activity that you don’t recognize, check your account for any unfamiliar activity.
If you find fraudulent transactions, contact your financial institution immediately.
Unusual changes to your credit score or credit report. If you notice activity or accounts on your credit report that you didn’t initiate, it could be that your identity has been stolen.
Contact the fraud department of the company in question immediately and reach out to the three major credit bureaus (Experian, Equifax, and TransUnion) to freeze your credit.
Bills from accounts you didn’t open. If you receive a bill on an account you didn’t open, don’t just assume it’s a mistake.
Contact the business immediately, and then reach out to the credit bureaus to freeze your credit.
Additional Resources
We post fraud prevention tips to our social media channels and to our blog regularly. Follow us on social media to see tips and urgent alerts.
You can see all of our fraud prevention blogs right here.
We also think these tips from Google about phishing and fake websites are really helpful too.
FAQs
How do they know I’m an Avadian member?
They don’t necessarily. They are casting a wide net, hoping to find someone who is. That’s part of why these attempts are called phishing, smishing, and vishing.