Current Fraud Alerts & Warnings

In addition to the helpful tips posted on this site to educate and protect members against scams and fraudulent activities, DuTrac will also periodically add special alerts and warnings regarding current scams.

If you are unsure about any type of request for financial information, please contact DuTrac directly to confirm the validity of the message before sending money or releasing any information.

Recent Warnings and Alerts include:

 

 


Kmart Credit Card Breach (11/14/2014)

In a statement posted to Kmart's website, the company stated Kmart's IT team detected the payment data system had been breached and immediately launched a full investigation. Based on the forensic investigation to date, no personal information, debit card PIN numbers, email addresses or social security numbers were obtained by those criminally responsible. The data breach has been contained and the malware removed.

If you have not used your debit/credit card at a Kmart store, DuTrac does not have reason to believe your DuTrac card information was compromised in this latest breach. DuTrac continuously monitors for fraud and if we notice any irregular activity we will notify you individually.

DuTrac is asking all DuTrac cardholders that shop at Kmart to be mindful of suspicious e-mails with links or messages that request sensitive information, as well as suspicious e-mails with links or messages that request sensitive information, as well as suspicious phone calls attempting to get this type of information. If you suspect fraud, immediately place a call to the number on the back of your credit card for assistance or contact a DuTrac financial services consultant at (800) 475.1331.

 

The Home Depot Credit Card Breach (9/15/2014)

In a statement posted to The Home Deport website, Tuesday, September 2, The Home Depot disclosed that they were investigating a possible breach of their payment data systems. Recent reports have confirmed that those systems have in fact been breached, which could potentially impact any customer that has used their payment card at a U.S. and Canadian Home Depot store, from April forward. The Home Deport further reported that they do not have any evidence that the breach has impacted stores in Mexico or customers who shopped online at HomeDepot.com.
 
The Home Depot is offering free identity protection services, including credit monitoring, to any customer who has shopped at a Home Depot store in 2014, from April on. You can learn more about the identity protection services and how to sign up for them at https://homedepot.allclearid.com/.

If you have not used your debit/credit card at a Home Depot store, DuTrac does not have reason to believe your DuTrac card information was compromised in this latest breach. DuTrac continuously monitors for fraud and if we notice any irregular activity we will notify you individually.

DuTrac is asking all DuTrac cardholders that may shop at The Home Depot to be mindful of suspicious e-mails with links or that request sensitive information, as well as suspicious phone calls attempting to get this type of information. If you suspect fraud, immediately place a call to the number on the back of your credit card for assistance or contact a DuTrac financial services consultant at (800) 475.1331.

 

Fraudulent Telephone Calls Claiming to be from SHAZAM (5/30/2014)

SHAZAM has been notified of an issue where cardholders are receiving fraudulent telephone calls from someone claiming to be from SHAZAM, Inc.

During these calls, the fraudster asks the cardholder for personal information, such as a primary account number (PAN) and PIN.

If you receive this call do not give out any of your personal information and please contact your local DuTrac branch immediately. You can do so by emailing members@dutrac.org or calling (800) 475.1331.

 

Internet Explorer Flaw (4/30/2014)

Microsoft has announced a recently-discovered exploitable flaw within its Internet Explorer versions. Internet Explorer versions 6-11 are vulnerable and at risk.

This vulnerability can be exploited after a user visits a hacked or malicious website. According to Microsoft, "An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights." Microsoft is currently working on a patch to fix this vulnerability, but no release date is currently known.

In the meantime, there are a few simple steps you can take to protect yourself.

1. Consider using a different browser such as Mozilla Firefox or Google Chrome.

2. Make sure your spyware and anti-virus software is up-to-date.

3. Use caution when clicking on links and opening emails from unknown addresses.

DuTrac will keep its members updated if there are any new development with the Internet Explorer flaw.

 

Heartbleed Bug Online Security Threat (4/10/2014)

Due to DuTrac’s network and its system architecture, DuTrac can state that its network and related systems that contain member information are not susceptible to Heartbleed and that members' funds and information continue to be safe and secure. DuTrac’s IT team has made, and continues to make, its ongoing review of its website and electronic delivery channels for security.

For members’ ongoing safety, privacy and security, the best protection against Heartbleed and other similar attacks, is to maintain strong passwords on any website that requires login credentials and to change those credentials regularly.

As always, DuTrac recommends members continue to monitor their monthly statements and accounts for unauthorized transactions or apparent fraud. If fraud or unauthorized transactions are noted, please contact DuTrac immediately for assistance.

 

Area Residents Warned of More Fraudulent Texts (1/10/2014)

The Dubuque Police Department has issued a statement regarding another text or "smishing" scam in the area. The fraudulent texts appear to originate with a financial institution, asking the recipient to provide personal information to confirm identity or a similar type of message. This is a scam. Do not reply to the text, call the number or provide any account information.

Although these texts may appear to come from a legitimate source, numbers on caller ID or text message can be masked to hide the actual originating number. Residents are urged to use caution whenever personal or account information is requested.

If you have received a similar text, simply delete the message. Do not call the number or reply to the text in any way.

If you have already given out any account information, please contact your local law enforcement, notify your financial institution(s) and begin monitoring your accounts for suspicious or fraudulent activity.

DuTrac Community Credit Union will never request your account number via text message or e-mail. The best course of action is to contact your financial institution directly to confirm the validity of any questionable text, e-mail or phone call.

Similar scams have also been reported in February and November of 2013.

 

Another Round of Fraudulent Texts Reported (11/24/2013)

The Dubuque Police Department has issued a statement regarding a text or "smishing" scam that resurfaced recently among area residents. The fraudulent texts indicate the recipient's debit or credit card has been deactivated and asks them to call a phone number to provide account information. This is a smishing scam. Do not reply to the text, call the number or provide any account information.

Although these texts may appear to come from a legitimate source, numbers on caller ID or text message can be masked to hide the actual originating number. Residents are urged to use caution whenever personal or account information is requested.

If you have received a similar text, simply delete the message. Do not call the number or reply to the text in any way.

If you have already given out any account information, please contact your local law enforcement, notify your financial institution(s) and begin monitoring your accounts for suspicious or fraudulent activity.

DuTrac Community Credit Union will never request your account number via text message or e-mail. If there is ever any doubt about the validity of a call, text or e-mail, simply hang up/ignore the message and contact DuTrac directly. 

(A similar scam was also reported in February 2013.)


Phishing Phone Call Scam  (9/26/2013)

The Bettendorf Police Department would like residents to be aware of a new scam called “Phishing Phone Call Scam.”  Various Quad City banks and credit unions have contacted local law enforcement agencies after receiving calls from area residents.

The recipient will receive a phone call, either on their landline or cell phone, from someone claiming to be from their bank or credit union.  They are told that their bank card has been deactivated and they need to enter or say their 16 digit card number and pin number to reactivate the card.

DuTrac would like to remind members not to give out personal information, including bank and pin numbers over the phone.

If you have already given out any account information, please contact DuTrac immediately at (800) 475-1331 and monitor your accounts for suspicious or fraudulent activity.

If there is ever any doubt about the validity of a call, text or e-mail, simply hang up/ignore the message and contact DuTrac directly.

 

Recent Tri-State Area Phone Scam Attempts  (8/26/2013)

Dubuque Police and local financial institutions are warning residents of two scams that have surfaced recently in and around the Dubuque area.  

Area residents have reported calls indicating their debit/ATM card has been deactivated for security reasons. The call recipient is then prompted to provide account numbers and information. Some calls appear to originate from a company/agency called “National Debit” at 909-204-7750. However, incoming numbers on caller ID or text message can be fabricated to hide the actual number from which the call/text is originating.

The second scam involves calls claiming to be affiliated with Medicare/Medicaid. The caller typically asks for a Social Security number, credit card number, bank account number or other personal information in order to update information or provide free services such as medic alert alarms, medical devices/equipment and other products paid for by Medicare and Medicaid. Some residents have reported the callers can be very agressive.

Regardless of the nature of the scam, preventative measures remain the same: always take time to verify the source and never provide money, account information and/or personal information to anyone unless you are absolutely positive the request is legitimate, and especially if the call/email/text/etc. was unsolicited and not initiated by you. Contact your financial institution and/or local law enforcement if you believe you are being scammed or would like assistance in verifying the authenticity of the inquiry.

Click here for a PDF of the press release from the Dubuque Police Department.

 

Area Residents Reporting Phone Scam (5/1/2013)

DuTrac has been informed of area residents receiving phone calls indicating their credit/debit card will be or has been deactivated due to inactivity or other various reasons. The caller or message asks the recipient to give out card data or other personal information. These phone calls are fraudulent. Do not give any information to the caller and hang up immediately.

If you received a similar call and have already given out any account or personal information, contact your financial institution immediately and monitor your account for possible fraudulent or suspicious activity.

If you receive a questionable phone call - or if you are ever in doubt about the validty of a call - hang up and contact your financial institution directly.

Click here for a PDF of the press release from the Dubuque Police Department

(Originally posted on 2/28/13. Updated on 5/1/13)

 

Fraudulent Texts Targeting Area Residents (2/6/2013)

DuTrac has been made aware of a smishing scam circulating to several residents in the area via SMS text message. The fraudulent text indicates the recipient's card has been deactivated and asks them to call a phone number with a 309 area code.

This is a smishing scam. Do not reply to the text, call the number or provide any account information.

If you have received a similar text, simply delete the message. Do not call the number or reply to the text in any way.

If you have already given out any account information, please contact DuTrac immediately at (800) 475-1331 and monitor your accounts for suspicious or fraudulent activity.

DuTrac Community Credit Union will never request your account number via text message or e-mail. If there is ever any doubt about the validity of a call, text or e-mail, simply hang up/ignore the message and contact DuTrac directly.

The Dubuque Police Department also issued an alert regarding these text messages. Click here to read the statement.

 

FFIEC Warns of Malicious E-Mails (2/6/2013)

The Federal Financial Institutions Examination Council (FFIEC) has posted an alert regarding fraudulent e-mails being sent from inform@ffiec.gov, office@ffiec.gov and complaints@ffiec.gov. The e-mail usually references a FFIEC lawsuit or case number, regarding a "subpoena" or "suspect activity on an account." The wording may vary, but all messages are malicious.

The FFIEC does not send out any such emails and is not affiliated with these messages or their email address domains. Under no circumstances should you reply to these messages, open any attachments, or click on any link within these messages.

 

 

Fraudulent Telephone Calls Requesting SHAZAM Billing and Account Information (8/9/2012)

DuTrac has been notified by SHAZAM of a fraudulent attack in which financial institutions and merchants are receiving telephone calls from someone claiming to be from SHAZAM requesting billing and account information. Please Note: These calls are not from SHAZAM. The SHAZAM network does not call and request this type of information from financial institutions, merchants or cardholders.

If you have received a telephone call from someone claiming to be from SHAZAM asking for the information described above, please contact SHAZAM at  the number listed below.  Additionally, if you receive a telephone call from someone claiming to be from SHAZAM and are not sure whether the call is legitimate, please do not hesitate to hang up and call the telephone number listed below.

SHAZAM Client Support: (800) 537-5427 (option 2) or submit a service request online using SHAZAM® Web Rep (SHAZAM Access login required).

 

Automated Phone Call Scam (7/18/2012)

7/18/2012  --  CUNA Mutual Group has issued another alert regarding the recent resurfacing of an automated phone call scam. Victims receive automated calls, or "robo-calls," which play recorded messages claiming to be from a credit union (or bank). The calls may suggest the member's debit or credit card has been blocked and request verification of financial information such as account numbers, card numbers, or PIN. If you receive one of these calls, simply hang up.

 If you received a similar call and entered your information, please contact your financial institution(s) immediately and monitor your accounts for fraudulent activity. As a reminder, never give your personal information out to an unsolicited phone call. Whenever in doubt, hang up and call your financial institution directly.

 

Unauthorized Pop-Up Box on DuTrac Website (6/22/2012)

DuTrac wants to make you aware of a possible phishing scam we became aware of in recent days. When visiting the dutrac.org website, a message in the form of a pop up box reflecting the following information may be displayed:

Dear dutrac.org visitor
Your Credit Score may have changed recently. Please click here for your Free Score.
Thank you for visiting dutrac.org.

It then asks you to click on an “Accept” button to receive your Free Score. Please DO NOT click on the Accept button. This type of message is usually caused by malware on the user's computer and is not authorized by DuTrac or caused by DuTrac's website.

If you have any concerns or suspicions about a message from DuTrac, or if you have clicked on a similar message, please call DuTrac at (563) 582-1331 or (800) 475.1331.

 

VISA, MasterCard Warn of Possible Security Breach (3/30/12)

UPDATE 4/2/2012  --  In a conference call Monday, April 2, 2012, Global Payments Inc. updated Wall Street analysts on the self-reported breach into its processing system revealed Friday and reported earnings two days ahead of schedule.

Paul R. Garcia, the chairman and chief executive, said the investigation continued but that the incident was “absolutely contained” and that there had been no “fraudulent transactions.”

The company investigation revealed that ...criminals did not obtain cardholder names, addresses and Social Security numbers. It created a website for consumers, www.2012infosecurityupdate.com, which will be live later Monday (April 2).

3/30/2012  --  The Credit Union National Association (CUNA) has confirmed that Visa and MasterCard are notifying card-issuing credit unions and banks of a possible massive data breach involving Global Payments, Inc., a U.S.-based third-party payment processor. 

The potential data compromise incident at Global Payments, Inc. (an organization not in any way affiliated with DuTrac Community Credit Union) affects card account information from all major card brands. However, both Visa and MasterCard have confirmed their internal systems were not breached.

Affected account holders will be notified and, if needed, new cards will be reissued.

Members should monitor their accounts for suspicious or fraudulent activity. To report suspicious activity, or if you have been a victim of fraud, please contact DuTrac Community Credit Union at (563) 582.1331, (800) 475.1331 or your local police.

 

 

BBB Complaint E-Mail Scam (12/1/2011)

12/1/2011  --  The Better Business Bureau (BBB) has issued a scam alert cautioning businesses and consumers about an e-mail purporting to be from a bbb.org e-mail address. The e-mail contains a dangerous attachment regarding a complaint and appears to direct recipients to the BBB website. This is a scam – the BBB does not send complaints as attachments via e-mail.

The e-mail appears to come from a fake BBB employee claiming the recipient needs to review this matter and advise the BBB of their position. From there, the e-mail appears to direct the recipient to the BBB website, but actually directs them to an outside link. This e-mail is fraudulent and does not originate from the BBB. The e-mail attachment and link are malicious and you are strongly advised to not open the attachment or click on the link.

Should you receive such an e-mail, please disregard the message and report any information received to the Better Business Bureau’s Scam Source. Then promptly delete the e-mail. If you have clicked on the link, immediately do a virus scan.

To view an example of the e-mail text, click here.

 

Text Scam Targeting Credit Union Members (11/15/2011)

11/15/2011  -- Members of an Eastern iowa credit union recently received fraudulent text messages looking to steal personal account information. Several members of Collins Community Credit Union received the phony texts, telling members their debit card had been deactivated and provided a phone number to call. The texts look legitimate, but the number is not associated with the credit union. If anyone receives a similar text, members are urged to contact your financial institution directly to confirm the message. To read the complete story, click here.
 

Wire Transfer E-Mail Scam: (11/2/2011)

11/2/2011  --  DuTrac believes there is an ongoing phishing attempt being circulated via email. This particular phishing scam involves receipt of an email appearing to be from the Federal Reserve Bank (FRB), the Internal Revenue Service (IRS) and/or from NACHA (The Electronic Payments Association) and states that a wire transfer was canceled or that a checking account payment was recently returned and will ask you for your personal account information. These notices look official, but they are not. If you get this email, please delete it.

SHAZAM "mishing" fraud attack

SHAZAM has been alerted to a “mishing” fraud attack that is targeting cardholders. The attack consists of a text message sent to mobile phones stating “Notice: Issues Found On Your Shazam 551729XX Mastercard. Please Call 13035780902!” This number currently hosts an automated recording demanding the entry of the PAN. Additional confidential information is then requested from the cardholder. These calls are fraudulent and have not been authorized by SHAZAM. As of Monday, November 8, 2010, SHAZAM has had this number disabled through the local service provider.

If you receive these text messages and telephone calls, do not release any information. If you have released information as a result of receiving one of these calls, please contact DuTrac immediately.

FDIC Fraudulent E-mail Notice

Iowa Corporate Central Credit Union was notified on July 6 of a fraudulent e-mail circulating from the Federal Deposit Insurance Corporation (FDIC).

The subject line of the e-mails state: "you need to check your Bank Deposit Insurance Coverage."  The e-mail tells recipients that, "You have received this message because you are a holder of a FDIC-insured bank account.  Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets."  The e-mail then directs recipients to click on a link stating "You need to visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage."

This e-mail and associated website are fraudulent.  Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information or to load malicious software onto end users' computers and should not click on the link provided.

The FDIC does not issue unsolicited e-mails to consumers.  Financial institutions and consumers should NOT follow the link in the fraudulent e-mail. 

E-mail Scam Impersonates NACHA to Steal Account Information

DuTrac has received notification of a phishing scam via NACHA (the Electronic Payments Association, a non-profit association that oversees the Automated Clearing House (ACH) Network.  Random individuals and/or companies are receiving suspicious e-mail titled "Rejected ACH Transaction."  The e-mail tells the individual there is a problem with an ACH transaction, and includes a link to see the transaction report.

If the individual clicks on the link it directs them to a website that looks similar to the NACHA website.  Both the link in the e-mail and the related website are fraudulent.  The links on the website will automatically execute a virus that contains malware.

Any individual can report this phishing scam to any of the following agencies:

Jury Duty Scam

  • How it works:  The phone rings, you pick it up, and the caller identifies him/herself as an officer of the court.  They say you failed to report to jury duty and that a warrant is out for your arrest.  You say you never received a notice.  To clear it up, the caller says they'll need some information for "verification purposes" - your birth date, social security number, maybe even a credit card number.
  • How to avoid it:   This is when you should hang up the phone.  Facing the unexpected threat of arrest, victims are caught off guard and may be quick to part with some information to defuse the situation.  With enough information, scammers can assume your identity and empty your bank accounts.

If you receive a suspicious call regarding jury duty, please call your local district court office or your local police department.  Protecting yourself is the key:  Never give out personal information when you receive an unsolicited phone call.