Fraud Examples

This page is just a small list of some common fraud- and ID theft-related scams that target account owners daily. Part of fraud and ID theft awareness is being able to recognize a scam when you see it. These examples have been collected from various sources and are provided as reference material for our visitors.

For information about recent fraud attempts specifically targeting Ashland CU members, please visit this page.

If you suspect someone is engaged in fraud relating to your member account(s) or is impersonating Ashland Credit Union, please call us at 1-800-245-8112 or 606-329-5489 or fill out our web form to report fraud.

Smishing - Cousin to "Phishing" & "Vishing"

Financial institutions are reporting that cell phone and other mobile device users are being targeted with mobile spam that attempts to trick them into revealing personal information or account information. Known as "smishing," this technique's name is derived from a combination of the acronym 'SMS' (Short Message Service, the technical name for cell phone text messaging) and 'phishing' (mass emailing for the purposes of financial or identity theft).

In one instance, cell phone users receive a text message via cell phone warning that their account has been closed due to suspicious activity. The message then directs the consumer to call a certain phone number to reactivate the account. Unsuspecting callers who dial the number provided in the text message will be taken to an automated voice mail box that prompts them to key in their credit card or debit card number, expiration date, and PIN to verify their information. Other strategies send consumers to malicious websites that attempt to harvest this same information or install spyware, "trojan horse" software, etc. onto their computers.

If you have any questions concerning your account or debit/credit card, contact your financial institution using a telephone number or web address that you know to be valid. Consult your statement, telephone directory, or a reliable Internet search engine to make contact with your institution. Never visit a website or use a hyperlink that has been sent to you via an unsolicited email or text message.


IRS Email Warning - May 31, 2007

The IRS is warning taxpayers to beware emails which claim the recipient is under criminal investigation by the IRS. These messages contain links or attachments that will launch "Trojan Horse" software on your PC. Trojan Horse software can potentially steal any information that you store or input on your computer, such as account numbers, passwords, social security numbers, etc.

For more information, visit the IRS news release (


Phishing for Online Bank Accounts #1

Students, faculty, and staff of the University of Kentucky with university email addresses received a “phishing” email that appeared to be sent by the University of Kentucky Federal Credit Union. The email contains a UKFCU logo that appears to be a scanned image from some old stationary. The email states:

"We've noticed that you experienced trouble logging into UKFCU Online. After three unsuccessful attempts to access your account, your online profile has been locked. This has been done to secure your accounts and to protect your private information. University Of Kentucky FCU is committed to making sure that your online transactions are secure. You may unlock your profile by going to http://xxxxxxxxxx"

The indicated link takes victims to a website that is identical to the UKFCU home banking site. Members are then asked to enter their home banking account number and access code as if they were logging into the site.

Once the members enter that information, a new screen appears requesting them to enter their full name, debit card number, card expiration date, ATM PIN, and the CVV2 number. Once the member has entered that information, it then thanks them and returns them to the actual home banking site. Therefore, the thieves have not only captured the member’s card information, they have also captured their home banking information as well.

Think Before You Act: Did you really try and repeatedly fail to sign on to your Internet banking site? If so, contact the institution yourself by telephone or a secure website messaging system if offered. Use the telephone number or web address that you know and use regularly. Does the logo on your correspondence look official, professional, and current?


Phishing for Online Bank Accounts #2

A Louisville credit union reported the following fake email circulating:

Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service. If you choose to ignore our request, you leave us no choice but to cancel your membership.

+++ Attachment: No Virus found
+++ xxxxxxxxxx Antivirus - http://xxxxxxxxxx

The email contained an attached file with one of these possible names:,,,,,,,

You’ll notice that the email is crafted with false statements asserting that no virus was in the attachment. However, according to a leading antivirus vendor, the attachment is in fact a mass-mailing worm that propagates by emailing itself to addresses that it gathers from compromised computers' address books. Furthermore, the worm listens for commands arriving over the Internet that allow the remote attacker to perform any of the following actions: download/execute files, obtain system information such as CPU type, OS version, available memory, etc., remove/update/terminate the worm for detection prevention, perform a Denial of Service (DOS) attack, start a proxy server, start an FTP server, and port redirection.

Think Before You Act: Is it wise to open an email attachment that I was not already expecting? Should I telephone customer service before complying? How would my financial institution know anything about my email account or Internet Service Provider?


Phishing for Online Bank Accounts #3

A Louisville, KY credit union reported phony emails which mimicked their email design and referenced the name and title of one of the credit union officers to make the message appear authentic. The message was part of a phishing scheme directing recipients to a fake website designed to imitate the credit union's authentic website.

The website sought to collect usernames, passwords, email addresses, card numbers, card expiration dates, ATM PINs, and phone numbers. The page was hosted by a Japanese Internet provider. The phishing email contained some misspelled words.

Think Before You Act: Why is my institution emailing me? Should I contact them using their phone number and website address that I know by heart? Does the email message use correct grammar and business vocabulary? Should I follow directions sent to me via unsolicited email?


Phishers Masquerading as Government Agencies

The NCUA (National Credit Union Administration - the federal supervisory agency for credit unions) announced the discovery of the following email message targeting consumers and credit unions:

----- Original Message -----
From: NCUA
To: undisclosed-recipients:
Sent: Wednesday, April 11, 2007 8:44 PM
Subject: Official information for all Federal Credit Union

Dear Sir/Madam,

National Credit Union Administration always look forward for the high security of our clients. Some customers have been receiving an email claiming to be from NCUA advising them to follow a link to what appear to be a NCUA web site, where they are prompted to enter their personal Online Banking details. NCUA is in no way involved with this email and the web site does not belong to us.

Actually, we are performing security improvements of our banking community and enforce customers to register their sensitive information for an additionally created free security service to prevent any fraudulent activity against their assets and savings. We, hereby ask you to respond within few hours of current notification and Confirm Your Credit or Debit Card via our SSL protected website to apply for this service absolutely for free, otherwise your account(s) may not process posted transactions correctly and on time.

Please visit us to Confirm Your Credit or Debit Card


J. S. Smith
Security Advisor

Please do not reply to this e-mail. Mail sent to this address cannot be answered.
For assistance, log in to your FCU or CU Online Bank account and choose the "Help" link on any page.
NCUA Email ID # 1127

Think Before You Act: What does a federal supervisory board have to do with my personal account(s)? Why does the email state to never give account information in response to an email and then directly contradict that advice? Why is the grammar and capitalization so inconsistent and awkward? Should I ever follow the directions I received in an unexpected email message?


Fake Sweepstakes and Fake Checks

A Louisville credit union member received a check drawn on an account at Country Federal Credit Union of Macclenny, Florida issued by Hallmark Financial Services, along with a letter stating she had won a sweepstakes. Country Federal Credit Union was contacted by telephone to verify the check, and it was determined to be fraudulent. Information about the nature of the sweepstakes or whether the member truly entered it was not released.


Florida Travel/Unauthorized Withdrawals

Fraudulent items from several travel and marketing companies in Florida are being drafted against legitimate accounts at many credit unions. The amounts have been small dollar amounts, specifically $49.95, $59.95, and $149.00. The share drafts are all unsigned, as they are supposedly being authorized over the telephone. We believe that these travel and marketing companies already have account numbers as well as names and routing numbers of the credit unions. The payees are located in Florida, with the drafts being payable to accounts in Palm Bank of Florida or Wachovia Bank. Remember to check your statements monthly for any unusual changes in the amounts listed above and please notify us immediately if you suspect you are a victim of this scam.


Fake Traveler's Checks

A Louisville, KY credit union reported that a member was contacted via email by an individual who supposedly worked for a company by the name of A. Simons Textiles. He was in need of a bookkeeper in the U.S. to work from home. His clients would make payments for supplies every week in the form of money orders or traveler’s cheques. All the member was required to do was to get the items cashed, deduct his 10%, and forward the remainder via Moneygram or Western Union money transfer to an address in Nigeria.

The member received $1,500 in American Express Traveler’s Cheques in the mail from individuals in Lagos, Nigeria. They were very poor quality and American Express verified that they were invalid.

Think Before You Act: Why would a reputable business have the need to contact a stranger overseas to act as their business intermediary sight unseen? Why would they send currency or checks via international mail rather than by wire, which is their method of receiving funds? Why don't the senders fear the loss of their money overseas? Is it perhaps because their financial instruments are worthless until someone falls for this con and converts them into real money? Do the checks have the usual security features such as embedded strips, real or pseudo-watermarks, color-shifting ink, embossed print, microprinted lines, etc.?


Fake Money Orders

A Louisville, KY credit union member placed an ad on in hopes of finding a roommate. He was contacted by someone supposedly from Asia wanting to come to the United States. The member was sent five Wal-Mart money orders, each in the amount of $850.00. He was asked to cash the items, keep $600.00 for the first month’s rent and transfer the remaining $3,650 via Western Union to a travel agent located in Bangkok, Thailand. The money orders were counterfeit.

Wal-Mart is aware of the counterfeiting of their money orders for payment of Internet transactions. Details on the counterfeits used in this scheme include 1) color and corporate trade name and logo duplicated, 2) amount box lines lack “TRAVELERS EXPRESS COMPANY, INC." microprinting, 3) the words "PAY ONLY THIS AMOUNT" (normally written in white against a tan background) missing, 4) excessive values indicated on the money orders (money orders are limited to $1,000) and 5) missing or incorrect phone number (1-866-853-8846 is incorrect; 1-800-543-3590 is correct)

Think Before You Act: Why would a someone send such an excessive overage of funds overseas or any funds at all? Why would someone expect a foreign resident to conduct his business by proxy? Why wouldn't the sender wire the funds - a faster and safer method - since he also wishes to receive the return of his funds in that method? Do the money orders have the usual security features such as embedded strips, real or pseudo-watermarks, color-shifting ink, embossed print, microprinted lines, etc.?


Advance Fee Credit Card

A company called Atlantic One (among others) called a credit union member to promise a credit card with a line of credit up to $5,000 with no credit check or application necessary. The only requirement is to pay $319 up front. They called every day and told the member that he was referred to the company by the credit union.

Think Before You Act: Why would a credit union, which offers its own line of credit cards, steer you towards another entity? Do you recognize the name of the bank or institution offering you the credit card? Have you ever made a deposit to get a credit card? If someone wants to issue credit to you, why would they first demand a deposit from you? The widespread availability of credit and the highly competitive nature of the business make it highly unlikely that you require a secured credit card. Be sure to patronize a reputable institution that you know by name, reputation, or existing relationship.


Nigerian 419 Scam a.k.a. Advance Fee Fraud

Perhaps the most notorious and costly Internet fraud is the Nigerian 419 Scam, a type of advance fee fraud. The name of the scam originated from the section of Nigerian penal code dealing with this type of crime, though Nigeria is no longer the sole origin of such scams. The cover story for these scams usually entails a wealthy individual who is desperate for assistance in moving a large sum of money across international borders. The scam offers millions of dollars in potential reward in return for your cooperation in supplying an upfront payment of a few thousand dollars and/or your account information. Naturally, the only transfers of money are the up front payment from the victim, plus whatever funds the scammer is able to withdraw from the account.

The version of this scam shown below was circulating in May 2007 and involves a South African gold mining fortune up for grabs:




In my quest for a reliable and trusted partner for a highly important and lucrative venture cum investment, I came across your contact as a reliable partner for this venture. I am Mr. Joseph Zulu, one of the senior Accountants of AMALGAMATED BANK OF SOUTH AFRICA (ABSA). To highlight you on this proposal, there is an account opened in this bank since 1980 till 1990 after which, nobody has operated on this account again till date. After going through some old files in the records, I discovered that if I do not remit this money out urgently it would be forfeited for nothing. The owner of this account is Mr. Ben Andreas, a foreigner, and a miner at Kruger gold co., a geologist by profession who died since 1990. No other person knows about this and my investigation further proved to me that his company does not know anything about this account and the amount involved as he made it his personal account. The money outstanding before his death was (USD 26 Million) Twenty Six Million United States Dollars.

I am now contacting you as a foreigner because this money cannot be approved to a national with a local bank account here. But can only be approved to any foreign account because the money is in US dollars and the former owner, a foreigner. I implore you to act as foreigner and beneficiary to the fund as I will then intimate you on the processes abound as well as procure all the necessary documents required to lay claim to the money. If you are capable and willing to handle such amount in strict confidence and trust according to my instructions and advice for our mutual benefit I shall highly appreciate. I need trusted person in this business because I do not want to make mistakes; I need your strong assurance and trust.With my position now in the office I can effect transfer of this money to any foreigner's reliable account, which you can provide with assurance that this money will be intact pending my arrival in your country for disbursement. On the alternative, you can come down here to South Africa for us to meet one to one.

Send me your private telephone and fax numbers upon receipt of this proposal, if you genuinely want to assist and be a co-partner. As soon as you receive this money into a foreign account or any account of your choice where the fund will be safe. I will proceed to your country for onward percentage distributions and investment. I need your full co-operation to make this work because the management is ready to approve this payment to any foreigner, who has correct information of this account, which I will give to you later immediately. I will use my position and influence to effect legal approvals and onward transfer of this money to your account with appropriate clearance forms of the ministries and foreign exchange departments. At the conclusion of this business, for your assistance, 25% of the total amount will be accrue for you, 70% for me, while 5% will be for expenses both parties might have incurred during the process of the transfer.

I implore you to maintain the absolute confidentiality of this transaction.

Your earliest response is urgently awaited.

Yours Sincerely,

Mr. Joseph Zulu.

It is important to note that being a recipient of such a message does not mean you are being individually targeted. Your email address was probably generated randomly or was perhaps included in a black market database of email addresses obtained by rogue "harvester" software that trolls the World Wide Web and gets passed around on virus infected emails. The first message will announce the potential rewards for your cooperation, and is simply bait to get a response. Successive messages will aim to gain your confidence and ask that you deposit several thousands of dollars for withdrawal, to be used for expenses incurred in moving the money to your account, such as travel, bribes, fake documents, legal expenses, etc. There are documented cases where gullible victims' accounts have been drained again and again in such a method.


Learn More