LorMet > News > Security > Common Scams
Dark Mode

Common Scams

LorMet would never call you to CONFIRM personal information, account information, card information, CVV from your debit card, or birth dates. Immediately dial LorMet at (440) 960-660 if any of this information has been compromised.

If you compromise this information by providing it to a criminal, you could lose money, become a victim of identity theft, have personal information stolen, or worse.

Top 12 Online Security Tips

  1. Keep antivirus and antispyware software up to date on your PC. Use a firewall, which can protect you from “key loggers.”  Consider installing a web browser toolbar to protect you from known phishing fraud website.
  2. Avoid emailing personal and financial information.  Before submitting financial information through a website, look for the “lock” icon on the browser’s status bar.  It signals that your information is secure during transmission.
  3. Delete suspicious emails without replying to them and never click on links in emails.  Call the company with a phone number from a recent statement or a number you know to be genuine and report the suspicious e-mail.
  4. Do not download files sent to you by strangers or click on links from people you don’t know.
  5. Use “strong” passwords and change them often.  Passwords should have a combination of letters, numbers, and special characters.  Avoid using obvious words and numbers, such as birthdates and names.
  6. Always log out of an online banking session anytime you step away from your computer.
  7. Examine your browser’s security settings to make sure they are set to an appropriate level of protection.
  8. Only shop on web sites that offer a privacy policy.  Know how your personal information will be handled.  Print out privacy policies, warranties, price guarantees and other important information.  Read the privacy policy on any website to ensure your information is secure.
  9. If you think you’ve been scammed, contact the credit union or financial institution of the account that has been compromised.  You can file a complaint with the FTC, and the Internet Fraud Complaint Center at http://www.ic3.gov.
  10. Make sure any online credit card charges are handled through a secure site or in an encrypted mode.  You’ll know you’re on a secure site if the web page on which you conduct your transaction begins with “https” instead of the usual “http”.
  11. Your mobile device manufacturer may release software and operating system updates. These typically include important security updates to fix vulnerabilities that may exist. It is recommended that you keep your device updated.
  12. Review your bank and credit card statements frequently online and make sure all the transactions are legitimate.

Phishing / SMishing

In Phishing and SMishing scams, the criminal impersonates a business or financial institution in an attempt to trick you into giving out your personal information, such as usernames, passwords, and credit card details. The victim may be contacted by a phone call, text message or email.

Phishing scam artists try to persuade you to give out personal information to use to steal your money and your identity. Phishing schemes are carried out in person, over the phone, and are largely delivered online through e-mails or pop-ups. These e-mails look very authentic and contain official looking logos from real organizations and other information stolen from legitimate websites like your credit union or other online merchants. Unsuspecting people too often respond to these requests for their credit card numbers, passwords, bank account information, or other personal data.

Scammers may try to trick victims through an e-mail or ad on the web, offering to make you an Account Manager so you can “earn money at home.” Do not respond to the offer.

If you click on a link in a Phishing scam, scammers may direct you to a fake site, with a similar URL to the real site. Or, the site may be fake, but the address window showing the URL will be hidden by a “floating window”, displaying the legitimate URL to fool you (if you can’t click and type on the address, it may be a decoy address). Links may also trigger the download of programs that record what you type (key loggers).

SMishing is an unsolicited text message claiming to be your financial institution. The text message may state your card has been blocked and to contact the provided phone number. If you call the fake number, you will be asked for card and PIN information; you will compromise your information and your money will be stolen.

Always call your institution at the phone number on the back of your card or on your account statement only.

LorMet will never send a text message about an issue or restriction on your account asking you to call a number and provide card, account, or personal information.

LorMet will never send an email asking you to enter personal information directly into the email or reply with personal information.

“Lost Money” Scam

What is the “Lost Money” scam?

After the consumer is convinced to provide Online Banking access to a scammer, the scammer then convinces the consumer that he/she received a credit to their account in error and that the consumer should do a withdrawal, wire, or transfer to return the funds. When the scammer had access to Online Banking, he/she transferred your own money from your savings account to your checking account, making it appear to be a credit. THESE ARE YOUR OWN FUNDS.

How to Avoid the “Lost Money” scam

  • Never provide account access to anyone! Especially if the person is someone who called or emailed you, or contacted you online.
  • Do not wire, transfer or withdraw the funds, regardless of what the scammer tells you to do.
  • Call us immediately!

If you believe you are a victim of the “Lost Money” scam, immediately call a Member Service Representative at (440) 960-6600.


What Is Spoofing?

Spoofing is when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity. Scammers often use neighbor spoofing so it appears that an incoming call is coming from a local number, or spoof a number from a company or a government agency that you may already know and trust. If you answer, they use scam scripts to try to steal your money or valuable personal information, which can be used in fraudulent activity.

How to Avoid Spoofing

You may not be able to tell right away if an incoming call is spoofed. Be extremely careful about responding to any request for personal identifying information.

  • Don’t answer calls from unknown numbers. If you answer such a call, hang up immediately.
  • If you answer the phone and the caller – or a recording – asks you to hit a button to stop getting the calls, you should just hang up. Scammers often use this trick to identify potential targets.
  • Do not respond to any questions, especially those that can be answered with “Yes” or “No.”
  • Never give out personal information such as account numbers, Social Security numbers, mother’s maiden names, passwords or other identifying information in response to unexpected calls or if you are at all suspicious.
  • If you get an inquiry from someone who says they represent a company or a government agency, hang up and call the phone number on your account statement, in the phone book, or on the company’s or government agency’s website to verify the authenticity of the request. You will usually get a written statement in the mail before you get a phone call from a legitimate source, particularly if the caller is asking for a payment.
  • Use caution if you are being pressured for information immediately.
  • If you have a voice mail account with your phone service, be sure to set a password for it. Some voicemail services are preset to allow access if you call in from your own phone number. A hacker could spoof your home phone number and gain access to your voice mail if you do not set a password.
  • Talk to your phone company about call blocking tools and check into apps that you can download to your mobile device. The FCC allows phone companies to block robocalls by default based on reasonable analytics. More information about robocall blocking is available at fcc.gov/robocalls.

Remember to check your voicemail periodically to make sure you aren’t missing important calls and to clear out any spam calls that might fill your voicemail box to capacity.

LorMet would never call you to CONFIRM personal information, card information, CVV, or birth dates for suspected fraud monitoring. Ignore fraudulent calls purporting to be from (440) 960-6600. HANG UP and re-dial (440) 960-6600!

Be cautious of suspicious calls, emails or text messages claiming to be from reputable institutions such as the Center for Disease Control & Prevention (CDC) and World Health Organization (WHO), and maybe even LorMet Credit Union attempting to steal your personal and financial data.

LorMet Credit Union does contact its members, if necessary to provide services, through legitimate calls, emails, and texts. LorMet Credit Union will never contact you to ask you to provide or verify any of the following information:

  • Your full Social Security, account numbers or credit/debit card numbers
  • Your Online or Mobile Banking username and/or password
  • Answers to your confidential security questions over the phone
  • Activity in your checking, savings or loan accounts

If you receive an email, text message or phone call from anyone claiming to be from LorMet Credit Union that asks you for any of the above personal information, hang up and call our Member Service Department immediately at (440) 960-6600.

The Ohio Attorney General is encouraging Ohioans to follow these tips to avoid coronavirus-related scams.

  • Watch out for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other expert sources with special advice or information about the coronavirus. Legitimate information is available for free on the CDC’s website.
  • Ignore online advertisements promoting cures for the coronavirus.
  • Research nonprofit organizations and crowdfunding campaigns before donating.  Avoid groups that pressure you into donating and never donate via cash, gift cards, wire transfer or prepaid money card.
  • Be cautious of anyone going door to door offering coronavirus testing or temperature readings and requesting personal information. Call our local law enforcement immediately if you see a suspicious person. Never let strangers into your home.
  • Beware of emails and other attempts to “phish” for your personal, financial and medical information.
  • When online, avoid clicking on unknown links or pop-ups and never download any suspicious email attachment. Doing so could infect your devices with malicious software designed to steal your personal information or lock your computer until you pay a ransom.

Gift Card Scams on the Rise

According to the AARP, 1 in 10 people fall victim to gift card scams. In fact, Americans have lost about $400 million to fraud during the COVID pandemic. We’re seeing similar schemes target Lorain County residents, meaning you must remain vigilant for this type of scam.

Here’s what happens:

  • The caller will often tell you to go buy a popular gift card, frequently, iTunes, Google Play, or Amazon. The caller will tell you to get the card at a particular store near you – often Walmart, Target, Walgreens, or CVS. They may even have you buy several cards at several stores. Sometimes, the caller will stay on the phone with you while you go to the store.
  • Once you buy the card, the caller then will demand the gift card number and PIN on the back of the card. Those numbers let them immediately get the money you loaded onto the card.
  • The scammers and your money are gone, usually without a trace.

If you believe you are a victim of Gift Card fraud, immediately call a Member Service Representative at (440) 960-6600.

Counterfeit Checks

We’re seeing an increase in scams targeting our members with counterfeit money orders. Be suspicious of anyone asking you to cash a cashier’s check or money order on their behalf. This is likely a scam!

Here are some of the features you need to look for in a legitimate money order:

Avoid personal losses! Cashing a fraudulent check or money order equals authorization, as well as sharing your personal account information with a scammer.

Never share the following personal account information:

  • Routing and account number
  • Social security number
  • Debit or credit card number
  • Card expiration date
  • CVV2/CVC2 (security code on the back of cards).

If you suspect you received a counterfeit check or money order, immediately contact us at (440) 960-6600.

Tech Support Scams / Ransomware

By pretending to be an employee of a major computer or security company, a criminal may offer technical support to their victim and request payment by credit card. The victim is usually be contacted by a telephone call or a pop-up message provides a number to call. No real tech support is given and, in fact, viruses and malware may be installed by the criminal.

Ransomware is a type of computer malware that encrypts the victim’s files, making them inaccessible until a specified ransom is paid. Ransomware is typically installed when a user clicks on a malicious link, opens a file in an e-mail that installs the malware, or through downloads from a compromised Web site.

Lottery Scams

You may get a card, a call, or an email telling you that you won a prize. The scammer may tell you there is a fee or taxes you need to pay to get your winnings. The criminal asks for your credit card number, account information, or even for you to wire money. There is no prize and you’ll be out any money that you give the scammer.

IRS Scams

A criminal may call you and says they work for the Internal Revenue Service (IRS) or that they are a police officer. They say you owe the IRS thousands of dollars and threaten you with immediate arrest. They say you can pay them with prepaid cards for a fraction of the amount to keep them from going to jail. Just hang up. The IRS does not collect back taxes by requesting prepaid cards.

Additional Security Information

Always be diligent in monitoring transactions and activity on your account and contact us immediately if you identify any fraudulent transactions.

Here are some additional tips on protecting yourself from identify theft.

Unless absolutely required for a legitimate business purpose, avoid giving out your:

  • Address and ZIP code
  • Phone Number
  • Date of Birth
  • Social Security Number
  • Card or Account Number
  • Card Expiration Date
  • Your PIN is private; never give it out.
  • Don’t reply to e-mail or pop-up messages that ask for personal or financial information, and don’t click on links in the message. Don’t cut and paste a link from the message into your web browser – scammers can make links look like they go one place, but that send you to a different site.
  • Some scammers send an e-mail that appears to be from a legitimate business and ask you to call a phone number to update your account or access a “refund.” Because they use Voice over Internet Protocol (VoIP) technology the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card. Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
  • Don’t email personal or financial information.
  • Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.

Category: Security
Last Updated: August 10, 2021