Fraud Alert 11/03/08 |
Smishing |
ATMs |
Latest Alert
Phishing |
How to Avoid ID Theft
FRAUD ALERT!!!
November 3, 2008
CCU Members have received recorded phone messages from someone impersonating CCU employees. This is an attempt to steal your credit/debit/ATM
card information. Please be cautious when contacted by telephone. If you have concerns, call our office: 423-396-2101.
Beware of "Phishing, Vishing, and Smishing"
E-MAIL “PHISHING”
Phishing (pronounced "fishing") is a scam to steal valuable information such as credit card and Social Security numbers, user IDs, and passwords. In phishing, also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, credit union, bank, or retail establishment. E-mails can be sent to people on selected lists or on any list, and the scammers expect some percentage of recipients will actually have an account with the real organization.
LAND LINE TELEPHONE “VISHING” & VoIP (INTERNET PHONES “VISHING”)
Vishing, (Voice phISHING) also called "VoIP phishing for the Internet phones," is the voice counterpart to phishing. Instead of being directed by e-mail to a Web site, an e-mail message asks the user to make a telephone call. The call triggers a voice response system that asks for the user's card number or other personal or financial information. The initial bait can also be a telephone call with a recording that instructs the user to phone an 800 number or another area code within or outside of the United States.
In either case, because people are used to entering card numbers over the phone, this technique can be effective. Voice over IP (VoIP) is used for vishing because caller IDs can be spoofed and the entire operation can be brought up and taken down in a short time, compared to a land line telephone.
TEXT MESSAGE “SMISHING”
Smishing (SMS phISHING) is the mobile phone counterpart to phishing. Instead of being directed by e-mail to a Web site, a text message is sent to the user's cell phone or other mobile device with some ploy to click on a link. The link causes a Trojan to be installed in the cell phone or other mobile device.
The following tips will help keep you safe from this type of fraud:
- Be wary of any message received from an unknown sender.
- Do not open unsolicited e-mails or text messages.
- Do not click on any links provided in unsolicited e-mails.
- Don’t display your wireless phone number or e-mail address in public. This includes newsgroups, chat rooms, Web sites, or membership directories.
- If you open an unwanted message, send a stop or opt out message in response.
- Check the privacy policy when submitting your wireless phone number or e-mail address to any Web site. Find out if the policy allows the company to sell your information.
- Contact your wireless or Internet service provider about unwanted messages.
New! Mail LETTER “PHISHING”
This new scam occurs where the phisher is creating a letter and sending it through the mail to individuals to respond to the letter by calling a phone number. The phisher outlines in the letter that the individual must respond for their own protection. This scam is used in conjunction with other channels to steal valuable personal and financial information of the individual receiving the letter.
Fraud, identity theft grow at ATMs - MSN Money
By Bankrate.com
It's easy for crooks to rip you off at the cash machine, especially if you're not paying attention. And your PIN won't offer the protection you might assume it would.
Before Jay Foley inserts his bank card into an ATM slot, he sticks his finger in. Then he wiggles it.
"If any portion of it wiggles with my pinky, I walk away, because odds are somebody has slapped a skimmer on the front," says Foley, the executive director of the Identity Theft Resource Center in San Diego.
Read more of this article:
Take Steps to Guard Against Identity Theft - Kiplinger.com.
New Fraud Alerts & Scams are Created Daily—Don’t Be Caught Off-Guard.
Please remember that Collegedale Credit Union & Visa will not solicit personal information from you by requesting you verify your information online.
Common Frauds: Phishing
“Phishing” is an email scam that attempts to trick consumers into revealing personal information, such as their credit or debit account numbers, checking account information, Social Security numbers, or banking account passwords through fake Web sites or in a reply email.
Phishing scams are among the fastest growing forms of fraud on the Internet. According to the Anti-Phishing Working Group, phishing scams grew by 52 percent from December 2003 to January 2004. Find out more about phishing below.
How to spot a phishing email
Phishing emails, and the Web sites they link to, typically use familiar logos and familiar graphics to deceive consumers into thinking the sender or Web site owner is a government agency or a company they know. Sometimes the phisher urges intended victims to “confirm” account information that has been “stolen” or “lost.” Other times the phisher entices victims to reveal personal information by telling them they have won a special prize or earned an exciting reward.
Look for these red flags in the email:
- Asks you to provide personal information such as your credit union account number, an account password, credit card number, PIN number, mother’s maiden name, or Social Security number. The Credit Union will never ask you for this information by email.
- Does not address you by your name.
- No confirmation of the company that does business with you, such as referencing a partial account number.
- Warns that your account will be shut down unless you reconfirm your financial information.
- Warns that you’ve been a victim of fraud.
- Spelling or grammatical errors.
Take these steps to minimize your phishing risk:
- View any email request for financial information or other personal data with suspicion.
- Do not reply to the email and do not respond by clicking on a link within the email message.
- Contact the actual business that allegedly sent the email to verify if it is genuine. Call a phone number or visit a Web site that you know to be legitimate,
such as those provided on your monthly statements.
- Do NOT send personal information (e.g., credit or debit card number, Social Security number, or PIN) in response to an email request from anyone or any entity.
- Be cautious. Check your monthly statements to verify all transactions.
- Forward any emails claiming to be from Visa or your Credit Union asking you to provide your personal account information to
phishing@visa.com.
You can also forward any suspicious email to the Better Business Bureau at
nophishing@cbbb.bbb.org, and immediately call your Credit Union.
For more information about how to protect yourself against phishing scams, please visit this anti-phishing website.
How to Avoid Identity Theft
In last month’s CSCU News, we discussed how criminals find personal information and what they do with that information. In this month’s edition, we discuss
how members can defend themselves, the warning signs of Identity Theft and what your members need to do if they are a victim.
It is important to recognize that there is no way to entirely protect yourself or your credit union from identity theft. Your members almost certainly carry personal information with them and leave bits and pieces of it behind - in credit applications, insurance records, doctor’s offices, etc. So, someone who is bound and determined to steal an identity can probably do so. But identity theft is most often a crime of opportunity. If your members can make it make it hard for someone to steal their identity, the thief will move on to an easier target.
What To Do!
Wallet or Purse. Don't carry a Social Security card in your wallet or purse. Look for other documents which contain your Social Security number. If your Social Security number is on other documents, and you don't need them every day, consider leaving them at home.
Give out your Social Security number only when absolutely necessary. Some places simply must have that number (for example, your credit union or your employer needs that information to report tax information. Credit grantors need that information to obtain a credit report).
However, sometimes it is collected merely as a convenience. Whenever you are asked for your Social Security number, find out why it is needed, how it is going to be used, how it is protected and what will happen if you don't provide it. A company may tell you that it can't do business with you unless you provide your number, but at least you will be making an informed choice.
Credit/debit cards. Don't carry one single card more than you really need. Many people carry every credit/debit card they have, yet few of these cards get daily use. If you don't have them on your person, they are a lot less likely to disappear.
If you aren't using one or more credit cards, cancel them in writing with the issuing financial institution - then cut the card(s) into small strips before disposing.
Don't write your personal identification number (PIN) on the back of your credit card and don't write it on a little sheet of paper you carry in your wallet or purse.
Check your credit card bills and share draft statements carefully every month, looking for activity you don't recognize. The quicker you spot a problem, the more apt you are to limit the damage.
Make copies of the front and back of all your credit and debit cards, then place the copy in a secure location. If your cards are stolen or lost, you'll have all the relevant information you need to contact the card issuers and report the lost or stolen items.
Finally, a good deal of stolen personal information comes from "pre-approved credit" offers you receive in the mail - and then discard unopened. This allows a thief to use the application to apply for credit in your name. Consider purchasing an inexpensive home paper shredder from your local office supply store. Shred anything that contains any sort of personal information.
Your mailbox. Take your outgoing mail either to a local post office or or
one of the postal service boxes in your neighborhood. If you leave outgoing mail in your own mailbox, you give a thief the opportunity to steal account numbers, checks and other valuable information.
Pick up your incoming mail as soon as possible after it is delivered. The longer it sits in your box, the greater the chance that it will be stolen.
You. Don't give out personal information in person, over the phone, by mail or on the Internet unless you made the initial contact or you are absolutely certain you know the people to whom you are giving your information. An identity thief can pose as a representative of any company. And their stories can sound very plausible.
Home. Make sure you secure important documents with personal information in a locked box, drawer or (better yet) a safe. This is particularly true if you have roommates or have outside help working in your home.
When regular bills don't show up when you know they should, follow up with the company. This may be a sign that someone has stolen pieces of your mail.
When you reorder personal checks, arrange to pick them up instead of having them sent to your home.
Warning Signs of Identity Theft
- You receive bills from a credit account you did not open.
- You see unauthorized charges on your credit, long distance, or bank accounts.
- You are contacted by a collection agency regarding a debt you did not incur.
- Checks disappear from your checkbook.
- Credit Union and credit billing statements don't arrive on time.
- Your credit report shows accounts you did not authorize.
- You are turned down for a credit card, loan, mortgage, or other form of credit due to unauthorized debts on your credit report.
If Your Identity Is Stolen
1.
Place a fraud alert on your credit file, contact the fraud departments of any one of the three major credit bureaus:
• Equifax - 888.766.0008
www.equifax.com
• Experian - 888.397.3742
www.experian.com
• TransUnion - 800.916.8800
www.transunion.com
The fraud alert requests creditors to contact you before opening any new accounts or making any changes to your existing accounts. As soon as the credit bureau confirms your fraud alert, the other two credit bureaus will be automatically notified. Once the alert is placed, you may order a free copy of your credit report from all three major credit bureaus. When you receive your reports, carefully review them for any signs of possible fraudulent activity. You are looking for such things as accounts you can't recall opening, inquiries about your credit from places you don't recall applying for credit, incorrect information (Social Security numbers, addresses, etc.). You should report any inaccuracies in writing to the appropriate agency, following the instructions they provide. The agencies will also provide you with assistance in interpreting your report.
2. Notify any credit grantor if you suspect fraudulent activity on one
of your existing accounts and contact any credit grantor if you suspect the
account was fraudulently opened. Close the accounts that you know or believe
have been tampered with or opened fraudulently. Use the Federal Trade
Commission’s ID Theft Affidavit (located at www.consumer.gov/idtheft/index.html) when disputing new unauthorized accounts. This gives you a single, standard document to report your ID theft to multiple organizations.
3. File a police report. Get a copy of the report to submit to your creditors and others that may require proof of the crime. This will help you establish with others (those who may have granted the thief credit in your name, as well as the various credit reporting agencies) that you are a victim of a crime, not a credit abuser. Since your theft is not a violent crime, some police agencies -- short on staffing --may be reluctant to accept your report.
Identity theft is a serious crime. People whose identities have been stolen spend a lot of time and money cleaning up the mess made of their good name and credit record. In the meantime, victims may lose job opportunities or even get arrested for crimes they didn't commit.
In The Virtual World
Although, according to a recent study by Visa, only 11% of information used for Identity Theft was obtained online, practicing good cyber security is still a good idea. Unless the proper safeguards are in place, the new technologies can create major gaps in personal information security. If you have a personal computer, think of the information probably stored there - share draft account information, electronic tax returns, family genealogy, insurance information, spreadsheets and word processing documents. The list could go on and on.
How You Can Defend Yourself?
- Use unique passwords whenever you can. Passwords won't necessarily thwart a knowledgeable and determined thief, but most thieves don't fit that description.
- Change passwords regularly. Twice each year we set our clocks and this may be a good time to remember to change passwords and update computer protections.
- Don't Set Your System to "Remember My Password". This helpful feature allows entry into the computer system. Wherever possible, disable these memorized features.
- Remember Passwords; Don't Write Them Down. Don't tape them to the underside of keyboards or under the mouse pad or carry them in a laptop case.
- Purchase Anti-Virus Software. Next to password protection, nothing is more important that having good up-to-date anti-virus software. Viruses may open a backdoor into your system, through which a thief can gain access and transmit information that will compromise your security.
- Keep Your Operating System Software Updated. Both Microsoft and Apple make available an "automatic update" feature for their security upgrades.
- You. Even if you take all of the steps listed above, you can be the weakest link in your own cyber security program. All the protections in the world won't do any good if you give your identity away.
- Beware of "Phishing". In all these scams, the phisher first impersonates a legitimate company with an email that appears to be from a reputable company. You'll be asked to go to a special site to update your account information. If you get one of these messages, don't respond.
- Be Wary When Using Public Internet Kiosks or Other People's Computers. Unless you trust the owner of the other computer completely - don't use someone else's computer to access any of your accounts that require logins or passwords.
- Don't Give Personal Information Over the Internet Unless the Site is Secure. When it comes to giving personal information, you should only do so on a secure server. On a secure server, your information is encrypted as it is being transmitted; that way, others can't read it if they should intercept it.
This article appears courtesy of CSCU News.
|
Fraud-Security Alerts
