 |
|
|
Fraud Education
MEMBERS WITH CELL PHONES HAVE REPORTED TWO LOCAL SCAMS.
The first scam involves the member receiving a computerized call informing them that their debit card needs to be blocked due to a scam and asking the member to enter their Debit Card number.
The second scam involves the member being told that the caller wants to send them a $500 gift card, but needs the member's Debit Card number in order to charge a postage fee for mailing the free gift card.
Two things are important to remember.
1) The Credit Union will never call you and ask for your debit card number, account number, Social Security number or other information. We already have it.
2) If it sounds too good to be true, IT IS.
If you feel you've been the victim of a scam and have given out your information, CALL US IMMEDIATELY at (207) 783-1475 so we can try to prevent fraud on your account.
Password Protection
What was the most stolen online password of 2011? "Password." Computer users who think switching the "o" to a zero to make it "passw0rd" didn't fare much better. Both are on the list of the 25 most common passwords used on the Internet this year, according to SplashData, a provider of password management applications.
Other common passwords include simple numerical choices like "123456," common names like "Ashley" and "michael," and patterns based on the layout of the keyboard like "qwerty" and "qazwsx."
According to SplashData, the most common passwords on the Web are:
- Password;
- 123456;
- 12345678;
- Qwerty;
- abc123;
- monkey;
- 1234567;
- letmein;
- trustno1;
- dragon;
- baseball;
- 111111;
- iloveyou;
- master;
- sunshine;
- ashley;
- bailey;
- passw0rd;
- shadow;
Pay those fines, or credit score suffers
Maybe you ignored a speeding ticket you got while traveling because you figured you wouldn't be back in the area soon enough for it to matter. Or maybe you simply forgot about that pesky parking ticket you got while downtown.
Now an increasing number of cities are trying a new tactic to get violators to pay up--and if those drivers don't, their credit scores could take a major dent (TIME Nov. 3).
Many cities are sending unpaid traffic and parking tickets straight to collection agencies. If you continue to ignore a ticket once it's in a collection agency's hands, you could lose serious points from your credit score.
And a minor ticket can affect your score as much as more serious types of debt. "For scoring purposes, the credit formula doesn't make a distinction between a $25 parking ticket you got when your meter expired and an outstanding credit card debt of $25,000," according to the TIME article.
This could mean higher rates or flat-out rejection the next time you need an auto, mortgage, or other type of loan--even if your credit was formerly spotless.
"Someone with a 680 score could lose roughly 50 points from the addition of a collection of this nature," said Fair Isaac Corp. spokesperson Barry Paperno in a recent Washington Post article (Oct. 31). "For someone with a 780 score--very, very good credit--the appearance of one of these collections could lower their score by as much as 105 to 125 points."
The best way to protect your credit score? Don't ignore those tickets. Even if you think you can get away with not paying them, the consequences for your credit score could be much more costly in the long run.
Mobile Fraud Alert
Be proactive in managing your mobile activities. Practice these five guidelines from ConsumerReports.org to protect yourself from mobile fraud:
- Secure login. Make sure you are logging in to a secure mobile site when using your phone's Web browser to access mobile banking sites. Look for indications on your browser that the site is secure, such as a lock symbol or "https" at the beginning of the site's web address.
- Trusted apps. Only allow trusted applications the ability to send text messages or update social networks. Untrustworthy apps may initiate fraudulent messages or spam, and add charges to your cell phone bill.
- Public Wi-Fi. Never conduct mobile banking, e-commerce, or other business involving user names, passwords, or other personal information on a public Wi-Fi network. Crooks may be able to capture login and password information.
- Reliable source. Avoid downloading spyware, which may accompany an application by obtaining your smart phone applications from a trusted source. Cell phone spyware can seize personal information including messages, conversations, and, via GPS coordinates, even your location.
- Security software. Purchase and install security software on your cell phone. Security software for your phone may help you find your cell phone if misplaced, allow you to delete data if the phone is lost, and prompt you to remove malicious software.
Facebook Feature Threatens Privacy
The social networking website Facebook continues to roll out its new facial recognition feature for uploaded photos, "Tag Suggestions," amidst privacy protection concerns (abcnews.go.com June10).
The new feature scans user-uploaded photos with facial recognition software to automatically, and without permission, identify people photographed in an attempt to make categorizing and sharing of photos easier for Facebook users.
Advocacy groups in the U.S. and authorities across the globe are concerned the new feature is a danger to consumer privacy. The Electronic Privacy Information Center and other advocacy organizations in the U.S. recently asked the Federal Trade Commission to order Facebook to suspend the feature. European Union data protection regulators and authorities in the United Kingdom and Ireland announced in early June they are independently looking into the Facebook feature for possible rule violations (consumerreports.org June 13).
Concerns surrounding the "Tag Suggestions" feature emphasize the need for Facebook users to adjust their privacy settings to prevent criminals from stealing personal information and using it to commit identity theft and fraud. Here's how to adjust two important Facebook settings to better protect your privacy:
Tag Suggestions. While many Facebook users will find this new feature useful, you may want to disable it. Here's how:
- Log in to your profile and select "Privacy Settings" under the "Account" drop-down menu located at the top right.
- Locate "Sharing on Facebook" and click on the "Customized Settings" link near the bottom of the section.
- In the "Things Others Share" section, click on the "Edit Settings" button next to the "Suggest photos of me to friends" option and select "Disable."
Contact Info. Your address, phone number, and even your birthday are pieces of information that can be used to steal your identity, exposing you to ID theft and fraud. Follow these steps to conceal this information:
- Log in to your profile and choose "Privacy Settings" under the "Account" drop-down menu located at the top right.
- Locate "Sharing on Facebook" and click on the "Customized Settings" link near the bottom of the section.
- In the "Contact Information" section, click on the settings button next to each item such as your address, phone number, and e-mail address and select "Custom."
- Choose the setting you believe is best; the "Only Me" setting hides the information from others; it can only be see by you when logged in.
Best Practices for Business Members to Reduce
the Risk of Online Banking Fraud
Bank accounts belonging to medium sized businesses, school districts, and city/county governmental units continue to be targeted by cyber crooks through online banking systems. The losses stem from stolen online banking login credentials that allow the thieves to access the business accounts through online banking systems.
The Rise of the Trojan Keylogger:
The root of the problem is malware (Trojan keyloggers) infecting business' computers. Trojan keyloggers capture online banking login credentials and returns them to the cyber crooks. The cyber crooks are using the Zeus Trojan (also referred to as Zbot) to infect business' computers. Zeus is a sophisticated Trojan in that it is highly customizable. It has a capability that allows cyber crooks to add fields to the form, such as fields for additional authentication information for an online banking website that is sent back to the thieves. The following are some additional characteristics of the Zeus Trojan:
- Transmits stolen login credentials immediately via instant message to the thieves.
- Re-writes online banking web pages as it is displayed on the victim's browser, including transaction amounts and account balances. For example, the amount of a fraudulent transaction by a thief could appear as a much smaller amount so as not to raise suspicion by the account holder.
- Creates a direct connection between the infected Windows computer and the cyber crooks allowing the thieves to log into the victim's account using the victim's own Internet connection.
Cyber crooks generally distribute the Zeus Trojan through phishing attacks that are targeted to select groups, such as key employees of a business who have the authority to initiate funds transfers via the business' bank accounts. The Trojan is released when the user opens an infected attachment or clicks on the link to an infected website.
Recommendations:
- Use a dedicated computer to access the account through the online banking system. Prohibit the use of the computer to access email and general Internet usage except to access the credit union's online banking system. Protect the dedicated computer with antivirus software and a firewall.
- Business employees should be suspicious of emails purporting to be from financial institutions, governmental agencies, or other organizations that request account information or online banking login credentials. Business employees should also avoid opening attachments or clicking links contained in suspicious email.
Guard Against Data-Breach Phishing Scams
Phishing occurs when scammers send emails that appear to be from legitimate companies in an attempt to acquire your personal information, such as account numbers. The scams can become even more deceptive and convincing when crooks obtain and use your name to target messages directly to you. This is known as "spearphishing."
According to the BBB, phishing attacks are likely to follow as a result of the data breach. Take these steps to protect your personal information:
- Avoid links. If you receive a suspicious e-mail, don't click on any links contained in the message. You could be directed to a fraudulent website or to dangerous malware.
- Don't share information. Legitimate companies will never ask you for personal information via e-mail. Don't respond to requests for financial account numbers, Social Security numbers, or other information.
- Talk it over. Make sure all family members with an e-mail address know how to spot a phishing e-mail. Kids and older adults often are more susceptible to these types of scams.
- Get secure. Before submitting credit card numbers or other sensitive information online, make sure the website is secure. A secure website starts with https at the beginning of the URL.
- Watch for errors. E-mails that contain frequent spelling mistakes or poor grammar usually signal a scam.
- Don't wire money. Never wire money in response to an e-mail request or to anyone you don't know. You'll be sending funds to a crook and you'll be out of the money when the scam is discovered.
- Shield your computer. Update and run anti-virus programs regularly.
Protect Against Phone Bill "Cramming"
Have you noticed a charge on your phone bill for something you didn't purchase? You may be the victim of cramming. Cramming is the term that describes unauthorized third-party charges on mobile and landline telephone bills.
Consumers can pay for services not offered by their phone carrier-such as subscriptions, collect calls, and charitable donations through their phone bill. Cramming occurs when unscrupulous third parties place false charges on the bill to collect money for services they didn't provide.
You can take these steps to protect yourself from cramming:
- Understand your bill. Take time to familiarize yourself with the layout of your phone bill, understand the terms used and be aware of the legitimate charges. Contact your phone carrier if you have any questions. You can also visit the Federal Communications Commission (FCC) website to learn more about both wireless and landline telephone bills.
- Review your charges. Review your monthly phone bill to make sure you're only being charged for service you've requested. Pay close attention to any charges labeled in generic terms such as "service charge," "activation," "Web hosting" and "voice mail." Also look for collect calls you didn't accept and calls placed to unfamiliar area codes. These may also be indications of cramming.
- Be careful with contests and giveaways. Read the fine print for any contests, giveaways and prize drawings you enter. Crammers often use these methods to trick consumers into registering for services.
- Block third-party charges. Ask your phone company if it's possible to block all charges from third parties. Understand that this may limit you from using legitimate third-party services; many, but not all, phone carriers will honor this request.
Bredolab Trojan
According to security software vendor Symantic, Bredolab Trojan, first discovered in 2009, has been used in a number of scams involving email containing infected attachments as the method of delivery:
Facebook password changes: The victim receives an email allegedly from Facebook notifying the victim that their Facebook password has been changed as a measure to protect users. The victim is told that their new password is contained in an attached document.
United Parcel Service (UPS) delivery failure: The victim receives an email allegedly from UPS notifying the victim that a package sent by the victim was not deliverable due to an incorrect address. To claim the package, the victim must print the attached invoice and take it to the UPS office.
Western Union unclaimed money: The victim receives an email allegedly from Western Union notifying the victim that their money transfer was not received by the recipient. To claim the money, the victim must print the attached invoice and take it to the nearest Western Union office.
Shop.corsair.com shipping instructions: The victim receives an email allegedly from Shop.corsair.com notifying the victim that their purchase of an Apple iMac has been shipped. The victim is instructed to print the tracking number in an attachment contained in the email.
Bredolab is also distributed by drive-by downloads. In a drive-by download, the victim’s computer is infected simply by visiting an infected website. The malware is downloaded to the victim’s computer without their knowledge.
Strategies for protecting your computer:
· Install anti-virus protection and allow for automatic updates and scanning.
· Utilize a desktop firewall.
· Do not respond to or open attachments or click on links in unsolicited email.
· Use strong passwords, especially with online banking.
· Disable autoplay to prevent the launching of executable files.
· Do not use computers accessible to the public to conduct transactions online.
Safe Practices for Online Banking
Passwords:
It is important to use strong passwords. Strong online banking passwords should be at least seven to nine characters in length, alphanumeric, case sensitive, and require the use of at least one special character (e.g., !, @, #, $, %, etc.)
Security Software:
Protect your home computer with an antivirus program and firewall.
Time and Date of Last Access:
You should check the date and time your account was last accessed after logging into your account. This will help you detect any unauthorized access to your accounts.
Public Access Computers:
There are security risks involved when using computers that are accessible to the public to access your credit union accounts. Computers accessible to the public may be infected with viruses and/or malicious software, such as keyloggers.
Logout Procedure:
You should always logout of online banking sessions by clicking on the “logout” button rather than simply closing the browser window or using the “back” key.
VISA USA Reports an Intrusion
VISA USA has reported an intrusion at GENESCO INC. GENESCO INC. is a Nashville based specialty retailer with retail stores in the United States, Puerto Rico and Canada.
The merchants that suffered the intrusion are: JOURNEYS, JOURNEYS KIDZ, SHI BY JOURNESY and JOHNSTON & MURPHY STORES (located in the Portland Mall).
If you have a Debit or Credit card that you used at these merchants between
December 2009 and December 2010, you may want to replace your cards. Please call our Card Services Department at 783-1475 for assistance.
Reminder of Best Practices for Online Security
1) Strong online banking passwords are important. Strong passwords are at least 7 chracters in length, alphanumeric, case sensitive, and require the use of at least one special character (e.g., !, @, #, $, %, etc.)
2) Protect your home computer with an antivirus program and firewall. You should download and install updates on at least a weekly basis.
3) You should check the date and time your account was last accessed after logging into your account. This will help you detect unauthorized access.
4) Computers accessible to the public may be infected with viruses and/or malicious software, such as keyloggers. Don't access online banking from a public computer.
5) Always logout of online banking sessions by clicking the logout button rather than simply closing the browser wundow or using the "back" key.
Fake Check Scams
How do fake check scams work? There are many variations, but all involve someone asking you to deposit a realistic-looking check and send money elsewhere in return.
In a typical lottery scam, the fraudster promises a sweepstakes award to an unsuspecting victim - as soon as you cover a few thousand dollars in fees with the "advance check" they send you. Once you deposit the check they send you, they want you to wire all or a portion of the money to them. Once you wire that money, there's no getting it back. And when the check you deposit is returned as fraudulent, you owe the credit union or bank where you deposited the check. Remember, you're responsible for any item you deposit whether or not you knew it was fraud.
In the scheming suitor scam, the con artist finds their way into your heart, by befriending you, telling you they love you or promising to be intimate with you. Oh, and by the way, if you could just cash this check I'm sending you and wire me the money, I'll come to see you. This scam actually takes some time to pull off as some of the con artists will work on you for weeks before they ask you to cash a check for them. If any online "friend" asks you to cash a check for them, just tell them "No." If you're too embarrassed to refuse them, then lie to them and tell them that your financial institution refused to accept the check. Then watch them fade from being your online friend.
The work at home scam consists of con artists posing as employers. They "hire" you to work from home and ask you to help them "process payments for clients" as part of your job. You end up depositing bogus checks and sending the money back to them, minus your "pay." This isn't how legitimate companies do business.
The foreign business offer starts with you being offered a foreign business deal. You'll be sent a check or money order and instructed to cash it and send back a portion for taxes, customs, processing, legal fees or other expenses that must be paid before they can send you the rest.
The overpayment scam starts with a crook offering to buy something you are selling, but they "accidentally" send you a check for more than the selling price. They then ask you to wire them or another person the difference. They claim to have sent the wrong amount in error and want you to "refund" them the difference to avoid having you send back the check and them issuing a new one.
There is no valid reason for a person who is giving you money to ask you to wire some of the money back to them. If you are doing business with strangers, have them send you a guaranteed funds check drawn off of a financial institution with a local branch for the exact amount. You can then take the check to that financial institution and have them cash the check for you.
You can report fake check scams to the National Consumers League Fraud Center at fraud.org.
Remember, no matter how you come into possession of a check, if you cash or deposit it, you are responsible to the financial institution if the check is returned for any reason.
COMMON SENSE TIPS ...
To AVOID becoming a victim of Phishing Scams:
Be suspicious of any email with urgent requests for personal financial information unless the email is digitally signed (you can't be sure it wasn't forged or "spoofed"). Phishers typically : (1) include upsetting or exciting (but false) statements in their emails to get people to react immediately; (2) ask for confidential information such as user names, passwords, credit card numbers, social security numbers, account numbers, etc.; and (3) do not personalize the email message (while valid messages from your credit union will be).
Don't use the links in an email to get to any web page if you suspect the message might not be authentic. Instead, call the company on the telephone, or log onto the website directly by typing in the web address in your browser.
Avoid filling out forms in email messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure website or the telephone.
Always ensure that you're using a secure website when submitting credit card or other sensitive information via your web browser. To make sure you're on a secure web server, check the beginning of the web address in your browsers address bar - it should be "https://" rather than just http://.
Consider installing a web browser tool bar to help protect you from known phishing fraud websites.
Regularly log into your online accounts and don't wait for as long as a month before you check each account.
Regularly check your financial institution, credit, and debit card statements to ensure that all transactions are legitimate. If anything is suspicious, contact your financial institution(s) and card issuers.
Ensure that your browser is up to date and security patches applied.
Always report "phishing" or "spoofed" emails to the following groups:
Please click on the link in the Document Box on the right for what to do if you've given out personal financial information.
|
|
|
|
