Fraud EducationProtect Your Children Online- December 23, 2013
Ensure Children Understand What Information to Provide Online.
Fraudsters will often use a game or a free offer that will request personal information, or will include spyware to track and steal information from your computer or mobile device. You can protect yourself by encouraging your children to limit online contact to friends they actually know, setting privacy controls to restrict access to private information, and enabling parental controls that allow access to only trusted sites. You should also talk to your children about not giving out their name, address, date of birth, or any other personal information online without talking to a parent first.
Strategies to Avoid Fraud
Don't let criminals get away with ruining your financial security.
Monitor your Financial Statements and Online Banking Regularly. December 9, 2013.
You should get into the routine of checking your statements and periodically reviewing your account transactions and online activities. This will help you identify unauthorized account activities early, preventing potential losses to your personal accounts.
To combat attacks from unwanted sources, it is recommended that you use strong passwords. No matter how many precautions you take and security measures you put into place, there is one way perpetrators can easily gain access to your systems—a weak password.
There are numerous strategies you can employ to create complex passwords that are nearly impossible to guess, but relatively easy for you to remember. One approach is to utilize a verse from one of your favorite songs, poems, or quotes as it relates to the website or account in question. For example, if you’re creating a password to access your online banking you might use the phrase “I love my cat, Mittens who was born in 2012!” It is too long to use as a password, but can easily be condensed to IlmcM12!, which breaks down to:
Never be shared with anyone or written down;
Be a minimum of eight characters;
Use a combination of upper and lower case alphabetic characters (B, c) and alphanumeric characters (6, 11), including special characters (!, &);
Not use sequential or repeated characters (e.g. 123456 or gfedcba);
Not contain family members’ names, nicknames, or initials;
Not contain birth dates, telephone numbers, Social Security numbers, or any other easily-identifiable personal information, or similar information for your loved ones;
Not use words that would appear in a dictionary in any language.
You should also consider these additional protections for passwords:
“I” represents “I”
“l” represents “love”
“m” represents “my”
“c” represents “cat”
“M” represents “Mittens”
“12” represents “2012”
Password age. Frequent password changes reduces the amount of time available for attackers to crack passwords.
Password length. Increasing the number of characters required for a password makes it harder to crack.
Strong passwords are an important method to protect your financial and personal information.
Use these tactics to steer clear of scams:
- Choose tough passwords. Fraudsters use Facebook and other social media profiles to figure out passwords. These scam artists skim profiles trolling for common names and phrases that consumers often use for passwords. Create passwords that contain numbers, letters, and symbols and are more than six characters.
- Don't be an open book. The information you post on the Internet isn't private. Use careful judgment about anything you post online.
- Shred personal documents. Thieves still are stealing personal information by dumpster diving. Use a cross-cut shredder to dispose of paper items containing personal information such as Social Security numbers and account numbers, as well as unsolicited credit card applications and receipts.
- Know with whom you're dealing. Fraudsters posing as family members may ask you to wire funds or send emergency cash. If you have any qualms about e-mails you receive, be leery. Contact the family members the e-mail is supposedly from--outside the e-mail channel--and ask if they sent the email.
MoneyGram recommends you remember three key word to help prevent wire transfer fraud: Throw, Know and Show:
- Use caution when job hunting. If you find a job online that entails working from home and the opportunity to make some quick cash, use caution. Fraudsters comb online job boards to prey on those eager to find work.
- Throw--Dispose of offers promising easy ways to earn money. Be extra cautious if the offer requires you to send money before actually earning money.
- Know--Only send money to people you know. Never send money to strangers.
- Show--Don't share information about money transfers with anyone except the recipient.
Save Money and Avoid Scams on Spring Break
Spring break is all about cutting loose, but if you let that relaxed mindset guide your vacation spending as well, you'll be in for a rude financial awakening when you return to campus (Investopedia Feb. 8).
You can curb spending and still enjoy a memorable trip. These money-saving suggestions from Kinoli Inc. should help:
- Remember your student ID. Some hotels or rental car companies offer discounts for students, so don't be afraid to ask for one when you're booking lodging and transportation. You also can inquire about student discounts throughout your break. Many restaurants, museums and other attractions have special pricing for students, regardless of where you're from.
- Avoid weekend travel. Flying on the weekend is almost always pricier than flying during the week. If possible, schedule travel time for weekdays. You may have to come back a day or two early, but that also means fewer nights spent in a hotel, which can save even more money.
- Look into gift cards. Before you depart, check out discount gift card websites like GiftCardGranny.com. You often can find gift cards for airfare, accommodations, and gas for as much as 50% off, sometimes more.
While you're having a blast on break, make sure you've covered your bases back home, too. Spring-break season can lead to "family scams," which occur when scammers call parents or grandparents, claiming their vacationing child is in trouble. Scammers then ask parents to wire money for medical care or bail. It's often only after parents have sent money that they realize they were set up for a scam--and their money is long gone.
- Think beyond hotels. That swanky boutique hotel might be tempting, but you can save big by considering other lodging options. Think about staying in a hostel, even to cut costs for just a night or two. Research hostels on HostelWorld.com to find one that's clean and safe.
- Stock the cooler. Instead of eating out for every meal of the day, pack some food of your own or visit a local grocery store when you arrive at your vacation spot. You still can check out restaurants--just scale back your spending in that area. One idea: Take care of your own breakfast and lunch, and head to a restaurant for dinner.
To prevent this, MoneyGram, a global money transfer company, recommends keeping a close eye on personal belongings when you're lying out on the beach or sipping drinks at local bars or clubs. Scammers often will steal student IDs or other identifying information to find parents they can swindle.
And, as much as you may groan at the thought, check in with your parents a few times while you're on break. By letting Mom and Dad know you're safe and having a great time, you're also arming them with the information they need to spot a scam before it happens.
Debit Card Safety Tips
Use caution during some transactions
To avoid debit-card drama, be careful when swiping your debit card for some transactions. Bankrate on its website recommends using extra caution at these locations:
- Outdoor ATMs. Thieves often have an easier time affixing skimming devices, which steal your card's information, to isolated, easily accessible outdoor machines. Skimming devices are usually hidden over an ATM's card slot, and can be difficult to spot. If you must use an outdoor ATM, aim for one in a busy, well-lit area, and check the card reader for any components that don't look quite right.
- Gas station pumps. Like outdoor ATMs, gas station card readers also provide ideal opportunities for skimming. Pumps that aren't monitored closely make it easy for thieves to attach skimming devices or small cameras to a card reader without detection. Before you swipe, examine card readers for anything that looks suspicious.
- On the Web. Making online purchases with a debit card is risky--your information can be compromised at multiple points in a transaction. Data breaches, unsecured wireless Internet connections, or malicious software on your own computer all could put your data at risk. Opt for your credit card when shopping online--and even then, only buy items from businesses you trust.
- Restaurants. Handing your debit card over to a restaurant server at the end of a meal also can be risky. A server who disappears to run your card could be privately nabbing your card information, as well. You simply don't know--so it's better to turn to your credit card or cash in this instance.
MEMBERS WITH CELL PHONES HAVE REPORTED TWO LOCAL SCAMS.
The first scam involves the member receiving a computerized call informing them that their debit card needs to be blocked due to a scam and asking the member to enter their Debit Card number.
The second scam involves the member being told that the caller wants to send them a $500 gift card, but needs the member's Debit Card number in order to charge a postage fee for mailing the free gift card.
Two things are important to remember.
1) The Credit Union will never call you and ask for your debit card number, account number, Social Security number or other information. We already have it.
2) If it sounds too good to be true, IT IS.
If you feel you've been the victim of a scam and have given out your information, CALL US IMMEDIATELY at (207) 783-1475 so we can try to prevent fraud on your account.
What was the most stolen online password of 2011? "Password." Computer users who think switching the "o" to a zero to make it "passw0rd" didn't fare much better. Both are on the list of the 25 most common passwords used on the Internet this year, according to SplashData, a provider of password management applications.
Other common passwords include simple numerical choices like "123456," common names like "Ashley" and "michael," and patterns based on the layout of the keyboard like "qwerty" and "qazwsx."
According to SplashData, the most common passwords on the Web are:
Pay those fines, or credit score suffers
Maybe you ignored a speeding ticket you got while traveling because you figured you wouldn't be back in the area soon enough for it to matter. Or maybe you simply forgot about that pesky parking ticket you got while downtown.
Now an increasing number of cities are trying a new tactic to get violators to pay up--and if those drivers don't, their credit scores could take a major dent (TIME Nov. 3).
Many cities are sending unpaid traffic and parking tickets straight to collection agencies. If you continue to ignore a ticket once it's in a collection agency's hands, you could lose serious points from your credit score.
And a minor ticket can affect your score as much as more serious types of debt. "For scoring purposes, the credit formula doesn't make a distinction between a $25 parking ticket you got when your meter expired and an outstanding credit card debt of $25,000," according to the TIME article.
This could mean higher rates or flat-out rejection the next time you need an auto, mortgage, or other type of loan--even if your credit was formerly spotless.
"Someone with a 680 score could lose roughly 50 points from the addition of a collection of this nature," said Fair Isaac Corp. spokesperson Barry Paperno in a recent Washington Post article (Oct. 31). "For someone with a 780 score--very, very good credit--the appearance of one of these collections could lower their score by as much as 105 to 125 points."
The best way to protect your credit score? Don't ignore those tickets. Even if you think you can get away with not paying them, the consequences for your credit score could be much more costly in the long run.
Mobile Fraud Alert
Be proactive in managing your mobile activities. Practice these five guidelines from ConsumerReports.org to protect yourself from mobile fraud:
- Secure login. Make sure you are logging in to a secure mobile site when using your phone's Web browser to access mobile banking sites. Look for indications on your browser that the site is secure, such as a lock symbol or "https" at the beginning of the site's web address.
- Trusted apps. Only allow trusted applications the ability to send text messages or update social networks. Untrustworthy apps may initiate fraudulent messages or spam, and add charges to your cell phone bill.
- Public Wi-Fi. Never conduct mobile banking, e-commerce, or other business involving user names, passwords, or other personal information on a public Wi-Fi network. Crooks may be able to capture login and password information.
- Reliable source. Avoid downloading spyware, which may accompany an application by obtaining your smart phone applications from a trusted source. Cell phone spyware can seize personal information including messages, conversations, and, via GPS coordinates, even your location.
- Security software. Purchase and install security software on your cell phone. Security software for your phone may help you find your cell phone if misplaced, allow you to delete data if the phone is lost, and prompt you to remove malicious software.
Facebook Feature Threatens Privacy
The social networking website Facebook continues to roll out its new facial recognition feature for uploaded photos, "Tag Suggestions," amidst privacy protection concerns (abcnews.go.com June10).
The new feature scans user-uploaded photos with facial recognition software to automatically, and without permission, identify people photographed in an attempt to make categorizing and sharing of photos easier for Facebook users.
Advocacy groups in the U.S. and authorities across the globe are concerned the new feature is a danger to consumer privacy. The Electronic Privacy Information Center and other advocacy organizations in the U.S. recently asked the Federal Trade Commission to order Facebook to suspend the feature. European Union data protection regulators and authorities in the United Kingdom and Ireland announced in early June they are independently looking into the Facebook feature for possible rule violations (consumerreports.org June 13).
Concerns surrounding the "Tag Suggestions" feature emphasize the need for Facebook users to adjust their privacy settings to prevent criminals from stealing personal information and using it to commit identity theft and fraud. Here's how to adjust two important Facebook settings to better protect your privacy:
Tag Suggestions. While many Facebook users will find this new feature useful, you may want to disable it. Here's how:
Contact Info. Your address, phone number, and even your birthday are pieces of information that can be used to steal your identity, exposing you to ID theft and fraud. Follow these steps to conceal this information:
- Log in to your profile and select "Privacy Settings" under the "Account" drop-down menu located at the top right.
- Locate "Sharing on Facebook" and click on the "Customized Settings" link near the bottom of the section.
- In the "Things Others Share" section, click on the "Edit Settings" button next to the "Suggest photos of me to friends" option and select "Disable."
- Log in to your profile and choose "Privacy Settings" under the "Account" drop-down menu located at the top right.
- Locate "Sharing on Facebook" and click on the "Customized Settings" link near the bottom of the section.
- In the "Contact Information" section, click on the settings button next to each item such as your address, phone number, and e-mail address and select "Custom."
- Choose the setting you believe is best; the "Only Me" setting hides the information from others; it can only be see by you when logged in.
Best Practices for Business Members to Reduce
the Risk of Online Banking Fraud
Bank accounts belonging to medium sized businesses, school districts, and city/county governmental units continue to be targeted by cyber crooks through online banking systems. The losses stem from stolen online banking login credentials that allow the thieves to access the business accounts through online banking systems.
The Rise of the Trojan Keylogger:
The root of the problem is malware (Trojan keyloggers) infecting business' computers. Trojan keyloggers capture online banking login credentials and returns them to the cyber crooks. The cyber crooks are using the Zeus Trojan (also referred to as Zbot) to infect business' computers. Zeus is a sophisticated Trojan in that it is highly customizable. It has a capability that allows cyber crooks to add fields to the form, such as fields for additional authentication information for an online banking website that is sent back to the thieves. The following are some additional characteristics of the Zeus Trojan:
Cyber crooks generally distribute the Zeus Trojan through phishing attacks that are targeted to select groups, such as key employees of a business who have the authority to initiate funds transfers via the business' bank accounts. The Trojan is released when the user opens an infected attachment or clicks on the link to an infected website.
- Transmits stolen login credentials immediately via instant message to the thieves.
- Re-writes online banking web pages as it is displayed on the victim's browser, including transaction amounts and account balances. For example, the amount of a fraudulent transaction by a thief could appear as a much smaller amount so as not to raise suspicion by the account holder.
- Creates a direct connection between the infected Windows computer and the cyber crooks allowing the thieves to log into the victim's account using the victim's own Internet connection.
- Use a dedicated computer to access the account through the online banking system. Prohibit the use of the computer to access email and general Internet usage except to access the credit union's online banking system. Protect the dedicated computer with antivirus software and a firewall.
- Business employees should be suspicious of emails purporting to be from financial institutions, governmental agencies, or other organizations that request account information or online banking login credentials. Business employees should also avoid opening attachments or clicking links contained in suspicious email.
Guard Against Data-Breach Phishing Scams
Phishing occurs when scammers send emails that appear to be from legitimate companies in an attempt to acquire your personal information, such as account numbers. The scams can become even more deceptive and convincing when crooks obtain and use your name to target messages directly to you. This is known as "spearphishing."
According to the BBB, phishing attacks are likely to follow as a result of the data breach. Take these steps to protect your personal information:
- Avoid links. If you receive a suspicious e-mail, don't click on any links contained in the message. You could be directed to a fraudulent website or to dangerous malware.
- Don't share information. Legitimate companies will never ask you for personal information via e-mail. Don't respond to requests for financial account numbers, Social Security numbers, or other information.
- Talk it over. Make sure all family members with an e-mail address know how to spot a phishing e-mail. Kids and older adults often are more susceptible to these types of scams.
- Get secure. Before submitting credit card numbers or other sensitive information online, make sure the website is secure. A secure website starts with https at the beginning of the URL.
- Watch for errors. E-mails that contain frequent spelling mistakes or poor grammar usually signal a scam.
- Don't wire money. Never wire money in response to an e-mail request or to anyone you don't know. You'll be sending funds to a crook and you'll be out of the money when the scam is discovered.
- Shield your computer. Update and run anti-virus programs regularly.
Protect Against Phone Bill "Cramming"
Have you noticed a charge on your phone bill for something you didn't purchase? You may be the victim of cramming. Cramming is the term that describes unauthorized third-party charges on mobile and landline telephone bills.
Consumers can pay for services not offered by their phone carrier-such as subscriptions, collect calls, and charitable donations through their phone bill. Cramming occurs when unscrupulous third parties place false charges on the bill to collect money for services they didn't provide.
You can take these steps to protect yourself from cramming:
- Understand your bill. Take time to familiarize yourself with the layout of your phone bill, understand the terms used and be aware of the legitimate charges. Contact your phone carrier if you have any questions. You can also visit the Federal Communications Commission (FCC) website to learn more about both wireless and landline telephone bills.
- Review your charges. Review your monthly phone bill to make sure you're only being charged for service you've requested. Pay close attention to any charges labeled in generic terms such as "service charge," "activation," "Web hosting" and "voice mail." Also look for collect calls you didn't accept and calls placed to unfamiliar area codes. These may also be indications of cramming.
- Be careful with contests and giveaways. Read the fine print for any contests, giveaways and prize drawings you enter. Crammers often use these methods to trick consumers into registering for services.
- Block third-party charges. Ask your phone company if it's possible to block all charges from third parties. Understand that this may limit you from using legitimate third-party services; many, but not all, phone carriers will honor this request.
According to security software vendor Symantic, Bredolab Trojan, first discovered in 2009, has been used in a number of scams involving email containing infected attachments as the method of delivery:
Facebook password changes: The victim receives an email allegedly from Facebook notifying the victim that their Facebook password has been changed as a measure to protect users. The victim is told that their new password is contained in an attached document.
United Parcel Service (UPS) delivery failure: The victim receives an email allegedly from UPS notifying the victim that a package sent by the victim was not deliverable due to an incorrect address. To claim the package, the victim must print the attached invoice and take it to the UPS office.
Western Union unclaimed money: The victim receives an email allegedly from Western Union notifying the victim that their money transfer was not received by the recipient. To claim the money, the victim must print the attached invoice and take it to the nearest Western Union office.
Shop.corsair.com shipping instructions: The victim receives an email allegedly from Shop.corsair.com notifying the victim that their purchase of an Apple iMac has been shipped. The victim is instructed to print the tracking number in an attachment contained in the email.
Bredolab is also distributed by drive-by downloads. In a drive-by download, the victim’s computer is infected simply by visiting an infected website. The malware is downloaded to the victim’s computer without their knowledge.
Strategies for protecting your computer:
· Install anti-virus protection and allow for automatic updates and scanning.
· Utilize a desktop firewall.
· Do not respond to or open attachments or click on links in unsolicited email.
· Use strong passwords, especially with online banking.
· Disable autoplay to prevent the launching of executable files.
· Do not use computers accessible to the public to conduct transactions online.
Safe Practices for Online Banking
It is important to use strong passwords. Strong online banking passwords should be at least seven to nine characters in length, alphanumeric, case sensitive, and require the use of at least one special character (e.g., !, @, #, $, %, etc.)
Protect your home computer with an antivirus program and firewall.
Time and Date of Last Access:
You should check the date and time your account was last accessed after logging into your account. This will help you detect any unauthorized access to your accounts.
Public Access Computers:
There are security risks involved when using computers that are accessible to the public to access your credit union accounts. Computers accessible to the public may be infected with viruses and/or malicious software, such as keyloggers.
You should always logout of online banking sessions by clicking on the “logout” button rather than simply closing the browser window or using the “back” key.
VISA USA Reports an Intrusion
VISA USA has reported an intrusion at GENESCO INC. GENESCO INC. is a Nashville based specialty retailer with retail stores in the United States, Puerto Rico and Canada.
The merchants that suffered the intrusion are: JOURNEYS, JOURNEYS KIDZ, SHI BY JOURNESY and JOHNSTON & MURPHY STORES (located in the Portland Mall).
If you have a Debit or Credit card that you used at these merchants between
December 2009 and December 2010, you may want to replace your cards. Please call our Card Services Department at 783-1475 for assistance.
Reminder of Best Practices for Online Security
1) Strong online banking passwords are important. Strong passwords are at least 7 chracters in length, alphanumeric, case sensitive, and require the use of at least one special character (e.g., !, @, #, $, %, etc.)
2) Protect your home computer with an antivirus program and firewall. You should download and install updates on at least a weekly basis.
3) You should check the date and time your account was last accessed after logging into your account. This will help you detect unauthorized access.
4) Computers accessible to the public may be infected with viruses and/or malicious software, such as keyloggers. Don't access online banking from a public computer.
5) Always logout of online banking sessions by clicking the logout button rather than simply closing the browser wundow or using the "back" key.
Fake Check Scams
How do fake check scams work? There are many variations, but all involve someone asking you to deposit a realistic-looking check and send money elsewhere in return.
In a typical lottery scam, the fraudster promises a sweepstakes award to an unsuspecting victim - as soon as you cover a few thousand dollars in fees with the "advance check" they send you. Once you deposit the check they send you, they want you to wire all or a portion of the money to them. Once you wire that money, there's no getting it back. And when the check you deposit is returned as fraudulent, you owe the credit union or bank where you deposited the check. Remember, you're responsible for any item you deposit whether or not you knew it was fraud.
In the scheming suitor scam, the con artist finds their way into your heart, by befriending you, telling you they love you or promising to be intimate with you. Oh, and by the way, if you could just cash this check I'm sending you and wire me the money, I'll come to see you. This scam actually takes some time to pull off as some of the con artists will work on you for weeks before they ask you to cash a check for them. If any online "friend" asks you to cash a check for them, just tell them "No." If you're too embarrassed to refuse them, then lie to them and tell them that your financial institution refused to accept the check. Then watch them fade from being your online friend.
The work at home scam consists of con artists posing as employers. They "hire" you to work from home and ask you to help them "process payments for clients" as part of your job. You end up depositing bogus checks and sending the money back to them, minus your "pay." This isn't how legitimate companies do business.
The foreign business offer starts with you being offered a foreign business deal. You'll be sent a check or money order and instructed to cash it and send back a portion for taxes, customs, processing, legal fees or other expenses that must be paid before they can send you the rest.
The overpayment scam starts with a crook offering to buy something you are selling, but they "accidentally" send you a check for more than the selling price. They then ask you to wire them or another person the difference. They claim to have sent the wrong amount in error and want you to "refund" them the difference to avoid having you send back the check and them issuing a new one.
There is no valid reason for a person who is giving you money to ask you to wire some of the money back to them. If you are doing business with strangers, have them send you a guaranteed funds check drawn off of a financial institution with a local branch for the exact amount. You can then take the check to that financial institution and have them cash the check for you.
You can report fake check scams to the National Consumers League Fraud Center at fraud.org.
Remember, no matter how you come into possession of a check, if you cash or deposit it, you are responsible to the financial institution if the check is returned for any reason.
COMMON SENSE TIPS ...
To AVOID becoming a victim of Phishing Scams:
Be suspicious of any email with urgent requests for personal financial information unless the email is digitally signed (you can't be sure it wasn't forged or "spoofed"). Phishers typically : (1) include upsetting or exciting (but false) statements in their emails to get people to react immediately; (2) ask for confidential information such as user names, passwords, credit card numbers, social security numbers, account numbers, etc.; and (3) do not personalize the email message (while valid messages from your credit union will be).
Don't use the links in an email to get to any web page if you suspect the message might not be authentic. Instead, call the company on the telephone, or log onto the website directly by typing in the web address in your browser.
Avoid filling out forms in email messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure website or the telephone.
Always ensure that you're using a secure website when submitting credit card or other sensitive information via your web browser. To make sure you're on a secure web server, check the beginning of the web address in your browsers address bar - it should be "https://" rather than just http://.
Consider installing a web browser tool bar to help protect you from known phishing fraud websites.
Regularly log into your online accounts and don't wait for as long as a month before you check each account.
Regularly check your financial institution, credit, and debit card statements to ensure that all transactions are legitimate. If anything is suspicious, contact your financial institution(s) and card issuers.
Ensure that your browser is up to date and security patches applied.
Always report "phishing" or "spoofed" emails to the following groups:
Please click on the link in the Document Box on the right for what to do if you've given out personal financial information.