|
Security Corner
Thank you for visiting
Sharefax Credit Union's Security Corner. Sharefax Credit Union welcomes
the responsibility of protecting our members' privacy. In an effort to
educate our members we have posted information on phishing and spoofing on our
credit union website.
New
Online Banking Security Features
Phishing is the latest form of
identity theft. It's when thieves act as if they are representing an
organization and try to hook the consumer into providing personal information.
Once the consumer is hooked, the thieves can do lasting damage to a consumer's
financial accounts. They can dupe consumers into providing their Social
Security numbers, financial account numbers, PINs, mothers' maiden names and
other personal information.
The thieves often pose as a:
- Financial
institution
- Credit card
company
- Online
merchant
- Utility or
other biller
- Internet
service provider
- Government
agency
- Prospective
employer
Estimated to cost consumers $1.2
billion last year, according to research firm Gartner, Inc., phishing is
perpetuated by both phone and e-mail, although email is more prevalent.
Here's how it works:
Consumers receive an email from an organization with which they do business.
The email typically includes bogus appeals such as problems with an account or
billing errors, and asks the consumer to confirm his/her personal information.
Different approaches include things such as "We're updating our
records," "We've identified fraudulent activity on your account,"
or "Valuable account and personal information was lost due to a computer
glitch." To encourage people to act immediately, the email usually
threatens that the account could be closed or canceled.
Most emails ask recipients to
follow an embedded link that takes them to an exact replica of the victim
company's Web site. Graphics on the counterfeit site are so convincing
that even experts often can have a hard time distinguishing the fake site from
the real one.
Despite the convincing appeals,
consumers should not respond to unsolicited emails that direct them to divulge
personal identifying information. Reputable organizations that consumers
legitimately do business with generally do not request account numbers or
passwords unless the consumer initiated the transaction.
Unfortunately, by hijacking the
trusted brands of well-known and reputable organizations nationwide, phishers
are able to convince up to 5% of recipients to respond to them, according to the
Anti-Phishing Working Group. Gartner, Inc. recently reported that more
than 57 million Americans think they have received a phishing email, and the FBI
has called phishing the "hottest, most troubling new scam on the
Internet."
As we all have heard through the
FBI, NCUA and OCUL (Ohio Credit Union League); there have been several instances
of unsolicited email and telephone scams that have attempted to glean personal
and account information from the general public. These emails have the
appearance of coming from one of the above mentioned agencies. For more
information, you can visit the sites below:
FBI
Spoofing
NCUA
Internet/Email Fraud Alert
NCUA
Identity Theft/Phishing Brochure
OCUL
phishing information
We want to assure our members
that Sharefax Credit Union will NEVER send you any communications via email with
a request for personal information such as account numbers, PINs, or other
passwords.
Update:
(June 20, 2006) NCUA,
CUNA, VISA and Mastercard Phishing Scam Alert
Please be on the alert for a
potential phishing email scam. The emails appear to be from NCUA (National
Credit Union Administration), CUNA, Visa or Mastercard. The email claims that
because of a recent phishing attack and identity theft, they are performing
maintenance on their security measures. It then asks the recipient to
"verify" their account information to eliminate any potential risk
through a link provided that appears to be on their secure website. Of course,
the link is to a false website that requests the member's credit union account
number and PIN, along with other personal information, which is a ploy to gather
information that possibly could be used for identity theft or fraudulent
transactions.
THESE EMAILS ARE FALSE.
NCUA warns recipients that it would never send an email asking credit unions
members for such personal information. Anyone who receives an e-mail that
purports to be from NCUA and asks for account information should consider it to
be a fraudulent attempt to obtain their personal account data for an illegal
purpose and should not click on the links in the message, and the message should
be deleted.
If you have any questions or
concerns about this fraudulent email purportedly from NCUA please contact
us by email* or phone (800) 733-1728 or (513) 753-2440.
*Internet e-mail is
not a secure medium for personal information. Do not include your Social
Security or member number in the email.
Below is a sample email - or you can see a picture
of a fraudulent email HERE (notice the numeric web address when I put my
mouse over the link - Don't be fooled!)
FRAUDULENT EMAIL CONTENT - see notes added in
brackets [ ]:
[*************START OF
PHISHING EMAIL EXAMPLE*************]
Dear NAFCU member,
As part of our security measures, we
regularly screen activity in Federal Credit Union network.We recently noticed
the following issue on youraccount: A recent review of your transaction
history determined that we require an update of your account in order to
provide you with secure services. Case ID Number: PP-065-617-349
For your protection, we have limited
your access, until additional security measures can be completed.
We apologize for any inconvenience this may cause.
Please restore your access as soon as possible.
You must click the link below and
fill in the form on the following page to complete the verification process.
http://80.224.32.158/data/nafcu.org/ [this
may be the fraudulent website link, though it's actual address will likely be
hidden from view. It may actually appear to be something like http://www.nafcunet.org/profile_verification/index.htm]
We thank you for your prompt
attention to this matter. Please understand that this is a security measure
intended to help protect you and your account.
We apologize for any inconvenience.
Sincerely,
Nation Association of Federal Credit Unions Account Review Department
Please do not reply to this e-mail. Mail sent
to this address cannot be answered.
[*************END PHISHING EMAIL EXAMPLE*************]
Above is a sample email - or you
can see a picture
of a fraudulent email HERE (notice the numeric web address when I put my
mouse over the link - Don't be fooled!)
Update
10/02/2006: Credit Card Scam -
Don't be fooled into giving your 3 digit security number on the back of your
card: Here's how this scam works:
This one is pretty
slick since they provide YOU with all the information, except the
one piece: they want which is the 3 digit security numbers on the back of your
Visa or MasterCard.
Note, the callers do not ask for your card number; they already have it.
This information is worth reading. By understanding how the VISA
&MasterCard Telephone Credit Card Scam works, you'll be better
prepared to protect yourself.
The scam works like this: Person calling says, "This is (name), and
I'm calling from the Security and Fraud Department at VISA. My
Badge number is 12460. Your card has been flagged for an unusual
purchase pattern, and I'm calling to verify. This would be on your VISA card
which was issued by (name of bank). Did you purchase an Anti-Telemarketing
Device for $497.99 from a Marketing company based in
Arizona
?"
When you say "No", the caller continues with, "Then we will be
issuing a credit to your account. This is a company we have been watching and
the charges range from $297 to $497, just under the $500 purchase pattern that
flags most cards. Before your next statement, the credit will be sent to
(gives you your address), is that correct?"
You say "yes". The caller continues
- "I will be starting a Fraud investigation. If you have any questions,
you should call the 1- 800 number listed on the back of your card (1-800-VISA)
and ask for Security. You will need to refer to this Control
Number. The caller then gives you a 6 digit number. "Do you need me to
read it again?"
Here's the IMPORTANT part on how the scam works. The caller then says, "I
need to verify you are in possession of your card". He'll ask you
to "turn your card over and look for some numbers". There are
7 numbers; the first 4 are part of your card number, the next 3 are the
security numbers that verify you are the possessor of the card. These are the
numbers you sometimes use to make Internet purchases to prove you have the
card. The caller will ask you to read the 3 numbers to him
After you tell the caller the 3 numbers, he'll say, "That is correct, I
just needed to verify that the card has not been lost or stolen, and that you
still have your card. Do you have any other questions?" After you say No,
the caller then thanks you and states, "Don't hesitate to call back if
you do", and hangs up.
You actually say very little, and they never ask for or tell you the Card
number But after some victims were called, they called back within 20 minutes
to ask a question - and were glad they did!
The REAL VISA Security Department told us it was a scam and in the last 15
minutes a new purchase of $497.99 was charged to the victim's card.
Long story made short - a real fraud report was filed and the victim's VISA
account was closed; with VISA reissuing a new number. What the scammers
want is the 3-digit PIN number on the back of the card. Don't give
it to them. Instead, tell them you'll call VISA or Master card directly
for verification of their conversation.
Below
are some security suggestions for Internet users:
| If
you encounter an unsolicited email that asks you, either directly or
through a website, for personal financial or identity information (such as
social security number, passwords, account numbers or other identifiers),
DO NOT RESPOND. |
|
If a web site address is
not familiar to you, then it is probably not real. Only use the
address that you have used before or start at your normal homepage.
|
|
Always report fraudulent
or suspicious email to your Internet Service Provider. Reporting
instances of spoof web sites will help get those bogus websites shut down
before they can do any more harm.
|
|
Most companies require
you to log in to a secure site. Look for the lock at the bottom of
your browser and "https" in front of the website address.
|
|
Take note of the header
address on the website. Most legitimate sites will have a relatively
short internet address that usually depicts the business followed by .com,
.net or .org. Spoof sites are more likely to have an excessively
long string of characters in the header with a legitimate business name
somewhere in the string, or possibly not at all (such as
http://201.85.121.57/www.WEBSITENAME.com). Often
times you can tell where I link will direct you without even clicking on
it. By putting your mouse over a link, the link address is displayed
in the Status Bar (lower left hand corner) of most web browsers.
Also, the link may display if you just move your mouse over the link and
wait - the link should appear then.
|
|
If you have any doubts
about an email or website, contact the legitimate company directly.
Make a copy of the questionable web site's URL address, send it to the
legitimate business and ask if the address is legitimate.
|
|
If you've been
victimized by a spoofed email or website, you should contact your local
police or sheriff's department and file a complaint with the FBI's
Internet Fraud Complaint Center at www.IFCCFBI.gov
|
|
When creating your
passwords, don't use information that could easily be linked to you (i.e.
phone number, your date of birth, address numbers).
|
|
Change your password
often. We suggest changing your password every 30 to 60 days.
|
|
Do not
share your passwords or PINs with anyone.
|
|
Do not
write your passwords or PINs down where they may easily be found by
others.
|
|
Do not
send your full Account Numbers in an email. If you have several
accounts and need to identify them individually, mask the numbers to that
Acct Number 12345 looks like XXXXXXXX45.
|
|
Do not
send your passwords or PINs in an email.
|
|
If someone comes to you
selling investment opportunities - check to make sure they are licensed to
sell such investments in your state.
|
|
Other schemes can happen
when selling or buying items thru online auctions.
Always go thru a 3rd party settlement company when buying. This
gives you added protection if you don't receive the item you pay for.
Be extra cautious if they are only able to take payment via Cashier's
Check, Cash or Western Union wire.
When selling - a buyer might say, "Oh, here's the check payment for
the item, but I overpaid - can you please send me back the
difference?" Most of the time the check they are paying with is
bad & will come back to you - at which time you'll be out the product
you sold (b/c you've already sent it away), as well as the money you sent
back to the buyer.
|
To learn more about email scams and what you can
do to protect yourself online, the Federal Trade Commission has information on
its web site at www.ftc.gov
The FBI also has a number of great resources on
telemarketing schemes, Nigerian letter frauds, lottery frauds, etc.
Don't
be a victim - Be Crime Smart - FBI
http://www.fbi.gov/majcases/fraud/fraudschemes.htm
Lastly, the old saying, "If
it sounds like it is too good to be true, it probably IS too good to be true."
is as important today, as when it was first coined. http://www.lookstoogoodtobetrue.com/
Sharefax
Credit Union always has your best financial interest in mind, and part of that
is financial security and privacy. Sharefax Credit Union will NEVER send you any
communications with a request for personal information such as account numbers,
PINs, or other passwords. If you receive a questionable e-mail requesting
personal information about your accounts that appears to be from Sharefax Credit
Union, please contact us at (800) 733-1728 or (513) 753-2440.
Links Disclaimer
Sharefax Credit Union has provided links to Internet sites maintained by third
parties. Sharefax does not operate or control in any respect any information,
products or services on these third-party sites.
[ Home ] [ SCU in the Community ] [ Privacy Policy ] [ Security Corner ] [ FAQ ] [ SCU Disclosures ]
Traducir
la página al español
| 
