Phishing

Beware! Thieves may be “phishing” (pronounced ‘fishing’) for your personal financial information. Account numbers, passwords, Social Security numbers, and other financial information are all vehicles crooks use to invade your checking account or charge their purchases to your credit cards. In the event crooks do get your personal information, you could become a victim of identity theft.

How phishing works

Typically, you’ll receive an email that appears to come from a reputable source that you know and trust such as your credit union. Or, the email may appear to come from a government agency that may or may not be associated with your credit union. Likely, the email will advise you of a serious problem affecting your account and ask for your immediate reply to rectify the situation by clicking on a link provided in the email.

In a phishing scam, the result of your clicking on that link will take you to either a site that looks just like the authentic site, or it may actually be the real site where a pop-up window will appear to secretly gather your personal information. You likely will be asked to verify or update your personal and/or account information. As you enter this information, you are giving thieves everything they need to steal your identity and your money.

If you’ve been “phished”, forward the phish email to:

• reportphishing@antiphishing.org
• spam@uce.gov (Federal Trade Commission)
• the company who has been “spoofed”
• When forwarding spoofed messages, always include the entire original email with its original header information intact and notify the Internet Fraud Compliance Center of the FBI by filing a complaint on their website: www.ic3.gov

Some phishing attacks use viruses and/or Trojans to install programs called “key loggers” on your computer. These programs capture and send out any information that you type to the phisher, including credit card numbers, user names, passwords, Social Security numbers, etc. If you’ve fallen victim to this you should:

• Install and/or update anti-virus and personal firewall software.
• Update all virus definitions and run a full scan.
• Confirm every connection your firewall allows.
• If your system appears to have been compromised, fix it and then change your password again, since you may well have transmitted the new one to the hacker.
• Check your other accounts! The hackers may have helped themselves to many different accounts: eBay account, Pay Pal, your email ISP, online bank accounts, online trading accounts, e-commerce accounts, and everything else for which you use online passwords.

Vishing

Vishing is a new threat where would-be criminals use the phone line to obtain your private information for their personal gain. Vishing is similar to phishing scams that rely on email to steal consumers’ identities; vishing uses Internet telephone calls. Criminals use the information obtained to steal money from accounts, rack up charges on credit cards and commit identity theft.

How vishing works

Phone calls are made using a random dialer. The recording states the call is being made by a local bank or credit union notifying the account holder their card has been deactivated and they will need to input the card information in order to have it reactivated. The fraudsters do not know if the household they are calling is an account holder of the bank or credit union targeted, they are counting on the volume of calls being placed to produce the desired results. They assume the odds are that they will contact some of the account holders of the targeted company, and some will enter their card information.

What you should do

If you are contacted by a company you do business with and are asked for your personal information, thank them for alerting you to the problem, hang up immediately, then call the customer service number listed on the back of your credit/debit card or an account statement. If there actually is a problem, then the issue can easily be resolved and you’ll have peace of mind knowing that your personal information has not been compromised.

If you’ve been “vished” you should report the information directly to the Federal Bureau of Investigations (FBI) at www.ic3.gov for investigation. If you’ve provided your personal information to the fraudsters, go immediately to the Federal Trade Commission (FTC) website at www.ftc.gov/idtheft and follow the steps provided to minimize your losses and protect your credit. You should also notify the credit union as soon as possible to take the necessary steps to protect your credit union account.

Smishing

Smishing (SMS phISHING) is the mobile phone counterpart to phishing. Instead of being directed by e-mail to a Web site, a text message is sent to the user’s cell phone or other mobile device with some ploy to click on a link. The link causes a Trojan to be installed in the cell phone or other mobile device.

Secret Shopper Schemes

Many retail and service companies often hire individuals to evaluate or perform secret checks on themselves or their competitors. Fraudsters are now capitalizing on this employment opportunity and stealing consumers’ money and in many cases, their identity.

The first step in this scheme occurs when an individual is contacted by e-mail or U.S. mail with an urgent request to apply as a mystery shopper. The individual is instructed to send a resume and is notified that he or she is subject to an extensive background check as a condition of employment. The second step in this scheme occurs when the applicant becomes “hired” and receives a check and instructions from the new employer to perform the job. The check received is used to cover purchases while shopping at a certain retail store for a designated length of time and spending a certain amount on merchandise as the instructions indicate. Instructions also may include additional directions to observe other specific details about the store.

The next step in this scheme occurs when the individual is instructed to evaluate the accuracy and ease of using the wire services at a retail location. Since the individual has already deposited the check into his or her account at the credit union, a withdrawal of the cash is made to complete this part of the assignment. The individual takes the cash to the retailer and completes the wire as instructed. As payment for the job performed, the individual gets to keep the money that’s left after paying for the purchases and wiring the funds.

Sounds like easy work, right? The only problem is that the check the employer sent to pay the individual has been returned to the credit union as counterfeit or fraudulent and now that amount has been deducted from the individual’s account. The individual is responsible for the entire amount of the check and any fees charged to the account as a result of the check being returned.

Another version of this scheme requests applicants to provide account information to have money directly deposited to their account. Once this information is obtained, the fraudster will have access to the individual’s account and can withdraw money electronically. The individual then becomes a victim of identity theft.

Tips
Here are some tips you can use to avoid becoming a victim of employment schemes associated with mystery/secret shopping:

• Do not respond to unsolicited (spam) e-mail.
• Do not click on links contained within an unsolicited e-mail.
• Be cautious of e-mail claiming to contain pictures in attached files, as they files may contain viruses. Only open attachments from known senders. Virus scan all attachments, if possible.
• Avoid filling out forms contained in e-mail messages that ask for personal information.
• Always compare the link in the e-mail to the link you are actually directed to and determine if they match and will lead you to a legitimate site.
• There are legitimate mystery/secret shopper programs available. Research the legitimacy on companies hiring mystery shoppers. Legitimate companies will not charge an application fee and will accept applications on-line.
• No legitimate mystery/secret shopper program will send payment in advance and ask the employee to send a portion of it back.

Individuals who believe they have information pertaining to mystery/secret shopper schemes are encouraged to file a complaint at www.ic3.gov.

Identity Theft

Identity theft occurs when someone uses your personal information such as your name, social security number, credit card number or other identifying information, without your permission to commit fraud or other crimes. If you have become a victim of identity theft you should:

Report the theft to the three major credit reporting agencies-Experian, Equifax and TransUnion Corporation, and do the following:

1. Request that they place a fraud alert and a victim’s statement in your file.
2. Request a FREE copy of your credit report to check whether any accounts were opened without your consent. You can find information about obtaining free credit reports on the Federal Trade Commission’s website at: http://ftc.gov/freereports
3. Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft.

Major Credit Bureaus:

Equifax – www.equifax.com

To order your report, call 800-685-1111 or write P.O. Box 740241, Atlanta, GA 30374-0241
To report fraud, call 800-525-6285 and write P.O. Box 740241, Atlanta, GA 30374-0241

Experian – www.experian.com
To order your report, call 888-397-3742 or write P.O. Box 2002, Allen, TX 75013
To report fraud, call 888-397-3742 and write P.O. Box 9530, Allen, TX 75013

TransUnion – www.transunion.com
To order your report, call 800-888-4213 or write P.O. Box 1000, Chester, PA 19022

To report fraud, call 800-680-7289 and write Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92634

• Notify your financial institution(s) and ask them to flag your account and contact you regarding any unusual activity.
• If bank accounts were set up without your consent, close them.
• If your ATM card was stolen, get a new card, account number and PIN.
• Contact your local police department to file a criminal report.
• Contact the Social Security Administration’s Fraud Hotline to report the unauthorized use of your personal identification information.
• Notify the Department of Motor Vehicles of your identity theft.
• Check to see whether an unauthorized license number has been issued in your name.
• Notify the passport office to watch out for anyone ordering a passport in your name.
• File a complaint with the Federal Trade Commission:
  • http://consumer.gov/ncpw/everyone/identity-theft-and-privacy/ or call 1-877-IDTHEFT
• File a complaint with the Internet Fraud Complaint Center (IFCC)
  • www.ic3.gov

The Internet Fraud Complaint Center (IFCC) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), with a mission to address fraud committed over the Internet. For victims of Internet fraud, IFCC provides a convenient and easy-to-use reporting mechanism that alerts authorities of a suspected criminal or civil violation.

• Document the names and phone number of everyone you speak to regarding the incident.
• Follow-up your phone calls with letters. Keep copies of all correspondence.

Return to the top of the page.

Identity theft is most often a crime of opportunity. If you make it hard for someone to steal your identity, the thief will move on to an easier target.

1. Never give your personal information via internet or telephone when you did not initiate the contact with the company.
2. Contact the company by other means if you believe the request for information is legitimate. Use public resources (phone book or internet) as well as your account statements to obtain contact phone numbers or addresses. Or go to the company’s web site by typing in the site address directly in your web browser.
3. Don’t provide passwords in response to unsolicited requests over the phone or internet. Legitimate companies should never contact you and ask for that information.
4. Do not be intimidated by an e-mail or caller who suggests dire consequences if you do not immediately provide or verify financial information.
5. Never click on a link provided in an e-mail you believe is fraudulent. It may contain a virus that can contaminate your computer.
6. Regularly review your account statements to verify all charges were made by you or an authorized signor on your account. If you don’t receive your account statement in a timely manner, notify your credit union immediately.

What To Do If You’ve Given Out Your Personal Financial Information

Here’s some advice on what to do if you are in this situation:

• Report the theft of this information to the card issuer or financial institution as quickly as possible:
  Many companies have toll-free numbers and 24-hour service to deal with such emergencies. For Central Credit Union issued cards, call our office during business hours at (850) 474-0970 or (800) 375-2235. Nights, weekends and holidays call Visa at (800) 453-4270 or Pemco Technologies at 1-800-682-6075 for credit cards. Call (850) 474-0970 or (800) 375-2235 option 3 for reporting lost/stolen debit cards after hours.
• Cancel your account and open a new one.
• Review your billing statements carefully after the loss:
  • If they show any unauthorized charges, it’s best to send a letter to the card issuer describing each questionable charge.
• Credit Card Loss or Fraudulent Charges (FCBA):
  • Your maximum liability under federal law for unauthorized use of your credit card is $50.
    **If the loss involves your credit card number, but not the card itself, you have no liability for unauthorized use.
• ATM or Debit Card Loss or Fraudulent Transfers (EFTA):
  • Your liability under federal law for unauthorized use of your ATM or debit card depends on how quickly you report the loss.
  • You risk unlimited loss if you fail to report an unauthorized transfer within 60 days after your account statement containing the unauthorized use is mailed to you.

Central’s Security Measures

It is the policy of Central Credit Union of Florida to NEVER request personal or confidential information from members via e-mail or an e-mail link. In addition, we will never ask a third party or credit union affiliated organization to request this type of information from you. It is our goal to keep your information safe!

Central’s privacy policies are mandated by state law and federal regulations. We strictly enforce these policies. Access to members’ nonpublic information on record at Central is limited to those employees who need to know that information to provide services to you. Passwords and PINs established for your account at Central are not recorded at the credit union, therefore, only you have access to your passwords and PINs. Information that you use to log on to your accounts with Central is encrypted into a secure code to prevent hackers from accessing that information. Virus protection software is utilized by the credit union to protect the computer network from potential hazards.

In the event you receive an electronic communication requesting personal information pertaining to your Central Credit Union account, please notify us immediately at mservices@ccufl.org with the email address from which it was received.

Other Helpful Resources

• http://postalinspectors.uspis.gov
• http://consumer.gov/ncpw/everyone/identity-theft-and-privacy/
• http://nwfl.bbb.org/consumer-tips-scams/
• www.visa.com

Return to the top of the page.

IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING A NEW ACCOUNT

To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: When you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents.

Return to the top of the page.