Learn about identity theft
North Jersey Federal has been advised that a check fraud scam is circulating counterfeit NJFCU checks. The scam is yet another variation of the international lottery winner pitch.
If you receive an unsolicited NJFCU check for deposit, please fax a copy of the suspect check to Member Services, 973-785-3264 and include your contact information.
CUNA RISK ALERTS
Phishing Attacks Increase Nearly 600% in 2009; Prevention Starts with Members
The following are examples of phishing requests mimicking credit unions:
“Your account has been temporarily suspended because of a security breach at our credit union. Please provide your information to our security department to reactivate your account.”
“Your credit card was suspended. Our customer service department needs your information to reinstate your card.”
“Your loan is delinquent. Payment is needed ‘immediately’ (over the phone).”
“You can receive a reduced interest rate on your loan. We need to confirm your information.”
This type of socially-engineered breach of personal or financial information is a potentially costly and devastating crime that can impact your credit union and your members. Fortunately, losses can often be prevented through member awareness combined with sensible everyday practices.
Members should never respond directly to requests that purport to be from a credit union or any other company, no matter how urgent or persuasive the request. Instead, members should initiate the communication using the customer service number listed on their monthly statement to verify that the request is legitimate.
Tips to protect members:
- Don’t respond to e-mails, text messages or telephone calls asking for personal identification or financial information
- E-mails and Internet pages created by scammers may look exactly like credit unions
- Learn more about phishing scam techniques at http://www.antiphishing.org/consumer_recs.html
- Take action immediately by alerting your credit union, placing fraud alerts on your credit files, and monitoring your account statements
- Enroll in NJFCU’s Fraud Protection Plus program
- Report scams to the Federal Trade Commission by calling 1-877-IDTHEFT
Spike in Wire Fraud Calls for Extra Caution
Credit unions are reporting a high volume of unauthorized wire requests received and processed by credit union employees as well as online banking applications. Fraudsters continue to focus on Home Equity Line of Credit (HELOC) wire transfers – making requests via e-mail, fax, telephone, and/or online banking using members’ credentials to transfer funds to accounts at other financial institutions. The recent spike in fraudulent wire transfers calls for special attention to protect your credit union and members.
Loss Prevention Recommendations:
- Review your current policies and procedures on wire transfers with employees
- Set a dollar amount threshold for all types of wire transfer requests (in person or remote)
- Implement a fraud management system to identify suspicious wire transfer requests
- Utilize multi-factor authentication to prevent system intrusion that may lead to unauthorized wire transfer through online banking
- Alert members of scams using your website, statement stuffers, and/or newsletters
- Educate members about risks associated with responding to requests for their personal or financial information when contacted by telephone, e-mail, text, or mail
Learn from NJFCU about identity theft.
There are various scams and attempts to defraud you circulating at this time. Please be aware of the following activities.
NCUA Account Verification Scam:
Members of various credit unions have received emails purporting to be from the National Credit Union Association (NCUA) with the subject “WARNING: Security Issues.” This is a scam attempting to steal member and account information. The NCUA does not contact members to verify anything about their accounts.
The NCUA has put the following notice on its homepage:
“Recently, there have been multiple e-mail fraud attempts, known as "Phishing,” that were initiated via e-mail sent to both the general public and to some credit union members that appeared to be from NCUA. This false e-mail asked for the recipient to click on a link to verify their credit union account registration. If the recipient proceeded to do so, the link directed them to a false website and asked for their credit union account number and PIN, along with other personal information.
“NCUA does not ask credit unions members for such personal information. Anyone who receives an e-mail that purports to be from NCUA and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.”
If you responded to such an e-mail and provided any confidential account information, please notify NJFCU immediately of the scheme. You should also change your account’s PIN and take any additional action we recommend to protect your account.
Formal ‘cybercrime’ complaints can be filed with www.IC3.gov.
Identity Theft Detection:
Experts tell us that more than half of identity theft cases involve credit card fraud. For your protection, all NJFCU VISA® Debit Cards are monitored for fraudulent and unusual transaction activity. If our system detects unusual activity, an automated message will be sent to your home phone number along with a message code. To learn more, you should call the Fraud Message Center back at 1-866-750-9107 and provide the code. You will then be asked to confirm or deny recent card transactions. A service representative will also be available to you if you enter the code incorrectly or the code has expired.
If the Fraud Message Center cannot contact you by phone, they will mail a letter to your home address to verify suspicious activity. Enfact is the company that monitors suspicious activity on VISA® Debit Cards and their number is 1-800-262-2024. You will then be asked by a service representative to confirm or deny recent card transactions. They will never ask you for your Personal Identification Number (PIN). When you receive such mail, an email or telephone messages you are advised to always be cautious and take the following steps:
Do not respond to an email asking you to disclose personal information of any kind.
Do not ignore potentially valid warnings seeking to confirm specific transactions.
Use only the telephone numbers provided above to investigate the situation, or use the number on the back of your ATM/debit card or your monthly statement. When you call one of these legitimate numbers you will talk to an individual and not an automated system. You may call NJFCU directly if you suspect you've been scammed. You can also file a complaint on the Federal Trade Commision's Web site, www.ftc.gov, or call 1-877-FTC-HELP.
Identity Theft Protection:
Thieves may sell identity information on the black market or use it to obtain money, credit or even expensive medical procedures. Unless you're vigilant in protecting your records, you'll have to work 30 to 40 hours to repair the damage to your credit. Some of the e-threats to your identity are:
- Phishing. You get an e-mail that appears to be from your credit union or an online service instructing you to click on a link and provide information to verify your account.
- Pharming or spoofing. Hackers redirect a legitimate website's traffic to an impostor site, where you'll be asked to provide confidential information. Scammers have been targeting social networking sites, such as Facebook.
- Spyware. You've unknowingly downloaded illicit software when you've opened an attachment, clicked on a pop-up or downloaded a song or a game. Criminals can use spyware to record your keystrokes and obtain credit card numbers, account information and passwords when you make purchases or conduct other business online. They also can access confidential information on your hard drive.
You don't need to have a computer to become a victim.
- Vishing -- voice phishing. You get an automated phone message asking you to call your credit union, bank or credit card company. Even your caller ID is fooled. You call the number and are asked to punch in your account number, PIN or other personal information. (See Reference 1)
- Bank-card "skimming." Crooks use a combination of a fake ATM slot and cameras to record your account information and PIN when you use a cash machine. Your credit or debit card also can be skimmed by a dishonest store or restaurant worker armed with a portable card reader.
- Crooks will steal your wallet or go through your mail or trash.
More than half of identity theft cases involve credit card fraud. Checking accounts are the second most popular target. But some crooks have other plans:
- At least 250,000 people a year have been victims of medical identity theft. Crooks use fraudulently obtained personal information to get expensive medical procedures or dupe insurance companies into paying for procedures that weren’t done.
- The victims of about 5% of reported identity theft cases are children. The fraud often goes undetected for years -- until the young adult applies for credit. (See Reference 2)
You can take steps to protect yourself from identity fraud:
- Keep your confidential information private. Your credit union, bank or credit card company won't call or e-mail to ask for your account information. They already have it.
- Keep an inventory of everything in your wallet and your PDA, including account numbers. Don't keep your Social Security card or any card with your Social Security number, such as an insurance card, in your wallet.
- Order and review your credit report. You are allowed one free report each year from each of the three major credit agencies. Order reports from https://www.annualcreditreport.com/cra/index.jsp; it is the only place to get them for free.
- Monitor your bank and credit card transactions for unauthorized use. Crooks with your account numbers usually start small to see if you'll notice. The sooner you catch them, the easier the problems are to clear up.
- Store your vehicle registration and insurance forms in a sealed envelope in your glove box and lock it and your car when at home or away.
- Use your own computer if you conduct business online. A public computer is less secure, as is wireless Internet.
- Look for suspicious devices and don't let anyone stand nearby when you use an ATM. Take your card and receipt with you. Keep your PIN in your head, not in your wallet.
- Don't store credit card numbers and other financial information on your cell phone.
- Don't apply for a job using résumé web sites or Craig’s List unless the employer has a verifiable address.
- Shred any bills or statements once you no longer need to store them.
Protect your computer from vulnerability:
- Keep system and browser software up to date and set to the highest security level you can tolerate. Install antivirus, antispyware and firewall protection, and keep them up to date as well. When possible, use hardware firewalls, often available through your broadband connection router.
- Back up your data and store it way from your computer.
- Don't open e-mails from strangers. Malware can be hidden in embedded attachments and graphics files.
- Don't open attachments unless you know who sent them and what they contain. Never open executable attachments. Configure Windows so that the file extensions of known file types are not hidden.
- Don't click on pop-ups. Configure Windows or your Web browser to block them.
- Don't provide your credit card number online unless you are making a purchase from a website you trust. Reputable sites will always direct you to a secure page with a URL starting with https:// whenever you actually make purchases or are asked to provide confidential information.
- Use strong passwords: at least six characters, including at least one symbol and number, and no reference to your name or other personal information. Use a different password for every site that requires one, and change passwords regularly.
- Never send a user name, password or other confidential information via e-mail.
- Consider turning off your computer when you're not using it or at least putting it in standby mode.
- Don't keep passwords, tax returns or other financial information on your hard drive.
If you suspect your identity may be compromised, place a fraud alert with the three credit bureaus. When you place an alert, you are entitled to a free copy of your credit report. After that, take advantage of the free annual reports the bureaus are required to give all consumers. Stagger your requests so that you get a report every four months. Beware: A fraud alert applies only when someone tries to open a new line of credit. It won’t keep someone from using existing accounts.
- If you've been phished, contact the real bank or other company named in the fraudulent e-mail. You also may want to notify the Internet Crime Complaint Center (3) and forward the e-mail to email@example.com.
If you are the victim of identity theft, take the following steps:
- Make an identity-theft report to the police. File a complaint with the Federal Trade Commission (4). Also, contact the office of your state's attorney general; you may be able to file a report there. Get copies of all this paperwork and keep them in a safe place.
- Close accounts that have been tampered with. Contact each company by phone and again by certified letter. Make sure the company notifies you in writing that the disputed charges have been erased. Document each conversation and keep all records.
- Place a seven-year fraud alert or a "freeze" on your credit reports. (See Reference 5)
- Begin the process of having the fraudulent information removed from your credit reports. (See Reference 6)
- Consider purchasing identity theft insurance. It cannot protect you from becoming a victim of identity theft, but it can help you pay the cost of reclaiming your financial identity. See our website and click on Fraud Protection Plus for more details on this available benefit for NJFCU members.
- Find victim support at the Identity Theft Resource Center (7).
- If you are the victim of medical ID theft, get the helpful information provided by the World Privacy Forum (8).
1 Internet Crime Complaint Center, http://www.ic3.gov/complaint/default.aspx
2 Federal Trade Commission, http://www.ftc.gov/bcp/edu/microsites/idtheft/