Phishing Attempts | www.mycreditunion.gov
What is a “phishing” scheme? Phishing is when you receive an email that appears to be from a legitimate company asking you to confirm your identity in some way. You click on a link, provide your personal or financial information, and the end user (or their) uses that information for various purposes.
In many cases, identity thieves will present themselves as credit union representatives and contact consumers either by text message or phone call, not by email. Consumers are led to believe their account information has been compromised and they are instructed to either click a link or provide personal information to authenticate their accounts which can put you at risk. Consumers should avoid providing any personal information when not initiating the call or text message. Please note that CPCU will never request personal information via text message or email.
Tech Support Scams | www.support.microsoft.com
As many working individuals were forced to convert to remote working, fraudsters were working on increasing their online presence. Typically this scam starts with a popup or an ad on your computer, disguised as an alert from Microsoft or a virus protection program. The notification will tell you that your computer has been compromised and to immediately call the number on your screen for protection. This number is NOT legitimate. The person on the other end of that call is a scammer, who will tell you that your computer has been infected or that they can “see hackers” who have stolen your banking information. A “hacking” attempt is extremely unlikely. There is not much to gain from a hacker attempting to obtain access to an individual’s computer. These scams are very convenient for scammer organizations, because their victim calls them first. Scammer organizations are intelligent, they know exactly what to say to make us worry and willing to comply with their requests under the guise of protecting us. The real threat is what follows next: the scammer will request that you click on a link or otherwise allow them remote access to your computer or device so that they may block the threat from stealing all of your money. They will ask you to verify card numbers or to log into your online banking using the same computer that you are screen sharing with them. This compromises not only the card information you share, but also provides them your bank information and account details. They will have the ability to take over your mouse and transfer funds between or out of your accounts, leaving you defenseless. Remember, these popups are harmless and pose no threat to you unless you respond. If you delete it or ignore it, it will go away. If you are worried about viruses or malware, be sure to regularly run virus protection software that you purchase independently.
Fraudsters attempt to collect information and credentials from individuals by phone or by email. Amazon typically conducts business through email, and will often email their customers with updates to their account and with notifications regarding purchases. It can be difficult to differentiate between what is real and what is phishing. Phishing emails from fraudsters posing as “Amazon” will tell you that a purchase was made on your account. The purchase is likely a high dollar amount, and the email will list a phone number to call if you want to dispute the charge. Of course your first instinct is to call the number – you didn’t make that purchase! However, the number will lead you to a scammer, not Amazon’s customer service. By going directly to Amazon’s website (don’t click any links in the email!) and logging into your Amazon account, you will be able to see all the orders you have ever made. You will also find Amazon’s contact information to call customer service. By doing this, you have bypassed the scammers attempts to collect your information and have confirmed it was a phishing attempt. If you delete or ignore the email, it will pose no harm!
We work hard to ensure that the proper security and procedures are in place to protect you. We continually review and update what we use to protect you and your accounts to safeguard your personal information. Here are some easy steps you can take to protect what’s most important to you.
- Review each of your three credit reports at least once a year, to ensure that the information is accurate and up-to-date before you apply for a loan, lease a car, get a credit card, buy insurance, or apply for a job. Help guard against identity theft. If identity thieves use your information to open new account in your name, those unpaid accounts get reported on your credit. Order your FREE reports: www.annualcreditreport.com
- Shred your sensitive documents. This includes receipts, credit offers and applications, account statements, unused checks, and other similar documents that contain your private information. CPCU has public Shred Days during the year, so look for our announcements on when and where the next Shred Day is being held.
- Review your billing statements and account statements. If there are mistakes on your statement or it doesn’t get delivered to you on time, contact CPCU right away.
- Guard your personal information. Legitimate companies will never ask you for personal information via email, text or phone messages. If you receive messages requesting things like your Social Security number or credit card number, delete them or disregard their phone call.
- Use only secure or encrypted websites when you bank or shop online. Encrypted websites have “https” at the beginning of the web address (the “s” stands for secure).
- Create strong passwords for your online accounts that include letters, numbers and special characters. Do not use the same password on more than one account.
- Keep your computer protected by using anti-virus and anti-spyware software and regularly update when available. Do not open files, click on links, or download programs sent to you by people you don’t know. It could expose your system to a virus or malicious software that captures your passwords or other sensitive information.
Here’s what you can do to protect yourself if you suspect someone has stolen your identity.
- Flag your credit reports. Call one of the three national credit reporting agencies and request a fraud alert be placed on your report. Whichever one you call must work with the other two agencies so they as well can flag your report. The initial fraud alert is good for 90 days.
- Order your credit reports. Read the reports carefully, as they can slightly differ from each agency. If you see errors or signs of fraud, contact the agency reporting it immediately.
- Contact CPCU so we can review your accounts. Identity theft can also impact your account balances if your debit card or checks have been compromised. Completing a full review of all your accounts will help you find errors faster.
- Create an Identity Theft Report. This can help you get fraudulent information removed from your credit report, stop companies from collecting debts caused by identity theft, and help you get additional information about the fraudulent accounts. To create one of these reports:
- File a complaint with the FTC. Call 1-877-438-4338. You will receive an FTC Affidavit after filing a complaint.
- Once you receive the Affidavit, take it to your local police department and file a police report. Be sure to get a copy of the police report for your records.
More resources about protecting your identity can be found on the Federal Trade Commission’s website.
Debit card safety. Monitor activity on your accounts with the CPCU app. This app gives users total control over their debit card by determining where the card can be used, receiving real time alerts when transactions are made, and the ability to turn the debit card on or off.
Shop from reputable sources. When searching for specific items online, too-good-to-be-true discounts are often that. Search from websites that you can trust and be sure to do your research before providing personal information.
Be wary of emails and phone calls. Reputable companies will never call you unexpectedly – only when you have initiated contact with them first. Merchants will not contact you via email or phone to ask you to dispute a purchase or verify card information. Oftentimes a scammer posing as a popular merchant (such as Amazon, Walmart, etc.) will “notify” you of a large purchase made on your account, and include a link or a phone number for you to contact them to dispute it. From there they will request information from you, or even ask for access to your computer. CorePlus reminds you to NEVER respond to this communication and NEVER allow someone to connect to your devices. The safest reaction to this common phishing scam is to delete the message; it can do no harm once it is gone.
Deposit fraud has been increasing nationwide. If there is ever a deposit made into your account that YOU did not initiate, contact us immediately. If a check or benefits deposit was made to you along with instructions for handling the funds, DO NOT withdrawal them. Instructions can include purchasing gift cards, money orders, or other non-traceable monetary instruments, and require you to act quickly. This is to ensure the scammer receives the funds before the credit union is notified that the deposit was fraudulent. The most effective way to prevent this is to NEVER give out your account number and to let CorePlus know immediately if you receive a deposit from an unknown source.
CorePlus uses advanced fraud protection monitoring on all our member’s accounts, but the first line of defense against fraud is you. We encourage you to do your own research about safe online shopping and recommend fbi.gov and cisa.gov (Cybersecurity & Infrastructure Security Agency) for more information. If you notice any unusual activity on your accounts, or have any questions or concerns, please contact the CorePlus Call Center at 860-886-0576. Stay vigilant and safe.