There are internet-based “scams” that rely on your trust, and often seem reasonable to the unsuspecting. If you suspect a company or individual, or the terms of a transaction are confusing or require you to provide goods or money up front, investigate further before proceeding.
- If you receive an email that warns you, with little or no notice, that an account will be shut down unless you reconfirm your billing information, you should not reply or click on the link in the email. Instead, directly contact the company cited in the email using a telephone number or website address that you know to be genuine.
- Avoid emailing personal and financial information, unless you are using a secure form on the website with which you are doing business. A “lock” icon on your browser’s status bar and/or “https” in a website address signal your information is secure during transmission.
- Review credit card and account statements as soon as you receive them to determine if there are any unauthorized charges or suspicious activity. If your statement is late by more than a couple of days, call the credit card company or financial institution to confirm your billing address and account balances.
- Report suspicious activity to the FTC. Send the actual spam email to firstname.lastname@example.org. If you believe you have been a victim of a fraudulent scheme, file a complaint at www.ftc.gov, and visit the FTC’s Identity Theft website to learn how to minimize your risk of damage from the identity theft.
- Neither the National Credit Union Administration (NCUA) nor any other federal financial agency uses email to request non-public information, such as account numbers, date of birth, or Social Security Number.
- Similar to above, be suspicious of emails requesting personal information or “updates” to your account. Reputable companies will NEVER ask for sensitive information in an email. If you need to update your information online, open a new browser window and type in the website address of the legitimate company and go to their account maintenance page. Call only numbers listed on official websites and never telephone numbers in suspicious emails.
- Always access our internet banking by typing the correct URL (https://www.ccutx.org/) into your browser. Two simple indicators of a secure banking session are the presence of https:// before the website URL and the presence of a digital certificate represented by a padlock or key icon. If you double click on this icon it should provide you with information about the organization with which you have entered into a secure session.
- If you have any doubts about an email or website, contact the legitimate company or check with websites devoted to eliminating spam and scams (see below for some resources).
- Always report fraudulent or suspicious emails to your Internet Service Provider as this helps shut down fake websites before they can do more harm.
- Do not respond to a suspicious email by return email. Do not call phone numbers listed in suspicious emails. Never click on website links embedded in suspicious emails.
- You should always be wary if you receive unsolicited emails or calls asking you to disclose any personal details or card numbers. This information should be kept secret at all times. Be cautious about disclosing personal information to individuals you do not know. Please remember that we will never contact you directly to ask you to disclose your password information.
- Ensure you log off properly by clicking the “Sign off” button. Simply closing the window you performed the transaction in may not close the banking session.
- Whatever your operating system of choice, it is important to keep your computer software up-to-date. Use Windows Update, Apple Software Update, or other operating system and software update features regularly.
- In addition to being protected by using up-to-date antivirus software you should also regularly use software to remove spyware from your computer, as these programs record information about your internet use and transmit it without your permission. In some circumstances this can compromise your PC security. Remember current anti-virus software does not catch 100% of every virus. Consider utilizing multiple programs to regularly scan your computer.
- Ensure you also regularly patch Java and Adobe products. These items are frequently updated because of vulnerabilities and hacker use of those vulnerabilities to install malware on your computer.
- If your computer is infected with a Trojan, your session may become hijacked by a criminal and financial transactions may be performed without your knowledge. It is also advisable to disconnect from the internet if you are not planning to use it.
- Consider using a single computer for your online banking and restrict other uses on it.
- Avoid public wireless internet access. You should be vigilant if you use internet cafes or a computer that is not your own and over which you have no control. Hackers and identity thieves often monitor these networks or install malware to capture your login credentials.
- Secure your home wireless internet access with a strong password. Using a weak password, or leaving the manufacturer’s default settings on your wireless access point can leave your home network vulnerable to unwanted users or attack.
- It is important that you comply with instructions about destroying expired bank cards.
- Do not cache your online banking passwords.
- Do not use the same password for online banking that you use for any other website that may be compromised.
- You should also consider using a crosscut shredder to destroy bank and other statements that may contain sensitive personal information.
- It is advisable to store retained documents in a suitable locked and fireproof container.
- Use a complex password that is not easily guessed. It should not contain full names or words and include special characters and be at least 8 characters long.
Specific Email “Scams”
If it sounds too good to be true it probably is. Don’t be conned by convincing emails offering you the chance to make some easy money. As with most things, if it looks too good to be true, it probably is. Be cautious of unsolicited emails from overseas – it is much harder to prove legitimacy of the organizations behind the emails.
Nigerian Money Transfer Scam – Someone claiming to be from the Nigerian Central Bank or Government, or other party, requests your bank account details under the pretext that they have a huge amount of money in Nigeria, which they need to “hide away” in foreign bank accounts. They promise to deposit the money into your account and come back for it later. You get to keep either the interest accrued, a percentage of the deposit or a flat fee (this varies). Once they have you interested in the venture, they announce unforeseen fees or taxes, which you need to pay before the money can be released. Each fee/tax is said to be the “last” one, but never is. By this method they deplete your bank account.
Credit Card Purchase Notice – A typical email reads, “We have just charged your credit card for laundry service in amount of $234.65″, which of course, you didn’t authorize. You are then given two options: to enter your credit card number (and expiration date) or to press “No”. Naturally, entering your card number and pressing “Yes” sends your information to the malicious person behind the scam – and approves the charge. But clicking “No” also has an undesirable effect – it lets the sender know they’ve obtained a valid email address – one they will use for spam and scam campaigns in the future.
“Phisher” Websites – Emails pretending to be from email@example.com, or similar email addresses, are designed to trick you into revealing personal financial details, such as mother’s maiden name, credit card account information, bank account number, PIN code or a variety of other sensitive information. The emails provide links to fake, or “phisher” websites that look like legitimate companies, but in effect, the links are to fraudulent sites designed to steal your personal information.
Phishing scams pertaining to credit unions in particular often operate under the guise of being some sort of security alert from a credit union and may be from false identities such as “America’s Credit Union”, “Credit Union”, or “firstname.lastname@example.org”. Some scams have even used the “America’s Credit Unions” logo.
Although online fraud and identity theft are given much attention by the media, it is also important to remember that people are still targeted for these crimes over the telephone. Keep the following in mind when dealing with calls that you didn’t initiate:
- CCU will not call you to verify your account numbers, as we already have this information. If you receive a call asking you for your account numbers, end the call and contact our Contact Center about the incident.
- CCU staff will not ask you to call back on an 800 number other than 800-486-4228. Providing an 800 number can make a thief’s intent seem legitimate, but an 800 number other than 800-486-4228 could be part of a scam.
- Don’t give your account numbers to individuals who claim they can protect your accounts from online fraud and identity theft. A typical call might involve someone claiming they have seen your account numbers on numerous reports that thieves could access to steal money from you. The caller asks for your account numbers and then also asks for your authorization to deduct a fee for the service. Be wary of these calls because unauthorized individuals or companies do not have the ability to electronically withdraw money from your CCU accounts.
- Don’t let someone pressure you into divulging your personal information. Trust your instincts if something tells you that the call is not legitimate. If someone is looking to conduct business with you, they should not have issue with doing it on your terms.
- You receive a Cashier’s Check in response to something you have sold over the Internet.
- You are asked to send a wire transfer or a money order or otherwise return any portion of check proceeds to a third party.
- You have any reason to suspect that a Cashier’s Check you receive is not valid.
Don’t Be a Victim!
- If a Cashier’s Check is later returned, you will be held liable for the bad check.
- We are not able to tell you when a check you deposit will clear.
- Even when we lift a “hold” on funds from a deposited check, that does not mean that the check has cleared.
- If funds are to be held by a third party, or escrowed, be sure it is a party you can trust.
If any of the above information causes you to question a Cashier’s Check, please alert a CCU staff member.
- SSL Encryption – Before an account transaction begins, your web browser and our web server establish a Secure Socket Layer (SSL) encrypted session at the 128-bit level. Simply put, SSL encrypts the data and verifies the identities of the sending and receiving computers during a transaction.
- Limited Sign-on Attempts – Because the possibility exists of an intruder randomly choosing your password, your account denies access after three incorrect sign-on attempts. If your account denies you access you have been locked out. Please contact the Contact Center at (512)477-9465 to get your account enabled again.
- Automatic Timeouts – To help prevent accidental misuse of your account when you leave your browser signed on, your secure Internet Banking session with CCU will be automatically disconnected after ten minutes of inactivity and you will need to sign back on if you wish to continue.
- Firewalls – Critical CCU computers are protected by “firewalls” – computer hardware and software that block attempts at intrusion by restricting the types of information that can pass through them. They also prohibit dubious types of requests from other computers.
- Separate Databases – As a further measure of protection we store your account and transaction data on computers not directly connected to the internet.
Perhaps the greatest threat to your account information is giving your member number and/or password to another individual. Please remember:
- No one except a joint account holder needs to know your member number and/or password for any reason.
- No employee of CCU will ever ask you for your password information. Call us immediately at (512)477-9465 if any person, whether a CCU employee or not, attempts to learn your password.