Fraud Prevention

It’s a different world. We can become victims without ever seeing our attackers—and lose something more valuable than money: our identity. Identity theft (ID theft) occurs when someone assumes another person's personal identifying information (e.g., a name, Social Security number, or date of birth) with the intent of committing fraud. It’s been said that ID theft is the largest growing crime in America, with new methods turning up constantly.

Signs of identity theft can take many forms, and your identity can be stolen in a variety of ways:

• Loss or theft of your wallet, purse, or credit card
• Mail theft
• Skimming information from the magnetic strip on credit or debit cards
• "Dumpster diving"
• "Shoulder surfing"—spying your PIN or password over your shoulder
• Eavesdropping
• Scam phone calls soliciting personal or financial information
• Phishing emails and spyware
• Computer hacking
• Data Breaches

• Do not carry your Social Security card in your wallet
• Do not have your Social Security number or driver's license number printed on your checks
• Avoid giving out your Social Security number unless it is absolutely necessary
• Beware of giving information to anyone over the telephone or Internet, unless you initiate the call
• Century Federal Credit Union will NEVER contact you and ask for any personal information including social security number, account number, PIN# or any other sensitive data
• Shred any documents with account numbers or other personal data you are throwing out and any pre-approved credit offers, ideally with a micro-cut shredder
• Watch for regular monthly bills that aren't delivered. Stolen mail is one way to obtain sensitive information
• Do not leave mail for pickup at an unlocked mailbox
• Check your credit report at least once a year to identify accounts that may have been opened in your name without your knowledge. You can get a copy of your credit report at www.annualcreditreport.com every 12 months. Monitor your online financial accounts frequently and check your credit card statements as soon as they arrive to ensure you made all of the charges listed
• Never write your full credit card number on a check. Instead, write "ends in" and the last four digits of the credit card number
• Sign your new debit and credit cards promptly
• Be vigilant to all suspicious activity
• Do not keep personal identification numbers (PINs) attached to credit, debit, or ATM cards
• Keep your Social Security card, passport, birth certificate, and other important cards and documents in a locked location
• Protect your computer with a firewall and other security related software, and keep this software up-to-date.
• When disposing of an old computer, be sure to wipe or destroy the hard drive first, using special software designed for this purpose.
• If you are a member of a military service unit who is on active duty, consider placing an active duty alert on your credit report. The active duty alert can prevent prescreened offers of credit and insurance being sent while you are away on active duty.
• Consider purchasing an identity theft protection service. Our member discount partner, Benefits Plus, offers a comprehensive identity monitoring service. An identity monitoring service will add another layer of protection for your accounts and your personal information.

• Contact the financial institution(s) or the companies where the information about you has been used and let them know you are a victim of identity theft.
• Contact the credit reporting agencies to report the identity theft and request they place a fraud alert on your account. You only need to contact one. The first agency you contact will contact the other two. The credit reporting agencies are:
• www.equifax.com – (800)-525-6285
• www.experian.com  – (888)-397-3742
• www.transunion.com  – (800)-680-7289
• Contact the police department to report the crime. Be sure to request a copy of the report.
• Contact the Federal Trade Commission at www.consumer.gov/idtheft to make a report and review their helpful hints for dealing with identity theft.
• Keep good records including who you talk to, summaries of conversations, and documentary evidence of the crime.

Be on guard. Phishing occurs when a fraudster impersonates a legitimate company or organization using email, faxes, and/or websites in an attempt to lure recipients into revealing confidential information. Quite often, the tone of the email is urgent, leading recipients to believe there is something wrong with their account. They are urged to take immediate action, which often includes opening an attachment or clicking on an embedded link to go to the "company's" website to update, verify, or review account information. When the victim logs in or enters confidential information, they are actually giving it directly to the criminals. Vishing (voice phishing using the phone) and SMiShing (phishing via text messages) are newer, but just as dangerous, forms of phishing that consumers and businesses need to be aware of. The scams are the same, but the technology used is different. Some of the signs you should look for:

• Attackers urge the recipient to click on the link (phishing and SMiShing) or call a telephone number (vishing and SMiShing) to update or verify account information, reactivate an account, or cancel an order.
• Attackers convey a sense of urgency and often mention negative consequences for failing to respond.
• Attacks are not consistent with other email, telephone, or text messages from the business.
• Messages do not contain any personalization that shows the sender knows something about the recipient's account (e.g., the recipient's name, the last four digits of their account number, or other information).
• Attacks often contain spelling errors and bad grammar.
• Attacks using SMiShing often indicate the message came from the number "5000" instead of displaying an actual telephone number.
• Messages often claim the user has ordered something that they never ordered.

• Attackers urge the recipient to click on the link to update or verify account information, reactivate an account, or cancel an order
• Century Federal Credit Union will NEVER ask you to click a link to enter account or any other personal information
• Attackers convey a sense of urgency and often mention negative consequences for failing to respond
• Attacks are not consistent with other email messages from the business
• Messages do not contain any personalization: the recipient's name, the last four digits of their account number, or other information that shows that the sender knows something about the recipient's account
• Attacks often contain spelling errors and bad grammar
• Messages often claim the user has ordered something that they never ordered

Keep your signature safe. Payment fraud occurs when an individual uses one of several payment devices (e.g., checks or credit cards) to conduct fraud and steal your money. They include:

• Check fraud
• Wire fraud
• ACH fraud
• Debit & Credit Card fraud

Check fraud includes counterfeit checks, altered checks, and forged signatures. To protect yourself:

• Keep your checks, deposit slips, and bank statements in a secure location
• Review your statements closely and report any discrepancies to your bank immediately
• Do not share your account number with anyone who does not need it
• Destroy old checks, statements, ATM receipts, etc., before discarding
• If you pay bills using checks that will be put in the mail, put them in a U.S. Postal Service blue box or bring them to the Post Office
• Never sign a blank check
• Do not endorse a check until you are ready to cash or deposit it
• Do not put your Social Security number, driver’s license number, telephone number, or credit card number on your checks
• Use a gel ink pen when you are signing checks (readily available at office supply stores, discount department stores, and some grocery stores) to write checks. The gel ink gets trapped in the paper and makes it much harder to wash than regular ink

Both wire and ACH (automated clearing house) transactions are forms of electronic fund transfers (EFTs). Wire and/or ACH fraud occur when a fraudster uses one of these transfer methods to obtain money based on false representation or promises. To protect yourself:

• Monitor your accounts regularly for unauthorized transactions. Report any unauthorized transactions to your bank immediately.
• Do not share your online banking logon credentials (user ID and password) with anyone
• Do not share your account number with anyone who does not need it
• Never access your bank account using a public computer (e.g., at the library or a hotel business office)
• Install a firewall on your computer to prevent unauthorized access
• Install and run anti-virus and anti-spyware software on your computer and keep them up-to-date
  

Card fraud is theft or fraud committed using a credit or debit card. The fraudster may use the card to obtain products or services or to withdraw money from your account. To protect yourself:

• Sign the back of your card as soon as you get it
• Get online statements instead of paper statements that come in the mail
• Check your statements as soon as you get them
• Be sure any sites you put your card information into (e.g., online shopping sites) are secure. The URL should start with https, not http.
• Protect your cards like you would cash—try not to let them out of your sight
• If your card is lost or stolen, notify your bank immediately
• Shred credit card applications you may receive in the mail
• Keep a record of account numbers, expiration dates, phone numbers, and addresses for each credit card in a secure place
• Never give your credit card number over the phone unless you initiated the call and are dealing with a trusted source
• Do not store your PIN with your credit/debit card

Stay smart on your mobile device. Using your mobile device to check the balances of your accounts or to process a simple transaction is convenient and can save you time, but has its risks as well. To protect yourself you should:

• Treat your mobile device with the same level of care as you would a credit card
• Password-protect your mobile device with strong passwords
• Store your mobile device in a safe place and use your mobile device’s auto-lock feature
• If your mobile device supports device encryption, use it
• Consider having a remote wiping system in case you lose your device or it gets stolen
• Keep all your software current. This includes security, browser, operating system and all other applications.
• Do not send confidential information in email or text messages (e.g., account numbers)
• Delete messages that contain account information, including account balances, and any alerts you receive on a regular basis
• Only download information (photos, ring tones, video clips, etc.) from trusted sources, and only download mobile apps from official app stores
• Follow the same rules you use on your computer with respect to opening email and attachments. Similar to phishing attacks on your computer, SMiShing attacks involve fraudsters using text messages with links or phone numbers to call on your mobile device.
• If you are concerned about the sites you are accessing from your mobile device, turn on the "show URL" or "show address bar" option so that you can see the actual site addresses to ensure they start with "https." Check the information that came with your device for specific instructions.
• Install antivirus software on your mobile device. Contact your carrier for specific information on available antivirus software for your device.