Fraud & Security Resources

ATMs often operate differently from one another. Here are some helpful tips to protect yourself from possible risks while using an ATM or debit card.

When selecting a card PIN, don’t use a number easily guessed based on wallet contents (i.e. zip code, birth date) and don’t you use the same PIN for all cards. And remember not to write down your card’s PIN. When using an ATM, be aware of those around you to keep your transaction as secure as possible. Also, throw your receipt away somewhere other than near the ATM to avoid information theft. When at a restaurant, turn your card face down when paying the bill and take all receipts upon leaving as others can get private information that way.

How can I avoid having my identity stolen? There are many steps you can take to avoid identity theft. One of the best things you can do is order a copy of your credit report. The Fair Credit Reporting Act requires each of the major nationwide consumer reporting companies to provide you with a free copy of your credit report, at your request, once every 12 months. To order your free annual report from one or all the national consumer reporting companies, go to www.annualcreditreport.com.

Additionally, try these general practice safeguards:
 

• Limit your credit cards and sign the backs with permanent ink
• Copy wallet contents and store in a safe place in case your wallet is stolen/lost
• Do not give out personal information on the phone, through mail, or on the Internet, unless you initiate the contact
• Do not carry your Social Security number card with you
• Mark out your card number on the receipts when paying with a credit card
• Shred everything that contains personal information that is not needed
• Don’t print your Social Security number printed on checks
• Opt out of credit reports pre-screens; call 1 888 567-8688
• Be cautious when responding to promotions - Secure personal information in your home to avoid theft
• Treat your mail carefully. Place outgoing mail in a secured box (post office collection boxes) and request a vacation hold if you’re away from home
• Ask about information security procedures at places that collect your personal information (work, doctor, etc.).

 

On your computer:
 

• Update virus protection software regularly
• Don’t open files sent to you by strangers
• Use a firewall program
• Use a secure browser
• Use strong passwords
• Before you dispose of a computer, delete all the personal information it stored
• Look for website privacy policies

Cell phone theft is a prevalent problem throughout the United States. Aside from the headache caused by a stolen phone, victims of cell phone theft are vulnerable to identity theft. Hackers can use basic information stored on a phone to gather important information about the victim. For example, call histories can reveal where the individual does their banking and text messages often contain important password information.

It is important to protect yourself against cell phone theft. Try these general safeguards to reduce your chances of becoming a victim of cell phone theft:
 

• Do not carry your phone in your hand where someone could easily grab it from you
• Never leave your phone unattended in a public place
• Do not store any personal information on your phone
• Download an anti-theft application which allows you to make the phone unusable in the event of theft
• Keep your phone’s serial numbers in a safe place to give to the police in the event of theft

Protect yourself from common problems like viruses, worms, trojans and spyware, and hackers (thieves who use computers to get your information) by implementing a few easy tasks.

On your system, update your software on a regular basis (set to automatically update is best) and use up-to-date antivirus and anti-spyware programs. Be sure to have an active firewall on your computer and router and be aware of changes to your computer (i.e. slowed processing speed) which may indicate something running in the background. When you aren’t using your computer, turn it off or disconnect it as many virus-like programs wait to go to work until your computer is asleep.

When online, don’t download programs unless from a trusted source (children’s games and programs can often spyware that should be avoided) and avoid suspicious websites altogether.

Originally, firewalls were used to protect computer networks. Because viruses spread easily this way, many computers and routers now have firewalls as standard equipment. If your computer or router doesn’t have a firewall, follow these steps to make sure you’re covered.

In Windows XP, select the "Start" button, open the control panel, and double-click on the Windows Firewall icon. If the firewall is “off”, click the "on" button to activate. If your router has a firewall and it is enabled, leave the "Don't allow exceptions" box unchecked on your PC. This allows other computers on your network to share files or printers and not be blocked. If it notes exceptions, review which are being allowed. When connecting to an unsecured network (coffee shop or a hotel room) check the "Don't allow exceptions" box for the highest level of protection.

Your internet service provider can help address many concerns about firewalls, or you can try Microsoft's help at www.microsoft.com.

Passwords keep your information safe and secure so set one that is easy to remember yet complicated enough to foil most security attacks.

To make a more secure password, try mixing in numbers and punctuation, use both capital and lower case letters, use at least eight characters (if allowed), and change your password at least every 90 days. Try spelling numbers, substitute letters for similar characters, or use abbreviations of a longer phrase to better remember your password.

A virus is a man-made computer program that infects computers and when opened via emails. It usually needs to be opened to spread, but can also be activated through other programs and runs without your knowledge. A worm is like a virus but spreads on its own through exploiting network security weaknesses. Both usually come through e-mails or websites, and can unknowingly be from a trusted source.

Use an up-to-date anti-virus program to avoid viruses and worms. Simply keeping your computer software updated can also be helpful. Back up all important files regularly, as they may be removed when cleaning a virus off your system. In terms of web use, don't open email attachments from unfamiliar senders; if it is from a trusted sender, be cautious when opening. Peer-to-peer file sharing programs easily spread viruses, so use caution there as well.

If you use our Internet Banch^SM, mobile banking, or other Internet banking services as a consumer or as a business, you will be interested in the following information. It will help you know more about your protections and how to keep your online transactions safe and secure.

US Federal is required to follow specific rules issued by the Consumer Financial Protection Bureau; one of those rules, known as Regulation E or Reg E, covers consumer electronic transactions. Reg E covers all kinds of situations revolving around transfers made electronically. Under the consumer protections provided under Reg E, you can recover Internet banking losses according to how soon you detect and report them.

If you report the losses within two (2) days of receiving your statement, you can be liable for the first $50. After two (2) days, the amount you can be liable for increases to $500. After sixty (60) days, you could be liable for the full amount. Details on your rights and obligations regarding electronic transfers are contained in our Membership Agreements and Account Disclosures. In addition, information on how to report errors or make inquiries about an electronic transaction is included on the back of your regular account statement.

For business accounts, Reg E consumer protections do not apply; so it is important for business owners who use online services to use enhanced controls that include:

• conduct periodic assessments of internal controls;
• use layered security for system administrators;
• initiate enhanced controls over high-dollar transactions; and
• provide increased levels of security as transaction risk increase

Understanding how fraudsters may try to trick you and understanding the risks is critical to safe online transactions. That’s why we provide you with a variety of security topics and resources on our website. Take further steps to protect yourself and make your computer safer by installing and regularly updating:

• anti-virus software;
• anti-malware programs;
• firewalls on your computer; and
• operating system patches and updates

Additional steps include:

• create strong complex passwords that contain both UPPERCASE and lowercase letters, numbers and any allowed special characters
• if you think you may have visited a website with malware or if you think your computer may be infected with a virus, do not access your online banking or other sensitive logins until you have scanned your computer and know it is clean and virus free

We will never contact you to request your member number, User ID or Internet Branch password; if someone does, it’s probably a fraudster. Additionally, we will never contact you and ask for your debit/credit card numbers or PINs. Unless you contact us regarding your account, always reframe from giving this information to anyone attempting to identify themselves as a credit union employee who is trying to verify your account information via phone, text or e-mail.

If you notice suspicious activity within your account or experience a security-related event (such as loss of confidential financial information, compromised PIN or password, know or suspect infection of computer or network by viruses or malware, etc.) please contact us immediately, and we will help you with your situation.

In today's modern world, it is difficult for parents to be sure their children can safely engage in online activity. Help keep kids safe while using the web by keeping computers in common areas of the house and out of bedrooms, utilizing parental control software (filters/blocks content or allows use based on rating), and monitoring or restricting access to the web on cell phones and discuss how to use it appropriately.

Remember that your home computer isn’t the only place they can access the Internet. Teach them skills they can apply in and out of the home. Here are some good starting points.

Never: Arrange to meet with anyone they meet online - Upload photos of themselves, as they can be edited and shared easily - Provide personal information (real name, phone number, address, etc.) - Create a screen name that reveals too much about yourself (i.e. MNSuzie16) - Download photos, as they may be inappropriate - Respond to uncomfortable, obscene, suggestive, or harassing messages - Believe everything you see or read online as the truth - Post something you don’t want others to see (once it’s posted, can’t take back) - Talk with strangers online; many people aren’t truthful about who they are
For additional information on how to keep kids safe online, try GetNetWise - www.getnetwise.org, Internet Keep Safe Coalition - www.iKeepSafe.org, i-SAFE - www.i-safe.org, National Crime Prevention Council - www.ncpc.org; www.mcgruff.org, National Cyber Security Alliance - www.staysafeonline.org, Staysafe - www.staysafe.org, or Wired Safety - www.wiredsafety.org.

Because of today’s technology, shopping online is easy. To shop safely, be sure you know from whom you are buying by getting contact information from the seller and check with the Better Business Bureau to verify there are no complaints logged against them. Review their privacy and return policies. Before purchasing, look for signs of encryption to make sure your transaction is secure, and be aware of how the transaction is conducted. Never provide your sensitive information via email to the seller. When purchasing, know exactly what you are buying and how much it will cost. And be sure to read all the fine print as well as warranty and service information. Pay with a credit card in case you want to dispute charges for goods you never received, ordered, or that were misrepresented to you. Finally, print and save records of all online transactions and the associated details.

If you have problems with an online shopping transaction, try to reach a resolution directly with the seller of the product or director of the auction site (i.e. eBay). If you can’t resolve the issue, contact and file a complaint with one or more of the following:

• Better Business Bureau - www.bbb.org/complaint.asp
• The National Association of Attorneys General - www.naag.org/
• The Federal Trade Commission - rn.ftc.gov/pls/dod/wsolcq.startup?Z_ORG_CODE=PU01
• The county or state consumer protection agency
• Foreign country merchants - www.econsumer.gov/english/

Wireless connectivity has increased the ability for others to gain access to networks, or even access information on your computer.

In terms of how your network is set up, make sure your router is encrypted, make your router’s identifier unique, and set a strong password. Additionally, turn off identifier broadcasting so other devices don’t notice your presence. As usual, anti-virus and anti-spyware software paired with a firewall will help safeguard your system from being accessed. Remember, too, that public Wi-Fi networks aren’t always secure, so be wary of how you use them. When you are in public and not accessing the web, disable your Wi-Fi for added security.

Help ensure that your personal information is not only always at your fingertips, but always in safe hands when using mobile banking by avoid clicking links sent to you in emails, text messages, and other online media from unfamiliar sources directing you to the mobile banking site. Trust your instincts. If something seems wrong, it probably is. If you notice US Federal’s mobile site looks different or if you see significant spelling and grammar errors, close your browser and give us a call.

US Federal uses a Mobile Banking/Internet Banking solution. www.usfed.mobi is secured using industry-standard technologies (SSL, WTLS, and PKI) including security certificates (256 bit encryption), Multifactor Authentication, short time-out periods, and a secure log out feature which removes cookies from the mobile device.

At times, individuals try to mimic legitimate sites to gather personal information for fraudulent use. Guard yourself by understanding what to look for when visiting websites. Extended Validation (EV) certificates are an authentication method that visually shows you are visiting a legitimate website. With an EV certification, it's more difficult for an imposter site to appear authentic.

When you visit sites through an EV-supported browser, your address bar may change colors to indicate its security level. A green bar notes that US Federal (for example) controls the site you’re visiting (see below). A yellow or red bar means there may be a problem validating the site. The lock icon on your browser will also indicate encryption is taking place for your safety.

Online banking is a huge convenience. However, it may add risk if you're not careful. Protect yourself and your sensitive information by accessing online banking only from your computer to avoid unsafe settings or viruses. Verify the connection to the site is secure. If it is secure, the URL should start with https:// (the "s" means secure) and you should see a small yellow padlock icon on the bottom status bar; if either of these are not found, contact the financial. Don’t use email or text links asking for verification, and forward to the financial if you receive something like this. Overall, remember to trust your instincts. If something seems off, close the browser and call your financial.

US Federal already has a few safeguards in place to aid in secure online banking. Secure Socket Layer (SSL) encryption (using highest level of 128-bit) scrambles data during transmission to protect it from being deciphered and Enhanced Login Security for Internet Branch identifies you as the “owner” of your accounts. If your password or computer isn’t recognized (i.e. you logged in from a public computer or one not used before), you’ll be asked challenge questions to confirm your identity. You can sign up for this feature upon login to Internet Branch.

Public Wi-Fi and computers allow us to remain connected almost everywhere; however, that can create vulnerabilities in security. Try to avoid checking any financial account information or sensitive personal information from an unknown computer. Not only can someone steal your information via software or hardware, but they may also be able to see over your shoulder, either in person or via a security camera.

If you need to access sensitive information from a public system, use a friend's or relative's computer if possible. If you must use a kiosk, make sure your login is secure. After using a public network, use your home computer to change the password on any accounts that you accessed from foreign systems to help safeguard future issues. Be sure to monitor accounts you accessed on the public computer for the next few weeks, looking for unauthorized access.

Pharming is similar to phishing. Phishing requires victims to voluntarily visit a fraudulent site where pharming simply redirects victims to fraudulent websites without assistance. Pharming requires software or server vulnerabilities to exist, or the criminal needs an insider to make unauthorized changes in order to redirect site visitors.

US Federal works diligently to manage and update its server software to maintain a high level and standard of security to avoid pharming scams.

Smishing is scam that uses “phishing” tactics through SMS (text message) communication and attempts to acquire sensitive information by masquerading as a trustworthy source. It is especially dangerous because, in rare occasion, these scams can infect your phone with a virus, too. If you are suspicious of smishing based on the sender or subject details alone, don’t open the message. If you do open it, do not open attachments, click links, or call phone numbers and don’t respond if prompted to verify your information. Use your usual log-in processes to check your account and call the company directly.

Phishing is a type of scam through e-mails that ask you to verify personal information. Replicas of existing web pages are used to deceive you into entering personal, financial or password data. They often try scaring your into action, like threatening to close accounts if you don’t respond.

If you are suspicious of phishing based on the sender or subject details alone, don’t open the message. If you do open it, do not open attachments or click links and don’t respond if prompted to verify your information. Up-to-date virus protection software and updates to your computer operating system will also be helpful.

Vishing uses a combination of VoIP (Voice over IP: phone calls through web) and phishing to identify key strokes or phone tones to gather personal information. It takes advantage of comfortable and secure methods used by financials to deceive consumers, and often uses local area codes to make it seem more legitimate.

You should be skeptical of anyone contacting you and attempting to gain your private banking or personal information. Contact your financial directly through a number you know is valid rather than respond to one provided.

Trojans attempt to gain information from your computer by disguising as a trusted program. Spyware attempts to gather information about you and your browsing habits in order to send you targeted ads via spam e-mail. Both are often hidden inside other computer programs (i.e. screen savers, time and date updaters, weather updaters) and infect it when the program runs.

Avoid these by being aware of what you install on or download to your computer. If you are unsure of its legitimacy, do a search for reliable information regarding the program before adding it to your system. Up-to-date anti-virus and spyware detection programs are also helpful in protecting your computer.

If you think you’ve been infected, update all virus definitions and run a full scan with your anti-virus software. If your system still appears compromised, fix it and then change your password again. You’ll also want to check your online accounts (email, online bank accounts) and change those passwords, as those may have been compromised as well.

Keylogging uses a device (hardware) or program (software) to track and record what you type. If it’s in a software program, a file is created and sent to a specified recipient. If it’s in hardware, the person who installed the hardware must retrieve it in order to access the information gathered.

Despite their constructive uses, keyloggers are usually used maliciously to gain account numbers, PINs, login names and passwords. A keylogger can be installed unbeknownst to your system via a virus or spyware, which then uses trojans to execute. The program can also use email to direct you to respond or click on an attachment and enter personal information. Keyloggers also sit on various websites waiting to install themselves on unpatched or unsecured machines that hit their site.

Botnets are groups of computers (robot networks) that work together without your knowledge to scan computers for vulnerable software holes in hopes of gaining important information. Each computer added to the robot network increases its overall strength. Once a botnet has found your computer's vulnerabilities, it attacks through keylogging, click fraud (activates viruses through clicking other sites), spam or phishing scams.

Protect yourself by using up-to-date anti-virus and anti-spyware programs. Disconnect from the web when you are not using your computer to avoid activity while you’re away. It’s also best not to click on sites you don’t trust, monitor your 'Sent' and 'Outgoing' email boxes for messages you didn’t send, and be cautious about opening email attachments regardless of who they are from.