Member Security Education
What is Spoofing?
Spoofing is when a caller deliberately falsifies the information on your caller ID display to disguise their identity. Scammers often use neighbor spoofing so it appears that an incoming call is from a local number. They also like to use numbers from a company or government agency that you may already know and trust. If you answer, they will use scam scripts to try to steal your money or valuable personal information. This information can then be used in fraudulent activity. You may not be able to tell right away if an incoming call is spoofed. Be extremely careful about responding to any request for personal identifying information.
THINGS TO REMEMBER:
- Do not answer calls from unknown numbers. If you answer such a call, hang up immediately.
- If someone says they represent a company or a government agency, hang up. To verify the authenticity of the call, you should call the company or government agency on your own. Call the phone number on your account statement, in the phone book, or on the company’s or government agency’s website.
- If you answer the call and you are asked to hit a button to stop getting the calls, hang up. Scammers often use this trick to identify potential targets.
- Do not respond to any questions, especially those that can be answered with “Yes” or “No.”
- Use caution if you are being pressured for information immediately.
- Never give out any personal information! Do not give out account numbers, Social Security numbers, mother’s maiden names, passwords or other identifying information to suspicious callers.
- Legitimate sources will usually send you a written statement in the mail, especially if they are asking for a payment.
- If you have a voicemail account with your phone service, be sure to set a password for it. Some voicemail services are preset to allow access if you call in from your own phone number. A hacker could spoof your home phone number and gain access to your voicemail if you do not set a password.
- Talk to your phone company about call blocking tools and check into apps that you can download to your mobile device. The FCC allows phone companies to block robocalls by default based on reasonable analytics. More information about robocall blocking is available at fcc.gov/robocalls.
Beware of automated calls concerning your debit or bank card!
Fraudsters will try to obtain your debit card information by saying they are calling from the credit union or your financial institution. They will want you to enter your card number, expiration date, or security value (the 3-digit value on the back of the card). This is a phishing attempt. This is where the fraudster is trying to get your information to draw funds from your account by creating a counterfeit card.
There are three major red flags that should tell members to stop the call and hang up immediately:
- THE CALLER ASKS FOR YOUR PIN. Never provide your PIN to anyone – verbally or with your phone keypad. There is no valid reason that a caller will ever request your card PIN.
- THE CALLER ASKS YOU TO PROVIDE YOUR ONLINE BANKING ID OR PASSWORD.
- THE CALLER ASKS YOU TO PROVIDE YOUR CARD OR CVV NUMBER.
Fraud Department Phone Scam
Another credit union has learned of a new phone scam affecting its members and others around the country. The scam targets debit card information followed by large withdrawals from members’ checking accounts.
How it works: you will receive a phone call from a scammer pretending to be with our fraud department. The scammer is likely using a spoofed phone number so that the incoming number looks legitimate. The scammer explains that possible fraudulent activity occurred on your card. They will provide the you with fake transaction details to make it seem like your card has been compromised. They will attempt to verify your identity to help you get a new card. The scammer does this to try to gain your personal information and private banking information.
HealthCare First Credit Union does have a legitimate card security monitoring system in place where you may receive a call from an individual to verify transactions that appear to be fraudulent. However, we will not need the above requested information to determine the validity of the transactions. If you are ever suspicious about a call, contact us directly to speak with one of our account service representatives.
Firewalls and other sophisticated security measures have been developed to protect financial institutions over the years. These security measures make old-fashioned “hacking” much less prevalent. Cyber-thieves prefer the easy route – your computer. Here are a couple tips to make sure your computer is not the weak link in the security chain.
- Wired Access by Home Computer: Use a current anti-virus/anti-spyware scanning program, a current patched operating system, and a secure browser program. The Windows firewall should be activated, or another software firewall should be on the computer along with Intrusion Prevention or Intrusion Detection.
- Access by Wireless Home Network: Follow all the above rules for wired home computers, PLUS your wireless router should have a strong password protection, and it is recommended the wireless network have at least WPA or WPA-2 PSK encryption rather than WEP encryption.
Your accounts can be accessed under Online Banking via personal computer. Online Banking will be available for your convenience 24 hours per day. This service may be interrupted for a short time each day for data processing.
EFT SERVICES – If approved, you may conduct any one (1) or more of the EFT services offered by the Credit Union.
ATM/Debit Card – Visa Check Card – Voice Response – Preauthorized EFTs-Electronic Check Conversion – Electronic Returned Check Fees – Online Banking – Mobile Banking – Bill Payment
MEMBER LIABILITY – You are responsible for all transactions you authorize using your EFT services under this Agreement. If you permit someone else to use an EFT service, your card or your access code, you are responsible for any transactions they authorize or conduct on any of your accounts.
If you notice any suspicious activity, please contact email@example.com or call 888-296-8728.