Rainbow offers excellent resources to keep your financial identity safe

How carefully do you protect your account information?
Phony E-mails Are ‘Phishing’ for Your Identity
Updated Phishing Warnings below as of 11/1/2009-click here

Consumers who use e-mail have yet another scam to watch out for. Fake e-mails purporting to come from your financial institution or credit card issuer ask you to “confirm” your account number and other specific data under the guise of updating their records. This is known as “phishing.” The objective is to fish for your personal information in order to steal your identity. And just about everyone knows the disaster that can happen after that.

These e-mails are official-looking messages that are designed to trick you into divulging your financial and personal information, such as account numbers, passwords, user IDs, Social Security number and similar data linked to your personal, financial life. Such messages may even look like they’re coming from CREDIT UNION. Keep in mind that we would never ask you for any kind of confidential or financial information by email. Your Best Protection Is Self-Defense. Never reply to an e-mail message that requests personal or financial information, even if it appears to be legitimate. Telephone the institution using a number you already have to find out if it is seeking such information, and respond accordingly.

     Follow these tips if you should receive what appears to be a phishing e-mail message.
                            • Treat such an e-mail with suspicion.
                            • Do not reply or click on a link appearing within it.
                            • Contact the alleged sending institution to report the suspicious e-mail.
                              If requested, forward the message to the company for their follow-up.

     While the opportunities opened up by the Internet have done wonders for on-line users, the World Wide Web has also made them susceptible to fraudulent schemes of clever, predatory scammers. This may lead to adding another meaning to the popular warning, caveat emptor.

You may feel safe if you don’t use
the Internet ... but ID theft is everywhere

Scams and identify theft are perpetrated over the telephone, through the trash your throw out or while writing out your check when standing in the grocery line. You receive a phone call asking to verify your account information. They sound official; so you may offer up the information they are seeking. Or someone sells you a product or service via the telephone and offer you the convenience of auto-paying from your checking account. Again, the information is provided ... but provided to the wrong people. Standing in line, writing out your check for groceries ... someone else may have a clear view of your check, which includes your name, address, and phone number as well as your financial institution’s account and routing number. You’re done with your credit card statement and you toss it into the waste bin. Your trash is set out on the curb ... your private account information is sitting out on the curb. Most people are extremely honest and wouldn’t dream of committing a crime. Unfortunately there are enough dishonest people around and our world is now different. Today we lock our doors and we no longer leave our keys in the car. Today you have to be on guard. Do not give out personal information, and never, ever give out account or social security numbers. If that information must be exchanged, be very sure of who you are communicating with.

Is nothing sacred??? There are now counterfeits of Postal Money Orders. If you want more information on the USPS money orders and how to know which is real and which isn't, please go to this website: http://www.usps.com/missingmoneyorders/security.htm. The maximum value for a domestic postal money order is $1,000; international postal money orders are limited to $700. Many times when you go to make a deposit with a check received from a bank, insurance company or money order, that check held for 10 or more days before funds are released to you ... which can be frustrating. But that frustration will pale in comparison to what you will experience if the check you have deposited in good faith turns out to be counterfeit. If the funds had been made available to you on the day of your deposit, and the check was bad ... it would have been up to you to personally to cover the check ... and I don't know a lot of people that can do that today. Even bank cashier's checks have fallen pray. An additional website to look at is the U. S. Government's site: http://www.secretservice.gov/money_detect.shtml on counterfeit money. Like a bad check, you are again out the funds. It all comes down to being prudent and using good common sense.

Below are links to printable PDF documents, giving you clear information on what to do if you're a victim of identity theft; how to minimize your exposure, etc.

     Kids are having their identity stolen in record numbers! We often hear about the theft of adults' identities and the nightmares that can cause for the victims.
     But flying under the radar is another type of identity theft that's potentially every bit as harmful, if not more: the swiping of the IDs of children. According to the Federal Trade Commission, 400,000 children have their IDs stolen each year.
     They are the perfect targets because they have clean credit histories and thieves can get away with the crime for years, since kids and their parents rarely check the kids' credit reports.
     Example: a victim, now 19, who found out when he was 17 that his ID had been stolen when he was seven. The thief used his identity to get a loan and buy a houseboat.
     Parents need to keep their kids' information private. If your children start to get junk mail for credit card offers, it might seem cute, but it could mean that someone is using their identity.
You should check your children's credit reports every year. You can do that for free at http://www.annualcreditreport.com, the only official Web site for free credit reports. And you can put a block on your children's reports, so people can't use their Social Security numbers and names to easily obtain credit.

BULLETIN FROM NYCE: Beware of Unauthorized E-mails From NYCE. It has come to our attention that some participants and cardholders have received fraudulent e-mails that appeared to have come from NYCE with the heading “Your NYCE ATM/Debit Card has been deactivated.” The e-mail contains a link taking readers to a site that resembles the NYCE website. Please be advised that these e-mails are not being sent by NYCE and that NYCE’s website is not contained within the e-mail. To ensure proper awareness and security for all NYCE Corporation constituents, please be aware of the following:

NYCE Corporation WILL NOT:
~ Initiate communication directly with cardholders regarding any account/personal information.
~ Automatically activate or deactivate a Debit Card held by an end-user Note: NYCE is not a Card Issuer, and therefore does not issue cards to individuals.
~ Request personal information (such as card numbers, PIN numbers, etc.) via the Internet.

If your employees or cardholders receive an e-mail of this nature, please instruct them to immediately delete the e-mail and not provide any information. Further, we ask that you please make sure cardholders are aware of phishing scams, and other attempts to collect personal information via the Internet.

How to Recognize and Avoid Phishing Scams

Be suspicious of any e-mail or other message containing an urgent request for your personal information.
Phishing scams typically include upsetting or exciting (but false) statements to encourage victims to act immediately. They typically ask for information like usernames and passwords, credit card numbers, Social Security numbers and more.

Even if you think a request for information may be legitimate, don't click the links in the e-mail to visit a Web site.
Sometimes links can be disguised to look like they're taking you to a real site, when they're actually taking you to a scam site. Instead of clicking a link, type the Web site's address by hand to ensure that you go to the company or organization's real site.

If the request for information is coming from a company or organization with whom you have a relationship, call them directly to confirm whether they actually need the information and, if so, whether you can provide it over the telephone.

Obviously if you are questioning something, whether it's a web site, or check you've received - call the company or financial institution directly - that means don't use the phone number provided, but look up the phone number.

Be extremely careful if you share personal or financial information online.
It is recommended that you never provide sensitive information via e-mail or instant message. Providing this information via Web site is acceptable only if you are certain that the site is legitimate, and the site is secured (see below for additional info).

If you submit information to a Web site, make sure the site is secure.
Look for the "lock" icon on the status bar at the bottom of your browser window. The lock icon typically appears in the lower right-hand corner of the browser window. In addition, check the beginning of the URL or Web address - if it starts with "https://," rather than just "http://," you're on a secure server.

Review credit card and other account statements regularly.
If you see anything suspicious, contact your bank or credit union and all your credit card issuers immediately. If your statement is late by more than two or three days, call your credit card company or financial institution to confirm your billing address and account balances.

Keep your operating system and Web browser up to date.
To update your Windows® operating system and your Internet Explorer® browser, go to windowsupdate.microsoft.com. Follow the instructions there to check for updates, then download and install any critical updates. Other browsers that are popular: Firefox 3.5 http://www.mozilla.com/en-US/firefox/ie.html,
Safari 4 http://www.apple.com/safari/ or check CNET for current browser information: http://download.cnet.com/windows/browsers/

Install and run anti-virus software and update it frequently.
Upgrade now, or use any one of many commercially available anti-virus programs. Norton's and McAfee are to of the popular anti-virus software out there ... and also two of the most proven brands. www.Norton.com http://www.mcafee.com/us/ (if a back button doesn't bring you back to where you want to be - double click the back button)

No matter which anti-virus program you use, make sure you keep it up-to-date, or it will provide less and less protection over time. Instructions for updating your software should be included in your program's manual or help area. You can also check the program manufacturer's Web site for instructions.

If you are an AOL user - run AOL® Spyware Protection software regularly.
(other sites like AOL will presumably offer similar protections)
AOL offers AOL Spyware Protection to all members for no additional charge. Visit AOL Keyword: Spyware for more information.

Run firewall software on your computer.
A firewall is your computer's first line of defense against harmful attacks from the Internet. If you have a broadband connection, use firewall software to hide your computer from hackers and help protect it from destructive computer trojans and worms.

Report any phishing scams you receive to the following organizations.
Report e-mail phishing scams to AOL by clicking the "Report Spam" button at the bottom of the AOL mailbox or use the Report Spam icon at the right when you are reading the message.

Forward the scam e-mail to the company featured in the e-mail if it is a legitimate company.

Forward the entire e-mail to the Federal Trade Commission at spam@uce.gov.

Top Five Phishing Scams:
Find out what to look for:

At the bottom of this page are two excellent links to
the Federal Trade Commission and the information
on consumer safety is well worth your time to read.

RISKAlert - IRS Phishing Emails - Tax Refunds
The Internal Revenue Service and the Internet Crime Complaint Center have issued consumer alerts about an Internet scam in which consumers receive an e-mail informing them of a tax refund.

The Internal Revenue Service and the Internet Crime Complaint Center have issued consumer alerts about an Internet scam in which consumers receive an e-mail informing them of a tax refund. One e-mail, which claims to be from the IRS, tells the recipient that they are eligible to receive a tax refund for a given amount. It then directs the consumer to a link that requests personal information, such as Social Security number and credit card information.

Another e-mail titled "Refund Notice" claims to provide information to recipients regarding the status of their IRS Tax Refunds. The e-mail contains a link, which mirrors the true IRS web site. This site purportedly allows recipients to check the status of their IRS tax refund after providing the following information: First and last name, Social Security Number or IRS Individual Taxpayer Identification Number, Credit card information

The IRS has seen numerous attempts over the years to defraud the public and the federal government through a variety of schemes, including abusive tax avoidance transactions, identity theft, claims for slavery reparations, frivolous arguments and more. More information on these schemes may be found on the criminal enforcement page at www.IRS.gov.

The IRS does not ask for personal identifying or financial information via unsolicited e-mail.

HOW TO FIX IT ... WHAT TO DO???
Many insurance companies are promoting identity theft insurance policies. They offer to cover lost wages, pay for attorney fees, and even hire a firm to help you fight identity theft issues.

Allstate's Insurance costs 40-dollars per year if you're already an Allstate customer. Nationwide also offers a similarly priced product, as I'm sure other companies do. You will find, however, that there are other so-called identity theft resolution companies charge up to $1,000. It is estimated if you took on the task yourself, and it can be done, you're looking at about 30 hours of your time.

The Federal Trade Commission says the majority Of identity theft victims can restore their identities themselves with minimal time and cost. To help, the FTC offers a free hotline with live counselors and a universal Affidavit consumers can use to notify credit bureaus and other agencies.

But the FTC says if your situation gets too complicated or costly, you still may need an attorney to get your identity back. For help, call the FTC at 1-877-ID-THEFT or click on this link for more information on resolving identity theft: http://www.ftc.gov/bcp/menus/consumer/tech/privacy.shtm and
http://www.ftc.gov/bcp/edu/pubs/consumer/tech/tec09.shtm

Updated Phishing Information as of 11/1/2009

Details:

Fraudsters are finding new ways to lure members into disclosing their personal and financial information. While the style and type of information is constantly evolving, there are phishing scams that continue to affect credit unions and members.

These scammers need your member’s personal and financial information to put money into their pockets – regardless if the money comes from your member’s savings, checking or loan accounts. Time and again, scammers are successful in identifying and targeting the weakest link to enable this crime.

The credit union industry continues to communicate the various types of phishing (email), smishing (text message), vishing (landline), VoIP (internet phones) and mail letter phishing scams. These tactics are working because members continue to disclose their information. Bringing awareness to our members and educating them on the changing phishing landscape is critical for our industry.

The following are phishing techniques that fraudsters are using to capture members’ personal and financial information:

Scam: Social Networks
- Members should be wary of clicking any links in emails or accessing social networking sites for holiday themes such as Halloween upon us. Holiday scams contain links that redirect members to an indirect site registered by the fraudster.
Prevention:
- Members should close their browsers if they see a link to download or install an application.
Scam: Call Forwarding
- Fraudster is call forwarding your members’ landline or cell phone number to another telephone. In most cases, it’s a prepaid cell phone.
Prevention:
- Members should place a password on their telephone numbers to prevent them from being call forwarded.
Scam: Text Messaging
- Fraudster sends a text message (smishing) and your members respond to the request.
Prevention:
- Credit unions should advise members to be alert when text messages appear on their cell phone, smart phone or PDA device. If the text message requests personal or financial information, members should contact the credit union immediately and not respond to the text message.
- If a smishing attack occurs, proactively communicate to members via statement stuffers, website alerts and voice message alerts.
Scam: System Intrusions
- Fraudsters are focused on phishing your members to provide account numbers, passwords and user names to get into the home banking system. The industry has shown an up tick in system intrusions through unauthorized ACH and/or wire requests.
Prevention:
- Credit unions should implement multifactor authentication to prevent fraudsters from gaining access to systems.
- Members should monitor their transaction activity daily to help identify any unauthorized activity. They should watch for unauthorized ACH or wire transfers.
- Credit unions should communicate with members to never share their user names, passwords and any account information.
Scam: Voice Vishing
- This scam attempts to trick members into providing personal and financial information over the phone. Most vishing scams begin with an email or text message asking your member to call a toll-free number. When members call the number, they are led through a series of voice prompted menus that ask for key financial information such as a card or member account and the PIN.
Prevention:
- Members should not call the telephone number. Rather, they should report this to the credit union and telecommunications carrier immediately. This number needs to be shut down to help prevent others from responding to the attack.
Scam: Spoofing Caller ID
- Members receive a call from either a live person or a recorded message with a spoofed caller ID. The caller ID may list a legitimate looking telephone number. Fraudsters have spoofed caller ID systems or assign any area code to a phone number so it appears to be an 800 number or a local number.
Prevention:
- Members should never provide any personal or financial information to the caller. Always hang up and contact the credit union to report this activity. Your credit union will not request personal or financial information from you via a telephone call.

Email, text message and phone calling are various forms of phishing. Fraudsters are asking for other types of information beyond card information to steal money from your members. Ongoing member education is critical since these types of attacks are not going away.


Home \| Home Banking \| Consumer Loans \| Mortgage Loans \| CUe-Statement	Rainbow FCU © 1995-2009

Site Menu: