Three Rivers FCU HomeTRFCU On-Line ServicesTRFCU News and InformationTRFCU ServicesTRFCU Current RatesTRFCU Applications and FormsTRFCU On-Line Resource CenterTRFCU Contact Information


 

Protect Yourself From Fraud

protect yourself on-line | report phishing attempts | NCUA Fraud Alert

Many times, members (and non-members) receive e-mails that appear to be from Three Rivers FCU but are not. They are part of a scam commonly referred to as "phishing". They do not originate from Three Rivers FCU - We NEVER solicit personal information via e-mail or telephone. If you are asked to click through on a link to a page that appears to be a Three Rivers FCU page that asks for SSN, credit cards numbers, account numbers, etc. DO NOT PROCEED. Close the browser window and report the e-mail to Three Rivers immediately.

In addition to Three Rivers FCU organizations related to credit unions -- such as the National Credit Union Administration and the National Association of Federal Credit Unions are common targets. As with any such e-mail that requests you click a link to verify or provide personal information, DO NOT click the link. Instead, visit the organization's website (by opening your Web browser and manually typing their address or searching for it). Typically, they will provide you with reporting instructions.

For more information on these specific attempts, please see the following:
National Credit Union Administration | National Association of Federal Credit Unions

Remember, never provide your personal information when you are unsure of the source and do your research before you cash checks from unexpected givers.

Fraudulent email (also called phishing, spoofing or impostor email) and fraudulent Web sites are used to trick people into providing personal information that can be used for identity theft. Three Rivers FCU has developed a resource to help protect you against ID theft as well as other fraudulent Internet activities.

Definitions

Identity Theft:
Identity theft occurs when someone takes your personal information -- such as your financial institution account numbers or your social security number -- and then acts as you to run up charges and virtually destroy your financial credibility.

Phishing:
Phishing refers to a person or a group of criminals who create an imitation or copy of an existing legitimate website page to trick users into providing sensitive personal information. Responding to "phishing" emails creates a risk by obtaining personal data from unsuspecting victims via the Internet - like personal IDs, passwords, card numbers and PINs – that could be used or sold to other criminals who would use it for financial gain.

Pharming:
Pharming is the practice of establishing a fraudulent website containing actual copies of pages from a legitimate website to capture confidential information. Pharmers hack into DNS servers and change IP addresses, to automatically redirect visitors to their bogus copy site until the DNS records can be restored by the site owner.

Skimming:
Skimming criminals install unauthorized equipment on legitimate ATMs to steal magnetic strip data from the card being used and the PIN that is assigned to the card. A "skimmer" is mounted on the front of the ATM card slot that reads the card number and transmits it to the criminals, who sitting in a nearby car using a wireless connection. At the same time, a wireless camera is disguised to look like a brochure holder and is mounted in position to view the keying in of the PIN numbers. If you see such an attachment, do not use the ATM! Report it immediately to the financial institution.

Spyware:
Spyware is any software that aids in gathering information electronically about people or organizations without their consent and/or knowledge. The gathered info is collected and sent to an unauthorized third party. This type of software often gets installed unknowingly when downloading free software or clicking popups while on a website.

Recent Examples

Closed Account Hoaxes - An email is sent purporting to be from a financial institution stating the recipient's account has been closed or suspended. It requests that they click on a link in the email. The link (if clicked) takes them to an impostor website probing for account information. The fake emails attempt to frighten recipients by expressing a sense of urgency and making deadlines.

Fraud Verification Hoaxes - An email is sent purporting to be from a financial institution stating the recipient's account may have been part of a security breach. The email claims that the recipient should sign on using a provided link to update or verify their personal information. The link (if clicked) takes them to an impostor website probing for account information.

Internet Auction Hoaxes - People selling items on eBay and other Internet auction sites have been given counterfeit checks in payment for an item. The buyer sends the seller a counterfeit check for more than the item's selling price and requests the seller send the difference back to the buyer through Western Union or another means.

Member Satisfaction Survey - This eMail appears to be a request for a survey completion. It promises a monetary reward (such as $80 into your account) in return for a survey completion. The link takes the user to a page to complete a survey and other personal information. After submitting, it will seek your account number (suggesting we need it to place money in your account).

On-Line Fraud attempts usually also have one or a combination of the following:

  • They carry an urgent tone.
  • They request personal information
  • The include links that appear legitimate
  • The forge the sender's e-mail address to appear legitimate
  • They often have incorrect grammar and contain misspellings

How to Protect Yourself

Be wary of any seemingly legitimate email request that asks for personal information. If you receive a suspicious email:

  • DO NOT REPLY
  • DO NOT CLICK THE LINKS
  • REPORT THE EMAIL
  • DELETE THE EMAIL

    Additionally, here is more advice to help protect yourself:

  • DO review credit card and bank statements regularly so you can spot unauthorized or suspicious charges.
  • DO use anti-virus, firewall and anti-spyware software and keep it updated.
  • DO change passwords frequently and use creative non-obvious passwords.
  • DO Leave suspicious sites.
  • DO business only with companies you know and trust.
  • DO Check your credit report at least once a year to check for unknown accounts that may be fraudulently opened.
  • DO verify your last sign on date when you sign on to your on-line accounts.
  • DO consider going to paperless statements so they are not in your mailbox to be stolen.
  • DO use spam filters on your e-mail to reduce the amount of unsolicited materials you receive.
  • DO be aware of phony "look alike" sites that are designed to trick consumers.
  • DON'T email personal/financial information. Legitimate institutions never ask for sensitive information via email.
  • DON'T open unsolicited email attachments.
  • DON'T carry extra credit cards or unnecessary personal information. Minimize the amount of what criminals can steal.
  • DON'T write ATM PINs on paper and carry with you. Memorize and shield the numbers as you enter them at the ATM.
  • DON'T click the link. If you think the e-mail MAY be legitimate go to the actual website (i.e. type in 'www.3riversfcu.org').
  • DON'T Assume that if it has a logo, it is legitimate. It is relatively easy to copy an image from a website and paste it into your own materials.
  • DON'T delay if you think you have become a victim. Report it immediately.

Anatomy of a Phish:
Click here to view a sample (and common phishing elements) of an actual attempt in which Three Rivers FCU was the victim
(Requires Adobe Acrobat Reader)

How to Report it

Please reference the steps found here to properly report
phishing e-mails you receive that target Three Rivers FCU.

  1. If you are a victim of identity theft, or think you might be, ACT NOW. If it involves your Three Rivers FCU accounts, please notify us at

    Three Rivers Federal Credit Union
    Attn: Identity Theft
    P.O. Box 2573
    Fort Wayne, IN 46801-2573

    Please provide as much detail as possible about the accounts and/or transactions that are involved. We will contact you to discuss the matter. You may also visit any Three Rivers FCU branch or call our Member Relations Center at 260.490.8328 (800.825.3641), ext. 2940. E-mail inquiries can be sent securely by using your On-Line Message Center from within your On-Line Account Access sign on ID.

  2. Contact one of the major credit reporting agencies:

    Equifax
    www.equifax.com
    1-888-766-0008

    Experian
    www.experian.com
    1-888-397-3742

    TransUnion
    www.tuc.com
    1-800-680-7289

  3. Report the crime to your local police and sheriffs departments.
    By having the police report, you may have an easier time clearing your credit reports.

  4. File a complaint with the Federal Trade Commission (FTC)

    Federal Trade Commission (FTC)
    www.consumer.gov/idtheft
    Toll-free hotline 1-877-IDTHEFT (438-4338)

More Information:

 

NCUA Fraud Alert Information:

To assist our members and consumers in the effort to recognize, prevent, and report fraud, the following link is being provided to the NCUA Fraud Information Center.

Three Rivers also offers additional information in
protecting yourself from identity theft in our ID Theft Protection Resource