|
Protect
Yourself From Fraud protect
yourself on-line | report
phishing attempts
Many
times, members (and non-members) receive e-mails that appear to be from Three
Rivers FCU but are not. They are part of a scam commonly referred to as "phishing".
They do not originate from Three Rivers FCU - We NEVER solicit personal information
via e-mail or telephone. If you are asked to click through on a link to a
page that appears to be a Three Rivers FCU page that asks for SSN, credit cards
numbers, account numbers, etc. DO NOT PROCEED. Close the browser window and report
the the e-mail to Three Rivers immediately. In
addition to Three Rivers FCU organizations related to credit unions -- such as
the National Credit Union Administration and the National Association of Federal
Credit Unions are common targets. As with any such e-mail that requests you click
a link to verify or provide personal information, DO NOT click the link.
Instead, visit the organization's website (by opening your Web browser and manually
typing their address or searching for it). Typically, they will provide you with
reporting instructions. For
more information on these specific attempts, please see the following:
National
Credit Union Administration | National
Association of Federal Credit Unions
Remember,
never provide your personal information when you are unsure of the source
and do your research before you cash checks from unexpected givers.
Fraudulent email (also
called phishing, spoofing or impostor email) and fraudulent Web sites are used
to trick people into providing personal information that can be used for identity
theft. Three Rivers FCU has developed a resource to help protect you against ID
theft as well as other fraudulent Internet activities. Definitions
Identity
Theft:
Identity theft occurs when someone takes your personal
information -- such as your financial institution account numbers or your social
security number -- and then acts as you to run up charges and virtually destroy
your financial credibility. Phishing:
Phishing refers to a person or a group of criminals who create an imitation or
copy of an existing legitimate website page to trick users into providing sensitive
personal information. Responding to "phishing" emails creates a risk
by obtaining personal data from unsuspecting victims via the Internet - like personal
IDs, passwords, card numbers and PINs – that could be used or sold to other
criminals who would use it for financial gain. Pharming:
Pharming is the practice of establishing a fraudulent website containing actual
copies of pages from a legitimate website to capture confidential information.
Pharmers hack into DNS servers and change IP addresses, to automatically redirect
visitors to their bogus copy site until the DNS records can be restored by the
site owner.
Skimming:
Skimming criminals install unauthorized equipment on legitimate ATMs to steal
magnetic strip data from the card being used and the PIN that is assigned to the
card. A "skimmer" is mounted on the front of the ATM card slot that
reads the card number and transmits it to the criminals, who sitting in a nearby
car using a wireless connection. At the same time, a wireless camera is disguised
to look like a brochure holder and is mounted in position to view the keying in
of the PIN numbers. If you see such an attachment, do not use the ATM! Report
it immediately to the financial institution. Spyware:
Spyware is any software that aids in gathering information electronically
about people or organizations without their consent and/or knowledge. The gathered
info is collected and sent to an unauthorized third party. This type of software
often gets installed unknowingly when downloading free software or clicking popups
while on a website. Recent
Examples Closed
Account Hoaxes - An email is sent purporting to be from a financial
institution stating the recipient's account has been closed or suspended. It requests
that they click on a link in the email. The link (if clicked) takes them to an
impostor website probing for account information. The fake emails attempt to frighten
recipients by expressing a sense of urgency and making deadlines. Fraud
Verification Hoaxes - An email is sent purporting to be from a financial
institution stating the recipient's account may have been part of a security breach.
The email claims that the recipient should sign on using a provided link to update
or verify their personal information. The link (if clicked) takes them to an impostor
website probing for account information. Internet
Auction Hoaxes - People selling items on eBay and other Internet auction
sites have been given counterfeit checks in payment for an item. The buyer sends
the seller a counterfeit check for more than the item's selling price and requests
the seller send the difference back to the buyer through Western Union or another
means. Member
Satisfaction Survey - This eMail appears to be a request for a survey
completion. It promises a monetary reward (such as $80 into your account) in return
for a survey completion. The link take sthe user to a page to complete a survey
and other personal information. After submitting, it will seek your account number
(suggesting we need it to place money in your account). On-Line
Fraud attempts usually also have one or a combination of the following:
- They carry an urgent tone.
- They
request personal information
- The
include links that appear legitimate
- The
forge the sender's e-mail address to appear legitimate
- They
often have incorrect grammar and contain misspellings
How
to Protect Yourself Be
wary of any seemingly legitimate email request that asks for personal information.
If you receive a suspicious email:
- DON'T email personal/financial
information. Legitimate institutions never ask for sensitive information via email.
- DON'T
open unsolicited email attachments.
- DON'T
carry extra credit cards or unnecessary personal information. Minimize the amount
of what criminals can steal.
- DON'T
write ATM PINs on paper and carry with you. Memorize and shield the numbers as
you enter them at the ATM.
- DON'T
click the link. If you think the e-mail MAY be legitimate go to the actual website
(i.e. type in 'www.3riversfcu.org').
- DON'T
Assume that if it has a logo, it is legitimate. It is relatively easy to copy
an image from a website and paste it into your own materials.
- DON'T
delay if you think you have become a victim. Report it immediately.
Anatomy
of a Phish:
Click
here to view a sample (and common phishing elements) of an actual attempt in which
Three Rivers FCU was the victim
(Requires Adobe
Acrobat Reader) How
to Report it Please
reference the steps found here to properly report
phishing e-mails you receive that target Three Rivers FCU.
- If you are a victim of
identity theft, or think you might be, ACT NOW. If it involves your Three Rivers
FCU accounts, please notify us at
Three
Rivers Federal Credit Union
Attn: Identity Theft
P.O. Box 2573
Fort
Wayne, IN 46801-2573 Please
provide as much detail as possible about the accounts and/or transactions that
are involved. We will contact you to discuss the matter. You may also visit any
Three Rivers FCU branch or call our Member Relations Center at 260.490.8328 (800.825.3641),
ext. 2940. E-mail inquiries can be sent securely by using your On-Line Message
Center from within your On-Line Account Access sign on ID.
- Contact
one of the major credit reporting agencies:
Equifax
www.equifax.com
1-888-766-0008 Experian
www.experian.com
1-888-397-3742 TransUnion
www.tuc.com
1-800-680-7289
- Report
the crime to your local police and sheriffs departments.
By having the police
report, you may have an easier time clearing your credit reports.
- File
a complaint with the Federal Trade Commission (FTC)
Federal Trade Commission
(FTC)
www.consumer.gov/idtheft
Toll-free hotline 1-877-IDTHEFT (438-4338)
More
Information: Three
Rivers also offers additional information in
protecting yourself from identity
theft in our ID
Theft Protection Resource
| 
