Archive for the ‘ Identity Theft ’ Category

Defending Yourself Against Identity Theft


As technology advances, you can be sure that identity thieves are not far behind. Here are some common methods cyber-thieves use to steal your personal information and how you can increase your security while shopping or banking.

Phishing/vishing

Your email messages may not be quite what they appear to be if you’re targeted by a phishing scam. Phishing is the act of sending fraudulent emails that seem to come from familiar businesses. These messages contain links to phony websites designed to steal personal information either directly or through malware and key-loggers. Often you’ll see a problem referenced with a request to click on the link provided to correct it. Once you’ve entered your information, ID thieves can access your accounts.

Vishing is the telephone version of phishing. Callers are sometimes bold enough to suggest the victim call back to verify authenticity. But the vishers don’t actually hang up; instead they play a recorded dial tone to make the victim believe he’s making a call.

Debit and credit card fraud

Most shoppers love the convenience of plastic, and identity thieves use this to their advantage whether it involves skimming, phishing, vishing, malware, mail theft or just looking over a victim’s shoulder to steal account numbers. Someone running up debt in your name can ruin your credit score. When debit cards are compromised, it’s particularly alarming because fraudulent purchases drain your checking account instantly.

BEC scams

Business email compromise, or BEC, scams have cost companies more than $1.2 billion. A phony email from a CEO requesting that funds be transferred per attached instructions is sent to an employee. Because the email appears to come from the employee’s superiors, and because the message so closely resembles requests this employee receives regularly, the transfer is often made without question. The money then ends up in overseas accounts that are almost impossible to trace.

Tips to protect yourself

To even further reduce fraud risk:

  • Install the latest editions of anti-spyware, antivirus, firewalls and browsers to all devices, and password-protect them.
  • Use strong passwords for all accounts and change them frequently.
  • Monitor accounts and credit reports to detect fraud early
  • Don’t use public Wi-Fi networks for financial transactions.
  • Keep cards away from public view, and shred personal documents before discarding.
  • Opt in for two-factor authentication on accounts.
  • Turn off Bluetooth and near-field communication when not in use.
  • Don’t click on email links. Type full web addresses to access business websites.
  • Never share sensitive information in response to an unsolicited call or email.
  • To verify calls, hang up for at least one minute to ensure the first call is disconnected. Call the customer service number listed on your bank’s website or the back of your credit card, not a number provided by an unsolicited contact.
  • To protect your business from BEC scams, use a two-step verification process for all money transfers. Verbal confirmation is also wise.

Staying informed and adopting smart fraud prevention practices will go a long way toward protecting your identity. Between your efforts and your bank’s security, you should be able to stay a step ahead of identity thieves.

Source: NerdWallet, Inc.


Set up Members 1st Mobile Card Controls to control how, when and where your payment cards are used. Real-time transaction alerts and controls will provide you with a method to protect your payment information.

Members 1st is here to help you through all of life’s most important moments and milestones. If you have any questions, please call customer service at (800) 237-7288, visit our website, or visit one of our various branch locations.

Mobile Malware: What You Need to Know


9597031_xxl

Trojan horses, worms and viruses are the tools of choice for theft, fraud and other forms of malicious activity. These threats are on the rise and targeting mobile devices effectively. Most notably is the recent malware Svpeng, which specifically targets financial mobile applications and combines it with “ransomware” capabilities.

Svpeng “locks” mobile devices and requests a ransom to unlock it. Svpeng is “context aware” and checks for the following mobile banking apps (Bank of America, Citi Mobile, Amex Mobile, TD App, Chase Mobile, BB&T Mobile Banking, USAA, Wells Fargo and other U.S. bank apps) on mobile Android devices. When it detects one of these applications, it locks the device down, presents a phony FBI penalty notification and demands $200 in the form of Green Dot’s MoneyPak cards. Svpeng also captures and steals information entered on the device. It’s considered different from other ransomware because it locks the device down completely.

“If it happens to you, you can do almost nothing. The only hope for unlocking the device is to boot into ‘Safe Mode’ and erase all data on the phone only, [since] SIM and SD cards will stay untouched and uninfected.”1

What can you do to protect your mobile device?2

Mobile devices are just as susceptible to viruses and malware as desktops and laptops. Install and use mobile anti-virus software and browser protection tools.

  • Download apps only from trusted sources like the Apple® App Store or Google® Play. Beware of malicious applications.
  • Question links in emails and social media posts. Malicious links could direct you to websites or install harmful software to compromise your device.
  • If accessing the Internet through a public, unsecured or unfamiliar WiFi connection, avoid accessing sensitive services like banking and investment services on your device until you can access a trusted WiFi service.
  • Turn off unnecessary services such as Wi-Fi, Bluetooth, and location apps when you’re not using them.
  • Secure your data and photos. Back up all important documents and photos to an external storage device, such as a cloud-based server, external hard drive or flash drive.

Your financial safety and security is important to us.

We offer several ways to help you monitor your account activity. You can set up a variety of alerts through Members 1st Online to notify you via email or text of activity on your account.

To set up or manage alerts on your account(s), log into Members 1st Online > Messages > Manage Alerts and follow the prompts. You can also set up custom alerts specific to your Members 1st VISA® Credit Card to notify you of account and transaction activity. If you’re logged into Members 1st Online, click on your VISA® Credit Card > See Your Current VISA® Activity > Alerts and follow the prompts.

Not using Members 1st Online yet? It’s easy and FREE! Go to https://myonline.members1st.org and click on “Enroll  Now.”

What should I do if I see suspicious charges on my account?

Please notify TeleBranch (Customer Service) immediately if you see any unauthorized activity on your account(s) at (800) 237-7288.

—————–

1Source:  http://www.kaspersky.com/about/ news/virus/2014/

2Source: http://securityaffairs.co/wordpress/25771/malware/svpeng-android-ransomware.html

Guest Blogger: Patricia Brock, AVP/Information Security Officer (reprinted from the July/August 2014 edition of Avenues)

How to Handle Your Finances after a Divorce


divorce
While young adults are living together in increasing numbers, possibly avoiding the fate of being a split-up statistic, divorce rates have actually doubled over the past two decades for couples over 35, according to researchers at the University of Minnesota . When it comes to marriage, baby boomers may be two-time losers. But young or old, divorce, whether legal or laid back, can be an emotional — and financial – train wreck. Here’s how to get back on track.

The credit you deserve
After years of being in a joint financial partnership, it’s time to reestablish your individual credit identity. First, obtain a free copy of your credit report. The three major credit agencies are mandated by the federal Fair Credit Reporting Act to provide a free copy of your report once a year. The official website is annualcreditreport.com, or you can call 1-877-322-8228 to request yours.

In case you haven’t already; cancel any remaining joint credit cards so that neither former spouse is liable for the other’s debt going forward. If you don’t have a credit card in your own name, you might want to consider applying for one, in order to build your new credit history.

It’s also quite likely that you’ll be carrying a bit of debt with you out of the divorce, such as court costs and attorneys’ fees; perhaps some credit card debt, as well. You may be tempted to pay off those debts all at once with any cash acquired through a settlement, but it might be a better idea to preserve those dollars until you see how your after-marriage money situation works out.

Account for every account
Remember to update the names on all other accounts, such as life insurance beneficiaries and authorized users. You may also have to change the names on deeds and titles to property that was granted to you as part of the divorce settlement.  Assets that may need to be retitled can include investment accounts, vehicles and houses. You may also want to consider refinancing any debt or mortgages that you have acquired in the process. And of course, you’ll want all of your bank and credit union accounts in your name only.

A fresh beginning
If you received the home as part of your settlement, think about if it’s financially feasible – or even emotionally beneficial – to stay. Not only do you have to consider the mortgage payment, but all of the associated expenses, too: insurance, upkeep, taxes, utilities and all the rest. Children can play an especially important role in this decision, depending on their age, school activities and social involvement. From a financial perspective, you will also want to weigh the tax consequences of a sale, though as a single-filing taxpayer you may qualify to exclude $250,000 of the capital gain from your income.

Emergency and retirement savings
The financial transition may be difficult, however you want to remember your short-term and long-term goals. First, having three to six months of income saved for unexpected expenses can help you get back on your feet. A Qualified Domestic Relations Order (QDRO) will guide the terms of transfer for any qualified retirement account, such as a 401(k) retirement plan or pension. If you are to receive such assets, a trustee-to-trustee transfer will prevent an unnecessary mandatory tax withholding.

Make a money plan
While few people may guide their personal finances by a formal budget, it’s a good idea to have at least a “back of the envelope” money plan. You may be facing new expenses on your own, such as rent or mortgage payments and even legal costs. The household income has almost certainly changed.  Consider all spending as “up for review.” Total up every fixed expense, determine what can stay and what has to go – and then tackle discretionary spending, at least until you can get into a new financial routine.

Divorce can force you to think ahead, not back. And in matters of money – that’s a good thing.

Note: If you are facing a life changing event such as divorce or are suddenly single for other reasons and you need money management assistance, consider GreenPath, a financial management service that can help keep you on track.

Check out our brochure, Getting Married/Suddenly Single

Guest Blogger: Hal Bundrick, NerdWallet

Heartbleed bug – what you need to know


heart bleed bug

The media has been reporting about a widespread website bug called “Heartbleed” which is a vulnerability in the security software used by millions of web sites.

We want you to know that Members 1st does not use OpenSSL 1.0.1 to 1.0.1f which means we are not affected by Heartbleed. We have taken extra steps to test our web applications and third party applications and either they are not susceptible or have controls in place to prevent any malicious activity. 

If you’re not familiar with this, OpenSSL is one form of an encryption library used in HTTPS communication – online stores and banking websites that give you that lock icon in your browser bar when you visit them. OpenSSL uses a “heartbeat” to echo back data which a hacker can use to trick the server to return anything from Usernames, account passwords to sensitive data.

Here’s what you need to keep in  mind:
While Members 1st is not affected by this, it is a good security practice to periodically change your passwords. If you use the same password for your financial institutions that you use for any of the following vulnerable sites , you should change your password immediately: Facebook, Instagram, Pinterest, Tumblr, Google, Yahoo, Gmail, Yahoo Mail, Amazon Web Services, GoDaddy, Intuit, USAA, Box, DropBox, Minecraft, OKCupid, SoundCloud, Wunderlist.

Rest assured, securing your personal and financial information is a top priority.

How to Protect Your Financial Info on Your Smartphone


smart phone

You might think that smartphone buzzing in your pocket or purse is relatively safe from hackers, because for years phones weren’t fraudsters’ main targets. But as smartphones have exploded in popularity, so has the chance that a hacker will steal your financial information. Here’s how they try to gain access to your sensitive information and what you can do to stop them.

Spam and SMS phishing – What is it?
Spam is the use of messaging systems to send unsolicited bulk emails, usually advertising. Most of it is just annoying, but some of it will be unsolicited offers or SMS phishing (arrives via text messages). In either case, you’ll receive messages pitching products or services. You may also receive messages that ask you to update a password, re-enter your credit card number or provide sensitive info that can be used to defraud you.

How can you protect yourself?
• Never open a message from a source you’re not familiar with. Booby-trapped attachments are often disguised in clever greetings.
• Don’t answer emails or texts that ask for personal information.
• Watch for red-flag statements such as “verify your account.” Legit companies don’t request sensitive information via email.
• Shop online with a retailer’s official app, not through an emailed or texted link. Shopping apps are designed to ward off scams. With browsers, malicious software can be downloaded to a phone without a user knowing it.
• Buy security software. It’s essential to use mobile security software and keep it updated. Mobile antivirus software can help spot and block malware-infection attempts.

Public Wi-Fi – What is it?
This is a wireless network you connect to in places like Starbucks. Since your traffic is public, there’s a chance that it is being captured. So if you’re browsing the Internet and go to a page that doesn’t use Secure Socket Layer (SSL) to encrypt your communication, everything you are seeing and anything you send back (like forms you fill out or usernames and passwords) can be captured and seen by anybody else on the network.

How can you protect yourself?  Most financial sites use SSL for login information (you know you’re on an SSL site when the URL starts with “https”), but it’s still safer not to send any sensitive data over an untrusted wireless network.

Theft – How bad is it?
Thieves are snatching smartphones in alarming numbers. If a thief gets ahold of your phone, he or she may get access to all of your sensitive information contained on it. How can you protect yourself?
• Keep tabs on your device. Don’t leave your smartphone by its lonesome at a cafe or bar.
• Be discreet. Use caution when pulling out your expensive new phone when you’re in big crowds, such as sporting events.
• If it gets swiped, wipe it. If your cherished device is lost or stolen, remotely wipe it. Remote wipe is a security feature that lets you send a command to your phone and delete data.

Other important steps to take
• Update the operating system. Updates usually give you enhanced functionality and features, as well as fixes to security vulnerabilities.
• Log out of financial accounts. Make sure you log out when you finish banking through your mobile phone. Don’t check the box that asks you to save your user ID or password. Sure, it’s less convenient to log in every time. But it’s worth it to protect your financial information. It’s ultimately up to you to protect your private information. Be sure to take the steps listed above to ensure the sensitive financial information on your smartphone remains safe.

Guest post provided by Tom Dunlap, NerdWallet

Don’t Be a Money Mule


fraud-theft-danger_13607409_l

Money Mules are people who are used to launder stolen money or some type of merchandise. Criminals may even recruit money mules to use stolen credit cards or other information. Individuals being used as money mules may be willing participants or unknowingly be used to commit fraud. We have seen our members become involved in these scams, which potentially cause a loss to them, Members 1st, or a victim at another credit union or bank.

The most popular scam method is disguised as a “work from home” opportunity, which targets unsuspecting people interested in jobs with convenience and flexibility. Recruiting may occur through the mail or online by what only appears to be a legitimate website or advertisement. The fraudulent company will collect personal data from you such as your social security number and information on your credit union account. You may be asked to sign a seemingly official contract. You’ll receive funds in your credit union account or be instructed to transfer them to some other financial account. You may also be asked to deposit a check (actually counterfeit) into your account and then withdraw cash. The funds you receive could also be stolen from a customer at another credit union or bank.  In either case, you will be permitted to keep a percentage of the money and be instructed to transfer the remaining funds to another financial account (also associated with the criminal). By doing so, you become a Money Mule. So how do you avoid being scammed?

Remain Cautious:

  • Of any job that involves transferring money or goods (especially overseas companies requesting money transfer agents in the U.S.).
  • Of a request to open a credit union account or to receive money from someone you don’t know.
  • Of a job opportunity where you’ve never met the individual and he or she is requiring all interactions to be completed online.
  • Of a job opportunity that promises significant earning potential for little effort (if it sounds too good to be true then it’s usually fraud).

Remember:

  • You may be held responsible if you’re a Money Mule or other types of fraudulent activity have been transacted through your credit union account.
  • Money mules may be prosecuted and found personally responsible for repaying the losses suffered by the other victims.
  • Make sure you know the person with whom you’re doing business. NEVER provide your account information (account number, password, PIN, card number, etc.) to anyone you don’t know and trust.

If you believe you’ve been a victim, our Loss Prevention Team is here to help. Contact us immediately at (800) 283-2328 ext. 5202. For more information about Money Mules and other scams visit  http://www.consumer.ftc.gov/scam-alerts.

%d bloggers like this: