Security Tips & Resources

Security Tips & Resources

Knowledge is power when it comes to fraud prevention
Arm yourself with the tools to identify a fraud or a scam and what to do if you become a victim of fraud. Each year, scam artists and identity thieves steal billions of dollars from unsuspecting consumers. They use the telephone, email, text messaging, postal mail and the internet to steal information or trick consumers into handing over money.

Tips 

Be on alert. Stay informed. Protect yourself.

Cybercrime

Cybercrime includes more than fraudulent e-mail messages and fake websites that allow criminals to take your money. A cybercrime may involve tactics using ransomware, where criminals lock you out of your files until they receive a ransom, or phony phone calls, such as criminals pretending to represent a tech support company so they can get your information.

Protect yourself from a range of cybercrimes by taking these precautions:   

  • Use a firewall to protect your computer.
  • Encrypt your home Wi-Fi network.   
  • Back up your files regularly.
  • Create strong passwords and share them only when necessary.   
  • Don’t respond to spam e-mails.
  • Download with caution.
  • Monitor your financial accounts regularly for fraudulent activity.
  • Don’t visit suspicious websites or follow links to sources you don’t trust.
  • Keep your computer current by updating antivirus software, antispyware, operating system, and system patches.
  • Don’t share your personal information with sources you don’t trust, especially pop-ups.   
  • Have different passwords for work related and non-work related accounts.
  • When you’re not using your computer, turn it off.
  • Don’t give control of your computer to an unauthorized third party.

 

Types of Cybercrime, Frauds, and Scams:

 

Business Email Compromise (BEC)

In this scam, criminals target both businesses and individuals. It has evolved from a simple form of sending an email that appears to come from a business or individual you know and requesting a seemingly legitimate payment, often urgently, via a wire transfer, to compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. More recently, criminals receive funds from cryptocurrency platforms where they can quickly disperse the funds.

Check the accuracy of email senders. If payments or payment changes are requested, verify with the intended recipient first. As soon as fraud is detected, contact the originating financial institution and request a recall of the fund transfer as well as a Hold Harmless Letter or Letter of Indemnity.

Ransomware

Ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems, networks, or cell phone. Malware is installed in various ways, including through links and attachments in emails, downloads from malicious websites, or removable drives. Criminals hold your data hostage until the ransom is paid or pressure you for the ransom by threatening to destroy or release your data to the public.

One way to prevent or minimize the risks is to conduct system and software scans using anti-virus and anti-malware programs. You can also make an offline backup of your data and update your operating systems and software on your devices frequently. If you fall victim to this crime file a report regardless of whether you have paid the ransom or not.

Spoofing

Scammers deliberately falsify an email address, sender name, phone number, or website URL and manipulate you into believing that it is from a trusted source. Once you seem engaged, they lead you to download malware, send money, or share personal, financial, and other sensitive information. Spoofing is often used in connection with other crimes.

Scammers tweak little things - often a letter, symbol, or number. DO NOT click on or download anything unless they are verified to be from legitimate sources. Additionally, if a call comes from an unknown number or the caller (or a recording) asks you questions or to hit a button, DO NOT hang on, just hang up.

Phishing, Quishing, SMishing & Vishing
  • Phishing - Phishing is when Internet fraudsters impersonate a business to trick you into giving them your personal information, such as usernames, passwords and credit card details.  Scammers send an email that appears to be from a legitimate business and lure you into providing your information by visiting a website that looks almost identical to the real one. Once you click the link, you may be asked to provide sensitive information for verification purposes, such as your Social Security number, login credentials, mother's maiden name, or place of birth. Once the information is provided, scammers use it to access your accounts to steal money or sell your information to other scammers.

    Legitimate businesses don’t ask you to send sensitive information through insecure channels.  Businesses and financial institutions would never call you first to verify your account information or to ask for sensitive information. DO NOT click links in emails or messages. If you believe the contact may be legitimate, contact the business or visit the official website yourself.  Never provide your personal and sensitive information in response to an unsolicited request over the phone or the Internet. If you feel suspicious of or fall victim to Phishing, alert the situation to Riegel Federal Credit Union (RFCU) and file a report with the Federal Trade Commission (FTC).
     
  • Quishing - Quishing, short for QR code phishing, is an identity fraud scam utilizing QR codes. Scammers are posting physical images of QR codes in high traffic locations or sending them via email or text message. Once you scan the QR code, it takes you to a scammer’s website, which may look legitimate, where the scammer lures you into providing personal or financial information. These scammers often attempt to disguise themselves as a government agency, bank, or other company to lend legitimacy to their claims and then use that info to carry out financial scams.
     
  • SMishing - Phishing via SMS, or SMishing, uses cell phone text messages or Short Message Service (SMS) to trick you into providing personal and financial information. SMishers may use URLs or an automated voice response system to try and collect your information.

    Tip: In some instances, criminals have used malicious software in their text messages solicitations. To prevent further security issues, completely remove unsolicited text messages from your phone. This may take two steps; deleting the text and then completely removing it from your device.
     
  • Vishing - Phishing by voice, or vishing, exploits a general trust in landline telephone services. The victim is often unaware that voice over Internet Protocol (VoIP) allows for caller ID spoofing, thus providing anonymity for the criminal caller. Rather than providing any information to the caller, the consumer should verify the call by contacting the financial institution or credit card company directly, being sure to use the institution’s accurate contact information (i.e., do not use contact information the caller provides).
     
Technical Support Impersonation Scams

Criminals pose as service representatives of a company's technical or computer repair service and ask you to contact them through email or by phone about a highly priced, soon-to-renew subscription. Once you contact them, they convince you to grant full control access to your computer for technical support and a refund. With the granted access, criminals steal your sensitive information and conduct unauthorized wire transfers of funds from your accounts. Almost half the victims who report this crime are over 60 years old.

When you receive email about unsolicited services or services you didn't sign up for, resist the pressure to act quickly, search online for the company, and initiate the communication from your end.  Do not send wire transfers to someone you have only spoken to online or via phone. Also, do not download unfamiliar sofware or grant remote access to unknown persons or entities.  

Gift Card Scam

Only scammers will tell you to buy a gift card and give them the numbers from the back of the card. No real business or government agency will ever tell you to buy a gift card to pay them. If you gave a gift card to a scammer, no matter how long ago the scam happened, report it to the gift card company.

Accidental Deposit Scam

Scammers will send you funds then contact you stating the funds were accidentally sent. They’ll then request you to send the funds back through Zelle® or other payment services. Most times the funds were sent to you from stolen credit cards or hacked accounts of other victims. Once scammers receive the funds back from you, they’ll dispute the payment with their bank resulting in duplicate withdrawals. Don’t send the money back or spend it, instead, contact your bank to report the activity.

Government Imposter Scams

Scammers sometimes pretend to be government officials to get you to send them money. They might promise lottery winnings if you pay “taxes” or other fees, or they might threaten you with arrest or a lawsuit if you don’t pay a supposed debt. Regardless of their tactics, their goal is the same, to get you to send them money.

Don’t do it. Federal government agencies and federal employees don’t ask people to send money for prizes or unpaid loans. Nor are they permitted to ask you to wire money or add money to a prepaid debit card to pay for anything.

Before you get caught in this type of scam, look for indicators:

  • You’ve "Won" a Lottery or Sweepstakes - Someone claiming to be a government official calls, telling you that you’ve won a federally supervised lottery or sweepstakes.
  • You Owe a Fake Debt - You might get a call or an official-looking letter that has your correct name, address and Social Security number. Often, fake debt collectors say they’re with a law firm or a government agency — for example, the FTC, the IRS or a sheriff’s office. Then, they threaten to arrest you or take you to court if you don’t pay on a debt you supposedly owe.

Five Ways to Beat a Government Imposter Scam:

  1. Don’t wire money.
  2. Don’t pay for a prize.
  3. Don’t give the caller your financial or other personal information.
  4. Don’t trust a name or number.
  5. Put your number on the National Do Not Call Registry. Register your phone number at donotcall.gov.
Online Shopping Scams

Online shoppers can be scammed in many ways: from not receiving products despite the payment to losing money and payment information to fake websites and apps. Scammers develop fake websites mimicking popular retailers’ sites and take your money and payment information without delivering products. They also create counterfeit apps containing malware (malicious software) for the same reasons.

Read refund and return policies prior to making a purchase. If your order didn’t arrive or your refund request is denied, dispute the charges. Using a credit card for online purchases can make the dispute process much easier. Watch out for bogus websites and suspicious apps and only use official retailer websites and apps, which may offer stronger security. Also, monitor your credit and debit card transactions on a regular basis to increase the chance of spotting unauthorized purchases or withdrawals in the early stage of this fraud.

Prizes, Sweepstakes, and Lotteries

Scammers contact you claiming you won a prize, sweepstake, or lottery and then ask for money or your account information to cover taxes and other fees upfront. They might pretend to be from government agencies or claim you’ve won a foreign lottery, which is almost certainly a scam.

Government agencies do not call to demand money or your financial information to collect a prize. Also, real sweepstakes are free and by chance. If you did not enter a lottery or sweepstakes or are unsure about the call, message, email, or letter, DO NOT send money or share your information. Instead, terminate the communication and call the organization to authenticate the communication.

Fake Rental Scam

Fake rental scams are when a house is legitimately listed for sale online, but scammers have set up a fake website and listed the house as a rental. You send your first month’s deposit to a scammer pretending to be the landlord/owner.

Business and Job Opportunity Scams

Scammers advertise job and business opportunities that sound too good to be true, such as doing minimal work with a high salary, pledging guaranteed income, or a proven business operation system. Scammers exploit your money and personal information by offering fake jobs or bogus coaching services, disguised as legitimate job offers, mentoring programs, or business opportunities.

If it sounds too good, take your time and get a second opinion or talk to someone who has your best interests in mind. Before accepting a job offer, know that honest employers, including the federal government, will not ask for payment for the promise of a job. Before paying for a business opportunity, research the seller, the company, and the coach’s credentials, and ask for the legally required one page disclosure document that tells any lawsuits against the seller, a cancellation or refund policy, and other information.

Fake Check Scams

Despite many variations, fake check scams involve two main components: 1) scammers send cashier’s checks or money orders to you; and 2) they ask you to send part of the cashed money back to them in gift cards, money orders, or cryptocurrency. If you deposit the checks and they are later found to be fraudulent, you will likely be required to pay the deposited funds back to your credit union or bank.

Cashier’s checks are not cash and it can take weeks to validate legitimacy. If the amount on the check is more than what it should be, void it and ask the sender to resend another check for the correct amount. Do not wire or send gift cards, money orders, or cryptocurrency. Your money is not protected in these transactions.

Check Washing Scams

Check washing scams involve changing the payee names and often the dollar amounts on checks and fraudulently depositing them. Occasionally, these checks are stolen from mailboxes and washed in chemicals to remove the ink. Learn more about check washing scams at United States Postal Inspection Service website.

Retrieve your mail regularly instead of leaving it in your mailbox. Deposit your outgoing mail at your local Post Office or in blue collection boxes before the last pickup. If you’re going on vacation, have your mail held at the Post Office or have it picked up by a friend or neighbor each day.

Disaster Fraud

Disaster fraud typically involves others trying to take advantage of the situation and examples include fake government employees and bogus charities. Fraudsters approach when you are vulnerable and in crisis to exploit your money and financial information while pretending to help with recovery.

No FEMA, federal, or state workers will ask for or accept money from you when applying for disaster assistance. If someone wearing a FEMA jacket or shirt without an I.D., approaches, do not trust or offer any personal information and always ask to see an official I.D. Take your time and contact government agencies or local law enforcement to confirm identity and legitimacy of suspicious contacts.

Romance Scams

Scammers adopt a fake online identity and gain your affection and trust. They then manipulate you into believing that you have a romantic or close relationship with them. They make plans to meet in person, but it never happens because they often claim to be working outside the country. They ask for money for emergencies or trick you into providing your sensitive information.

Scammers may use details about you shared on social media or dating sites before targeting you. Watch what you share on your social profiles. Also, a reverse image search of the person’s photo may reveal whether your lover is real or fake. DO NOT send money, gift, or gift cards to your fake lover you haven’t met in person.

Debt Settlement and Debt Elimination Scams

Some companies offering debt settlement programs may not deliver on their promises, like their “guarantees” to settle all your credit card debts for 30 to 60 percent of the amount you owe. Other companies may try to collect their fees from you before they settle any of your debts. The Federal Trade Commission’s (FTC) Telemarketing Sales Rule prohibits companies that sell debt settlement and other debt relief services on the phone from charging a fee before they settle or reduce your debt. Some companies may not explain the risks associated with their programs, including that many (or most) of their clients drop out without settling their debts, that their clients’ credit reports may suffer, or that debt collectors may continue to call them.

Before you enroll in a debt settlement program, do your homework. You’re making a big decision that involves spending a lot of your money that could go toward paying down your debt. Enter the name of the company name with the word "complaints" into a search engine. Read what others have said about the companies you’re considering, including whether they are involved in a lawsuit with any state or federal regulators for engaging in deceptive or unfair practices.

Advance Fee Loans

Some companies guarantee you a loan if you pay them a fee in advance. The fee may range from $100 to several hundred dollars. Resist the temptation to follow up on these advance-fee loan guarantees. They may be illegal. It’s true that many legitimate creditors offer extensions of credit through telemarketing and require an application or appraisal fee in advance. But legitimate creditors never guarantee that you will get the loan – or even represent that a loan is likely. Under the FTC’s Telemarketing Sales Rule, a seller or telemarketer who guarantees or represents a high likelihood of your getting a loan or some other extension of credit may not ask for — or accept — payment until you get the loan.

Credit Repair

Be suspicious of claims from so-called credit repair clinics. Many companies appeal to people with poor credit histories, promising to clean up their credit reports for a fee. But anything these companies can do for you for a fee, you can do yourself for free. You have the right to correct inaccurate information in your file, but no one, regardless of their claims, can remove accurate negative information from your credit report. Only time and a conscientious effort to repay your debts will improve your credit report. Federal, and some state, laws ban these companies from charging you a fee until the services are fully performed.

Scams Targeting Older Adults

The elderly are the fastest growing segment of our society, and they are also an important part of our country's economy. America's growing older adults population is uniquely vulnerable to a broad range of exploitation and abuse. Financial crimes in particular are targeted at older adults with alarming frequency, and are all too often successful. Be sure to learn more by visiting the RFCU Elder Financial Abuse Resource Center.

Tax Fraud

Once a cybercriminal has your name and Social Security number, he or she can file a tax return in your name by making up financial information that generates a large refund. Since the IRS doesn’t require W-2 forms when you file electronically, cyber criminals can commit electronic tax-refund fraud easier than paper tax fraud, especially since electronic tax- refund fraud is straightforward and hard to detect.

Tip: Be extremely protective of your personal information, and only share it with trusted sources, especially when using the Internet. Often, tax fraudsters will obtain your information through e-mail phishing, social engineering tactics, the black market, and other sources.

Tax identity thieves may use your Social Security number to get a tax refund or a job. You take steps to protect your personal information by not opening unrecognized emails and shredding important documents. But, do you know how to recognize and prevent from becoming a victim of tax identity theft?

The public has been getting fake U.S. Treasury checks. Make sure to verify with these tips from the U.S. Department of Treasury.

Investment Fraud

Learn about the different types of investor fraud.

How to Avoid Fraud

A basic understanding of how scam artists work can help you avoid fraud and protect your money. Learning how to invest wisely can help you reach your financial goals. Here are some ways to help avoid being scammed:

  • Learn what you can do to avoid investment fraud including red flags to watch for and where to go for help.
  • Learn how to protect yourself online, and how to protect your social media accounts.
  • Learn about the different types of investment fraud, including those found online and in social media.
  • Review Investor Alerts

Resources for Victims

Every year, thousands of U.S. investors lose money to fraud and other securities law violations. In some cases, harmed investors may be eligible to receive money recovered from fraudsters. The U.S. Securities and Exchange Commission provides information about some of the ways harmed investors may recover money.

Remember, if you have a question or concern about an investment, or you think you have encountered a fraud, please contact the Securities and Exchange Commission (SEC), Financial Industry Regulatory Authority (FINRA), or your state securities regulator to report the fraud and to get assistance.

Identity Theft

Identity theft happens when someone steals and uses your personal information without your permission to commit fraud. Thieves use your identity to fraudulently apply for credit, file taxes, get medical services or pretend to be you when arrested. These acts can damage your credit status and cost you time and money to restore your reputation.

How does identity theft happen?

Scammers may:

  • Steal your wallet or purse to get IDs or credit or debit cards
  • Take personal information from your electronic devices when using public Wi-Fi or USB charging stations
  • Gain access to your personal information from a data breach
  • Look through your social media accounts for identifying information
  • Use “phishing” to get your personal information 
  • Install skimmers (card readers that collect card numbers and PINs) at ATM machines, cash registers, or fuel pumps
  • Divert mail from its intended recipients by submitting a change of address form
  • Rummage through trash for credit union statements or other personal data
  • Use different types of fraud and scams listed above
How can I protect myself against identity theft?

By taking the steps below, you can minimize your risks of identity theft.

  1. Review each of your three credit reports at least once a year
  2. Read your credit card and credit union statements carefully and frequently
    • Watch out for items you didn’t purchase, services you didn’t sign up for, and withdrawals you didn’t make.
  3. Read the statements from your health insurance plan
    • Review your medical bills for unrecognized charges and Explanation of Benefits statements for services you didn’t receive.
  4. Protect documents with personal and financial information
    • Keep any documents with your personal information in a safe place and shred them when you decide to get rid of them. Also, take your mail out of the mailbox daily. In case of being away from home, consider signing up for a hold mail service or forwarding service.
  5. Guard your information online and on your phone
    • Use a strong password and add multi-factor authentication for accounts that offer it. Do not give your personal information to anybody who calls, emails, or texts you.
What should I do when my identity is stolen?

It is important to act fast to stop further misuse of your identity. If your identity is stolen, you should take below steps right away:

Step 1: Call the companies where the fraud occurred and explain your identity has been stolen. Ask to close or suspend the accounts. Don’t forget to change login credentials for the accounts as well.

Step 2: Place a fraud alert and get your free credit reports. A fraud alert is free, lasts for a year unless renewed, and makes it harder for scammers to open new accounts in your name. When you contact one of the three main credit bureaus to place a fraud alert, that company must tell the other two and you will be entitled to free copies of your credit reports. Review your reports thoroughly and make notes of any unrecognized accounts and transactions for identity theft and police reports.

Step 3: Report identity theft to the Federal Trade Commission (FTC) and local police department. An identity theft report and a police report document that you have been an identity theft victim.

Step 4: Close fraudulent accounts opened in your name and remove bogus charges from your accounts. Call the fraud department of the companies where the fraud occurred, explain your identity has been stolen, provide the identity theft (and police reports), and request to close fraudulent accounts and remove bogus charges. Ask to send you a confirmation letter of the actions.

Step 5: Correct your credit report by sending an identity theft letter along with the identity theft report and proof of ID to all three credit bureaus. If someone steals your identity, you have the right to remove fraudulent information from your credit report.

If you wish to add extra protection against fraud, consider placing an extended fraud alert or credit freeze to your credit report. While an extended fraud alert makes it harder for scammers to open new accounts for 7 years, a credit freeze limits access to your credit report for both you and others and lasts indefinitely unless you lift or remove it.

To learn more, visit IdentityTheft.gov.

 

Basics of Cyber Hygiene

Cyber hygiene refers to the practices and steps taken to protect your digital assets and information from unauthorized access and cyber threats.  By practicing good cyber hygiene, you can ensure the safety and security of your digial assets and information online.  

  1. Turn on Multifactor Authentication - Multifactor Authentication, also known as two-factor authentication, or MFA, is a highly effective security measure that requires an extra form of identification, on top of your password, when trying to access your digital assets and information.  Most websites now offer this security feature such as a PIN, fingerprint, confirmation text, and authentication application.  Once prompted, opt in!
  2. Criminals take advantage of well-known problems and vulnerabilities. Network defenders work hard to fix them, but their work heavily relies on you installing the latest fixes. Keeping your devices up to date with the latest security patches and utilizing automatic updates for operating systems, antivirus software, and applications will help protect your digital assets and information from cybercrime.
  3. Phishing is the number one way our information gets compromised, and we are more likely to fall for phishing than we think. Be cautious of unsolicited phishing emails, texts, and calls that ask for personal and sensitive information. Don't click on links or attachments from unknown sources and avoid sharing sensitive information or credentials over the phone or email, unless necessary. If suspicious, trust your instincts and think before you click!
  4. Strong passwords are critical to protecting your digital assets and information. Make sure your password is long, unique, random, and including all four-charcter types.  Password managers are a powerful tool to create passwords and they make storing passwords and user IDs much easier!

 

Resources

We are here to help:

  • We use enhanced fraud protection tools for both monitoring and detection around the clock to help detect and prevent fraud on our members accounts.
  • If suspicious activity is detected, you will be contacted by a RFCU Member Service Reprentative or eServices Representative.  
  • Please contact our eServices Department if you suspect or experience any fraudulent activity on Riegel Internet Banking (RIB), the RFCU mobile application, debit card, or credit card. 
  • Please make sure your personal contact information is up to date at the Credit Union to ensure we can provide you with the best service possible.  
  • It is critical for you to monitor all activity on your accounts for fraudulent transactions and report them to us immediately. Time is NOT on your side when fraud occurs!

 

If you find out you've been scammed, there may still be something that can be done to stop the further damage.  If you suspect a fraud, scam, identity theft, or cybercrime, report to as many agencies as possible.  The Federal Bureau of Investigation maintains a list of Cyber Crime Stories. Be aware of the latest cyber scams by checking this list and searching the Internet for the most recent cyber scams.  If you are a target of cyber crime, contact your financial institution immediately. Then, report the crime to the Internet Crime Complaint Center (IC3), a joint government collaboration.  The IC3 links complaints together to refer them for case consideration. It also uses data to identify emerging trends and patterns.

 

What to Report Where to Report
Report anything you think may be identity theft - in a scam, cybercrime, or data breach - and get a recovery plan. Identitytheft.gov
Report unwanted calls from telemarketers and register your number on the national do not call registry. Donotcall.gov
Report anything you think may be a fraud, scam, or bad business practice. Reportfraud.ftc.gov
Report any suspected cybercrime. Ic3.gov
Report a suspected investment fraud or a problem with your investments. Sec.gov
Report a potentially fraudulent, illegal, or unethical investment activity. Finra.org
Report a violation of the Commodity Exchange Act or Commission regulations. Cftc.gov
Report a suspected financal/economic crime or fraud (e.g., mortgage fraud or investment fraud). Fbi.gov
Report any fraud related to natural or man-made disasters. Justice.gov