When someone gains access to your personal information, such as your Social Security Number, credit card account information, your mother's maiden name, your driver's license number, and other important information to impersonate you, that person is committing identity theft. Once the thief has this information, he can attempt to open new credit cards, cellphone, and other types of accounts in your name. In legal terms, these activities are considered "true name identity theft." A thief can also use your information to access your existing accounts in a crime that the pros refer to as "account takeover." Report Identity Theft.
When internet fraudsters impersonate a business to trick you into giving out your personal information, it’s called phishing. Never reply to email, text, or pop-up messages that ask for your personal or financial information. Don’t click on links within them either – even if the message seems to be from an organization you trust. It isn’t. Legitimate businesses don’t ask you to send sensitive information through insecure channels. In addition to general email and website awareness, find out how to recognize and protect yourself against phishing. Tell Me More
Additional Phishing Information
Phishing Quick Facts
- Phishing is often conducted by organized crime.
- Phishing groups are dynamic and can be in any country. They often used people in multiple countries simultaneously.
- Credit and debit card users are the primary targets of phishers right now (going for fast cash).
- Phishing can come in more than one form: email, instant messages, pop-up, online postings, and phone.
- A phish NEVER includes a real email address for the phisher, so it is pointless to reply to one.
- A phish has a hook (Trust us. Here’s why.), a required action (Here’s what we want you to do.), and a push (Hurry, act now!).
- Most servers that host phish sites are legitimate servers that have been compromised. Phishers must use the site’s URL or IP address in the phish.
- Some servers that host phish sites are fraudulently registered. Phishers can use any URL and try to make it similar to the victim site.
- “It’s hard for criminals to duplicate my institution’s website, so if it looks good, it must be the real site.” (The Truth: Many fake sites look identical to the original site.)
- “If I see a lock anywhere on the page, I know it is a secure website.” (The Truth: The lock or key that signifies a secure site must appear on the body or chrome of the browser, not as a picture on a webpage.)
- I can tell by the poor grammar if it is a phish." (The Truth: Fake sites often have perfect grammar and spelling.)
How to Report a Phish
If you receive a phishing email that appears to have come from HVCU, reporting the issue to us can help get the scam shut down quickly and prevents members from being taken advantage of. Following the instructions below greatly facilitates the process of getting a phish site removed as soon as possible. If the suspicious email is more than a week old we are likely already working to get the scam shut down.
Steps to Report a Phish
- From your email program, use the FORWARD function to forward the complete email message. It is important that you forward the original message rather than copying and pasting it into a new message or sending it as plain text. The most important piece of information is the underlying link and it is usually lost if you copy and paste. Detailed instructions on how to forward are below.
- Send the email to “firstname.lastname@example.org” by typing the word “phish” followed by an “@” sign followed by “hvfcu.org” in the “To” field and clicking on send. An autoreply message will be sent to you acknowledging receipt of your email.
Vishing – Voice Phishing – Identity thieves send spam that warns victims that their credit union/bank account or PayPal accounts were supposedly compromised. However, unlike typical phishing emails, there is no website address in these phishing messages. Instead, the victim is urged to call a phone number to verify account details. The automated voice message says something like: “Welcome to account verification. Please type your 16-digit card number.” The goal is to get you to enter your credit card number.
This type of fraud is particularly harsh because it imitates the legitimate ways people interact with financial institutions. In fact, some vishing attacks don’t begin with an email. Sometimes they begin with telephone calls, in which the caller already knows the recipient’s credit card number. This increases the perception of legitimacy, allowing the caller to easily ask for the valuable three-digit security code on the back of the credit card.
Customer Survey Phishing Scam – The spam email starts with something like: “The Online department kindly asks you to take part in our quick and easy 5 question survey. In return we will credit $50.00 to your account – Just for your time!” The email goes on to describe how it only takes two minutes and that your answers will help them. The catch, of course, is that in order to credit your $50 reward, they need your credit union or bank User ID and password, as well as your credit card number, expiration date, three digit security number, Social Security number, ATM PIN Number, zip code, mother’s maiden name, and /or email address.
Credit Union Phishing Scams -Phishing scams pertaining to credit unions in particular often operate under the guise of being some sort of security alert from a credit union and may be from false identities such as “America’s Credit Union”, “Credit Union”, or email@example.com". HVCU, CUNA, and NCUA would never send you an email soliciting your personal, confidential information.
Credit Card Purchase Notice – A typical email reads, "We have just charged your credit card for “xyz” service in amount of “$xyz”, which of course, you didn’t authorize. You are then given two options: to enter your credit card number (and expiration date) or to press “No”. Entering your card number and pressing “Yes” sends your information to the malicious person behind the scam – and approves the charge. But clicking “No” also has an undesirable effect – it lets the sender know they’ve obtained a valid email address – one they will use for future scamming.
Malware includes viruses, spyware, and other unwanted software that gets installed on your computer or mobile device without your consent. These programs can cause your device to crash, and even worse can be used to monitor and control your online activity–including your financial accounts. They also can make your computer vulnerable to viruses and deliver unwanted or inappropriate ads. Criminals use malware to steal personal and financial information, send spam, and commit fraud. There are many methods and types of malware.
Malware may target only one browser or it may target many browsers. It may be beneficial to have multiple browsers installed on your system. If you see something strange like a prompt for your credit card number, close the browser and try another. If it doesn’t appear in the other browser it is likely you have malware on your system. Popular browsers include Microsoft Edge, Firefox, Chrome, and Safari.
Learn more about Malware
If you think your computer is infected:
- Contact each financial institution that you accessed on the infected computer.
- Change your passwords and ask if any of your account information has been changed (such as address or phone number.)
- If you provided credit or debit card information to someone, report the card as compromised to have it blocked and a new card issued.
- Do not use your computer for financial transactions until it has been cleaned.
- Follow up with your anti-virus vendor or computer service vendor for the best methods of getting your system cleaned.
Scams are a constant threat to your finances and identity. There are literally hundreds of scams popping up every day over the internet, through email, mail, and by phone-- fake trips and prizes, fake invoices, arrest warrant threats, you won a lottery, you name it. With scams getting more creative and convincing, it’s a good idea to occasionally check current alerts to ensure you don’t fall victim.