Fraud Protection Center

Security Alerts

NCUA talks about phishing scams

According to NCUA Federal Criminal Investigator David Eno, scammers clone financial web pages and use them for phishing. NCUA's Internet homepage and individual credit union and bank homepages are repeatedly cloned. Scammers send credit union members a fraudulent email leading them to believe it's from NCUA or a particular credit union.The misleading e-mail informs a member their account has been fraudulently accessed and prompts them to call an 800 or 866 number or follow the link provided to a cloned agency or credit union website. At the cloned webpage, the member is prompted to submit private financial information such as their account number and PIN. With receipt of account information, the scammer proceeds to empty the member's account from foreign ATMs. According to the article, an increasingly common scam involves text messaging. Credit union members receive a fraudulent NCUA text message announcing that unauthorized activity has occurred in their account. As with phishing emails, an 800 telephone number is provided. When the member calls, they are prompted to provide their account number and PIN to resolve an alleged account problem. Again, the scammer then transfers the member's funds into a foreign ATM accessible account. Another way to add credibility to their messages is to geographically target the members. Scammers send emails and text messages to individuals within a 30-40 mile radius of a targeted credit union making the scam seem quite credible. Credit union members should be reminded that NCUA and credit unions do NOT ask for personal account information and PINs via the Internet or telephone. Consumers should be leery if placed in this situation.The NCUA recommends deleting fraudulent emails or text messages to prevent spyware or malware from compromising computers or cell phones.

Skimming

Skimming is the theft of credit or debit card information used in an otherwise legitimate transaction. Instances of skimming have been reported where the perpetrator has put a device over the card slot of an ATM, which reads the magnetic strip as the user unknowingly passes their card through it. These devices are often used in conjunction with a pinhole camera to read the user's PIN at the same time. It can also be an "inside job" by a dishonest employee of a legitimate merchant, and can be as simple as photocopying of receipts. Common scenarios for skimming are restaurants where the skimmer has possession of the victim's credit card out of their immediate view. The skimmer will typically use a small keypad to unobtrusively transcribe the 3 or 4 digit Card Security Code which is not present on the magnetic strip. If you think something is suspicious, the best thing you can do is avoid it. We ask that all members diligently monitor their accounts and report any fraudulent transactions immediately by calling the credit union at (804) 353-8012.

Don't get hooked on phishing scams

Please keep in mind that Entrust Financial CU will never solicit confidential or sensitive information via email. Some examples of a phishing scam email message include the following:"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.""During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."The Federal Trade Commission recommends these tips to help you avoid getting hooked by a phishing scam:

  • If you get an email or pop-up message that asks for personal or financial information, do not reply. And don't click on the link in the message, either.
  • Area codes can mislead. Some scammers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a "refund."
  • Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
  • Don't email personal or financial information.
  • Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.
  • Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email.
  • If you believe you've been scammed, file your complaint at ftc.gov, and then visit the FTC's Identity Theft website at www.consumer.gov/idtheft.
  • You can learn other ways to avoid email scams and deal with deceptive spam at ftc.gov/spam.

Counterfeit check scams

You notice an e-mail or Help Wanted ad that offers you a job to cash checks, money orders or travelers checks. You keep a portion (around 10%) and then you wire the rest back to the "company." Sound safe? The answer: absolutely not. More than likely, the checks, money orders, or travelers checks are counterfeit. This scenario is similar to the "Nigerian Scam", where a stranger hopes to share in big profits with YOU. If you're tempted to respond to an offer, the FTC suggests you stop and ask yourself two important questions: Why would a perfect stranger pick you - also a perfect stranger - to share a fortune with, and why would you share your personal or business information, including your bank account numbers or your company letterhead, with someone you don't know? If you receive an offer via email from someone claiming to need your help getting money out of Nigeria - or any other country, for that matter - forward it to the FTC at spam@uce.gov.If you have lost money to one of these schemes, call your local Secret Service field office. Local field offices are listed in the Blue Pages of your telephone directory. Also, don't forget to notify your credit union immediately.For more information on scams similar to these:

Tips & Tools

Safeguarding your information

Entrust Financial Credit Union (EFCU) is committed to ensuring the safety of our members’ information and our Online Banking environment is no exception. With more members using Online Banking, unscrupulous individuals are working even harder to find new ways to scam unsuspecting individuals.

The best way to avoid fraud is by becoming an educated consumer. Therefore, we would like to help you in this endeavor. Please take a moment to read the following information on how to keep yourself and your information safe when conducting business on the Internet.

How to Keep Yourself Safe in Cyberspace

Set complex passwords. A complex password is a password made up of a combination of at least 8 upper and lowercase letters, numbers and symbols in an order that cannot be easily guessed. Passwords should be changed frequently and should never be written down or shared with others.

Keep personal information out of email/text. Emails and text messages can be disguised to look like they are coming from a trusted sender when they are actually coming from someone else. Play it safe – do not send your personal information such as account numbers, social security numbers or passwords via email or text unless you are using a secure and encrypted email system provided by your financial institution.

Beware of downloading files. Opening files attached to emails can be dangerous as they can allow harmful malware or viruses to be downloaded onto your computer. Most importantly, don’t open attachments from people you don’t know.

Keep security software up-to-date. Make sure you have a recognized antivirus program (i.e. Symantec/Norton, McAfee, etc.) on your computer that is up-to-date. Ensure that operating system security patches are installed as soon as they become available.

Links and websites aren’t always what they seem. Don’t login to a website from a link embedded in an email message unless you are confident in the email’s origin. Criminals can use fake email addresses and create fake web pages that mimic the page you would expect. To avoid falling into that trap, type in the URL address directly and then log in.

Always Logoff. When you are ready to leave a site you have logged into, logoff rather than just closing the page.

Monitor account activity. Monitor your account activity regularly online by reviewing your monthly statements or by signing up to receiving e-Alert notifications when transactions post to your account. Please report any unauthorized transactions to the credit union immediately.

Assess your risk. We recommend periodically assessing your Online Banking risk and putting into place increased security controls where weaknesses are found, particularly for members with business accounts. Some items to consider when assessing your online banking risk are:

  •  Who has access to your online accounts?
  •  How and where are usernames and passwords stored?
  •  How strong are your passwords and how often are they changed? Are they changed before or immediately after terminating an employee who had access to them?
  •  Do you have dual controls or other checks and balances in place with respect to access to online banking transactions?

What to Expect from Entrust Financial Credit Union

Online Banking, Bill Pay and e-Statements
Entrust Financial Credit Union will NEVER call, email or otherwise contact you and ask for your username, password or other Online Banking credentials.

Credit and Debit Cards
Entrust Financial Credit Union will NEVER contact you and ask for your 16-digit credit or debit card number, PIN and/or 3-digit security code.

If you receive a call from our Fraud Department, please expect the following:

  • The representative will identify themselves as calling on behalf of Entrust Financial Credit Union.
  • The representative will verify the transaction(s) in question with you. They will not ask you for your credit or debit card number, PIN, and/or 3-digit security code.

If you are uncomfortable with the call, please hang up immediately and call the telephone number on the back of your credit or debit card in question.

If the Fraud Department leaves a message, please expect the following:

  • They will identify themselves as calling on behalf of Entrust Financial Credit Union.
  • They will tell you the card type that they are calling to receive verification of transaction(s) on and provide a case number for the call.
  • They will request that you to return their call at (888) 918-7313.

When you call the number on the card and get the interactive voice response system, please expect the following:

  • It will request you to enter your 16 digit credit or debit card number.
  • It will request you to enter your member number and/or zip code.

If you choose to speak with a representative, they will ask for a combination of the items below:

  • Date of Birth
  • Member Number
  • Telephone Number listed on your account
  • Mother’s Maiden Name
  • 3-digit security code

Rights and Responsibilities
With respect to Online Banking and electronic funds transfers, the Federal government has put in place rights and responsibilities for both you and the credit union. These rights and responsibilities are described in the account disclosures you received when you opened your account with Entrust Financial Credit Union. You can also find them online under the disclosure link at www.entrustfcu.org/disclosures. If you notice suspicious account activity or experience security related events, please contact the credit union immediately at 804-353-8012 or 1-800-944-3622.

Additional Resources

We hope that this information will provide you assurance of what to expect when you are contacted about your accounts at Entrust Financial Credit Union. Please contact us at 804-353-8012, 800-944-3622 or efcu@entrustfcu.com should you have any further questions.

Keep your plastics safe

Fraudsters continue to get smarter and more aggressive. While your responsibility for fraudulent transactions is limited, the credit union continues to see increases in our insurance premiums and deductibles, so ultimately, all members pay for card fraud in the long run through additional expenses for the credit union. It is very important to us that we continue to be convenient for you and offer you competitive products and services. In order to accomplish that we need your help.Here are some things YOU can do keep your plastics safe:

  • Use Online Banking tools, such as e-Alerts, that we have on our website. Check your account frequently and let us know if anything looks suspicious.
  • Be watchful anytime someone takes your card to “swipe” it.
  • When you use it at an ATM, be sure to cover the keypad when you enter your PIN so it cannot be viewed by a camera or onlookers.
  • If you are traveling to high risk areas or using your card for purchases that are not typical of your spending behavior, let us know so we can flag your account and work with the fraud prevention tools to make the account as convenient as possible.
  • Always report lost or stolen cards immediately upon discovery.
  • Keep us informed of address changes so your statements and replacement or reissued cards will be sent to the correct place.
  • Sign your cards as soon as you receive them.
  • Don’t lend your card to anyone.
  • Never write down PIN numbers on your card, or keep it in your wallet.
  • Do not use obvious numbers for your PIN. Avoid using digits from your telephone number, social security, date of birth or any number someone could easily figure out.
  • Never use the same PIN or ID number for all your cards.
  • Never throw your account statement or preapproved card offers in the trash. Shred them or destroy them beyond repair.
  • Never put your card information in an email.
  • Avoid carrying all your plastic, social security card, birth certificate or passport all together. Carry only what you will be using.
  • When making purchases on the Internet, make sure you are in a secure environment. This is usually stated by a pop-up message and by a key or lock icon on the bottom of your page. Only shop with companies you know online.
  • When you go on vacation, have the post office hold your mail.
  • If you know a statement is late in the mail, contact the credit union immediately.

Plastics fraud can’t always be prevented, but you as a consumer can protect yourself in many ways by following some of the safety tips we have provided above. Keep the risk of being a fraud victim to a minimum and protect your cards, private information and accounts. It only takes a moment to protect yourself from fraud.

Financial Fraud 101: Phishing, Pharming, Vishing, & Spoofing

Phishing

This is an internet-based activity in which attempts are made to fraudulently extract sensitive financial and personal information from unsuspecting victims. The most common method for perpetrating this criminal activity is generating fake emails that direct readers to counterfeit websites designed to look like authentic ones. The thieves pursue pieces of information like: credit card numbers, CVV or CVC codes (those three digit numbers at the back of your card), ATM card numbers and passwords, and login ids and passwords to transaction sites like eBay, Paypal, bank accounts, etc.

Spoofing

Spoofing is the creation of fake financial websites designed to imitate authentic ones ... again for the purpose of stealing financial information. Spoofing goes hand in hand with phishing - a phishing email, with all it s fake links, is designed to lure the recipients to a spoof website.

Pharming

Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent. Pharming has been called phishing without a lure.

Vishing

Vishing takes two forms. Instead of directing targets to a phony website, as is the case with phishing, a recorded phone call may tell the user to call a toll-free telephone number that reports to be that of a well-known financial institution or other entity. The caller is then asked to punch in his credit card number or other personal information. Another type of vishing takes the form of an email, which asks the user to make a telephone call to a toll-free number and provide his personal information.

Traveling? Contact Entrust Financial CU first.

When you are traveling outside your local area, particularly overseas, it is important to contact Entrust Financial CU so your credit and debit cards will not be blocked. Our system is set up to keep your debit and credit cards safe and secure from theft. Notifying us of your international travel plans is easy through Online Banking in the "More Options" section.

Moving? Update Your Information

Moving? Getting a new cell number? Don't forget to update your contact information with Entrust Financial CU! Maintaining up-to-date contact info helps us keep a closer eye on your accounts.

Protect Your Identity

Identity theft is one of the fastest growing crimes in the U.S. There are things you can do to protect your identity like:

  • Limit the number of identification cards you carry in your wallet.
  • Review charges on your credit card statements and report erroneous charges immediately.
  • Review your credit report at least annually.
  • Use Visa's and MasterCard's online security programs (Verified by Visa, MasterCard SecureCode) when shopping on the internet.
  • Shop online only on secure websites.
  • Shred all financial documents including receipts and offers for pre-approved credit.

These are just a few of the things you can do to protect your identity. Identity theft is more than just an inconvenience, in some cases it can take years to recover. Want more information? Call your credit union and we can point you in the right direction.Other Identity Theft Resources:

ATM Security Tips

  • Conduct transactions during the date.
  • Beware of shoulder surfing.
  • Always protect your PIN#.
  • Don't re-enter your PIN if the ATM eats your card.
  • Call the Credit Union right away if your card is help by the machine.
  • Use well-lighted locations.
  • Know where the security cameras are located.
  • Never count cash until you are at a safe location.
  • Be wary to any offers to "help" with your ATM transactions.
  • Be suspicious if signage states to use a specific machine or if the ATM looks unusual.
  • Pay close attention to the ATM and your surroundings.
  • If you feel uncomfortable, use another machine.
  • Alert your Credit Union immediately to any suspicious activity around the machine.
  • Be on the lookout for fraudulent withdrawals on your statement.

Resources

Report Fraud

  1. Call the number on the back of your card immediately to report the fraud.
  2. Complete the Cardholder Dispute or Fraud Form and send to Entrust Financial Credit Union