Category: SECURITY

Please be aware of potential fraudulent texts, emails, or phone calls coming from people posing as Compass Community Credit Union staff. These communications may very well be fraudulent and an attempt to take over your account.

As a reminder, Compass Community Credit Union will never contact you to ask for your personal information. If someone posing as a credit union employee asks you for information like your social security number, username and password, DO NOT RESPOND.

Contact us at 707-443-8662 immediately if you receive a suspicious request for private account information (you can also go to our website to verify our contact information).

How Can You Prevent Account Takeover Fraud?

• If someone posing as a staff member from Compass Community Credit Union contacts you by phone, email, or text message and wants you to share your account information, consider it fraud.

• Be cautious of someone posing as tech support from a software company, Adobe, Paypal, Amazon, or any other company that contacts you by phone, email, or text message and wants you to share your account information. Hang up and call the phone number listed on their website.

• If you receive a text or email asking for account information, do not reply. Ignore the message and do not call any phone numbers listed.

• If you receive a phone call that seems to be a phishing attempt, simply end the call. Be aware that area codes can be misleading: a local area code does not always guarantee the caller is local.

If you feel that you have been the victim of fraud, contact us at 707-443-8662 or visit our website to verify how to contact us.

According to the Giving USA Foundation’s annual report on U.S. philanthropy, Americans contributed nearly $485 billion to charity in 2021. Unfortunately, this willingness to donate money opens a door for scammers, who capitalize on donor’s goodwill to steal money. Charity fraud scammers succeed by mimicking the real thing.

This fraud is an example of Relationship and Trust Fraud under the Fed’s FraudClassifer model.

HOW TO IDENTIFY THREAT: Scammers solicit “donations” by contacting victims using the same channels as legitimate charities, such as telemarketing, direct mail, email, door-to-door solicitations, social media, crowdfunding platforms, and cold calls. Scammers may also use natural disasters or other emergencies to commit fraud. For instance, scammers may commit insurance fraud against natural disaster victims, re-victimizing people whose homes or businesses were damaged by the disaster.

HOW TO PROTECT AGAINST THIS THREAT: Real charities will accept donations using any method available to the donor, such as ACH debit, check, or credit/debit card. Scammers will request payments immediately using payment methods that are difficult to trace and provide the scammer guaranteed funds such as cash, gift card, virtual currency, Instant Payment, or wire transfer. Donors should verify the charity’s names and web addresses before donating. Consumers should also keep records of their donations and view their bank accounts regularly to ensure they weren’t charged the incorrect amount or unknowingly signed up for a reoccurring donation. Consumers who find incorrect or unauthorized entries on their accounts can dispute entries with their financial institution.

The Internal Revenue Service maintains an online database where consumers can check whether an organization is a registered charity and whether their donation is tax-deductible. Click here.

A victim of charity fraud can report it to the FTC and the government agency in their state that regulates charities. The consumer can further report a charity fraud to the FBI at 1-800-CALL-FBI or visit www.fbi.gov for more information.

If a fraudster steals your personal information, they can run up charges on credit cards, withdraw money from your accounts, open new accounts in your name, and more. Here are some ways you can prevent identity theft:

Safeguard Your Physical Records

While fraudsters are becoming increasingly sophisticated in their ways of stealing personal information, the tried-and-true method of physical theft is easy to rely on. Identity thieves can do a lot of financial harm with a lost or stolen wallet, mail, or documents you throw away. To limit the chances of identity theft, safeguard important documents at home, such as your Social Security card, birth certificate, passport, recent credit union statements, and tax documents. Put these documents in a locked safe. If you throw away any documents with your personal information on them, tear them up or shred them beforehand. Sensitive materials such as credit union statements, credit applications or offers, insurance forms, medical statements, checks, and utility bills can be a goldmine for thieves if they search through your trash. Opting into Compass e-Statements is an easy, secure way to protect your account information.

Additionally, you should consider collecting your mail daily. If an identity thief is willing to steal sensitive data out of your garbage, it’s likely they’re willing to steal sensitive data out of your mailbox. Consider signing up for Informed Delivery, which will notify you with a digital preview of the items being delivered—that way you’ll know if something is missing. If you know you’re going to be away from home for a while, sign up for Hold Mail service. By opting to use this tool, the USPS will safely hold your mail at your local Post Office until your return home, for up to 30 days.

Enable Two-Factor Authentication

Consider enabling two-factor authentication on all of your accounts. By adding two-factor authentication, accounts can only be accessed after entering the username and password, then by completing another prompt—such as entering a code you receive via text or email or scanning a fingerprint. Without having access to the latter, a fraudster can’t access your accounts.

Don’t Overshare on Social Media

Social media platforms are treasure troves for identity thieves. Not only is it common for someone to share their full name and date of birth on social media, but people are often sharing updates on their whereabouts and interacting with family members. For example, let’s say John Smith makes the following status update, accompanied by a photo: “Hey, everyone! Check out my new car! I’m going to take it for a spin and meet my mom at the dog park. Spike always loves playing fetch!” Under the photo, John’s mother, Jane (Doe) Smith comments, “I can’t wait to see you!” Without John realizing it, answers to common security questions were revealed:

What is the make and model of your first car?

What is your childhood pet’s name?

What is your mother’s maiden name?

Be wary of oversharing online.

If you have questions or if you’re looking for a way to increase security on your financial accounts, contact us at 707-443-8662. As an additional resource, visit IdentityTheft.gov to report identity theft and create a recovery plan.

Last month, we provided some tips on how to identify recent scams. This is part 2 of our series on how to identify them and what to watch for.

E-mail Fraud/Phishing – What is Phishing?

Phishing is a general term for e-mails, text messages and websites fabricated and sent by criminals and designed to look like they come from well-known and trusted businesses, financial institutions and government agencies in an attempt to collect personal, financial and sensitive information.  It’s also known as brand spoofing.

Characteristics: 

•            The content of a phishing e-mail or text message is intended to trigger a quick reaction from you. It can be unsettling, might contain exciting information or demand an urgent response.  Phishing messages are normally not personalized.  

•            Typically, phishing messages will ask you to “update,” “validate,” or “confirm” your account information or face dire consequences.  They might even ask you to make a phone call.  

•            Often, the message or website includes official-looking logos and other identifying information taken directly from legitimate websites. Government, financial institutions and online payment services are common targets of brand spoofing.

Catch phrases:  

•            E-mail Money Transfer Alert:  Please verify this payment information below…

•            It has come to our attention that your online banking profile needs to be updated as part of our continuous efforts to protect your account and reduce instances of fraud… 

•            Dear Online Account Holder, Access To Your Account Is Currently Unavailable…, Important Service Announcement from…, You have 1 unread Security Message!

•            We regret to inform you that we had to lock your bank account access.  Call (telephone number) to restore your bank account.

In some cases, the offending site can modify your browser address bar to make it look legitimate, including the web address of the real site and a secure “https://” prefix.

Information sought: Social Security numbers, full name, date of birth, full address, mother’s maiden name, username and password of online services, driver’s license number, personal identification numbers (PIN), credit card information (numbers, expiry dates and the last three digits printed on the signature panel) and bank account numbers. 

Foreign Government Fraud 

Watch out for emails from senders posing as government or business officials offering to share large sums of money. If you have received an unsolicited letter containing any of the characteristics listed below, you should consider this a scam and delete the email. Most letters are variations of the following:

•            You receive an “urgent” business proposal “in strictest confidence” from a foreign civil servant or businessman.

•            The sender, often a member of the “contract review panel”, obtained your name and profile through the Chamber of Commerce or the International Trade Commission.

•            The sender recently intercepted or has been named beneficiary of the proceeds from real estate, oil products, over-invoiced contracts, cargo shipments, or other commodities, and needs a foreign partner to assist with laundering the money.

•            Since their government/business position prohibits them from opening foreign bank accounts, senders ask you to deposit the sum, usually somewhere between $25-50 million, into your personal account.

•            For your assistance, you will receive between 15-30% of the total, which sits in the “Central Bank of ______” awaiting transfer.

•            To complete the transaction, they ask you to provide your bank name and address, your telephone and fax numbers, the name of your beneficiary, and, of course, your bank account number.

•            The sender promises to forward your share within 10-14 working days!

Money Mule – What is it?

The Money Mule (victim) is recruited – often unknowingly – by scammers to move money made from illegal activity. Money is moved from one bank account to another. By using a money mule, it makes it harder for authorities to track down.

How do people become Money Mules?

Fraudsters approach their money mule victims in a variety of ways including social media, email, mail or phone. Many scams are typically disguised as online job opportunities that promise a fast and easy way to earn money. All they need is your account information to let money be transferred into your account. Then you move the money out of your account for a commission.

These scams look attractive, especially when a little extra income wouldn’t hurt, which is why so many people fall for them. But they are actually helping criminals commit crimes.

Tips:

1.           Be cautious of unsolicited emails and social posts.

2.           Verify company information online or give them a call.

3.           Thoroughly check offers from overseas companies.

4.           Never give out your bank account information.

Remember, do not give out your personal or account information unless you are absolutely sure you know who you are dealing with. If you have any questions or concerns, please call us at 707-443-8662.

Between working, spending time with your friends and family, and pursuing your hobbies, there never seems to be enough time in the day. As a result, we are all looking for ways to cut the amount of time spent on mundane chores. Setting up automatic payments for recurring bills is a modern convenience that saves a significant amount of time. As long as you have the funds in your account, you’ll simply be able to set it and forget it, right? Yes—you could, but here are a few reasons why you should monitor your automatic payments:

Overdraft Fees

When making manual bill payments, you can always check to ensure you have sufficient funds in your account before you pay. When you enroll in auto-pay, there’s a greater risk of an overdraft to your account. While truly being able to set it and forget it would be great, it’s a good idea to continue checking in on your accounts before your automatic payments clear each month. This is especially crucial if you’ve automated any variable expenses, such as a utility bill. Try to get in the habit of checking your account balance before your auto-pay clears. While it’s not exactly a “set it and forget it” approach, it’s still more convenient that manually paying your bills each month.

Unnoticed Errors

There are a number of benefits to enrolling in auto-pay. It’s convenient and you’re less likely to miss a payment. A major downside, however, is actually something out of your control. Payees do occasionally make mistakes. While rare, these mistakes could be costly. If you aren’t monitoring your automatic payments, a significant mistake could go unnoticed.

Cancelled Services

If you’ve enrolled in auto pay and had only positive experiences, you might simply let your automatic ACH or Bill Pay services take care of everything. However, your auto-pay service doesn’t know when you’ve stopped going to the gym or canceled a service. If you’re letting your auto-pay take care of everything, you may find yourself wasting money on subscriptions you’re not using. Instead, simply check in on your account statements each month to ensure that you aren’t throwing your hard-earned money away.

If you decide to sign up for auto pay, set up eAlerts using the Compass app. You will receive a notification when your balance is low or when a transaction has occurred. It’s a great way to stay on top of your payments without having to manually make them yourself. Auto pay is incredibly convenient and is a payment process that is certainly worth looking into, but it’s important to have good financial habits rooted in an awareness of what you’re paying and when.