Category: SECURITY

We have provided some information and tips on how you can protect yourself from phony emails and phishing scams. In this article, we will be focusing on the latest scam published by the FBI’s Internet Crime Complaint Center (IC3), Tech Support Scams. Based on a Public Service Announcement published in July, this particular scam is …

The Latest Scam

We have provided some information and tips on how you can protect yourself from phony emails and phishing scams. In this article, we will be focusing on the latest scam published by the FBI’s Internet Crime Complaint Center (IC3), Tech Support Scams. Based on a Public Service Announcement published in July, this particular scam is on the rise. IC3’s 2022 Internet Crime Report shows this type of scandal had a 27% increase over 2021 and totaled in over $1B in losses.

How do you know if you’re being targeted:

The scammers will initiate contact with their victim through a phone call, text message, email, or popup window posing to be support from a company. They hook their victims by telling them they are eligible for a refund and that they need to gain access to their computer so they can guide them through the transfer. They will urge their victim to log into their bank account, and then take over control. During this process they will intentionally transfer more money than what was said to be refunded and play on their victims’ emotions by telling them they could lose their job if they do not receive the funds back. They will instruct their victim to send the money via cash disclosed in a magazine or to a pharmacy or retail business which will accept packages like this.

How do you protect yourself against the threat, below are some tips provided from IC3:

  • Never download software at the request of an unknown individual who contacts you
  • Never allow an unknown individual authorization to access or control your machine remotely
  • Do not click on unsolicited popups, links, text messages or even attachments.
  • Never send cash via mail or shipping companies

What do you do if you’ve fallen victim, or suspect you’ve been targeted:

If you suspect you have been a victim of this attack, you should report this activity to the FBI Internet Complaint Center at www.ic3.gov. You will need to include as much information as possible, and this should include.

  • The name of the person or company that contacted you
  • Methods of communication used, in include websites, emails, and phone numbers
  • The address where the cash was shipped and the recipient name

The source of this information was gathered from the FBI’s IC3 website and can be reviewed in more detail at https://www.ic3.gov/Media/Y2023/PSA230718.

Compass Community Credit Union is dedicated to protecting our members and the safety of your information. If you have any questions or concerns, please call us at 707-443-8662.

Preventing Identity Theft

If a fraudster steals your personal information, they can run up charges on credit cards, withdraw money from your accounts, open new accounts in your name, and more. Here are some ways you can prevent identity theft:

Safeguard Your Physical Records

While fraudsters are becoming increasingly sophisticated in their ways of stealing personal information, the tried-and-true method of physical theft is easy to rely on. Identity thieves can do a lot of financial harm with a lost or stolen wallet, mail, or documents you throw away. To limit the chances of identity theft, safeguard important documents at home, such as your Social Security card, birth certificate, passport, recent credit union statements, and tax documents. Put these documents in a locked safe. If you throw away any documents with your personal information on them, tear them up or shred them beforehand. Sensitive materials such as credit union statements, credit applications or offers, insurance forms, medical statements, checks, and utility bills can be a goldmine for thieves if they search through your trash. Opting into Compass e-Statements is an easy, secure way to protect your account information.

Additionally, you should consider collecting your mail daily. If an identity thief is willing to steal sensitive data out of your garbage, it’s likely they’re willing to steal sensitive data out of your mailbox. Consider signing up for Informed Delivery, which will notify you with a digital preview of the items being delivered—that way you’ll know if something is missing. If you know you’re going to be away from home for a while, sign up for Hold Mail service. By opting to use this tool, the USPS will safely hold your mail at your local Post Office until your return home, for up to 30 days.

Enable Two-Factor Authentication

Consider enabling two-factor authentication on all of your accounts. By adding two-factor authentication, accounts can only be accessed after entering the username and password, then by completing another prompt—such as entering a code you receive via text or email or scanning a fingerprint. Without having access to the latter, a fraudster can’t access your accounts.

Don’t Overshare on Social Media

Social media platforms are treasure troves for identity thieves. Not only is it common for someone to share their full name and date of birth on social media, but people are often sharing updates on their whereabouts and interacting with family members. For example, let’s say John Smith makes the following status update, accompanied by a photo: “Hey, everyone! Check out my new car! I’m going to take it for a spin and meet my mom at the dog park. Spike always loves playing fetch!” Under the photo, John’s mother, Jane (Doe) Smith comments, “I can’t wait to see you!” Without John realizing it, answers to common security questions were revealed:

What is the make and model of your first car?

What is your childhood pet’s name?

What is your mother’s maiden name?

Be wary of oversharing online.

If you have questions or if you’re looking for a way to increase security on your financial accounts, contact us at 707-443-8662. As an additional resource, visit IdentityTheft.gov to report identity theft and create a recovery plan.

Think twice when sharing back-to-school photos

With school starting up soon, social media is full of adorable back-to-school photos. Many like to feature a child holding a “first day of school” sign with basic information, such as their name and grade. But before you snap a picture of your little one, read these tips and be cautious about what you post.

Back-to-school photo tips

Avoid sharing personal details about your child. Photos often involve kids holding a sign with their full name, age, height, and other details. Scammers could use this information to commit identity theft and predators can use this to earn your child’s trust.

Leave off information about the school. Even sharing the name of your child’s school, teacher, or grade could make them a target. In addition, these details are often used as security questions for banking or credit card accounts.

Review your privacy settings. Check your social media account’s privacy settings regularly. Be mindful of those who can view your posts and restrict those you don’t know. You may want to remove personal information from your account that others can see, such as your telephone number or address.

Watch out for phony friend requests. Don’t accept friend requests from strangers. Also, think twice before you accept a friend request from someone you are already connected with. It could be an impostor trying to access your information and friends list.

Go mobile, stay safe

Today, doing anything and everything on your mobile phone is extremely easy – often too easy.  Here are some simple tips to help keep your money, and personal information, safe.

Treat your phone like a computer: It may be smaller but contains similar confidential information.   Set a logon password to protect your information should you lose your phone. In addition to setting a password, enable the fingerprint security and/or facial recognition settings on your phone to better protect your information.”

Be careful when you connect to open Wi-Fi; you may be exposing your information to hackers. Only connect to known, secure Wi-Fi when conducting business that exposes sensitive data.

Never save passwords in a text document: Never save sensitive data or passwords to a text document on your phone.

Think before you download: Only download apps from trusted sources.

Equip your phone with protection: Take advantage of malware and virus protection. Avoid leaving your phone unattended:  If you don’t, “hacking” can be as simple as someone else turning on your phone.

To learn more about the Compass app, click here.

Scams are on the rise. Protect yourself, don’t become a victim (part 2).

Last month, we provided some tips on how to identify recent scams. This is part 2 of our series on how to identify them and what to watch for.

E-mail Fraud/Phishing – What is Phishing?

Phishing is a general term for e-mails, text messages and websites fabricated and sent by criminals and designed to look like they come from well-known and trusted businesses, financial institutions and government agencies in an attempt to collect personal, financial and sensitive information.  It’s also known as brand spoofing.

Characteristics: 

•            The content of a phishing e-mail or text message is intended to trigger a quick reaction from you. It can be unsettling, might contain exciting information or demand an urgent response.  Phishing messages are normally not personalized.  

•            Typically, phishing messages will ask you to “update,” “validate,” or “confirm” your account information or face dire consequences.  They might even ask you to make a phone call.  

•            Often, the message or website includes official-looking logos and other identifying information taken directly from legitimate websites. Government, financial institutions and online payment services are common targets of brand spoofing.

Catch phrases:  

•            E-mail Money Transfer Alert:  Please verify this payment information below…

•            It has come to our attention that your online banking profile needs to be updated as part of our continuous efforts to protect your account and reduce instances of fraud… 

•            Dear Online Account Holder, Access To Your Account Is Currently Unavailable…, Important Service Announcement from…, You have 1 unread Security Message!

•            We regret to inform you that we had to lock your bank account access.  Call (telephone number) to restore your bank account.

In some cases, the offending site can modify your browser address bar to make it look legitimate, including the web address of the real site and a secure “https://” prefix.

Information sought: Social Security numbers, full name, date of birth, full address, mother’s maiden name, username and password of online services, driver’s license number, personal identification numbers (PIN), credit card information (numbers, expiry dates and the last three digits printed on the signature panel) and bank account numbers. 

Foreign Government Fraud 

Watch out for emails from senders posing as government or business officials offering to share large sums of money. If you have received an unsolicited letter containing any of the characteristics listed below, you should consider this a scam and delete the email. Most letters are variations of the following:

•            You receive an “urgent” business proposal “in strictest confidence” from a foreign civil servant or businessman.

•            The sender, often a member of the “contract review panel”, obtained your name and profile through the Chamber of Commerce or the International Trade Commission.

•            The sender recently intercepted or has been named beneficiary of the proceeds from real estate, oil products, over-invoiced contracts, cargo shipments, or other commodities, and needs a foreign partner to assist with laundering the money.

•            Since their government/business position prohibits them from opening foreign bank accounts, senders ask you to deposit the sum, usually somewhere between $25-50 million, into your personal account.

•            For your assistance, you will receive between 15-30% of the total, which sits in the “Central Bank of ______” awaiting transfer.

•            To complete the transaction, they ask you to provide your bank name and address, your telephone and fax numbers, the name of your beneficiary, and, of course, your bank account number.

•            The sender promises to forward your share within 10-14 working days!

Money Mule – What is it?

The Money Mule (victim) is recruited – often unknowingly – by scammers to move money made from illegal activity. Money is moved from one bank account to another. By using a money mule, it makes it harder for authorities to track down.

How do people become Money Mules?

Fraudsters approach their money mule victims in a variety of ways including social media, email, mail or phone. Many scams are typically disguised as online job opportunities that promise a fast and easy way to earn money. All they need is your account information to let money be transferred into your account. Then you move the money out of your account for a commission.

These scams look attractive, especially when a little extra income wouldn’t hurt, which is why so many people fall for them. But they are actually helping criminals commit crimes.

Tips:

1.           Be cautious of unsolicited emails and social posts.

2.           Verify company information online or give them a call.

3.           Thoroughly check offers from overseas companies.

4.           Never give out your bank account information.

Remember, do not give out your personal or account information unless you are absolutely sure you know who you are dealing with. If you have any questions or concerns, please call us at 707-443-8662.

Scams are on the rise. Protect yourself, don’t become a victim (part 1).

We have recently seen an increase in scams and would like to provide you with some tips on how to identify them and what to watch for.

Prize Pitch (Lottery) Scams 

The classic prize pitch scam involves victims receiving notification by mail, phone, or e-mail indicating they have won a prize (monetary or other valued items). 

However, in order to collect the prize the victim is required to pay various fees or taxes in advance. Victims either never hear from the organization again or receive further requests for money.

Tips: 

  • Challenge a caller who says you’ve won a prize to tell you where and when you entered. If you didn’t enter, you can’t win.
  • Keep track of contests, draws and lotteries you enter.
  • If it sounds too good to be true, it probably is.

Watch out for Charity Scams 

Fraud artists hope to profit from people’s generosity. Consider the following precautions to make sure your donations benefit the people and organizations you want to assist:

•            Be wary of appeals that tug at your heart, especially pleas involving current events.

•            Ask for written information about the charity, including name, address and telephone number. A legitimate charity or fund-raiser will give you information about the charity’s mission, how your donation will be used and proof that your contribution is tax deductible.

•            Ask the solicitor for the registered charitable tax number of the charity. Question any discrepancies. 

•            Check out the charity’s financial information. For many organizations, this information can be found online or call them.    

•            Watch out for similar-sounding names. Some phony charities use names that closely resemble those of respected, legitimate organizations. If you notice a small difference from the name of the charity you intend to deal with, call the organization to check it out. 

•            Be skeptical if someone thanks you for a pledge you don’t remember making. If you have any doubts about whether you’ve made a pledge or previously contributed, check your records. Be on the alert for invoices claiming you’ve made a pledge. Some unscrupulous solicitors use this approach to get your money. 

•            Refuse high-pressure appeals. Legitimate fund-raisers won’t push you to give on the spot. 

•            Be wary of charities offering to send a courier or overnight delivery service to collect your donation immediately. 

•            Be wary of guaranteed sweepstakes winnings in exchange for a contribution. According to law, you never have to donate anything to be eligible to win. 

•            Avoid cash gifts. Cash can be lost or stolen. For security and tax record purposes, it’s best to pay by check. 

Advance Fee Fraud 

Classified advertisements for loan opportunities do not guarantee the legitimacy of a company. Some companies claim they can guarantee you a loan even if you have a bad credit history or no credit rating at all. They usually request an up-front fee of several hundred dollars. If you send your money to these companies, it is unlikely you will get your promised loan and your advance payment will be at risk.

Advance fee loans operating for a criminal purpose generate millions of dollars annually in the U.S. Persons with poor credit ratings are usually the key targets and once the ‘loan processors’ receive your money, they usually disappear.

If you have doubts about the organization, contact the Better Business Bureau for further information.

Most important, do not give out your personal or account information unless you are absolutely sure you know who you are dealing with. If you have any questions or concerns, please call us at 707-443-8662.

Why You Should Monitor Your Automatic Payments

Between working, spending time with your friends and family, and pursuing your hobbies, there never seems to be enough time in the day. As a result, we are all looking for ways to cut the amount of time spent on mundane chores. Setting up automatic payments for recurring bills is a modern convenience that saves a significant amount of time. As long as you have the funds in your account, you’ll simply be able to set it and forget it, right? Yes—you could, but here are a few reasons why you should monitor your automatic payments:

Overdraft Fees

When making manual bill payments, you can always check to ensure you have sufficient funds in your account before you pay. When you enroll in auto-pay, there’s a greater risk of an overdraft to your account. While truly being able to set it and forget it would be great, it’s a good idea to continue checking in on your accounts before your automatic payments clear each month. This is especially crucial if you’ve automated any variable expenses, such as a utility bill. Try to get in the habit of checking your account balance before your auto-pay clears. While it’s not exactly a “set it and forget it” approach, it’s still more convenient that manually paying your bills each month.

Unnoticed Errors

There are a number of benefits to enrolling in auto-pay. It’s convenient and you’re less likely to miss a payment. A major downside, however, is actually something out of your control. Payees do occasionally make mistakes. While rare, these mistakes could be costly. If you aren’t monitoring your automatic payments, a significant mistake could go unnoticed.

Cancelled Services

If you’ve enrolled in auto pay and had only positive experiences, you might simply let your automatic ACH or Bill Pay services take care of everything. However, your auto-pay service doesn’t know when you’ve stopped going to the gym or canceled a service. If you’re letting your auto-pay take care of everything, you may find yourself wasting money on subscriptions you’re not using. Instead, simply check in on your account statements each month to ensure that you aren’t throwing your hard-earned money away.

If you decide to sign up for auto pay, set up eAlerts using the Compass app. You will receive a notification when your balance is low or when a transaction has occurred. It’s a great way to stay on top of your payments without having to manually make them yourself. Auto pay is incredibly convenient and is a payment process that is certainly worth looking into, but it’s important to have good financial habits rooted in an awareness of what you’re paying and when.

Elder Abuse Awareness Day – June 15th!

Every year, scammers inundate senior Americans with all kinds of fraudulent schemes. Here are just a few:

  • Phony investment schemes
  • Bogus charity fundraisers
  • Medicare fraud
  • Predatory reverse mortgages
  • Sweepstake scams
  • Fictitious surveys

Be wary of emails requesting personal information. Scammers send bogus emails that look like they come from a company you recognize. They include the company’s branding and logo so you think it’s legit. These scams are designed to trick you into providing your username and password. Do not click on any links in the email. Contact the company directly through their website by typing the web address yourself. You can also call the phone number that you have on file or the number listed on their website.

Crooks like to create fake websites that look genuine. They can be very impressive to deceive you in thinking it’s real. Then, they try and trick you into providing your debit/credit card number or your username and password. The best thing to do is go directly to the website by typing the web address yourself rather than from the link. Look at the website address and make sure it matches the site you’re trying to access. Tip: Scammers usually misspell or add an extra letter to the website address. An example is Amazon becoming “Amazone” or “Amazne.”

Fraudsters con people out of over 60 billion dollars every year. It can be difficult for some to admit they may have been victimized. According to AARP, there are several telltale signs to watch for:

  1. Money and valuables are disappearing for no good reason.
  2. Bills aren’t paid, and a parent seems confused about finances.
  3. They are being secretive about money and asking for more. There may be strange credit card charges.
  4. A family member won’t answer questions about your parent’s money.
  5. Someone new befriends your parent and manages to take joint title to accounts and property.

To help keep our seniors safe, the Consumer Financial Protection Bureau has created some free materials at www.consumerfinance.gov.

It’s important to stay on top of global cyber-attacks.

Fraudsters use circumstances like this to prey on innocent people. To protect yourself from scams, use caution and watch for these types of threats.

1. Financial Imposter Scam
Fraudsters create SMS/Text Messages that look like they came from your financial institution, prompting you to take action immediately. Once you respond, they follow up with a call pretending they are from the security department. They use some of your information found on social media or the internet to coax you into providing your username, password and 2FA code. This information allows them to access your online banking. Compass will never ask for your password or 2FA code and you should never give this information out.

2. Phishing Emails
Be wary of emails requesting personal information. Scammers send bogus emails that look like they come from a company you recognize. They include the company’s branding and logo so you think it’s legit. These scams are designed to trick you into providing your username and password. Do not click on any links in the email. Contact the company directly through their website by typing the web address yourself. You can also call the phone number that you have on file or the number listed on their website. 

3. Spoofed (Fake) Websites
Crooks like to create fake websites that look genuine. They can be very impressive to deceive you in thinking it’s real. Then, they try and trick you into providing your debit/credit card number or your username and password. The best thing to do is go directly to the website by typing the web address yourself rather than from the link. Look at the website address and make sure it matches the site you’re trying to access. Tip: Scammers usually misspell or add an extra letter to the website address. An example is Amazon becoming “Amazone” or “Amazne.”

4. Reusing Usernames and Passwords
Protect yourself by using different usernames and passwords for every account. Passphrases consisting of simpler words or constructs are better than short passwords with special characters. A password is a short character set of mixed digits. A passphrase is a long string of text that makes up a phrase or sentence. Example: mydogRocky#1

For additional information and to learn more about other security tips, visit Compassccu.org/securitytips. If you think you have been a victim of fraud, please contact us at 707-443-8662.

7 Ways to Protect Yourself When Shopping Online

Every year, stolen debit and credit card information account for billions of dollars in losses and fraud. Cybercriminals are standing by 24/7, so we’ve compiled a list of tips to keep yourself protected.

1. Credit Card vs. Debit Card

Both can fall victim to fraud. If you’re the victim of fraud or theft, Compass can assist you with filing a dispute to get your money back. Best practice is to monitor your account regularly with our free online banking or free Compass mobile app. You can even set up alerts to help manage your account.

2. Don’t Store Your Card Information on a Website

If your computer asks: “remember my password,” the correct answer is “no.” This feature is obviously convenient, but it leaves you vulnerable should someone gain access to your computer or browser. Similarly, if you’re making a purchase, some sites will ask if you want to save your card information for future purchases. Always choose “no.”

3. Monitor Account Activity and Boost Anti-Fraud Measures

Many credit and debit card issuers allow you to sign up for transaction alerts that will notify you when a purchase has been made over a set amount, which can help you monitor your account. Regularly log in to your account to keep tabs on your account activity. If you notice anything questionable, report it right away.

4. Look for http “s” Before Purchasing

Not all sites are safe and secure. Ensure the site you are visiting is secure before purchasing by looking for the “https://” in the browser’s address bar before you provide your credit card information. The “s” stands for Secure and should appear on all web pages that require disclosing financial information. If it’s not there, the site is not secure, so discontinue any transactions or sharing of personal information.

5. Be Wary of Emails Requesting Information

Attackers may attempt to gather information by sending official-looking and sounding emails requesting that you confirm a purchase or account information. Legitimate businesses will not solicit this type of information through email. Do not provide sensitive information through email. If you receive an unsolicited email from a business, instead of clicking on the provided link, directly log in to the authentic website by typing the address yourself.

6. Be Careful of Faked Websites

“Typosquatting,” also called URL hijacking, is what may occur when you mistype a website name and don’t realize it. Scammers set up fake domain names that are just a letter or two off from popular sites to take advantage of unintentional misspellings. Those who normally type quickly and rely heavily on autocorrect are especially at risk. This can result in Amazon becoming “Amazone” or “Amazne.” Also, bookmark the pages you visit most often to make navigating easier and less of a hassle.

7. Assume Public Wi-Fi is Not Secure

Wi-Fi hotspots in coffee shops, libraries, airports, and other public places are convenient but often not secure. Online shoppers don’t realize that cyber thieves can grab their wireless data at Wi-Fi hotspots because the majority of these places don’t encrypt the information you send over the Internet. If a network doesn’t require a password, it’s safe to assume it is not secure.

The Bottom Line: It’s important to take extra precautions while shopping or doing any financial transactions online. Cybercriminals know we’re conducting more business online than ever and they’re looking for ways to target unsuspecting consumers.

Stay on top of your credit scores and protect your identity with our IdentityIQ plan. To learn more, click here.

In short, a credit union is a cooperative financial institution where people work together to make everyone’s lives better. Everyone who has an account here is a member. And every member is an owner.

Rather than making profits to send to far-off shareholders, Compass CCU reinvests in our credit union. Which means we reinvest in YOU. That’s why we say that, at Compass Community Credit Union, we guide you to better banking.