KCFCU Cares About Your Financial Security
KCFCU is committed to educating our members about fraud and identity theft. Knowledge is the key to prevention. This section of our Web site is devoted to explaining some more prevalent scams and frauds and includes ways you can protect yourself. For more information on risks to your financial security and how to protect your identity, visit the Federal Trade Commission's website.
Take Extra Precautions Against I.D. Theft and Fraud
Due to recent fraudulent activity in the State of Florida and Georgia, KCFCU has placed a proactive block on check card transactions in these states. Should members have transactions originating from Florida or Georgia or if members are traveling to those states, please call KCFCU at 808-245-6791 to have your card unblocked for transaction processing. Please monitor your statements and notify the credit union immediately should you notice unauthorized transactions. Mahalo for your cooperation.
KCFCU is committed to protecting our members from fraud and identity theft. We urge you to do your part--by being extra vigilant about safeguarding your personal and account information.
- Please beware of suspicious "phishing" emails or telemarketing phone calls asking you to verify your identification or account information.
- Be on the alert for bogus charities asking for donations.
- Never respond to emails requesting verification of account information.
- Watch out for fake invoices that might appear to be from a legitimate company, such as FedEx, UPS, or US Customs asking for credit card information in order to complete the delivery of a package.
- Never give out your personal information (account number, driver's license, or social security number), unless you initiated the phone call and you are absolutely sure you are dealing with a trusted institution, company or organization.
Remember: Your credit union, utility companies or legitimate charitable organizations will never ask you to provide personal identification or account information by email or by phone.
Steps KCFCU Takes to Keep Your Personal Information Safe
Report Fraud or Suspicious Activity
Call our Financial Services department to report any fraudulent or suspicious activities at (808) 245-6791 or email us.
Report lost or stolen KCFCU Visa Cards anytime day or night by calling:
Visa Credit Card
ATM & Visa Check Card
Identity theft occurs when someone uses your personal information, such as your name, Social Security number or credit card number without your permission to commit fraud or other crimes. The FTC estimates that as many as 9 million Americans have their identities stolen each year.
How Does Identity Theft Occur?
Skilled identity thieves use a variety of ways to gain access to your personal information.
- They may steal your wallet or purse.
- They may steal your personal information through email or the phone. This is done by pretending they represent a legitimate company and claiming that you have a problem with your account. This practice is known as online "phishing", or "pretexting" by phone.
- They may steal your credit or debit card numbers by capturing the information in a data storage device in a practice known as "skimming."
- They may swipe your card for an actual purchase or attach a device to an ATM machine where they may enter or swipe your card.
- They may retrieve your credit reports by abusing authorized access or by posing as a landlord, employer or someone else who may have a legal right to your report.
- They may rummage through your trash, the trash of businesses or public trash dumps in a practice known as "dumpster diving."
- They may steal personal information they find in your home.
- They may steal your mail from your mailbox, including bank and credit card statements, credit card offers, new checks and tax information.
- They may complete a "change of address form" to divert your mail to another location.
- They may steal credit card files from other companies, such as department stores, vendors, suppliers, etc.
What Do Thieves Do with Your Personal Information?
Once identity thieves have your personal information, they may use it to commit fraud or theft. For example:
- They may call your credit card issuer to change the billing address on your account. The impostor then runs up charges on your account. Because the bills are being sent to a different address, it may be some time before you realize there's a problem.
- They may open new credit card accounts in your name. When they use the credit cards and don't pay the bills, the delinquent accounts are reported on your credit report.
- They may establish phone or wireless service in your name.
- They may open a bank account in your name and write bad checks on the account.
- They may counterfeit checks, credit cards or debit cards, or authorize electronic transfers in your name and drain your account.
- They may get identification such as a driver's license issued with their picture in your name.
- They may get a job or file fraudulent tax returns in your name.
How Can You Tell If You Are a Victim of Identity Theft?
If an identity thief is opening new credit accounts in your name, these accounts are likely to show up on your credit report. You can find out by ordering a copy of your credit report from the three nationwide consumer reporting companies. If you have lost any personal information or if it has been stolen, you may want to check all your reports more frequently for the first year. You are entitled to a free credit report from each of the three credit-reporting agencies each year. To find out more, go to www.annualcreditreport.com.
Monitor the balances of your financial accounts. Look for unexplained charges or withdrawals. Other indications of identity theft can be:
- Failing to receive bills or other mail. This could mean an identity thief has submitted a change of address.
- Receiving credit cards for which you did not apply.
- Denial of credit for no apparent reason.
- Receiving calls from debt collectors or companies about merchandise or services you didn't buy.
Ways to Protect Yourself from Identity Theft
The Federal Trade Commission, the nation's consumer protection agency, wants you to have the information you need to protect yourself against identity theft. This information is summed up in the FTC's clear and concise message on identity theft: Deter, Detect, Defend.
- DETER identity thieves by safeguarding your information.
- DETECT suspicious activity by routinely monitoring your financial accounts and billing statements.
- DEFEND against ID theft as soon as you suspect a problem.
Get more details on how you can DETER, DETECT and DEFEND against identity theft at http://www.ftc.gov/bcp/edu/microsites/idtheft/.
What To Do If Your Identity Is Ever Stolen
Please refer to the detailed steps outlined on the Federal Trade Commission's website. You should also consider purchasing Identity Theft Protection (link to KCFCU info).
Mobile Device Protection
Is Malware a Threat to Mobile Devices?
The volume of cyber threats to mobile computing devices continues to increase as new applications and devices proliferate. McAfee reports that there were more than two million new mobile malware samples in 2013. Symantec reports that nearly 40% of mobile device users have experienced mobile cyber crime in the past 12 months. Some experts estimate that nearly 10% of applications sold on particular platforms are malicious.
Most mobile malware gets installed when a user visits an infected web site or downloads a malicious application, or clicks on a link or an attachment.
Some of the threats to mobile devices include the following:
- Theft of personal data, such as account info, phone numbers, contact lists, call logs, etc.
- Propagation of malware to your contacts either through by posting to social media, sending phishing emails, etc.
- Surveillance through audio, video (camera), location, text messages, phone calls and other means.
- Disabling of monitoring software on the mobile device.
- Collection of data – such as GPS readings to track a user.
What Can I Do to Secure My Mobile Device?
1. Lock the device
An easy way for malware to get on a device is for someone to manually install it. Locking your device with a strong PIN/password makes unauthorized installation of applications more difficult.
2. Install applications from trusted sources
Users must recognize that some applications may be malicious. If an app is requesting more permissions than seems necessary, do not install it, or uninstall the application. Only install applications from trusted sources.
3. Don't jailbreak your device
To "jailbreak" or to "root" a device means to bypass important controls and gain full access to the operating system. Doing this will usually void the warranty and can create security risks. This also enables applications, including malicious ones, to bypass controls and access the data owned by other apps.
4. Keep operating systems and apps up-to-date
Manufacturers, telecommunications providers, and software providers regularly update their software to fix vulnerabilities. Make sure your device's operating system and apps are regularly updated and running the most recent versions.
5. Use a mobile security software solution
Install antivirus software, if available.
6. Block web ads or and don't click on them
Malware can find its way onto your mobile device through a variety of methods, including advertisements. The malicious advertisements are called "malvertisements." Mobile ads accompany a significant amount of content found in mobile applications, and whether you find them annoying or amusing, cyber criminals have turned their attention toward using them to spread malware to unsuspecting users. What makes these "malvertisements" so dangerous is the fact that they are often delivered through legitimate ad networks and may not appear outright spam, but can contain Trojans or lead to malicious websites when clicked on. Some mobile devices have software that can block harmful sites.
7. Don't click suspicious links and attachments
While it may be difficult to spot some phishing attempts it's important to be cautious about all communications you receive, including those purported to be from "trusted entities" and be careful when clicking on links or attachments contained within those messages.
8. Disable unwanted services/calling
Capabilities such as Bluetooth and NFC can provide ease and convenience in using your smartphone. They can also provide an easy way for a nearby, unauthorized user to gain access to your data. Turn these features off when they are not required.
9. Don't use public Wi-Fi
Many smartphone users use free Wi-Fi hotspots to access data (and keep their phone plan costs down). Smartphones are susceptible to malware and hacking when leveraging unsecured public networks. To be safe, avoid logging into accounts, especially financial accounts, when using public wireless networks.
For More Information
What is a computer virus?
When Malware Goes Mobile
10 Years of Mobile Malware: How Secure Are You?
Mobile Threat Report: 2013 Q3
Mobile Malware Evolution: 2013
Mobile Threat Report
Fake Android Apps
The information provided in the WesPay Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
Phishing, pronounced "fishing" is the creation of an e-mail message that appears to be sent from a reputable financial institution or company. The intent of phishing is to lure or fish for personal information (credit card numbers, bank account information, Social Security number, passwords or other sensitive information) from unsuspecting victims that can be used to commit fraud or identity theft.
What Does a Phishy eMail Look Like?
Don't be fooled by emails with messages similar to these:
- "We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
- "During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."
- "You're credit card will be cancelled if we are unable to verify your personal information today."
Always remember that KCFCU will NEVER ask you to click on an e-mail link to share sensitive financial information. Please notify us whenever you receive a suspicious e-mail or have any other form of unsolicited contact from individuals seeking personal information about your accounts.
Ways to Protect Yourself Against Phishing
The FTC suggests these tips to help you avoid getting hooked by a phishing scam:
- If you get an email or pop-up message that asks for personal or financial information, do not reply. And don't click on the link in the message either. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address yourself. In any case, don't cut and paste the link from the message into your Internet browser-phishers can create a link that looks like it goes to one place, but actually sends you to a different site.
- Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files.
- Forward spam that is phishing for information to firstname.lastname@example.org and to the company, bank or organization impersonated in the phishing email.
Skimming is a hi-tech method of capturing your personal or account information from your credit card, ATM card, debit card or driver's license. An electronic device used to capture this information is called a "skimmer," and can be purchased online for under $50. Your card is swiped through the skimmer and the information contained in the magnetic strip on the card is then read into and stored on the device or an attached computer. The information is then used to commit credit card fraud or identity theft.
How and Where Does Skimming Occur?
- Skimming at restaurants. Many skimming incidents occur at a restaurant where a server is carrying a skimming device in his or her apron or somewhere close by. Your card is scanned twice, once for the transaction that you expected and another in the skimming device to capture your credit card information for further use.
- Skimming devices hidden in ATM machines. It is not uncommon for a thief to be bold enough to tamper with an ATM machine. Typically, a "card trapping" device is inserted into the ATM card slot. This trap scans the card and stores its information or traps the card and doesn't return it to the owner. There is no cash dispensed in either case and the crooks retrieve the cards and information at a later time.
- Skimming by store clerks. A very common form of skimming involves store clerks skimming your credit card when you make a purchase. The clerk scans your card twice, once for your expected transaction and another in a skimmer for later retrieval.
- Skimming devices hidden in card payment terminals. Skimming is becoming more sophisticated and thieves are rigging card payment terminals with electronic equipment to capture the card information. The recorded card numbers are stored in an additional implanted chip and thieves return later to retrieve it.
Ways to Protect Yourself Against Skimming
Here are some things that you can do to lessen the chances that you will become a victim of this tactic:
- Closely monitor anyone who handles your card. Watch anyone you give your card to for processing, such as a waiter, clerk, attendant, etc. If at all possible, do not let them out of your sight. If a clerk makes a hard copy, retrieve the carbons.
- Keep low-limit credit cards. Keeping a low credit limit on your credit cards restricts the amount of money thieves can steal. Although not exactly a prevention tactic, it will help if you fall victim.
- Be aware of your surroundings. The first step to prevent skimming is understanding what is going on around you. Prior to inserting your ATM card, check the ATM card reader to make sure it looks appropriate and is not altered.
Check Fraud and Phony Lotteries
Check Fraud Overpayment
This scam targets people selling cars or other high-ticket valuables through ads or online auction sites. The con artist offers to purchase the item with a check made out for more than the price, asking the seller to wire back the difference after the check is deposited. The check bounces, leaving the seller liable for the entire amount. The checks are counterfeit, but look good enough to fool some financial institutions.
Foreign Lottery Winnings
Bogus foreign lotteries are stealing money from the unsuspecting. Here's how they work: You receive word that you've won a large sum of money in a foreign lottery. You're informed of a simple formality of paying taxes or fees before receiving the money. After paying, a check may arrive but it's no good, it's all a hoax.
Managing and Protecting Your Personal Information
Tips to Safeguard Your Home Computer
Use an Internet firewall. An Internet firewall helps screen out hackers, viruses and worms before they reach your home office computer or network from the Internet. Check with the manufacturer of your computer operating system (such as Microsoft) to see if it includes firewall protection.
Keep your computer operating system up to date. If your computer is more than five years old, its operating system (e.g. Windows 98, OS 7, etc.) may not offer the same level of protection as newer systems. System manufacturers provide frequent updates to help make your system more secure, possibly automatically through email or via your Internet connection. You may also check their websites, including
- Microsoft® http://www.microsoft.com/security/
- Apple Computer® http://www.apple.com/softwareupdate/
- Update your software. Regular software updates can be crucial to keeping your home computer as secure as possible.
- Install, run and keep anti-virus software updated. Commercially available, virus protection software helps reduce the risk of contracting computer viruses that can compromise your security. These programs offer continuous upgrades in response to the latest threats. Two of the most popular programs are:
- McAfee® http://us.mcafee.com
- Symantec® http://www.norton.com
- Be careful with e-mail and instant messages (IM). Even if a message appears to come from someone you know, a file attached to an e-mail message or IM could contain a virus, so be sure to contact the sender by some other means to gain added assurance that the attachment is valid. Also, never reveal personal -- financial information in a response to an e-mail request, no matter who appears to have sent it-your home computer may be the target of a phishing scam.
- Use strong passwords and change them often. Strong passwords give you better security against intrusion by hackers and thieves.
- Disconnect from the Internet when not in use. Dedicated services such as DSL or high-speed cable provide a constant connection between your computer and the Internet. Even if you have a firewall installed, as an additional step to help protect yourself, disconnect from the Internet when not in use to avoid unwanted access to your computer's data.
- Use secure websites for transactions and shopping. Make sure the web page you are viewing offers encryption of your data. Often you will see a lock symbol in the lower righthand corner of your browser window, or the web address of the page you are viewing will begin with "https://...". The "s" indicates "secured" and means the web page uses encryption.
- Be aware that there are risks involved when logging in to personal accounts using shared computers accessible to the general public, such as those available in hotels and libraries. Public access computers may be infected with viruses and/or malicious software, such as Trojans and keyloggers.
"Low-Tech" Ways of Protecting Your Personal Information
Not all crimes are high-tech or involve the computer or Internet. Here are some low-tech ways to reduce your risk of old fashioned thievery.
- Know your billing and statement cycles. Contact the company's customer service department if you stop receiving your regular bill or statement.
- Shred confidential papers, including offers of credit, before discarding them.
- Never carry your SSN or birth certificate in your wallet.
- Carry as few cards with personal information as possible.
- Don't print your SSN, birth date or credit card number on your personal checks and don't allow store clerks to do so.
- Memorize your PIN and passwords. Shield your hand when using an ATM to prevent "shoulder surfers" from obtaining your codes.
- Don't leave your wallet unattended. Vehicle glove compartments and health club locker rooms are spots that thieves go to first.
- Choose hard-to-guess PINs and passwords. When choosing passwords for your accounts, don't use your mother's maiden name, family members' birth dates, your pet's name or other easily guessed word or number.
- Do not place outgoing mail in your mailbox. Deposit mail in a U.S. Postal Service mailbox or at the post office to reduce the chance of mail theft.
- Promptly retrieve incoming mail. Collect your mail as soon as possible every day to limit the opportunity for theft.
Just to Be on the Safe Side...
- Write a list of your credit card account numbers, including expirations dates and contact information, and safely store this information in case you need to report lost or stolen cards.
- Review your Social Security Earnings and Benefits statement annually to check for fraud.
- Review your credit report. Look over your credit report regularly, at least yearly, for any inaccuracies. You can get a free credit report once a year from each of the three major credit bureaus at www.annualcreditreport.com. For a small fee you can obtain a copy at any time directly from:
- Equifax: 1-800-685-1111 or www.equifax.com
- Experian: 1-888-397-3742 or www.experian.com
- TransUnion: 1-800-916-8800 or www.transunion.com
- Limit the credit offers you receive. To reduce the credit offers you receive and the information companies share about you, contact the National Consumer Credit Reporting Agencies at 1-888-5-OPTOUT (1-888-567-8688).
- Remove your name from marketing lists. The Direct Marketing Association (DMA) notifies its members that they must remove your name from the lists they sell. Their members include the agencies and companies that compile mailing and telemarketing lists. Your name and address remain in the DMA's consumer exclusion files for five years. Contact the DMA at www.dmaconsumers.org.