Alerts and Security

Alerts

March 2020-

3/31/20– With all the news about stimulus checks, fraudsters are creating websites and ads to fool consumers into providing private information in exchange for additional stimulus payments or grants.

  • Government agencies do not communicate through social media outlets, such as Facebook.
  • A government agency will never request an advanced processing fee to receive a grant.
  • Beware of fake government agencies promoted by fraudsters.  The only official list of all U.S. federal grant-making agencies can be found on the grants.gov website.
  • Practice safe-surfing when you’re online. Know where you are and how you got there. There are growing numbers of fake websites made to look legitimate, but in fact fool us into providing our usernames, passwords and other private information.

3/20/20– During this time Fraudsters are taking advantage of the COVID-19 scare. Stay vigilant to protect your family and information. Below are a few tips and tricks to stay safe.

  • Get your information from known links and sources. Fraudsters are creating malicious websites and targeting consumers. Use the official sites listed below, for health-related questions. (this would reference the official health-related sites already listed)
  • Be aware of an increase in email, text and telephone scams about COVID-19.
  • Avoid selecting links and attachments in your email or giving information to telephone solicitors.
  • Navigate directly to the known website. Use a known telephone number or one from the Yellowpages.
  • If you’ve fallen victim to a scam, immediately call your financial institution.

Learn more about Coronavirus (COVID-19) scams to watch out for.

Have questions or concerns? Contact our Service Center at 231.946.7090.

November 2019- How Important is Your Telephone Number?

Imagine that your mobile phone stops working.  No more web access, no text messages and no phone calls.  What happened?  You may be the victim of an increasingly common SIM Card Swap, in which a bad actor hijacks your cell phone number.

How does it happen?  Bad actors are practiced in what they do.  Learning your telephone number, they contact and convince your cell phone service provider to activate or transfer your SIM card, your telephone number, to a new device, often claiming that the old device was lost.

Armed with your phone number on their device, a bad actor could: • Open a new cellular account in your name or buy a new phone with the information. • Reset your online banking and account passwords by intercepting One-Time-Password/PIN (OTP) that are texted to you. • Intercept ‘call-back verification’ calls that financial institution’s use to verify your identity and intent.

How can you protect yourself? • Avoid sharing your telephone number, or any contact or personal information, with any business until you know what it will be used for, if it will be disclosed, and how it will be protected. If the information is not required, don’t share it. • Don’t reply to calls, emails or text messages that request personal or contact information. • Contact your cellular service and add a codeword or PIN to your account and require it for any changes. Also ask to be alerted when any change happens.

If it happens–Alert your cellular service provider. • After you re-gain access to your phone number, change the account passwords. Also take time to review your online accounts for any activity, including changes to the email address and telephone numbers.

– The TBA Credit Union Privacy & Security Team

August 2019- Gift Card scams are on the rise. TBACU members are a big help in educating other members and the public of fraud and scams.  With several reports lately, it seems that gift card scams may be on the rise.

This type of scam starts when you’re promised a product, service or even payments on debt and asked to pay by purchasing gift cards with your own money.  Next, the perpetrator requests the gift card numbers/IDs from the back of the cards.  Then, the perpetrator uses or cashes-out the card, but never provides product or service.  While there are variations of this scam that pull at your heartstrings, ask for donation to help in a disaster, promises romance, or to help pay for medical bills, often it includes providing gift cards numbers/IDs.

Generally speaking, no reputable person, business or government agency, including the IRS, will ask you to purchase and share a gift card.

If you answer ‘no’ to these questions, someone may be trying to take advantage you:

  • Did you initiate contact with them?
  • Have you worked with the person or business before? Do you know them, are they reputable?
  • Upon researching, does the business normally ask for payment via gift card?
  • Have you received the product or service, as promised? Are you satisfied with it?

Avoid being a victim:

  • Use a credit or debit card to pay . There are built-in fraud controls and consumer laws to help protect you against unauthorized purchases.
  • Add your telephone numbers to the Do-Not-Call Registry.  Reputable organizations will respect your choice to not be solicited.
  • Transact directly with businesses and agencies using their official website, telephone number or brick-and-mortar location.
  • Don’t be fooled into doing something you or someone else normally wouldn’t do. Ask questions.
  • If you’re suspicious, ask a friend or family member for help.
  • If you’re ‘coached’ on what to say, or told not to tell anyone, you’re being taken advantage of.

December 2018–A breach at Marriot International / Starwood exposed the personal information of 500 million people and started in 2014.

October 2018–A Google + bug allowed developers to access personal data from 500,000 users who had installed their app.

September 2018–Facebook continues to be in the news.  Bugs in one of there services exposed account contents and activity of 50 million Facebook, Instagram, and WhatsApp users.

Security News

October is Cybersecurity Month!

See Yourself in Cyber

Getting excited for the upcoming holidays? Well, so are the cybercriminals. So how can you beat them at their game and keep your information private, your money in your pocket, and the holidays festive?

  1. Limit Sharing. Limit the information you share on a web and social media site, with any merchant, and in email. Cybercriminals scour the internet for any piece of information about you, and like a puzzle, put the pieces together to target you. And that ‘free’ email account you’re using? It’s also collecting information about you.
  2. Enable Multi-factor authentication (MFA). Enable MFA for all important online accounts. This can be an email or text message with a one-time password (OTP), PIN, or code. Enable MFA on every account that you can.
  3. Use Strong Passwords. As one of the first lines of defense for keeping your information safe, here are a few tips:
    1. Use a different password for each account.
    2. It doesn’t have to be complicated, like Di&81&329a$, it just has to be strong, memorable, and easy to type. Choose four unrelated words, then add a number and a special character.
    3. Reset your passwords every few months. By the time a data breach is reported, a threat actor could already be using and/or selling your data.
    4. Use a password manager. With just one master password, a password manager can generate and retrieve passwords for every account that you have, making it super easy to make them strong.
  4. Think before you click. Recognize and report email phishing and other social engineering attacks. Email, text, in person, or over the phone, if the message is urgent or threatening, pulls at your heartstrings, or is an unsolicited offer to help, it’s likely a scam. Don’t interact with it, just send it to your junk folder.
  5. Update. Update software on every device. Set your phone, door camera, television, desktop computer, laptop, router, etc. to automatically update. Cybercriminals also scour the internet and exploit outdated devices.
  •  

Data Privacy Day January 28

With so many businesses and websites asking for your information, the resulting data breaches, and the impacts of identity theft on people like you, here are a few basic reminders to protect your private or sensitive information:

  • Your personal info is like money. Value it and protect it. Avoid sharing it unless you absolutely have to. You might have to say ‘no’ to sharing once in a while.
  • Use long and strong passwords. Sure, it can be a hassle, but combining four random words and a few numbers is much easier to remember and type, and is just as secure.
  • Keep tabs on your Apps, as many want access to your contacts, photos, camera and microphone. Not sure how to turn that off, visit a phone carrier or retailer that specializing in your device.
  • Check privacy settings on each website and business you share information with. Ask how are they going to protect it? Will they share it? Sure, there’s a lot of fine print, but it’s worth knowing

Visit StaySafeOnline.org for tips to manage your privacy, and your child’s.

Quick Cybersecurity Wins for Any Size of Business

  1. Keep all software updated–firewall, anti-malware/virus, burglar alarm system, browsers…
  2. Enforce strong passwords or passphrases.
  3. Limit or prohibit personal use on business computers. Personal email is the riskiest.
  4. Regularly back up your data.
  5. Train employees.  Find cybersecurity training materials at StaySafeOnline
  6. Have a plan in case there is a breach.

Lean more about Cybersecurity for Business at StaySafeOnline.

Top Frauds and Scams to Keep in Mind

With the changes this pandemic has caused, bad actors and fraudsters are hard at work. So what are the top frauds and scams you should be aware of?

  • Email Phishing: Common ways to determine an email is malicious include messages that:
    • tug at your heartstrings–ask for a charitable gift for the latest natural disaster,
    • claim to have health information, and often with link to a malicious website, or
    • threaten you with sense of urgency–your account will be closed if you don’t act now!

Check out this document to learn more about social engineering.

  • Cyber Attacks on Small Businesses: Suring up your network and training employees on the common scams and tactics can go a long way to help protect your credit card, employee and customer information.
    • Require passwords for all laptops, desktops, tablets, smartphones…
    • Use multi-factor authentication to access sensitive information or network areas.
    • Update your software. This includes apps, web browsers and operating systems. Set updates to happen automatically.
    • Have a data breach response plan. If an incident happens, you want to keep your business running and minimize the damage.

The Federal Trade Commission has additional resourcess to assist in training.

  • Gift Card Scams: Still a common sign of fraud is when a bad actor instructs you to buy any type of gift card.
    • If you’re asked to email or text a picture of the ID # or code on the back of the card.
    • Often there is a promise to pay you for your trouble.
    • Bad actors often try to befriend you or make romantic promises, hoping use you again.
    • Sometimes starts with a ‘work from home’ program. 

Learn more about Gift Card Scams

Tax Refund Identity Theft?

Simply put, tax-related identity theft is when someone uses a stolen Social Security number to file a tax return, and it could be your number. Even if you don’t owe any taxes, bad actors use stolen numbers along with fictitious income information to trick the IRS into sending a refund.

Steps to Prevent It

          • Limit the personal information you share, especially online.
          • File your taxes as soon as you can.
          • Do some research before choosing a tax preparer. Ask your friends family for a recommendation.
          • Watch out for tax scams. The IRS will never call to threaten you or demand immediate payment.
          • Watch out for phishing emails. Is the message threatening, urgent or pulling at your heartstrings?

How Would You Know It?

If you get a letter or a notice from the IRS, or you’re not able to e-file because of a duplicate Social Security number, you’ll need take these steps.

          • Respond immediately to any IRS notice.
          • If your e-filed return is rejected because of a duplicate filing under your Social Security number, or if the IRS instructs you to do so, complete IRS Form 14039, Identity Theft Affidavit (PDF). Mail it, along with your paper return.
          • Check with your state tax agency to see if there are additional steps to take at the state level.
          • Contact each of your financial institutions to report that you’ve been a victim of identity theft. Inquire if any new accounts have been opened without your knowledge.
          • Review your credit profile at annualcreditreport.com.
          • Report the fraud to any credit bureau and request a freeze of your profile with each one.
            • Experian 888-397-3742
            • TransUnion 888-909-8872
            • Innovis 800-540-2505
            • Equifax 800-685-1111
          • Visit IdentityTheft.gov
          • Share this information with your friends and family.

Phishing. Don’t Get Hooked.

Phishing, or using email to trick you into sharing passwords or private information, is still a Woman on computerbig problem and has led to a number of multi-million dollar security incidents over the recent years.

Here are a few easy tips to help recognize phishing and protect your information and accounts.

          • Create two email accounts. Limit one for creditors, financial institutions, insurance companies and any official business. Don’t share this address with anyone else. Create a second email account that you can readily share with friends, family, newsletters. Fake email will stand out.
          • Manage Your Inbox and Accounts. Download important messages to your local computer. Delete unwanted messages and any that have personal or private information. I’d even delete the Sent and Deleted folder contents. Why? If bad actors get into your account this will limit what they can get.
          • Mark spam messages as spam. This will help ‘train’ the filter.
          • Think Before You Open a Message.
            • Is the sender’s name AND email address unrecognized?
            • Is it a catalog or newsletter you didn’t ask for?
            • Is the message threatening, urgent or pulling your heartstrings? Your account will be locked or your credit card will be closed if you don’t respond right this moment. What about fake ‘charities?’ Each natural disaster prompts bad actors to ask for money too.
            • Is the email or website address misspelled? When hovering your mouse over the link, is the address different?
            • Is it out of the norm for the sender to send that kind of message or attachment, or at that time of the day?

If you answered Yes, you should avoid opening the message, or clicking on the attachment or link. It would be best to call or contact the sender directly, but NOT using the phone number in the email.

Own IT, Secure IT, Protect IT

National Cybersecurity Awareness Month is a great opportunity to take stock of your personal data and devices and take basic steps to protect them.

Own Your Digital Profile

Internet-based devices are present in every aspect of our lives, and that constant connection presents opportunities for cybercriminals. We don’t have to avoid using technology, but let’s balance convenience and security.

          • Know What to Protect–Personally-Identifiable Information is any information that can be used to distinguish or link to you.       Your name, alias, email address or social security number may seem obvious, but even your picture, internet surfing and purchasing habits, employment, medical, and beliefs are linkable to you. These are the puzzle pieces of information you want to protect.
          • It’s Your Property, Don’t Give it Away– Before you register in that next contest, complete a survey for a retailer or post to your social media account, know what your information will be used for. Will it be given away or sold? Can it be linked back to you? Read the fine print first. Also make sure you are cross-shredding and destroying all documents before you recycle or throw them away.

Secure Your Digital Profile

Cybercriminals are good at getting personal information from us, and the methods are getting more sophisticated. Protect against cyber threats by learning about security features available on the equipment and software you use.

          • Devices–Any device in your home that is connected to a network or the internet, e.g. mobile phone, TV, computer, burglar system, thermostat, etc. needs to be secured.
          • Keep devices and software up-to-date. Call a local computer service company for help.
          • Use strong passwords passphrases. Yes, passwords have been replaced. Using four, unrelated words, numbers and special symbol is much easier to remember and just as secure. Enable multi-factor Authentication (MFA) wherever it’s available.
          • Install anti-virus software.
          • Zero Trust–Criminals will try anything to get at your money and data. Using the latest disaster to pull at your heartstrings, scare or threat tactics, or even pretending to be helpful. Don’t be duped into sharing your personal information or hard-earned money. Hang up the telephone. Never allow anyone to have remote access into your computer.

Protect IT

To protect yourself from becoming a cybercrime victim you must understand, secure and maintain your digital profile. Visit the DHS Be Cybersmart Campaign for more resources.

          • Share what you’ve learned with your family and friends.

Thinking About Your Safety

What a beautiful place we live in.  How can we work together and help keep our neighborhoods, work and play places, and community a little safer, and maintain our way of life? As your body cannot go where your mind has never been, even contemplating a few basic personal safety actions can help you prevent an incident and safely respond.

Be aware of your surroundings.  Whether at a restaurant, ballgame or a friend’s home, knowing where you are, how you got there, and the safest exit route can help you quickly and safely respond to a fire, accident or violence. Remember, a door may not be the fastest or safest exit route.

Do you have a Fire and Safety plan for your family?  Have you talked it through with them or had a drill?   Does everyone know how to escape, where to meet and who to call?  It may sound unnecessary but having even a simple plan and talking it through may make the difference to your safety and survival.  No plan? Let’s get you started with this sample escape plan and the Smart911 Lifesaving tool.

Reach out, get to know your neighbors.  Not only may they have sugar for your recipe or a tool for your project, building a rapport encourages everyone to value their surroundings and to pay attention to what’s going on there.  It’ll be easier to identify suspicious persons or activity when everyone is watching and working together. Neighborhood Watch programs continue to pop-up in our region, does your neighborhood have one?

Lock your automobile, home, and garage at night. You are more vulnerable when you are sleeping, and while the likelihood of someone breaking into your home seems low, a locked deadbolt on your doors tells the would-be perpetrator to ‘move on.’ If it’s valuable to you, it may be valuable to someone else who wants to take it.

Build rapport with Law Enforcement.  Serving and protecting, men and women in uniform are eager to help maintain a safe community, it’s better for everyone.  If you see something, say something.  Reporting to 9-1-1 or inviting a patrol car to your neighborhood lets your neighbors, and the bad actors, know that you are paying attention.

Firearms in the house.  Owning a firearm has responsibilities.  Keeping it out of reach and education are a few of the many ways to protect children.  Does your daycare or babysitter safely store their firearms?

What about safely using an ATM?  Bad actors are after valuables, and cash is high on the list, so here are a few actions to consider:

      • Avoid using an ATM in an unlit or un-trafficked area at night.
      • Pay attention to bushes, fencing, and any obstruction that may allow a perpetrator to hide.
      • Use the same ATM when possible. You will more easily detect anything anomalous.
      • At drive-up ATMs, keep your vehicle running, windows up and doors locked.
      • If anyone follows you to or from an ATM, go immediately to a crowded, well‐lighted area and call the police. Don’t accept help from a stranger.
      • Avoid leaving an ATM/banking receipt at or near an ATM or in a public trash can. It may include valuable information about you such as your available balance.
      • If you ever notice any lights burned out, covered or not bright enough, at any of our ATMs, please let us know by contacting our Service Center at 231.946.7090.

Keeping Your Personal Information Private

Have you ever searched your name online? How did those sites get so much private information about you? What are they doing with it? Taking control of your personal information is a great step to avoid being a victim of a data breach or identify theft. Finding a balance between convenience and privacy, here are a few ideas:

      • Before you share personal information, understand how it will be used, how it will be protected and if it will be disclosed or sold. By reading a business’ Privacy Policy or searching opinions online, you can have the facts before you sign up for a subscription, catalog, contest or account.
      • Avoid sharing secrets. While sharing private details of your life on social media, be aware it’s online forever.  Avoid sharing where you live, answers to your security questions, vacation plans, occupation, pet or family members’ names, at least. Own your online presence and read those Facebook, Twitter, WhatsApp, etc. privacy controls.
      • Children’s Online Safety. Educate your children on what information is appropriate to share, and why.  Periodically discussing their email, social media postings and website choices can help keep them safe and create an open conversation about their wellbeing.
      • Freeze your Credit Profile with Each Bureau. Start with the top four credit bureaus. Limiting access to your profile greatly reduces bad actors’ ability to open banking or utility accounts.
      • Do Not Call Registry. Adding all your family’s telephone numbers will reduce those unsolicited, disruptive sales calls. While charities and unscrupulous companies will call anyway, at least you know why they are calling. Visit the Do Not Call Registry
      • Direct Mail. Reduce unrequested catalogs and junk mail from overwhelming your mailbox. Remove your name from direct mail solicitation.
      • Avoid Pre-Screening. While you’re reviewing your credit reports for fraud, opt-out of credit pulls for pre-approved credit and solicitations. Get your free, annual report.
      • Eavesdropping on your telephone conversation. Be discreet when talking about private information on your phone when in public. Loud or speaker-phone conversations may be sharing private details about your family, your home or yourself.
      • Is your home listening device sharing your information? Devices that are always listening are hearing and likely recording everything your family says. Their convenience is great but knows who your information is being shared with and where it is being sent.
      • Be aware of shoulder surfing. Take steps to block other’s view when you are entering your ATM PIN, mobile phone Code, online account password, etc.
      • Limit what information you keep in your wallet, purse, vehicle, mobile phone, table, etc. Assume that it will be lost or stolen someday, so take precautions.

Privacy Precautions While You Are Online

Websites and browsers are tracking your activity and presenting targeted advertisements. It can be a helpful service but all that data about you, your identity, location, persuasions, interests, health etc., is aggregated, stored and possibly sold. Search online for browsers and settings to limit or avoid the collection of your purchasing or browsing activity.

Is Your Email Sharing Information? Many ‘free’ email services ‘read’ your email for details about you–names, contacts, addresses, interests, buying habits, health–and formulate a profile and serve ads. If the email service is ‘free,’ your personal information is likely the product. Some email service providers go to great lengths to help you manage your privacy. A simple online search will identify them.

      • Email isn’t Secure. Unless your email is encrypted, avoid sending private information in a message. There are relatively easy ways for a bad actor to capture your messages.
      • Email isn’t for Storage. Assume it’ll be hacked someday and limit what’s in it. While overly cautious, periodically delete your Sent messages, clean out your Inbox, and even delete your Contacts if you store them elsewhere. Then, delete the contents of your Deleted folder.
      • Spam. Don’t unsubscribe or reply to an email that you did not sign-up for or request. By replying or unsubscribing to spam, you are confirming that your email address is a legitimate address, and you will receive more.

HTTPS://. Look for HTTPS:// in the website address and avoid entering personal or financial information or a password into a site that HTTPS is not the prefix. It’s the ‘S’ that makes the difference.

Avoid using Public or Free Wi-Fi to log into banking or private accounts. You don’t know who really created the network or if or how it is secured. Is it truly McDonalds’ Wi-Fi, or a bad actor who used the same name?

Location Services. Some mobile apps request access to your location, contacts, camera or microphone. Avoid services and apps you aren’t planning to use and review the configuration of your mobile device to learn which apps are accessing your private content and determine if there is a legitimate need.

Securing Your Computer

Manage software. Remove software from your computer that you are not using. Software has bugs. For software that you intend to keep, ensure it is supported and up-to-date. Software makers don’t support or provide software updates forever. This is often found under the software’s About or Help button.

Updates. Keep your computer’s and router’s firmware and Operating System (OS), current to help manage the vulnerabilities and bugs it may have. Most systems can be configured to automatically update on a schedule. Confirm this is happening on your computer and router.

Passwords. Avoid using account or identification numbers or personal information. For important accounts, make the passwords unique. If multi-factor, multi-step or MFA is available, start using it today. By sending a code or PIN to your phone, or registering your computer’s IP, you can increase the security of your account. As for passwords, making them easier to remember and more secure could be choosing: Three or Four unrelated words + Number + Special Character. Like this: BlueChickenDiamond23!

Anti-Virus Software. With the many, even free, AV software that is available, make sure that each computer is running the most current version.

Email Links and Attachments. Many computer viruses and fraud use hacked email accounts, so before you open an email message, confirm that you were expecting it, it’s from someone you know, and the content, request, style or time of day matches what you would expect from the person. Avoid opening links or attachments if you are at all suspicious. Ask yourself…

Shred your Papers. Use a cross-shredder to ensure that the documents you put in the trash or recycle cannot be traced or linked to you. Don’t let someone dig through your trash or dumpster dive to find your personal information.

How Would I Discover that I’m a Victim of Identity Theft?

      • Regularly review banking, investment and insurance statements and online accounts. If discover unauthorized transactions or activity, immediately report it.
      • Review your credit reports. Annualcreditreport.com is the only site for free credit profiles from the top three bureaus, so retrieve one, wait four months, then retrieve another… Review your child’s as well.
      • Identity Theft Protection services likely do not prevent fraud or Identity Theft, but can alert and help respond to it.  It’s really an insurance policy and may provide piece of mind. Read the fine print though.  Also, contact your homeowners’ or renters’ insurance policy.  You may have coverage and not even know it.
      • You’ve an increase in email spam or unsolicited phone calls.  If so, don’t reply, merely block the phone number or email address.  If they’re too numerous , you may need to change your email address or your telephone number.

How Can I Respond to Identity Theft

So the bad actors have your personal information and are using it.  What can you do?

      • Notify each banking, investment and insurance institution. Request a ticket/claim number for each report.
      • Contact your homeowners’ insurance provider. Your policy may help you recover.
      • Take your computer, tablet and mobile phone to a reputable computer tech to check for malware, remote access and updates.
      • Using a secure, cleaned, updated computer:
        • Change the password for each online account–banking, email, medical, social media…
        • Change the administrator and network passwords to your home wi-fi router.
        • If you’ve not, immediately freeze your four credit profiles. In that process, declare that you are an identity theft victim.
        • If you’ve not, file your taxes.
        • Report identity theft.
      • Document each step.  Who you contacted and the date. This may help with a claim or uncover how the data was stolen.
      • You may need to open new banking accounts.
      • Regularly review your credit report, your banking, medical and investment statements.

Should your report it to local law enforcement?  It never hurts, however many times the crime happened outside of their jurisdiction.