Security

In today’s electronic environment, it is critically important that online banking activity be carried out in a secured environment. This is probably the most important issue that we face in making internet banking available to our members. Using standard industry security techniques ensures that our members’ personal information is confidential. At My Healthcare FCU we use security technologies such as your personal identification number (PIN), encryption, and firewalls. Using you account number in combination with your PIN enables you to be uniquely identified as a My Healthcare FCU member to our internet site. Be responsible…

Always keep your PIN, Password, and Account Number Secure!

Phishing

Internet Pirates are trying to steal YOUR Personal Financial Information!
Here’s a new type of Internet piracy called “phishing.” It’s pronounced “fishing,” and that’s exactly what these thieves are doing: “fishing” for your personal information. What they want are account numbers, passwords, Social Security numbers, and other confidential information that they can use to loot your checking account or run up bills on your credit cards.

In the worst case, you could find yourself a victim of identity theft. With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even driver’s licenses in your name! They can do damage to your financial history and personal reputation that can take years to unravel. But if you understand how phishing works and how to protect yourself, you can help stop this crime.

Here’s how phishing works:
In a typical case, you’ll receive an e-mail that appears to come from a reputable company that you recognize and do business with such as your financial institution. In some cases, the e-mail may appear to come from a government agency, including one of the federal financial institution regulatory agencies.

The e-mail will probably warn you of a serious problem that requires your immediate attention. It may use phrases, such as “Immediate attention required,” or “Please contact us immediately about your account.” The e-mail will then encourage you to click on a button to go to the institution’s website.

In a phishing scam, you could be redirected to a phony website that may look exactly like the real thing. Sometimes, in fact, it may be the company’s actual website. In those cases, a pop-up window will quickly appear for the purpose of harvesting your financial information.

In either case, you may be asked to update your account information or to provide information for verification purposes: your Social Security number, your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother’s maiden name or your place of birth.

Never provide your personal information in response to an unsolicited request, whether it is over the phone or over the Internet. E-mails and Internet pages created by phishers may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure site. If you did not initiate the communication, you should not provide any information.

If you believe the contact may be legitimate, contact the financial institution yourself. You can find phone numbers and websites on the monthly statements you receive from your financial institution, or you can look the company up in a phone book or on the Internet. The key is that you should be the one to initiate the contact, using contact information that you have verified yourself.

A financial institution will never ask you to verify your account information online!

Identity Theft / Fraud

What is Identity Theft?

Identity theft is the fraudulent use of a person’s personal identifying information. Often, identity thieves will use another person’s personal information, such as a social security number, mother’s maiden name, date of birth, or account number to open fraudulent new credit card accounts, charge existing credit card accounts, write share drafts, open share accounts, or obtain new loans.

Every 2 seconds, an American becomes a victim of identity theft / fraud. Watch for warning signs to make sure you don’t fall prey.

Could you be a victim of identity theft?

About 10 million Americans a year have their personal information compromised.  Often, the stolen information is used to take over accounts, open credit cards or obtain medical care long before the theft is ever discovered.

While many people first find out about identity fraud from their financial institutions, there are some red flags that indicate your personal information may have been stolen and used for fraudulent purposes.

  1. Unexplained charges or withdrawals:  Check your financial account statements each month and be sure you recognize the transactions.  Thieves will often make small test purchases first, so don’t ignore small charges that seem unfamiliar.
  2. Medical bills for doctors you haven’t visited:  Likewise, if your health insurance carrier denies a legitimate claim, find out why.  It’s possible for a thief to use your identity to obtain medical care or max out your insurance benefits.
  3. New credit cards you didn’t apply for:  If you receive an unexpected credit card in the mail, contact the company issuing the card right away.  Similarly, any statements that arrive for unknown accounts are a red flag.
  4. Errors on your credit report:  Review your credit reports for any suspicious activity, such as accounts you didn’t open.  You can review your reports for free once a year at www.annualcreditreport.com
  5. Collection notices or calls for unknown debt:  Don’t assume the information is an error.  Find out what the debt is for.  If you believe the debt isn’t valid, send a letter via certified mail to the collection agency requesting proof of the debt and creditor within 30 days.
  6. Your credit card or application for credit is denied:  If you haven’t reached your credit limit or normally have good credit, ask the reason for the denial.  An identity thief may be racking up debt on your behalf or ruining your credit score with unpaid bills.
  7. Missing mail or email:  Haven’t seen a monthly statement in a few months?  A thief could be stealing your mail or may have changed the mailing or email address on the account to keep you from seeing fraudulent charges.  Alternately, you may receive a notice from the post office that your mail is being forwarded to another address when you haven’t requested a change of address.
  8. Errors on your tax return or Social Security statement:  The Internal Revenue Service may notify you that more than one tax return was filed in your name or that you have income from an employer you don’t know.  Check that the earnings reported on your Social Security statement (available at https://www.ssa.gov/myaccount) match your actual earnings.
  9. A warrant for your arrest:  While it may seem extreme, it’s possible for someone to impersonate you while committing a crime.  You may uncover the warrant if you’re stopped for another reason or involved in an accident, for example.

To prevent your personal information from being lost or stolen, know the signs and follow these previous tips to protect yourself from identity theft.

How to Protect Yourself Against Phishing and Identity Theft:

  • Do not give personal information, such as account numbers or social security numbers, over the telephone, through the mail, or over the Internet, unless you initiated the contact or know with whom you are dealing.
  • Store personal information in a safe place and tear up old credit card receipts, ATM receipts, old account statements, and unused credit card offers before throwing them away.
  • Protect you PINs and other passwords. Avoid using easily available information such as your mother’s maiden name, your birth date, the last four digits of your social security number, your phone number, etc.
  • Protect your checks, ATM, debit and credit cards.
  • Pay attention to billing cycles and statements.
  • Check account statements carefully to ensure all charges, share drafts, or withdrawals were authorized.
  • Guard your mail from theft.
  • Order copies of your credit report from each of the three major credit bureaus once a year to ensure that they are accurate.

What to do if you fall victim to identity theft:

  • Contact your financial institution immediately and alert it to the situation.
  • Report all suspicious contacts to the Federal Trade Commission through the Internet a www.consumer.gov/idtheft , or by calling 1-877-IDTHEFT.
  • If you have disclosed sensitive information in a phishing attack, you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name. Here is the contact information for each bureau’s fraud division:

Fraudulent Websites

Cybercriminals register domain (website) names that are similar to popular companies’ names to sell phony products or trick consumers.  Some set up sites that mimic real ones (even using their company logos); others use social media to advertise their fake sites.  They all have the same goal: to steal your money and/or your personal information, otherwise known as phishing.

Play it safe.  Protect yourself by shopping and doing business only on sites you trust and keep them bookmarked in your browser.  If you do shop on a website that’s new or unfamiliar, here are a few tips to help you spot the scammers.

  • See if the URL (web address) begins with “https” and has a lock icon to make sure that your transaction is secure and that data transmitted is encrypted.
  • Avoid too-good-to-be-true deals that you receive via email or find advertised on social media or trendy news websites.
  • Check customer reviews, but be suspicious if all are excessively positive.
  • Be wary of sites that only accept money orders, electronic transfers, gift cards or wire payments.
  • Never respond to a request for a text message as part of the payment process, and don’t complete the purchase.
  • If the business is based in the U.S., find out if it’s in good standing by looking up the corporate name on the website of the Secretary of State (or Secretary of the Commonwealth for Massachusetts, Pennsylvania and Virginia) in the state where it’s incorporated.

Fake or Misleading Ads

Beware of scams lurking on online marketplaces, where there are multiple products and sellers.  Some sites sell their own products and have other vendors selling products through their sites.  Although most companies do their best to police their sites, scammers sometimes sneak through.  Some do a “bait and switch” by advertising one item but delivering another (it doesn’t match the advertisement) or never delivering at all.  Others advertise luxury items like jewelry for unbelievably low prices.  Can you really get an authentic Rolex for $100?

Play it safe.  Before you buy, read the reviews about the seller and the product you want to purchase.  Check out the return policy.  If you’re still not sure, stick to sites that have rules and policies to protect you.

Hackers Stealing Data

If you’re shopping on a website that doesn’t have secure encryption, a hacker may be able to intercept financial information when it’s transmitted.  As a result, your identity or financial information could fall into the wrong hands.

Play it safe.  When shopping online, always look for a padlock icon in the search bar.  That indicates the website is secure.  Be sure the site URL begins with “https://”, rather than just “http://”. The “s” stands for “secure” and indicates that data transmitted is encrypted.

Malvertising (Malicious Advertising)

It may be tempting to click on advertisements you see online, especially if it’s a really good deal, but you could be putting your information and your computer at risk if it’s a malvertisement (an advertisement infected with malware).

Play it safe.  To reduce your risk, be sure your security software is regularly updated and avoid clicking on suspicious advertisements.  If you really want to find out more about the advertised product or company, don’t click.  Do your homework and research the company in your web browser.

If you suspect you’re the victim of a scam, contact MyHCFCU or the toll free phone number on the back of your card immediately to report the fraud.

ATM Scams

The vast majority of ATM transactions are conducted safely and securely, but ATM fraud can and does happen.  A common technique used by thieves to obtain your debit card information and PIN at ATMs is skimming.  ATM skimming occurs when thieves use hidden electronics or technology on ATM machines to steal card info.  With your card’s information in hand, scammers can empty your checking or savings account.

What to Look For

Skimming overlay devices:  These devices are placed over the card slot.  When a card is inserted into the ATM slot, the device records the card’s magnetic strip data.

Shimming technology:  Thieves have more recently developed “shimming” technology, where they install a thin, card-size device with a microchip into the card slot.  This device isn’t visible from the outside of the ATM and steals information that allows the thief to clone your card.

Keypad overlays:  These devices placed over an ATM’s keypad can capture PINs as they’re entered.

Tiny cameras:  Cameras are used in conjunction with the skimming or shimming device.  The camera is placed in a location on, or near, the ATM to record the user entering the PIN.  Some thieves even use cameras with thermal imaging to see the numbers and order in which you pressed them.

These days, many skimming devices transmit information back to fraudsters using Bluetooth technology.  However, it’s possible that some crooks could still be watching you enter your PIN with binoculars or by looking over your shoulder, so don’t let your guard down.  Be especially wary of anyone offering to “help” you use the ATM.  There are some precautions you can take to stay safe.

What You Can Do

  1. Watch for signs that the ATM may have been altered.  Does the ATM have parts that look crooked, misplaced or damaged?  If you pull on the card reader, does it come loose?  If you push buttons on the keypad, do they feel loose or spongy?  These are all warning signs of potential tampering.
  2. Visit high-traffic and high-profile ATMs.  ATMs in well-lit areas such as a store or lobby are safer than those that are standalone.  Scammers want to stay out of view when installing and collecting their technology.
  3. Cover your hand when entering your PIN.  This should be done even if you don’t see anyone or anything suspicious.  A hidden camera may be viewing the keypad even if you aren’t aware of it.  You can also be sure to rest your fingers on the plastic keypad.  This will obscure your PIN from thermal cameras.
  4. Be observant of your surroundings.  Stand directly in front of the ATM while using it and watch for anyone standing too close.
  5. Be wary of suspicious Bluetooth signals.  You can download free scanning apps that detect suspicious Bluetooth signals and alert you to potential skimmers.
  6. Check your accounts regularly.  There’s a chance you may not notice a compromised ATM until your information has already been stolen.  Regularly check your account statements and set up fraud alerts to be alerted of any fraud right away.

Your Security Is our Priority

At My Healthcare Federal Credit Union, our member security comes first.  If you suspect a skimming device has been installed on a MyHCFCU ATM, please contact us immediately at (352) 333-4760 or (888) 333-4760 with the location of the ATM.

*  These articles are intended to provide general information and shouldn’t be considered legal, tax or financial advice. It’s always a good idea to consult a tax or financial advisor for specific information on how certain laws apply to your situation and about your individual financial situation.