PIN Reversals - Not a Safety Option

Your safety at the ATM

The Internet can often quickly spread “urban myth” stories but few stories gain such rapid appeal with so many potentially negative impacts on cardholder safety and confidence as the misleading stories circulating the Internet regarding PIN reversal to signal duress. PIN reversal technology is a concept based upon the possibility that a cardholder could remember (and reverse) his or her PIN (password) at an ATM to draw attention to a dangerous situation like a kidnapping or a robbery. Critics say that it is unlikely that anyone under duress could successfully employ this technique without compromising personal safety.

Financial institutions within the United States have not deployed this technique despite several well circulated email chain letters that have misstated this fact. If you have read information on the Internet to use PIN reversal as a safety method, it's important for you to know that LBS Financial does not have the capability to read a PIN reversal as a request for help. Digital cameras are still the best security available at the ATM.

Email Fraud/Phishing Alerts

Email Fraud

Fraudulent email activity, also known as "phishing," continues to increase, where emails circulate claiming to be from the National Credit Union Administration (NCUA), Credit Union National Association (CUNA), CO-OP Network, CU Service Centers, STAR System Network (ATMs), Visa, Internal Revenue Service (IRS), Social Security Administration (SSA) or other organization and request your personal information via email or online.

Phishers continue to change their phony emails by including false fraud protection techniques as a new twist to convince members that the email is from their credit union with the added educational information. Because of everyone's fraud awareness, the phishers lure members to "take action" and provide their information by using an "online banking" log-in which will redirect the site to the fraudster.

Please read below for more information on this scam and how you can protect yourself.

What is Phishing?

Internet scams, email fraud or phishing (pronounced "fishing") are attempts to fraudulently acquire sensitive personal information (ie. account numbers, passwords, social security numbers, credit card details, etc). In a typical case, phishing involves the use of email messages impersonating your financial institution, a reputable company that you or we normally conduct business with or a government agency; including one of the federal institution regulatory agencies.

Phishing emails always have a sense of urgency. The email will probably warn you of a serious problem that requires your immediate attention to respond. It will then urge you to click on a "button" or link where you will be asked to enter or confirm your personal information. The website may look legitimate but it is NOT! Do not click on the requested link and submit your personal information.

LBS Financial Credit Union will NEVER email or call to ask for your personal information.

Scam Examples

December, 2009 - Consumers have been receiving text messages indicating that their account has been compromised and to call the number listed on the text message to receive more information. DO NOT respond to this text nor call the number listed. This is a scam. Contact your own financial institution to verify if there is a problem with your account and to alert them about the text scam that you received

November, 2009 - An email blast was distributed impersonating NACHA – The Electronic Payments Association, a non-profit association that oversees the Automated Clearing House (ACH) Network. The email subject line is “Rejected ACH Transaction." Both the link in the email and the related website are fraudulent.

The email indicates that you have a failed or rejected ACH transaction. This scam may utilize one of the latest, most sophisticated Trojan viruses to steal sensitive data – especially online banking credentials. Do not open this email.

December, 2008 - Credit Union members have been receiving phishing emails recently, according to CUNA Mutual Group, attempting to capture credit card numbers with an email to direct cardholders to call an automated telephone service.

The email indicates the member's card has been deactivated and in order to activate the card, members are instructed to call the provided "Card Activation Line" phone number and enter their 16 digit card number, expiration date and PIN.

Do NOT open any attachments to the email or click on the link to the website since it could contain malicious codes that will infect your computer. Please do NOT call the number to give your personal information out unless you are confident of the company you are calling.

December, 2008 - A new email “phishing” scam seeks to plant malicious software on the computers of recipients who open an attachment purportedly related to the purchase of an airline ticket.

The fake emails use the names of various U.S. airlines including Northwest Airlines, Continental Airlines, Sun Country Airlines, US Airways, Allegiant Air, Delta Air Lines, Alaska Airlines, Midwest Airlines and Hawaiian Airlines.

The email messages urge recipients to confirm a ticket purchase they never ordered. The email requires an entry by thanking recipients for buying the tickets using the “Buy flight ticket online” service offered by the airline. Giving fake details of the purchased ticket, it asks them to confirm the purchase by printing the invoice and the ticket after clicking on an attachment in the email.

However, when unsuspecting recipients click on the email, a malicious software program downloads onto their computers. This “malware” enables the fraudsters to gain confidential information such as credit card access codes, Social Security numbers, and net banking passwords by allowing them remote access to the computers.

Airlines say there are a couple of things inside the email that should warn people of the scam. The emails contain mistakes in spelling and grammar, and the formats in which the itineraries are presented are different than those used by the airlines.

You should be aware that these emails are not coming from the airline. If the format does not look familiar to you, and you have not recently purchased a ticket, do not open the attachment. Delete the email right away.

June, 2008 - In a recent vishing scam, the criminal practice of using social engineering and Voice Over (VOIP) to gain access to private and personal financial information, the fraudsters are leaving telephone messages indicating that the call is from your "credit union" and the recipient's account or credit card number has been used illegally. The vishing telephone call asks the victim to call a fake 800 number to verify information such as account number, security code, Social Security number and place of birth, to reinstate the account. Don't call the number provided, instead call the number on the back of your credit card to confirm if they left you a message in regards to your account.

March, 2008 - In a recent phishing attempt, the fraudsters' email starts by suggesting that you can help the government fight terrorism and related money laundering by verifying your personal information. Then, they attempt to lead consumers to a counterfeit website designed to trick recipients into divulging financial data such as credit card numbers, account user names, passwords and Social Security numbers. Do not respond to this email, instead report suspicious Internet sites and emails to www.ic3.gov.

February, 2008 - In efforts to scam another group of individuals, phishers are now targeting nominees for "Teacher of the Year." In this scam attempt, recipients are notified by mail that they have been nominated by a former student as "teacher of the year." The letter advises them that to avoid multiple claims from winners, they must submit a code number by email that advises them that a financial reward of $700,000 will be credited to their ATM card and directs them to call to verify their phone number/fax number, name and age, occupation and address where they want their ATM card to be delivered. During the call, the victim is also asked whether they have a Home Equity Line of Credit and if they do, they will be asked to confirm the account number for possible crediting. Home Equity Lines of Credit have been targeted in scams involving credit unions, including those with strong security procedures. Do not respond to this email and do not contact them by phone, instead report this scam to www.ic3.gov.

January, 2008 - An email scam claims to come from the Internal Revenue Service (IRS). The email states that the recipient is eligible for a tax refund and directs the recipient to click on a link that leads to a fake IRS website. The IRS strongly recommends that recipients do not the click on the link(s) or open any attachments.

October, 2007 - Credit Union members have been receiving phishing emails recently which appear to be from the National Credit Union Administration and include the Credit Union National Association, Inc 2007 copyright at the bottom of the email message. Both companies mentioned are real credit union trade associations, however, the emails are fraudulent and play on consumer's fear by informing them of the following: 1. Informs recipients about irregular check card activity and advises them to call a toll free number to get any card restrictions removed. 2. Informs members that their card account had been deactivated so that they may take advantage of a new security system, the credit union's Identity Theft Protection Program. Members are encouraged to call a 425 area code number to activate their account.

Do NOT open any attachments to the email or click on the link to the website since it could contain malicious codes that will infect your computer. Please do not call the number to give your personal information out unless you are confident of the company you are calling.

Anyone who receives this type of e-mail can forward it on to Phishing@ncua.gov.

NCUA sample #1 - Phishing Email The National Credit Union Administration is a federal regulatory agency. It does not maintain financial accounts for credit union members.
NCUA sample #2 - Phishing Email The National Credit Union Administration is a federal regulatory agency. It does not maintain financial accounts for credit union members.
NCUA sample #3 - Spoofed (fake)Web Site The National Credit Union Administration is a federal regulatory agency. It does not maintain financial accounts for credit union members.
NCUA sample #4 - Phishing Email The National Credit Union Administration is a federal regulatory agency. It does not maintain financial accounts for credit union members.
Verified by Visa sample - Phishing Email Verified by Visa is a real security system used by Visa. Like most phishing techniques, this one takes your concern about security and attempts to trick you into providing personal information.
Star Network sample - Phishing Email This e-mail is not from Star System ATM Network and is an attempt to get you to provide cardholder information.

Report Fraud

If you receive a suspicious text, email or telephone call claiming to be from LBS Financial Credit Union requesting personal information, please do not reply or return the call. Instead, contact us immediately at 562.598.9007 or 714.893.5111 or send an email to abuse@lbsfcu.org to report the suspicious activity and to ensure that your account is in order.

Other reporting resources are:

• Anti-Phishing Working Group: reportphishing@antiphishing.org
• Report vishing calls to www.ftc.gov or call (888) 382.1222. The FTC wants the number and name that appeared on the caller ID as well as the time of day and the information talked about or heard in a recorded message. If you think you've been a victim of a vishing attack you can also contact, the Internet Crime Complaint Center at http://www.ic3.gov/default.aspx.

What Is Spyware?

Spyware is any software that covertly gathers user information through the user's Internet connection without his or her knowledge. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about email addresses and even passwords and credit card numbers. It is also called adware.

Protecting Your Identity on the Internet

• Be suspicious of urgent emails requesting your financial information and threatening to terminate or suspend your account unless you respond electronically. Call us as your financial institution to verify if we sent you an email regarding your account or log onto our website directly by typing in our web address (www.lbsfcu.org) in your browser. Do not click on the link that was provided to you in the suspicious email.
• Never click on links in email messages that ask you to provide or confirm your private information. Links can easily conceal the true destination. The destination website may be programmed to automatically download and install software called "malware." If in doubt, call the financial institution or merchant to see if in fact there is a problem with your account.
• When providing private information on a website, make sure of the following: 1.) That your web session is encrypted and 2.) That you're really on the site you're on. Sites that encrypt your session have addresses that start with "https" instead of "http." The "s" stands for "secure" which means your session is encrypted. Gold padlock or key icons at the bottom of the screen indicate a secure website but note that they too can be faked. Make sure the address is a valid one. An IP address as in http//163.10.4.76 is a dead give away. Others are not easy to spot. Clicking on the padlock or key will open a window with information about the website and who owns the digital certificate that enables the site security. The issuers of certificates do not issue them without first verifying the identity of the buyer. Newer browser versions and security programs like Symantec's Norton Security provide feedback regarding a site's authenticity by turning the address bar or a toolbar element green when a site is deemed safe.
• Consistently check your online accounts to ensure that all transactions are legitimate.
• Do not install unknown software on your computer. If you do so, you are potentially harming your computer's hard drive and putting your personal information at great risk. Verify that the software came from a legitimate website and not an email message. Be especially wary of "free" programs which are often infected with Spyware.
• Always protect your password. Do not share your password with anybody else or do not write down your password anyplace where it's accessible to another person. Change your password frequently and use one that is not easy for someone to guess.

Thwart Identity Theft

How does a thief get your personal information? Rummaging through garbage, pulling items from a mailbox, working as part of a large identity theft ring, stealing your wallet - the list goes on and on. Don't let a thief steal your identity! Here are a few simple tips to keep them away:

• A lost or stolen wallet is a goldmine of information. Don't carry extra credit cards, checks, Social Security card and even health insurance cards. Be sure to photocopy everything that's left, being careful to record emergency phone numbers. Keep these copies in a very safe place. Hopefully, you will never need them.
• Use LBS Financial Direct Deposit for any checks that are mailed to you on a regular basis.
• Before revealing personal identifying information, find out how it will be used and if it will be shared with others. Does your local video store really need to know your social security number? How about your gym?
• Pay attention to your billing cycles. Follow up with creditors if bills do not arrive on time. Review them each month to identify any unusual charges. Thieves sometimes test you prior to making a large hit.
• Order a free copy of your credit report from the three credit reporting agencies every year. Make sure it's accurate and includes only those activities you've authorized. Visit www.annualcreditreport.com to download your free annual reports.
• Use a cross-cut shredder to destroy charge receipts, credit applications and offers, insurance forms, bank checks and statements.

If you find that your identity has been compromised, immediately file a report with the police. Call every company that has extended credit to you to alert them of the problem. Give a copy of the police report to your financial institution, credit card company and/or insurance company as proof of the crime. Call the credit bureaus Equifax 800.525.6285; Experian 888.397.3742; TransUnion 800.680.7289 to ask that a "fraud alert" be placed in your file.

LBS Financial Credit Union does everything in its power to keep your personal information just that, personal. Not every company out there can make the same claim. Be sure to use the tips above to help thwart this growing concern. Also, visit www.consumer.gov/idtheft/ for more information.

What to do if you've mistakenly given out your personal information

• Call us at 562.598.9007 or 714.893.5111 immediately so we may flag your account(s) and contact you for any unusual activity or,
• Notify us immediately through our secure online form
  with a brief explanation about the email you received.
• Contact your other financial institution with which you have other accounts (ie. credit cards, loans, savings, etc.) to alert them or cancel your existing accounts. Many companies have toll free numbers and 24-hour service to deal with such emergencies.
• Report the theft to the three major credit reporting agencies:
  • Experian - www.experian.com or 888.397.3742
  • Equifax - www.equifax.com or 800.525.6285
  • Trans Union - www.transunion.com or 800.680.7289
• Contact your local police department to file a criminal report
• Contact the Social Security Administration's Fraud Hotline to report the unauthorized use of your personal identification information
• Notify the Department of Motor Vehicles of your identity theft
• File a complaint with the Internet Fraud Complaint Center (IFCC) at www.ic3.gov
• Document the names and telephone numbers of everyone you speak to regarding the incident. Request that all the phone calls be followed by a letter. Keep copies of all correspondence for future reference.