Fraud and Identity Protection
Protect Yourself from Identity Theft!
At Spirit of Alaska Federal Credit Union, security is one of our primary responsibilities. With this in mind, we have taken the necessary steps to provide our members with state of the art security for online banking transactions. Our infrastructure, coupled with the security features built into your browser and operating system provide a secure environment – but only if you do your part.
To help maintain the security of your accounts, follow these guidelines:
- Keep your username ID and password private. Do not share it with anyone. Security standards recommend that you change your ID and/or password periodically and that all owners of an account have their own username and password.
- Always sign off at the end of an online e-Teller session. This prevents others from performing unauthorized transactions or using your browser's Back button to return to a session that has not yet timed out.
- Avoid spyware and viruses. Protect your computer from malicious programs and intruders by running an anti-virus utility and maintaining a firewall.
- Make sure your computer and web browser have the latest security patches. This is especially true if you use Internet Explorer and Windows. You might also consider using an alternative web browser, such as Firefox or Chrome.
- Never include your private data in an email. Protect yourself from email fraud by not responding to any request for private personal or financial information such as your social security number and account numbers.
- Lock down your social networking profiles. Double check and make sure that your personal information is only available to those you trust.
- Be smart. Use good judgment and commonsense rules to ensure that your financial information remains secure.
- Compare your monthly statements to your records. Report any discrepancies to: Supervisory Committee, Spirit of Alaska Federal Credit Union, P.O. BOX 73631, Fairbanks, AK, 99707-3631
TIPS & TRICKS
Protect your smartphone
Smartphones are in wide use today, and can become a target for hackers. Here's a great article on how to protect your smartphone
Enjoy more freedom and peace of mind -- guard your finances, credit, and identity with LifeLock®.
Stay informed. Read some of the most recent scams below.
July 2016: WENDY'S RESTAURANT SECURITY BREACH
The restaurant chain Wendy's has confirmed that hackers stole customer debit card data from some of its stores, making the company the latest victim of cyber attacks against major retailers and restaurants. Wendy's first reported unusual payment card activity affecting some restaurants in February 2016. In May, they confirmed that they had found evidence of malware being installed on some restaurants' point-of-sale systems. On June 9th, they discovered additional malicious cyber activity involving other restaurants. That malware has been disabled in all franchisee restaurants where it has been discovered. On its website, the restaurant posted additional information regarding this security breach.
If you used your Spirit of Alaska Federal Credit Union debit card at one of these locations, you are encouraged to review your transactions carefully and contact our Customer Service Department at (907) 459-5900 if you suspect fraudulent activity.
June 2014: Text Messaging
Fraudulent text messages are being sent to consumers in an effort to steal personally identifiable information. Financial institutions have reported an increased volume in these attacks since May 22, 2014. Mass text broadcasts are commonly used by fraudsters to reach large audiences of potential victims. This scam is quite common and often operates simultaneously in multiple states.
- Automated texts are being broadcast that warn consumers to call certain numbers to reactivate their payment cards.
- A recent text example: "Federal Credit Union ALERT: Your Check Card has been temporarily LOCKED. Please call Card Services line (407) 574-2992".
- Text messages do not reference a particular issuing brand but they may vaguely refer to a credit union or bank.
- Additional originating text numbers for this recent scam include: 786-300-2335 and 971-208-9936. All numbers referenced in this Alert Bulletin have been disbanded. New originating numbers will most likely be created and used in the future.
- Text messages may also originate from Jamaican area code 876 which is easily confused by consumers with a toll free number.
- Never call a potentially fraudulent number. Law enforcement and local communication companies may be in the middle of an investigation that will be compromised if the fraudsters become suspicious.
- Instruct your customer service staff to collect as many details as possible if they speak with a customer who is reporting an incident. Full telephone numbers including area codes are essential for any telephone scam investigation.
- Be aware that a series of numbers are often involved in telephone scams. This scam may not be entirely limited to the number(s) referenced above.
- If your Credit Union experiences a similar fraud scam please contact your local federal law enforcement agency for assistance.
January 2012: SMISHing
What is SMISHING? Smishing is a form of criminal activity using social engineering techniques similar to phishing. The name is derived from "SMs phISHING". SMS is the technology used for text messages on cell phones. Similar to phishing, smishing uses cell phone text messages to deliver the "bait" to get you to divulge your personal information. The "hook" (the method used to actually "capture" your information) in the text message may be a web site URL, however it has become more common to see a phone number that connects to automated voice response system.
One of our members recently got This Text on their phone. Never call these numbers if you get a text like this. As of the time of this writing, Spirit of Alaska FCU does not offer a SMS alerts, and we never conduct SMS marketing campaigns.
November 2011: Holiday Shopping Alert
As the holiday season approaches, it is important to be aware of potential scams. Con artists are working hard to get their hands on your money as well as personal and financial information. To help reduce the risk and protect credit union members, we offer a list of potential scams along with tips for a safer and smarter holiday shopping season.
Many consumers will be using their mobile devices and computers to conduct their holiday shopping and so will the cyber scammers! Mobile device scams are a top threat this year based on the increase in mobile malware and malicious apps. Consumers should be aware of all potential threats in order to safeguard their funds and personal information this holiday season. Potential scams and tips to be aware of and share with your members are listed below.
Holiday Scams and Tips
- Watch for mobile malware – especially deals for black Friday and cyber Monday.
- Be cautious when looking for free mobile apps - may be an attempt to steal information.
- Watch for malicious screensavers, ring tones and e-cards.
- Watch for purchase offers of fake anti-virus software – this scam may trick you into purchasing the software.
- Secure your computer – at a minimum, have anti-virus, anti-spyware and a firewall.
- Remember to turn off your computer when you're done shopping.
- Watch for social media scams – phony Facebook and Twitter sites or other online promotions and contests.
- Beware of scammers advertising popular holiday items.
- Check out the seller of items – research before you buy.
- Don't fall for the mystery shopping scam asking you to shop for $XX dollars (ex: $100).
- Online coupon scams may ask for your personal or financial information using email.
- Holiday phishing scams – Don't fall for emails, text messages or phone calls asking for personal or financial information.
- Monitor credit, debit and account numbers used for your holiday shopping to help identify any unauthorized usage.
- Vacation scams – don't post holiday pictures until you are back home.
- Lighted parking lots – survey the parking lot surroundings. Make sure you have your car keys in your hands before entering the parking lot.
- If an offer or item sounds too good to be true, it's probably a scam.
- Report scams to the Federal Trade Commission at www.ftc.gov or call toll-free 1.877.ftc.help (1.877.382.4357)
July 2011: Fraudulent loan modification letters
There is an ongoing scam that occurs periodically as a letter to some of our mortgage loan members. Our member receives a letter (see sample) with Spirit of Alaska FCU in the address line, implying that the letter is an official communication. This is an attempt by an unauthorized third party to gain access to your personal information. As a matter of public record, Spirit of Alaska FCU is listed as lien holder on your property, and therefore there is NO security breach. Notice in the fine print of this letter, we are not affiliated, connected, or associated with any of these operations.
***DO NOT RESPOND TO THIS LETTER***
November 2010: Wire Identity Fraud in Wisconsin Credit Unions
Credit unions in Wisconsin are being attacked with the wire/HELOC fraud. All cases involved wire requests received by phone or fax. In some of the cases, the fraud was prevented but in others the criminals were successful in having large amounts wired from member accounts to domestic and foreign financial institutions. Security questions used by credit unions during the callback verification were easily answered by the criminals.
- In most of the cases, the criminals hijacked member home phones by having the calls forwarded to the criminals. In other cases, the criminals were able to have member phone numbers changed on accounts through social engineering methods. This resulted in callback verifications being made to the criminals rather than the members.
- In one case involving a faxed request, the notary signature and seal were forged. A number of past wire fraud cases also involved faxed requests containing forged member and notary signatures and seals.
- Security questions (including out-of–wallet/non-statement questions) were answered correctly by the criminals. This trend will not likely change as criminals easily obtain personal information on their victims.
- The fraudulent wire requests ranged from $48,000 to $165,000.
- The funds were wired overseas, primarily to North and South Korea, as well as domestic institutions.
Spirit of Alaska FCU is diligent in monitoring our member's accounts for fraud threats, and has adopted many of CUNA's recommendations in response to identity threats such as these. We advise members to be careful in how much personal information is publicly revealed on social networking sites, in order to prevent this type of access to your accounts.
AIG SWEEPSTAKES SCAM - April 2010
Some of our membership has been affected by a Sweepstakes check scam. The latest company's name to be fraudulently used in this scam is American International Group, Inc, (AIG).
According to a fraud warning on AIG's Web site, www.aigcorporate.com letters are being sent by scammers using the name, "Reader's Digest" indicating that the recipient has been selected as a winner in the Reader's Digest "SWEEPSTAKES DRAW." The letter states the recipient is entitled to a large sum of money, anywhere from $80,000 to over $127,000. The letter is accompanied with a check for a lesser amount, (a few thousand dollars) "to help you cover any charges that may be required before you receive your funds," according to the letter. The check appears to be from "AIG Annuity Insurance Company – A Member of American International Group Inc" and asks the recipient to call a number, (1-778-323-0555 is an example from one such letter). This number is answered by individuals who identify themselves as AIG representatives and instruct the caller to cash the check and deliver it to a courier. They tell the caller that the courier will then deliver the larger "prize" check indicated in the letter.
AIG has confirmed that neither it nor its subsidiaries sponsor or support any lottery, sweepstakes, or prize contest that resembles the letter currently circulating. If you receive such a letter, do not cash the check – it is fraudulent. Once your bank determines this, you are responsible to the bank for those funds. Forward the entire mailing, including the fake check and the envelope it came in to the AIG Internal Audit Investigative Group at 32 Old Slip, 28th Floor, New York, NY 10005. You can also file a complaint with the U.S. Postal Inspection Service as they investigate all types of mail fraud and can arrest these scammers: https://postalinspectors.uspis.gov.
Article by the Better Business Bureau
WIRE FRAUD - March 2010
Credit unions across the country continue to report high volume of unauthorized wire transfer requests where the fraudster has performed "selective" call forwarding of the credit unions telephone number when the call comes into the member's phone number. All other incoming calls to the credit union member are received except for the telephone number that has been selected by the fraudster to be call forwarded. The credit union has no idea that it is their number has been call forwarded. When the credit union performs the call back, it appears in many of the cases it's the fraudster on the telephone during the call back process.
The perpetrator continues to focus on Home Equity Line of Credit (HELOC) wire transfers making requests via fax, or telephone. The recent spike in fraudulent wire transfer requests is alarming and requires the use of additional validation measures to protect your credit union and members. These perpetrators are extremely creative; while one validation solution may work today, it may not work tomorrow as the perpetrators continue to find ways to work around the validation solutions.
- Take extra caution when accessing public computers to prevent key logging of your account information.
- Place a password with your landline or cell phone carrier to prevent your number from being call forwarded.
- Never provide any personal or financial information when receiving a phone, email, text or mail request from anyone.
PRICE WATERHOUSE COOPERS SECURITY BREACH - February 2010
The State of Alaska has reached a settlement with Price Waterhouse Coopers LLP to provide credit protection for about 77,000 former and current public employees whose names and confidential information were misplaced by the professional services firm.
The lost personal information is for the public employees and retirees who were participants in the Public Employees Retirement System and the Teachers Retirement System in 2003-2004.
"In this settlement, Price Waterhouse Coopers has accepted responsibility for this security failure," the attorney general said. "Most importantly, the firm has agreed to protect Alaskans by paying for identity theft protection and credit-monitoring, or a security freeze, for each of the 77,000 Alaskans who are potentially affected by this failure and by ensuring that Alaskans are reimbursed for losses that they might incur as a result of ID theft caused by this breach."
For more information, see the linked PDF files below:
AUTOMATED FRAUD DEPARTMENT CALL - 2009
Members and non-members have been receiving an automated call claiming they are from the Fraud Department of Spirit of Alaska and the member's card has been temporarily blocked. The call is requesting the member to input their debit card and PIN number. THESE CALLS ARE NOT FROM Spirit of Alaska. DO NOT ENTER YOUR INFORMATION.
If you have received a call like this and have entered your information, please call 1-866-875-6807 immediately to report your card compromised.
CRAIGSLIST RECRUITMENT SCAM - 2009
Advertisements have been posted on Craigslist as part of member recruitment scams nationwide. The ads solicit current credit union members and offer $75.00 or more for their assistance in gaining membership for ineligible individuals. This scam is targeting credit unions and members across the country.
The following are samples of Craigslist ads target credit union members for this recruitment scam:
If you're a ABC Credit Union Member MAKE SOME EXTRA $$
This is NOT a scam! I am willing to call you and discuss extensively! I need a ABC Credit Union Member to sponsor me into the credit union. I am willing to pay $100 USD for this service. Please email me and we can discuss this in detail. This is a 1 day process and I want to become a member for investment account/interest rate purposes.
Need to find a XYZ Credit Union Member
I was just approved for a visa credit card with XYZ Federal Credit Union and they called me and said that they can not process the application if I do not know any existing member or if I am not employed at one of the list of companies they have. To become a member you have to know a member. So now my app is on hold until I can find someone who is already a member. If you know someone, please tell them to contact me. I am willing to pay $500. And all they ask for is the members name and member number. Thanks.
ABC and XYZ Members Needed!!!
If you are a ABC or XYZ Federal Credit Union member we will pay you $75.00 per member to sponsor other that would like to join the credit union but do not meet the membership requirements. Please email for details.
Following thorough identification and verification processes for new members and new accounts are critical for preventing fraudsters from infiltrating your credit union.
Loss Prevention Recommendations:
- Educate credit union employees and members about recruitment scams
- Exercise extra due diligence when opening accounts via in person, internet, fax or mail to ensure individuals are eligible for membership.
- Verify all information provided for new account applications, including addresses, employment, and eligibility for membership.
- Obtain credit reports and investigate fraud flags
- If your credit union is targeted, alert members and report the scam to the proper authorities
- File a complaint with the Internet Crime Complaint Center (IC3) at www.ic3.gov related to any suspected fraudulent e-mails, text messages or telephone calls IC3 is a partnership between the FBI, the National White Collar Crime Center, and the Bureau of Justice Assistance.
KEYLOGGING - 2009
Malicious software, also known as malware, infects computers by keystroke logging or keylogging. This allows the criminal to obtain the users ID and password, the perpetrator then sends unauthorized ACH transactions in the user's name. These attacks have taken a significant toll on community banks, credit unions and their Originators.
PHONE SCAM - CREDIT CARD BREACH - May 27, 2009
Victims receive a phone call and listen to a pre-recorded message warning them of a breach of security affecting their credit card or the opportunity to change the interest rate on their account. The cardholder is told to call a toll-free number to address the security concerns or have the interest rate changed. When the victim calls the number, they are asked to enter personal information as well as their credit card account number. Please do not call the number on the recording, instead, call the number on the back of your credit card to see if it's a valid call.
JURY DUTY SCAM - 2009
The caller claims to be a jury coordinator. If you protest that you never received a summons for jury duty, the scammer asks you for your Social Security number and date of birth so he or she can verify the information and cancel the arrest warrant. Give out any of this information and bingo; your identity was just stolen. The fraud has been reported so far in 11 states, including Oklahoma , Illinois, and Colorado . This (swindle) is particularly insidious because they use intimidation over the phone to try to bully people into giving information by pretending they are with the court system. The FBI and the federal court system have issued nationwide alerts on their web sites, warning consumers about the fraud.
STIMULUS PACKAGE SCAM - 2009
Identity thieves posing as representatives of the Internal Revenue Service are sending spam e-mails promising government economic stimulus packages. The message tells the user to download an attachment that is masked as a form they must fill out and send to the IRS to receive their check. However, the document really is an identity theft tool that steals the personal information entered in the form.
Another scam being used promises more information on how to get "economic stimulus grants." They tempt users with fake testimonials such as, "I found the grant I needed and filled out the forms and sent them in, and in about two weeks I received a check in my hand for $100,000." It leads to a marketing-type site in which you enter personal information such as salary range, e-mail address, mailing address, and date of birth purportedly to get a free CD that shows you how to claim one of these grants. To order the CD, you must enter credit card information for the postage and handling costs. You never get the CD—only a stolen identity.
CREDIT CARD PHISHING FOR SECURITY CODE - 2009
This new phishing scam sounds like a legitimate telephone call. The cardholder is contacted to obtain the security code on the back of their VISA and MasterCard.
Under this scam, a telephone call is placed to a legitimate cardholder. The caller claims to be a representative from VISA or MasterCard informing the cardholder of suspicious card activity. The caller provides details of an unusual transaction and asks if the cardholder made this purchase, which, of course, the cardholder did not. The cardholder is then asked to verify possession of the card. To do so, the cardholder is asked to read the three-digit security code on the back of the card. The fraudster then provides a control number in the event the cardholder needs to call back with questions, making the call seem legitimate.
The caller does not ask for the credit or debit card number, and that is why some members are fooled into believing the call is legitimate. But the fraudster already has the card number; what they don't have is the three-digit security code from the back of the card, and that is what they are after with this scam.
NEVER give out any personal information in response to a phone call, email, or letter. It is better to be more cautious and avoid these scams. You can call the official number to your credit card or banking company to double check if it was a scam or not.
EMAIL SURVEY SCAM - 2009
A phishing scam survey was sent recently via email using Spirit of Alaska logo's. This survey claimed that people who respond to this survey will receive $40 for simply filling out the survey. At the end of the survey, it requests the respondent to fill out their account number, user ID, and password or credit card info so that the $40 can be deposited. Please be aware that Spirit of Alaska FCU will NEVER request this information via email from our members. For a sample of what this phishing scam looks like click here. If you have filled out this survey please contact us at 459-5900 immediately.