- Home
- Services
- Convenience Services
- Member Alerts
Convenience Services
Avoid the snares of schemers, scammers and fraudsters.
Staying informed about the latest trends in Internet fraud and identity theft can empower you to recognize potential schemes and protect yourself and your money. At Corporate America Family Credit Union, we’re here to help with information about recent vishing, phishing and smishing scams and some tips on how to avoid becoming a victim.
Protecting Your Mobile Device*
- When purchasing a smartphone, know the features of the device, including the default settings. Turn off features you don’t need to minimize the risk of attack.
- Some phones have encryption available. This can be used to protect your personal data in the case of loss or theft. Ask your cellphone dealer if this is available on your model.
- With the growth of the application market for mobile devices, be sure to look at the reviews of the developer/company who published the application.
- Review and understand the permissions you are giving when you download applications.
- Use a passcode to protect your mobile device. This is the first layer of security to protect the contents of the device. Also enable the screen lock feature after a few minutes of inactivity.
- Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that help protect your device from rogue applications and malware.
- Be aware of applications that use geo-location, which will track the user’s location anywhere. This application can be used for marketing, but can also to assist a possible stalker and/or burglar.
- Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cellphone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often compromises the cellphone’s security, making it more vulnerable to attack.
- Do not allow your device to connect to unknown wireless networks. These networks could capture information passed between your device and a legitimate server.
- If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.
- Smartphones require updates to run applications. Update your phone regularly to reduce the risk of the device being hacked or compromised.
- Avoid clicking on or otherwise downloading software or links from unknown sources.
- Use the same precautions on your cellphone as you would on your computer when using the Internet.
*Source: Federal Bureau of Investigations, IC3 (Internet Crime Complaint Center), October 2012.
Internet Explorer Vulnerability
What you need to know: Microsoft released a patch on May 1, 2014 to address the vulnerability. Users of IE 6 through IE11 should review the Microsoft Security Bulletin MS14-021 and ensure the patch has been installed prior to using the Internet Explorer browser. Until the patch has been installed, members are encouraged to utilize another internet browser, such as FireFox or Chrome.
While Microsoft released an update for Microsoft Windows XP users due to the severity of this vulnerability, further security updates are not expected for Microsoft Windows XP as the product has been discontinued.
An additional layer of security can be put in place to protect against financial malware threats by installing the IBM® Trusteer Rapport product offered to CAFCU members at no-cost. Click here for details.
Android Security Bug — "Fake ID"
Below are recommendations from Symantec:
Update your Android OS – While the Android security team has issued a patch and provided it to their partners, it may take some time for all partners to implement the patch, which unfortunately increases the chances of malware being developed to take advantage of this vulnerability. If you have an Android device with an OS version 2.1 or beyond, keep an eye out for platform updates from your service provider and implement them immediately.
Install a mobile device anti-virus/malware prevention tool – Several trusted providers offer apps which target this type of activity on a mobile device, such as Symantec’s Norton Mobile Security. Research the app on the vendor’s website to ensure it covers the Android vulnerability and that the vendor is legitimate prior to installing the application.
Use caution when downloading apps from stores other than Google Play – Google Play is taking extensive measures to detect “fakers” and prevent this vulnerability from becoming a serious threat. Make sure that your favorite app stores are reputable and are taking steps to protect users.
Merchant/Retailer Data Breaches
You’re protected! Visa’s Zero Liability* policy means you don’t pay for unauthorized use of your credit or debit card. Rest assured knowing your financial security is our top priority.
*Visa’s Zero Liability policy covers U.S.-issued cards only and does not apply to ATM transactions, PIN transactions not processed by Visa, or certain commercial card transactions. If any unauthorized use is discovered, cardholder must always notify CAFCU promptly.
Phishing Scam
What you need to know: Legitimate companies do not send emails asking for personal information. Regardless of a caller’s claims or a website’s official appearance, never give out personal information when you receive an unsolicited phone call or email.
DocuSign Phishing Scam
DocuSign® is a globally-trusted, secure communication channel for signing documents. Recently, criminals acquired email addresses of people that use the service, and these criminals have attempted to commit fraud by sending fake emails that look like they are from DocuSign.
What you need to know:
- Requests from DocuSign always come from one of these two addresses:
- If you are not expecting a DocuSign email, don’t open it. If you feel it may be valid, access the documents directly by visiting www.docusign.com and enter the unique security code included at the bottom of every legitimate DocuSign email.
- DocuSign never asks recipients to open a PDF, Office document or ZIP file in an email. If one is attached, assume the email is not legitimate and delete the email.
Airline Ticket Phishing Scam
Fake emails using the names of U.S. airline companies urge recipients to confirm a ticket purchase by printing the invoice and ticket attached to the email. When unsuspecting recipients open the attachment, malware downloads onto their computer and fraudsters gain access to sensitive information such as account numbers, passwords and access codes.
What you need to know:
- Grammar and spelling mistakes and unusual formatting in the emails mark them as the work of scammers rather than legitimate airlines.
- If you didn’t order airline tickets recently, or if the email looks suspicious, don’t open the attachment. Delete the email immediately.
- Visit the FBI web page for more information.
Fraud Email Survey Phishing Activity
What you need to know: Neither NCUA nor CAFCU solicit personal information or send surveys via email.
Vishing (Telephone) Scam
What you need to know: CAFCU may need to contact members by telephone for a variety of reasons. Our calls are always made by live credit union representatives and we will always verify your identity by repeating information you have previously shared with us. We will never ask you to volunteer information such as account numbers, credit card numbers or your PIN.
Smishing (Text Message) Scam
Text messaging scammers send a text message from an unrecognizable number stating that your credit union account or credit card account has been closed due to suspicious activity. The text then provides a number to call or URL to follow for more information. When you call or click, you are asked for personal information like Social Security and bank account numbers.
What you need to know:
- If you receive unwanted text messages, be careful. Contact your cell phone company and find out how to avoid receiving spam texts. They can help prevent text messaging fraud by adding spam filters to your account.
- Exercise the same caution you would when giving out a mobile phone number as you would with a personal email address or other personal information.
- Never respond to unsolicited text messages – it lets the sender know they've reached a working number.
The Federal Trade Commission recommends never turning over private information based on a text message request. And CAFCU will never ask you to follow a link or call a number via text message. Contact our Member Center immediately at 1-800-359-1939 if you have entered any personal information on a fraudulent web page.
You can also file a complaint on the Federal Trade Commission’s website, www.ftc.gov, or call 1-877-FTC-HELP.
Visa Card Fraud Prevention Alerts
Your financial security is a top priority of CAFCU. That's why we proactively monitor your Visa credit and debit card(s) for any unusual activity.
IBM Trusteer Rapport
Your financial security is a top priority of CAFCU. That's why we are proud to offer IBM Trusteer Rapport security software at no-cost.