Fraud Awareness

Although credit card account data can be compromised in breaches involving retailers, it does not mean data related to your account was taken or that fraud has occurred on your account.

Please be assured that we are actively monitoring the activity on your account to protect you from fraud. You will be contacted if we determine that your card must be replaced or if we see any activity that requires you to take any action. Otherwise, please review your monthly statements carefully and call us immediately if you see any suspicious activity.

You’re protected! Visa’s Zero Liability* policy means you don’t pay for unauthorized use of your credit or debit card. Rest assured knowing your financial security is our top priority.

*Visa’s Zero Liability policy covers U.S.-issued cards only and does not apply to ATM transactions, PIN transactions not processed by Visa, or certain commercial card transactions. If any unauthorized use is discovered, cardholder must always notify CAFCU promptly.

Fake emails using the names of U.S. airline companies urge recipients to confirm a ticket purchase by printing the invoice and ticket attached to the email. When unsuspecting recipients open the attachment, malware downloads onto their computer and fraudsters gain access to sensitive information such as account numbers, passwords and access codes.

What you need to know:

• Grammar and spelling mistakes and unusual formatting in the emails mark them as the work of scammers rather than legitimate airlines.
• If you didn’t order airline tickets recently, or if the email looks suspicious, don’t open the attachment. Delete the email immediately.
• Visit the FBI web page for more information.

DocuSign^® is a globally-trusted, secure communication channel for signing documents. In the past, criminals acquired email addresses of people that use the service and attempted to commit fraud by sending fake emails that look like they are from DocuSign.

What you need to know:

1. Requests from DocuSign always come from one of these two addresses:
   • www.docusign.com
   • www.docusign.net
2. If you are not expecting a DocuSign email, don’t open it. If you feel it may be valid, access the documents directly by visiting www.docusign.com and enter the unique security code included at the bottom of every legitimate DocuSign email.
3. DocuSign never asks recipients to open a PDF, Office document or ZIP file in an email. If one is attached, assume the email is not legitimate and delete the email.

Vishing is a type of cybercrime in which scammers make phone calls or leave voice messages impersonating reputable companies in order to gather personal information from victims.

Credit union members may receive an automated call claiming to be from the credit union. The recipient’s caller ID may even show a legitimate-looking local number. The recorded message requests verification of financial information or claims that the member’s account has been compromised. The member will be asked to enter account information using a touchtone phone. The sensitive information is then digitally transcribed by the scammer’s computer.

What you need to know: CAFCU may need to contact members by telephone for a variety of reasons. Our calls are always made by live credit union representatives and we will always verify your identity by repeating information you have previously shared with us. We will never ask you to volunteer information such as account numbers, credit card numbers or your PIN.

Similar to vishing and phishing, smishing is a type cybercrime in which scammers send text messages impersonating reputable companies in order to gather personal information from unsuspecting victims.

In a vishing scam, text messaging scammers will send an SMS message from an unrecognizable number stating that your credit union account or credit card account has been closed due to suspicious activity. The text will then provide a number to call or URL to follow for more information. When you call or click, you will be asked for personal information like your Social Security and bank account numbers.

What you need to know:

• If you receive unwanted text messages, be careful. Contact your cell phone company and find out how to avoid receiving spam texts. They can help prevent text messaging fraud by adding spam filters to your account.
• Exercise the same caution you would when giving out a mobile phone number as you would with a personal email address or other personal information.
• Never respond to unsolicited text messages – it lets the sender know they've reached a working number.

The Federal Trade Commission recommends never turning over private information based on a text message request. And CAFCU will never ask you to follow a link or call a number via text message. Contact our Member Center immediately at 1-800-359-1939 if you have entered any personal information on a fraudulent web page.

You can also file a complaint on the Federal Trade Commission’s website, www.ftc.gov, or call 1-877-FTC-HELP.

• When purchasing a smartphone, know the features of the device, including the default settings. Turn off features you don’t need to minimize the risk of attack.
• Some phones have encryption available. This can be used to protect your personal data in the case of loss or theft. Ask your cellphone dealer if this is available on your model.
• With the growth of the application market for mobile devices, be sure to look at the reviews of the developer/company who published the application.
• Review and understand the permissions you are giving when you download applications.
• Use a passcode to protect your mobile device. This is the first layer of security to protect the contents of the device. Also enable the screen lock feature after a few minutes of inactivity.
• Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that help protect your device from rogue applications and malware.
• Be aware of applications that use geo-location, which will track the user’s location anywhere. This application can be used for marketing but can also to assist a possible stalker and/or burglar.
• Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cellphone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often compromises the cellphone’s security, making it more vulnerable to attack.
• Do not allow your device to connect to unknown wireless networks. These networks could capture information passed between your device and a legitimate server.
• If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.
• Smartphones require updates to run applications. Update your phone regularly to reduce the risk of the device being hacked or compromised.
• Avoid clicking on or otherwise downloading software or links from unknown sources.
• Use the same precautions on your cellphone as you would on your computer when using the Internet.

*Source: Federal Bureau of Investigations, IC3 (Internet Crime Complaint Center), October 2012.