1. Contact your financial institution to inquire about a suspicious transaction right away. At CAFCU, we help our members dispute fraudulent transactions and prevent future transactions from posting to their accounts. 
   
   
2. Notify the credit bureaus, Equifax, Experian, and TransUnion, and find out what they can do to help you protect your credit.
   
   
3. Check your computer. Make sure your devices weren't compromised. Install and run anti-virus software (or updating the software you currently have). This can detect malware and keylogging software that might be secretly stealing your data. 
   
   
4. Contact vendors: If you think you’ve been cheated, try first to figure out what might have happened with the company directly. Send your complaint to a supervisor, manager, owner, or president of the company in writing and provide copies of any documentation of your complaint. Never send original receipts or canceled checks.
   
   
5. Contact the Federal Trade Commission (FTC). The FTC is an independent government agency devoted in part to promoting consumer protection. This resource from the FTC can help you with next steps if you think you’ve been scammed.
   
   
6. Report fraud to your local or state government. For example, in Illinois you can file a consumer complaint with the Consumer Protection Division of the Illinois Attorney General’s office if you’ve been victimized by fraud or deception. File a Complaint (illinoisattorneygeneral.gov). All states have consumer protection acts and agencies tasked with enforcing them.  

The Consumer Financial Protection Bureau (CFPB) issued an advisory reporting that billions of consumer dollars may be at risk when stored on popular peer-to-peer payment and other fintech apps. These apps are acting like banks in that they store money and allow consumers to make certain types of transactions. However, money stored in these apps may not be federally insured. When you keep your money in a bank or credit union checking or savings account, it is typically insured up to $250,000 by either NCUA (credit unions) and the FDIC (banks).

If you use a fintech application to send or receive money or transact in other ways, make sure to transfer your money to a federally insured credit union or bank account before it accumulates in that app.

Although credit card account data can be compromised in breaches involving retailers, it does not mean data related to your account was taken or that fraud has occurred on your account.

Please be assured that we are actively monitoring the activity on your account to protect you from fraud. You will be contacted if we determine that your card must be replaced or if we see any activity that requires you to take any action. Otherwise, please review your monthly statements carefully and call us immediately if you see any suspicious activity.

You’re protected! Visa’s Zero Liability* policy means you don’t pay for unauthorized use of your credit or debit card. Rest assured knowing your financial security is our top priority.

*Visa’s Zero Liability policy covers U.S.-issued cards only and does not apply to ATM transactions, PIN transactions not processed by Visa, or certain commercial card transactions. If any unauthorized use is discovered, cardholder must always notify CAFCU promptly.

DocuSign^® is a globally-trusted, secure communication channel for signing documents. In the past, criminals acquired email addresses of people that use the service and attempted to commit fraud by sending fake emails that look like they are from DocuSign.

What you need to know:

1. Requests from DocuSign always come from one of these two addresses:
   • www.docusign.com
   • www.docusign.net
2. If you are not expecting a DocuSign email, don’t open it. If you feel it may be valid, access the documents directly by visiting www.docusign.com and enter the unique security code included at the bottom of every legitimate DocuSign email.
3. DocuSign never asks recipients to open a PDF, Office document or ZIP file in an email. If one is attached, assume the email is not legitimate and delete the email.

Vishing is a type of cybercrime in which scammers make phone calls or leave voice messages impersonating reputable companies in order to gather personal information from victims.

Credit union members may receive an automated call claiming to be from the credit union. The recipient’s caller ID may even show a legitimate-looking local number. The recorded message requests verification of financial information or claims that the member’s account has been compromised. The member will be asked to enter account information using a touchtone phone. The sensitive information is then digitally transcribed by the scammer’s computer.

What you need to know: CAFCU may need to contact members by telephone for a variety of reasons. Our calls are always made by live credit union representatives and we will always verify your identity by repeating information you have previously shared with us. We will never ask you to volunteer information such as account numbers, credit card numbers or your PIN.

Similar to vishing and phishing, smishing is a type cybercrime in which scammers send text messages impersonating reputable companies in order to gather personal information from unsuspecting victims.

In a vishing scam, text messaging scammers will send an SMS message from an unrecognizable number stating that your credit union account or credit card account has been closed due to suspicious activity. The text will then provide a number to call or URL to follow for more information. When you call or click, you will be asked for personal information like your Social Security and bank account numbers.

What you need to know:

• If you receive unwanted text messages, be careful. Contact your cell phone company and find out how to avoid receiving spam texts. They can help prevent text messaging fraud by adding spam filters to your account.
• Exercise the same caution you would when giving out a mobile phone number as you would with a personal email address or other personal information.
• Never respond to unsolicited text messages – it lets the sender know they've reached a working number.

The Federal Trade Commission recommends never turning over private information based on a text message request. And CAFCU will never ask you to follow a link or call a number via text message. Contact our Member Center immediately at 1-800-359-1939 if you have entered any personal information on a fraudulent web page.

You can also file a complaint on the Federal Trade Commission’s website, www.ftc.gov, or call 1-877-FTC-HELP.

• When purchasing a smartphone, know the features of the device, including the default settings. Turn off features you don’t need to minimize the risk of attack.
• Some phones have encryption available. This can be used to protect your personal data in the case of loss or theft. Ask your cellphone dealer if this is available on your model.
• With the growth of the application market for mobile devices, be sure to look at the reviews of the developer/company who published the application.
• Review and understand the permissions you are giving when you download applications.
• Use a passcode to protect your mobile device. This is the first layer of security to protect the contents of the device. Also enable the screen lock feature after a few minutes of inactivity.
• Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that help protect your device from rogue applications and malware.
• Be aware of applications that use geo-location, which will track the user’s location anywhere. This application can be used for marketing but can also to assist a possible stalker and/or burglar.
• Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cellphone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often compromises the cellphone’s security, making it more vulnerable to attack.
• Do not allow your device to connect to unknown wireless networks. These networks could capture information passed between your device and a legitimate server.
• If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.
• Smartphones require updates to run applications. Update your phone regularly to reduce the risk of the device being hacked or compromised.
• Avoid clicking on or otherwise downloading software or links from unknown sources.
• Use the same precautions on your cellphone as you would on your computer when using the Internet.

*Source: Federal Bureau of Investigations, IC3 (Internet Crime Complaint Center), October 2012.