Information on ID Theft, Fraud, and Phishing Updates

Information on ID Theft, Fraud, and Phishing Updates

Here at TELCOE FEDERAL , one of our top priorities is to keep information about your accounts private. We're proud to have earned your trust by offering the highest level of security, using the latest encryption technology for online transactions, plus virus protection and firewalls.

We access your personal information only when necessary to service or maintain your accounts. In addition, you have the opportunity to select your own passwords or codewords to access your accounts and have personal identification numbers (PINs) for your ATM, credit and debit cards. We issue you a personal Access Number for your accounts—totally unrelated to your account numbers.

We do not share any of your information with third parties except as allowed or required by law and as necessary to provide you with services. To read our complete privacy statement, click here.

Stop! Don't become a victim!

To get an identify theft card request form from the Attorney General’s office click here

In 2005, Act 744 was approved allowing the Attorney General’s office to issue victims of identity theft an Identity Theft Passport. This card is similar to a driver’s license and is designed to assist with getting the victim’s credit and reputation back, and may even help prevent prosecution for someone else using your identity. A police report is required. To obtain Identity Theft Passport Request form, click on the link below.

http://www.ag.arkansas.gov/pdfs/idtheftpassport.pdf

As of January 1, 2008, Arkansans who feel they may have been the victim of identity theft or even those trying to prevent becoming a victim, now have the right to place a security freeze on their credit reports. This is designed to prevent credit being issued to someone using your identity. It is important to note that doing so could delay you from applying for a loan, getting utilities, using credit cards online, or other acts until you authorize the request with the appropriate credit bureau. Established accounts would be able to make normal inquiries without the freeze being lifted. Consumer reporting agencies have right to charge fees for lifting the freeze to authorize the transaction, but if you have been the victim of identity theft, providing a police report with your request to lift the freeze should cause the fee to be waived. For more information and details on credit freezes, visit the Attorney General’s website at http://ag.arkansas.gov/consumers_consumer_alerts_id_theft.html.

Here are some simple steps you can take to protect yourself:

· · Protect your Social Security number and credit card account numbers. Don't give them to anyone over the telephone if they've called you. Hang up and call the company back using a telephone number you find (NOT ONE THEY GIVE YOU) to check that it was a legitimate inquiry.

· · Cancel unused credit cards.

· · Limit the amount of identification and the number of credit cards you carry.

· · When making transactions over the Internet, use only a secure site. Look for the "lock" icon on the Web page.

· · Don't leave envelopes with checks inside in an unsecured mailbox. Try to use a sealed U.S. Post Office mailbox for your correspondence. If you have an "open" mailbox, make an effort to pick up your mail promptly. Don't leave mail in your mailbox overnight or on weekends.

· · Completely destroy or shred copies of credit card receipts, statements from financial institutions, tax returns and loan applications before discarding them. Keep the ones you need in a SECURE place.

· · Look for statements from financial institutions and verify that the account information is correct. By signing up for Telcoe Federal's Free Account Access, you'll be provided with an excellent means of reviewing your Telcoe Federal accounts at your convenience.

· · Never give your Personal Identification Numbers (PINs) to anyone, for any reason. Watch out for a scam that is known as "phishing," where someone calls or emails you and claims to be from one of your accounts (Internet provider, credit card, etc.) and wants to "verify" your information by requesting that you give them your account number, Social Security number, etc.—DON'T GIVE OUT THIS INFORMATION. Immediately call those companies and notify them about these abuses.

· · Watch for unexplained interruptions in your mail service. If there is one, contact your local post office and verify that your address has not been changed without your knowledge.

· · Review a copy of your credit report at least once a year.

If Identity Theft Strikes

When your wallet is lost or stolen, you're protected from unauthorized use of your credit and debit cards and subsequent financial liability if you promptly notify your card issuers. But it's not so easy to guard against identity theft. Each year a growing number of people are victimized by a criminal element interested in stealing their identities.

Armed with personal data, such as your Social Security Number, date of birth and mother's maiden name, these thieves can, within a matter of hours, take over your existing accounts, open new ones, and obtain credit cards, a passport, a drivers license, Social Security benefits and loans. And they can even change your mailing address!

Notify the correct authorities if you feel you have been a victim of identity theft. Contact the three Credit bureaus and report the incident. Then follow up the phone contact with a written notification to police.

Trans-Union
P.O. Box 390
Springfield, PA 19064-0390
1-800-680-7289

Equifax
P.O. Box 740241
Atlanta, GA 30374-0241
1-800-525-6285

Experian
P.O. Box 949
Allen, TX 75013-0919
1-888-397-3742

Contact Telcoe or other financial institutions where you have accounts. Obtain new account numbers and have a code word placed on your accounts.

File a report with your local law enforcement agency and obtain a report number for future reference.

Request new accounts and PINs if your credit cards or ATM cards have been compromised.

Close the account and ask your financial institution to notify the appropriate check verification service if your checks have been stolen or misused. You should also contact the major check verification companies yourselves:

· · TeleCheck: 1-800-710-9898

· · Certegy, Inc.: 1-800-437-5120

Call SCAN (1-800-262-7771) to find out if anyone has been passing bad checks in your name.

Report the fraudulent use of your Social Security Number to the Social Security Administration: Report Fraud — 1-800-269-0271.

Visit your state's motor vehicles office and advise them of the incident.

Obtain a new operator's license and number. NOTE: You do not have to use your SSN for your driver's license. YOU MAY request another number for your driver's license.

More Information

For more information on Identity Theft and to download forms for reporting identity fraud, go to:

· · http://ag.arkansas.gov/consumers_consumer_alerts_id_theft_more_info.html

· · Call their hotline toll-free 1-877-IDTHEFT (438-4338)

· · Write Identity Theft Clearinghouse, Federal Trade Write Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.

Beware The "Account Manager" Scam!

One scam to hit your email and the Web offers to let you become an "Account Manager" or "Transfer Agent" for a third party, usually someone in an ex-Soviet bloc country. Here's how it works: The scammers try to solicit you through an email or an advertisement on the Web, offering to let you "work from home" and be an Account Manager or "Money Transfer Agent" for them, thus letting you "earn" commissions for your trouble. They then transfer money OUT of an unsuspecting person's account and into yours. Once the money's in your account, they ask you to send the money to them via Western Union. The lure is that they allow you to keep a percentage of the money they've deposited into your account (usually 5%). They sweeten the pot by saying that your fee will grow to 6% and possibly more as you do more money transfers for them.

This scam harms many people, especially consumers whose accounts have money taken from them. If you agree to become an Account Manager for these thieves, you have no idea where the money is coming from or where it's going. It could be used for a variety of purposes, including terrorism. If you're caught, you could face possible legal action. Don't believe any emails or Web advertisements offering to let you earn money by transferring cash.

Other scams to watch out for:

Today, it’s not just “buyer beware.” Certain online shoppers are using counterfeit cashier’s checks to scam sellers of big ticket items, such as cars, boats and motorcycles.

Here’s how these scammers operate. The scenario is the same each time. You list an item on an Internet auction or other site and within a few days you're contacted via email by a potential buyer in Nigeria or Africa. A deal is reached and one of two situations will occur. First, and most common, the buyer states they will send a cashier’s check to pay for the item. When the cashier’s check arrives in the mail, it is written for a considerable amount in excess of the agreed-upon selling price. Instructions are given to you to wire the excess funds back to the buyer. The second twist to the scheme is for the buyer to request your credit union account and routing numbers so that they may wire funds to your account. Instead, the scammer creates and mails a counterfeit check to be posted to your account, again for a sum much larger than the selling price. A follow-up e-mail is then sent requesting that the additional funds be wired to Nigeria.

In all of these incidents, the cashier’s checks received are excellent counterfeits and very difficult to spot. The checks are cashed, funds given to the members (sellers) and the excess is wired out to Nigeria or Africa. Within approximately a week, the credit union is notified that the check is a worthless counterfeit and you are out thousands of dollars.

Know who you are doing business with. Notice the return address on the emails and envelope containing the check. Most of these scammers give return addresses in Nigeria or other African countries. If you deposit one of these counterfeit checks, you will be responsible to repay any loss to your financial institution. And never give your personal account information to a stranger.

In another current widespread scheme, a person receives an unsolicited letter, email or fax from an “official” in a foreign government offering to share a multimillion dollar windfall in “over-invoiced contract funds.” It sounds too good to be true—and it is.

The “official” claims to need your bank or credit union account number and other personal information to transfer the money out of his country. And he will also “need” up-front cash from you to bribe other officials.

Don’t be a victim. You will not only lose any up-front cash, but also—if you give out your account number—the entire contents of your bank account.

Fraud Alert

One fraudulent email is being sent, allegedly from TELCOE FEDERAL , to consumers, including TELCOE FEDERAL members, trying to capture (“phish” for) your personal and financial account information. The email contains a link to a site which actually looks like TELCOE FEDERAL ’s Account Access Sign-On page. If you attempt to sign on and follow the instructions contained in the email, you are taken to other pages that also look like actual pages from TELCOE FEDERAL ’s Web site, including a page that asks you to enter personal and account information. This information includes your name, Social Security number, date of birth, credit card number and expiration date, ATM PIN and email address. Please do not be fooled! TELCOE FEDERAL will NEVER send you unsolicited emails such as this requesting personal or account information.

REMEMBER: If you receive an unsolicited email from TELCOE FEDERAL , or from any other source, requesting personal information or asking you to verify your accounts or security settings, we suggest that you send the questionable email to us at telcoe@telcoe.com. Send the email to TELCOE FEDERAL 's phish alert email address, include a copy of the email in question along with the name of your Internet Service Provider (ISP).

Please Note: This phish alert email address is only to be used to provide copies of suspected phishing email to the credit union for review – these emails are not intended for issues that need a response. TELCOE FEDERAL will not be responding to emails sent to the phish alert address.

Phishing

Consumer Alert: Beware of “Phishing” Emails

Take a look at the following email. It’s a prime example of “phishing,” the online scam that hopes you’ll bite and give out personal information that can be used to steal your identity. It was actually received by one of our members:

Dear Customer,

We are contacting you to remind you that our Account Review Team identified some unusual activity in your account. In accordance with Federal Credit Union's User Agreement and to ensure that your account has not been compromised, access to your account was limited. Your account access will remain limited until this issue has been resolved. We encourage you to sign on and perform the steps necessary to restore your account access as soon as possible. Allowing your account access to remain limited for an extended period of time may result in further limitations on the use of your account and possible account closure. To view and perform the verification process: Log in to Online Banking Page.

Federal Credit Union is committed to maintaining a safe environment for our customers. To protect the security of your account, Federal Credit Union employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the Union system for unusual activity.

Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account. We apologize for any inconvenience.

Sincerely,
Federal Credit Union, Online Banking Customer Service

Looks pretty authentic, doesn’t it? And that’s the problem.

As you can see from this example, phishing occurs when you receive a very real-looking email that seems to come from a company you know and trust, in this case, TELCOE FEDERAL . But you can receive phony emails from all kinds of services, such as your Internet Service Provider (ISP), retailers, online auction sites and others. They’ll often use legitimate “From” email addresses, logos and links. A message will instruct you, as the above example does, to click on a link that sends you to a fake Web site, where they’ll want you to “update” your personal or account information—the email may even suggest that your account or credit card will be terminated. Remember, they are trying to get you to take immediate action without thinking about the consequences.

What kind of information are they looking for? Your Social Security number (SSN), bank and credit card account numbers and date of birth for starters. With that kind of information, they can steal your identity and open new accounts that you might not find out about until fraudulent charges start showing up on your credit report.

How do you protect yourself from “phishing?” Here are some tips:

· · If an email looks at all suspicious to you, don’t click on links or provide any information.

· · Don’t trust a link from an email just because it takes you to a site that looks legitimate. Scammers can copy those easily.

· · Verify with the company that the email is really from them before submitting any personal information.

· · Try not to fill out forms in email messages. You can never be sure where the information is going or who sees it along the way.

· · Email headers can be forged. Be suspicious until you know for sure.

· · If you click on a link from an unsolicited email, make sure there’s an “s” after the http in the address and a lock at the bottom of the page, signifying a secure site that is encrypted. This is no guarantee, however, that the site is legitimate.

When TELCOE FEDERAL contacts you by email

TELCOE FEDERAL may contact you by email if you have made an application with us and we need information from you or want to provide you with the status of your application. We may also send you an email about a TELCOE FEDERAL product or service that you have signed up for. In these instances, this may simply be to provide you with more information about the product or service. You may contact TELCOE FEDERAL at telcoe@telcoe.com if you believe that you have received a "phishing" email, rather than a legitimate email from TELCOE FEDERAL. In the email to TELCOE FEDERAL 's phish alert email address, include a copy of the email in question along with the name of your Internet Service Provider (ISP).

Email Marketing from TELCOE FEDERAL

From time to time, TELCOE FEDERAL will send out marketing and informational emails to those members who have signed up to receive these communications. Links in these emails will take you to our Web site for further information. Any action that you take in response to these emails, such as applying for a loan, will take you to a secure site where you will be asked to log in.

Unsolicited Emails

If you receive an unsolicited email from TELCOE FEDERAL , or from any other source, requesting personal information or asking you to verify your accounts or security settings, we suggest that you check with us or the other entities to make sure these requests are legitimate. Help us protect you—don’t take the bait from any “phishing” schemes.

For more information on “phishing,” check out http://www.ftc.gov/bcp/edu/multimedia/ecards/phishing/index.html

Important Security Information for Telcoe Federal Online Account Access Users

Internet Security is frequently in the news. If your personal computer (PC) doesn't have adequate security, others may gain unauthorized access to the information stored on your PC and/or your PC's browser; and, with this information, they may also gain unauthorized access to your accounts and personal information. You should take precautions to protect your PC from unauthorized access and use.

Here are a few tips to help you safeguard your personal and account information when using online services:

· · Install anti-virus software, a firewall and spyware-detection software on your PC; and update this software on a regular basis, as recommended by the software providers. Remember, new viruses continue to be created. Always check to make sure the security software is running before accessing the Internet.

· · Keep your PC and browser updated with current patches that are released by your system vendor. Be sure to download patches only from official vendors' Web sites, and not from third-party Web sites.

· · Do not respond to emails, Web pages or telephone inquiries requesting you to verify your account information. Telcoe Federal will never ask you to verify your account information, user name or password, via an email using a non-secure Web site. Never provide personal or account information or respond to any attempt to collect this information. Forward all suspicious emails to us at telcoe@telcoe.com, and to your Internet Service Provider.

· · Never share your password with anyone – even someone you know. At Telcoe Federal, you can select your own online password and change it as often as you’d like. We suggest that you choose an alphanumeric password that contains a mix of numbers and letters. Do not use numbers or words that can be easily guessed (such as your phone or street number, or your child’s name).

Telcoe Federal Credit Union is committed to ensuring that your account information via the Internet is safe. We take all possible steps to establish a secure, encrypted connection after you enter your Account Access sign-on information and click on the sign-on button, on Telcoe Federal’s home page. We ask that you help protect your PC and account information too.