Security Center

Local police departments have been warning residents of numerous reports of mail theft, including checks that are being mailed out.  Thieves then will alter the checks to try to cash them or create fake checks to steal money from your account.

So what can you do?  First and foremost, bring your outgoing mail to the collection box inside of your local post office.  Here are some additional tips you can follow for outgoing mail as well as receiving mail or packages.

If you think you have had your mail stolen, contact your local police department then contact the Postal Inspector at 877-876-2455

We are again seeing an increase in the number of telephone spoof calls that our members are receiving. The callers “spoof” the phone number and name, so “Freedom Credit Union” or “Freedom Credit Union Fraud Department” appears in the caller ID along with our actual phone number. The callers ask members to provide their detailed debit card information, which is used to make multiple purchases.

Our employees will never call and ask you to divulge sensitive information over the phone or perform any actions. If you receive a call such as this, do not engage. Hang up and call us directly at 1-800-821-0160 to report the attempt.

In addition, Freedom Credit Union will never send an email or leave voicemail messages on a mobile or home telephone requesting you to reply to an email or call to update or verify financial account information.

If you have any doubt about the authenticity of a call or message that purports to be from Freedom Credit Union, please contact us directly.

Scammers are becoming ever more sophisticated, and we want to alert you to beware of recent telephone spoofs. Some of our members have received calls that appear to be coming from Freedom Credit Union’s Fraud Department. Fraudsters have “spoofed” the phone number so that “Freedom Credit Union” appears in the caller ID. The callers ask members to provide their detailed debit card information, which they then use to make multiple purchases. Our Fraud Department notices the unusual activity and contacts members, which is when they realize, too late, that they have been scammed.

Most of the fraudulent purchases we are seeing appear to originate in Texas. We are working with law enforcement to investigate how our members are being targeted, but we want to remind you to be aware of these and other types of scams so you can protect yourself.

WHAT SHOULD I DO IF I RECEIVE A SUSPICIOUS CALL?

We will never ask you to provide protected account information via telephone or email. This includes user IDs, passwords, security codes, account numbers, or any other personal or account information. If you receive a request like this, hang up the phone and contact our Call Center immediately at 1-800-821-0160.

We also encourage you to check our online Security Center regularly for fraud alerts and scam notices. We want to help keep you one step ahead. If you are concerned about any communication you receive from us at any time, please call us directly at 1-800-821-0160 or visit one of our branches.

WHAT IS SPOOFING?

Spoofing occurs when a caller disguises their identity. In some cases, they will even text you a “security code” on your phone that looks like it is from your financial institution. The caller will ask you for this security code, claiming to use it to verify your identity. The security code then gives the scammer full access to your accounts.

Other common spoofing scams include calls that appear to come from local fire or police departments asking for donations, or calls targeting storm victims offering aid and asking for personal information.  Legitimate businesses and charities will not ask you to divulge account information, passwords or personal information via phone, email or text, so if you receive such a request, you should refuse and report it.

Know Who You Are Talking To

Individuals being asked to purchase gift cards to “test their account”.

Please be warned! Some members have recently reported receiving phone calls from 877-631-5851, with scammers that claim to be Freedom Credit Union representatives. The scammers inform members that there is an issue with their account number ending in #### and request our members to use their debit cards to purchase and activate gifts cards. Members are then instructed to call the scammers back with the gift card information to confirm activation and to “test their account”. In doing so, our members have now given the gift card information to scammers to use, at their cost!

It’s important to remember that Freedom Credit Union will never contact you and ask you to verify your account information. For your protection, you should never provide any personal, non-public information about yourself or your accounts to anyone that has called you directly to request the information. In addition, please remember to dispose of important documents like bank or credit card statements and tax forms by shredding them. For added security, many people choose to enroll in electronic billing and electronic statements.

If you think you may have been compromised, please call us at (413) 739-6961 or toll free at (800) 821-0160.

Scam Uses Gift Cards

Individuals being asked to send gift card as payment for services.

Gift cards are a popular and convenient way to give someone a gift. They’re also a popular way for scammers to steal money from you. That’s because gift cards are like cash: if you buy a gift card and someone else uses it, you probably cannot get your money back. Gift cards are for gifts, not payments for services. Anyone who demands payment by gift card is always a scammer!

Consumers have reported receiving phone calls from scammers posing as Apple technicians. The scammer informs the consumer that their computer is compromised or in need of an update, and in order to have it serviced they are asked to purchase gift cards of a certain denomination and mail them in as payment for services rendered.

A simple rule of thumb is to never pay for services rendered with gift cards!

National Fraud Ring Hits Massachusetts

Members may see a delay in receiving their unemployment benefits.

Many of us may have seen the recent news from the Mass Department of Unemployment regarding a massive fraud against state unemployment insurance programs. A national scheme to exploit loopholes in the federal coronavirus unemployment program has already netted fraudsters hundreds of millions in stolen dollars and has now struck Massachusetts’ unemployment system.

Organized crime rings are using stolen personal information from earlier data breaches to file “large amounts” of illegitimate unemployment claims in Massachusetts, according to the Department of Unemployment Assistance. Additional identity verification measures intended to root out fraudulent claims temporarily delayed many unemployment payments this week, according to the DUA.  Governor Baker has since stated that the majority of those checks have now made their way into the pockets of Massachusetts’ jobless.

“The vast majority of those (payments) went out once we ran the tests and determined they were in fact legitimate,” Baker said Thursday during a visit to UMass Lowell’s Fabric Discovery Center.  For those still awaiting payment, Baker said people “shouldn’t be alarmed” and that payments for all legitimate claims will be processed.

Baker said about 150,000 unemployment claims were run through a third-party data check and that “somewhere in the vicinity of 145,000 of those claims passed.”  The other 5,000 or so will go through additional levels of review to root out any fraudulent claims.

Anyone who believes their identity was used to file a false unemployment claim is urged to report it online at mass.gov/unemployment-fraud or to call the DUA customer service department at 877-626-6800.

Source:  MassLive

Cybercriminals Now Trying to Dupe Teenagers.

When we think of financial scams, we tend to think of it only affecting older adults or even the elderly. But scammers are now targeting teens under the ruse of a romantic interest (sweetheart scams) or a make money quick scheme. Greg Pulliam, the chief administrative officer at 1st United Credit Union in Pleasanton, CA, has seen a “recent wave” of money scams that target teenagers via text messages, social media and dating sites. He is sharing the following tips with other credit unions that may soon see the same type of scams hit their area:

A Promise of Money

Criminals are connecting with teens through social media, romance websites or by text and offering the potential for the teen to make or receive money.  Through the interaction, the teen is given a check or photo of a check to deposit into their account and are instructed to keep a portion of the money. They are then asked to send the rest back by Venmo, POP Money, or by mailing gift cards. In some cases, the teen is coaxed into providing their mobile banking login information and the fraudster deposits the check themselves. Eventually, the check comes back as counterfeit and the victim is left owing the Credit Union money.

Teens Sharing Details

These scams are occurring in our own backyard and we have learned that teens are sharing text numbers and websites among each other as a way to make money. Since teens are sharing information with their friends, the scams spread at an incredible pace. We encourage families to speak with their teens about these schemes.

Caution Your Teens

Here are some key points when talking with your teen:

• Risks of meeting online. Make sure your teens know the risks of meeting people online and accepting money or checks from strangers.
• Never deposit checks from strangers. It’s safer to accept cash, a cashier’s check, or PayPal if someone needs to pay you money. It takes several days for a check to fully clear, even if the funds are not on hold, and the account owner is responsible for any funds withdrawn against it.
• Never provide personal information. Account numbers, Social Security numbers, bank login information, passwords, or even cell phone numbers can give fraudsters surreptitious access to your money.
• Trust your instincts. If the offer is too good to be true, it probably is.

If you suspect fraud

If you believe you or your teen have been a victim of fraud, contact us immediately so we can take steps to protect your accounts. You should also file a complaint with the Federal Trade Commission and contact your local police department. As always, let us know if you have questions about this information. We are here to help.

Cybercriminals use deception and take advantage of fear to defraud their unsuspecting victims.

This means it’s more important than ever to stay aware and be vigilant of COVID-19 , or Coronavirus, scams so you can help prevent fraud.

Phishing Scams

Phishing for personal data and online credentials can take many forms. They can look like emails, text messages, social media or other online messages that appear to have been sent from a familiar company or even a friend. Recent phishing schemes of this nature include impersonating the World Health Organization (WHO), the Center for Disease Control (CDC), and other reputable sources. This even includes messages stating someone you came in contact with tested positive for the virus and to click on a link for instructions on what to do.  Never click links in these types of messages or emails—instead, go directly to the trusted company’s website.

Charitable Giving

As the pandemic continues to affect the United States, people may need help – whether for supplies, medical care or something else. But be wary of requests from other people – no matter how they reach out to you. The Federal Trade Commission (FTC) recommends researching charities online (not through links provided in online messages or emails). Be careful how you’re being asked to provide funds as well, because a legitimate charity will never ask you to pay in with a retailer gift card or anything else that is not a check or credit card. Do not let them rush or guilt you into donating.

Elder Fraud

According to the AARP Public Policy Institute, one in five elderly Americans are victims of financial exploitation each year. Watch for the following types of scams that could impact you or your older loved ones:

• A phone call from someone posing as a grandchild or loved one claiming to need money for COVID-19 medical treatment.
• A special stock market deal.
• A cybercriminal posing as a non-profit or religious organization seeking donations.

Check Fraud

Check fraud is a type of scam where a fraudster writes you a bad check to deposit into your legitimate banking account. Freedom Credit Union has a relationship with you and may ask questions about the check and where it came from. We may even put an extended hold on it. We do this to protect you, and us. Sometimes these checks come back as bad after the funds are released. Please remember that you are responsible for paying back any money you have withdrawn if a check is returned as fraudulent. If someone asks you to deposit a check for them, or they write you a check for more than you are expecting, be wary of this outcome.

Loan Fraud

With nearly $400 billion on the line between the Economic Injury Disaster Loans (EIDL) and the Paycheck Protection Program (PPP), it shouldn’t be a surprise that there would be fraudsters targeting small business owners during these already challenging times. Avoiding small business lending scams and fraud related to COVID-19 requires that you are diligent and on the lookout for grant fraud, loan fraud, and phishing scams. Here are some things to be on the lookout for:

• If anyone contacts you claiming to be the SBA, suspect fraud. The SBA does not contact individual businesses for disaster loans or grants. Don’t share any personal or business information with the caller.
• You are promised loan approval but only if you pay an upfront fee or offers a high interest bridge loan. The SBA does not guarantee approval before an application is submitted and reviewed.
• Make sure any correspondence from the SBA is legitimate. Emails will come from accounts ending in sba.gov. Verify and cross-reference any information you receive with information available at www.sba.gov.

Monitoring Your Accounts

It’s important to check your financial account balances frequently to monitor activity. How quickly you report fraud to Freedom Credit Union could affect whether you are responsible for all or a portion of the fraudulent checks or charges.

It’s also important to open and review statements immediately, whether you’re receiving them digitally or via hard copy through the mail. Also, do not share your PIN, online banking login or password with anyone. If you do, and they commit financial fraud, you may ultimately be responsible for any fraudulent charges or withdrawals because you provided them access to your accounts.

Always remember that Freedom Credit Union is here for you. If you have questions on transactions, emails, messages or checks you may have received, contact us at 413-739-6961 or toll free at 800-821-0160.

7-17-2017 (Be Cyber Aware!) – As you head out to take your summer vacations be sure you stay Cyber secure while you’re away. Here are some ways to be safe and smart with your high-tech devices, Internet usage, and social media while travelling.

Pause-Think-Then Share – Always be careful how much you post on social media about your vacation plans before and during your travels. Cyber criminals are reading your posts too. Avoid posting to friends where and when you are going to travel, this type of information will only inform the criminal when your home will be unattended and where you are staying on vacation.

Turn-off Auto-Connect Services – Smartphone and other mobile devices have an Auto-Connect feature that will search for and automatically connect your device to any WiFi network without your approval or interaction…this is not a good thing. This means that you could be using an insecure, unencrypted public WiFi network, or even one that was set up by a malicious actor to eavesdrop on your browsing and connection activity. If you want to connect to a store or hotel network, just check with an employee of that establishment to see what the correct network is called and asked if they can provide a network password for a more secure, encrypted network. Rule of thumb: Always use a secure, encrypted network that requires a login password if you have the option. Additionally, when connecting to these types of WiFi networks make sure you do not choose the “remember this network” or “join this network automatically”.

Lock Your Device and Keep Them Close – Always keep your mobile devices on you or with someone you trust. Never leave a device unattended while travelling. There is a common SCAM out there that targets people who leave devices sitting next to them. The scam involves another traveler approaching you and begins a conversation or asks for help and then they lay a magazine or newspaper over your device. While you are being distracted with the conversation they will pick up your device covered by the magazine or newspaper they laid down over your device.

This is the final tip of our 5-part series on “Cybersecurity” entitled, “Create Your Own Personal Disaster Recovery Plan before Disaster Strikes”

If you’ve been following this series closely, you should at this point have all your online login profiles information and credentials identified, documented, prioritized and password-protected. You should have also completed and enabled the best authentication features available to you for each of your online login accounts (e.g. online banking sites, credit card billing sites, Facebook and Twitter to name just a few). Also, as you learned in the last tip, Tip #4, keep each technology system (e.g. smartphone, tablets, PCs and Laptops) up-to-date with patching and security updates at all times; back up your sensitive computer data securely to the Cloud; and finally, “Stop and Think” before you post anything online.

It should be no surprise to you to hear the advice…keep a watchful eye for any suspicious activity on all your online accounts you have just identified and learned about in the previous 4 tips. This vigilance isn’t just related to your online banking accounts, but also applies to your debit and credit card online billing statement activity and even your online utility billing statement activity. It’s important to note that if you do discover a problem with one of your accounts, it should be a red flag for you to pay close attention to all your other accounts as well.

Just like any business, you are going to want to create a personal business continuity and disaster recovery plan that will help you continue your “personal” business following an unforeseen disaster. A personal disaster recovery plan will help you keep your personal “operations” going in the event of physical property disaster, or if your accounts get compromised because of a cyberattack against you. Your plan should be defined and documented to help you recover your access to your online accounts that keep your “personal” business going, as quickly as possible. As you learned in Tip #1, keep the password-protected word processing or spreadsheet document up-to-date of important telephone numbers of the businesses associated with all your online accounts so you can call them easily in the event of identity theft. The same protected document should also have all your credit card numbers and credit card company telephone numbers in case they’re stolen. It is important to have a paper hard copy of this information as well stored in a fire/water proof safe in the event your PC or laptop is compromised or stolen that holds your password-protected document.

With the ever-increasing number of cyberattacks against high-profile targets, it’s now not a question of if you’ll get hacked, but when. Cybersecurity is everyone’s responsibility, personal or business alike. The cyberattacks are evolving and businesses are trying to keep up by implementing robust security practices, but many attacks are still successful due to simple lapses in applying common security controls.

There’s no magic bullet-proof shield, but the more safeguards and planning you personally put into action that you’ve learned over the past several weeks, the better prepared you’ll be to defend yourself and recover.

This is the fourth tip of a 5-part series on “Cybersecurity.”

If you’ve been following this series from the beginning, at this point you should have your entire online profile listed and prioritized (most sensitive to least sensitive) in a protected spreadsheet or word processing document. You should also have enabled the best authentication features available when communicating online, like fingerprint recognition on your smartphone or a verification code provided by your financial institution to access your online banking accounts.

In our fourth post, we would like to share and recommend some very important ideas related to system patching and keeping your technology equipment up-to-date, posting personal information online, and backing up your data regularly.

Your smartphones, laptops, PCs, and tablets all run on an operating system and have security software. It is very important that you consciously and continuously install all released updates related to the operating system on your personal devices. Microsoft™ for example releases new updates and security/vulnerability patches the second Tuesday of every month…so you should download them and install them every month without fail! In a similar way, the operating system and security software on your smartphone and tablet must also be updated, which in most cases, is found under Settings, System Updates, or Apps.

In today’s world with cybercrime and identity theft running rampant, these updating and patching tasks, which seem burdensome at times, are actually crucial in keeping your online information safe. Patching and updating your systems will minimize viruses and malware from being installed on your personal devices and computers.

You probably have heard this a lot but be cautious about what you post. It is a good idea to “Stop and Think” before you place personal information online. Technology is wonderful – there’s no doubt about it. We use it so we can communicate worldwide with family and friends, but therein lies the problem. Sometimes, we become too complacent and share too much information about our family and our lives in general. Cybercriminals thrive on this personal information and can commit various crimes against us, like identity theft.

Lastly, you should make a habit of regularly backing up your computer data to ensure its availability and safety in the event your equipment crashes or is stolen. You can perform this backup in one of two ways. One option is to buy an external portable USB hard drive and copy your important data/documents to it weekly or monthly. It is best to store the hard drive in a safe place separate from your computer/laptop. Another option is to purchase a reputable online Cloud Storage solution like iDrive™ or Carbonite™ that will back up your data regularly for you.

Be on the lookout for the final post in this “Cybersecurity is Your Responsibility” series in about three weeks.

This is the third of a 5-part series on “Cybersecurity”

You now have your “Password” protected spreadsheet or word processing document with all of your online account profiles, credentials and contact phone numbers listed for each, and they should also now be prioritized most sensitive to least sensitive, as suggested in tip #2.

It’s now time to set appropriate levels of login authentication for each account profile based on its sensitivity. For instance, a greater level of login authentication should be set for your financial and health account logins and lesser degrees of login authentication for your LinkedIn-type profiles.

For the more sensitive online profile accounts, go through them one by one and elevate your security and privacy settings, which should be available under something like “Account/Profile Settings” or “Manage Your Account/Profile” when you are logged in. What this means is you should set stronger passwords, change your security questions regularly, and set higher level security and privacy settings that might be available for each.

When changing your security questions, it might be helpful to create your own questions instead of using the canned ones presented to you. Questions that you create tend to be more memorable and easier to recall when asked to verify your identity.

Additionally, and when it’s made available, you should setup something called two-factor authentication for your online applications like online banking. Some of the larger financial and medical institutions have this as an option which provides a greater sense of security. Two-factor authentication involves “something you have” and “something you know”. For example, “something you have” could be a verification code that the institution sends to your smartphone at the time of login. This code will be entered after you’ve entered your password, which is an example of “something you know”.

And finally, you’ll also want to change your passwords more frequently (i.e. every 60-90 days) for the more sensitive online account logins. And, don’t forget to keep your spreadsheet or word processing document up-to-date with these password changes!

Please be on the lookout for tip #4 in a couple of weeks where we will share and recommend system patching ideas to keep your technology equipment up-to-date and more secure.

This is the second of a 5-part series on “Cybersecurity.”

For those of you who have been following this series, you should now have a pretty good idea of the extent of your “Digital Track in the Wild”. As suggested in that first post, you should also have an electronic spreadsheet or word processing document, protected by a “password” of course, listing all of your online accounts and login credentials saved in an inconspicuous manner.

Now that you have an inventory of your online accounts, it is time to prioritize your most sensitive accounts and begin to apply greater security levels to ensure their protection. For example, you should prioritize your accounts by most sensitive to least sensitive, such as personal financial information and health records being most sensitive and LinkedIn profile information being least sensitive. You can add another column to your spreadsheet or word processing document that is labeled “Security Level” and place a value of low, medium, or high. High for financial and health and low for LinkedIn.

Once you have completed this priority, you can then begin to elevate the level of authentication required to log into these more sensitive online accounts.

Please be on the lookout for series #3 in a couple of weeks when we will share and recommend access controls and authentication tips surrounding your Internet presence.

This is the first tip in a 5-part series offering Cybersecurity Tips.

Now more than ever, it’s time to treat your personal electronic assets and information as a business would. Cybercrime is a big business and it affects every individual, business, and state and federal government in the U.S. and internationally. People, businesses and governments are losing critical information at an alarming rate affecting people’s lives all the way up to national and international critical infrastructures.

So, what this means is you need to understand your digital track, you need to prioritize your most sensitive assets, implement higher levels of protection for those assets, get more disciplined with regard to backing up your sensitive information, and finally, have a personal disaster recovery plan ready, in writing, in the event you experience a cyber-breach of your personal information.

Here is the first “Cybersecurity” tip to help you get started:

Tip #1 – Document and Inventory your “Digital Track in the Wild”

The first and most important thing to understand about your digital profile is that it’s large and cannot be erased. Your profile is made up of every website you have a login for, including your online banking accounts, your major credit card company websites like VISA™, M/C™, Discover™ or American Express™, major merchant credit card company websites like Macy’s™, Gap™, and Sears™ to name just a few, your social networking sites, including Facebook™, Twitter™, LinkedIn™, and YouTube™ etc…, and your online email accounts like Comcast™, Charter™, Google Gmail™ and AOL™. All of these online resources have the potential of containing very sensitive information about your entire life.

While there are emerging features in the social media world related to scheduling your posts to be deleted in advance, there’s still no global magic wand or “delete” button that you can wave or press to erase your digital tracks. And, even if you wanted to attempt to delete your digital tracks, it would need to be done one website at a time and would be incredibly difficult, time consuming, and likely only marginally successful. In other words, what you have out there is out there for good! So, you need to protect it the best way you can, using the tips being provided in this series.

With your information scattered everywhere, it’s important to think about what valuable information you have and where. For example, how many web sites are storing your credit card information? How many have an up-to-date card number and expiration date? Where do you have important documents, files, emails and videos across the web? • You can start this process by making a list in a spreadsheet or word processing document noting the types of sensitive data associated with each site. • List every social networking site you have a profile on. • List every email system you use. • List every credit card company, merchant and Bank or Credit Union you are associated with and have logins for and list support contact phone numbers for each.  • Password protect the spreadsheet or word processing document so only you can access it. • If there are particular sites you no longer use, delete your account profiles there.

Be on the lookout for Tip #2, which will be posted in two to three weeks!

Source: ComputerWorld.com

The credit union offered mobile banking to its membership last week and here are some very prudent security practices for SmartPhone users.