As our world continues its digital transformation, we will continue to use electronic devices for more of our every day lives. Whether it be ordering food online or accessing your credit union accounts, use of the internet and devices that give you access to it will continue to rise. With that being the case, it is important to remember that along with the convenience digital services provide comes some added risks that we should be mindful of and protect ourselves from.
Next Steps after Fraud
The sooner you take action, the better you can protect yourself and help others. Your first steps should focus on stopping further losses and gathering the information you have about the scheme and the perpetrators while it is still fresh. Then, report the crime as soon as possible.
- Notify your bank, lenders
- Set up a fraud alert or credit freeze with the three major credit bureaus – Experian, TransUnion, and Equifax
- Enable additional security features in your digital banking to better protect your accounts
- Report a fraud or identity theft to the FTC
- Dispute fraudulent transactions
Quick tips to avoid fraud
While you can’t always prevent fraud from happening, you can take steps to protect your business by limiting potential exposure to fraud:
- Set up informed delivery with USPS
- Do not mail checks or credit cards
- Keep a look out for fraud by monitoring your financial accounts and your credit activity – all within your digital banking!
- Check your credit yearly
- View your full credit report and see your score in digital banking – all without hurting your credit!
- Be cautious of phishing emails, texts, and calls
- Use complex passwords
Check fraud is on the rise nationwide, and the security of your postal mail is crucial. A few pieces of paper can hold significant amounts of private information and personal data.
Some best practices to protect yourself from these attacks:
- Make sure you keep your mail and physical documents safe
- Go paperless with your account statements and bills
- Enroll in eStatements by navigating to Documents and Statements in digital banking and toggling from “Paper Only” to “Online Statements only”
- Immediately remove mail from your mailbox after delivery, especially when expecting checks, credit cards or other negotiable items
- Sign up for USPS Informed Delivery to have a better idea of what mail to expect to be delivered each day
- Make electronic payments rather than sending sensitive information in your postal mail. Some of the benefits of electronic payments are:
- Secure- no checks in the mail!
- Fast- some electronic payments are even processed same day
- Cost- often utility companies and other organizations accept electronic payments at no cost, saving you money on checks and postage
- Easy- by entering your UICCU account number and UICCU routing number (271176899), your account can be directly debited for your payment.
- Receiving checks for payroll or other benefits? Ask the check issuer, you might be able to receive these by ACH as well and receive the same benefits of speed and security!
- As always- monitor your accounts regularly for suspicious or fraudulent activity. Check out our Digital Banking for easy access.
Email and Text Security:
Unfortunately, there are many bad actors looking to take advantage of the ways we communicate and conduct business online to steal our information or gain access to your financial accounts. One of the main ways that these fraudsters look to trip us up is through sending phishing emails or texts. Phishing refers to an attacker sending fraudulent messages to steal personal information from the victim or infect their device with malicious software.
Email or texts with misspelling or grammar errors. Phishing email is notorious for having poor grammar or messages worded an abnormal manner.
Some red flags to be on the lookout for include:
- Email or texts which present a very urgent need to respond. Examples include warning you that you have been hacked, you have a relative or friend in urgent need of help, or that you need to act to claim some sort of prize.
- Email or texts with misspelling or grammar errors. Phishing email is notorious for having poor grammar or messages worded in abnormal manner.
Some best practices to protect yourself from these attacks:
- NEVER CLICK ON A LINK OR OPEN AN ATTACHMENT UNLESS YOU ARE CERTAIN YOU SHOULD. Links to malicious websites or attachments are the avenues fraudsters use to infect your computers with malicious software such as ransomware.
- Never disclose personal information including passwords. Most legitimate business will not ask for your personal information through an email. Instead, navigate directly to the known website of the company in question.
- Ask yourself if you have had any legitimate business from the sender of the email or text before responding. Many attacks are done by impersonating a legitimate, well-known business. You should also be aware that a friend could have had their email compromised. Contact a friend or relative directly by phone if they are asking for urgent help.
Along with attacks that come through email and texts, spoofing legitimate websites is another way bad actors attempt to steal your credentials or other personal information. Sometimes these websites are part of a phishing email or text through a link in those communications. In other cases, these websites can be created with similar or very close spelling to legitimate websites to catch those searching for the legitimate site.
Red flags for spoofed websites:
- Slight misspellings of the legitimate web address.
- In emailed website links, look for differences in the embedded link domain compared to where the email is stating you will be directed too. You can look for differences in the URL/web address you will be forwarded too by hovering your mouse cursor over the link for a preview of where it is sending you.
- Websites that are not using a secure connection. Watch for the use of HTTP instead of HTTPS, and only give information through an HTTPS site.
Compromised passwords are a common way that attackers gain access to your email, financial or other online accounts. Bad actors gain access to your passwords through phishing attacks, breaches of companies that you have used that password for, or other malicious activity.
Best practices in regards to passwords:
- When possible, use other MFA (mulit-factor authentication) methods in addition to passwords for verification. MFA can include biometrics (fingerprint or facial recognition) on your mobile device, a push notification to your phone, or a text or phone call. MFA methods that use texts are not as secure, but still better than pure passwords.
- For those passwords that you do use, ensure you use a complex password. Multiple types of characters (digits, punctuation and letters) as well as longer lengths of characters are signs of a better password.
- Do not use personal information such as family names and birthdates.
We take the security of your accounts seriously.
Some of the ways that we protect your account are:
- Two-factor authentication, including Push Authentication or Google Authenticator, to verify your device and identity.
- TouchID and FaceID options with some device types
- Easily and instantly lock/unlock your cards
- Set spending limits on your cards
- Set specific regions that your cards are only allowed to be used in
- Easily enable account & card alerts, including login, balance, transaction, etc.
- Easily Block or unblock international purchases on your cards