Scams & Security
With all the scams going on in the world today, it can sometimes be hard to determine what is legitimate and what is not. The purpose of this page is to keep you, the member, updated on scams that are currently happening. We will also give you definitions and newsletters on various cyber-security tips. Unfortunately, there are too many scams going on the keep up with all of them. If you have more questions, please contact us.
NOTE: DCFCU will NEVER ask for your credit union account number, password, or PIN via email.
Common Scam Types
The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords, and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.
Is a type of phishing attack that targets specific victims. But, instead of sending out an email to millions of email addresses, cyber attackers send out a very small number of crafted emails to very specific individuals, usually all at the same organization. Because of the targeted nature of this attack type, spear phishing is often harder to detect and usually more effective at fooling the victims.
Is a type of phishing attack where mobile phone users receive text messages containing a Web site hyperlink, which, if clicked, would download a Trojan horse virus to the mobile phone.
The telephone equivalent of phishing. Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be a legitimate business, and fools the victim into thinking he or she will profit.
Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing, rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate. Pharming “poisons” a DNS server by infusing false information into the DNS server, resulting in a user’s request being redirected elsewhere. Your browser, however, will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.
Common Security Terms
- Drive-by Download
- Social Engineering
These attacks exploit vulnerabilities in your browser or its plugins and helper applications when you simply surf to an attacker-controlled website. Some computer attackers set up their own evil websites that are designed to automatically attack and exploit anyone that visits the website. Other attackers compromise trusted websites such as ecommerce sites and deploy their exploit software there. Often these attacks occur without the victims realizing that they are under attack.
Code that is designed to take advantage of a vulnerability. An exploit is designed to give an attacker the ability to execute additional malicious programs on the compromised system or to provide unauthorized access to affected data or applications.
A security program that filters inbound and outbound network connections. In some ways you can think of firewalls as a virtual traffic cop, determining which traffic can go through the firewall. Almost all computers today come with firewall software installed. In addition, firewalls can be implemented as network devices to filter traffic that traverses through them.
Malware stands for ‘malicious software’. It is any type of code or program cyber attackers use to perform malicious actions. Traditionally there have been different types of malware based on their capabilities and means of propagation, as we have listed below. However these technical distinctions are no longer relevant as modern malware combines the characteristics from each of these in a single program.
A patch is an update to a vulnerable program or system. A common practice to keep your computer and mobile devices secure is installing the latest vendor’s patches in a timely fashion. Some vendors release patches on a monthly or quarterly basis. Therefore, having a computer that is unpatched for even a few weeks could leave it vulnerable.
A psychological attack used by cyber attackers to deceive their victims into taking an action that will place the victim at risk. For example, cyber attackers may trick you into revealing your password or fool you into installing malicious software on your computer. They often do this by pretending to be someone you know or trust, such as a bank, company or even a friend.
Unwanted or unsolicited emails, typically sent to numerous recipients with the hope of enticing people to read the embedded advertisements, click on a link or open an attachment. Spam is often used to convince recipients to purchase illegal or questionable products and services, such as pharmaceuticals from fake companies. Spam is also often used to distribute malware to potential victims.
A type of malware that is designed to spy on the victim’s activities, capturing sensitive data such as the person’s passwords, online shopping, and screen contents. One popular type of spyware, a keylogger, is optimized for logging the victim’s keyboard activity and transmitting the captured information to the remote attacker.
A shortened form of “Trojan Horse”, this type of malware appears to have a legitimate or at least benign use, but masks a hidden sinister function. For example, you may download and install a free screensaver which actually works well as a screensaver. But that software could also be malicious, it will infect your computer once you install it.
A type of malware that spreads by infecting other files, rather than existing in a standalone manner. Viruses often, though not always, spread through human interaction, such as opening an infected file or application.
This is any weakness that attackers or their malicious programs may be able to exploit. For example it can be a bug in a computer program or a misconfigured webserver. An attacker or malware may be able to take advantage of the vulnerability to gain unauthorized access to the affected system. However, vulnerabilities can also be a weakness in people or organizational processes.
A type of malware that can propagate automatically, typically without requiring any human interaction for it to spread. Worms often spread across networks, though they can also infect systems through other means, such as USB keys. An example of a worm is Conficker, which infected millions of computer systems starting in 2008 and is still active today.
Protect Your Identity
Shred all personal & financial information—such as bills, statements (bank/credit union and credit card), ATM receipts—before you throw it away.
Keep your personal documentation (i.e. Social Security card) and your bank/credit union records in a secure place.
Call the post office IMMEDIATELY if you are not receiving mail—a thief can forge your signature and have your mail forwarded.
Be aware of your surroundings when entering your PIN at an ATM.
Limit the number of credit cards & personal information that you carry in your wallet/purse.
Report lost/stolen cards IMMEDIATELY.
Review & consider whether you need currently inactive cards. Even when not being used, these cards show on your credit report, which a thief could gain access to. If you have applied for a card and have not received the card in a timely manner, IMMEDIATELY notify the appropriate financial institution.
Closely monitor the expiration dates on your cards—contact the credit issuer if the replacement card is not received prior to the card’s expiration date. For DCFCU debit cards, your replacement card is sent out the same month as the card expires. If you do not get your replacement card in the mail by the end of that month, contact us RIGHT AWAY!
Sign all new cards upon receipt.
Review your credit reports annually. You can go to www.annualcreditreport.com to receive your free credit reports.
Use unique passwords on your cards, bank/credit union accounts, and phone cards. Avoid using obvious passwords such as date of birth, phone number, or mother’s maiden name.
Match your receipts to your monthly bills to make sure that you do not have or have no unauthorized transactions.
Volunteer any personal information when you use your card.
Give your Social Security number, card number, or bank/credit union account numbers over the phone unless you have initiated the call and know that the business that you are dealing with is reputable.
Leave receipts at ATMs, bank/credit union counters, or unattended gas pumps.
Leave envelopes containing your card payments or checks in your home mailbox for postal carrier pickup.
Record your Social Security number, passwords, or PIN numbers on a piece of paper to keep in your wallet/purse.
Give your Social Security number, card number, or other personal financial information data on any web site or online service, unless you receive a secured authentication key from your provider.
- Annual Credit Report—free one from government
- Deter, Detect, Defend. Avoid ID Theft.
- Nebraska Attorney General—Consumer Protection Page
- Privacy Matters
- FTC—Credit Freeze FAQs
- FTC—Place a Fraud Alert
- 10 Check Scam Prevention Tips from Allied Solutions
- Consumer Scam Prevention Checklist from Allied Solutions
Check Your Credit
Your credit score should be free—and now it is! Check your credit with Credit Karma.
- Get Your Absolutely Free Credit Score
- Stay on Top of All Your Accounts
- No Trial Periods. No Credit Cards. Truly Free.
- Get Your TransUnion & Equifax Credit Scores