Protect Yourself
Minimize risk from fraud & scams
Recognizing scams can be difficult, but you can minimize the potential impact by knowing what to look for, taking the right action steps, and remaining vigilant. Follow these tips to protect yourself so you don’t fall victim to fraud or a scam.
Monitor Your Credit
Check your credit report annually. Consumers are entitled to a free credit report from each of the three major credit bureaus annually. Simply go to AnnualCreditReport.com to get started. Items to watch for are “new” or “re-opened” accounts and other suspicious activity.
A best practice is to check your credit report three times per year by requesting the report from one credit bureau every four months.
Protect Yourself from Scams
Be mindful of emails or phone requests claiming to be from the business or financial institution. Call the institution directly to confirm if you are suspicious.
Avoid opening attachments and clicking on links contained in emails received from unfamiliar sources. Phishing emails often contain attachments or links to malicious websites infected with malware.
Avoid clicking on links or calling the telephone number contained within text messages received from unfamiliar sources. Be wary of SMiSHing attacks which are similar to phishing but in SMS text messages.
To avoid tax identify fraud make a point of filing annual tax returns promptly. Should you be notified that more than one return was filed in your name, owe additional tax, or that records indicate that your earnings were more than the amount of wage reported, complete an IRS Identity Theft Affidavit form 14039, and contact the IRS Identity Protection Specialized Unit at 800.908.4490.
Check with the credit union to determine if account protections such as security challenge pass-phrase, account notes, and travel protections are available.
In general, be wary of offers that are too good to be true, require fast action, or instill a sense of fear.
Protect Yourself Online
Use strong passwords that are case-sensitive and include alpha-numeric characters and at least one symbol. Use a password checker to ensure you’re using a strong password.
Do not use the same password for multiple websites used to conduct online transactions.
Be sure your home computer is protected with a firewall and antivirus / anti-malware software. A best practice is to configure the antivirus / anti-malware software to automatically check for updates at least weekly.
Be sure to install operating system patches when they are made available.
Avoid using public Wi-Fi and public computers (e.g., those found in libraries and hotel lobbies) to conduct online transactions. The use of a VPN cab make public Wi-Fi more secure.
When offered, use multifactor authentication for account logins or out-of-band authentication to confirm login attempts and/or transactions. Multifactor authentication uses more than one authentication method, such as user password (something you know) and a one-time-password token (something you have), or biometrics (something you are). Out-of-band authentication typically involves the user receiving a passcode via text message which the user must enter to complete a login or a transaction.
Be wary of what you’re sharing -Openly sharing information on social media can provide an identity thief with the necessary information to impersonate you, or answer certain challenge questions. Keep social media accounts private, and be cautious who you’re connecting with. Never share anything related to your credit union account, transactional history, or identifying information in unprotected public forums.
Protect Your Children and/or Minors
Most minors under the age 18 may not have a credit report available for review. However, children are regular targets of identity theft, and parents should take care to protect their children’s financial future.
Look For Warning Signs
• Collection notices or calls products or services in your child’s name.
• Notice declaring your child owes back income tax, or that their identifying information was used on multiple tax returns.
• Offers for pre-approved credit in your child’s name. Marketing offers arriving in your child’s name could be a sign that an account was opened at a financial institution).
• Be careful about sharing your child’s private identifying information especially Social Security Number. If asked to share that information, ask and understand how it will be used.
Check Your Child’s Credit
Contact each of the three nationwide credit reporting bureaus –Equifax, Experian, and TransUnion -and request a credit report in your child’s name. Each has their own process, and it will take time, but it will be worth it.
If there is a credit report in your child’s name, request a fraud alert, and consider placing a credit freeze.
Contact your local police department or Attorney General’s Office to file to report the identity theft and request a copy of any report generated.
Contact any financial institution and business listed on your child’s credit report and explain the account was opened because of theft and request it be closed. You may need to produce documentation from the credit bureaus and law enforcement.
Keep a detailed list of any phone calls made and/or documents received as you may need to produce them later.
Other Tips
Your Social Security Number (SSN) should be closely guarded –it doesn’t change which makes it the ultimate prize for an identity thief. If your credit union uses your whole or part of your SSN to identify you, ask if they can use something else like an account password or recent transaction.
Keep in mind, you may have to share your SSN if you’re opening a new account, or applying for a loan or credit card; but you should only share that information when you’re certain it will not be overheard or used without your consent.
Most reputable organizations will never email you asking for your address, phone number, national ID number, or other personal data.
Always hover over links with your mouse pointer to display the full URL. If it leads somewhere that doesn’t logically belong within the context of the email, or generally looks nonsensical, don’t click!
Phishing emails often feature threatening language, such as “Payment overdue!” or “Your account has been compromised!”, in order to generate a response from their targets.
Unlike legitimate entities that will address you by your full name or username, phishing emails usually opt for generic greetings, such as Dear Customer or Dear Sir/Madam.
Similar to unrealistic threats, emails that urge you to click on a link or download an attachment or update your account immediately are likely scams.
Whether it be overdue taxes or an upfront payment to cover expenses, any email that asks for money should immediately raise your suspicions.
The old saying remains true to this day: if it’s too good to be true, it’s likely untrue. Keep that in mind any time you get an email claiming you won the lottery or are due a large family inheritance.
Most generic phishing attempts contain spelling and grammar errors or feature awkward wording/phrasing.
Attachments aren’t always malicious, but use extreme caution whenever you receive them unexpectedly.
In almost every case, government agencies don’t use email to communicate anything of consequence. The IRS, for example, will never email you about your taxes or payments.
*This resource is for informational purposes only. It does not constitute legal advice.