Avoid the Bait of Coronavirus Scams
Keep Yourself Safe in Cyberspace
Credit Card Skimming
Avoid the Bait of Coronavirus Scams
Coronavirus scams are on the rise. Scammers are taking full advantage of fears surrounding COVID-19 and using the government stimulus payments, bogus vaccines, counterfeit treatments or equipment, and other things as cover to steal your personal information and your money. These impostors are smart and able to “look official” in their attempts to trick people into giving up important information.
Here are some things you can do to help protect yourself and your money:
- Never give out personal information by phone, text or email, even if the source appears legitimate. Point Breeze Credit Union will never call, email or otherwise contact you and ask for your username, password or other online banking credentials. In addition, we will never contact you and ask for your credit or debit card number, PIN or 3-digit security code.
- Monitor your accounts for suspicious activity. Utilize online or mobile banking to review transactions regularly and set up alerts to notify you of certain account activity.
- Report suspected fraud immediately. If you're concerned about your account or suspect fraud, contact us directly at 410.584.7228 or send us a secure message through online banking or our mobile app.
- Do your research. Learn more about Coronavirus scams and how to protect yourself by visiting ftc.gov/coronavirus or fbi.gov/coronavirus. Consumer alerts for these types of scams are continuing to be discovered regularly so check back often for updates.
The best line of defense is to educate yourself, be vigilant and be extremely cautious about sharing personal information.
Keep Yourself Safe in Cyberspace
An important part of online safety is knowledge. The more you know, the safer you'll be. Here are some tips on how to stay safe online:
- Set good passwords. A good password is a combination of upper and lower case letters and numbers and one that is not easily guessed. Change your password frequently. Don't write it down or share it with others.
- Don't reveal personal information via email. Emails and text messages can be masked to look like they are coming from a trusted sender when they are actually from someone else. Play it safe. Do not send your personal information such as account numbers, Social Security numbers, or passwords via email or text.
- Don't download that file! Opening files attached to emails can be dangerous especially when they are from someone you don't know as they can allow harmful malware or viruses to be downloaded onto your computer. As an additional measure of protection, make sure you have a good antivirus program on your computer that is up to date.
- Links aren't always what they seem. Never log in from a link that is embedded in an email message. Criminals can use fake email addresses and make fake web pages that mimic the page you expect. To avoid falling into their trap, type in the URL address directly and then log in.
- Websites aren't always what they seem. Be aware that if you navigate to a website from a link you don't type, you may end up at a site that looks like the correct one, when in fact it's not. Take time to verify that the web page you're visiting matches exactly with the URL that you expect.
- Log off from sites when you are done. When you are ready to leave a site you have logged in to, log off rather than just closing the page.
- Monitor account activity. Monitor your account activity regularly either online or by reviewing your monthly statements and report any unauthorized transactions right away.
- Assess your risk. We recommend periodically assessing your online banking risk and put into place increased security controls where weaknesses are found; particularly for members with business accounts. Some items to consider when assessing your online banking risk are:
- Who has access to your online business accounts?
- How and where are usernames and passwords stored?
- How strong are your passwords and how often are they changed? Are they changed before or immediately after terminating an employee who had access to them?
- Do you have dual controls or other checks and balances with respect to access to online banking transactions?
Point Breeze Credit Union will NEVER call, email or otherwise contact you and ask for your username, password or other online banking credentials. In addition, we will NEVER contact you and ask for your credit or debit card number, PIN or 3-digit security code.
Phishing (pronounced "fishing") is a type of email scam in which identity thieves send official looking emails with urgent-sounding messages asking the recipient to click a link within the email. The link takes you to a website, which may look like Point Breeze Credit Union's website, where you will be asked to provide confidential information such as account numbers, credit card numbers and other sensitive information. Fraudsters send these emails and text messages to a large group of random email addresses, hoping to reach at least a few of our members.
Point Breeze Credit Union will NEVER send unsolicited emails or text messages asking you to give or verify personal information online or by phone.
Please contact us immediately if you ever have questions or concerns about suspicious messages you may have received.
Identifying Safe Email
Email is a timely, effective and convenient way to communicate with our members. Therefore, we have outlined the types of emails that we DO send and how you can tell if the email you receive is real or a fake.
- Email Alerts – These are emails that notify you of balance information, a check that has cleared or Certificate of Deposit maturity dates. Alert emails are set up by you, the end user, so you are in complete control. These emails will NEVER contain links to a website.
- Online Bill Pay Emails – These emails notify you when a bill has arrived or when a bill has been paid. You can change your Online Bill Pay options for each payee. These emails will NEVER contain links to a website.
- Password Changes – Whenever you change your Online Banking password, an email is automatically sent to your email address on file. These emails will NEVER contain links to a website.
- eStatement & eDocument Notifications – These emails are sent to notify you that your eStatement is available online for your review or when a new document has been posted to your account. These emails will NEVER contain links to a website.
- Marketing Emails – These emails are designed to keep you informed of current promotions and specials. These emails may contain links back to our website. If you still feel uncomfortable clicking a link, please visit our website by typing our web address into your web browser or utilizing your saved bookmarks.
How to Protect Yourself
- Do not respond to emails requesting personal information, and do not click on links within suspicious emails.
- Do not call phone numbers listed in messages you receive. Instead, go to our website to find our number or look on the back of your credit/debit card.
- Update your computer software with current versions and utilize virus protection and firewall software to protect data.
"Vishing" or "Smishing" is a scam in which a fraudster calls you (typically a recorded message) or sends you an email or text message instructing you to call a phone number to verify your account information, credit card information, Online Banking login or Online Bill Pay account. Typically these crooks call or send messages at random hoping to reach one of our members. They leave urgent sounding messages hoping to trick you into calling.
Once you call the number, you are instructed to enter a variety of confidential information such as account numbers, PINs, credit card numbers, expiration dates and the security codes on the back of your credit card.
It is very important to remember that Point Breeze Credit Union will NEVER ask for complete account numbers, passwords, credit card numbers, Social Security numbers or other sensitive information via unsolicited phone calls, emails or text messages. If you have received a message like this, do not respond!
Note: Prism is Point Breeze Credit Union’s secure automated fraud protection system for Visa® Credit and Check Cards. The system will generate phone calls and/or text messages to you, our members, to verify the information we have is correct and may ask for verification of recent transactions on your card(s). They will NOT ask for any personal information, other than the last four digits of your Social Security number for identification purposes. If you are not home, they will leave an automated message; please call them back. If they are unable to reach you by phone or text message, an email will be sent to the address we have on file.
Please contact us immediately if you ever have questions or concerns about suspicious phone calls or email/text messages you may have received.
Credit Card Skimming
Skimming is the copying of electronically transmitted full track data on the magnetic strip of a credit card, to enable valid electronic payment authorization to occur between a merchant and the issuing financial institution. The skimmer simply wants all the data located on the magnetic strip including the credit card number, name, CVV number, and any other discretionary information.
Skimming can occur in restaurants, hotels, gas stations and at ATMs. These locations are popular due to heavy customer volume, credit cards being the common method of payment, multiple employees and high employee turnover.
Here are some examples of how it works:
- Customer uses a credit card to pay for dinner.
- Restaurant employee walks away from table to run the card through the cash register, but before getting to the register swipes the card through a small, concealed hand-held device that copies and stores the account data. The stolen card information is later downloaded (or downloaded right away from a wireless device) to a computer.
- The information is then encoded on a counterfeit card, or re-encoded on a lost/stolen card. The fraudulent card is then used to make purchases.
- The skimmer is mounted to the front of a normal ATM card slot. Once a card is swiped, the skimmer reads the data on the strip while also allowing the person to do regular transactions and receive money.
- The data is then transmitted to the criminals where they encode the data. At the same time the data is being received by the criminal, a wireless camera that is disguised (sometimes as a brochure holder) captures the customer's PIN.
- Once all the information is received, the criminal is able to make duplicate cards and withdraw money using any ATM.
How to Avoid Getting Skimmed
- Be aware of your surroundings. If a Point-of-Sale device looks suspicious, have the sales person swipe the card through the cash register. Make sure you are aware of who has your credit card information and what transactions are being charged.
- Keep in contact with your credit union to verify all transactions on your credit or debit card. This will enable you to identify fraud quickly. Monitor your account activity through Online Banking and review your monthly account statements carefully. If you see any suspicious activity or unauthorized transactions, notify the credit union immediately.
- Keep your PIN in a safe and secure place. Shield the keypad when typing in your PIN so others behind you are unable to view your PIN.
If you notice something suspicious at an ATM or retailer location, do not tamper with any switches or buttons or try to open the device. You could delete the stored data and lose valuable evidence. If you see or suspect anything suspicious, contact your local U.S. Secret Service office at 443.263.1000.
Stay in Touch
In order for Point Breeze Credit Union to keep you informed and contact you in the event fraudulent activity is suspected on your account(s), it is important that we have accurate contact information for you. Please log in to Online Banking or stop by your local Point Breeze office to confirm or update your contact information. You may also request a Change of Address form online or by calling 410.584.7228.