Protect yourself from fraud and scams

With more and more attention being given to identity theft, credit card scams and other types of fraud, here is some useful information to help protect yourself.

Please remember that Oregon State Credit Union and other legitimate financial institutions will not ask you to provide personal financial data. We occasionally ask to verify information so that we may complete in-person or phone transactions initiated by you. And we won’t ask you for crucial data that is already maintained on our secure mainframe computers using the claim that “we have lost your record” or “your accounts have been compromised.”

When in doubt, contact Oregon State Credit Union at 800-732-0173 or go to any branch if you’re concerned about the security of your account information. We’re here to help.

Common scams and definitions

Spear phishing – Fraudsters send an email that contains some form of personal information of the victim that may have been previously stolen from data obtained on social networking sites, blogs or other similar websites. This personal information is used to make the communication appear legitimate with the hope of having the recipient answer questions or open a link attached to the email. This link contains malicious software used to steal account numbers, passwords and other personal financial information.

Skimming – Electronic skimmers swipe your credit or debit card through a handheld device, or they install an overlay device—a slightly different color than the machine—on an ATM or gas pump. The device gleans information—your name, account number, expiration date, security features—off the magnetic stripe on the back of the card. The thief copies information from your card to a fraudulent one and sells it to a counterfeiter.

Phishing (fish’ing) (n.) Also known as “Spoofing” – The act of sending an email to recipients in an attempt to get them to visit a fraudulent website and enter sensitive personal information. This information is then used by the phisher to attempt to steal people’s money or identity. Phish emails and websites try to fool the recipient by mimicking a legitimate business or financial institution. If you receive this type of email, DELETE WITHOUT RESPONDING.

Vishing works like phishing but does not always occur over the Internet and is carried out using voice technology. A vishing attack can be conducted by voice email, VoIP (voice over IP), landline or cellular telephone. Messages typically indicate that suspicious activity has taken place in an account. The victim is told to call a specific telephone number and provide information to “verify identity” or to “ensure that fraud does not occur.” If the attack is carried out by telephone, caller ID spoofing can cause the victim’s set to indicate a legitimate source, such as a bank or a government agency. If you receive this type of call, DO NOT PROVIDE ANY SENSITIVE PERSONAL INFORMATION.

Pharming (farming) (n.) – The scammers create a fake, malicious website that looks like the site of a real company. These skilled hacker criminals then use Domain Name Server (DNS) “poisoning” to redirect your browser to their fake site. When you are unknowingly directed to the malicious site, you seem to be on a legitimate site. You think you’re on your bank’s website, for instance, so you enter personal information such as your PIN number or password. Bingo, you’re broke. Or worse, your total identity is stolen.

Fraud (frôd) (n.) – A deception deliberately practiced in order to secure unfair or unlawful gain.

Hacker (n.) – 1) One who is proficient at using or programming a computer; a computer buff. 2) One who uses programming skills to gain illegal access to a computer network or file (cracker).

Sensitive personal information – Any information about an individual that can be used to verify their personal financial information or identity. This includes: Social Security Numbers (SSN), credit card numbers, PIN numbers, usernames, passwords, birthdates, passport & visa documentation and account numbers.