Protecting Your Privacy, Your Identity and Your Money
The safety of your account and identity starts with you! As your trusted financial partner, Boulder Valley Credit Union will NEVER solicit your personal information. It is our goal at BVCU to inform you of the best ways to protect your money and reduce your risk of becoming a fraud victim.
Security Update - Phone Scams
If you ever receive a phone call purporting to be from Boulder Valley Credit Union or Premier Members Credit Union, do not provide any personal information. Always log into the Credit Union site directly (by typing www.bvcu.org in your address bar) or contact one of our Member Service Representatives before divluging any information.
Boulder Valley Credit Union/Premier Members Credit Union will never make unsolicited phone calls requesting your personal account information.
COMMON FRAUDIdentity Theft, Phishing and Spoofing are just three of the common types of fraud you may encounter. Here we will discuss what these types of fraud look like.
SHOW MORE +
Identity Theft is a crime in which an imposter obtains key pieces of personal information, in order to impersonate someone else. The information can be used to obtain credit, merchandise, and services in the name of the victim, or to provide the thief with false credentials. In addition to running up debt, an imposter might provide false identification to police, creating a criminal record or leaving outstanding arrest warrants for the person whose identity has been stolen.
- Identity Theft is categorized in two ways:
True Name and Account Takeover. True Name Identity Theft means that the thief uses personal information to open new accounts. The thief might open a new credit card account, establish cellular phone service, or open a new checking account in order to obtain blank checks. Account Takeover Identity Theft means the imposter uses personal information to gain access to the person's existing accounts. Typically, the thief will change the mailing address on an account and run up a huge bill before the person whose identity has been stolen realizes there is a problem. The Internet has made it easier for an identity thief to use the information they've stolen because transactions can be made without any personal interaction.
- Although an identity thief might crack into a database to obtain personal information, experts say it's more likely the thief would obtain information by using old-fashioned methods. Retrieving personal paperwork and discarded mail from trash dumpsters (dumpster diving) is one of the easiest ways for an identity thief to get information. Another popular method to get information is shoulder surfing - the identity thief simply stands next to someone at a public office, such the Bureau of Motor Vehicles, and watches as the person fills out personal information on a form.
Phishing is an e-mail or phone fraud method in which the perpetrator sends out legitimate-looking email or makes a legitimate-sounding phone call in an attempt to gather personal and financial information from recipients.
- In terms of e-mails: Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include: PayPal, eBay, MSN, Yahoo, BestBuy, and America Online. A phishing expedition, like the fishing expedition it's named for, is a speculative venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait. The information gathered during a Phishing attack is often used for Identity Theft.
Phishing Example: In one fairly typical case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from America Online that said there had been a billing problem with recipients' AOL accounts. The perpetrator's e-mail used AOL logos and contained legitimate links. If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers, and passwords.
E-mail Spoofing: E-mail Spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use E-mail Spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations. This type of Spoofing however, can be used legitimately. Classic examples of senders who might prefer to disguise the source of the e-mail include: a sender reporting mistreatment by a spouse to a welfare agency or a "whistle-blower" who fears retaliation. However, E-mail Spoofing anyone other than yourself is illegal in some jurisdictions.
Caller ID Spoofing: Caller ID Spoofing is a form of Spoofing when callers deliberately falsify the telephone number and/or name relayed as the Caller ID information to disguise the identity of the calling party. For example: identity thieves who want to collect sensitive information such as your bank account or other financial account numbers, your social security number, your date of birth or your mother’s maiden name, sometimes use Caller ID Spoofing to make it appear as though they are calling from your bank, credit card company, or even a government agency.
URL Spoofing: URL Spoofing happens when a fraudulent, often malicious, website is set up that appears to be a different, legitimate website to obtain sensitive information. The false websites can sometimes be used to install viruses or Trojans into a user’s computer, but more often are used to receive information from a user. This type of Spoofing can be used to launch a more elaborate attack.
Pharming: Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent. Pharming has been called "phishing without a lure."
In Phishing, the perpetrator sends out legitimate-looking e-mails, appearing to come from some of the Web's most popular sites, in an effort to obtain personal and financial information from individual recipients. But in Pharming, larger numbers of computer users can be victimized because it is not necessary to target individuals one-by-one and no conscious action is required on the part of the victim. In one form of a Pharming attack, code sent in an e-mail modifies local host files on a personal computer. The host files convert URLs into the number strings that the computer uses to access Web sites. A computer with a compromised host file will go to the fake Web site even if a user types in the correct Internet address or clicks on an affected bookmark entry. Some spyware removal programs can correct the corruption, but it frequently recurs unless the user changes browsing habits.
URL Spoofing Example: An attacker could send a spoof email requesting immediate action from a person to ensure the security of his or her bank account. The person then follows a link in the email that leads to a spoof URL that appears to be the legitimate website for the bank, but is not. Once at the spoofed URL, the user may then type in his username and password to access to his account, at which time the website has recorded the private information, and will then often report an error and redirect the user back to the legitimate bank website. The user has now provided the attacker with his username and password, which the attacker can then use for malicious purposes, such as Identity Theft and Bank Fraud.
PERSONALIZED FRAUDGrandparent Scams and Inheritance Scams are successful cons because the fraudsters know your name and info about your life. Here we’ll discuss scams that use personalized info about you to commit fraud.
SHOW MORE +
Fraudsters and scammers aren’t always strangers, sometimes they’re people you know, and sometimes they’re your relatives. Or so you think. If a fraudster finds out just the right amount of information about you they can fool you into thinking that they are family. And that’s exactly what’s happening right now with these types of fraudulent scams:
The Grandparent Scam "Story": A “grandchild” or other relative calls, saying he’s been in a terrible accident overseas and needs money immediately in order to receive medical attention. A “doctor” might get on the line to say your grandchild can’t talk anymore because he needs medical attention. You must wire money for the treatment to proceed.
- The script has different variations. Your “grandchild” has been arrested and a “cop” picks up the line to demand bail money. Your relative’s car broke down and he needs money to get it fixed. Or he’s stuck at a foreign airport and needs money to pay customs and return home. The common theme is that the “grandchild” sounds like yours but can’t talk for long because there’s an urgent situation that demands immediate funds. Often the fake grandchild will beg you not to tell his parents – anything to delay you from discovering the truth before parting with your money.
- The call might be random and the scammer will expertly fake his way through the call, picking up cues from you, including your grandchild’s name. Or it might not be random at all. Sometimes the scammers know the names of your friends or relatives. As the Consumer Federation of America points out, bad guys can find information from a variety of sources. Your relatives may be mentioned in an obituary or on a social networking site. Your email account may have been hacked, revealing the names of your relatives. Criminals use marketing databases, telephone listings and a variety of sources to find information used to trick you.
Inheritance Scam: The Inheritance Scam "Story": A fraudster that claims to be a lawyer from overseas or some other legal official sends you an email or a letter. They tell you that a person sharing your family name has died and left behind a vast amount of money. The lawyer is administering the inheritance and has been unable to identify any of the dead person’s relatives. As a result, the money will go to the government. The lawyer suggests that, because you share the same family name as the deceased, he could pay the inheritance to you. You could then split the money between you, rather than handing it over to the government. The fraudsters will emphasize the need for secrecy and warn you not to tell anyone else about the deal. To hurry you into making a hasty decision, they will also stress the need to act quickly. However, there is no inheritance and the person contacting you isn’t a lawyer or legal official.
What Happens Next: Power Of Attorney Scam:
The Power Of Attorney Scam is where a person takes advantage of another by having them sign a financial Power Of Attorney, which grants them authority to access the other’s bank accounts and assets. After being granted the Power Of Attorney, the fraudster will then take the account monies and properties for their own use, often investing them in other areas so they are difficult to trace.
The Inheritance Scam "Story": A fraudster that claims to be a lawyer from overseas or some other legal official sends you an email or a letter. They tell you that a person sharing your family name has died and left behind a vast amount of money. The lawyer is administering the inheritance and has been unable to identify any of the dead person’s relatives. As a result, the money will go to the government. The lawyer suggests that, because you share the same family name as the deceased, he could pay the inheritance to you. You could then split the money between you, rather than handing it over to the government. The fraudsters will emphasize the need for secrecy and warn you not to tell anyone else about the deal. To hurry you into making a hasty decision, they will also stress the need to act quickly. However, there is no inheritance and the person contacting you isn’t a lawyer or legal official.
What Happens Next:
Power Of Attorney Scam:
TOO-GOOD-TO-BE-TRUE FRAUDA Government Grant or an Investment Property may appear like great opportunities, but if you look closely they can actually be fraudulent activities. Here we will discuss scams that sound too good to be true.
SHOW MORE +
Charity Fraud is the act of using deception to get money from people who believe they are making donations to charities. Often a person or a group of people will make material representations that they are a charity or part of a charity and ask prospective donors for contributions to the non-existent charity. Charity Fraud not only includes fictitious charities but also deceitful business acts. Deceitful business acts include: businesses accepting donations and not using the money for its intended purposes.
Telemarking can be categorized as fraudulent selling conducted over the telephone. Some fraudsters seem very friendly — calling you by your first name, making small talk, and asking about your family. They may claim to work for a company you trust, or they may send mail or place ads to convince you to call them.
Watch Out: Often, scammers who operate by phone don’t want to give you time to think about their pitch; they just want you to say "yes." But some are so cunning that, even if you ask for more information, they seem happy to comply. They may direct you to a website or otherwise send information featuring “satisfied customers.” These customers, known as shills, are likely as fake as their praise for the company.
“Because you pay your income taxes on time, you have been awarded a free $12,500 government grant! To get your grant, simply give us your checking account information, and we will direct-deposit the grant into your bank account!”
- Sometimes, it’s an ad that claims you will qualify to receive a “free grant” to pay for education costs, home repairs, home business expenses, or unpaid bills. Other times, it’s a phone call supposedly from a “government” agency or some other organization with an official sounding name. In either case, the claim is the same: your application for a grant is guaranteed to be accepted, and you’ll never have to pay the money back.
- The Federal Trade Commission (FTC), the nation’s consumer protection agency, says that “money for nothing” grant offers usually are scams, whether you see them in your local paper or a national magazine, or hear about them on the phone.
- Grant scammers generally follow a script: they congratulate you on your eligibility, then ask for your checking account information so they can “deposit your grant directly into your account,” or cover a one-time “processing fee.” The caller may even reassure you that you can get a refund if you’re not satisfied. In the end, you’ll never see the grant they promise and they will disappear with your money.
Investment Property Scam:
Investment Property Scams are usually spread by word of mouth and require individuals to invest large sums of money in real estate properties. Most promise either a large increase in the value of the property resulting in a large return on investment, or higher-than-market interest on contributed capital, or even both.
The "Investment Property" Set Up
An individual who purchased properties in a metropolitan area in the Midwest moved the property titles to companies under his control. The individual had family members on the East Coast recruit prospective buyers from the town in which the family members lived. The borrowers were told that the loan applications which they signed served as their membership in a 'real estate buyer’s club' that would acquire properties, hold the properties for a period of time, and sell these properties in the future for a profit. The buyers/borrowers were promised that while the properties were being held for future sale, they would be rented out and maintained to ensure a cash flow for the 'real estate buyer’s club' mortgage payments.
The End Result
- The perpetrator of the Investment Property Scam flipped the properties to the borrowers using inflated values.
- To the lenders, it was represented that the borrowers were individually purchasing a number of investment properties – 8 to 10 properties per borrower, instead of a group purchase.
- There was no property maintenance and there were no tenants.
- The lenders ended up with non-performing loans that were upside down (owing more than the properties are worth) in equity because the original values were inflated and the borrowers never actually made the down payment as represented.
OTHER ITEMS TO WATCH OUT FORElder Financial Abuse and ATM Fraud, while not as common as Identity Theft, are still very prevalent today. Here we will discuss these types of fraud.
SHOW MORE +
- Taking money or property
- Forging an older person's signature
- Getting an older person to sign a deed, will, or Power Of Attorney through deception, coercion, or undue influence
- Using the older person's property or possessions without permission
- Promising lifelong care in exchange for money or property and not following through on the promise
Who are the perpetrators?
- Family members, including sons, daughters, grandchildren, or spouses. They may:
- Have substance abuse, gambling, or financial problems
- Stand to inherit and feel justified in taking what they believe is "almost" or "rightfully" theirs
- Fear that their older family member will get sick and use up their savings, depriving the abuser of an inheritance
- Have had a negative relationship with the older person and feel a sense of "entitlement"
- Have negative feelings toward siblings or other family members whom they want to prevent from acquiring or inheriting the older person's assets
- Predatory individuals who seek out vulnerable seniors with the intent of exploiting them. They may:
- Profess to love the older person ("sweetheart scams")
- Seek employment as personal care attendants, counselors, etc. to gain access
- Identify vulnerable persons by driving through neighborhoods (to find persons who are alone and isolated) or contact recently widowed persons they find through newspaper death announcements
- Unscrupulous professionals or businesspersons, or persons posing as such. They may:
- Overcharge for services or products
- Use deceptive or unfair business practices
- Use their positions of trust or respect to gain compliance
Who is at risk?
The following conditions or factors increase an older person's risk of being victimized:
- Recent losses
- Physical or mental disabilities
- Lack of familiarity with financial matters
- Have family members who are unemployed and/or have substance abusers problems
Why are the elderly attractive targets?
- Persons over the age of 50 control over 70% of the nation's wealth
- Many seniors do not realize the value of their assets (particularly homes that have appreciated markedly)
- The elderly are likely to have disabilities that make them dependent on others for help. These "helpers" may have access to homes and assets, and may exercise significant influence over the older person
- They may have predictable patterns (e.g. because older people are likely to receive monthly checks, abusers can predict when an older people will have money on hand or need to go to the bank)
- Severely impaired individuals are also less likely to take action against their abusers as a result of illness or embarrassment
- Abusers may assume that frail victims will not survive long enough to follow through on legal interventions, or that they will not make convincing witnesses
- Advances in technology have made managing finances more complicated
If you suspect someone you know may be a victim of Elder Financial Abuse, make sure to report it to your Local Law Enforcement Agency right away.
ATMs are under siege more than ever from a type of Fraud called: Skimming. Skimming is where ATM thieves steal your PIN and account number using remote devices. Often done by sophisticated crime rings from the Eastern bloc countries, ATM Skimming is becoming a high-tech art that's hard to detect.
Scenario #1 - A device is used to capture your PIN and card data. This device mimics the card slot and reads the magnetic stripe on your card with your account number.
Scenario #2 - A wireless video camera inside the ATM area. It can look as harmless as a brochure holder. Once the scammers have your number, magnetic strips are easy to make and thieves are able to easily reproduce ATM cards.
Scenario #3 - Fake PIN pad are placed on top of the original ATM PIN pad. Unfortunately, with fake PIN pads, your ATM transaction will proceed normally and you won’t know a scammer has stolen anything until it’s too late.
Scenario #4 - Fake ATM machines are placed in and around shopping centers and other public locations. Upon placing your card into the card reader, these machines collect your ATM PIN and account information. They do not dispense cash. Rather, a screen comes up that says that the machine is out of money or out of order.
How To Protect Yourself From Fraud: PhoneIt's important to be careful when giving out personal information over the phone; you never know who is on the other end. Here are some tips that can help protect you from Phone Fraud.
SHOW MORE +
Don’t give out your bank account information to anyone you don’t know. Scammers pressure people to divulge their bank account information so that they can steal the money in the account. Always keep your bank account information confidential. Don’t share it unless you are familiar with the company and know why the information is necessary.
Know the signs for fraudlent telemarketing pitches. It’s illegal for telemarketers to ask for a fee upfront if they promise or claim it’s likely they’ll get you a credit card or loan, or to “repair” your credit. It’s also illegal for any company to ask you to pay or buy something to win a prize, or to claim that paying will increase your chances of winning. And finally, it’s illegal to buy and sell tickets to foreign lotteries by phone.
How you pay matters. If you pay for a transaction with cash, checks, or money orders, your money is gone before you realize there is a problem. Paying by credit card is safest because you can dispute the charges if you don’t get what you were promised. You don’t have the same dispute rights when you pay with debit cards or give your bank account number. Bank debits have become fraudulent telemarketers’ preferred form of payment.
Where telemarketers are located matters. Some fraudulent telemarketers are deliberately located in other countries because it’s more difficult for U.S. law enforcement agencies to pursue them. It may be hard to tell where they are, because they may use telephone numbers that look like domestic long-distance. Be very cautious when dealing with unknown companies from other countries.
Who’s calling… and why? The law says telemarketers must tell you it’s a sales call, the name of the seller and what they’re selling before they make their pitch. If you don’t hear this information, say “no thanks,” and get off the phone.
What’s the hurry? Fast talkers who use high pressure tactics could be hiding something. Take your time. Most legitimate businesses will give you time and written information about an offer before asking you to commit to a purchase.
Why am I “confirming” my account information — or giving it out? Some callers have your billing information before they call you. They’re trying to get you to say “okay” so they can claim you approved a charge. Don't do it.
What time is it? The law allows telemarketers to call only between 8 am and 9 pm. A seller calling earlier or later is ignoring the law.
Take control of the calls you receive. If you want to reduce the number of telemarketing calls you receive, place your telephone number on the National Do Not Call Registry. To register online, visit donotcall.gov. To register by phone, call 1-888-382-1222 (TTY: 1-866-290-4236) from the phone number you wish to register.
Additional Telemarketing Red Flags - If you hear a line that sounds like one of the below, say "no, thank you," hang up, and file a complaint with the FTC:
- You've been specially selected (for this offer).
- You'll get a free bonus if you buy our product.
- You've won one of five valuable prizes.
- You've won big money in a foreign lottery.
- This investment is low risk and provides a high return.
- You have to make up your mind right away.
- You trust me, right?
- You don't need to check our company with anyone.
- We'll just put the shipping and handling charges on your credit card.
To file a complaint with the Federal Trade Commission (FTC), click here.
How To Protect Yourself From Fraud: OnlineCyber Security is becoming more and more important as technology advances. Here are some tips to help protect you and your finances from online attacks.
SHOW MORE +
Keep your credit card, checking account, and Social Security numbers to yourself. Don't enter them into websites or emails that you don't know — even if they ask you to “confirm” this information. That's a trick.
Make sure your computer has up-to-date anti-virus software and a firewall installed. Ensure your browser is set to the highest level of security notification and monitoring to prevent malware issues and computer crimes.
Sign-up for Verified by Visa or MasterCard Secure Code whenever you are given the option while shopping online. This involves you registering a password with your card company and adds an additional layer of security to online transactions with signed-up retailers.
Passwords are an important aspect of computer security, whether at work or home. If your passwords are poorly created, you could compromise your sensitive information. It is up to you to create strong passwords, to protect those passwords and to change them frequently.
WiFi. Avoid unknown WiFi networks. Use only encrypted networks when working with sensitive information, places like Starbucks and hotels or airports are not encrypted.
Mobile Apps. Avoid downloading malicious Apps on your mobile device by verifying the company and checking the reviews. See below for BVCU Mobile security.
Website Addresses. Look for “https” in the URL and the little padlock in the URL bar to indicate that it is a secure connection.
How to protect yourself from email phishing specifically:
- Beware if you are asked to contact a webmail address such as @Yahoo or @Hotmail. As a rule, legitimate law firms do not use them.
- The FTC warns users to be suspicious of any official-looking e-mail message that asks for updates on personal or financial information and urges recipients to go directly to the organization's Web site to find out whether the request is legitimate. - Never open unexpected or unfamiliar attachments in emails.
- Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email to go out to its users with blatant errors. If you notice mistakes in an email, it might be a scam.
- Threats. Have you ever received a threat that your account would be closed if you didn't respond to an email message? Cybercriminals often use threats that your security has been compromised.
Online and Mobile Banking at BVCU:
Boulder Valley Credit Union has taken special steps to protect our member's finances and information through our Online Banking program and Mobile Banking applications:
- Both banking systems are protected with SSL encryption
- Passwords are required to login
- Inactivity Time-Out Period
- Auto logoff any time you exit the application
- Multi-Factor Authentication
- Challenge Question Security
- Out-of-band Enrollment
- Dedicated Firewalls managed around the clock - Intrusion Detection System
- Reverse Authentication. RA is the user selected security image shown at sign-in, letting you know that you are on a legitimate site
- Internet access between the Credit Union and our members is provided by a secure Internet Service Provider (ISP)
- Additional security for Online Banking and Bill Pay includes: robust authentication software and dedicated frame relay lines
Good Practices/TipsDestroying old receipts and checking bank balances are good practices that can help to prevent fraudulent attacks from arising and/or minimize the effects should one occur. Here we will discuss some helpful tips.
SHOW MORE +
Check bank balances frequently. It pays to check your account frequently. If you don't report fraud within 60 days, you have unlimited liability. Sign up for alerts and notice unusual withdrawals.
Check in on your elders and watch for indicators like: unpaid bills, large withdrawals, cancelled checks, property missing, etc.
Remember the old adage, "If it sounds too good to be true, it probably is." Be skeptical on promises of high, fast returns. Nothing of that nature comes without high risk, so consider what you can afford to lose. Be wary of email or infomercial offers.
Check everything out. Whether it’s a potential investment property, a charity asking for money or even a lawyer asking for money. Do your due diligence before handing over any information or money.
Monitor your mail. If you receive bills, invoices or receipts for things you haven’t bought, or financial institutions you don’t normally deal with contact you about outstanding debts, take action.
Never pay for anything upfront. Whether it is for “shipping,” “registration,” or any other kind of fee.
Destroy and preferably shred receipts that contain your card details and any mail containing your name and address.
Regularly check your credit report with major credit bureaus and follow up with creditors if your bills do not arrive on time.
Retail Data Breaches:
What BVCU Will Do: If we are informed that your card may have been included in a recent retail data breach, we will inform you in writing and – if necessary, reissue your cards to proactively protect your accounts against unauthorized transactions.
Additional Steps To Follow:
- Stay calm. Consumers are not liable for fraudulent charges on stolen account numbers.If you shopped at the retailer with a credit card:
- Check with the website of the retailer for the latest information. Type the store name directly into your browser. Do NOT click on a link from an email or social media message.
- Additionally, if your card was compromised, consider putting an alert or freeze on your credit report with the three major credit reporting agencies. A credit freeze will prevent anyone from accessing your credit report or scores. Note: This means you cannot apply for new credit without lifting the freeze.
- Monitor your credit card statements carefully (go online; don’t wait for the paper statement).If you shopped at the retailer with a debit card:
- If you see a fraudulent charge, report it to Boulder Valley CU immediately so the charge can be reversed and a new card issued.
- Keep receipts in case you need to prove which charges you authorized and which ones you did not.
- Do all of the above as for credit cards, but pay very careful attention to your account. Debit cards do not have the same protections as credit cards and debit transactions withdraw funds directly from your account.
- Contact Boulder Valley CU (303.442.8850) for more information, or if you want to preemptively request a new debit card or put a security block on your account.
ATM & Retail Store Protection
NCPEA (National Committee for the Prevention of Elder Abuse)
Credit Bureau Contact Details
- Free Annual Credit Report
800-525-6285 (Fraud Hotline)
800-685-1111 (Order a Report)
888-397-3742 (Fraud Hotline)
888-397-3742 (Order a Report)
800-680-7289 (Fraud Hotline)
800-916-8800 (Order a Report)