protection

A New Kind of Grandparent Scam

/ destinationscreditunion / Leave a comment

For years, con artists have preyed on the elderly, claiming to be their grandchildren and in trouble with desperate need for money.  This is the traditional grandparent scam and it dates back to as long as grandparents have had home phones.  Scammers know that grandma will do anything to help out, and they also know members of “the greatest generation” are excellent marks for phone scams.  In the traditional version of this scam, someone calls and tells the grandparent their grandchild has been jailed for a minor offense in a foreign country or has had a medical emergency befall them. Of course, other situations that would present an immediate need but be very hard to quickly verify are also used, so there is no one sure tell based upon circumstance. 

In reality, the grandchild is not under arrest, in the hospital or in trouble at all. At the very moment the scammer says the grandchild is in the middle of an emergency, he or she is probably just staring at a cellphone screen, possibly while they’re in class, oblivious to the whole situation.
A new version of the scam has been making the rounds this summer and it has a 21st century hook. The FTC, the BBB and various news organizations are reporting that scammers are now claiming to be debt collectors and getting older Americans to fork over credit card information or wire money to the scammers.  Sometimes the collectors claim to be after young people, threatening that if grandma doesn’t come through with the cash, the grandchild will be arrested, have their license revoked or lose their job. Other times, the scammers claim the grandparents are on the hook for the debt and use their fear of losing their credit rating to finagle some easy money out of a frightened victim.
The debt collection angle is new to the grandmother scam, but hardly a new scam in itself.  Con artists have been calling with fraudulent debts and fabricated threats for years, often claiming a long-forgotten payday loan or other non-traditional debt has been turned over to the police. But as people have gotten wise to phony debt collection scams, they’ve combined the routine with grandparent scams to make a new scenario that feels very real.With student loans and credit card debt through the roof, it’s easy to believe a loved one could have all sorts of debt we don’t know about. With the pressure on, it’s difficult to find out if it’s true.  But, if you didn’t co-sign a loan, you can’t be held responsible for paying it, no matter what someone tells you over the phone.  In fact, it’s illegal for a debt collector to tell you if someone else has a debt at all. If you’ve ever called a credit card company on behalf of your spouse, you’ve probably experienced the privacy laws in action, because the credit card company won’t even talk to you.   

If you feel pressured to make a payment or provide personal information over the phone, try to get off the line as quickly as possible.  Offer to call them back, if necessary.  The more they try to keep you on the phone, the more likely it is that they’re fraudsters who are after a quick buck.  If you think you might be a potential victim of such a scam, let the FTC know immediately, at www.ftccomplaintassistant.gov/
Then, let Destinations Credit Union know so we can make sure your accounts are safe, issue new information if necessary, and prevent any fraudulent charges.  We can also show you how to go through your credit report and find out if you have any debts you don’t know about. 
When someone pressures you on the phone, it’s always a good idea to take a break and figure out what’s really going on.  

Sources:

  

Home Improvement Scams

/ destinationscreditunion / Leave a comment


As we reach the dog days of summer, many of us are facing the consequences of our springtime procrastination.  For the next few months, we’re going to have to either spend every weekend on the home improvement projects we’ve been putting off or spend the fall and winter with a half-finished patio.  Again.  It’s tempting to put down your toolbox and pick up your checkbook, but before you do, make sure you can trust the person you’ll pay to do the work.  

Home improvement scams are back again this summer.  As many as 100,000 scammers work in the United States each year, according to recent estimates reported in Consumer Digest, and with Americans spending more than $500 billion a year on remodeling and home improvement projects, they’re not going to stop anytime soon.  Those scammers are very good at identifying their victims, so we need to get better at spotting them.  

Here are some signs you might be working with the wrong person:

He “just happens” to be in the area…

Contractors don’t go door-to-door drumming up business, but one of the most common ways scammers make contact with their victims is by simply knocking on their door, explaining that they were in the neighborhood and offering to take care of a job they noticed a need for.  They might claim to have leftover materials or they noticed some missing shingles on your roof when working on your neighbor’s house, and now they have a great deal to offer you.  By the time you realize you’re not missing any shingles, the scammers will have cashed the check you gave them to buy some extra materials.

He needs you to pay today…

Scammers may claim they want to make some money on the side and if the boss sees leftover materials, then they can’t use them.  Don’t let your fear of losing out on a bargain get you into trouble.  

If your neighborhood recently had the kind of natural disaster that makes it hard to get an appointment with a contractor, it’s even more likely the person you’re talking to is a scammer.  Government agencies refer to these people as “Storm Chasers” because they like to prey on the victims of natural disasters, often crossing the country to do so.  The National Consumer Law Center reported that complaints of contractor fraud vaulted from 150 cases in Louisiana the year before Hurricane Katrina to 6,000 cases during the following two years.

You have to pay up front…

Scammers might claim they need to charge you for materials up front or they need a hefty deposit to get started.  Don’t fall for it.  Professional contractors have enough credit to buy materials and usually have accounts at local hardware stores to make billing easier.  If the person you’re talking to doesn’t have good enough credit to buy materials, they’re probably not good enough at home repair to be worth your money. More than 60 percent of the Katrina-related victims of home repair scams said they paid up front, according to an LSU study, because the lack of skilled contractors in the city made homeowners anxious to get their projects done.

He’s hard to reach…

Many of those who were robbed by home improvement scammers reported it was difficult or impossible to get in touch with their scammer after the initial visit.  In many cases, the scammers told homeowners a sad story to explain their lack of cellphone or business card, taking advantage of homeowners’ sympathy in order to not provide contact information.

It’s 2015.  There is no reason for a person you trust to not have a cellphone, business card or a profile on social media sites like Angie’s List, Facebook, or Twitter.  If they do have a social media presence or business card, check it out before you pay.  Make sure their account has been active for more than a few months and that there are other ways to contact anyone working on your house.  If they can’t provide any of that, how about a reference from one of your neighbors?  There are lots of ways to verify someone’s identity, and with each excuse or objection, it seems more likely the person you are talking to has criminal intentions.  

What to do if you think you have been scammed

If you think you might have been the victim of a home improvement scam and have paid with a Destinations Credit Union check or card, let us know immediately.  Call us at 410-663-2500 or email us at info@destinationscu.org. If we find out quickly enough, we may be able to stop the check before the scammers can cash it.  

We’re here to protect your money.  You can find out more about fraud tips and alerts in our Member Center under “Protecting Your Money.”
Sources:

http://www.bankrate.com/brm/news/home_improvement_07/top-scams-a1.asp

Q & A: Anthem’s Data Breach And What You Need To Know

/ destinationscreditunion / 1 Comment



Q: I keep hearing about Anthem being a hacking target. What happened and am I at risk?

A: Anthem Inc., the second-largest health insurer in America, was targeted in a major security breach over the last month. New reports suggest hackers have been trying to compromise the company’s systems for months and may have been inside their system since December. According to the company, 80 million Anthem customers may have had their names, Social Security numbers and addresses compromised.

This is a unique event in the recent history of cybersecurity. Previous hacks, like those affecting Home Depot or Target, were attacking hardware. Hackers were exploiting vulnerabilities in computer hardware and software to gain access to confidential data. Here, the company is reporting that hackers had a different target: company employees.

Anthem reports that, beginning in December, hackers acquired login credentials of five employees. The employees could have been victimized by malware or social engineering scams. The hackers trying to beat Anthem didn’t need to find a flaw in the computer infrastructure. Instead, they just had to find a weakness in the people operating those systems.

Once they had these credentials, hackers used their access to do two things. First, they breached the company databases. Once inside, they exposed addresses, dates of birth, employment history, employment information, income data, medical ID’s, names and Social Security numbers. Particularly noteworthy is the fact that payment information was not compromised. That means there’s no need to cancel credit cards that were used to pay Anthem bills yet. Second, hackers created a number of phony email accounts with Anthem domains.

There are two ways victims might be affected by this scam. First, they might have their personal information stolen. This group exclusively consists of current and former Anthem customers. Given the timing of the hack, this will likely result in a fraudulent tax returns and possibly other instances of identity theft.
The second wave of victims is only just now emerging. The fake email accounts have been used to send wave after wave of “phishing” attacks to Anthem customers. These attacks take the form of an email apology with an offer for a year of free credit monitoring. Recipients of the email are redirected to another website to enter their Social Security number and other personally identifying information. This information is then used to commit any of a smorgasboard of identity theft crimes.

Anthem is currently being sued in several states. One lawsuit alleges current and former Anthem subscribers were misled about the security of their personal information and is seeking unspecified damages from the provider in overpaid premiums. Another pending lawsuit is seeking damages resulting from the frauds themselves. Until these lawsuits are settled, Anthem will likely not make any public statement of responsibility or apology, as this could be viewed by the courts as an admission of guilt. At this time, Anthem is offering no free credit monitoring service nor has it made any statement to members outside the press.

If you’re an Anthem subscriber, there are a few steps you should take as soon as possible. To find out if you’re an Anthem subscriber, check your insurance card. If you’re part of a group plan at work, you may need to ask your HR representative if your plan is administered through Anthem. In the meantime, take these three steps.

1.) File your taxes.

This will be one way to check if your Social Security number has been compromised. The state of Connecticut is encouraging their citizens to file early if they’re Anthem customers so hackers using stolen Social Security numbers will be easier to detect.

2.) Put a fraud alert on your credit report.

Contact any one of the three major reporting bureaus (Experian, Equifax, or Transunion) and explain your worries. A fraud report on one account will create a fraud report on all three, so there’s no need to duplicate your efforts. This report will notify you if anyone attempts to open an account in your name during the next 90 days. If you’re absolutely sure your number has been compromised, it might be worth putting a freeze on your credit history. This will prevent anyone from checking your credit or from opening up any account in your name, including you. While drastic, this measure is a sure-fire way to keep yourself safe.

3.) Get proactive with government services.

Notify the Social Security Administration and the Internal Revenue Service of the possible fraud to ensure that no one attempts to file a change of address form in your name. The US Postal Service also maintains a similar service. These steps will ensure that you’ll at least get a paper trail if someone makes an attempt to steal your identity.

Anthem is maintaining a toll-free question line.  Customers with concerns or fears should call 877-263-7995.  They have also created a website – www.AthemFacts.com – with up-to-date information about he scope and severity of the breach.  They have made it clear that future contact with customers affected by the breach will be made by mail. 
 
SOURCES:

You Don’t Have An ‘Email Quota’

/ destinationscreditunion / Leave a comment


Scammers will concoct any number of believable-looking lies in pursuit of your personally identifying information. They’ll pretend to be anyone and claim anything to get you scared, anxious and uncertain. They know that’s when you are most likely to make mistakes.

A new circulating scam is a remix of that old con. The Better Business Bureau reports this week on a new malware distribution scheme.

In this scheme, the scammers email you pretending to be from your email service provider (Google, Yahoo, etc.). They’ll tell you you’ve exceeded your email quota or that you have “deferred email.” The email will instruct you to follow a link to retrieve your un-checked email. Other variations of the scheme will tell you that you need to “update your personal information” to continue using your email service, which will require you to click a link to log in.

The link is to a malware download site, and once you click the link, you’ll be infected. The breed of malware will vary from attempt to attempt. Some may only bog down your computer with popup ads and other irritations. Others will root through your browsing history and personal files, looking for account numbers, personal information, and passwords. You may never know you’ve been infected until you get an unexpected credit card collection call.

Some scammers have gotten more sophisticated with the initial pitch, and will include “unsubscribe” or “change notification settings” in the footer of the e-mail. People looking to reduce the amount of unsolicited email they receive might click this link. They would be disappointed to learn that this link will also direct them to malware download sites.

If you’re looking to keep yourself safe from this new threat, here are three steps you can take.

1.) Know your Terms of Service

While there are upper limits on the amount of email your service provider will store for you, unless you’re sending DVDs worth of information regularly, you will never approach that limit. Gmail, for instance, will store around 65 gigabytes of email data for you. This is bigger than the biggest memory card available for your camera. If you received 23 professional-quality photos every day, it would take you a year to exceed your storage limit, assuming you never deleted any of them.

Email service providers also set some limits on the number of emails you can send, but if you’re clicking the send button each time, you’ll never exceed that frequency. These limits are designed to prevent malicious or fraudulent activities, which is why they target automatic message sending. If you’re running a business out of your home, you might worry about tripping this limit. For your personal email, though, this will never be a concern.

If you’re expecting an email regarding a job interview, family news, or other significant life event, be proactive. Contact the person you’re expecting to hear from and ask for an update. Sitting and waiting creates anxiety, which makes an environment ripe for scams.

2.) Don’t follow mystery links

If you receive an email from someone you don’t know, and it contains a hyperlink, don’t click it. Even visiting malicious websites can infect your computer, causing untold damage. Even if the message comes from someone you know, if there’s no context for the link, don’t click it.

You can take steps to figure out if the message you’ve received is legitimate. Look at the “from” line. The message may appear to be from “Google Admin,” but the email address might be googleadmin@freesites.ru (for example). If the second part of the email address (the domain) doesn’t match what you think it should be, it’s probably bogus. If there’s even a shred of doubt in your mind, don’t click.

Part of practicing good Internet hygiene is keeping your computer away from dangerous websites. Even if you think there’s nothing on your computer worth stealing, your computer could be used by scammers to cause serious damage to your friends and family. Stay safe, and keep your friends safe, too.

3.) Report suspicious activity

Email service providers take these scams as seriously as you do. Someone is trafficking in their good name to exploit their customers. They are eager to put a stop to it to keep their brand image safe and their customers happy.

If you have any doubt about the legitimacy of a message, forward it to your provider’s abuse address. Gmail has an option to “Report phishing” in the drop-down menu next to the reply button. Yahoo and Hotmail offer similar functionality. For larger corporations, try forwarding the message to “abuse” or “admin” @ the company’s website – abuse@target.com, for example.

These companies would rather sort through a thousand false positives than let people continue to defraud their customers. They value you because they’re providing you a service. Don’t hesitate to let them know something’s amiss.

For more information about fraudulent practices, visit Destinations Credit Union’s website and take a look in the Fraud Prevention section.


SOURCES:
https://sg.help.yahoo.com/kb/mail-for-desktop/report-spam-hacked-accounts-phishing-scams-yahoo-sln3402.html?impressions=true

Hackers Develop New Attack Method: Charities

/ destinationscreditunion / Leave a comment


It’s around this time of year that most charitable organizations run their biggest fund-raising drives. In so doing, they’re getting millions of contributions from many new contributors. Yet while they must make it as easy as possible for folks to donate, their limited personnel are overworked, making it difficult to thoroughly review all credit card authentication data.

Meanwhile, another group is working some holiday overtime too: Internet scammers. Because many consumers are shopping for goods they don’t usually buy, fake websites pop up, taking advantage of this inexperience to harvest payment information. The biggest challenge is sorting out the real sites from the fake or canceled ones. These two problems may have more in common than you think.

A new report by security firm, Phishlabs, unveils a shocking new strategy for solving that hurdle. Hackers use a chat-based program to transmit credit card information to make a small donation. If the transaction is successful, the program confirms the data the hacker supplied is legitimate.

In essence, hackers are using charities as a trial run for stolen credit card numbers. To understand what this means for you, let’s look at how the authentication process works, why charities are ideal targets, and how to keep yourself safe.

Authentication explained

Before you make an online transaction, the retailer will take some steps to verify your identity. You provide a credit card number, a security code and some other information. The form might ask for your billing address or ZIP code, for example. The idea is to keep your account safe by requiring several authentication factors. It works fairly well at frustrating casual scammers.

That’s why this bot is so useful to cyber-criminals. It can check data in low-risk, easily concealable ways. The operators of these services charge a fee in “credits” to would-be scammers. They earn these credits by paying for them or by performing a variety of “services” for the operator’s criminal enterprise.

By making a small donation to a charity, the bot can check to see if the information a scammer stole works. These donations are usually between $1 and $5 to one of a selected range of charitable organizations. If the payment sends, the scammer is free to use the information to buy other, more expensive goods.

Why charities?

Charities are the perfect target for this kind of operation. They use the same authentication strategies as every other business, but they seldom have the resources to investigate fraud. They also want to make it as easy as possible for people to donate. This means they use static donation website names and don’t use anti-bot software like Captcha. This makes them easy for a program to target.

Charities are also good targets because they have little at stake in stopping fraud. Defrauding a retailer puts them out the goods they sell. A fraudulent credit card used to buy a TV leaves the seller of that TV responsible for replacing the TV. Nothing like that exists for a charity. The donation amounts are usually miniscule, so their loss won’t seriously affect budgets.

Finally, charities are good targets because they are innocuous. Average consumers are more likely to overlook small charges to charitable organizations. They might think of them as contributions they made without thinking about it.

Protecting yourself

If you take all the usual measures to keep your identity safe online, this shouldn’t be much of an issue for you. If you think your information might have been stolen,though, consider taking the following steps:

1.) Watch for oddly specific amounts that have been sent to charities in your statement. Neither you nor your partner would give $4.48 to a charitable organization.

2.) Be preemptive in your giving. Donate to charities where you’ve done your research and only give to those that align with your values. Keep a list of charities you support and check your statement for any organization not on that list.

3.) Report these charges immediately both to your card issuer and to the charity on your statement. They can use a variety of indicators to track other fraudulent charges and catch other scammers in the act.

Beating this scam requires care and vigilance, just like every other scam. You need to know where your money’s going and be careful with where you make your payments. Don’t shop at websites you don’t know and trust, and don’t give out credit card information to anyone you don’t know. Check your statements regularly and report any suspicious activity.
SOURCES:

Early Retirement Costs You Might Have Missed and How to Save for Them

/ destinationscreditunion / Leave a comment

Retiring early is the dream. You get to spend more time with your family and enjoy your hobbies while you’re healthy enough to do so. You can say goodbye to the workaday world and begin your permanent vacation. 

Maybe it’s less of a dream and more of a necessity. Maybe health problems like chronic pain or arthritis, are forcing you to consider giving up your career before age 65. Perhaps your children need you to help with caring for your grandchildren. 

Whatever your reason for retiring early, a new study released on 6/12/14 by Fidelity Investments warns it will cost you in ways you might not expect. According to the study, early retirees can expect to pay an extra $17,000 per year in medical expenses. The reason? Medicare coverage gaps. You give up your employer-provided health insurance when you retire, and Medicare doesn’t kick in until age 65. This means you’re on your own at a time when your health care costs are near their peak. 

Insurance companies charge older policyholders higher premiums, which means a they’ll claim a bigger chunk of your retirement money. As a savvy credit union member, you know the advantages of planning ahead for your golden years. Let’s look at a few ways you can avoid sticker shock at your retirement party: 

  1. Short-term insurance One popular option is to look for an emergency-only or high-deductible insurance plan (HDHP). These plans feature inexpensive monthly premiums, but offer little in the way of coverage. These budget-friendly insurance options are great if private health insurance is too expensive. You can expect to pay for a variety of costs out-of-pocket. Routine, preventative, and non-emergency medical procedures will be your responsibility. A regular checkup will cost at least $75 and the costs can escalate if your doctor orders tests or other procedures. You may also pay full price for prescription drugs. This option is best if you’re retiring just before age 65. You can afford a few months of risk before Medicare coverage starts. However, you’ll still want another savings option to help with massive medical bills. 
  2. Open a savings certificate for major medical expenses You likely use savings certificates (similar to CDs at a bank) to keep an emergency fund on hand. These savings instruments are ideal for building up money in case of a rainy day. You may want to create one specifically for your health care costs. You’ll want to keep this money separate since you’ll have different needs for it. A sudden, unexpected medical bill is different than needing a new car. You’ll likely have a little more time to pay your medical bill. Many hospitals are willing to work around your financial situation. A 6- or 12-month certificate provides the perfect combination of accessibility and growth. Once you turn 65, you can add your remaining funds to your other retirement savings or even use it to finance a vacation! 
  3. Open (and use) a Health Savings Account A Health Savings Account (HSA) is a special tax-advantaged account for your savings that allows you to defer taxation on the money. The idea is that the money you spend on health care costs shouldn’t be taxed. So, you can save money to pay premiums, deductibles, and other healthcare-related expenses. These accounts have been growing in popularity this year. If your family insurance plan has a deductible of $2,500 or more, you can open an HSA. You can contribute up to $6,450 to your HSA per year, tax-free. Many employers also provide matching contributions to HSAs as part of their benefits package. While withdrawals from your HSA are allowed only for medical expenses, this rule is waived for people 65 or older. While non-medical withdrawals are taxed, the money still grows tax-free. Many financial planners are advocating the use of HSAs as a kind of “shadow IRA.” With them, you reduce your current tax burden while saving for retirement. 


Planning for your future health care costs can be scary, but it’ll be much scarier to go into retirement unprepared. Sit down with a representative from your credit union today to discuss how you can save for your health care in retirement. You’ll thank yourself later. 

SOURCES: 
http://www.irs.gov/pub/irs-pdf/p969.pdf http://online.wsj.com/articles/health-savings-accounts-can-double-as-shadow-iras-1401481345
http://www.marketwatch.com/story/fidelity-analysis-reveals-extra-health-care-costs-in-retirement-for-couples-retiring-before-age-65-savings-for-those-who-delay-2014-06-12 
http://www.sentinelsource.com/business/financial_news/hidden-cost-of-early-retirement-medical-bills/article_791fce9c-584c-5245-84c2-0c7746b7523e.html

Social Media Beware

/ destinationscreditunion / Leave a comment


Social media is more popular than ever, and new platforms seem to rise up out of virtual obscurity and into popularity almost immediately. Facebook, Twitter, SnapChat, Instagram, YouTube, Friendster, SlideShare … it seems like there is a social media platform for everyone. But as a young adult looking to enter the workforce soon, you’d be wise to approach all social media with caution.

According to a 2009 CareerBuilder survey, 45 percent of employers use social networking sites to find out more about job candidates. What does this mean for you? Those pictures from last weekend’s party or the political rants that frequent your wall could turn up years from now and might hurt your chances of getting a job.

Here are some tips to safe social networking that you should implement now:

  • If it’s not for your grandmother’s eyes, don’t post it.
  • Change your settings so photos of you won’t post unless you first approve them.
  • Others can see your friends, followers, and who you’re following. Be selective. If someone doesn’t display your values and the values you hope to portray to others, remove them from your friends list.
  • Online content is forever, whether you “clean up” your profile or not. Anyone can grab a screen shot of something you’ve posted and use it later. You’ve seen the posts listing some of the most ridiculous status updates. Don’t be included on one of those lists.

Social media can be a great coup to your job search, if you use professional sites like LinkedIn. And when used with caution, platforms like Twitter, Pinterest, Tumblr and even Facebook can help. But they all should be accompanied with some pause and caution before posting anything. So be professional, and happy job hunting!

Financial Self Defense: Ransomware and Mobile Devices

/ destinationscreditunion / Leave a comment


One moment, you’re surfing the Internet.  A minute later, a pop-up shows your files have been taken hostage and that you’re required to pay a $300 ransom to have them released back to you.  You stare at the screen in disbelief.  How is this possible, especially considering you are on your mobile device?

Ransomware – malware that accesses your computer system and blocks access to your files until a ransom is paid to restore access all while stealing your payment information – has been becoming more prevalent among PC users.  While these attacks typically focused solely on PCs, they are now adapting to include mobile devices.  That’s right, the very same mobile devices you use to access your credit union accounts for checking balances, transfer funds and make payments.

An example of a Russian-based mobile device ransomware is called “Svpeng.” It focuses on tactics for infecting mobile phones and mobile banking applications. It infects the device with a phishing window when the application is opened. This overlay attack is used to steal online banking information as the malware pretends to be the application’s login screen.  The user enters login and password information, which is then stolen by the hackers.  Once they have access to the account, they can control the account. Svpeng also phishes through Google Play if that is on the mobile device.

This tactic also involves SMS messages being sent to two Russian banks to determine if the phone number of the device is connected to any payment cards.   If a card is indeed connected to a number, the hackers use commands through the device to transfer the victim’s money into their own accounts. While Svpeng has currently been seen only in Russia, it is expected to expand into other countries; one of the features of the ransomware checks the mobile device’s language settings to determine the appropriate language to use for the attack.

As time goes on, other PC-based ransomware programs may also be adapted for mobile devices or more ransomware programs that are specifically designed for mobile devices may be created. Hackers are always looking for ways to evolve their tactics in hopes of stealing more information and making immediate profits.  Svpeng, for example, had 50 modifications to its malware within a three-month period.   

How does this type of malware get onto a PC or a mobile device?  It could be through a “drive-by download” where malicious software is downloaded without the user even knowing about it. This happens as the user surfs the Internet without a care, yet comes across a compromised Web page or clicks to a website through an HTML-based email.   It could have been downloaded through a phishing email, which appears to be from a credit union, yet is a fake email linking to a compromised Web page.  The ransomware could also come through an email attachment that is malicious.

After the infection occurs on the mobile device or PC, the overlay or ransomware tactics are used as was described with Svpeng.   That way the hackers can either directly steal the login and password information when the credit union account is accessed, or the user is blackmailed by a direct ransomware attack to send money to unlock the mobile device.

Many of the ways ransomware can be prevented from infecting a PC are the same for preventing on a mobile device.  Make sure data on a mobile device is regularly backed up. This will help with recovering information if the device is hijacked.  Make sure an antivirus program is running on the mobile device. Follow safe Web browsing habits.  Block suspicious emails.

Don’t download data or apps from questionable sources. Don’t “jailbreak” a device where built-in controls and security features are overridden; this removes an additional layer of protection against ransomware attacks.

If you think your mobile device has become a victim of ransomware, you can try to remove it by running a virus scan through mobile antivirus software. Don’t pay any ransom because it won’t guarantee the release of your data and you are giving additional payment information to the hackers.  If none of these work, talk with your mobile device or cellular provider and/or their tech support. Of course, notify your credit union to monitor your accounts for any potentially fraudulent activity.

Financial Self Defense: Protect Yourself Against Pinterest Scams

/ destinationscreditunion / Leave a comment

Social media is an ideal place to relax and find people who share your interests. Sites like

Pinterest are great for keeping your recipes and projects organized. They’re also a great way to keep up with the people in your life who you don’t see every day.

Scammers have recognized these sites as ideal places to strike. A Better Business Bureau report from March 27, 2014 reveals that scammers have found a way to use Pinterest. They sell counterfeit products, push dubious work-from-home schemes, and fish for your personal information.

 
The scam works like this: you receive an e-mail that a friend has shared a “pin,” which is what the site calls its scrapbook items. This link looks legitimate complete with a headline and a realistic photo.
 
You open the e-mail and click the link, which directs you to a fake login site that looks like the Pinterest log in page. You log in with your user name and password, which are then stored in the scammer’s database. They can use this information to commandeer your other social media accounts. Then, they can spread the scam to all your friends, providing the ideal environment for continued growth of the scam.

Worse yet, they can use the information you’ve stored on your social media profiles as part of a social engineering scheme. Efficient hackers can use the information in your profile to pretend to be you for financial transactions. Gaining control over your social media accounts is a first step toward identity theft.

It seems that the price of recreation is eternal vigilance. Even when in the parts of the Internet that seem devoted to relaxing and unwinding, you must always be on your guard against identity theft. Here are some steps the Better Business Bureau recommends you take to avoid getting pinned in a social media scam.

Watch where you log in

Check the web address every time you log into social media sites. It should always be pinterest.com or twitter.com or the trusted web address of your intended social media destination. If there’s another word, or if there are a bunch of jumbled letters in there, it’s a sure sign that someone is fishing for your password. Close the link immediately.

Also, practice good net hygiene. Log out of your social media accounts when you’re not using them, and don’t share your password with anyone. Keep your social media accounts separate and use different passwords for each. This will prevent scammers from accessing several accounts if one of them gets hacked.

See something, say something

Legitimate social media platforms hate scammers just as much as you do. They know that you’ll only keep using their service if you trust it. You can use the “report this” link to let the administrators of the site know that something’s amiss with the pin or page. They can investigate and close it down before it spreads further.

If you see a friend sharing something that seems out of character or suspicious, let them know. They may have been hacked without knowing it. Be a good friend and let them know so they can take steps to protect themselves.

Be security conscious

Choose complex passwords that include numbers, letters, and punctuation. Try to avoid using dictionary words. You can use names of streets, companies, or celebrities to get a password that’s easier to remember but harder to crack.
You should change your password at least every six months. If you develop two or three strong passwords, you can rotate between them to make sure no one is sneaking into your account. If you suspect your account has been compromised, change your password immediately!

With a little bit of added security, you can continue to enjoy all the benefits of social media. So go ahead and share your wedding plans, your house remodel, or your arts and crafts. Just be careful what you share from others and pay attention to what you click on in your email inbox. You never know who might be on the other side.
For more personal finance tips and fraud alerts, please visit our website, follow us on Twitter, or “Like” us on Facebook.

Heartbleed: What It Is and How You Can Protect Yourself

/ destinationscreditunion / Leave a comment


If you’ve been keeping an eye on the news this week, you’ve no doubt heard about “Heartbleed,” a security vulnerability in one of the most popular pieces of encryption software on the web. Some security experts are describing this as the biggest security breach in Internet history. Before we start lining bunkers with concrete, let’s look at what Heartbleed is, who it affects, and what you need to do in response.

Heartbleed? What’s that?

Heartbleed is the nickname given to a security vulnerability in OpenSSL. OpenSSL is a popular online encryption library. The vulnerability allows hackers to find the secret codes that websites use to identify themselves. These codes allow hackers to translate information that a computer sends to a website. Without it, this information would appear as indecipherable gibberish.

The worst part about this vulnerability is the fact that it’s been around for two years and there’s no way to know whether it’s been used on a particular service. Security experts have only discovered and informed the public about the flaw over the past few days.

It’s unlikely that this exploit was common knowledge before. The brightest minds in online security work for large, multinational corporations, charged with keeping data safe. Still, hackers could have compromised passwords, e-mail accounts, user names, and other personally identifiable information. That’s a significant concern.

Who was affected by Heartbleed?

The biggest problem areas are Yahoo Internet services. If you use Yahoo e-mail, play Yahoo Fantasy Sports games, or use Tumblr, your password(s) may have been compromised. Some Google services, like Gmail and Google Drive, were also vulnerable. Social media sites like Twitter and Facebook may have been, too. If you filed your taxes through TurboTax or USAA, your data may have been vulnerable. The good news: Most online financial services use other modes of encryption and were not vulnerable.

The threat in this case isn’t just in the fact that someone could gain access to your e-mail. The real problem is that most people use a small collection of passwords for most services. Hackers know this and will therefore use those user names and passwords on other, more lucrative services.

What can you do about it?

Understand, first, that the odds of any one password being released through this leak is small. This is an exploit that only a small number of the brightest minds in computing could find. There is no cause for panic, and this bug does not mark the end of the Internet.

If you use one of these services, change your password, both on these services and other services where you’ve used the same password. Pick a new password that is easy to remember and strong. Follow the same good password rules you always have to keep your data safe. Whether the services you use are identified as part of this breach or not, it would be wise to go ahead and swap out the old passwords for new passwords that are, again, strong and considerably different from what you had previously used.

Developers have released a new version of OpenSSL without the vulnerability in it. There is no need to change your online behavior. The services named above have all patched their encryption software to avoid this problem. You should have no less confidence in online shopping and banking than you did last week.

In the future, it makes good security sense to use a unique password for each site or service you access. Part of the reason Heartbleed has become such a big deal is the fact that it exposed a weak link in the system. Your passwords are only as secure as the least secure means you use to store them. Using more passwords and multiple variations of them helps keep your personal information safe and secure. It avoids putting your finances in the same security system as your social media.