Beware Of Banking Scams

Scammers never take a break. They’re always dreaming up ways to con you out of yourImage of man using computer money. Recently, there’s been a significant uptick in scams involving checking accounts at many financial institutions.

In these scams, criminals will utilize social media to connect with the victim.

They usually pose as representatives of a bank or credit union and milk the victim for sensitive information, like account numbers and passwords. Since the scammers are using the credit union’s social media accounts, the victims often won’t hesitate to share this information. When the scammers have what they need, they will proceed to empty the victim’s accounts and then disappear.

Often, when the scammers receive a response from the victim on social media, they will redirect the victim to what appears to be the financial institution’s website. The victim, thinking they are on the site they frequently use, will quickly input their username and ID, which the scammers will then use to empty their accounts or open credit cards in the victim’s name.

Sometimes, the scammers will impersonate helpful member representatives who are seemingly looking to answer your questions. You’re used to our representatives being helpful and always on call to assist you, so you won’t see anything strange with the scenario.

Other times, the scammer may claim your account has been compromised and you need to immediately update your information. They’ll be oh-so-helpful with this step. Until you share your information with them, that is.

Still other times, scammers will pose as representatives of a sweepstakes or some other contest that you’ve “won.” All you need to do is share your account information and your passwords to be made into an instant millionaire! Except that, of course, you won’t.

Don’t be the next victim! Be aware and be alert. Here’s what you need to know about this scam:

1.) Check URLs

Scammers are becoming increasingly more suave at posing as companies their victims are familiar with. You can check a site’s authenticity by double-checking the URL on the web address. Make sure it matches Destinations Credit Union’s site exactly. You can also check a site’s security by looking for the “S” after the “http” on the web address.

2.) Be suspicious

Awareness can be your best protection. It’s easy for a scammer to pose as a member representative on social media, but if you’re on guard, you’ll spot these fakers. Is a representative claiming there are problems with your account when everything seems to be in order? Are they asking you to share sensitive information through insecure channels? Is someone promising you’ve won a contest you’ve never entered? If things don’t add up, it’s best to opt out.

3.) Reach out to your credit union

It may be difficult to determine whether the people you’re talking to are the real thing. If you think you’re dealing with Destinations Credit Union but things suddenly start looking fishy, there’s a simple solution. Hang up or log out of whatever medium you’re engaged in and call Destinations Credit Union yourself. You can always reach out to us at 410-663-2500. This way, you’ll know you’ve really reached us and you’re not being scammed. Be sure to call this number and never use another number suggested by a suspicious-acting “member representative.”

4.) In case of fraud, take action

If you suspect you’ve been taken for a ride, let us know as soon as possible. The sooner you catch a scam, the better off you’ll be. We’ll also be able to alert our other members and work on catching the crooks who’ve conned you.

It’s also a good idea to let the Federal Trade Commission (FTC) know about the scam. The more information you share, the easier it will be for the feds to nail those scumbags. Contact the FTC at FTC.gov.

5.) Protect yourself

It’s a good idea to practice basic safety and protective measures with your accounts.

Here’s how:

  1. Safeguard account details: Never share account information without being certain about who you are talking to.
  2. Use good password hygiene: Use complex passwords and change them often. Be sure to use different passwords for each of your accounts.
  3. Choose extra protection: Opt in for two-factor identification when logging into your accounts. That’s an extra level of protection for you and another hurdle for scammers to scale.
  4. Set up alerts: Choose to receive an email or a text message when transactions on your account exceed your typical level of spending.
  5. Monitor your accounts: It’s a good idea to check your accounts on a regular basis, and with our mobile app, this is now easier than ever. In most cases, you will be responsible for fraudulent charges on your account if you report them more than 60 days after your monthly statement is delivered.

SOURCES:
https://www.google.com/amp/amp.timeinc.net/fortune/2016/11/11/social-media-cyber-scam 

https://money.usnews.com/money/blogs/my-money/2015/01/23/5-scams-that-target-your-bank-account 
https://www.cnbc.com/2017/05/12/this-growing-fraud-will-drain-your-bank-account.html 
https://www.infosecurity-magazine.com/news/social-media-phishing-attacks-soar/ 
https://www.advantiscu.org/fraud-prevention/beware-of-phishing-scams-in-social-media.html

Rogue Access Points


We’ve all been there.  It’s been a long day of shopping at the mall, or waiting in an airport, or driving across the country, and we finally get a chance to pull out our phones or laptops and look for WiFi. Good news: You’ve found one that doesn’t require a password!  Free WiFi saves the day. You click accept and head to your favorite place to watch videos of kittens, or whatever people normally do on the Internet … we mostly watch kittens.

There’s just one problem: what if that free WiFi was a trap?  One of the cleverest phishing scams out there right now is built on the lure of free WiFi using rogue access points, and it has enough variations to stay ahead of the security teams at Apple, Samsung, Microsoft and our own security for one simple reason: The soft spot in your security is you. 

Here’s how phishing on rogue access points works:  The scammer will set up a wireless router offering free Internet, often marked “Free WiFi,” “ATT WiFi,” or “Starbucks.”  Would you be suspicious of those networks?  Many people just look for the strongest “free” network, while most of the rest of us look for a name we trust.  How paranoid do you have to be to not connect to Starbucks WiFi at the mall?  Once you connect, though, they have a variety of ways to get any information they want off your phone or laptop. 

Even scarier, some scammers are using programs that tell your phone that the name of the free wireless available from the scammer’s router is whatever name your phone is looking for, so it can even connect automatically while in your pocket.  You can get phished over your phone just by walking in the wrong area. 

Once you’re on their network, they have a variety of ways to steal your info, from just grabbing your session cookies to using keystroke monitors to get logins and passwords, to the traditional phishing technique of creating dummy sites that look like Facebook or major credit card websites to prompt you for your info. 

Here’s what you can do to stay safe: 

  1. Turn off your WiFi unless you’re at home or work.  I know, I know. The only thing worse than mobile network data speed is mobile data network pricing.  Well, maybe mobile network customer service. Unfortunately, all that WiFi you grab every day can be dangerous.  Even if you’re not running into rogue access points, you’ve still got to hope that the coffee shop or burger joint actually pays attention to the security of their wireless router, which few even think to do.  Even those businesses that do think about security rarely spend money on it – rarely are they bringing in a professional. No, they’re asking a minimum wage employee to “take care of it” because “you’re young and good at computers.”  On a related note, isn’t it odd that coffee shops don’t spend more time thinking about their WiFi?  Isn’t that a core business at this point? 
  2. Even then, make sure your home and work WiFi are safe. Endpoint security, like Norton antivirus, is not as effective as it once was, simply because there are so many more points of vulnerability than there were a few years back.  We’ll have an extended look at securing your WiFi network in a future installment, but for today, set up your password with WPA2 Enterprise encryption.  If your router does not support it, it’s time for a new router. 
  3. Rename your home network something like “This Public WiFi is UNSAFE.”  It might sound weird, but if a scammer tries to use software to tell your phone the name of his network is the same as your home network, your phone will tell you it’s connected to “This Public WiFi is UNSAFE” and you can get off of it. 
  4. Apps are your friend.  Most apps, including ours, use HTTPs security, rather than HTTP. This can actually stop some of the tactics many scammers use.  Remember, they don’t want to beat the best security; they want to do as little work as possible and beat those unwary souls who rely on the worst security.  A simple step up is enough to keep many scammers at bay. 
  5. Get an app that prevents rogue access.  Depending on your operating system (OS), you have different options, but search your app store.  It’s worth the trouble and $4.99. 

Sources:

Your Greatest Strength Might Be Your Greatest Weakness

We’ve all had that moment when we were shopping on eBay at 3 a.m. and spotted the deal of the century -an Omega Speedmaster Moonwatch for just $100? That’s the watch that’s been on the moon! Then we realize the price is too good to be true when we see that our newest find will ship from the other side of the planet and the listing features mysteriously blurry photos that obscure key details. Maybe that Moonwatch spelled Saturday with a “B,” because some scams are really easy to spot.  We’ve all seen the scam and after catching ourselves, we’ve all asked ourselves the same question:  Who falls for this garbage?

From behind a computer screen, spotting a scam is as easy as a stroll in the park on a beautiful Saturbay afternoon.  What investigators have realized is that it gets much tougher when fraud happens in person.  In person, all of those skills we’ve developed online go away and we become easy marks.  

The IRL problem

It’s easy to act differently online.  No one knows us there, so we can make up the life we want to live or act without repercussions. Otherwise calm and decent people can become maniacs online if certain topics come up – from vaccinations to the recent play of the local professional quarterback.  For others, the digital world is a place of exploration and indulgence in hobbies that are unavailable offline, as players of World of Warcraft or the thousands of people who left reviews on Food.com’s recipe for ice cubes can attest.  However we change behind the computer, it’s easy to see that we think of ourselves and others differently while online.  Offline, you wouldn’t constantly harass your friends about a farming game, would you?

The same is true when it comes to scams.  When we sympathize with people, we lose the critical distance we need to spot scammers.  If we can connect with a person, we are far more likely to fall for a scam, and talking to them away from the computer increases that personal connection.  

Think about it this way:  The FTC says the most common forms of scams all involve human interaction, not computers.  The most common form of online identity theft isn’t breaking into your credit union — we’re really good at security — it’s phishing, where scammers convince victims to willingly give up their credit card information.  The most common phone scam is the grandparent scam, in which the bad guys use our natural concern for our family to get money out of us. The most common scam ever might be the basis for the modern home improvement scam: using a hard-luck story or the victim’s greed to convince them to pay up front, then never actually do the work.

How to avoid in-person scams

1.) Be wary of surprises and secrets.  Two things that should tip you off right away are really big surprises and really private secrets.  If you won money in a contest you don’t remember entering, you probably didn’t enter it.  If you’re getting a big payday, but you can’t tell anyone about it, you’re probably not getting a big payday at all.  If a company runs a contest, they want to get publicity. If you’ve got contest winnings coming, that company probably made you put down your email address and a bunch more info.  It probably took a while for them to get all of your data.  You’d remember.  Even in old TV shows they understood that surprises and secrets were a bad sign – if a 1960s sitcom hero inherits a mansion from an uncle they’ve never met, you better believe it’s going to be haunted.

2.) Take your time.  If someone needs you to act quickly, that’s often a clear sign of a scam, particularly if the sudden rush is coupled with a surprise as described above.  Scammers understand the power of groupthink – which is what psychologists call that trend among humans to make worse decisions in groups than by themselves – largely stems from an impending time deadline. By denying you time to catch your breath, scammers are trying to rush you into a bad decision and keep you from getting advice from someone with distance and perspective.

3.)  Try to be a robot.  NPR’s “Planet Money” podcast aired an episode covering the danger of our humanity very well.  In it, a banker named Toby convinced dozens of people to help him perpetrate a large-scale fraud simply by telling them his hard-luck story.  He claims that not one of them turned him down.  The case made in the episode is that for each person who heard the story, the ethical decision to commit a fraud and the rational decision to trust a scammer was completely overwhelmed by our sense of sympathy and injustice. Don’t let that be you.  

Hopefully, you’re not going to have to deal with in-person scammers very often. If you do, be sure to contact the FTC here: https://www.ftccomplaintassistant.gov/#crnt&panel1-1 and the FBI here: http://www.ic3.gov/default.aspx 

If you think you may have been the victim of a scam, identity theft, phishing, or any other security threat, let us know immediately.  The sooner we know, the safer your accounts at the credit union.  You can email us at info@destinationscu.org or call us at 410-663-0859.

Sources:

http://www.npr.org/sections/money/2012/04/17/150815268/why-people-do-bad-things

The Best RFID-Blocking Wallets For Women


We recently brought you information about the best RFID-blocking wallets for men. Today, we have a review of the best RFID-blocking wallets for women, who have far more options in terms of styles, looks, and formality. If you’d like to read the previous installment, click here http://blog.destinationscu.org/2015/08/the-best-rfid-blocking-wallets-for-men.html.  In it, you can learn about what RFID is and why you need a wallet that blocks the signals from your cards.


Here are our top choices for four very different kinds of card-protecting options:

Women’s Trifold Wallet

by Access Denied ($55.95-$66.95)

Our first option is one of the most basic wallets offered to women that is also capable of holding everything while still looking fashionable. The Access Denied trifold wallet has space for your cash, cards, passport and checkbook, so you know that this wallet can handle whatever you need for your day. It’s also available in a variety of neutral tones and common purse colors to coordinate with your everyday bag. It’s hard to find this much convenience and variety under $60.


That said, if you’re a fan of high-quality leather, you might be put off by the lack of full or top-grain leather with this wallet. If that’s something that upsets you, be warned that this guide is very light on such top-flight materials, because the wallet manufacturers don’t seem to use them very often for RFID wallets. If you want to step into high-quality leather goods that keep your identity safe, you’re going to be paying a lot of money.

RFID-Blocking Secure Ladies Mini-Trifold

By ID Stronghold ($49.99)


Identity Stronghold has an inexpensive wallet that should fit into any purse.  If you want the convenience and storage options of a much bigger wallet, the Identity Stronghold Mini-Trifold has a zippered coin pouch, credit and ID card slots and a pocket for your cash.  The faux-reptile leather finish is a stylish touch that Jane Birkin would appreciate because, unlike the Hermes Bag named for her, no alligators were harmed in making it.  


The wallet comes in a few different faux-reptile finishes, ranging in color tone from muted purple to the bright red pictured here.  It’s deceptively stylish for the price.
 

RFID-Blocking Cross Body Bag (Left)

by Travelsmith ($99.00)

RFID-Blocking Double Frame Clutch (Right)

by Travelsmith ($68.99)

Another option is to find a small bag that you like and use it for carrying your wallet. Both of these options from luggage maker Travelsmith offer full RFID protection for everything within the bags, including credit cards, IDs and passports. Like the Access Denied trifold wallet above, these bags are available in a variety of colors to suit just about any taste.


If you find the idea of moving away from a beloved bag or purse unappealing, the chain straps can be removed from either of the Travelsmiths and the bags can be used as wallets. Each bag comes with some organizational features, but if you want everything to have a place, you may find the lack of dedicated pockets frustrating.

Fine Art RFID-Blocking Card Sleeves

by Armored Wallet ($9.50)


Finally, we have the option for anyone who would like to keep their current wallet or purse, regardless of style preference or gender. These inexpensive sleeves wrap around your cards individually to protect them from skimmers and look great while doing it. Armored Wallet offers a variety of colors and prints featuring classic works of art. There’s something to be said for the unique touch of carrying classic art in your wallet, and even more to be said for protecting yourself while getting change back from a $10 bill.


The masterpieces featured on the sleeves come mostly from European impressionists like Van Gogh and Monet, and don’t extend much past the paintings you might have had as a dorm poster in your college days. So, if you were hoping for Klimt or Kandinsky, you’re out of luck.


In the end, your choice will be dictated by your personal style. If you’re an upscale fashionista, you may be disappointed with the season’s offerings; among Saks 5th Avenue, Nordstrom, Barney’s New York, and Coach, not a single RFID-blocking women’s wallet can be found. If you prefer simplicity, you might want to check out the men’s wallets, most of which claim to be unisex. If, however, you’d rather save money and protect yourself from identity theft than look good on the runway, you have your choice of a vast number of styles and colors. Whichever you choose, make sure you find a way to protect your cards, even if that means wrapping them in tinfoil until you can find a suitable and fashionable alternative.

Sources:
 

The Best RFID-Blocking Wallets For Men


By the end of the year, you’re going to be carrying some brand new tech in your wallet. That is, if you aren’t already doing so. The major credit card companies have all moved to chip-and-PIN cards, which use Radio Frequency Identification (RFID) to prevent fraudulent transactions and keep your data safe. Unfortunately, the cutting edge technology that makes your transactions more secure at the register also decreases your security everywhere else. That’s because scammers can steal radio signals from the air and use your credit card information and then go on a shopping spree before you know anything’s wrong.

  

When RFID passports were released in the UK, scammers had broken into them within 48 hours. That’s enough to scare even the most tech-ignorant among us.

  

To combat this vulnerability, you need a wallet that can protect your identity by blocking those radio signals, which many new wallets can do by simply adding a layer of metal that goes entirely around your wallet. So many new wallets can protect you from scammers that you might find the choices overwhelming, particularly if you’re the kind of guy who uses a velcro trifold style wallet. We’ll walk you through your choices and pick the best one for each category, based on style, security, and price, because there’s no point in buying a wallet so expensive you have nothing to put in it.

  

Here are our top choices for three very different kinds of wallets:

Front Pocket Wallet in Bison Leather

by Herrington ($49.95)

  

If you don’t carry much cash or the idea of sitting on metal plates bound in leather sounds uncomfortable, you might be in line for a front pocket wallet. Back pocket wallets have been linked to sciatica and other forms of chronic back pain, so carrying a few cards in your front pocket may be the best long-term choice you can make for both your financial and physical health.

Herrington’s front pocket wallet is curved to fit into the front pocket of your pants without bouncing around or disrupting the lines of your outfit. The handsome Bison leather is masculine and stylish, so you won’t be embarrassed to pull it out at a business lunch or on a date.

The wallet is manufactured in Maine out of multiple layers of material that create a Faraday cage for preventing radio signals from escaping and therefore allowing skimmers to get at your cards.  

  

 

The Ridge Wallet ($45-$115)

   

If you want something even slimmer, you may be interested in one of the all-metal wallets that have taken over Kickstarter in the last few years. These wallets wrap your cards in layers of metal held together with a nylon band or screws and look like incredibly modern, wallet-sized Swiss Army knives. Some even have fold-out extensions to hold keys, USB drives or very small pens!

Our choice among the modern, minimalist, metal wallets opts for simplicity. The Ridge Wallet doesn’t have key rings or add-ons, just a simple wallet with a clean look. Ridge offers four different materials ranging from the youthful and inexpensive polycarbonate, which comes in a variety of bright hues, all the way to pricey and indestructible titanium in various shades ranging from gray to black. If you want a wallet sleek and cool enough for Batman, but you don’t want to carry an entire utility belt, you want a black titanium Ridge Wallet.
  

Derrick RFID-Blocking Flip ID Bifold

Manufacturer: Fossil

Price: $45

It’s tough to argue with the classic bifold. With ample room for cards and cash, a classic design certain to fit any outfit, and all the features you’ve always enjoyed, a leather bifold wallet is a traditional men’s accessory that never goes out of style. 
Fossil offers a selection of RFID-blocking wallets that don’t look too technical or modern, with the Derrick bifold at the top of the list for its combination of looks, materials, and price. The RFID-blocking material is sewn into the lining, so you won’t feel like you’re sitting on a phone book, but you’ll still be protected. The Derrick bifold is the kind of wallet you can buy now and not think about for a few decades, which tends to be the way most men buy wallets.  

  

 

Altoids tin

Manufacturer: Altoids

Price: $3

   

If you’re looking for a budget option, or a stopgap security solution while you shop, you can always keeps your cards in an Altoids tin. The thick metal is an effective Faraday cage that offers top-flight security at a price that can’t be beat. Just don’t be surprised if people are quick to comment how fresh your cards smell!
In the end, you’re going to have to decide what matters to you. Unlike other fashion items, you’ll carry your wallet every day, and you probably don’t want to replace it very often. It’s up to you to weigh fashion, security and comfort and come to a decision for your own peace of mind. The only thing you need to make sure of is that you don’t leave your financial information available for motivated scammers to steal.
Please note:  Destinations Credit Union is planning to convert to the “Chip” cards in early 2016.

Sources: