Scams and identity theft are rampant. In fact, identity theft is America's fastest growing crime. If you've got a telephone, a credit or debit card, or a computer, then you could be a target. Get hit and you could spend years setting your finances and your reputation right.

• Our policy regarding sensitive information
• What is "phishing"?
• Tips to help you fight identity theft
• What to do if you fall victim
• Places to turn for help
• Current tricks and scams

Identity theft can range from account take-over (where the identity thief acquires your account information and makes purchases or withdraws money) to full-blown identity theft where thieves open new accounts in your name. You can defend against identity theft with caution and common sense.

If you are a BFCU member, we know your account number and account history. And we maintain no record of your account-related PINs or passwords.

BFCU will never call, write, or e-mail you and ask you to verify, update, or otherwise provide sensitive information, nor will we deny you access to your accounts until you provide such information.

However, if you initiate the contact, we will need information to identify you and resolve your issue. And we do require information to personally identify you when you open a new account. In both cases, you initiated the contact.

back to top

Don't Get Caught In A "Phishing" Expedition

"Phishing" is the practice of sending legitimate-looking e-mails designed to trick you into providing sensitive account information such as user names, passwords, account numbers, etc. Phishing e-mails often include a link to a spoofed website that looks identical to a legitimate site where they can harvest the sensitive information you provide.

Watch for clues that you're being phished. Typical phishing e-mails are not personalized. And they often report that there's some problem with your account or that your service will be suspended without your immediate action.

Never click a link in an unsolicited e-mail. If you do, look for tell-tale signs that you're on a spoofed website such as misspelled words or graphics that don't load properly. Look for the padlock icon at the bottom of the screen and an 's' (which indicates a secure website) after the http in the address line in your browser. While both of these can be duplicated by fraudsters, their absence is a sure sign you're somewhere you shouldn't be.

back to top

• Never provide personal financial information, including your Social Security number, account numbers or passwords, over the phone or Internet if you did not initiate the contact.
• Don't be intimidated by an e-mail or caller who suggests dire consequences if you do not immediately provide or verify financial information.
• Don't click links in an e-mail if you suspect it might not be authentic. Instead, call the company using a number you know to be good or log on to the website by keying the legitimate URL into your browser.
• Avoid filling out forms in e-mail messages that ask for personal financial information. Only communicate information such as credit card numbers or account informtion via secure website (look for the https in the address and the padlock icon) or the telephone.
• Check your accounts regularly and alert your financial institution immediately if you see anything suspicious. Log on to online accounts frequently, and check paper statements immediately.
• Request your free credit report from each of the three credit reporting bureaus (request one from a different bureau every 4 months) and check it carefully.
• Don't create passwords or PIN numbers that would be obvious to anyone who knows you.
• Don't write down your passwords or PINs or provide them to anyone.
• Buy a shredder...and use it. Don't give dumpster divers a reason to dive.
• Don't carry your Social Security card with you. It's the key to your entire identity, both personal and financial.
• Don't provide your Social Security Number unnecessarily. If a vendor or service provider asks for it, ask them why they need it and how they plan to protect it.
• Remove incoming mail from your mailbox as soon as possible, and place outgoing mail in the postal service's blue collection boxes or drop it off inside the post office. Thieves raid mailboxes for bank statements, credit card solicitations, insurance bills, and other documents that may contain confidential information.

• Contact us (and any other affected financial institution) immediately.
• File a police report with local law enforcement (you'll need this later).
• Contact the fraud division at one of the three major credit bureaus listed below to place a fraud alert on your file. The bureau you contact will share the information with the other bureaus.

Equifax
800-525-6285
P.O. Box 740250
Atlanta, GA 30374

Experian
888-397-3742
P.O. Box 1017
Allen, TX 75013

TransUnion
800-680-7289
P.O. Box 6790
Fullerton, CA 92634

• Report all suspicious contacts to the Federal Trade Commission at www.consumer.gov/idtheft or call them at 1-877-IDTHEFT.

• Federal Trade Commission
  www.comsumer.gov/idtheft
  1-877-IDTHEFT
• Internet Fraud Complaint Center, a partnership between the FBI and the National White Collar Crime Center
  www.ic3.gov
• Place your name on the national "do-not-call" registry
  www.donotcall.gov
  1-888-382-1222
• Internal Revenue Service
  www.irs.gov
• Anti-Phishing Working Group, a global non-profit association that focuses on eliminating fraud and identity theft that result from phishing, pharming and e-mail spoofing of all types
  www.antiphishing.org
• For fraud involving the U.S. Mail Service contact
  www.usps.com/postalinspectors

back to top

The latest scams!

Internet Banking Customers Phished (Sept. 25, 2008)
A phishing scam targeting Digital Insight Internet Banking customers is designed to trick recipients into clicking a link in a fradulent email for the propose of acquiring sensitive account data and passwords. Rest assured Digital Insight systems have not been breached in any way, and your information is still safe. Digital Insight is working to shut down the sites that these phishing emails link to. While the address of these emails differ, the body remains consistent. They read: "We inform you that your account is about to expire. It is strongly recommended to update it immediately. Update form is located here. However, failure to confirm your records may result in account suspension." DO NOT CLICK any links in any such email you may receive. Your accounts will not "expire," and neither we nor Digital Insight will ever require you to confirm any records via email in order to prevent your account from becoming suspended. If you have any questions, please don't hesitate to call us.

IRS Warns About Scam (August 30, 2007)
A new scam purports to come from the agency and claims the recipient can receive $80 by filling out an online customer satisfaction survey. The e-mail is believed to contain a link and attachment that open a trojan horse program that takes over the victim's computer and allow it to be remotely hacked. The IRS urges you to not click the link or open the attachment. Instead, forward suspicious e-mails to phishing@irs.gov and follow the instructions. The IRS reminds you that they do not send unsolicited e-mails or ask for detailed personal and financial information.

Phishing Morphs Into "Vishing" or Voice Phishing (July 25, 2006)
This spam warns victims that their credit union or PayPal accounts have been compromised. However, instead of directing victims to a website, they are urged to call a phone number to verify account details. The automated voice message says "Welcome to account verification. Please type your 16-digit card number," but makes no mention of the credit union or PayPal. Some "vishing" attacks begin with an unsolicited call in which the caller already knows the recipient's credit card number. The caller asks for the three-digit security code on the back of the card. Vishing prospers with the help of Voice over Internet Protocol, or VoIP, technology that enables cheap, anonymous Internet calling, as well as the ease with which caller ID boxes can be tricked into displaying false information.

Phishing Survey Promises Bogus Reward (July 25, 2006)
This spam e-mail starts with "The online department kindly asks you to take part in our quick and easy 5-question survey. In return we will credit $50 to your account - Just for your time!" The catch-in order to receive your $50 reward you must provide your credit union user ID and password; credit card number, expiration date; and other sensitive information.

• A foreign connection: Often these scams originate outside the US or in some way involve sending or receiving funds from a foreign country
• Poor grammar: Look for tell-tale signs of poor grammar, awkward wording, and unprofessional styles in written or e-mail correspondence
• Beware of wires: You should never have to spend money to claim your winnings. If someone sends you a check to "cover the expense of claiming your winnings" then tells you to wire a portion of that money elsewhere, DON'T.
• Bogus checks: If you receive a check as a first "installment" of your winnings or to cover the expense of claiming your winnings, DON'T CASH IT. Have your credit union check it out for you. Remember, you are responsible for the checks you deposit.