Scams and identity theft are rampant. In fact, identity theft is America's fastest growing crime. If you've got a telephone, a credit or debit card, or a computer, then you could be a target. Get hit and you could spend years setting your finances and your reputation right.

• Our policy regarding sensitive information
• What is "phishing"?
• Tips to help you fight identity theft
• What to do if you fall victim
• Places to turn for help
• Current tricks and scams

Identity theft can range from account take-over (where the identity thief acquires your account information and makes purchases or withdraws money) to full-blown identity theft where thieves open new accounts in your name. You can defend against identity theft with caution and common sense.

If you are a BFCU member, we know your account number and account history. And we maintain no record of your account-related PINs or passwords.

BFCU will never call, write, or e-mail you and ask you to verify, update, or otherwise provide sensitive information, nor will we deny you access to your accounts until you provide such information.

However, if you initiate the contact, we will need information to identify you and resolve your issue. And we do require information to personally identify you when you open a new account. In both cases, you initiated the contact.

back to top

Don't Get Caught In A "Phishing" Expedition

"Phishing" is the practice of sending legitimate-looking e-mails designed to trick you into providing sensitive account information such as user names, passwords, account numbers, etc. Phishing e-mails often include a link to a spoofed website that looks identical to a legitimate site where they can harvest the sensitive information you provide.

Watch for clues that you're being phished. Typical phishing e-mails are not personalized. And they often report that there's some problem with your account or that your service will be suspended without your immediate action.

Never click a link or open an attachment in an unsolicited e-mail. If you do, look for tell-tale signs that you're on a spoofed website such as misspelled words or graphics that don't load properly. Look for the padlock icon at the bottom of the screen and an 's' (which indicates a secure website) after the http in the address line in your browser. While both of these can be duplicated by fraudsters, their absence is a sure sign you're somewhere you shouldn't be.

back to top

• Never provide personal financial information, including your Social Security number, account numbers or passwords, over the phone or Internet if you did not initiate the contact.
• Don't be intimidated by an e-mail or caller who suggests dire consequences if you do not immediately provide or verify financial information.
• Don't click links in an e-mail if you suspect it might not be authentic. Instead, call the company using a number you know to be good or log on to the website by keying the legitimate URL into your browser.
• Avoid filling out forms in e-mail messages that ask for personal financial information. Only communicate information such as credit card numbers or account informtion via secure website (look for the https in the address and the padlock icon) or the telephone.
• Check your accounts regularly and alert your financial institution immediately if you see anything suspicious. Log on to online accounts frequently, and check paper statements immediately.
• Request your free credit report from each of the three credit reporting bureaus (request one from a different bureau every 4 months) and check it carefully.
• Don't create passwords or PIN numbers that would be obvious to anyone who knows you.
• Don't write down your passwords or PINs or provide them to anyone.
• Buy a shredder...and use it. Don't give dumpster divers a reason to dive.
• Don't carry your Social Security card with you. It's the key to your entire identity, both personal and financial.
• Don't provide your Social Security Number unnecessarily. If a vendor or service provider asks for it, ask them why they need it and how they plan to protect it.
• Remove incoming mail from your mailbox as soon as possible, and place outgoing mail in the postal service's blue collection boxes or drop it off inside the post office. Thieves raid mailboxes for bank statements, credit card solicitations, insurance bills, and other documents that may contain confidential information.

• Contact us (and any other affected financial institution) immediately.
• File a police report with local law enforcement (you'll need this later).
• Contact the fraud division at one of the three major credit bureaus listed below to place a fraud alert on your file. The bureau you contact will share the information with the other bureaus.

Equifax
800-525-6285
P.O. Box 740250
Atlanta, GA 30374

Experian
888-397-3742
P.O. Box 1017
Allen, TX 75013

TransUnion
800-680-7289
P.O. Box 6790
Fullerton, CA 92634

• Report all suspicious contacts to the Federal Trade Commission at www.consumer.gov/idtheft or call them at 1-877-IDTHEFT.

• Federal Trade Commission
  www.comsumer.gov/idtheft
  1-877-IDTHEFT
• Internet Fraud Complaint Center, a partnership between the FBI and the National White Collar Crime Center
  www.ic3.gov
• Place your name on the national "do-not-call" registry
  www.donotcall.gov
  1-888-382-1222
• Internal Revenue Service
  www.irs.gov
• Anti-Phishing Working Group, a global non-profit association that focuses on eliminating fraud and identity theft that result from phishing, pharming and e-mail spoofing of all types
  www.antiphishing.org
• For fraud involving the U.S. Mail Service contact
  www.usps.com/postalinspectors

back to top

The latest scams!

NCUA Warns of Fraudulent e-Mail Activity (May 26, 2010)
E-mails from simulated NCUA e-mail boxes to members of credit unions may be an attempt to obtain members' confidential data. The e-mails solicit credit union members' participation in an online survey or member survey and promise compensation of $40 for responding. NCUA does not solicite such information from credit union members. Do not respond to the e-mail.

IRS Warns About Scam (August 30, 2007)
This scam purports to come from the agency and claims the recipient can receive $80 by filling out an online customer satisfaction survey. The e-mail is believed to contain a link and attachment that open a trojan horse program that takes over the victim's computer and allow it to be remotely hacked. Do not click the link or open the attachment. Instead, forward suspicious e-mails to phishing@irs.gov and follow the instructions. The IRS does not send unsolicited e-mails or ask for detailed personal and financial information.

Phishing Morphs Into "Vishing" or Voice Phishing (July 25, 2006)
This spam warns victims that their credit union or PayPal accounts have been compromised. However, instead of directing victims to a website, they are urged to call a phone number to verify account details. The automated voice message says "Welcome to account verification. Please type your 16-digit card number," but makes no mention of the credit union or PayPal. Some "vishing" attacks begin with an unsolicited call in which the caller already knows the recipient's credit card number. The caller asks for the three-digit security code on the back of the card. Remember, caller ID boxes can be tricked into displaying false information.

• A foreign connection: Often these scams originate outside the US or in some way involve sending or receiving funds from a foreign country
• Poor grammar: Look for tell-tale signs of poor grammar, awkward wording, and unprofessional styles in written or e-mail correspondence
• Beware of wires: You should never have to spend money to claim your winnings. If someone sends you a check to "cover the expense of claiming your winnings" then tells you to wire a portion of that money elsewhere, DON'T.
• Bogus checks: If you receive a check as a first "installment" of your winnings or to cover the expense of claiming your winnings, DON'T CASH IT. Have your credit union check it out for you. Remember, you are responsible for the checks you deposit.