FRAUD ALERT

ATTENTION CREDIT UNION MEMBERS

April 2008
Text Messaging Fraud Alert

The purpose of this fraud alert is to inform you of a scam that involves unsolicited text messages sent to cell phones. The message urges the recipient to call a number provided for information about account discrepancies and then solicits individual account information and pin numbers.

Cell phone users should be weary of unsolicited text messages. Such messages should be deleted and all deleted text messages should be removed, if possible, as the perpetrators have been known to use Spyware solicitation.

March 2008 

NCUA has issued a Fraud Alert for all Credit Union members

The purpose of this fraud alert is to inform all federally-insured credit unions about a recent phishing attempt to obtain credit card account numbers and expiration dates.

In cases reported to NCUA, the perpetrator(s) sent e-mails to credit union members and the general public stating that the “National Credit Union Administration temporarily suspended your account due to fraud attempts”. The e-mail goes on to state “to reactivate your account call the toll free number” provided. The e-mail is addressed as originating from the NCUA Region 1, Albany, New York office and the phone number to call has an Albany area code of 518.

NCUA does not ask credit union members or the general public for such information. Anyone who receives an e-mail that purports to be from NCUA and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.

What do I do if I receive a Phishing email?

You can assist in identification of such Phishing activity. Persons affected by this scam, and variants of this scam, should be advised to forward the entire e-mail message to Phishing@ncua.gov. Additionally, formal complaints concerning any suspected fraudulent e-mail can be filed with the Internet Fraud Complaint Center (IFCC) at www.ic3.gov. The IFCC is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.

What is Phishing?

The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. See below for additional information on identity theft.

What you need to know about Identity Theft

the Internet and Member Security

Internet and Member Security

In light of the rise of internet security and identity theft incidents, the DVA Federal Credit Union wants to assure you that protecting the Credit Union and your information remains our highest priority. This page offers information about current internet security threats, what to do to protect yourself or if you become a victim of a phishing scam or identity theft, and what we are doing to safeguard our members' confidential information.

How to Guard against Identity Theft

• Guard your social security number. Do not give out your PIN or credit card numbers over the phone unless you initiated the transaction.
• Don’t use the links in an email to get to any web page, if you suspect the message might not be authentic.
• Always ensure that you are using a secure website when submitting credit card or other sensitive information via your web browser.
• Regularly log into your home online accounts and check your financial institution’s credit and debit card statements to make sure that all transactions are legitimate.
• Make sure that your browser us up to date and security patches are applied.

 The following terms are common internet security threats designed to collect confidential information from a member:

Phishing
The scam, popularly called 'phishing,' involves the use of replicas of existing Web pages to try to deceive you into entering personal, financial or password data. Often suspects use urgency or scare tactics, such as threats to close accounts.

We here at DVA Federal Credit Union will never ask you via email to verify account information. We will never use email to threaten account closure. Please know this, as one defense against phishing. Other safeguards to help protect you from phishing scams:

• Be suspicious of any email messages that claims to be from us that use an urgent or scare-tactic tone.
• Do not respond to email messages asking you to verify personal information.
• Delete suspicious email messages without opening them. If you do open a suspicious email message, so not open any attachments or click any links.
• Install and regularly update virus protection software.
• Keep your computer operating system and Web browser current.

Pharming
Unlike phishing which requires victims to voluntarily visit a criminal's website; pharming simply redirects victims to fraudulent websites without assistance. Pharming subverts a basic service of the Internet known as the 'Domain Name Service,' or 'DNS.' Each machine connected to the Internet knows the location of one or more DNS servers. This service translates a human-friendly URL name such as www.dvafcu.org into an IP address, which is a unique number that has been assigned to each web server on the Internet.

The good news is pharming requires either an unpatched software/server vulnerability to exist on the DNS server itself, or the criminal needs an insider at the ISP or financial institution to make unauthorized DNS server changes. This is rare.

Please be assured that DVA Federal Credit Union manages and updates its DNS server's software to maintain a high level of security. We maintain the highest standards; our members are protected from pharming that would result from a compromise of our DNS server.

Spoofing

Spoofing Email spoofing may occur in different forms, but all have a similar result: a user receives email that appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).

Examples of spoofed email that could affect the security of your site include:

• Email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if the user does not comply with the email instructions.
• Email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information

What you "the Member" can do:
DVA Federal Credit Union recommends that you never respond to email messages asking you to verify personal information. But accidents happen, and the following information could be useful if you've been scammed.

If you have given out your credit, debit or ATM card information:

• Report the incident to the card issuer immediately
• Cancel your account and open a new one
• Review billing statements carefully after the incident
• If the statements show unauthorized charges, send a letter to the card issuer via regular mail (keep a copy) describing each questionable charge

Credit Card Loss or Fraudulent Charges Your maximum liability under federal law for unauthorized use of your credit card is $50 (policies vary). If the loss involves your credit card number, but not the card itself, you have no liability for unauthorized use; in general, you may only be liable for a very small amount but always check with your individual card company for their exact policy.

Your liability depends on how quickly the loss is reported. Your risk unlimited loss by failing to report an unauthorized transfer within 60 days after your bank statement containing unauthorized use is mailed to you.

If you have given out your bank account information:

• Report the theft to the bank as quickly as possible
• Cancel your account and open a new one

Review Your Credit Report Regularly

Congress passed the The Fact Act and the Accurate Credit Transaction Act which allows you to review your credit report from each of the credit reporting agencies once a year FREE.

Order yours online at www.annualcreditreport.com or call 1.877.322.8228.

If you have downloaded a virus or 'Trojan Horse':

• Some phishing attacks use viruses and/or a 'Trojan Horse' to install programs called "key loggers" on your computer. These programs capture and distribute any information you type to the phisher, including credit card numbers, usernames and passwords, Social Security Numbers, etc.
• If this occurs, you likely may not be aware.
• To minimize this risk, you should:
  • Install and/or update anti-virus and personal firewall software
  • Update all virus definitions and run a full scan
  • If your system still appears compromised, fix it and then change your password again.

Check your other accounts - suspects may have accessed different accounts: eBay account, PayPal, your email ISP, online bank accounts, and other e-commerce accounts.

If you have given out your personal identification information:
Identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes. If you have given this information to a phisher, you should do the following:

Report the theft to the three major credit reporting agencies, Experian, Equifax and TransUnion Corporation, and do the following:

• Request that they place a fraud alert and a victim's statement in your file
• Request a FREE copy of your credit report to check whether any accounts were opened without your consent
• Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft

Notify your credit union and/or bank(s) and ask them to flag your account and contact you regarding any unusual activity: If bank accounts were set up without your consent, close them; If your ATM card was stolen, get a new card, account number and PIN; Contact your local police department to file a criminal report; Contact the Social Security Administration's Fraud Hotline to report the unauthorized use of your personal identification information; Notify the Department of Motor Vehicles of your identity theft; Check to see whether an unauthorized license number has been issued in your name; Notify the passport office to watch for anyone ordering a passport in your name; File a complaint with the Federal Trade Commission; Ask for a free copy of "ID Theft: When Bad Things Happen in Your Good Name"; File a complaint with the Internet Fraud Complaint Center(IFCC) by visiting their website: http://www.ifccfbi.gov/index.asp.

For victims of Internet fraud, IFCC provides a convenient and easy reporting mechanism that alerts authorities of suspected criminal or civil violations.

Document the names and phone numbers of everyone you speak with regarding the incident. Follow-up your phone calls with letters. Keep copies of all correspondence.

If you see a suspicious-looking email message claiming to be from DVA Federal Credit Union please let us know. We continually monitor such reports and act on them promptly. Additionally, also consider contacting the FBI's Internet Fraud Complaint Center at www.ifccfbi.gov.

Useful Links and Phone Numbers:

Federal Trade Commission (FTC): http://www.consumer.gov/idtheft/

Phone #877.438.4338

Major Credit Bureaus:
Equifax - www.equifax.com

800.525.6285
Experian - www.experian.com

888.397.3742
Trans Union - www.transunion.com

800.680.7289

Social Security Fraud Hotline:

800.269.0271

Internet/E-mail Fraud Alert
National Credit Union Administration (NCUA) - http://www.ncua.gov/Phishing/phishing.htm

Free Credit Report

www.annualcreditreport.com

877.322.8228

Identify Theft Resources:

www.identity-theft-help.us
www.identitytheft.org
www.usdoj.gov/criminal/fraud/idtheft.html
www.ifccfbi.gov
www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm

www.fakechecks.org

NCUA has issued a Fraud Alert for all Credit Union members

The purpose of this fraud alert is to inform all federally-insured credit unions about a recent phishing attempt to obtain credit card account numbers and expiration dates.

In cases reported to NCUA, the perpetrator(s) sent e-mails to credit union members and the general public stating that the “National Credit Union Administration temporarily suspended your account due to fraud attempts”. The e-mail goes on to state “to reactivate your account call the toll free number” provided. The e-mail is addressed as originating from the NCUA Region 1, Albany, New York office and the phone number to call has an Albany area code of 518.

NCUA does not ask credit union members or the general public for such information. Anyone who receives an e-mail that purports to be from NCUA and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.

What do I do if I receive a Phishing email?

What is Phishing?

The act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. See below for additional information on identity theft.

You can assist in identification of such Phishing activity. Persons affected by this scam, and variants of this scam, should be advised to forward the entire e-mail message to Phishing@ncua.gov. Additionally, formal complaints concerning any suspected fraudulent e-mail can be filed with the Internet Fraud Complaint Center (IFCC) at www.ic3.gov. The IFCC is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.