Fraud Prevention

Touchstone FCU...Keeping You Safe

Touchstone FCU is committed to your security – on and off line. Check here for fraud prevention tips, news on the latest fraudulent scams, and security terminology!

Watch Out for Charity Scams

In the wake of any tragedy, including the tragic events at the Boston Marathon, many people want to help in some way. Scam artists can take advantage of our natural inclination to lend a hand. Remember, before you give to any charity, be sure the charity is legitimate, there is a clear plan for use of funds, and that the charity will provide the support it claims it will. The State Attorney General's office has put together tips to help you give wisely to charities in the aftermath of the Boston Marathon, or any other, tragedy.

ADP Generated Message - A New Phishing Email

This month a new phishing email, purported to have come from ADP, is circulating. The subject line may state that it is an "ADP Generated Message: First Notice - Digital Certificate Expiration". The body of the email goes on to explain that there is a Digital Certificate about to expire within a short period of time (2 days, for example) and that you must renew your certificate by clicking on a link provided. The message is a scam and should be deleted - the link will take consumers to compromised websites that serve a Trojan to the computer.

TWO New Phishing Email Scams

...from "Visa": The following email has been reported by Visa cardholders from other institutions! It seems to come from Visa Support and has the subject line Your Card Has Been Suspended. If you receive this email, do not click on the link, and report it to Touchstone. The body of the email will be similar to this:

Dear valued client,
Your credit card have been suspended after we noticed some unusual activities on it.
Somebody was trying to use your card on purchasing some items on eBay.
For your protection, we have suspended it. In order to activate it,
Click Here
and follow the instructions.

Note: If not done by 03-02-2013 we will have to suspend it for life to avoid any illegal purchasing made by other frauders. We appreciate your help in this case.

The email is signed as coming from Clients Support, Verified by Visa Team. Remember, do not click links on any emails similar to this one.

...from "Intuit Turbo Tax": Please be advised that we have been made aware of a phishing campaign currently underway that is using emails that appear to be related to TurboTax. The email does not contain a link; however, the email has a .zip attachment that contains malware. Do not open the attached .zip file.

If you receive emails that appear to be from TurboTax stating that “Your State Return Has Been Rejected,” please be aware that these are not from Touchstone, any other financial institution, or TurboTax. Please do not open the attachment and do not forward the email. Delete the email.

Recommended steps for those who may receive the phishing email:

1.       Do not open the attachment in the email.
2.       Do not forward the email to anyone else.
3.       Delete the email.

Below is a screenshot of the fraudulent email, with attachment named TAX_610717852

February 2013

Important Information about Federal Reserve email scam...

The Federal Reserve has reported that some consumers have received fraudulent e-mails that appear to come from the Federal Reserve and reference ACH Summary or ACH notification and instruct the recipient to click on several links. PLEASE NOTE: these emails are not sent by the Federal Reserve Bank (FRB). The FRB NEVER sends information regarding payments directly to the consumer. Please remember - do not click on links contained in these types of emails and delete them immediately!

Recent Card Breach Could Increase Phishing

On the heels of the recent Global Payments data breach, credit card holders should be aware of a potential increase in phishing attacks. These attacks could also target others who were not impacted by the recent card breach. Be aware of any suspicious emails, text messages, or phone calls requesting personal or financial information.

In addition to personal and financial information, thieves could be looking for card data. Card information that may be requested includes: cardholder billing address, 3 digit CVV2/CVC2 code found on the back of the card, or enrollment criteria/passwords for Verified by Visa or MasterCard SecureCode. This card information was not part of the recent Global Payments breach. Criminals may ask cardholders for this information to add to the other card data they may have obtained from the breach to perform card present (key entered) or card-not-present (mail/telephone/internet) non-magnetic stripe transactions.

Remember, NEVER respond to emails, text messages, or phone calls requesting this information. If you receive a suspicious request, contact Touchstone immediately.

April 5, 2012

Text Message Scam Alert!

The following message is a SCAM: "Your credit union debit card has a pending alert. Call now, toll-free 1-940-XXX-XXXX, and follow the instructions to resolve this alert." If you receive a text or e-mail stating this message, do NOT call the number or give out any of your information. This is NOT a text or email from Touchstone Federal Credit Union; this is a phishing scam. Phishing is an electronic way of attempting to acquire sensitive information by pretending to be a trustworthy source. This Credit Union will never ask our members to provide confidential account information via text or e-mail.

There have also been reports of fraudulent e-mails from the Federal Reserve Wire Network that reference a wire transaction and instruct the recipient to click on a link beginning with “federalreserve.gov.” If you receive a similar notice, please note that these e-mails were not sent by the Federal Reserve Bank (FRB). The FRB sends information regarding the status of payments through its trusted network—never directly to a credit union member. Do not click on links contained in these types of e-mails and delete them immediately.

Security Term of the Month

Spear phishing: Similar to phishing, but rather than sending out mass in hopes of luring people to a site to provide personal information that can result in identity theft, scammers target individuals, often customizing emails and sending them one at a time to individuals. These emails can appear to be from legitimate sources and it can be difficult to determine that they are in fact, scams.

For more security terms, go to our new security Glossary.

Important Numbers and Contacts to Keep Handy!

The numbers you always need to contact about your wallet, if it has been stolen are:

Equifax: 1-800-685-1111 P.O. Box 740241 Atlanta, GA 30374 www.equifax.com
Experian (formerly TRW): 1-888-397-3742 P.O. Box 2002 Allen, TX 75013 www.experian.com
Trans Union: 1-800-888-4213 P.O. Box 1000 Chester, PA 19022-2000  www.transunion.com

Federal Trade Commision's Identity Theft Hotline 1-877-438-4338
(or download a complaint form at www.consumer.gov/idtheft/)

Social Security Administration (fraud line) - 1-800-269-0271

Disaster Relief? Make Sure the Charity is Legitimate!

The spate of recent disasters in the U.S. and across the globe have stunned the world and motivated many to donate to help bring relief. Unfortunately, these tragedies also bring con artists out who are willing to take advantage of our impulse to help. Beware of email scams and phishing attacks that ask you to send money or provide personal information. If you are unsure of the legitimacy of a charity, you can go to the Better Business Bureau at www.bbb.org/us/charity for information about charities and tips for donations. Charity Navigator is another reputable source through which to research charities and relief organizations. There have been so many scams involving disaster relief that the Justice Department created the National Center for Disaster Fraud in 2005 after Hurricane Katrina. The center screens reports about possible fraud.

September, 2011

Coping with loss from a disaster?

If you experience the loss of, or damage to, personal property in the wake of a storm or other disaster, your concern is how to get back to normal quickly with a minimal outlay of funds. While it's tempting to do something immediately to remedy your situation, reacting too quickly might put you at financial risk.

What should you do first? Talk to your insurer to determine how much of the damage to your car, home, boat or other personal property is covered. If your house is uninhabitable, find out whether your policy covers hotel or other rental accomodations. Be sure to detail your losses when you file your claim.

Need to make repairs? Get several estimates and take some time to consider the work proposed and costs entailed. Avoid making emotional decisions. Choose your contractor carefully, avoid paying too much for necessary repairs, and watch out for scammers.

September, 2011

April: Epsilon Email Hack

We want to encourage you to use extra care when receiving emails from retailers or firms you know and trust. This month at Epsilon, a company that many retailers use to email their customers, files containing names and/or email addresses were accessed by unauthorized entry into their computer system.

Epsilon has told their clients that the only information that may have been obtained were names and/or email addresses. No other personally identifiable information was at risk because such data is not contained in Epsilon's email system. Even so, continue to be aware of common email scams that ask for personal or sensitive information. Online providers you do business with will not email you and ask for credit card number, social security number, or other personal information. If you are ever asked such information, you can be sure the email did not come from the retailer.

March 18: Notice of Fraudulent Emails

We have received the following notification from the Federal Reserve Bank (FRB):

Some consumers have reported receiving fraudulent e-mail messages from the “Federal Reserve Wire Network” that reference a wire transaction and instruct the recipient to click on a link beginning with “federalreserve.gov.” These e-mails were not sent by the Federal Reserve Banks. The Federal Reserve Banks deliver payment status information to our financial institution customers via trusted channels, and do not communicate this information directly to consumers. Financial institutions are advised to follow information security best practices, and to advise their customers not to click on the links contained in these types of e-mails and to delete them immediately.

February, 2011: Notice of Email Scam!

Individuals and/or companies may have received a falsified e-mail with the subject ACH transaction rejected. This e-mail appears to be from NACHA, the Electronic Payments Association, telling them that there is a problem with an ACH transaction they have originated. The e-mail includes a link which redirects the individual to a fraudulent web page that appears to be NACHA’s.

If you received a similar correspondence, please note that the e-mail did not originate from NACHA, and the link will not direct you to NACHA's real web site. Do not click on the link, be sure to delete the e-mail immediately, and notify Touchstone. A sample of the falsified e-mail is contained below:

= = = = = Sample e-mail = = = = = =
From: payments@nacha.org [mailto:payments@nacha.org]
Sent: Tuesday, February 22, 2011 7:32 AM
To: Doe, John
Subject: ACH transaction rejected
The ACH transaction, recently sent from your checking account (by you or any other person), was cancelled by the

Electronic Payments Association.

Please click here to view report
------------------------------------------------------------------
Otto Tobin,
Risk Manager
= = = = = = = = = = = = = = = = = = = = = = End of Sample e-mail = = = = = =

Facebook and You: T.M.I.?

Are you sharing too much on Facebook? As much as we all may want to share information with all our "friends" on social media sites such as Facebook (and others) – too much information can jeopardize your financial and personal safety. The key becomes how to stay engaged without giving away too much of your privacy and too much vital information. Read more for some thoughts and tips on controlling information on Facebook.

posted August, 2010

Don't Be Caught in a Disaster Aid Scam

When tragedy strikes, many of us rush to provide support and aid. Criminals know this too, and they can make a profit from the misfortune of others and your urge to help. When a tragedy strikes, keep your head while giving from the heart.

• Donate money and gifts to established, trusted non-profits or to organizations sanctioned by those non-profits or the government. You can verify the legitimacy of an organization trhough www.bbb.org/charity, www.charitywatch.org, and www.guidestar.org.

• Don't respond to unsolicited email or click on links within those messages. Follow links to charities from sites you already know and trust.

• Restrict the amount of personal information you provide.

• Be wary of those who claim to be victims and directly solicit your help.

• How much of your money will go to help real victims? 75%? 80%? Those are reasonable figures. If the answer is 10%, that is unreasonable. It is also unreasonable to expect that 100% will go directly to victims.

• If you feel believe you have received a fraudulent email, you can file a complaint at www.ic3.gov.

posted Summer 2010

Identity Theft – Crime of Opportunity
A recent study released by Javelin Strategy and Research showed that up to 43% of identity theft cases in 2008 were linked to crimes of opportunity, such as stolen wallets. That was an increase of 33% in 2007. Women were 26% more likely to be victims of identity theft and reported more cases of stolen information during in-store purchases. The study showed that online access accounted for only 11% of identity theft cases. While identity theft jumped last year by 22% over 2007, the good news is that the average cost per incident fell 31% to $496.00. What precautions can you take to prevent and detect identity fraud?

Banking online is a good first step. Financial institutions continue to take aggressive steps to make online banking safe, and people who check their accounts online can catch any signs of fraudulent activity more quickly. Paying bills through the mail offers another opportunity for thieves to steal your personal information.

Keep your PIN and personal information to yourself. Over 10% of victims knew their identity thieves, and in those cases the theft went undetected longer and cost the victim more.

Be aware of those around you. When giving information out in public, be aware of the people around you and limit the amount of personal information you divulge in public places, retail stores, for example.

Limit the amount of personal information you carry with you. Leave your checkbook and Social Security cards at home. Don’t carry anymore personal information on you than you need.

posted March 1, 2009

Review Statements to Avoid Potential Holiday Credit Card Fraud
Don't forget to review your Visa credit card statements to check for any potential fraudulent use during the holiday season. If something on your statements does not seem right, please call us immediately at (978) 657-2223. Credit card fraud is increasing, but you can do something about it. Remember to view your statements carefully. Sign up for home banking, and review all your accounts regularly online to avoid problems.

Also, make sure we have your current phone information on file so that we can quickly contact you if we think there are any potential issues with your account(s).

Traveling Out of State with Your Visa Credit Card?
Visa credit card holders, if you are traveling out of state, please let Touchstone know. For the safety and peace of mind of our members, we have a security "lock-out" on your credit card that will not allow you to use the card out of state. This security precaution could freeze your account when you try to use it unless you've informed us of your plans. On your written request, we can release the "lock-out" feature for as long as you plan to be away.

Important News About Phishing Scams
Please be advised that there are several phishing scams that may appear to come from support services of financial institutions, including CUNA, the IRS, and NCUA. (Anyone with an e-mail address may be susceptible to these scams or others like it.) Please use caution if you receive any e-mails that ask you to provide confidential information or to click links to visit web pages that ask you to provide confidential information.

Many such e-mails are sent by criminals attempting to trick recipients into providing confidential information like user names and passwords. Known as phishing, many such fraudulent e-mails may appear to be from official or trusted sources. If you receive suspicious e-mails, do not click on the link provided in the e-mail.

Fraud Prevention Tips
Be vigilant to prevent thieves from damaging your good credit and stealing your identity.

1. Do not sign the back of your credit cards. Instead, write “PHOTO ID REQUIRED”.'   

2. When you pay credit card accounts with a check, DO NOT put the complete account number on the check's memo line. Instead, just add the last four digits. The credit card company knows the rest of the number, and anyone who might be handling your check as it passes through all the check processing channels won't have access to it.  

3. Put your work phone # on your checks instead of your home phone. If you have a PO Box use that instead of your home address. If you do not have a PO Box, use your work address. Never have your SS# printed on your checks. (You can add it if it is necessary, but if you have It  printed, anyone can get it.)  

Want to learn more? Click here.

Could You Be Caught in a Check Scam? Avoid being caught in a check scam. Visit www.fakechecks.org for more information on check scams and how they work.

On Guard! Learn to protect yourself from malicious spyware and fraudulent e-mails at www.OnGuardOnline.gov, a Web site created by the Department of Justice in partnership with other federal agencies and the technology industry to help you stay safe online.

Enhanced Login Security
Online security has always been a top priority for Touchstone, and we recognize that secure access to your accounts should be available to you everyday, everywhere. In order to continue to provide safe online access, Touchstone has the latest online security feature—Enhanced Login Security. Enhanced Login Security identifies you as the “true” owner of your accounts, no matter where you are. Now, not only will your password be recognized, your computer will be recognized as well. Enhanced Login Security is just one more way to prevent fraud, protect against identity theft, and strengthen your online security as a whole.

FraudWatch^® PLUS ... Protection 24/7, 365 days a year!

Important! To ensure the effectiveness of this service, if you change your home telephone number, notify Touchstone immediately.

Fraud can hit anytime...but you're protected. Touchstone Federal Credit Union has taken action to protect your Credit Union Visa Check Card from fraudulent activity. We provide all Members holding Touchstone Federal Credit Union Visa Check Cards FREE around-the-clock protection against the increasingly savvy perpetrators of Check Card fraud through FraudWatch^® PLUS protection. With FraudWatch^® PLUS, trained analysts watch for suspicious activity on your behalf, 24-7, 365 days a year. An experienced fraud analyst will contact you immediately to verify the authenticity of your card transactions, if warranted.