Consumers know to avoid the most common scams and security pitfalls, but their defenses may be down during the holidays. Schedules are tight, there’s a lot to be done in very little time, and Internet use is up as people research gift ideas to buy the perfect item for everyone on their list.
Thieves know this is a good time of year to strike. There’s less browsing and more buying, and shoppers are whipping out their credit cards both online and at the local mall. Fortunately, a bit of education can go a long way toward helping members stay safe no matter where their holiday activities take them.
Phishing continues to be popular and thieves are adding new tricks every day. Email phishing—where incoming emails appear to be from a trustworthy source but actually contain harmful links or attachments—hasn’t lost its appeal. In fact, Facebook, Instagram and Twitter are increasingly used to deliver malicious links.
Slightly less prominent but just as dangerous, SMS phishing accomplishes the same goal via text messaging. In both cases, thieves provide bogus callback numbers or a link to a website in the message with the hope that members will click on the link or call the phone number and divulge personal information.
Vishing works in a similar way. Criminals contact members by phone, either through a live person or an automated “robocall” system, with a warning that the member’s account has been compromised. Members are then asked to provide sensitive financial data—account numbers, answers to security challenge questions, credit or debit card numbers, etc.—to “verify their identity.” Vishing thieves may pose as employees of your credit union, as law enforcement fraud investigators, or even as merchants who claim to have caught someone fraudulently using the member’s card.
To combat phishing schemes, reinforce among your membership how your credit union handles legitimate communications such as messages and phone calls. Provide them with one or two fail-safe methods for verifying a caller’s identity, and ensure they know whom to contact if they receive a suspicious message.
The holidays are a perfect time for thieves to set up shop on the Internet, because that’s where the consumers are. Website “spoofing” is an increasingly popular way for thieves to steal financial and other data. Essentially, spoofing involves a site that looks very similar to a legitimate site but is actually fake.
The fake site will ask for your login ID and password, or even sensitive financial or personal information that the thieves later use to break into your real accounts. Spoofing schemes often involve only the purchase portion of the transaction, allowing visitors to browse and select items on the real website but then funneling them through a counterfeit page when it comes time to enter their credit card number. The thieves get your credit card number before passing you onto the real website to finish your purchase.
As the buying season gets into full swing, remind members about safe browsing habits. Prior to entering payment information, shoppers should check that the website is secured with https and that the page does not contain other suspicious items. Spoofed sites often get a few details wrong—an absence of ads, a logo that’s slightly off. Sometimes the fake site’s actual address will even appear in the browser’s address bar. Members should be reminded to not ignore a “security certificate” warning.
The device members use to shop online is the other half of the security equation. Now is a good time to educate members about the need for robust protection on their home computers and mobile devices. Anti-virus software should be installed and up to date, and a firewall (either included in the operating system or part of the anti-virus package) should be active.
Next Page: Skimmer and Surfers
Skimmers and Surfers
Brick-and-mortar shopping also poses risks for members. Today’s skimming devices installed on ATMs and POS machines are small, and thieves can install and remove them rather quickly, sometimes hitting a machine for only part of a day before moving on to another location. And with the increasing presence of stand-alone, gas station-type POS terminals, access to the device is no longer a barrier.
Advise members on the dangers of skimmers, and teach them how to spot potentially compromised machines. Additional equipment that doesn’t quite fit or looks unusual, damaged or missing faceplates, and anyone hanging around the machine without a clear reason to do so are all red flags that should prompt members to question if the device is safe to use.
Criminals can still steal payment card data without a skimmer. Shoulder-surfing, when thieves simply look over a member’s shoulder to see a card number or watch a PIN get entered, continues to be a problem. The ubiquitous nature of cell phones doesn’t make things any easier, as thieves are now snapping quick photos of exposed credit cards for later use.
Remind members to be watchful of who’s around them any time they have their card out or are typing their PIN into a device. Advise them to cover keypads with their hand or block the view with their body, and also to keep cards hidden until the purchase is ready to be finalized.
Use That Report!
Even the best security habits aren’t always enough to prevent fraud. Encourage members to review their credit reports regularly, and to be watchful for any unexpected or unauthorized activity.
Members may already have identity theft coverage included in their homeowners, auto or other insurance or through their credit union membership. Encourage members to check to see if they are already covered so they can actively monitor their credit and protect their identity.