< Back to Online Security|
What is Phishing?
Phishing is the practice of sending messages that appear to be from financial institutions with the goal of persuading individuals to provide sensitive information that can be used to commit fraud or identity theft.
As you may have seen on the news, many individuals have been receiving phone calls at all hours, day and night, falsely informing them that their credit card has been deactivated due to fraudulent activity. Some of the messages make reference to a specific credit union and others do not. Please remember that your financial institution will NEVER ask for your personal non-public information unless you initiated the original contact.
Jefferson Financial Federal Credit Union takes the security of our member information seriously. Every quarter, a security and risk management firm performs unannounced security assessments on all of our networks. The firm attempts to breach our network to expose any security vulnerabilities that might exist. They use the same methods that criminals would use to gain access to our member information. The firm also looks for security breaches that might have occurred. Jefferson Financial Federal Credit Union has never had a security breach of private member information nor has the security testing firm been successful at breaching our network.
Please be assured that the information you have on file with our organization is secure. The criminals that are phishing for your account information are able to get email addresses and phone numbers a number in different ways. Here are a few examples: Job Boards or other message boards, White pages, or random Generating email/number software (Email / Spam Bots).
Although we are unaware of these phishing attempts until our members inform us of them, we are making efforts every day to better inform our members of possible scams. Please be sure to visit our website regularly and read the active alerts. Additionally, we urge our members to sign up for Online Banking and provide us with a valid email address so that we can notify you via email regarding current scams.
How to Avoid being Hooked by a Phishing Scam:
The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet. The Anti-Phishing Working Group has compiled a list of recommendations below that you can use to avoid becoming a victim of these scams.
- Be suspicious of any email with urgent requests for personal financial information!
Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
They typically ask for information such as usernames, passwords, account numbers, credit card numbers, social security numbers, etc.
Phisher emails are typically NOT personalized, while valid messages from your bank or e-commerce company generally are
Don’t use the links in an email to get to any web page if you suspect the message might not be authentic. Instead, call the company on the telephone, or log onto the website directly by typing in the web address in your browser.
Avoid filling out forms in email messages that ask for personal financial information. You should only communicate personal information (such as credit card numbers, PIN number, social security numbers, or account information) over the telephone or via a secure website. When submitting credit card or other sensitive information via your web browser, always ensure that you’re using a secure website.
Regularly log into your online accounts – don’t leave it for as long as a month before you check each account.
Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate. If anything is suspicious, contact your financial institution and all card issuers.
Always report ‘phishing’ or ‘spoofed’ e-mails to the following groups:
Forward the email to the Federal Trade Commission at email@example.com.
Forward the email to the "abuse” email address at the company that is being spoofed (e.g. "firstname.lastname@example.org”).
When forwarding spoofed messages, always include the entire original email with its original header information intact.