Los Angeles Police Federal Credit Union
  • Membership & Benefits
  • Checking and Savings
  • Online Branch
  • Mortgage Center
  • Credit & Loans
  • Auto Shop
  • Business Services
  • Education
  • Investing & Insurance
Personal Banking
Login Demo
Security Center

Security Center



Mobile Banking Security
May 7, 2013 Dedicated Denial of Service Attack Warning
Phishing Scam
Voice phishing, or “vishing,”
Latest Cyber Scams, Fraud Activity and Importnant Contact Information
Preventing ID Theft and Fraud Offline and Online
Technology Solutions and Industry Partnerships
Identity Theft 911


LAPFCU is Keeping Your Information Safe

An update from the latest security breach—1.2 billion user names and passwords stolen in Russian crime ring

LAPFCU takes security threats and the security of your account information and credentials very seriously. You may have heard about the recent theft of 1.2 billion user name and password credentials by a Russian crime ring. According to The New York Times, the criminals, so far, are not using the information to hack into financial accounts, they are using the information to send spam to the victims. For example, they are sending emails, from what appears to be an acquaintance, trying to sell you a product.

Rest assured, LAPFCU has strong security measures in place to help prevent vulnerability to this attack, and PATROL Online Banking has security features in place to help prevent any issues, however there are things can do to further protect yourself.

What can you do?
  • Change your current passwords and make sure they are different for each website
  • Use an alpha-numeric password (a string of letters and digits) and include symbols, if possible
  • Use a variation of upper and lower case letters for a stronger password
  • Make sure your password does not contain personal information such as your birthday, social security number, pin numbers or home address
  • Add additional security questions or a second password, when applicable
  • Use a two-step authentication login process, when applicable
We are closely monitoring the situation to ensure your data remains safe and secure. If you would like to learn more about protecting your identity, LAPFCU offers I.D. Enforcer, a Fraud and Credit Monitoring service powered by Identity Theft 911 which offers unique features tailored toward those in law enforcement families.

Perlroth, Nicole, and David Gelles. "Russian Gang Amasses Over a Billion Internet Passwords." The New York Times. The New York Times, 5 Aug. 2014. Web. 6 Aug. 2014.

March 2014

Look Out For Tax Scams!
Tax season is a prime time for thieves, hackers and con artists to go after potential victims. Here are "the Dirty Dozen" schemes the IRS is warning about:

1. Identity Theft
The number of identity theft-related criminal investigations surged 66% in 2013. Receiving a notice from the IRS saying that more than one return has been filed under your name is an indication that your identity may have been compromised. In that case, contact the IRS Identity Protection Specialized Unit at 1-800-908-4490.

2. Phone scams
A new scam is gaining popularity, where fraudsters call and pretend to be from the IRS. Some callers demand tax payments and even threaten arrest or other law enforcement action if the person refuses. They may even hang up and call back pretending to be the police. Others tell victims they are owed large refunds and ask for personal information in order to steal their identity. If you believe you're a victim of this scam, call the Treasury Inspector General 1-800-366-4484.

3. Phishing
If you receive an e-mail that appears to be from the IRS and asks for personal information, it's most likely a phishing scam that wants your identity and your money. The IRS does not reach out to taxpayers via e-mail, texts or social media, so relay any such messages to

4. "Free Money"
Be wary of fliers and ads promising "free money" from the IRS or anyone offering a refund that sounds too good to be true. Some scammers target low-income and elderly people, often through churches, convincing them to claim credits they aren't entitled to -- and even Social Security rebates that don't exist. These con artists often charge up-front fees and disappear without a trace before the IRS rejects the claims. The victims don't just lose the scammer's "fee" -- they could also get hit with a $5,000 penalty for making intentional errors on their return.

5. Return preparer fraud
Make sure your tax preparer has an IRS Preparer Tax Identification Number (PTIN). If a preparer doesn't put this number on your tax return as required, or fails to sign the form, that should raise a red flag. And watch out for preparers who base fees on the size of your refund. Complaints about shady tax preparers can be submitted here, via Form 14157.

6. Hiding income offshore
If you have a legitimate account abroad, you won't get in trouble if you properly complete the reporting requirements. But by failing to disclose assets held in offshore accounts, you risk huge penalties -- including a fine of $100,000 or 50% of the account balance, whichever amount is greater.

7. Fake charities
It's common for scammers to create fake charities to fraudulently collect money -- especially in the wake of disasters. Before giving money to a charity, verify that the organization is legitimate and that your donations will be tax deductible by using the IRS's Exempt Organizations Select Check. And don't give cash -- use a check or credit card so you have proof of payment.

8. Inflating income and credits
Boosting income or expenses to get bigger credits than you deserve can get you in big trouble with the IRS. If you get caught, you'll have to return any fraudulent refund and pay interest and penalties on any amount owed.

9. Frivolous arguments
Trying to get out of paying taxes? Here are some arguments that will never work: Filing a tax return is voluntary, only gold-based money is taxable or your state isn't part of the United States. Anyone who tries to tell you differently can't be trusted. These are considered frivolous arguments and will be rejected, and you could face a number of penalties.

10. Falsely claiming no income
Taxpayers who fall prey to schemes convincing them to falsely report their taxable income as zero could face a penalty of $5,000.

11. Evading taxes
Some shady investment advisers and tax preparers are creating and promoting complicated tax structures and shelters that clients can use to evade taxes -- often involving multiple entities and offshore accounts. If someone has tried to convince you to evade taxes, report the incident using Form 14157.

12. Abuse of trusts
Common schemes recommend you transfer money into trusts to reduce your income and avoid paying taxes. While there are appropriate uses of trusts, the IRS has seen a growing number of people improperly use them. The rules governing trusts can be very complicated, so to avoid getting caught up in an illegal arrangement, the IRS recommends consulting with a tax professional.

February 2014

Smart Security Precautions for Smart Phones and More

The news is full of stories about the lightning-fast methods tech-savvy criminals use to lift key personal data from cell phones, laptops, tablets and other mobile devices. Discovering that your intimate conversations, pictures or texts are now widely available on the Internet for all to see can be damaging to your personal life and livelihood. Avoid being victimized by cell phone hackers by protecting your passwords and being wary of anyone who might want to harm your reputation.

  • Use passwords, and don't share them with anyone else. Even when you make an exception for someone you trust deeply to help you out with a quick need, change the password after they've helped you.
  • Don't share your phone passwords with anyone at work or in your group of friends, and shield your screen from view when inputting passwords in public spaces.
  • Don't program passwords into your cell phone; you don’t want a thief clicking your LAPFCU mobile app and having access to your financial data.
  • Don’t keep private data in your phone for a long period of time. The data will be lost to you, possibly permanently, if hackers compromise your email. Even resetting your password and logging back into your account doesn’t let you access the information you stored there earlier.
  • Create a password update schedule and write down in code in your datebook when you plan to update your passwords.
  • If you have Bluetooth enabled, make sure “Discoverable” mode is disabled so that your phone can’t be detected by others scanning for Bluetooth devices in the area.
  • Install mobile security software if your phone supports it; some phones will lock out any entry after the phone has been idle for awhile. If your phone is stolen, this lock out will stop a thief from accessing your private data.
  • Did you know there are no "viruses" for mobile phones? However, there are some known "malware" apps that try to steal information off of your phone. Mobile security apps will check your phone for these and notify you if any are found.
Staying in touch is easy with today’s modern communication devices, but you don’t have to make it easy for hackers to steal your identity and information. Protect yourself!

If you believe your LAPFCU accounts have been breached, please call us immediately at (877) MY-LAPFCU.


December 2013

Beware of Holiday Scams

It’s sad but true that the holiday season is a choice time for scammers and thieves. Anti-fraud company Identity Theft 911 notes, “For identity thieves, the holiday season is the most wonderful time of the year. With consumers distracted with everything from shopping to holiday travel, thieves seize the opportunity to catch victims with their guard down.”

Identity Theft 911 provides data and identity security services, and offers a few hints about how you can safeguard yourself.

  1. Avoid websites that lack clear terms and conditions. Check the “contact us” page for a phone number and physical address, and the “terms and conditions” link detailing return policies. Bogus websites are less likely to post these — or they’ll provide them in a suspicious manner, such as only via a faxed request.
  2. Don’t buy gift cards from display racks. Buy gift cards from a store’s staffed customer service counter. Once cards from display racks are purchased and activated, criminals often enter stolen codes at the retailer website to make online purchases — leaving the intended recipient with a worthless card.
  3. Shop only on https sites. The “S” is for “secure.” Even if the site has an “https://” address, avoid using public Wi-Fi hot spots for online shopping or other financial transactions.
  4. Beware of post-auction offers. When shopping at online auction sites, never trust offers that arrive after you’ve lost a bid, such as when a seller claims to offer you the merchandise off-site.
  5. Beware of holiday ecards from unnamed friends or admirers. Delete these if you don’t know the sender or even if they’re from These mass-sent greetings probably contain malware. Legitimate card notifications should include a confirmation code to safely open the card at the issuing website.
  6. Ignore emails claiming that FedEx, UPS, DHL or the U.S. Postal Service has an undeliverable package with links for details. The links will install malware that can log keystrokes to steal computer files and passwords.
  7. Be mindful of charity scams. Be suspicious of email solicitations unless you have previously provided your email address to a charity. Never give cash to charities.
LAPFCU is available to assist members and their families in the event of fraud or identity theft. Please check out LAPFCU’s Identity Theft and Fraud resource page for detailed information. You are also encouraged to contact us if you notice any suspicious account activity or security-related information events. Contact us at 877-MY-LAPFCU (877-695-2732) with any questions you may have or for more information.

October 2013

Remembering all the passwords and logins that you need can be a challenge. You can’t leave a list of them lying around, and saving them on your computer can also be problematic. You may be tempted to choose a simple password—or repeatedly use the same password—because it’s easy to remember. But simple passwords don’t offer much protection. Plus, since different passwords need to be reset or changed at different times, it can be easy to confuse which password is for what account. Fortunately, there are password managers that can help you automatically create strong passwords, leaving you just to remember a single master password for everything.

Password managers typically include built-in strong and random password generators, thus making your password extremely difficult to guess or decipher. As a bonus, many will synchronize your password lists across every PC, smartphone or tablet that you own.

But which password manager should you use? As with any other important decision, it’s important to do your research first. Look online for user reviews as well as industry evaluations, and be sure to check your organization or business’ security policies to ensure you’re not interfering with existing security policies. One password manager used at LAPFCU is KeePass.

Take the guesswork out of remembering your login information – start using a password manager today!

September 2013

Mobile Banking Security Tips
Mobile banking is a popular way to monitor and manage your money—but as with any financial transaction, there are guidelines you should follow to make sure your banking information remains safe.

Connect Safely
Your mobile device may allow you to connect to different types of networks, including Wi-Fi networks. Maybe you want to check your balance or make some transfers while you grab a bite to eat at a fast food place—but before you log into your account, make sure you're not connected to the public network. Public connections aren't very secure, and you never know who could be stealing your data or listening in on your call. Disabling your device’s Wi-Fi and switching to a cellular network is a good solution.

Download Safely
Mobile devices are really just specialized computers, which means someone can design an app that accesses your information or records every letter or number you enter into your phone. This is called “keylogging.” Do your research before you download that next widget or game to make sure the app developer has a good reputation. And if you've jailbroken an iPhone or you've sideloaded unapproved apps, be aware that your data could be vulnerable.

Travel Safely
The biggest risk with your mobile device is also its biggest advantage—portability. Mobile devices are easy to carry around everywhere we go, and they contain passwords, contact lists and personal data. Information like that can be dangerous if your mobile device falls into the wrong hands. If your device has a digital locking mechanism, use it. Some devices require you to trace a pattern or insert a PIN. While it might slow you down to have to enter a PIN each time you want to use your phone, it also might be enough to keep someone else from accessing your bank account long enough for you to report your phone missing.

With a little common sense and attention, mobile banking can be both convenient and secure.

July 2013

Online Security Tips for Gen-Y

Security should always be a priority when you’re using your computer, even for the seemingly safest activities. For younger computer users who use computers in diverse ways, it can be easy to get caught by savvy cyber-criminals—but following these five guidelines can help reduce the risk of hacking and identity theft.

1. Stay Updated
Many younger people think of power, speed and versatility as more important for their computer than security, so updating security software can be forgotten. One of the most important—and most basic—ways to protect your computer is to regularly update its operating system and software, as are often how companies address a possible security issue. You can easily configure your operating system to automatically check for updates.

2. Watch What You Click
More than 9,500 malicious websites are detected by Google every single day—this includes legitimate sites that have been hijacked as well as those designed to spread malware. When friends send you links, stay aware of what you’re clicking by hovering over the links so that you can review the full address before you click.

3. Keep Your Game Face On
Don’t disable security software when gaming just to experience a high-speed connection. Instead, look for “game mode” in your security software, which won’t interrupt you while you’re in the middle of your game.

4. Choose Your Friends Carefully
Making connections online via Facebook, Vine, Twitter and other social networks is fun, but be sure to filter who you accept into your inner circle. If you get a friend request from someone you haven’t spoken to in a long time or someone you don’t know, a malicious program may be using this as an opportunity to hack into your network. Cyber criminals can exploit the trust you have built on Facebook and Twitter and use your networks, access, information and persona to solicit products and spread malware to others’ computers.

5. Watch What You Watch
Be careful when downloading videos, as they may contain viruses. If you don’t have the most up-to-date video player, download it directly from a trustworthy source. Never install software from file-sharing sites when trying to view a video, and keep in mind that downloading a video by itself should never require running an executable (.exe) file. As an extra safety measure, read the comments below videos—sometimes savvy users will alert you to a security concern.



June 2013 – Los Angeles Police Federal Credit Union recently upgraded security measures for PATROL Online Banking, ensuring the highest standard of protection for our members’ data. These upgrades are becoming more and more common within online communities, and it may be challenging to know exactly what constitutes a “strong” password when you’re creating online accounts or changing your personal access preferences.

If you're struggling to create passwords that will stump a hacker, but where you can still remember the logon, consider these tips:

  • Length. Make your passwords long with eight or more characters
  • Complexity. Include letters, punctuation marks, symbols and numbers. Use the entire keyboard, not just the letters and characters you use or see most often. The greater the variety of characters in your password, the better.
  • Variation. Set an automatic reminder for yourself to change your passwords on your email, banking and credit card websites about every three months.
  • Variety. Don't use the same password for everything.

Cybercriminals steal passwords on websites that have very little security, and then they use that same password and user name in more secure environments, such as banking websites. Cyber criminals use sophisticated tools that can rapidly decipher passwords, so avoid creating passwords that use:

  • Dictionary words
  • Words spelled backwards, common misspellings or  abbreviations
  • Sequences or repeated characters. Examples: 12345678, 222222, abcdefg
  • Personal information. Your name, birthday, driver's license, passport number or similar information.

If you have questions or concerns about your passwords, contact LAPFCU at 877-MY-LAPFCU (877-695-2732).


May 2013 – Los Angeles Police Federal Credit Union has been advised that there is a possibility of widespread Distributed Denial of Service (DDoS) attacks to financial institutions, including credit unions, on or around May 7. If such an attack were to occur, this could mean that our website and/or online banking services including mobile banking could be temporarily unavailable or load very slowly.

DDoS attacks are attempts to disrupt or suspend online service by saturating a target’s network with external communication requests to overload its server. This does not represent a threat to our members’ information or accounts. Member information is not affected.

To avoid potential delays, members may wish to consider executing all critical online banking business on a day other than May 7, or to visit one of our branches, ATMs or shared branches instead on that date.  Of course, you can always call 877-MY-LAPFCU (877-695-2732) which is available 24/7, and we have CODE 3 automated telephonic banking which is also available 24/7.

If there is a disruption to LAPFCU online service, we will notify members immediately via email and by notices on ATMs and in branches (if you need to update or provide us with your email address, please call 877-MY-LAPFCU). Service will resume as quickly as possible. As a reminder, LAPFCU will never request or solicit your personal or account information via email.

For the latest consumer information on identity theft, fraud and other cybercrimes, please visit the websites of the Internet Crime Complaint Center or Federal Trade Commission. Should you have any questions or concerns, please feel free to call 877-MY-LAPFCU (877-695-2732) which is available 24/7 and we’ll be glad to help.


February 2013 – Los Angeles Police Federal Credit Union members are urged to take precautions at ATMs and gas pumps because of a wave of identity-theft incidents sweeping the nation. In the last few years, skimmers—criminals who use fake card-swipe machines, pinhole cameras or other sophisticated devices to steal account information when you swipe your card—have stolen millions from unsuspecting card-users.

You can take steps to prevent identity theft by following these safety tips:

Avoid ATMs where individuals appear to be “hanging out” to see who uses the machines
Stay alert for signs of tampering or “loose” card-reader components on ATM machines and gas pumps
Regularly check your bank and credit card statements online for any unusual activity

If you believe an LAPFCU QuickDraw ATM has been tampered with, or if you notice suspicious activity on your account, please contact the Credit Union directly at 877-MY-LAPFCU (877) 695-2732.

Recovering from identity theft can be a time-consuming challenge. Don’t let yourself be a victim.

For the latest consumer information on identity theft, fraud and other cybercrimes, please visit the websites of the Internet Crime Complaint Center or Federal Trade Commission.


November 28, 2012 – LAPFCU has learned about an ongoing email phishing scam targeting the LAPD and possibly Credit Union members.

Fraudulent emails are being received that appear to be from NACHA, the industry trade association responsible for the ACH deposit and payment network used by banks and credit unions.

According to NACHA officials, the fraudulent emails vary in content and appear to be transmitted from email addresses associated with the NACHA domain ( Some even bear the name of fictitious NACHA employees and/or departments, and may include attachments and/or links to web pages that host malicious code and/or software.

LAPFCU is advising members not to open these attachments or click on the web links. Consult with a computer security or anti-virus specialist to check for and remove any malicious code and re-install your software if necessary.

If you receive a suspicious text message, email or phone call requesting personal or account information, please contact the Credit Union directly at 877-MY-LAPFCU (877) 695-2732).

For the latest consumer information on identity theft, fraud and other cybercrimes, please visit the Internet Crime Complaint Center.  

November 27, 2012 – Several LAPFCU Members recently contacted LAPFCU after receiving what were determined to be fraudulent text messages similar to the following:

-----Original Message-----
From: []
Sent: Monday, November 26, 2012 12:37 PM
To: XX

MSG: Your Credit Union debit card has been flagged. Call 1.919.845.5525 to remove this issue.

We wish to re-emphasize that LAPFCU will never solicit any member for private or confidential financial information. Please exercise caution when responding to any unsolicited request for personal information, no matter how official or authentic it may appear or sound.
If you receive a suspicious text message, email or phone call requesting LAPFCU account information or other private information, please contact the Credit Union directly at 877-MY-LAPFCU (877) 695-2732).

For the latest consumer information on identity theft, fraud and other cybercrimes, please visit the Internet Crime Complaint Center.

November 9, 2012 — A recent attempt by cybercriminals to obtain personal or confidential financial information was reported by one or more LAPFCU members. An official-sounding email was received by the members, stating their ACH (automated clearinghouse) transaction was rejected, and requesting that the members click on an included web link.

Cybercriminals continue to refine tactics for obtaining private information while evading detection by IT security departments and law enforcement authorities. Spear phishing emails use terms like “notification” and “alert” to create a sense of urgency or alarm. Often, finance-related words or names of financial institutions like LAPFCU, Bank of America and others are included, as are forms, attachments and other requests for personal or confidential information.

Additionally, social media sites are often used to obtain information that gives phishing emails the appearance of authenticity. Clicking on or otherwise responding to the email may allow the cybercriminal to gain access to your account information.

LAPFCU will never solicit any member for private or confidential financial information via e-mail, text message or telephone. Please exercise caution when responding to any unsolicited request for personal information.
If you have received an email or phone call supposedly from LAPFCU requesting private information, please contact the Credit Union directly at 877-MY-LAPFCU (877) 695-2732).

For the latest consumer information on phishing, identity theft and other cybercrimes, please visit the Internet Crime Complaint Center




2014 Los Angeles Police Federal Credit Union All rights reserved.