Mobile Banking Security
May 7, 2013 Dedicated Denial of Service Attack Warning
Voice phishing, or “vishing,”
Latest Cyber Scams, Fraud Activity and Importnant Contact Information
Preventing ID Theft and Fraud Offline and Online
Technology Solutions and Industry Partnerships
Identity Theft 911
Look Out For Tax Scams!
Tax season is a prime time for thieves, hackers and con artists to go after potential victims. Here are "the Dirty Dozen" schemes the IRS is warning about:
1. Identity Theft
The number of identity theft-related criminal investigations surged 66% in 2013. Receiving a notice from the IRS saying that more than one return has been filed under your name is an indication that your identity may have been compromised. In that case, contact the IRS Identity Protection Specialized Unit at 1-800-908-4490.
2. Phone scams
A new scam is gaining popularity, where fraudsters call and pretend to be from the IRS. Some callers demand tax payments and even threaten arrest or other law enforcement action if the person refuses. They may even hang up and call back pretending to be the police. Others tell victims they are owed large refunds and ask for personal information in order to steal their identity. If you believe you're a victim of this scam, call the Treasury Inspector General 1-800-366-4484.
If you receive an e-mail that appears to be from the IRS and asks for personal information, it's most likely a phishing scam that wants your identity and your money. The IRS does not reach out to taxpayers via e-mail, texts or social media, so relay any such messages to firstname.lastname@example.org.
4. "Free Money"
Be wary of fliers and ads promising "free money" from the IRS or anyone offering a refund that sounds too good to be true. Some scammers target low-income and elderly people, often through churches, convincing them to claim credits they aren't entitled to -- and even Social Security rebates that don't exist. These con artists often charge up-front fees and disappear without a trace before the IRS rejects the claims. The victims don't just lose the scammer's "fee" -- they could also get hit with a $5,000 penalty for making intentional errors on their return.
5. Return preparer fraud
Make sure your tax preparer has an IRS Preparer Tax Identification Number (PTIN). If a preparer doesn't put this number on your tax return as required, or fails to sign the form, that should raise a red flag. And watch out for preparers who base fees on the size of your refund. Complaints about shady tax preparers can be submitted here, via Form 14157.
6. Hiding income offshore
If you have a legitimate account abroad, you won't get in trouble if you properly complete the reporting requirements. But by failing to disclose assets held in offshore accounts, you risk huge penalties -- including a fine of $100,000 or 50% of the account balance, whichever amount is greater.
7. Fake charities
It's common for scammers to create fake charities to fraudulently collect money -- especially in the wake of disasters. Before giving money to a charity, verify that the organization is legitimate and that your donations will be tax deductible by using the IRS's Exempt Organizations Select Check. And don't give cash -- use a check or credit card so you have proof of payment.
8. Inflating income and credits
Boosting income or expenses to get bigger credits than you deserve can get you in big trouble with the IRS. If you get caught, you'll have to return any fraudulent refund and pay interest and penalties on any amount owed.
9. Frivolous arguments
Trying to get out of paying taxes? Here are some arguments that will never work: Filing a tax return is voluntary, only gold-based money is taxable or your state isn't part of the United States. Anyone who tries to tell you differently can't be trusted. These are considered frivolous arguments and will be rejected, and you could face a number of penalties.
10. Falsely claiming no income
Taxpayers who fall prey to schemes convincing them to falsely report their taxable income as zero could face a penalty of $5,000.
11. Evading taxes
Some shady investment advisers and tax preparers are creating and promoting complicated tax structures and shelters that clients can use to evade taxes -- often involving multiple entities and offshore accounts. If someone has tried to convince you to evade taxes, report the incident using Form 14157.
12. Abuse of trusts
Common schemes recommend you transfer money into trusts to reduce your income and avoid paying taxes. While there are appropriate uses of trusts, the IRS has seen a growing number of people improperly use them. The rules governing trusts can be very complicated, so to avoid getting caught up in an illegal arrangement, the IRS recommends consulting with a tax professional.
Smart Security Precautions for Smart Phones and More
The news is full of stories about the lightning-fast methods tech-savvy criminals use to lift key personal data from cell phones, laptops, tablets and other mobile devices. Discovering that your intimate conversations, pictures or texts are now widely available on the Internet for all to see can be damaging to your personal life and livelihood. Avoid being victimized by cell phone hackers by protecting your passwords and being wary of anyone who might want to harm your reputation.
Online Security Tips for Gen-Y
Security should always be a priority when you’re using your computer, even for the seemingly safest activities. For younger computer users who use computers in diverse ways, it can be easy to get caught by savvy cyber-criminals—but following these five guidelines can help reduce the risk of hacking and identity theft.
1. Stay Updated
Many younger people think of power, speed and versatility as more important for their computer than security, so updating security software can be forgotten. One of the most important—and most basic—ways to protect your computer is to regularly update its operating system and software, as are often how companies address a possible security issue. You can easily configure your operating system to automatically check for updates.
2. Watch What You Click
More than 9,500 malicious websites are detected by Google every single day—this includes legitimate sites that have been hijacked as well as those designed to spread malware. When friends send you links, stay aware of what you’re clicking by hovering over the links so that you can review the full address before you click.
3. Keep Your Game Face On
Don’t disable security software when gaming just to experience a high-speed connection. Instead, look for “game mode” in your security software, which won’t interrupt you while you’re in the middle of your game.
4. Choose Your Friends Carefully
Making connections online via Facebook, Vine, Twitter and other social networks is fun, but be sure to filter who you accept into your inner circle. If you get a friend request from someone you haven’t spoken to in a long time or someone you don’t know, a malicious program may be using this as an opportunity to hack into your network. Cyber criminals can exploit the trust you have built on Facebook and Twitter and use your networks, access, information and persona to solicit products and spread malware to others’ computers.
5. Watch What You Watch
Be careful when downloading videos, as they may contain viruses. If you don’t have the most up-to-date video player, download it directly from a trustworthy source. Never install software from file-sharing sites when trying to view a video, and keep in mind that downloading a video by itself should never require running an executable (.exe) file. As an extra safety measure, read the comments below videos—sometimes savvy users will alert you to a security concern.
June 2013 – Los Angeles Police Federal Credit Union recently upgraded security measures for PATROL Online Banking, ensuring the highest standard of protection for our members’ data. These upgrades are becoming more and more common within online communities, and it may be challenging to know exactly what constitutes a “strong” password when you’re creating online accounts or changing your personal access preferences.
If you're struggling to create passwords that will stump a hacker, but where you can still remember the logon, consider these tips:
Cybercriminals steal passwords on websites that have very little security, and then they use that same password and user name in more secure environments, such as banking websites. Cyber criminals use sophisticated tools that can rapidly decipher passwords, so avoid creating passwords that use:
If you have questions or concerns about your passwords, contact LAPFCU at 877-MY-LAPFCU (877-695-2732).
May 2013 – Los Angeles Police Federal Credit Union has been advised that there is a possibility of widespread Distributed Denial of Service (DDoS) attacks to financial institutions, including credit unions, on or around May 7. If such an attack were to occur, this could mean that our lapfcu.org website and/or online banking services including mobile banking could be temporarily unavailable or load very slowly.
DDoS attacks are attempts to disrupt or suspend online service by saturating a target’s network with external communication requests to overload its server. This does not represent a threat to our members’ information or accounts. Member information is not affected.
To avoid potential delays, members may wish to consider executing all critical online banking business on a day other than May 7, or to visit one of our branches, ATMs or shared branches instead on that date. Of course, you can always call 877-MY-LAPFCU (877-695-2732) which is available 24/7, and we have CODE 3 automated telephonic banking which is also available 24/7.
If there is a disruption to LAPFCU online service, we will notify members immediately via email and by notices on ATMs and in branches (if you need to update or provide us with your email address, please call 877-MY-LAPFCU). Service will resume as quickly as possible. As a reminder, LAPFCU will never request or solicit your personal or account information via email.
For the latest consumer information on identity theft, fraud and other cybercrimes, please visit the websites of the Internet Crime Complaint Center or Federal Trade Commission. Should you have any questions or concerns, please feel free to call 877-MY-LAPFCU (877-695-2732) which is available 24/7 and we’ll be glad to help.
February 2013 – Los Angeles Police Federal Credit Union members are urged to take precautions at ATMs and gas pumps because of a wave of identity-theft incidents sweeping the nation. In the last few years, skimmers—criminals who use fake card-swipe machines, pinhole cameras or other sophisticated devices to steal account information when you swipe your card—have stolen millions from unsuspecting card-users.
You can take steps to prevent identity theft by following these safety tips:
|•||Avoid ATMs where individuals appear to be “hanging out” to see who uses the machines|
|•||Stay alert for signs of tampering or “loose” card-reader components on ATM machines and gas pumps|
|•||Regularly check your bank and credit card statements online for any unusual activity|
If you believe an LAPFCU QuickDraw ATM has been tampered with, or if you notice suspicious activity on your account, please contact the Credit Union directly at 877-MY-LAPFCU (877) 695-2732.
Recovering from identity theft can be a time-consuming challenge. Don’t let yourself be a victim.
November 28, 2012 – LAPFCU has learned about an ongoing email phishing scam targeting the LAPD and possibly Credit Union members.
Fraudulent emails are being received that appear to be from NACHA, the industry trade association responsible for the ACH deposit and payment network used by banks and credit unions.
According to NACHA officials, the fraudulent emails vary in content and appear to be transmitted from email addresses associated with the NACHA domain (@nacha.org). Some even bear the name of fictitious NACHA employees and/or departments, and may include attachments and/or links to web pages that host malicious code and/or software.
LAPFCU is advising members not to open these attachments or click on the web links. Consult with a computer security or anti-virus specialist to check for and remove any malicious code and re-install your software if necessary.
If you receive a suspicious text message, email or phone call requesting personal or account information, please contact the Credit Union directly at 877-MY-LAPFCU (877) 695-2732).
For the latest consumer information on identity theft, fraud and other cybercrimes, please visit the Internet Crime Complaint Center.
November 27, 2012 – Several LAPFCU Members recently contacted LAPFCU after receiving what were determined to be fraudulent text messages similar to the following:
From: XXX@messaging.sprintpcs.com [mailto:XXX@messaging.sprintpcs.com]
Sent: Monday, November 26, 2012 12:37 PM
MSG: Your Credit Union debit card has been flagged. Call 1.919.845.5525 to remove this issue.
We wish to re-emphasize that LAPFCU will never solicit any member for private or confidential financial information. Please exercise caution when responding to any unsolicited request for personal information, no matter how official or authentic it may appear or sound.
If you receive a suspicious text message, email or phone call requesting LAPFCU account information or other private information, please contact the Credit Union directly at 877-MY-LAPFCU (877) 695-2732).
For the latest consumer information on identity theft, fraud and other cybercrimes, please visit the Internet Crime Complaint Center.
November 9, 2012 — A recent attempt by cybercriminals to obtain personal or confidential financial information was reported by one or more LAPFCU members. An official-sounding email was received by the members, stating their ACH (automated clearinghouse) transaction was rejected, and requesting that the members click on an included web link.
Cybercriminals continue to refine tactics for obtaining private information while evading detection by IT security departments and law enforcement authorities. Spear phishing emails use terms like “notification” and “alert” to create a sense of urgency or alarm. Often, finance-related words or names of financial institutions like LAPFCU, Bank of America and others are included, as are forms, attachments and other requests for personal or confidential information.
Additionally, social media sites are often used to obtain information that gives phishing emails the appearance of authenticity. Clicking on or otherwise responding to the email may allow the cybercriminal to gain access to your account information.
LAPFCU will never solicit any member for private or confidential financial information via e-mail, text message or telephone. Please exercise caution when responding to any unsolicited request for personal information.
If you have received an email or phone call supposedly from LAPFCU requesting private information, please contact the Credit Union directly at 877-MY-LAPFCU (877) 695-2732).
For the latest consumer information on phishing, identity theft and other cybercrimes, please visit the Internet Crime Complaint Center.