May 19, 2017
DocuSign Phishing Attempt
DocuSign users are being targeted by an email phishing attempt. The users receive an email from what appears to be from DocuSign. The email is designed to be official-looking and states that the user needs to download and print a document attachment. However, the document attachment is really an executable program file containing malware that infects the user’s computer.
We have notified LAPFCU members who have used DocuSign about this phishing attempt. However, the attempt is targeting all Docusign users, not just LAPFCU members.
It is important to note that the perpetrators are only targeting users with phishing emails and have not stolen any user personal information.
Never open emails or attachments when they are unexpected, if you do not recognize the sender, or if you are unsure of what the email is or why you received it. Always keep your antivirus software and operating system up-to-date.
For more information about the DocuSign phishing attempt, please visit the DocuSign Trust Center.
January 17, 2017
What is Ransomware?
A Security Update from LAPFCU
The Los Angeles Times called 2016 the year of “ransomware.”1 What is ransomware and how can we make sure this security threat doesn’t roll over to 2017?
First and foremost, let’s define ransomware. Ransomware is malware –malicious software designed to damage your system – that makes you pay a “ransom” to regain access to your website or data.
Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer. [Ransomware]… attempts to extort money from victims by displaying an on-screen alert. These alerts often state that their computer has been locked or that all of their files have been encrypted, and demand that a ransom is paid to restore access. This ransom is typically in the range of $100–$300 dollars, and is sometimes demanded in virtual currency, such as Bitcoin.
Ransomware is typically spread through phishing emails that contain malicious attachments and drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and malware is downloaded and installed without their knowledge. Crypto ransomware, a variant that encrypts files, is typically spread through similar methods, and has been spread through Web-based instant messaging applications.2
According to the United States Computer Emergency Readiness Team (US-CERT)2, here are some steps you can take to prevent ransomware:
- Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process.
- Maintain up-to-date anti-virus software.
- Keep your operating system and software up-to-date.
- Do not follow unsolicited web links in email.
- Use caution when opening email attachments.
- Follow safe practices when browsing the web.
If you become a victim of ransomware, report it to the FBI at their Internet Crime Complaint Center. LAPFCU is always looking out for you and new ways to keep your personal information safe. If you would like more information, please read the FBI Cyber Division’s brochure on ransomware here.
Sources: 1Hiltzik, M. (2016, March 8). 2016 is shaping up as the year of ransomware. Retrieved March 11, 2016, from http://www.latimes.com/business/hiltzik/la-fi-mh-2016-is-the-year-of-ransomware-20160308-column.html 2Crypto Ransomware. (20104, October 22). Retrieved March 11, 2016, from https://www.us-cert.gov/ncas/alerts/TA14-295A
December 2, 2016
Monitor Account Activity During the Holidays With Text Alerts
During the holidays, your accounts and card experience a lot of activity. It’s important to keep track of balances, transactions and monitor for fraud. One useful feature of LAPFCU’s text banking services* is the ability to receive alerts and block unauthorized transactions. Here are three free and simple ways you can monitor account activity:
- smsGuardianTM For Debit Cards. The best way to beat fraud on a debit card is to catch it early and stop it. That’s why LAPFCU is introducing smsGuardianTM, which sends a text alert when a signature-based transaction is performed on your LAPFCU debit card.* If you receive an alert for a purchase you didn’t make, and confirm that it’s an unauthorized transaction, a notification will immediately be given to a fraud analyst so they can block the card. Learn more and opt-into smsGuardian here.
- PATROL Text Alerts For Your Accounts. Sign up for account alerts through PATROL Online Banking! Simply go to My Settings and choose Alerts and Notifications on the left side. You can choose text alerts for various types of account activities and reminders.*
- eZCard For Your Visa Always be aware of your transactions and how close you are to the limit on your credit card account. The more knowledgeable you are, the more likely you are to notice unauthorized purchases, an approaching credit limit or high balance. Members can receive multiple notifications for their LAPFCU Visa credit cards, including payment due date reminders, current balances, transactions and much more!*
eZCard gives you plenty of options so you always know what is happening with your LAPFCU Visa credit card! Take advantage of this free service on ezcardinfo.com. Create an account, log in and then select Add New Alert in the upper right corner.
Learn more about smsGuardian or eZCard here. If you would like to sign up for PATROL Online Banking, please call 877-MY-LAPFCU (877-695-2732).
February 22, 2016
To Shred or Not to Shred?
One the best ways you can defend yourself against identity theft or other forms of fraud is to shred important documents when you don’t need them anymore. But, what is considered an important document? The following is what we recommend you shred:
- ATM Receipts. You don’t need them after you have compared them with your online account or paper statement.
- Tax Returns. The IRS states that you should keep your tax returns for approximately three years. After that, it is recommended you shred them because of the personal and financial information on them.
- Monthly Account Statements. Regardless of the account type, any type of monthly financial statement you receive should be shredded after three years.
- Plastic Cards. If you have an expired credit or debit card, be sure to shred it. You should never just throw it away.
- Paycheck Stubs. You really should only keep your latest paycheck stubs if you are applying for a mortgage loan. Otherwise, you can shred the ones you don’t need.
- Insurance Policies, Claims and Payment Information. Anything about your insurance policy should be kept as long as you have your policy. You should speak to your broker to see how long you should keep claims and payment information, and anything you do not need to keep should be shredded.
- Loan Information. Anything that has to do with a mortgage loan, auto loan or other type of loan that includes your loan number, address, Social Security Number or other personal financial information should be shredded when you do not need it any longer.
The best rule of thumb to follow is if there is personal financial information on the document or form, you should shred it. If you feel more comfortable using a professional shredding service, just bring your documents to one of LAPFCU’s free shredding events. To learn more, check back at lapfcu.org for Shred-It Day events or give us a call at 877-MY-LAPFCU (877-695-2732).
Southwest Strategic Marketing, LLC
January 24, 2016
TAX ID THEFT WEEK
Beat scammers to your IRS refund check
Here is the IRS’s phone number: 800-829-1040. With an anticipated $21 billion in tax refund fraud this year, you might need it. And that figure doesn’t include losses from dodges like the IRS phone scam, which has been enjoying a renaissance of late.
IRS phone frauds aren’t terribly difficult to detect. You get a call from the IRS saying you owe money and that you must pay immediately. The threat of police intervention may or may not accompany this hot and heavy approach.
Here’s the one-step method: hang up. The IRS doesn’t call asking for money yet.
Let’s say you forget the one-step method. Here are four dead giveaways that it’s a scam:
- The IRS never asks for immediate payment.
- The agency will never bill you without giving you an opportunity to dispute the claim.
- Although you shouldn’t get this far into the conversation, the IRS doesn’t care how you pay, and won’t point you to a particular method.
- There will never be any threat involving police or marshals or prison.
If you were starting to feel a little better, stop. Think of tax refund fraud as the clever cousin of the above. It’s not at all easy to detect, or even avoid.
Tax refund fraud getting worse
With more than a billion personal records “out there,” identity theft has become the third certainty in life, right behind death and the topic at hand.
I continue to talk about this topic because a knowledgeable taxpayer stands a better chance of sidestepping the tax-time pitfalls out—especially tax refund fraud.
Unfortunately, if you become the victim of tax refund fraud, you are going to have a long road ahead before everything is resolved. It is not uncommon to wait more than six months before you get the tax refund that’s actually owed to you.
That is why it’s important to shift to a new paradigm and act.
- Assume that your data has been compromised, and proceed accordingly.
- File your taxes as early as possible.
- Read all mail from the IRS, and if there is any indication of fraud, act without delay.
What’s the bottom line here? There are myriad ways to get scammed. If your Social Security number has been compromised in a data breach (21.5 million SSNs were compromised in last year’s Office of Personnel Management breach alone, not to mention the approximately 100 million SSNs involved in health care breaches), then you are in the danger zone.
What to do if you’re a victim
Report the crime. File a report with your local police, call the FTC Identity Theft Hotline at 1-877-438-4338, and the IRS at the number provided at the beginning of this column.
Request a fraud alert or credit freeze. Your Social Security number is definitely in enemy hands. Contact one of the three major credit reporting agencies—Equifax, Experian or TransUnion—and ask that a fraud alert be placed on your credit records. A credit freeze is a more comprehensive lockdown of your credit report than a fraud alert, but it’s also a bit more cumbersome. You have to request a freeze with each of the three bureaus and there may be a fee to freeze and unfreeze your credit, depending on the state where you live. No matter which option you choose, it’s important to remember this is no silver bullet and there are still other forms of identity theft you’re vulnerable to despite having a frozen credit report.
Consider enrolling in credit monitoring programs. You might wish to purchase a combination credit and fraud monitoring service, which provides instant alerts whenever anyone attempts to open a credit account in your name. This can be an effective backup to fraud alerts.
Close fraudulent accounts. Again, the tax refund fraud is impossible without your personally identifiable information. Check your credit reports. You can get free copies of your credit reports once a year at AnnualCreditReport.com. (You can also get a free credit report summary every month on Credit.com.) Close any credit or financial account that has been tampered with by a thief or opened without your permission.
Contact the IRS. Call the number provided on the IRS notice informing you of the fraud if it is not the same as the number provided here. To clear your tax record, complete IRS Form 14039, Identity Theft Affidavit. You can use a fillable form at IRS.gov, print it, then mail or fax it.
Pay your taxes. Be sure to continue to pay your taxes and file your tax returns on time, even if you must do so by mailing in paper forms.
Stay diligent. If you contacted the IRS about taxpayer ID theft and did not receive a resolution, also contact the Identity Protection Specialized Unit at 1-800-908-4490 about your case.
Stay alert. You have to assume that if someone has enough of your personal information to file a tax return, they have more than enough information to commit other forms of identity theft. Read every explanation of benefits statement and be sensitive to any communication you may receive from a debt collector. It may not be a mistake.
Unfortunately, tax fraud is a fact of life. The best way to deal with it also happens to be simple: File as early as possible and open all your mail.
January 11, 2016
Common Tax and IRS Scams
Phone scams are not a new invention, but thieves step up their game around the holidays and during tax season. E-mail scams are also becoming increasingly more popular as technology expands. With so many avenues, scam artists seek to exploit more opportunities every day.
Here are some of the common scams that you should be aware of:
Although it is not a new scheme, IRS impersonators are on the rise. Sometimes these fraudsters will say you owe money, and sometimes they will actually say you have come into a windfall and they need your information so you can claim your money. Because the scammers may already have some of your information, it might seem like a legitimate phone call.
In addition, the scam artists may be able to change the caller ID to make it seem like the IRS really is calling. If you owe taxes, or if you should receive a refund, the IRS will notify you by mail. They will not call you.
E-mail gives IRS impersonators a platform for reaching the masses. By getting the person who receives the e-mail to click on a link or attachment, they are able to gather information about your username, passwords or other sensitive information. Even if the email has a legitimate logo or URL, the IRS does not initiate contact with taxpayers via e-mail.
According the IRS website:
Note that the IRS will never: 1) call to demand immediate payment, nor will the agency call about taxes owed without first having mailed you a bill; 2) demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe; 3) require you to use a specific payment method for your taxes, such as a prepaid debit card; 4) ask for credit or debit card numbers over the phone; or 5) threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.1
It is important to be aware of phone, e-mail and any other type of IRS scams. Many scammers try to target victims during the holidays, when taxpayers are already spending a lot of money and prepping for tax season. Don’t be a victim – stay informed! If you would like to learn more about tax scams and consumer alerts, please visit https://www.irs.gov/uac/Tax-Scams-Consumer-Alerts.