Newsroom – Keeping Your Business Private

KEEPING YOUR BUSINESS PRIVATE

Privacy is not what used to be. Most of us have embraced the conveniences of debit and credit cards and the ability to purchase goods and services online; but at what cost? Each time we sign up for a special offer, a giveaway, a rewards program, or make a purchase with a card, we are potentially giving up a piece of our privacy. Our personal data has value, and therefore considered to be commodity. Sometimes we benefit when we see online “…other users that purchased this item also purchased …” and we realize that we may want to purchase something we hadn’t already thought of. Other times, our data is sold to companies and you become a marketing opportunity for spammers to fill your email inbox. Worse, your information is used to take your money and your privacy.

Most information we willingly give to vendors is not dangerous by itself. However, it could be just enough information to convince you it is okay to give the information that put your financial data could at risk. The criminals may use technology as part of the scam, but in most cases, the victims willingly give away key pieces of their personal information. The bad guys employ a tactic know as Social Engineering. Social Engineering is geek speak for, telling you a lie in order for you to willingly offer your personal information. The key tactic of most fraud is to use lies to prey on your fears or on your greed.

When a vendor’s data is compromised, sometimes the scammers do not have enough information to gain access to your accounts. At this point, they use a technique called phishing. Like fishing, bait is used to lure you into a situation where you are compromised. In most cases, the hackers will use fear to get you to take the bait. There are cases where potential victims received email from the “IRS”. Let’s face it; any communication from the IRS is an attention getter. The email was sporting the IRS logo and the return address was spoofed, so it appeared to be an email address associated with the real IRS. The email prompted the recipient to click on a link which infected the PC with malware. In other cases you are prompted to enter personal or financial information on a counterfeit but official looking web site. Some scammers use the same techniques, but phish by phone instead through email. The results are never pleasant, and to make matters worse, the victims are duped into participating in the loss of their private information.

In more recent events, scammers have used the Affordable Health Care Act, as well as the Target and Neiman Marcus data breaches. They take advantage of those circumstances because they are surrounded by confusion and fear. Shortly after the Target compromise, the credit union received reports from members that they had received automated phone calls claiming to be from a card services department stating their debit card had been compromised. The call went on to ask for a card number, expiration date and security code. Fortunately, none of our members took the bait.

We will never call to request information that we already have. When you do call, we verify your identity by asking your previously set security question. We may email you if you fail to respond, but we will request that you call and we will never ask you to click on a link to a web site. Our procedure in cases such as the Target data breach is to send you a letter via the U.S. Postal Service informing you that your card has possibly been compromised. You have the choice to continue using the card or have a new one re-issued.

Tips:

No financial institution will ask you for information they already know via email or any other means, except to verify that you are who you say you are.

  • If you see suspicious email, call the party that sent it to verify it is legitimate using phone numbers you can verify.  Do not use a phone number in an email or left by a suspicious caller.
  • If you need to report a compromised debit or credit card on nights or weekends, call the number on the back of the card.
  • If you suspect that there is unauthorized activity on your account, call our Member Services Team immediately.

Be familiar with the Federal Trade Commission web site https://www.consumer.ftc.gov/. This site is a resource for fraud prevention, information and a place to enter complaints.

There are several fronts on the war to save your private information. There are laws and legislation, anti-malware programs, and anti-phishing add-ons for your web browser, but you are the single greatest defense of your personal information. Be suspicious of every email and phone call that you are not expecting. Don’t be afraid to challenge them by asking questions. After all, it is your privacy at stake.