The electronic world we live in is teeming with potential security risks. Whether you bank online, on your mobile device or even in person, you and your personal data could be vulnerable to attack.
To help protect your accounts, ALEC utilizes state-of-the-art fraud prevention systems to detect unauthorized activity, while our staff constantly monitors your accounts for suspicious account behavior.
We work hard at ensuring your security. But so can you.
Here’s how you can protect yourself against identity theft.
- Always look at your monthly statements. Check all transactions for accuracy and immediately report anything suspicious. Keep your statements in a secure place.
- Keep track of billing and statement cycles. Missing statements may be caused by identity thieves submitting change-of-address forms to the U.S. Postal Service (USPS). The mail may be diverted to hide charges from the victim or intercept private financial documents mailed to the victim.
- Make sure your financial institutions have your current address and telephone number. If suspicious account activity is spotted by one of your financial institutions, you will need to be contacted right away.
- Keep a list of verified phone numbers. For all your accounts, write down the telephone numbers to reach each financial institution. Record the official numbers from the statements and other documents you directly received from your financial institutions.
- Do not respond to unsolicited phone calls. Never give out your personal information to someone unless you placed the call. If an unsolicited phone call sounds legitimate, ask for the person's name, position and phone number, then call your financial institution.
- Review your credit report at least once a year. Free credit reports are available every 12 months at www.annualcreditreport.com
- Use the post office or an official USPS mailbox. Never use an unlocked mailbox for outgoing mail that contains personal financial information such as bill payments or accepted credit card applications.
- Incoming mail should be picked up promptly. When traveling, always have your mail held at your local USPS branch.
- Protect your PIN and passwords for debit, credit and ATM cards. Memorize your PINs and passwords, instead of writing them down. Do not use PINs and passwords that can be personally connected to you — such as your SSN, phone number, address, names of family members or friends, or cars. Passwords should include letters and numbers where possible.
- Shred your financial trash. Any piece of paper with personal financial information should be put through a shredder or scissor-cut before being thrown out. Preapproved credit card applications should never be placed in the trash unless destroyed first. Plastic cards such as credit, debit or ATM cards should be cut up and destroyed.
- Internet frauds. Never enter personal information into a web page unless you have entered the web page address yourself — and then only on a secured website. Beware of emails asking for personal financial information. Instead, call the company or enter their web address directly into your web browser.
- Don’t keep all your credit, debit and ATM cards in your purse or wallet. Carry only the cards you would need in an emergency. Then, if your purse or wallet is stolen, only the stolen cards will need to be cancelled.
- Don’t carry your Social Security card, passport or birth certificate. Keep these documents in a secured place unless needed. Avoid giving out your Social Security Number wherever possible.
What is Phishing?
Phishing is an extremely prevalent email scam that involves the use of replicas of existing web pages to try to deceive you into entering personal, financial or password data.
Chances are, you have an email inbox that’s already received unfamiliar or unexpected messages asking you to verify personal information over the Internet or urging you to click a link. Cyber criminals often operate falsely under the guise of a familiar entity (such as the IRS or bank).
Never let your guard down. And always be highly suspicious of unsolicited communications.
ALEC, and most other reputable institutions, will never ask you via email to verify account information. And ALEC will never use email to threaten or warn you of account closure.
Other safeguards to help protect you from phishing scams:
- Beware of any email messages that use a tone of urgency or scare tactics (such as threats to close accounts).
- Do not respond to email messages asking you to verify personal information.
- Delete suspicious email messages without opening them. If you open a suspicious email message, DO NOT OPEN ANY ATTACHMENTS OR CLICK ANY LINKS.
- Install and regularly update virus protection software.
- Keep your computer operating system and web browser current.
If you see a suspicious-looking email message claiming to be from ALEC, please contact us immediately. We continually monitor such reports and act on them promptly to ensure the security of our members.
What is Vishing?
Similar to Phishing, Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be a legitimate business, and fools the victim into thinking he or she will profit.
What is SMSishing?
Similar to Phishing, SMSishing (SMS phishing) is when a potential identity thief sends you a text message asking for personal or account information. Because the text appears to be from a reputable contact, many people respond, and that’s when the theft begins.
What is Pharming?
A new scam that’s being increasingly seen is called pharming. Unlike phishing that requires the victimized user to click on a link or attachment, this scam simply redirects victims to fraudulent websites without assistance.
Pharming subverts a basic service of the Internet known as the Domain Name Service (DNS). Each machine connected to the Internet knows the location of one or more DNS servers. This service translates a human-friendly URL name (such as www.alecu.org) into an IP address, which is a unique number that has been assigned to each web server on the Internet.
Pharmers must first gain access to the DNS server and replace the IP number for the financial institution’s URL with the IP number of his or her fraudulent website. When this occurs, any person using that DNS server will be secretly redirected to the fraudulent website.
Pharming requires either an unpatched software/server vulnerability to exist on the DNS server itself, or the criminal needs an insider at the ISP or financial institution to make unauthorized DNS server changes. The good news is, this rarely occurs.
Rest assured, ALEC regularly manages and updates its DNS server’s software to maintain the extremely high level of security to help ensure that our members are protected. In addition, our website utilizes Pharming ShieldT, a proprietary suite of protection services designed to detect the widest variety of pharming and identity theft activity. Pharming Shield provides full protection against DNS hijacking, website defacement and SSL theft.
How to Report Identity Theft
If you’ve become a victim of a phishing scam or identity theft, here are vital steps you should take immediately.
If you’ve given out your credit, debit or ATM card information:
- Report the incident to the card issuer immediately.
- Cancel your account and open a new one.
- Review billing statements carefully after the incident.
- If the statements show unauthorized charges, send a letter to the card issuer via regular mail (keep a copy) describing each questionable charge.
If you’ve given out your bank account information:
- Report the theft to the financial institution as quickly as possible.
- Cancel your account and have a new one opened.
If you’ve downloaded a virus or Trojan Horse:
Viruses or a Trojan Horse (unobtrusive malware that is inside your computer that contain malicious code) often install "key logger" programs that capture every keystroke on your computer, then forward the information you typed to cyber criminals (such as Social Security Numbers, account and credit card numbers, usernames and passwords, plus other valuable personal data).
If this occurs, you likely may not be aware. To minimize this risk, you should:
- Install and/or update anti-virus and personal firewall software.
- Update all virus definitions and run a full scan.
- If your system still appears compromised, have it repaired, and change your password again.
Other security precautions if you suspect your personal information is in the wrong hands:
- Check all other accounts you have that could have been fraudulently accessed —including eBay, PayPal, your email ISP, online bank accounts, and other e-commerce accounts you’ve visited.
- Document the names and phone numbers of everyone you speak with regarding the incident. Follow-up your phone calls with letters. Keep copies of all correspondence.