Fraud & Security
July 31, 2019
The Capital One data breach: Time to check your credit report
Source: July 30, 2019, by Seena Gressin, Attorney, Division of Consumer and Business Education
If you needed yet another nudge to start keeping an eye on your credit report to protect against identity theft, Capital One has delivered it with its announcement that a data breach has exposed the personal information of 106 million of its credit card customers and credit card applicants in the United States and Canada.
News of the Capital One breach comes just one week after the Federal Trade Commission announced that Equifax agreed to pay up to $700 million to settle a lawsuit brought by the FTC, the Consumer Financial Protection Bureau, and 50 states and territories, stemming from the credit reporting giant's 2017 data breach, which affected about 147 million people.
In the Capital One breach, 100 million people in the United States and 6 million in Canada were affected. According to the bank, most of the stolen information came from the credit card applications of consumers and small businesses. The information includes names, dates of birth, addresses, phone numbers, and more, all from applications filed between 2005 and early 2019.
For credit card holders, the stolen information includes credit scores, credit limits, balances, payment history, contact information and some transaction data. The bank says the hacker also stole about 140,000 Social Security numbers, 80,000 linked bank account numbers of secured credit card holders, as well as the Social Insurance Numbers of about one million Canadians.
Capital One has posted information about the breach and says it will notify the people affected and offer them free credit monitoring and identity protection services. However, whether or not you were affected, there is no time like the present to check your free credit report and take other steps to protect against identity theft.
And one more thing: a data breach is a magnet for scammers. Be alert to emails and calls pretending to be from Capital One or the government. Neither the bank nor the government will send an email or call you to ask for credit card or account information or your Social Security number.
June 28, 2019
Not all Home Rental listings are legit. Keys to avoiding home rental scams
Before you rent, review these tips from Colleen Tressler, Consumer Education Specialist, with the FTC.
Need more space than an apartment, condo or townhouse can offer, but not ready to buy? A single-family home rental may fit the bill. But not all home rental listings are legit, so here are some tip-offs and tools to help you avoid a rental scam.
According to National Rental Home Council (NRHC) members, who are owners of rental homes, scammers use a variety of tactics to get people’s money. Some hijack a real rental listing by changing the email address or other contact information and then placing the altered ad on another site. Others gain access to keys in lock boxes, make copies, and pose as legitimate rental agents. Still others may list a property that’s already leased and then try to collect application fees, security deposits, and even the first month’s rent.
Here are some tips to help you avoid rental scams:
- Do an online search of the rental company. Enter its name plus words like “review,” “complaint” or “scam.” If you find bad reviews, you may want to look elsewhere.
- Got a good vibe? Rental home listings may appear in several places, including rental company websites and online listing services like like Zillow, Trulia or Craigslist. If you see a rental company’s listing on one of those online listing services, do a search of the home’s address to make sure it appears on the rental company’s website. If it doesn’t, it may be a scam.
- Compare prices. Is the rent a lot less than comparable rentals? That could be a red flag.
- Take a tour. Ask for identification. Rental agents should have photo ID badges issued by the company that owns or manages the property.
- Nothing sketchy yet? Apply through the rental company, licensed real estate professional or listings website.
- Before you sign a lease, look for signs at the rental with the name of the property owner or manager. Call that company before making a deal with anyone.
- Never pay with cash, wire transfers or gift cards. If anyone tells you to pay this way, it’s a sure sign of a scam. Wiring money is like sending cash — once you send it, you have no way to get it back. As for gift cards, they’re for gifts, NOT for payments.
If you spot a rental scam, report it to local law enforcement and the FTC
For more tips, see Rental Listing Scams
. Want to avoid the latest rip-offs? Sign up for free consumer alerts from the FTC at ftc.gov/subscribe.
May 30, 2019
Make it a scam-free vacation -- News from the FTC
It's almost summer! Right now, you probably have beaches on the brain or you're thinking about that long-planned trip abroad. Before you head out, take steps to help keep your dream vacation from becoming a nightmare:
Here are some tips below on how to vacation and protect your financial well-being:
Do some research - and then carefully read the details on travel offers.
- First, get recommendations from family and friends on good travel agencies, vacation rentals, hotels and travel packages - before responding to offers.
- Look up travel companies, hotels, rentals and agents with the words "scam," "review," or "complaint."
- Look for extra costs. Resort fees (also known as destination, facility and amenity fees) can add $50 or more to your nightly cost.
- Ask about taxes, which may be significant in many locations.
- Get a copy of the cancellation and refund policies before you pay.
- If you're buying travel insurance, be sure the agency is licensed.
- Bring copies of any confirmation details that show the rate and amenities you were promised. This also helps if the hotel or host says your reservation is "lost."
- Don't pay for "prize" vacations. No legitimate company will ask you to pay for a prize. Also, look for catches to resort or timeshare offers. They may come with taxes and fees to pay, timeshare presentations to attend, and high-pressure sales pitches to endure. Don't sign anything until you know the terms of the deal. Say "no thanks" to anyone who tries to rush you, without giving you time to consider the offer.
- Use a credit card, if possible, for your travel spending. This gives you more protection than paying by cash or debit card - and it may be easier to dispute unauthorized charges.
Protect your identity and account information while you're traveling.
- Take only the IDs, credit cards and debit cards you need. Make copies so, if someone steals your bag, you'll know exactly what was lost.
- Make a copy of your insurance card to take with you.
- Leave all other important documents safe at home.
- Learn how to protect your mobile devices and personal information from hackers and malware.
And while we hope it doesn't happen to you, be sure to report identity theft and any other fraud
you experience. We also recommend you notify us by sending a secure message through our e-branch
service or come in and fill out a travel form if you're planning to travel abroad. Also, if you are planning to travel somewhere different this year, please let us know. Even while you are away, we are here to protect your financial wellness.
April 10, 2019
IRS Fraud Scams -- News From the Federal Trade Commission -- Beware!
What are the latest scams and frauds to be aware of?
Have you been a victim of fraud? Protect yourself with a FREE credit freeze
A new federal law requires freezing your credit report to be free. Freezing your credit report stops a credit rating company from sharing your personal information with someone who is fraudulently attempting to open a credit card or loan in your name.
All three credit bureaus, Equifax, Experian, and TransUnion, must allow consumers to freeze and unfreeze (thaw!) their credit histories without a charge. A freeze on your credit may be necessary if you are the victim of fraudulent activity or may have been affected by a data breach.
Placing a freeze on your credit will require more work for you if you plan to borrow money because you will need to remove the freeze before applying for a loan by notifying the credit bureaus. If you have never been affected by a data breach or identity theft, you can monitor your credit without a freeze by getting your free annual copy of your full credit report. Each agency must offer you one copy once each year, so you can set up a schedule to check your credit every four months; for example:
January - Transunion Report
May: Equifax Report
September: Experian Report
Visit annualcreditreport.com for your free copy. Note: if you request a credit score, you will be charged. You can click away from these offers and see your entire history for free.
Here's how to contact the three credit bureaus if you wish to freeze your credit report:
For more information on this news click here to view an article published by the Federal Trade Commission.
April 1, 2019
Identity Theft - It Can Happen To Anyone
I experienced what it’s like to be a target of identity theft. Submitted anonymously by a NHFCU employee.
You know when you feel uneasy, when you just sense something is wrong? It happened to me recently. Here’s my story:
I got home from work late one night and opened a letter from a bank in Ohio. The bank was denying my application for a master card. The letter gave several reasons why I wasn’t being approved for the card. I knew something was wrong, because I had not applied for a card. Also, the letter stated my total monthly payments on my credit card accounts was too high and I pay my accounts off every month…this did not add up! I didn’t think about doing anything right then, because I was tired, I wanted to eat my dinner, catch up with family and relax.
The next morning when I woke up I realized this was or could be a real problem…identity theft. And, it was. My gut reaction was to start making calls. So many frightening thoughts were going through my head. Had someone stolen my social security number? Did someone wrack up thousands of dollars of bogus charges on my credit card accounts? Was someone posing as me with a fake license? Could someone do the worst and send the IRS a fake tax return? I took a deep breath, and made a list of people to call and to see in person. Once I did that, I felt like I had control of what I needed to do. Worrying wasn’t going to help. Action would.
The most important thing that made it a lot easier to start making calls is that I do all my banking and financial business locally. I could pick up the phone and ask for someone I know. The only non-local call was the bank that sent the letter.
These are the phone calls I made first and why:
*My local bank to find out if they knew the bank in Ohio was legitimate.
*The bank in Ohio to find out why the letter had been sent.
*My Insurance agent who filed a claim with my insurance company.
*All three credit bureaus to put a freeze on my accounts (Trans Union, Experian, Equifax).
*The companies I have credit card accounts with to put fraud protection and added security on them.
*My local police department to file an identity theft report.
*The Federal Trade Commission to file an incident report.
*My Financial advisor/investment company to add security to my accounts.
*NH Department of Motor Vehicle in case my license had been compromised.
*Two companies I had worked with as an independent contractor in 2018 because they issue 1099’s for taxes.
Next, I went to all these places in person:
*Two local banks and a credit union to put added security on my accounts.
*Social Security Administration to put security on my account.
Also, I went on-line to do these things:
*Downloaded Form 14093 off the IRS website which is an Identity Theft Affidavit so I could let them know my social security number had been hacked.
*Updated all 3 credit cards with new security and passwords.
Here’s what I found out:
The person I talked with at the bank in Ohio confirmed they sent the letter because “I” had applied for five new retail charge cards on January 15th. I assured him that was not true. I told him I was probably the target of identity theft. He asked for the last 4 digits of my social security number. I was reluctant to give him the information. He sensed my concern and asked me for my date of birth instead. He figured out within about two minutes my social security number had been used as a means to apply for credit. One account had already been opened January 15th. Luckily, there were no charges. He shut down that account and he went over the other four accounts and I confirmed each time I had not submitted those applications. With all those accounts shut down, he recommended I call all three credit bureaus right away to put a fraud alert on my accounts for a year. He was helpful, apologetic and gave me the information I needed to take the next steps.
When I called the credit bureaus, each person I talked with was understanding and gave me step-by-step instructions to help protect myself. When I talked with the third credit bureau, the contact confirmed my information and rattled off the last four digits of a phone number I hadn’t used in 20 years. I was shocked to find out how far back information is stored. That particular credit bureau also had a bogus phone number I’d never used, so I wondered if that might have been another account the hacker could have tried to use to steal more information.
When I talked with my credit card companies, the charges on my accounts were only ones I had made. Phew!
The woman I met with in person at Social Security told me people come in every day telling her a story like mine. She was helpful and supportive.
The local police detective said I’d taken more steps than many people who file complaints like mine.
Time spent protecting my identity and accounts:
From the time I got the letter through the next day, I had spent about six hours on the phone, on-line or in person with people making sure I have protection moving forward. I am still making follow up phone calls every week, or going on line every day to check my credit card balances. I’m working on an email for the police department so they can get me a case number I need to provide to the credit bureaus. Working full time, taking care of family, and now adding this to my life is frustrating, but I’m not letting it get to me, because I know I have to keep taking action to protect my good name.
By the time I am done settling a few more things, I will spend an average of 2 hours a week checking and rechecking my accounts for any suspicious activity.
The one thing you should do right now:
The lesson I have learned, no matter how careful I thought I had been, is that I could have done more. After reading this, if you haven’t already done it, please go to your local social security office as soon as you can and have them help you protect your identity. You are the only person who will have access. I promise, it will give you peace of mind. Though it may not stop a hacker from getting your number, it should stop them from getting into your social security account. It is something I wish I had done a long time ago.
Finally, refuse to be a victim
As I was driving home from meetings the day after I got the letter, the claims adjuster from my insurance company called. He read through what my policy covered and explained how they would help if I have to take time off from work to get paperwork notarized, if I need to hire a lawyer, and several other things that might cause lost wages in the future because I was targeted. When I told him I wanted to protect myself in every way, he said we’ll never know who did this. He also said it’s happening so much, and the hack could have originated from Duluth or the Czech Republic. I told him I felt confident I’d put all the steps in place that I can to protect myself from a further breach. He agreed I’d done a thorough job, but also said “plan for the best but expect the worst.” My response was simple. I refuse to be a victim.
It’s important to know the comfort I felt throughout this experience because of doing business with people I know and trust. I’m grateful that I have a handle on my finances locally. Each person held my hand in a different way, supporting me during the process. Knowing the person on the other end of the phone, or across the desk gave me direction and the courage to act instead of sitting down and crying. Trust is huge after something like this happens. You know who you are talking with and you know they understand. My identify theft could have come from anywhere. I’m careful with my information. I’m married to a CPA. I work in the financial industry. It happened to me anyhow.
Anyone can be targeted for identity theft. Cyber fraud is everywhere. When I re-examined the entire situation, the protections I thought I had in place for my personal information didn’t matter. Someone still got my number. What matters is they tried, but more importantly, they were unsuccessful in causing long-term harm to me because I worked through it.
*Identity Theft is time consuming, upsetting, and requires work to deal with after the fact.
*Dealing with Identity Theft takes commitment on your part to see things through. No one is a better protector/defender of your finances than you.
*f you think something may be wrong, it’s always in your best interest to investigate –don’t wait.
January 15, 2019
If you think you can't be fooled...think again
By: Polly Saltmarsh, VP Financial Education & Business Development
Do you have those movies you stop and watch, EVERY TIME, as you scroll through hundreds of channels looking for something remotely entertaining? As a Paul Newman/Robert Redford movie fan, give me Butch Cassidy and the Sundance Kid or The Sting and I will watch - again and again. (Side note: It's interesting to consider that both movies have to do with financial crimes and I happen to work in financial services.) Sadly, many people reading this may not even know who those actors or movies are, but, I digress. As I meander to my real topic, I heartily recommend these films for all.
So, what does my love of these movies have to do with NHFCU? In the film The Sting, Robert Redford and Paul Newman are grifters looking to play the BIG CON, the LONG GAME, on rival criminals. The film depicts the planning and myriad of details involved in undertaking such a con. The level of detail and the number of people involved is impressive, as is the patience it takes to lay out their long game plan. All the scheming and planning is thoroughly entertaining and makes one appreciate the intelligence and strategic vision & execution skills of these con men.
Here's what struck me as I watched the film recently. The preparation and detail that went into the "con" in the The Sting happens today - in the real world - only FASTER and with even more detail and finesse! First, we have the Internet and social media, serving up all the little details a potential con artist/fraudster can use to fool even the most skeptical mark. In five minutes or less, someone with malicious motives can often discern where you live, who your family members are, their ages, and a plethora of personal information they can employ to convince you they are for real. Just last year, I was at my desk, doing my job, when my phone rang. A familiar voice came over the line - my dad's. In his quest to protect his grandson from his overbearing mother (depends on who you talk to!), the conversation went like this:
Dad: Yah, Polly. Do you know where X is today (X is the alias I am using to protect the identity of my son).
Me: No, I don't. Why, do you need him for something?
Dad: No, (with a higher than normal pitch to his voice) I was just wondering if he was around, that's all.
Me: (Sniffing something not quite right). Tell me why you are asking. (this is an edited version of the conversation, I had to spend some time getting my father to "fess up").
Dad: Well, I don't know if I should say anything... is there any way he might have gone to Florida for a friend's wedding? Does he know someone there?
Me: No. Unless he flew there when he left work at 6 am today, I don't think he's been to Florida for a wedding. What's this about, Dad?
Turns out, someone called my father, claiming to be my eldest son. And, he stated he was in trouble. According to the caller purporting to be my son, he had been in a car accident after drinking at a wedding and needed bail money wired to him in Florida! "X" did not want Mom or Dad to know. My father even asked "X" for his parents' first names, just so he could verify he was really talking to "X". The caller knew our names and where we worked.
My "son" tearfully begged his grandfather not to tell me or my husband about the incident. When my father asked why he did not sound like himself, the explanation was easy. He had broken his nose in the car accident so he sounded funny! My father took the number and said he would have to call him back. My dad did not want to jeopardize his relationship with my son by letting me in on what was going on, but, he ultimately he called me and told me the story.
This is a SCAM! A CON! It's common! It happened to my father, and has happened to many unsuspecting victims who do not happen to have relatives working in a financial institution who can tell them it is a SCAM. These people are convincing. This kind of trick can be especially damaging when communications among family members are strained or infrequent. This caller knew what he needed to say, knew who we were, where we lived, and had a plausible answer for every question.
My dad is not the first, nor is he the last person we have spoken to who has been through an experience like this. Just look at the testimonial at the top of this newsletter. This is only one example of the details fraudsters gather and the ploys they develop for their big CONs. They use these techniques because THEY WORK.
Here are just a few tip offs that should make you think twice about what people are telling you:
- The situation is a DIRE emergency and you need to act right away.
- You are asked to keep this a secret (i.e. "PLEASE don't tell my wife, mom, dad, etc.").
- Your payment has to be by wire transfer(s) or gift card(s) or some other non-refundable means (as well as a means that does not allow you to stop payment).
If you ever question the validity of what someone is telling you when they ask for money or payment, talk to us! We are here to help protect you and your money, always.
Tips to protect your information
By practicing good security habits, you can assist us in the protection of your private information. To safeguard your personal information, please follow these guidelines:
- Be aware the common information that is requested by fraudsters:
- NHFCU account numbers, Debit/ATM or credit card numbers.
- Personal Identification Numbers (PIN) and passwords.
- Social Security number.
- Mother's maiden name.
- Other private information.
- Never reveal your PIN to anyone.
- Change your PIN at one of our offices, if you suspect it may have been compromised.
- Store your card number and PIN separately, and never write your PIN on your card.
- If you use an Online Banking or Bill Pay service, log out when finished and close your browser before leaving your computer.
- Never leave your computer unattended during an Online Banking session.
- Never use email to send your non-public information. Please always use our secure e-branch service to communicate with us.
Beware of any email asking you to log into e-branch if it does not link to the official NHFCU website.
Should you ever receive a call or email that you feel is a scam or illegitimate, please inform a representative at (603) 224-7731.
To learn about more ways to protect yourself against other threats, click on the helpful links to the left.