How to Protect Yourself from Spoofing Phone Scams
We’ve been notified of an increase in spoofed calls, including Excite Credit Union’s toll free phone number, 1-800-232-8669.
Remember, any Excite Team Member will never call you and ask for your :
- Social Security Number
- Account, card or member number
- Online banking or mobile user name or password
- Security Word or one-time PIN (unless YOU called us and we are trying to confirm your identity).
Call Spoofing, or Caller ID Spoofing is when someone fakes the Caller ID details that appear on your phone. Fraudsters use this technique to trick their victims into revealing personal information.
Here are some tips from the FCC to Avoid Spoofing Scams:
While you may not be able to tell if an incoming call is spoofed, be wary of callers asking for personal information and hang up if you are in doubt.
- Don’t answer calls from unknown numbers.
- If you answer the phone and the caller or a recording, asks you to push a number to stop getting calls, hang up. Scammers often use this trick to identify potential targets.
- Do not respond to questions, especially those that can be answered with a simple “yes” or “no.”
- Never give out personal identification such as account numbers, Social Security numbers, mother’s maiden names, passwords or other unique identifying information.
- If you get an inquiry from someone who says they represent a company or a government agency, hang up and call the phone number on your account statement, in the phone book, or on the company’s or government agency’s website to verify the authenticity of the request. You will usually get a written statement in the mail before you get a phone call from a legitimate source, mainly if the caller is asking for a payment.
- Talk to your phone company about call blocking tools they may have and check into apps that you can download to your mobile device to block unwanted calls. Information on available robocall blocking tools is available at fcc.gov/robocalls.
- Set a password for your voicemail.
Learn more about spoofing and how you can report it on the FCC’s website at https://www.fcc.gov/consumers/guides/spoofing-and-caller-id
If you suspect fraudulent activity on your Excite Credit Union account(s), call us at 1-800-232-8669 to report it right away.
In addition to the security measures that protect your information and accounts, it’s important that you maintain the security of your devices so that others cannot access your personal and financial information.
- It is recommended to not use a public device to log into Online Banking, as the device may be compromised with malware or a keylogger, which could lead to your Online Banking credentials being compromised.
- Keep your contact information updated so Excite CU can contact you if we see anything suspicious
- Update your devices with the latest browsers and operating systems
- Use strong passwords, fingerprint or facial recognition
- Look out for suspicious emails, and don’t click or respond
- Be extra careful online—look for secure websites that start with “https” (not “http”), don’t share too much about yourself on social media, and remember that links in social media can also be harmful
Identity theft continues to threaten millions of U.S. consumers each year. Here are some basic tips to protect yourself and recover from identity theft:
- Ask Excite CU to set up a verbal SECURITY WORD and make it mandatory. This means you will have to provide the verbal Security Word on file every time you call into Excite CU. Never provide your Security Word when someone stating they are with Excite CU calls you.
- Visit identitytheft.gov. This website provides guidance for identity theft victims.
- Monitor your credit report to ensure that no one has opened accounts in your name—get a free copy annually at annualcreditreport.com. Because all three credit bureaus participate, you can request one at a time from each bureau to monitor your credit throughout the year.
- Place a free temporary or permanent extended fraud alert or security freeze on your credit files with each of the credit bureaus so no one can open new credit accounts in your name. The security freeze will need to be placed separately with each bureau, whereas the extended fraud alert will only need to be placed with one of the bureaus. You can review the FTC information guide explaining the difference between the Security Freeze and the Extended Fraud Alert to decide which is right for you:
- Contact consumer reporting agency ChexSystems to place a security freeze. This will help prevent a fraudster from opening checking/savings accounts in your name.
- File a complaint with the Federal Trade Commission.
- File a complaint with the FBI’s Internet Crime Complaint Center.
- Sign up for Informed Delivery with the US Post Office – this service will send you a preview of incoming mail to your email.
Card security tips
- Treat your card like cash and keep it in a secure location
- Don’t write your Personal Identification Number (PIN) on your card or keep it with your card
- Don’t lend your card or give your PIN to anyone—not even an Excite CU employee
- Use an ATM in a well-lighted location that is free of shrubbery
- Always shield the ATM keypad, so that anyone waiting to use the ATM cannot see you enter your PIN
- Never count cash at the machine; wait until you’re in a secure place
- Always check the total of each transaction before you sign the sales slip, and never sign one without a dollar amount
- Check your monthly statement for accuracy and/or suspicious charges
- Shred your receipts after verifying the transactions
- Keep records of all of your cards, including the contact information for each issuer
- Report lost or stolen cards immediately.
- If your card is stolen, notify the police department, as well
Common Scams, Motives and Tips to Avoid Falling Victim
Phishing is a scam that attempts to trick consumers into providing personal information. A communication claiming a need to verify personal information is sent, often directing consumers to a fake website to verify personal details or prove eligibility for a non-existent prize. These fake websites and email messages can look legitimate, using logos and other elements from actual financial or government institutions.
- The attempt to acquire confidential information through spam and e-mail spoofing.
- Usually contain an E-mail with a fake logo and an urgent call to action.
- Excite CU will never send you an e-mail asking you to verify or send personal information in reply.
- The attempt to acquire confidential information through malicious or fake cloned websites.
- Usually comes in the form of a Website requesting sensitive data.
- Excite CU will never send you an e-mail asking you to verify or send personal information in reply or via a website.
- The attempt to acquire confidential information through phone impersonation. The calls or text messages often instruct consumers to urgently call a telephone number.
- Consumers who fall victim to these call the number and furnish sensitive information to a person they believe is trusted.
- Security attacks that include text messages are especially important, as often the consumer is tricked into clicking on a link and thereby downloading a Trojan horse, virus or other malware onto their cellular phone or other mobile device.
- The attempt to use Psychological manipulation of people into giving confidential information for the purpose of information gathering, fraud, or system access. Also known as Human hacking.
- Social engineering has many attack vectors including email, phone, in-person conversation, social networking, and even snail-mail or fax.
The Attacker's Motives
- Financial gain: For obvious reasons.
- Political gain: Think of cyber warfare and terrorism. For instance, you may have heard about the alleged state-sponsored attacks coming from China or Russia. Or the hacker groups that have formed and launched attacks in support of ISIS.
- Personal vendettas: This can include revenge, disgruntled employees and insider attacks. However, this could also be disgruntled members or non-members with the same motives.
- Malice or curiosity: The classic stereotype of hackers depicted in TV and film. While some may want to prove their SE expertise, some could be amateurs who are curious to test what they are capable of.
Tips To Avoid Falling Victim to Scams
- Never give out bank account or credit card numbers over the phone if you didn't initiate the call to a reputable, known business. Scam artists constantly try fresh stories to trick consumers into giving out their private personal and financial information.
- Do not reply to the unsolicited e-mail or respond by clicking on a link within the unsolicited e-mail message. Make sure you know who or where an e-mail is from before opening any attachments.
- If entering personal data, be careful and be sure to only do so on Web sites known to be legitimate and secure. Always look for a “locked padlock” in the browser or “https” at the beginning of the Web site's URL address for proof of security.
- Check your accounts, view statements, and verify all transactions a few times per month for any unauthorized charges.
- Regularly update anti-virus software and system security patches.
- Try to stay away from "free offers," especially those that ask you for private information bank account or credit card numbers. Keep in mind that such great offers tend to cover up the real purpose of just persuading you to give up your financial information.
For more information about Phishing scams, please visit these sites: