MasterCard® SecureCode
Have you made an online purchase recently? Have you been asked for your MasterCard SecureCode? This is a new service to enhance your existing MasterCard account. A private code means added protection against unauthorized use of your card when you shop at participating online merchants.

Once you've registered and created your own private SecureCode (which you may do at this website), you will be automatically prompted by your financial institution at checkout to provide your SecureCode each time you make a purchase with a participating online merchant. Your SecureCode will quickly be confirmed by your financial institution, and then you may complete your purchase. Your SecureCode will never be shared with the merchant. It's just like entering your PIN at an ATM.

When you correctly enter your SecureCode during a purchase at a participating online merchant, you confirm that you are the authorized cardholder and your purchase is then completed. If an incorrect SecureCode is entered, the purchase will not be completed. Even if someone knows your credit or debit card number, the purchase cannot be completed without your SecureCode at a participating merchant.

If you would like further information regarding the MasterCard SecureCode, or if you’d like an online demonstration, please visit MasterCard&reg SecureCode™.

Taking Steps To Keep You And Your Credit/Debit Card Purchases Safe
In an effort to prevent potential fraudulent activity on your card, the credit union implemented a security procedure that will deny transactions that seem potentially fraudulent. To make sure unusual purchases do not get declined, please keep personal information updated, especially phone numbers, and inform the credit union at 858-547-7400 when you will be making larger purchases than normal (such as a big-screen TV or expensive jewelry), or if you’ll be making purchases while out of the country. In the event there is unusual activity on your card, our Fraud Department will contact you. This security procedure will help protect you from fraud and help prevent loss.

Various Phishing Methods:

E-MAIL “PHISHING” - Phishing (pronounced "fishing") is a scam to steal valuable information such as credit card and Social Security numbers, user IDs, and passwords. In phishing, also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, credit union, bank, or retail establishment. E-mails can be sent to people on selected lists or on any list, and the scammers expect some percentage of recipients will actually have an account with the real organization.

LAND LINE TELEPHONE “VISHING” & VoIP (INTERNET PHONES “VISHING”) Vishing, (Voice phISHING) also called "VoIP phishing for the Internet phones," is the voice counterpart to phishing. Instead of being directed by e-mail to a Web site, an e-mail message asks the user to make a telephone call. The call triggers a voice response system that asks for the user's card number or other personal or financial information. The initial bait can also be a telephone call with a recording that instructs the user to phone an 800 number or another area code within or outside of the United States. In either case, because people are used to entering card numbers over the phone, this technique can be effective. Voice over IP (VoIP) is used for vishing because caller IDs can be spoofed and the entire operation can be brought up and taken down in a short time, compared to a land line telephone.

TEXT MESSAGE “SMISHING” - Smishing (SMS phISHING) is the mobile phone counterpart to phishing. Instead of being directed by e-mail to a Web site, a text message is sent to the user's cell phone or other mobile device with some ploy to click on a link. The link causes a Trojan to be installed in the cell phone or other mobile device.

New! Mail LETTER “PHISHING” - This new scam occurs where the phisher is creating a letter and sending it through the mail to individuals to respond to the letter by calling a phone number. The phisher outlines in the letter that the individual must respond for their own protection. This scam is used in conjunction with other channels to steal valuable personal and financial information of the individual receiving the letter.

Loss Prevention Recommendations:

• Report suspicious Internet sites and emails to the government and for additional protection tips visit www.ic3.gov or the Federal government’s consumer information center at www.consumer.gov/Tech.htm
• A good resource is Anti-Phishing Working Group at http://www.antiphishing.org/index.html.
• If you have been victimized by a spoofed e-mail or web site, you should contact your local law enforcement, US Postal Inspector, or FBI.

For the latest facts and statistics about identity theft, visit idtheftcenter.org.

If you have been the victim of identity theft, contact:
Federal Trade Commission:
FTC, Consumer Response Center
600 Pennsylvania Avenue
NW, Washington D.C., 20580
1-877-382-4357

Visit the FTC (Federal Trade Commission) website, www.onguardonline.gov. You can find detailed guidance on how to monitor your credit history, use effective passwords, and recover from identity theft.

Fraud Units at the three principal credit reporting agencies:
Equifax
1-800 525-6285
P O Box 740250
Atlanta, GA 30374-0250

Experian (formerly TRW)
1-888-397-3742
P O Box 1017
Allen, TX 75013

Trans Union
1-800-680-7289
P.O. Box 6790
Fullerton, CA 92634

Contact the major check verification companies if checks were stolen or bank accounts were set up by an identity theft:
a. ChexSystems 1-800-428-9623
b. TeleCheck 1-800-710-9898
c. SCAN 1-800-262-7771

Steps you can take to Avoid Being a Victim:

• ONLY use your card PIN for ATM and POS transactions.
• NEVER respond to any email that directs you to update your personal information by dialing a telephone number or utilizing a website. ONLY use the customer service number on the back of your card. REMEMBER, the credit union will NEVER ask you to send your personal information via email or telephone! You should never provide your personal information or any PIN numbers or codes in response to an unsolicited phone call, fax, letter or email.
• Please report any phishing emails with suspicious phone numbers to your local federal law enforcement agency. Most agencies now have specific cyber threat units that are well-versed in investigating these claims.
• Never click on the link provided in an e-mail you believe is fraudulent.
• Do not open an attachment to an unsolicited e-mail unless you have verified the source.
• Do not be intimidated by an e-mail or caller who suggest dire consequences if you do not immediately provide or verify information.
• If you believe the contact is legitimate, go to the company's website by typing in the site address directly or using a page you have previously book marked, instead of a link provided in the e-mail.
• Click Here for information to help you avoid internet scams.

CUNA Alert: Irregular Check Card Activity Phishing Notice
The email message was received by several credit union members. This is a phishing email, with a phone call response requested.
When you call the number, it asks for your card number, your PIN number, and the expiration date of the card. DO NOT RESPOND to this email as it is a hoax.

If you have been victimized by a spoofed e-mail or website, please call the credit union right away at 858-547-7400.

NAFCU Phishing E-mail
There is an e-mail that is being sent out with the subject line, "NAFCU Notice - Security Measures" asking credit union account holders to verfiy account information. DO NOT click on the link to "log in" to your account, this is a fraudulent email.

New Phishing Method: Customer Survey Phishing Scam
The latest phishing scam involves an online survey. The scam e-mail you may receive starts with: "The Online department kindly asks you to take part in our quick and easy 5 question survey. In return we will credit $50.00 to your account - Just for your time!" The e-mail goes on to describe how it only takes two minutes, your answers will help them. It is well done and looks authentic. Of course, this fraudulent email doesn't really take you to the credit union or bank website. The web page itself and the initial questions they ask look quite authentic.

The catch, of course, is that they say that in order to credit your $50 reward, they need your credit union or bank User ID and password, as well as your credit card number, expiration date, three digit security number, Social Security number, ATM PIN Number, zip code, mother's maiden name and email address. The ploy of using a $50 reward for a customer service survey can be an effective phishing lure. DO NOT PROVIDE your personal information without checking the source of the request.

If you have been victimized by a spoofed e-mail or website, please call the credit union right away at 858-547-7400. REMEMBER, the credit union will NEVER ask you to send your personal information via email or telephone!



Here is how to protect yourself from future Phishing Scams:
Never respond to an unsolicited email that asks for personal financial information. If you think this may be a legitimate message, call the credit union right away to verify them as the sender. Report suspicious emails to the Internet Crime Complaint Center at www.ic3.gov. This is a partnership between the FBI and the National White Collar Crime Center.

Look for the VeriSign™ logo. When you see this button, click on it and a screen will pop up with identity verification and assurance that the website is secure and encrypted.

If at any time you think you have been scammed, please contact the credit union immediately at 858-547-7400. Remember, the credit union will NEVER ask you to send your personal information via email. You should never provide your personal information in response to an unsolicited phone call, fax, letter or email.