Courtesy Notice Regarding Equifax Data Breach
As a courtesy to our members, we are providing a briefing on the Equifax Inc. breach and suggestions for increased peace of mind.
On September 7, 2017, Equifax Inc. announced that hackers had breached some of their systems through a website vulnerability, and data had been compromised on roughly 143 million customer records. Equifax indicates the records included Social Security numbers, birth dates, address and driver's license numbers. The unauthorized access occurred from mid-May through July 2017, based on Equifax's investigation. Further information indicates that a smaller number of credit card numbers and dispute documents were also accessed (i.e. fewer than 500,000 combined), which contained personally identifiable information (PII). Those consumers will receive direct mail notices. The investigation is largely complete, yet not concluded. As we learn more information, we'll share it through our website.
In response to the breach, Equifax Inc. has established a website at www.equifaxsecurity2017.com to assist consumers in learning whether their records were accessed and enroll to receive a free, one-year subscription with TrustID Premier, an identity protection company owned and operated by Equifax.
Subsequent reports have raised questions about the accuracy of the website tool, and the most current information indicates that any person with a credit history should take action as if they were affected.
Pima Federal's primary credit bureau relationship is with Experian, rather than Equifax Inc., yet as with most all financial institutions, bureau reporting includes Experian, Trans-Union and Equifax Inc.
Suggestions for increased peace of mind include:
• Use caution with your current security questions and information; update as needed.
• Use multi-factor authentication wherever possible.
• Regularly review your deposit and loan statement information, and check online banking transactions frequently for any unauthorized activity.
• Be aware if you stop receiving mail and/or timely statement information.
• Monitor your credit report regularly.
• Consider adding a lock or freeze on bureau information, along with a PIN. (Consult with the bureau agencies for guidance.)
Fraudulent Cashier's Checks are Resurfacing across the Country
Pima Federal Credit Union (PFCU) is continuing to warn consumers about a national scam targeting individuals selling items on Craigslist and individuals applying for jobs online (e.g. "secret shopper" job or babysitting jobs, or similar). The secret shopper scammers send primarily a 2-day or 3-day Priority letter through the United States Post Office, delivered to consumers across the country. In the envelope, consumers are receiving fraudulent cashier's checks (blue, usually marbled in appearance, though variations are also circulating), allegedly from Pima Federal Credit Union.
The fraudulent cashier's checks are for amounts generally between $180 and $22,000, and commonly are between $1,750 and $4,000, (e.g. $1,980 is a very frequently used amount) and come with instructions either by a letter or by text to send excess funds to prescribed individuals at designated address(es) across the country (e.g. New York, California are common).
The Craigslist scam involves texting to confirm the "payment" was received, and instructions on wiring the excess funds back. Several other scams involve babysitting or housekeeping services, with texting as the primary communication. Payment is made with a fraudulent cashier's check.
If the consumer follows the instructions, they become victims when the fraudulent cashier's checks are returned as "altered / fictitious."
Consumers can protect themselves by asking their financial institution to place an extended hold on the check (i.e. doubtful collectability), and/or contact our Contact Center at (520) 887-5010 to verify whether the check is fraudulent.
We may also ask you to provide details to Pima Federal's e-Services group to assist in the investigation.
If so, please make a photo copy of the check, the instructions, and envelope as you may be asked to scan and forward this information to Pima Federal. In some cases, we may request the original documents. Pima Federal works very closely with law enforcement.
Pima Federal Credit Union remains diligent in protecting potential victims of this scam.
Staying Safe and Secure with Your Mobile Device
We love that our members are using mobile banking features more and more, where taking care of financial needs are often only a few steps, clicks and swipes away! In order to keep your account information safe, here are a few mobile device security tips:
• Password protect your mobile device and set your device to auto lock.
• When not in use, store your mobile device in a secure location.
• Be cautious when using unsecured, public Wi-Fi.
• Keep your mobile operating system and mobile software up-to-date to ensure the highest level of security.
• Install a security app on your mobile device.
• Avoid storing passwords and other sensitive information on your mobile device where it could be discovered if lost or stolen.
• If you lose your mobile device, immediately contact your carrier to block or suspend your device.
DocuSign Data Breach - Information for our Members' Peace of Mind
On May 17, 2017, DocuSign confirmed a data breach occurred at one of their computer systems. The data stolen was isolated to DocuSign established account customers and their user email addresses. According to DocuSign, the breach did not extend to individuals who were simply providing electronic signatures. Unless you had a DocuSign account established as a customer of DocuSign directly, your data was not compromised by a document you signed at Pima Federal. If you would like more information, DocuSign has a Trust Center and provides information on personal safeguards by clicking: https://trust.docusign.com/en-us/personal-safeguards/
Your safety and security are top of mind at Pima Federal.
Top Priorities for 2017
At Pima Federal, keeping our members and member assets safe is one of our highest priorities in this ever-increasing digital age. Security is top of mind, and fraud is on the rise internationally. That said, we want to ensure our members have easy access to pertinent security information.
To protect against fraud and stay abreast of fraudulent schemes, the FBI has added a comprehensive section called "Scams and Safety," and you can easily access the information by clicking: https://www.fbi.gov/scams-and-safety.
One of our favorite security resources published by the FBI is the Fraud Alert Poster. You can view the document by clicking: https://www.fbi.gov/file-repository/fraud_alert-2.pdf/view The document is a great way to quickly check the alerts we all need to protect ourselves from and stay safe.
We continue to see scams in the area of online dating, Craigslist classified ads, and online job opportunities that prove to be fraudulent. Please research before you transact, and use your intuition and best judgment to protect yourself and your family from predatory behaviors.
With tax season coming up, we want you to know that the Internal Revenue Service (IRS) has been targeted for fraudulent scams.
The IRS has recently issued a series of alerts regarding an increased surge in telephone, email and text scams demanding money or personal information from taxpayers. It is important to know that the IRS only utilizes the U.S. Postal Service mail to communicate with taxpayers. If you receive another form of communication stating that they are from the IRS, you are hearing from a scammer.
The scammers will state they are with the IRS and provide a fake identification number. The scammers can become very aggressive in demanding immediate payment to a prepaid debit card or for a wire transfer. They may threaten you with a lawsuit or being arrested if you do not submit an immediate payment. None of these actions will happen when you ignore the demands. Some of the most recent scams include demands for:
• Payment of taxes related to the Affordable Care Act
• Payment of taxes targeting students and parents for school related taxes
• Telephone calls to immigrants threatening deportation unless they immediately pay non-existent taxes
• Telephone calls indicating the person has your tax returns and need to verify information
• Phishing emails that appear to be official IRS letters asking to disclose information
With knowledge and a bit of savvy, you can successfully protect yourself and your assets.
If in doubt, Pima Federal's Risk Management Department is available for you by calling our Contact Center at (520) 887-5010 and asking to speak with a member of the Risk Management Team.
Hold the Funds Please!
Saving Our Members from Potential Losses
During 2016, our tellers were actively working to protect our members from fraudulent check losses. Our tellers, in conjunction with Risk Management, mitigated over $535,000 in potential losses for our members!
If you receive a check from an unknown source, please let our tellers work to ensure your safety; if in doubt, ask to place an extended hold on the check. This way, you will ensure your account stays safe and eliminate the risk of becoming overdrawn if the check is indeed returned on your account.
Thanks for being a great member of Pima Federal Credit Union!
March 29, 2016 - FRAUD ALERT
Pima Federal is continuing to warn members and consumers across the country of a fraudulent scam, known as the "overpayment scam." Consumers have been contacted primarily by text, e-mail or LinkedIn for secret shopper, mystery shopper or service checker type positions. The scam involves wiring money (e.g. MoneyGram) to named individuals while evaluating the wiring service experience. Consumers receive a 2-day priority envelope containing instructions, along with a counterfeit, fraudulent Pima Federal Cashier's Check with the forged signature of our CEO. The instructions tell the consumer to take $300 as payment out of the check amount for performing the evaluation. This scam is circulating across the country.
In a similar type overpayment scam, some consumers have been contacted by having an item for sale on Craigslist. The fraudsters send a large fraudulent cashier's check (hence the term overpayment scam), and ask for a portion of the amount returned to them, after allegedly paying for the item.
The amounts of the counterfeit checks typically range from $1,240 to $3,890, though some have been higher or lower. They are almost always divisible by 20. The check series is generally in the 750000 range, though not exclusively.
If you have received a 2-day priority envelope package, please do not automatically cash the counterfeit checks. Some consumers have had their bank accounts closed for presenting the counterfeit checks.
What to do if you receive one? Please contact Pima Federal E-Services immediately if you suspect fraudulent activity at 520-887-5010. If possible, please make a photo copy of the check, the envelope and the letter (or any other communication), as you will be asked to provide the information to assist in the national investigation. We appreciate receiving the original documents if possible.
As always, we continue to stand ready to assist you.
January 9, 2016 - FRAUD ALERT
Pima Federal members should be aware of an ongoing investigation of a Pima Federal Cashiers' Check Scam. Consumers have reported receiving fraudulent PFCU checks in the mail via 2 Day Priority mail. The checks that have surfaced so far contain check serial numbers starting with 750xxx or 751xxx, with amounts varying (e.g. $1,994, $2,742, $2,892), and contain the forged signature of our CEO, Eric Renaud. The Pima County Sheriff's Department has opened an investigation. These appear to be actual cashier's checks, but are indeed fradulent.
What to do? Contact Pima Federal E-Services immediatley if you suspect fraudulent activity at 520-887-5010. If possible, please make a photo copy of the check and envelope as you may be asked to forward this information to Pima Federal.
We stand ready to assist you.
Together We Are Better
Trends in Fraud and Recent Scams (September 11, 2015)
In the past few months there has been a significant rise in fraudulent and fictitious items being presented to our members. It's alarming and we want to ensure our members are informed.
A number of recent cases have involved internet dating in particular, where an individual(s) attempts to gain the member's trust, and then asks for a "favor" by conducting a financial transaction for them. Once an account number is provided, the scam begins, and multiple requests usually follow. The common thread is the moving of money through the account.
In other cases, members have received e-mails for mystery-shopper type programs, or used online classified advertising services and in some cases, checks have arrived by mail somewhat out of the blue.
The common thread for these transactions is that members are presented with checks or deposits into their account, and are then provided "directions" to move the money elsewhere, sometimes in cash to another financial institution, or wire the monies overseas. The amount of the check is often in the thousands of dollars and usually between $2,500 and $5,000, or more.
In other rare cases, fraudulent federal tax refunds are placed in member accounts, and the member is asked to withdraw the money in cash and provide it to another financial institution, or wire the monies overseas.
In nearly all cases, the original funds are not legitimate. The check ends up as a returned item on the member's account, and/ or the automated deposit turns out to be ill-gotten funds, and our members are left with potential losses and potential legal issues with the authorities as a result.
We can help protect our members by bringing awareness in a number of ways. First, the old adage is true: if it sounds too good to be true, it probably is. Use common sense and intuition to protect yourself and the cooperative. A little bit of research can go a long way, including:
- If an unknown check is received, calling the bank or credit union in which the check is drawn upon may provide valuable insight into whether the account is valid, whether there is a stop payment or other pertinent information to make a decision about whether to deposit the check.
- If the check is deposited, asking for an EXTENDED hold protects against spending money that may end up returned (overdrawing the member's account).
- We recommend that you consider calling the payor to determine if the check is legitimate.
A little bit of research goes a long way in protecting against a loss and any legal issue(s) that might arise from your acceptance of the monies.
The Risk Management and the Retail Support and Development Teams are available to help you if you encounter situations where you believe you are placed under undue risk, and may feel uncomfortable talking about it with others. Local authorities (police, sheriff) are available to assist you as well. We are here to help. Together we are better. Together we are stronger.
(May 1, 2015)
For your security, please note that we recommend using the pimafederal.org and the pimafcu.org domain websites to conduct Pima Federal Credit Union business and transactions.
We continue to remain diligent with providing our membership updates to protect against potential fraud, computer viruses and phishing scams.
ALEXANDRIA, Va. (March 17, 2015)
The National Credit Union Administration has received reports of an online phishing scam that uses a website with a logo and a design similar to the agency’s own site in an attempt to convince unwary customers to provide information or send money.
Consumers have received emails from the National Credit Union website, which apparently originates in Australia and claims to offer services in the United States, Europe and the Commonwealth of Independent States. This website is not affiliated in any way with the National Credit Union Administration, a federal agency, and the emails are not from NCUA.
Consumers receiving such emails should call NCUA’s Fraud Hotline toll-free at 800-827-9650 or 703-518-6550 in the Washington, D.C., area. Consumers should also contact the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center. NCUA also offers information about avoiding frauds and scams on its MyCreditUnion.gov website.
Source: National Credit Union Administration Website: http://www.ncua.gov/News/Pages/NW20150317PhishingScam.aspx
CUNA tips can help CU members in wake of Anthem Breach
Source: Cuna News Now 02/10/2015
The breach to befall Indianapolis-based Anthem Inc., the second largest health insurer in the United States, may be one of the most harmful yet.
Anthem announced last week that hackers had infiltrated its servers and nabbed names, addresses, Social Security numbers, birthdays, emails and employment information of up to 80 million current and former customers ( The New York Times Feb. 6).
While the hackers were unable to obtain medical record data, experts say the cybercriminals can still easily commit medical identity theft and fraud.
Given the size of the breach, credit union members and consumers may be wondering what steps they can take to protect themselves if they're an Anthem customer.
Michelle Dosher, CUNA market research and consumer education managing editor, said customers should be on the lookout for scammers mimicking emails purportedly sent from Anthem asking for personal information.
"If you receive an email from a company regarding a security breach, don't automatically open it," Dosher told News Now . "First, go to the company's website or call to make sure the information online matches the email you received."
Or, if you've already opened the email, Dosher said make sure not to click any links until the information has been verified with the company online or by phone. Emails from fake Anthem accounts have already been sent by scammers to consumers, according to The New York Times.
To protect against medical fraud, consumers also could consider making copies of their own medical files so they have accurate versions of their histories before hackers have the opportunity to make any changes, according to Pam Dixon, World Privacy Forum executive director ( The New York Times ).
If you have a smartphone it is important to view your device as a mini computer (after all, that’s what it is). We recommend protecting your device with a password. Use caution when downloading apps and be sure you are researching them before you download. Also, do not send text messages that contain personal information. This will help protect you, should your device become lost or stolen.
The danger with using public WiFi to work remotely or login to your online banking account is that it can also give hackers a green light to spy on you and take note of sensitive information including passwords. Consider this scenario: A hacker creates a hotspot named Hotel WiFi in a hotel lobby using a USB antenna and laptop. You connect to it and log into your email or other account. Counting on you to do this, the hacker creates this fake network, which is masquerading as a legitimate one. A type of rogue WiFi network is an evil twin, which is designed to look official. But when people login, hackers steal your passwords and other sensitive information. They can also use these networks to trick you into downloading malware.Back to Top