Does the thought of making your way through crowded malls and shopping at 20 different stores only to wait in long check-out lines have you feeling like the Grinch? Shopping online during the holiday season can save time and minimize stress, but know a few simple rules before you dive into the world of online purchasing.

1. Only buy from familiar companies. Confirm the seller’s contact information in case you have questions or problems in the future. Know exactly what you’re buying. Carefully read the product description. Remember--if it seems too good to be true, it probably is.

2. Protect your privacy. Read and understand the company’s online privacy policy and keep any personal information, passwords, or PINs (personal identification numbers) private. Look for these signals indicating that you have entered a secure Web page:
* A screen notice that says you’re visiting a secure site
* A closed lock or unbroken key in the bottom corner of your screen
* The first letters of the Internet address you are viewing change from "http" to "https"

3. Pay safely. After you review all terms of the sale, such as cost for shipping, delivery date, and return policy, you are ready to buy. Credit or charge card payments offer consumers the most protection--do not send cash, check, money order, or cashier’s check. Finally, print all transaction records and any other useful information pertaining to your purchase.

Although online shopping allows you to virtually load your sleigh with just a few mouse clicks, practice safe browsing this holiday season.

Source: Federal Citizen Information Center
Copyright 2004 Credit Union National Association Inc. Information subject to change without notice. For use with members of a single credit union. All other rights reserved.

Back to Top

Websense, Inc. announced that its security research team has discovered suspicious online scams designed by criminals to steal money from those donating to the California fire effort. 

"Unfortunately, as we saw with Katrina and several other recent emergencies, there are criminals who attempt to divert monies intended for the victims by creating bogus online donation Web sites and advertising them on high-traffic Web sites," said Dan Hubbard, vice president of security research, Websense. "These criminals are trying to take advantage of the amazing outpouring of support locally, state-wide and internationally.

Tips when donating online:

• Ensure you are dealing with legitimate organizations.
• Contact these organizations on your own.
  • Go to their Web site rather than clicking on a link in an email sent to you.
• Remember that legitimate organizations will not aggressively approach people for money and donations.
• Be mindful of groups reporting to be affiliated with legitimate organizations asking for donations or requesting you to visit their Web site.
  • They may be fraudulent or hosting malicious code designed to steal personal financial information.
• Be wary of online auctions that claim to support the donation effort.
• Report suspicious Internet sites and emails to the government and for additional protection tips visit the Internet Crime Complaint Center at www.ic3.gov or the Federal government's consumer information center at www.consumer.gov/Tech.htm.

Back to Top

PrimeSource Credit Union has been advised of a new identity theft operation known as the "Jury Duty Scam."  This scam involves a fraudster who poses as a local official and contact victims over the phone.  The fraudster informs the victim that they have failed to report for jury duty and a warrant has been issued for their arrest.  The fraudster will then ask for personal information such as bank account information, social security number, date of birth, etc. to pay the alleged fines.  Please be advised that you should never provide any personal information over the phone.  Legitimate businesses or government agencies would not ask for this kind of information over the phone.

Back to Top

PrimeSource Credit Union has been notified of a fraudulent email circulating to the general public requesting personal member information by visiting a specific website and taking part in a survey for $50.00.  It contains the CU Swirl Logo and the CUSC Network; providing much of the "look and feel" of the organizations. This is not a valid request for information from CUSC or CU Service Centers.  Members should never send sensitive information such as passwords, credit card numbers, social security numbers, secret words, or PINs in an email or submit it through a website.  In addition, members should never click directly on links in an email that requests sensitive information, even if they recognize and trust the address. These links can redirect you to a fake -- though very real looking -- website. 

Back to Top

PrimeSource Credit Union has been notified of a fraudulent email that was recently distributed to cardholders who participate in Verified by Visa, an online card protection service.  The email claimed to have come from Visa and stated that the cardholder was automatically enrolled in Verified by Visa.  It also stated that the cardholder's Visa card may be temporarily disabled if they failed to update their Visa card. This email was a phishing scam and did not come from Visa.  Visa will never ask cardholder to divulge information or passwords via email.  Should you receive any questionable e-mails, please do not reply to them and do not contact the website referenced in the email.  You may report the email to Visa by sending an email to phishing@visa.com.

Back to Top

TJX Companies, owner of TJ Maxx, Marshalls, HomeSense, Winners, HomeGoods, AJ Wright, TK Maxx, and Bob's Stores reported a breach in credit card security.  The company suffered an unauthorized intrusion into their computer systems that process and store information related to customer transactions, including debit card, check and merchandise return information. TJX businesses in the U.S., Canada, the United Kingdom, and Ireland were affected. 

To learn more, visit www.tjmaxx.com. 

Back to Top

Card Services For Credit Unions (CSCU) services all PrimeSource debit and credit cards. It has come to our attention that bogus e-mails have been sent out mimicking CSCU and asking members to take a look at a survey. When members click on the link in the e-mail it takes the member to a site that looks like the CSCU website and asks for personal account information, as well as plastic card information. Be assured that CSCU does not communicate with cardholders directly. Disregard any e-mails asking for personal identifying information. Please be aware.

Back to Top

Vishing is once again targeting Credit Union members across the nation, but with a new twist. Vishing is a term used to describe stealing information by using a combination of the phone and e-mail, or "voice phishing". Currently, there are two methods that scammers are using; the online version and cold calling. In the online version the scammer sends a blast e-mail disguised to appear as though its from your credit union, bank, online payment service or other well-known business with a logo that appears to be legitimate. The e-mail usually reports a "security" issue with the recipients account and alerts the member to call a telephone number to "straighten things out." When the member calls the phone number they are then prompted to reveal their account number along with other private information.  With the cold calling version, scammers will use automated dialing services to cold call members by using a prerecorded message or live person stating that the members account has been compromised, and their information needs to be updated or verified. The member is then prompted to verify their account, card or personal information.  This scam is even more insidious because, often, the members caller ID device may list what appears to be a legitimate local phone number used to inspire trust from the recipient.

In some ways, vishing can be more dangerous than phishing scams because consumers are used to entering private information into automated phone systems. So, its easy to imagine that a lot of people may wind up victims of identity theft and suffer financial losses from these types of scams.

Steps that you can take to reduce you chance of being victimized:
Do not call a number provided in a phone call or an e-mail. Call the number on the back of your credit card or on a bank statement, or confirm their officially listed phone number on their website. Please hang up and call the phone number on the back of the card or on the account statement if you get anyone calling and stating that they are with a financial institution requesting your card number, and personal or account information. If the call was legitimate, the financial institution or card processor will have knowledge of it.   And remember, PrimeSource will never request you to update your account or personal information over the telephone. If you have been victimized, contact PrimeSource Credit Union immediately at 1-800-660-0444 or 509-838-6157.

Back to Top

Just as Internet surfers have gotten wise to the fine art of phishing, along comes a new scam utilizing a new technology. Creative thieves are now switching their efforts to "vishing," which uses phones instead of a misdirected Web link to steal user information. It's fairly simple to get a phone number anonymously. That makes it easier for scammers to carry out these vishing scams.

The criminal element has shifted from asking people to click on links to placing a phone call instead. Only the number isn't to a bank or credit card, it's to a phone that can recognize telephone keystrokes. The thieves don't even use an e-mail blast, they use computers to randomly call numbers and blanket an area. A recorded message tells the person receiving the call that their credit card has been breached and to "call the following (regional) phone number immediately."  When the user calls the number, another message is played stating "this is (Institution Name) account verification, please enter your 16 digit account number." The rest is academic.

In some ways, vishing may be even more dangerous than phishing scams, because consumers are used to entering private information into automated phone systems. So, it's easy to imagine that a LOT of people are going to wind up victims of identity theft and suffer financial losses from these vishing scams.

Back to Top 

8.10.06 | PrimeSource Phone Scam

Beware of anyone calling your home and asking for your account number. Be assured, we will NEVER call you and ask you for your account number. If you call us we may ask you questions to identify you, but we do not initiate calls requiring you to give us any of your private information. If you receive such a call, please notify us immediately at 509-838-6157 or 800-660-0444. 

Back to Top