"Phishing" is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user IDs and passwords.

A fake website is created resembling that of a legitimate organization, typically a financial institution such as a credit union, bank or insurance company. An email is sent requesting that the recipient access the fake website (which will usually be a replica of a trusted site) and enter their personal details, including security access codes.The page looks genuine, because it is easy to fake a valid web site. Any HTML page on the web can be modified to suit a phishing scheme.

Phishing e-mails are often sent to large lists of people, expecting that some percentage of the recipients will actually have an account with the real organization. The term comes from "fishing," where bait is used to catch a fish. In phishing, e-mail is the bait. An example of a Vishing scam is when a consumer receives a recorded message telling them that their credit card and/or financial institution account has been breached and to immediately call a number provided in the recorded message. The phone number provided in the message leads the consumer to a "fraudulent call center" established by the perpetrator of the fraud. The perpetrator then attempts to obtain confidential account information and login credentials in order to access the account. A twist on this scam is when the recorded message provides the address of a fraudulent website for the consumer to access (instead of a telephone number) and to provide certain information to reinstate the supposedly affected account(s).

Vishing is very hard for authorities to monitor or trace. To protect themselves, consumers are advised to be highly suspicious when receiving messages (telephone, email, or otherwise) directing them to call and provide personal, confidential, and/or account related information. Rather than provide any information, the consumer should contact their financial institution or credit card company directly to verify the validity of the message using contact information they already have in their possession (i.e. do not use contact information provided in the suspicious message). "Identity Theft" is the act of obtaining a person's critical information, such as birth date, Social Security number, address, name and bank account information, for fraudulent purposes. Most commonly, Identity Theft is used to conduct charges and purchases under the victim's identity. Deter identity thieves by safeguarding your information.

• Shred financial documents and paperwork with personal information before discarding them.
• Protect your Social Security number. Don't carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary or ask to use another identifier.
• Don't give out personal information on the phone, through mail, or over the Internet unless you know who you are dealing with.
• Never click on links sent in unsolicited emails; instead, type in a web address you know. Use firewalls, anti-spyware, and anti-virus software to protect your home computer; keep them up-to-date. Visit OnGuardOnline.gov for more information.
• Don't use an obvious password like your birth date, your mother's maiden name, or the last four digits of your Social Security number.
• Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house.

Detect suspicious activity by routinely monitoring your financial accounts and billing statements. Be alert to signs that require immediate attention:

• Bills that do not arrive as expected
• Unexpected credit cards or account statements
• Denials of credit for no apparent reason
• Calls or letters about purchases you did not make

Credit reports contain information about you, including what accounts you have and your bill paying history.

The law requires the major nationwide consumer reporting companies - Equifax, Experian, and TransUnion - to give you a free copy of your credit report each year if you ask for it.

Visit AnnualCreditReport.com or call 1-877-322-8228, a service created by these three companies, to order your free credit reports each year.
You can also write:
Annual Credit Report Request Service
P.O. Box 105281
Atlanta, GA 30348-5281 Review financial accounts and billing statements regularly, looking for charges you did not make. Defend against identity theft as soon as you suspect it.

• Place a "Fraud Alert" on your credit reports, and review the reports carefully.
  The alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing accounts. The three nationwide consumer reporting companies have toll-free numbers for placing an initial 90-day fraud alert; a call to one company is sufficient:
  
  Equifax: 1-800-525-6285 - equifax.com.
  Experian: 1-888-EXPERIAN (397-3742) - experian.com.
  TransUnion: 1-800-680-7289 - transunion.com.
  
  Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven't contacted, accounts you didn't open, and debts on your accounts that you can't explain.

• Close accounts. Close any accounts that have been tampered with or established fraudulently.
  
  Call the security or fraud departments of each company where an account was opened or changed without your consent. Follow up in writing, with copies of supporting documents.
  
  Use the ID Theft Affidavit at ftc.gov/idtheft to support your written statement.
  
  Ask for verification that the disputed account has been closed and the fraudulent debts discharged.
  
  Keep copies of documents and records of your conversations about the theft.

• File a police report. File a report with law enforcement officials to help you with creditors who may want proof of the crime.

• Report the theft to the Federal Trade Commission. Your report helps law enforcement officials across the country in their investigations.
  
  Online: ftc.gov/idtheft
  By Phone: 1-877-ID-THEFT (438-4338)
  By mail: Identity Theft Clearinghouse
  Federal Trade Commission, Washington, DC 20580

Skilled identity thieves use a variety of methods to steal your personal information, including:

1. Dumpster Diving. They rummage through trash looking for bills or other paper with your personal information on it.

2. Skimming. They steal credit/debit card numbers by using a special storage device when processing your card.

3. Phishing. They pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information.

4. Changing Your Address. They divert your billing statements to another location by completing a "change of address" form.

5. Old-Fashioned Stealing. They steal wallets and purses; mail, including bank and credit card statements; pre-approved credit offers; and new checks or tax information. They steal personnel records from their employers, or bribe employees who have access. Recently, there have been multiple e-mail fraud attempts, known as "Phishing", that were initiated via e-mail sent to both the general public and to some credit union members that appeared to be from NCUA. This false e-mail asked for the recipient to click on a link to verify their credit union account registration. If the recipient proceeded to do so, the link directed them to a false website and asked for their credit union account number and PIN, along with other personal information.

NCUA does not ask credit unions members for such personal information. Anyone who receives an e-mail that purports to be from NCUA and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.

If you responded to such an e-mail and provided any confidential account information, please notify your credit union immediately of the scheme. You should also change your account’s PIN, and take any additional action recommended by your credit union to protect your account.

If you feel that you have received a fraudulent phishing e-mail purportedly from NCUA please forward the entire e-mail message to Phishing@ncua.gov.

Additionally, you can file formal complaints concerning any suspected fraudulent e-mail with the Internet Fraud Complaint Center (IFCC) at www.ic3.gov. The IFCC is a partnership between the Federal Bureau of Investigation, and the National White Collar Crime Center.

South Florida Federal Credit Union does not ask our members for personal information. Anyone who receives an e-mail that purports to be from SFFCU and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.

If you responded to such an e-mail and provided any confidential account information, please notify us immediately at 305.545.0744. You should also change your account’s PIN. If you feel that you have received a fraudulent phishing e-mail purportedly from SFFCU please forward the entire e-mail message to info@southfloridafcu.com.