What is identity theft?
Identity theft is a crime where the perpetrator obtains the personal or financial information of another person for the purpose economic gain. Identity theft is committed in many different ways and the information can be obtained by human or technological means.
Human collection of personal information can be done by:
Dumpster Diving – collecting usable information from your trash (bank statements, credit card bills, etc.).
Mail Theft – stealing your mail can provide the same information as dumpster diving but it also affords the opportunity to submit a change of address on your accounts.
Pretexting – deceiving individuals into surrendering personal information for fraudulent purposes. The criminal usually has some information that makes them look like a legitimate business and then tries to get you to divulge more information, such as account numbers.
Shoulder Surfing – getting password or PIN information by standing in close proximity while you use your card and recording the information.
Stealing Personal Items – stealing wallets or purses isn’t just for cash anymore. It provides the thief with lots of information like credit and debit cards, driver’s license, bank account information.
Technological collection of information can be done by:
Skimming – using a card reader to record the information from the magnetic strip on the back of the card. The device can be hand held or attached to an ATM or gas pump. The information is used to create a fake card.
Man-In-The-Middle Attack – intercepting communication between two parties and recording the information without the knowledge of either party via mirroring a legitimate website
Phishing – sending out legitimate-looking e-mails, appearing to come from some of the Web's most popular sites, in an effort to obtain personal and financial information from individual recipients.
Vishing – phishing over the phone using a recorded message often saying it is your financial institutions and please enter your account number or social security number.
SMiShing – vishing via text message.
Pharming – similar to phishing and relies upon the same bogus websites and theft of confidential information. However, where phishing must entice a user to the website through ‘bait’ in the form of a phony email or link, pharming re-directs victims to the bogus site even if the victim has typed the correct web address. This is often applied to the websites of banks or e-commerce sites.
Search Engine Phishing – phishing through online website search engines. A fake website is so good it gets indexed by the search engine so when a search is conducted you are directed to the fake site.
Malware (Malicious Software) – installing harmful programs on a device to disable it or to gather information about the user. This includes viruses, worms, spyware and Trojan horses.
What can I do to protect my information?
- Immediately report any suspicious activity to your financial institution.
- Shred all sensitive information before putting it in the trash.
- Sign up for Home Banking and monitor your account. You can set up text/email alerts for specific activity as well.
- Keep your contact information current with your financial institution so they can contact you if there is any suspicious activity.
- Use e-Statements.
- Never give information to solicitors on the phone, human or recorded. Look at the caller id and ask for a call back number. Verify the business before returning the call.
- Never give personal information on a website unless you are sure of the validity of the website. Check the URL before entering information.
- Never give personal information via text message. If it is a text to verify a transaction it will be a yes or no answer.
- Never click on an email attachment if you do not know the sender.
- Be aware of your surroundings when using your debit or credit card.
- Look for any suspicious devices on card readers at ATMs or gas pumps or people crowding you in a checkout line. Go to a cash register to pay instead of giving your card to a server. If you give your card to the server, watch them complete the transaction.
- Don’t carry any unnecessary information in your wallet or purse (Social Security card, credit cards, checks, etc.).
- Make sure any online purchase is on a secure site. Look for a green locked padlock in the address bar. Do not proceed if you do not see the padlock.
- Enter the URL address instead of using the search engine.
- Never click on a pop-up box while surfing the Internet.
- Use anti-virus software and keep it up to date.
- Obtain your free annual credit report from each of the three national reporting agencies and look for discrepancies. Spread them out over the year instead of getting them all at once.
How does MeCU safeguard my account?
- We do not share your information for marketing purposes.
- Travel alerts are required on debit and credit cards. You must contact us if you plan on using your card outside your normal area.
- Our debit and credit card processors will contact you if there is a suspicious transaction. Example: If you are in Missoula using your card and a charge is attempted somewhere else, our card processors will try to contact you via phone, text or email to verify the transaction. If they do not get a yes or no response, the card may be temporarily shut down.
- If your card is compromised in a breach, we will shut it down and reissue a card with a new number.
- You must be present to open an account and have valid picture ID with your current address.
- Address changes must be requested in writing.
- Statements are not forwarded through the mail.
- You may be asked to present ID if the staff member does not know you.