Many people have been tricked into divulging their personal information by thieves posing as legitimate companies or government agencies. This new brand of criminal sends emails or letters that appear to be from your Credit Union or other trusted sources, such as the National Credit Union Administration. The emails often stress the urgency of "updating" your personal information such as credit card numbers, checking account information, Social Security numbers, passwords, PINs, mother's maiden name and other sensitive information. The emails often link to fraudulent websites for collecting the information. The messages and web sites are often disguised with authentic looking logos or familiar graphics. Because the technology is so sophisticated, many consumers have no idea they've been victimized until it's too late. The thieves then create entirely new identities using your personal information—leaving you to pay the price.
BrightStar Credit Union will never send you an email (or a letter, or call you) asking you for your personal account information. The only place online where we ask for this information is on our web site, www.bscu.org—where you can login safely to your accounts. So if you get a message "phishing" for your Credit Union account information—don't bite. Instead, call the Credit Union to help protect yourself.
How to Protect Yourself:
While phishing scams are becoming more prevalent all the time, there are steps you can take to avoid being victimized:
- Any email with urgent requests for personal financial information should be a red flag. Many emails from phishers include language to get you to react immediately. Never enter your personal financial information into an online form, a pop-up window on your computer or into an unsolicited email—no matter how official it looks—unless you know for sure that it is authentic.
- Don't use the links in an email to get to any web page if you suspect the message might not be authentic. Instead, call the Credit Union (or other company) on the phone, or log onto the website directly by typing in the Credit Union's web address in your browser.
- Do not fill out forms in email messages. Only communicate information such as credit card numbers or account information via a secure website or the telephone—and only when you initiate the contact. Look for the lock icon on the browser's status bar and look for the URL to read "https" vs. "http".
- Regularly check your checking, credit card and other financial statements to ensure that all transactions are legitimate. If anything is suspicious, contact the Credit Union.
- Ensure that your web browser is up-to-date and timely security patches are applied. We also recommend that you install and update firewall, anti-virus and anti-spyware software on your computer. Change your passwords regularly and check all of your online accounts for suspicious activity.
If you have shared your personal information with a thief, there are steps you can take to minimize the damage.
- If you have shared your credit card, debit/ATM card, or checking account information, contact the Credit Union immediately. Even if there has been no activity yet, you may need to cancel the account and open a new one.
- If thieves have accessed your personal information such as your name, Social Security number, credit card numbers etc., report the theft to the 3 major credit bureaus and place a fraud alert on your file. In addition, notify your Credit Union, the local police and the Social Security Administration.
For more information about protecting yourself from phishing and other forms of internet fraud or identity theft, visit the following web sites: