Branch lobbies are closed effective Friday, March 20. See the latest information about the COVID-19 outbreak. READ NOW.

×
Routing Number: 307070050
Search
Search Our Site
Type a word or phrase in the search field below. If you are unable to find the information you are looking for, please contact us.
Kirtland Federal Credit Union logo

Welcome To The Insighter!

Explore the latest happenings at Kirtland FCU and learn about important topics from around the financial world. Here’s your insight!
To learn about retirements, investments and financial planning, check out Invested now.

All Posts > Fraud

Fraud

Hey Siri, will they never stop inventing newer, trickier scams to steal our identities and information?
 
No, probably not. Because it works! We’ve written about check scams, ATM scams, grandparent scams, love scams, e-mail and text phishing, and more. And the more trust you have in the purported sender, the easier it is for a thief to victimize you. When you receive an e-mail from a company you’ve never heard of, you’re naturally skeptical. But, get a call or an e-mail from Apple on your iPhone alerting you that your Apple ID is compromised—that’s a different story.

Tim Cook, The CEO of Apple, announced early in 2019 that there were currently 1.4 billion active Apple devices. Each of those devices requires a unique Apple ID to access features such as the App Store, iTunes, and more. And even on non-Apple tech, an Apple ID may be required to use iTunes and other proprietary Apple apps and software. That’s a deep pool to fish in, and thieves are increasingly setting the bait by targeting the owners of the sleek Apple-emblazoned devices and apps. If you own one of these devices, you need to be aware of a popular phishing tactic in 2020—the Apple ID scam.

Apple has set the bar high when it comes to customer service and support, and the integrated nature of Apple products makes their owners feel as if they’re more than customers—they’re family, connected by common technology and language. So when a phone call comes through, “Apple, Inc.” on the caller ID screen, we pick up. And we listen to the voice telling us that our Apple ID has been compromised and to not use our device until we call this number. And we may even call back—many do! The “Apple Support” representative will ask the victim to confirm their Apple ID and password and may even request additional information or payment to release the ID. 

This scam really isn’t new, having been floating around for a few years in different forms. E-mail phishing (e-mails that are spoofed to appear as legitimate communication from a company) has been a popular tactic. But the phone calls, with a seemingly real phone number identification, are scary in their level of accuracy. The scammed calls appear to come from Apple , Inc., show the real support number and a real address. The screenshot below shows just how legitimate these calls can appear.


Source: Krebs On Security

So, fellow Apple owner, how can we keep ourselves safe? Here are some things to remember and look out for.

SUPPORT WON’T CONTACT YOU
The biggest sign that a call is fake? You didn’t request it. When was the last time a piece of tech wasn’t working right, you needed support, and THEY called YOU. It just doesn’t happen. If you have issues with your devices or logins, you have many options for reaching out to Apple yourself. You can absolutely log in to Apple Support and request a call, and that request will generate a case number. When the call comes, that case number will be provided at the very beginning of the call.

PASSWORDS ARE PRIVATE
No real support call will involve you turning over a password. Apple Support has no ability to set your passwords and has no reason for ever requesting that information in a phone call. If you’re on a call—especially if you didn’t initiate the call—and the person on the other end of that call requests a password, hang up immediately.
 
DON’T TRUST THE CALLER ID
It’s easy to spoof numbers to a high degree of accuracy. Pay attention to the call itself and the events leading up to it. If you didn’t request a call and had no other indication of a problem, the call is suspicious. Hang up and call Apple Support yourself. 

DON’T PAY TO PLAY
It’s a hallmark of a scam call or e-mail—the urgent request for money to resolve an issue. Any issue that Apple Support can help with will not require you to make a payment, transfer, purchase of gift cards, or any other monetary reimbursement over the phone. If a request doesn’t feel right, hang up and call back by dialing the official Apple Support number or utilizing chat services from official Apple websites.

Large, trusted companies aren’t immune from phishing attacks—quite the opposite! Be skeptical and if you’re in doubt, hang up the phone or delete the e-mail and reach out to the company yourself. 

 

Fraud

UPDATED, Originally posted on 1/31/2020

On January 30, 2020, a person misrepresenting himself as being affiliated with Kirtland Federal Credit Union visited a member who had recently refinanced his home with Kirtland FCU. This man went to the member’s home and attempted to sell the member mortgage insurance while purporting to have a business relationship with Kirtland FCU. 

If you’ve recently closed a loan with Kirtland FCU, here are a few things to keep in mind.
  • Liens against your home are public record. When you purchase or refinance your residence, that transaction is available as a matter of public record. Do not assume your address or situation is known only to you and your lender.
  • Kirtland FCU does NOT sell member information to third parties. Some lenders DO sell customer/member information to third parties, but this fact is required by law to be disclosed to you during the course of any loan or account opening. Kirtland FCU follows all local, state and federal regulations regarding the handling of your information. We do not sell your information to third parties.
  • Not sure of the person you’re talking to? If you were approached at your home by anyone claiming to be an employee of Kirtland FCU or affiliated with Kirtland FCU, that person is misrepresenting themselves. Whether a criminal attempting to perpetrate fraud or simply an unethical employee using dirty tactics to garner business, ask that person to leave. You can always call Kirtland FCU at 1-800-880-5328 to check the validity of any person who is claiming to be an employee of Kirtland FCU or with a company affiliated with the credit union.
It is possible for someone to obtain publicly available information and use that information to misrepresent himself/herself as being affiliated with the lender in order to gain business.

If you’re approached by anyone in a similar fashion, contact Kirtland FCU immediately. Do not sign any forms, turn over any money, or provide any other personal information to the individual - in case this more than just an over zealous employee.

Door-to-door scams are still out there. According the Federal Trade Commission, here are a few common scams from the to watch out for:

  • Home repair scams - Someone offers to do yard work or make repairs in or around your home. You want to save money and really need the work done so you give it a shot. He or she takes a cash payment from you upfront…and never returns.
  • Cable reconnect scams - Money’s been tight and your cable is off due to nonpayment. A flyer says you can get your cable reconnected for an unbelievably low price. You make an appointment, pay, and your cable may even reconnect — provided the scammers don’t skip off with your money first. But will your cable stay on? Probably not. And is this even legal? Absolutely not. Once the cable company catches on, you’re cable-less again, out of the money you paid, and you’re probably in trouble with the company and law enforcement to boot.
  • Utility cut-on scams - There’s a power outage. Someone claiming to be with your utility company offers to reconnect your service for, say, $50. You pay. You wait. Hours later you’re still in the dark and out of money. A scam artist has run off with your money.
Protect your money, property and personal safety by following a few tips:
  • Don’t let anyone come into your home unless you have a pre-scheduled appointment. You have the right to refuse to open your own door.
  • Don’t pay cash to anyone who comes to your home claiming to be with a utility company or other service provider.
  • Confirm any special offers with your service provider — using the number on your bill or their website. Also, be suspicious of a promotional flyer offering service from multiple providers. Competitors don’t typically advertise together.
  • If you’re struggling with your bill, most providers can make payment arrangements to restore your service legitimately.

If anyone promises a service, takes your money and doesn’t deliver, file a complaint with the FTC and your state consumer protection agency.

Stay safe out there.
 

 
Source: FTC.org

Security Fraud

Puerto Rico. California. Florida. Australia.

What do all these places have in common? They’ve all experienced a disaster or event that prompted an outpouring of donations and an influx of charity involvement in the recovery efforts. And there’s no question as to the willingness of people to give. In 2017, Hurricane Harvey became the second-costliest storm on record in the United States, causing an estimated $125 billion in damages. In the three months following the storm, at least $1.07 billion is estimated to have been donated to U.S. nonprofit organizations in response, according to a study by the Indiana University Lilly Family School of Philanthropy and the Center for Disaster Philanthropy. More than 30 percent of U.S. households made a disaster-related donation in 2017 through a variety of sources.


Image from U.S. Household Disaster Giving Report, Indiana University Lilly Family School of Philanthropy and the Center for Disaster Philanthropy. https://www.issuelab.org/resources/34757/34757.pdf

After a disaster, donations tend to explode. In fact, most donations are made in the first six weeks following a disaster and have all but tapered off six months later. The first few weeks after a disaster, especially one with high-profile news coverage, are prime season for fraudsters who capitalize on the disaster and peoples’ desire to make a difference by posing as a charity organization.

In August of 2019, as Hurricane Dorian approached the shores of Florida, the BBB Wise Giving Alliance and the Better Business Bureau offered advice on how to make the most of your donation in the face of a disaster and how to spot a fraudulent attempt to divert donations.



Hurricane Harvey relief workers hand out supplies. Photo courtesy of michelmond / Shutterstock.com

After a disaster, donations tend to explode. In fact, most donations are made in the first six weeks following a disaster and have all but tapered off six months later. The first few weeks after a disaster, especially one with high-profile news coverage, are prime season for fraudsters who capitalize on the disaster and peoples’ desire to make a difference by posing as a charity organization.

In August of 2019, as Hurricane Dorian approached the shores of Florida, the BBB Wise Giving Alliance and the Better Business Bureau offered advice on how to make the most of your donation in the face of a disaster and how to spot a fraudulent attempt to divert donations.

Give directly to reputable organizations
Well-established organizations are the most experienced in working with disaster relief and recovery. They often have strong local ties and will know how to work together with other agencies as well as governments.

Watch for look-alike charities
It’s not uncommon for organizations to pop up in an attempt to collect a portion of a massive volume of donations being made in the wake of a disaster. Many fraudulent organizations will create names that are similar to legitimate organizations. And even new, legitimate charities may be well-intentioned but not well-positioned to help immediately. Check with Give.org for a list of credible charities assisting with recovery efforts or with the IRS’ Tax-Exempt Organization Search to make sure you’re dealing with a legitimate organization.

Understand crowdfunding
The explosion of online crowdfunding—the collecting of money for a project or venture by raising many small amounts of money from a large number of people—has made it very easy for fraudsters to cash in after a disaster. If you’re going to donate via a crowdfund, it’s best to makes sure you know the owner personally. The person running the crowdfunding campaign isn’t necessarily the person who you want your money ending up with, and you’re trusting that they’ll follow through on their promises.
 
Beware direct requests for money
If you’re contacted by someone you don’t know on social media or via e-mail in a direct request for donation funds, you should hear alarm bells in your mind. Legitimate organizations that you aren’t already affiliated with will likely not reach out to you directly to request help. Be even more concerned if that person is requesting gift cards or P2P payments (Apple Pay, Paypal, etc.) Likewise, do not click on links in unsolicited e-mails requesting donations. DO NOT give out personal financial information to anyone who solicits a contribution.

Do not send cash
A cash donation is a bad idea. Leave a paper trail for tax and security purposes by using a check or credit card to make a donation. If something goes wrong, you have avenues you can follow with your card company and documentation of the amount and where it was supposed to go. Checks have to be cashed somewhere. When you hand over cash or gift cards, the trail ends—and if you’ve given your donation to a fraudster, you have no path for recourse. 

Report suspected fraud
If you receive an e-mail requesting donations and suspect it may be fraudulent, report it to the IRS.

We know the desire to help is nearly overwhelming in the days and months following a disaster. But by being aware of the dos and don’ts of donation, you’ll be able to avoid fraudsters and make sure your donation provides the maximum amount of relief in the right hands.

 

Security Fraud

Financial wellness—the ability to have a healthy financial life—hinges on budgeting, managing debts and making smart decisions for the long-term. Financial wellness allows you to handle medical bills, afford housing and transportation, and have access to the credit you need. Education and good habits go a long way toward being financially well!

But, in this technological age, there are many obstacles that can derail your financial wellness. A big one on that list? Identity theft.

In 2018, the Federal Trade Commission processed 1.4 million fraud reports totaling $1.48 billion in losses. The time and money a victim will spend trying to recover from identity theft is significant and can impact financial wellness. And the emotional toll that an identity theft can take could affect a victim’s job, relationships, and physical health. The growing prevalence of identity theft and fraud means that identity theft protection has to a be a part of the whole financial wellness package.
 

What YOU Can Do

  1. Monitor your credit report regularly - Catching discrepancies early can limit losses. Your credit report is free to you. Download yours FREE at AnnualCreditReport.com and check for accounts or activity you don’t recognize.
  2. Consider dark web monitoring - While dark-web monitoring doesn’t actually scan these sites for your information, it can help detect your information if it appears when stolen data is uploaded to sell. Learn more about the dark web now
  3. Practice good identity theft habits - Keeping your important information secret, setting strong, unique passwords, and staying aware of popular scams can help prevent you from falling victim to an identity thief. Learn more about how to keep your identity safe.

Extra Protection

Kirtland FCU partners with Identity Fraud, Inc. to offer a comprehensive suite of protection products that help minimize your risk of becoming a victim of identity theft. Services can include:
  • SSN Monitoring – to catch thieves using your social security number
  • Credit Monitoring – to identify unusual activity so you can take action
  • Credit Card Monitoring – scours chat rooms and online activity for your credit card information to identify potential fraud
  • DataSweep Monitoring – to identify your personal information online and alert you
  • Identity Insurance – should the worst happen, you’ll be covered
  • Lost Wallet Services - a 24/7 support team that helps you act quickly to limit your losses, maintain your good credit, and replace your lost or stolen cards
  • Keystroke Encryption Software - helps protect your identity by encrypting your keystrokes and hiding them from hackers, malware and key loggers intent on stealing your sensitive credentials while using the internet.
  • 24/7 Unlimited Resolution & Prevention Assistance - Staff ready to assist you with fraud resolution, no matter what type or how you experience identity theft.
Cover yourself with these protective services, and more, for less than $3 a month!

Explore and sign up for Identity Fraud, Inc. coverage!

Security Fraud

“It’s an older scam, sir, but it checks out.”

If you’re holding a check, made out to you, you’re going to want to read this before cashing it. Fake check scams have been around for a long time. Technology has opened up new avenues of implementing the scam, but the scam itself remains relatively unaltered. If someone you don’t know wants to pay you by check, be aware—it could be a scam. It could start with someone offering to buy something you’ve advertised on Facebook or Craigslist. It could come in the form of a supposed job opportunity! Or, it could be an even more enticing story of a sweepstakes win! Whatever the method, this scam is still in play for one reason: it works.

According to the Better Business Bureau’s 2018 Scam Tracker Risk Report, check fraud exposure (the likelihood of being targeted by a given scam) nearly doubled from 2017 with a median loss of $1,500 per incident! Fake checks are also a tactic in other types of scams, including employments scams.

Three Common Check Fraud Scams
 
  1. The Craigslist Overpayment - This one doesn’t have to be on Craigslist, but it will begin with the victim listing an item for sale, in a newspaper or online on Facebook or Craigslist. A buyer will send the victim a check for the item in a greater amount than the buying price. They’ll make up a convincing excuse and ask the victim to deposit the check and then withdraw the overpaid amount and send it back, usually in the form of a gift card. The check will bounce, and the victim is on the hook for the whole amount.
  2. The Employment Advance - This tactic is a crossover with employment scams. Usually, the victim will receive a fantastic job offer and an advanced check to cover supplies or training. The rest of the story follows the same path as the overpayment scam above.
  3. Winners! - In this one, the victim will receive a check to cover “taxes” on a fictional prize. The victim then pays the “taxes”. A few days later, the check bounces, and the victim is left confused—and broke.



Source: BBB 2018 Scam Tracker Risk Report

If you do deposit a check that is not from a friend or family member, wait at least two weeks to be sure it clears before spending any of the money.

If the check is indeed fake and bounces, you will not be out any of your own money. If you’re receiving pressure to do so, it’s a big red flag that the check may be fake.


How To Avoid These Scams


You can save yourself a big headache by taking these simple steps.
  • Inspect the check
    • Is the amount what you expected? There is NO LEGITIMATE REASON TO WRITE A CHECK FOR MORE THAN A NEEDED AMOUNT. Make sure the check matches the transaction.
    • Also, check the personal details on the check. Look up the bank or business associated with the check and call to confirm its validity.
    • If certain items such as a signature, address, or bank logo that are usually on a check are missing, or words are misspelled, don’t cash it. 
  • Consider the reason for the check
    • Did you prompt the sending of the check, or did it suddenly appear in your mailbox? Take some time to do a little sleuthing. Research the person or company the see if the payment makes sense. Trust your instincts! If it seems too good to be true, well, it likely is.
  • Don’t use the money
    • If you have a check that doesn’t pass the sniff tests listed above, and you haven’t cashed it yet, DON’T. Contact your credit union to discuss your concerns. If you already cashed it or deposited it, don’t spend the money. Credit unions and banks are required to make your deposited checks available to you within a certain period—for example, a government or cashier’s check is required to be cleared one business day after deposit. If the check has not yet been identified as fake, that money would still be available to you, even though the check is bad. Once the bounce happens, banks and credit unions have the right to withdraw the check from your account, even if you already spent the funds. If your balance can’t cover that amount, you could be facing negative balances and many more headaches.
  • Alert the authorities

Security Fraud

Ah, technology.

Our high-tech world moves at lightning speed, with communication and tasks often happening in real-time. In many ways, security has lagged behind innovation. Now, new security measures such as two-factor authentication  have emerged to protect the vast amounts of information and money that is exchanged online. But criminals are beginning to exploit those extra security measures and options, and you need to be on the lookout for this latest ploy to access your accounts.

Financial partner CO-OP, which owns and operates credit union ATMs nationwide, recently warned Kirtland FCU of a tactic called ‘SMishing’—phishing (posing as a legitimate company) via SMS text messaging. And it’s effective because of the popularity of texting. According to the Pew Research Center, 97% of Americans send at least one text every day. 

What The SMish?
SMishing, according to CO-OP, is a text is designed to look like an automated text communication from a legitimate company. There are two different methods of SMishing that we’ll discuss: the SMished text alert and the SMished two-factor. 

SMished Text Alert
Criminals in possession your debit card details and other forms of personally identifiable information (PII) are spoofing credit union phone numbers in an effort to fool credit union members into thinking that the text messages are actually from the fraud department of a particular credit union. Fraudsters are sending text messages under the guise of trying to validate recent card activity and are including hyperlinks within some text messages.
 
Fraudsters are also using text messaging to deceive credit union members into providing card-related data and login credentials. A typical SMishing occurrence can begin with a member receiving a text message inquiring about a suspicious transaction on an account. In reality, the fraudster is looking to obtain other information from members such as debit card numbers, CV2 codes, expiration dates, PINs and other web login credentials.

Before we go into how to spot one of these texts, you should know that there ARE legitimate texts that can come in from your credit union (especially if you’ve registered for Text Alerts  Online Banking login, transaction alerts for your cards, or use Text Banking. But there are key differences between a SMishing text and a valid text transaction alert).
 
SMishing Text Contains Legitimate Text Contains
A vague reference to a bank or no reference at all An abbreviated version of  your credit union's name
No specific card information The last 4 digits of the card number
No specific transaction information The amount of the transaction detail
No merchant information Merchant details
Hyperlinked phone numbers and/or web addresses No hyperlinks
Requests for card numbers, CV2 codes, passwords, PINs, expiration dates Reply options of: YES, NO or STOP (to opt out)

The SMished Two-Factor

Have you opted in to two-factor authentication for your financial accounts? Many companies and financial institutions are now offering two-factor authentication  as a way to make logging in faster and safer by requiring not only a username and password but the entry of a one-time code, sent through a different channel (usually e-mail, text, or voice call). Which means that if a fraudster obtained your username and password to a specific account, they would also need to have access to your e-mail account or phone to obtain the one-time code—an unlikely situation. Thieves are now calling members, posing as credit union employees, to get you to turn over the code while you’re on the phone with them!

While on the phone with a member, the fraudster logs into a credit union Online Banking site. When the one-time code is sent to the member’s phone, the fraudster asks the member to provide the code as a means to validate the member. When the information is shared with the person the member believes is a credit union employee, the fraudster uses the code to finalize access to Online Banking, which is typically followed by changing the Online Banking password and transferring funds from member accounts.

How To Miss The SMish
  • Be aware! By simply knowing of the possibility of a SMishing attack, you can keep an eye out for the signs
  • Never provide information via text. A legitimate credit union employee or alert text will never ask for personal information to be sent over unsecured channels, and you will NEVER be asked for your Online Banking password or two-factor code outside of your login attempt.
  • Never click hyperlinks in texts. Legitimate requests to validate card activity will request a simple response of YES or NO. They will not include hyperlinks to other websites or ask for any personal info.
  • Don’t believe the caller ID. It’s amazingly easy to spoof a phone number—to make it look like a call is coming from a legitimate source.
  • When in doubt, check! You can always call the credit union (Kirtland FCU member, call 1-800-880-5328) to check on the validity of a transaction alert or to report a request for information that seems, well, phishy.
 

Security Fraud

As cybercrime and identity theft continues its relentless increase in both prevalence and sophistication, are you taking advantage of all the ways you can increase security for your own accounts?

Passphrases > Passwords

‘Password’ is a terrible password. So is 123456 (alarmingly, the most common password in the nation). Why? Because these passwords are simple and easily guessed. And while an overly simple password is easy to remember, choosing one is the equivalent of installing a lock made of cotton balls on your front door—not what you want protecting your identity and your money. The problem is that long and complex passwords are not only difficult to guess (which is good) but difficult to remember (bad for the user).

The National Institute of Standards and Technology has recently revised its recommendation of using complex passwords in favor of using a passphrase—a sequence of words and other text. Passphrases are naturally much longer than passwords, making them more secure (usually).  Longer passphrases result in more “randomness” generally, making it hard for computers to figure it out—shoot for 4-5 random words (not ones that form a sentence or borrow from quotes or sayings).

The difference between passwords and passphrases is eloquently illustrated by science comic blogger Randall Munroe (XKCD):



If you have the option to use a passphrase (no requirements for special characters and no limit on length) do so! You will likely find that many of your apps and websites have yet to implement this change in recommendation with their own password requirements, so if you cannot choose a passphrase, make the password as random and as long as possible and avoid these common pitfalls:
  • Don’t use family names, birthdays, or other information that could be found elsewhere. (Make it hard to guess.)
  • Don’t use the same password for every application. (Make it unique.)
  • Don’t use short or common passwords like QWERTY or 123456. (Make it strong.)
If you have access to a password protected computer, you can use a password manager like Dashlane or LastPass to generate and remember tough passwords for your logins. Some browsers will also generate and remember your passwords if you ask it to, but be careful about using this functionality if anyone else has access to your computer. And DON’T use this option if you’re on a public computer or connected to unsecured Wi-Fi. In fact, don’t log into any program while connected to an unsecured Wi-Fi. It’s scary easy to steal information over an unsecured Wi-Fi connection.

The Two-Factor Option

Have you set up two-factor authentication yet? Many programs now offer this secure method of login, and you should be taking advantage of it. Google, for example, offers two-factor authentication: when you type in your Google password to log into Gmail or another of Google’s apps, you’ll also be asked for a second entry of a six-digit code that is texted to your phone (or sent to you via the Google app on your phone). Once an account’s two-factor authentication is set up, a thief would not only have to possess your password but your physical phone to access your account


Don’t want to enter a six-digit password every time? You can set Google to remember a personal computer but require two-factor authentication on new devices. Or, if you have a security key like this Yubico, you’ll be prompted to plug it into your computer’s USB port or touch it to your phone to complete the two-factor authentication—literally a physical key for your account! And a physical security key is about as safe an option as you can find.

Many sites and apps offer two-factor authentication—Facebook, YouTube, Google, various password managers, and many financial institutions, including Kirtland FCU Online Banking!

Online—you should be here!

If you’re thinking, “Geez, it’s too risky to be online! I’m just going to do banking the old-fashioned way, with checks and branch visits,” you might want to reconsider. Most financial institutions offer some version of online banking options, and if you don’t claim yours and set up your own passwords and security, you leave the path clear for a thief to do it for you. And you won’t have any way of knowing something has gone wrong until you get your next banking statement a month later! Setting up Online Banking and checking your accounts often allow you to:
  • Catch fraud and theft early
  • Limit losses
  • Secure your accounts with your own passwords and options
Technology is changing and improving every day. Make sure to take advantage of the latest options offered by each account and login you set up.

To register for your Online Banking account with Kirtland FCU, give us a call at 1-800-880-5328.

 

Security Fraud

It’s a buzz term that gets thrown around during discussions of data breaches and identity theft— the “dark web”.

You may have even seen advertisements for services that are supposed to alert you—or even claim to be able to remove your information—when your information is discovered there. But what is the dark web, and how can you keep yourself safe if your information ends up on one of these sites?

The dark web is a network of websites that can only be accessed with a special browser that renders the user anonymous and untraceable. Sites on the dark web make up about 3% of all websites and while not every site accessible on the dark web deals in illicit activity, it’s easy to see the appeal for an identity thief. After a data breach, information often floods the dark web, offered up for sale as a bundle of information for as little as $10 per bundle.

Many services will offer to scan the dark web for your information. Finding it is one thing; eliminating it is another. The former will allow you to take action to protect yourself. The latter is all but impossible.

Beware any service offering to scan the entire dark web

Because that’s impossible. The ever-shifting landscape of the dark web makes it impossible to crawl every site. One of the major differences between the normal web and the dark web, besides the multiple re-routes built between a user and a site, is the suffix of the sites themselves: sites on the dark web often end in .onion and have an incomprehensible string of numbers and letters before it. The last count of onion sites according to a 2017 Vice article was 1,208,925,819,614,629,174,706,176. And it’s not unusual for a site to appear for 12 hours and then vanish. We can’t even count these sites accurately, never mind crawl them in any kind of reliable fashion.

What a site will do to “scan” for your information is likely to look at the latest data dumps: files of information that do often end up on the dark web.

If you do a scan, and your information is found on the dark web, here are a few things to remember.
  • No service can erase your information. There’s no putting the genie back in the bottle. You should be leery of any service offering to erase your information.
  • Consider account alerts. Early detection of fraudulent activity can help you limit losses.
  • Mitigation is the name of the game. If you are alerted that your information is on the dark web, the best idea is to freeze your credit to limit fraudulent activity with your social security number. You should also order new credit and debit cards.
  • Monitor your credit frequently. Look for any unusual activity so you can take swift action.
  • Practice good security hygiene. Keep your data and passwords as private as possible.  Read here to find out more

Security Fraud
 
2019 is sliding into fall, but the Social Security scam calls are still hot. And people are still losing scary amounts of money because of them.

NO, THAT’S NOT THE SOCIAL SECURITY ADMINISTRATION CALLING

Consumer protection agencies call it the "Social Security impostor scam."

You get a call with a warning that your Social Security number has been suspended because of suspicious activity or because it’s been used in a crime. You are asked to confirm your number or told you need to withdraw money from the bank and buy gift cards in order to resolve the situation.

The phone call may be a robocaller with a message to "press 1" or dial a particular number to speak with a "support representative" from the government to reactivate your Social Security number. Or it could be a live person making threats against you for crimes committed with your Social Security Number unless you confirm certain information or send money to clear up the charges.

DON’T BELIEVE THE CALLER ID

The scammers may even use technology to spoof your caller ID to make it look like the Social Security Administration is really calling.

In the last 12 months, people filed more than 76,000 complaints about Social Security impostors, reporting $19 million in losses. The median reported loss last year was $1,500, the FTC said.

People are asked to give up the personal identification numbers (PINs) on the back of gift cards or use virtual currencies like Bitcoin to pay. (According to the FTC's consumer alert, people withdrew money and fed cash into Bitcoin automatic teller machines.)

After handing over the gift card numbers to the "Social Security office," one consumer interviewed by Fraud.org was told he would receive a refund equal to the amount he paid to unfreeze his account from the Federal Reserve. Of course, the refund never came, and the man lost nearly $20,000.

The scammers can be clever, and they will try new stories and new methods in order to keep their scam effective and claim the most amount of money they can. With numerous data breaches that have hit corporate America, fraudsters may already have accurate personal information about you, including your real Social Security number. The information is used to build trust and make the call seem more legitimate, he added.

How you can stay safe:

According to Fraud.org and the FTC, here are some important things to remember:
  • Social Security will never suspend your number, according to Fraud.org. If anyone tells you something different, you're being scammed.
  • Social Security will never call you and demand money. No government agency will demand you pay something using gift cards or Bitcoin either.
  • Don't trust your phone's caller ID. Scammers can make it look as if the Social Security Administration is calling and even use the agency's real number.
  • Don't give your Social Security number, birth date, home address, or any other personal information, to a caller on the phone.

If you have a question, check with the real Social Security Administration. The administration will never contact you out of the blue. The agency's number is 1-800-772-1213.

Talk about the scam with friends, family and neighbors. Report government impostor scams to the FTC at ftc.gov/complaint.

No legitimate business will call you to request your Social Security number, including Kirtland Federal Credit Union. Feel free to hang up on these calls. If you would like to check the legitimacy of a call, you can always initiate a call to the business yourself to check.
 

1234Next