If you have received a suspicious email, you may forward it to: email@example.com.
Please remember that Quest Federal Credit Union will never call or email you requesting your personal account information (we already have that). Beware of calls or emails requesting account numbers, credit or debit card numbers, social security numbers, usernames or PIN numbers. Typically these emails will claim that you have to respond quickly or your account/cards will be closed or blocked.
What is a card compromise? A compromise is when there is a “potential” or “factual” compromise of your card information.
How does this happen? Generally it happens when an online vendor, point of sale retailer or even a card swipe machine at a gas station, for example, has been compromised or breached. Normally there has been no fraudulent activity but due to the card number being breached, there is potential. If 1, 2 or 10 cards are compromised, that doesn’t mean that all cards have been compromised.
How will you know? If Quest is made aware during normal business hours, you will receive a call at your phone number on record with us directly from one of our members service rep’s. If after hours, our card servicer will call you on your number of record and at NO TIME WILL QUEST OR OUR CARD SERVICER ASK YOU FOR YOUR INFORMATION, we have that on file and will not ask you for this information. At that time we will explain your options and work to restore your card services with the utmost speed and efficiency.
What if I do get a call and they ask for my card number? Without a doubt, it’s a scam, do not disclose any information and terminate the call. If you did disclose information, contact Quest or our card servicer and we will assist you.
If you have any further questions, please call one of our four locations or card services. The number is displayed on your card, can be obtained from our automated phone system and is listed on our website.
Phishing or “social engineering” is a form of fraud that is commonly employed via email. Phishing attempts occur when an email is sent and may look legitimate but is not. Phishing scams, as in fishing for information, typically rely on email recipients being recognizing familiar products or websites. The messages will attempt to fool the recipient into revealing sensitive information. The mechanisms used may entice the recipient to (a) click on a link leading to a fraudulent website (although it may appear legitimate), (b) reply to a specific offer or request in the email, or (c) download an infected attachment.
Phishing scams and social engineering tactics are difficult to spot in some cases and the methods employed are constantly changing. Here are some tips to help you avoid becoming a victim of these threats:
- Think before you click. Be cautious with any message you don’t expect or that doesn’t make sense. If you get a message from the New York police about a speeding ticket but you have not been driving in NY recently, it’s bogus. Delete immediately. Even if you had been driving in NY, ask yourself whether it makes sense that the NY police have your e-mail address. Probably not.
- Be wary of offers of something for nothing. These are most likely scams. Won the lottery without entering? A free gift card from a store you don’t patronize? Likely bogus.
- Check validity with a web search. If you suspect the offer/threat could be real, don’t click. Search instead. Many sites list known hoaxes. Reading through these can put your mind at ease.
- Carefully scrutinize the destination of links in e-mails and text messages. Hover your mouse/finger over the link to see where it really goes. Clever phishers sometimes include valid links among the malicious links in the e-mail in a further attempt to disguise their intent.
- Do not respond to unsolicited requests for sensitive information, whether by e-mail, phone, or text message. If an unsolicited caller starts asking for personal information, it’s time to end the call.
- Do not submit personal information via website pop-up screens. Legitimate organizations do not ask for personal information via pop-ups.
You can report phishing emails:
The Federal Trade Commission, firstname.lastname@example.org
The company that the email reportedly came from, companies may have a “to report abuse” email address.
Just remember to include the entire original email with its original header information when you forward to the FTC or other entity when reporting phishing.
Debit and Credit Card Fraud
Quest does use activity monitoring on the Debit and Credit Cards issued through the Credit Union. However, when the monitoring service contacts you they will not ask for your card number or PIN, they will simply verify your most recent transactions.
To report your Debit/ATM or Credit Card lost or stolen, you can call any of the branch offices during regular business hours. If you need to report a card lost or stolen after hours:
Follow the most recent scams at: Slam the Online Scam
Past editions of Staying Safe Online: