Fraud Prevention

Quest Federal Credit Union is committed to the protection of your personal, sensitive, and confidential information. You should be too!

We are happy to provide the following information to our member/owners to aid in the protection of your identity, credit, and personal information. Please be sure to review this information thoroughly and share it among your family, friends, and social networks. Together, we can help ensure that are protected and that you have armed yourself with information vital to your protection.

Suspicious Email

If you have received a suspicious email, you may forward it to: reportfraud@questfcu.com.

Please remember that Quest Federal Credit Union will never call or email you requesting your personal account information (we already have that).  Beware of calls or emails requesting account numbers, credit or debit card numbers, social security numbers, usernames or PIN numbers.  Typically these emails will claim that you have to respond quickly or your account/cards will be closed or blocked.

Card Compromises:

What is a card compromise?  A compromise is when there is a “potential” or “factual” compromise of your card information.

How does this happen?  Generally it happens when an online vendor, point of sale retailer or even a card swipe machine at a gas station, for example, has been compromised or breached.  Normally there has been no fraudulent activity but due to the card number being breached, there is potential.  If 1, 2 or 10 cards are compromised, that doesn’t mean that all cards have been compromised.

How will you know?  If Quest is made aware during normal business hours, you will receive a call at your phone number on record with us directly from one of our members service rep’s.  If after hours, our card servicer will call you on your number of record and at NO TIME WILL QUEST OR OUR CARD SERVICER ASK YOU FOR YOUR INFORMATION, we have that on file and will not ask you for this information.  At that time we will explain your options and work to restore your card services with the utmost speed and efficiency.

What if I do get a call and they ask for my card number?  Without a doubt, it’s a scam, do not disclose any information and terminate the call.  If you did disclose information, contact Quest or our card servicer and we will assist you.

If you have any further questions, please call one of our four locations or card services.  The number is displayed on your card, can be obtained from our automated phone system and is listed on our website.

Debit and Credit Card Fraud

Quest does use activity monitoring on the Debit and Credit Cards issued through the Credit Union.  However, when the monitoring service contacts you they will not ask for your card number or PIN, they will simply verify your most recent transactions.

To report your Debit/ATM or Credit Card lost or stolen, you can call any of the branch offices during regular business hours.  If you need to report a card lost or stolen after hours:

During Business Hours:

  • Quest Card Services: 1-833-307-4199

After Business Hours:

  • Lost/Stolen Cards: 1-800-528-2273
  • Report Fraud: 1-800-808-6402

Follow the most recent scams at: Slam the Online Scam

Consumer Federation Fraud Video or visit the Consumer Federation of America website.

Phishing/Social Engineering

Phishing or “social engineering” is a form of fraud that is commonly employed via email. Phishing attempts occur when an email is sent and may look legitimate but is not. Phishing scams, as in fishing for information, typically rely on email recipients being recognizing familiar products or websites. The messages will attempt to fool the recipient into revealing sensitive information. The mechanisms used may entice the recipient to (a) click on a link leading to a fraudulent website (although it may appear legitimate), (b) reply to a specific offer or request in the email, or (c) download an infected attachment.

Phishing scams and social engineering tactics are difficult to spot in some cases and the methods employed are constantly changing. Here are some tips to help you avoid becoming a victim of these threats:

  • Think before you click. Be cautious with any message you don’t expect or that doesn’t make sense. If you get a message from the New York police about a speeding ticket but you have not been driving in NY recently, it’s bogus. Delete immediately. Even if you had been driving in NY, ask yourself whether it makes sense that the NY police have your e-mail address. Probably not.
  • Be wary of offers of something for nothing. These are most likely scams. Won the lottery without entering? A free gift card from a store you don’t patronize? Likely bogus.
  • Check validity with a web search. If you suspect the offer/threat could be real, don’t click. Search instead. Many sites list known hoaxes. Reading through these can put your mind at ease.
  • Carefully scrutinize the destination of links in e-mails and text messages. Hover your mouse/finger over the link to see where it really goes. Clever phishers sometimes include valid links among the malicious links in the e-mail in a further attempt to disguise their intent.
  • Do not respond to unsolicited requests for sensitive information, whether by e-mail, phone, or text message. If an unsolicited caller starts asking for personal information, it’s time to end the call.
  • Do not submit personal information via website pop-up screens. Legitimate organizations do not ask for personal information via pop-ups.

You can report phishing emails:

  • The Federal Trade Commission, spam@uce.gov
  • The company that the email reportedly came from, companies may have a “to report abuse” email address.

Just remember to include the entire original email with its original header information when you forward to the FTC or other entity when reporting phishing.

For more information on scams, visit the FBI’s website, https://www.fbi.gov/scams-and-safety or the NCUA’s website, http://ncua.gov/Resources/FraudAlert/index.aspx.

Staying Safe Online

Quest Federal Credit Union offers the following publication(s) for our member/owners as education in the fight against fraud.

Past editions of Staying Safe Online:

What should I do if my personal information has been lost or stolen?

If you’ve lost personal information or identification, or if it has been stolen from you, taking certain steps quickly can minimize the potential for identity theft.

Financial accounts: Close accounts, like credit cards and bank accounts, immediately. When you open new accounts, place passwords on them. Avoid using your mother’s maiden name, your birth date, the last four digits of your Social Security number or your phone number, or a series of consecutive numbers.

Social Security number: Call the toll-free fraud number of any of the three nationwide consumer reporting companies and place an initial fraud alert on your credit reports. An alert can help stop someone from opening new credit accounts in your name. See consumer reporting company contact information.

Driver’s license/other government issued identification: Contact the agency that issued the license or other identification document. Follow its procedures to cancel the document and to get a replacement. Ask the agency to flag your file so that no one else can get a license or any other identification document from them in your name.

Once you have taken these precautions, watch for signs that your information is being misused.

If your information has been misused, file a report about the theft with the police, and file a complaint with the Federal Trade Commission, as well. If another crime was committed – for example, if your purse or wallet was stolen or your house or car was broken into – report it to the police immediately.

Are companies allowed to print my entire credit card number on my receipt?

Beginning December 5, 2006, companies must not print your credit or debit card expiration date or more than the last 5 digits of your card number on your electronic receipt. Some businesses must make this change sooner, depending on the way they process credit card transactions. The law will allow receipts that are hand written or mechanically imprinted to show your entire number and expiration date, even after December 4, 2006.

How can I minimize my risk?

When it comes to identity theft, you can’t entirely control whether you will become a victim. But there are certain steps you can take to minimize your risk.

Order a copy of your credit report. An amendment to the federal Fair Credit Reporting Act requires each of the major nationwide consumer reporting companies to provide you with a free copy of your credit reports, at your request, once every 12 months.

To order your free annual report from one or all the national consumer reporting companies, visit www.annualcreditreport.com, call toll-free 877-322-8228, or complete the Annual Credit Report Request Form and mail it to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. You can print the form from ftc.gov/credit. Do not contact the three nationwide consumer reporting companies individually; they provide free annual credit reports only through www.annualcreditreport.com, 877-322-8228, and Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.

Under federal law, you’re also entitled to a free report if a company takes adverse action against you, such as denying your application for credit, insurance or employment, and you request your report within 60 days of receiving notice of the action. The notice will give you the name, address, and phone number of the consumer reporting company that supplied the information about you. You’re also entitled to one free report a year if you’re unemployed and plan to look for a job within 60 days; you’re on welfare; or your report is inaccurate because of fraud. Otherwise, a consumer reporting company may charge you up to $9.50 for any other copies of your report.

To buy a copy of your report, contact:

Under state law, consumers in Colorado, Georgia, Maine, Maryland, Massachusetts, New Jersey, and Vermont already have free access to their credit reports.

If you ask, only the last four digits of your Social Security number will appear on your credit reports.

Place passwords on your credit card, bank, and phone accounts. Avoid using easily available information like your mother’s maiden name, your birth date, the last four digits of your Social Security number or your phone number, or a series of consecutive numbers. When opening new accounts, you may find that many businesses still have a line on their applications for your mother’s maiden name. Ask if you can use a password instead.

Secure personal information in your home, especially if you have roommates, employ outside help, or are having work done in your home.

Ask about information security procedures in your workplace or at businesses, doctor’s offices or other institutions that collect your personally identifying information. Find out who has access to your personal information and verify that it is handled securely. Ask about the disposal procedures for those records as well. Find out if your information will be shared with anyone else. If so, ask how your information can be kept confidential.

Don’t give out personal information on the phone, through the mail, or on the Internet unless you’ve initiated the contact or are sure you know who you’re dealing with. Identity thieves are clever, and have posed as representatives of banks, Internet service providers (ISPs), and even government agencies to get people to reveal their Social Security number, mother’s maiden name, account numbers, and other identifying information. Before you share any personal information, confirm that you are dealing with a legitimate organization. Check an organization’s website by typing its URL in the address line, rather than cutting and pasting it. Many companies post scam alerts when their name is used improperly. Or call customer service using the number listed on your account statement or in the telephone book.

Treat your mail and trash carefully.

Deposit your outgoing mail in post office collection boxes or at your local post office, rather than in an unsecured mailbox. Promptly remove mail from your mailbox. If you’re planning to be away from home and can’t pick up your mail, call the U.S. Postal Service at 1-800-275-8777 to request a vacation hold. The Postal Service will hold your mail at your local post office until you can pick it up or are home to receive it.

To thwart an identity thief who may pick through your trash or recycling bins to capture your personal information, tear or shred your charge receipts, copies of credit applications, insurance forms, physician statements, checks and bank statements, expired charge cards that you’re discarding, and credit offers you get in the mail. To opt out of receiving offers of credit in the mail, call: 1-888-5-OPTOUT (1-888-567-8688). The three nationwide consumer reporting companies use the same toll-free number to let consumers choose not to receive credit offers based on their lists. Note: You will be asked to provide your Social Security number which the consumer reporting companies need to match you with your file.

How can I stop companies from using my personal information for marketing?

More organizations are offering consumers choices about how their personal information is used. For example, many let you “opt out” of having your information shared with others or used for marketing purposes.

Don’t carry your Social Security number card; leave it in a secure place.

Give your Social Security number only when absolutely necessary, and ask to use other types of identifiers. If your state uses your Social Security number as your driver’s license number, ask to substitute another number. Do the same if your health insurance company uses your Social Security number as your policy number.

Carry only the identification information and the credit and debit cards that you’ll actually need when you go out. Be cautious when responding to promotions. Identity thieves may create phony promotional offers to get you to give them your personal information.

Keep your purse or wallet in a safe place at work; do the same with copies of administrative forms that have your sensitive personal information.

When should I give out my Social Security number?

Your employer and financial institutions will need your Social Security number for wage and tax reporting purposes. Other businesses may ask you for your Social Security number to do a credit check if you are applying for a loan, renting an apartment, or signing up for utilities. Sometimes, however, they simply want your Social Security number for general record keeping. If someone asks for your Social Security number, ask:

  • Why do you need my Social Security number?
  • How will my Social Security number be used?
  • How do you protect my Social Security number from being stolen?
  • What will happen if I don’t give you my Social Security number?

If you don’t provide your Social Security number, some businesses may not provide you with the service or benefit you want. Getting satisfactory answers to these questions will help you decide whether you want to share your Social Security number with the business. The decision to share is yours.

I have a computer and use the Internet. What should I be concerned about?

You may be careful about locking your doors and windows, and keeping your personal papers in a secure place. Depending on what you use your personal computer for; an identity thief may not need to set foot in your house to steal your personal information. You may store your Social Security number, financial records, tax returns, birth date, and bank account numbers on your computer. These tips can help you keep your computer – and the personal information it stores – safe.

Virus protection software should be updated regularly, and patches for your operating system and other software programs should be installed to protect against intrusions and infections that can lead to the compromise of your computer files or passwords. Ideally, virus protection software should be set to automatically update each week. The Windows XP operating system also can be set to automatically check for patches and download them to your computer.

Do not open files sent to you by strangers, or click on hyperlinks or download programs from people you don’t know. Be careful about using file-sharing programs. Opening a file could expose your system to a computer virus or a program known as “spyware,” which could capture your passwords or any other information as you type it into your keyboard.

Use a firewall program, especially if you use a high-speed Internet connection like cable, DSL or T-1 that leaves your computer connected to the Internet 24 hours a day. The firewall program will allow you to stop uninvited access to your computer. Without it, hackers can take over your computer, access the personal information stored on it, or use it to commit other crimes.

Use a secure browser – software that encrypts or scrambles information you send over the Internet – to guard your online transactions. Be sure your browser has the most up-to-date encryption capabilities by using the latest version available from the manufacturer. You also can download some browsers for free over the Internet. When submitting information, look for the “lock” icon on the browser’s status bar to be sure your information is secure during transmission.

Try not to store financial information on your laptop unless absolutely necessary. If you do, use a strong password with a combination of letters (upper and lower case), numbers and symbols. A good way to create a strong password is to think of a memorable phrase and use the first letter of each word as your password, converting some letters into numbers that resemble letters. For example, “I love Felix; he’s a good cat,” would become 1LFHA6c. Don’t use an automatic log-in feature that saves your user name and password, and always log off when you’re finished. That way, if your laptop is stolen, it’s harder for a thief to access your personal information.

Before you dispose of a computer, delete all the personal information it stored. Deleting files using the keyboard or mouse commands or reformatting your hard drive may not be enough because the files may stay on the computer’s hard drive, where they may be retrieved easily. Use a “wipe” utility program to overwrite the entire hard drive.

Look for website privacy policies. They should answer questions about maintaining accuracy, access, security, and control of personal information collected by the site, how the information will be used, and whether it will be provided to third parties. If you don’t see a privacy policy or if you can’t understand it consider doing business elsewhere.

Should I buy identity theft insurance?

Some companies offer insurance or similar products that claim to give you protection against the costs associated with resolving an identity theft case. Be aware that most creditors will only deal with you to resolve problems, so the insurance company in most cases will not be able to reduce that burden. As with any product or service, make sure you understand what you’re getting before you buy. If you decide to buy an identity theft insurance product, check out the company with your local Better Business Bureau, consumer protection agency and state Attorney General to see if they have any complaints on file.

The National Credit Union Administration has produced the following videos alerting credit union members and consumers on how to recognize, avoid, and report fraud.

NCUA Consumer Report: Frauds, Scams and Cyberthreats – Part I

NCUA Consumer Report: Frauds, Scams and Cyberthreats – Part II