Card Security - Phishing
Every week, a different merchant seems to be announcing that their system has been hacked and that the information of millions of customers has possibly been compromised. This seems to be a growing trend as more and more attacks are being focused at larger institutions.
These data breaches should be taken very serious, as the information gathered may be used by the criminals to steal your identity. Many criminals will take the information from a breach and use it to social engineer additional information about the individual. This process, of trying to gather personal information from someone else, is called “Phishing.”
Phishing can be an email or phone call that has the appearance of of being official, but they are only trying to gather personal information. The communication is always unsolicited, but it may appear to come from a legitimate source. What does that mean?
If XYZ Company had their clients’ information stolen, and the criminals want to gather missing pieces from that information (PIN numbers, full card number, address), the criminals may create an email that appears to come from XYX Company requesting that you use a link from the email to confirm the information on your card that was used during the breach of their information. The address and appearance of the email might look legitimate, but be cautious because the link might go to an unknown source.
Know who is calling / emailing: Firefighters Credit Union will call you personally if there is any issue with your card. We will address who we are, and we will confirm who you are without jeopardizing any personal information. We use a company for after-hours contacting, and they will only verify transactions and block your card for further use. If you have any question about who is calling, then call the institution immediately.
Never give out PIN: The only time to enter your PIN number is to get cash or purchase in person. No transaction nor verification over the phone should include a PIN number. If anyone asks you to verify your PIN number or to provide your PIN, that should be an automatic red-flag that there is something wrong with what you are being asked to verify.
Call back: If you ever have a concern about who you spoke with, an email you received, or a text message that is requesting you to click a link or provide card information, contact the financial institution immediately. On the back of every card are phone numbers for the institution and for after-hours reporting of a card lost or stolen.
Be wary of Links: Emails that come to you, even from someone in your contacts, might be phishing for your information with a simple link. Links contained in the emails might prompt you to download a virus that will damage your PC and any information that it might contain.
Even if your card is not contained on one of these data breaches, you might be solicited for information. Don’t give away your personal information. Keep your information safe by only providing it to trusted sources.