PGCFCU Internet/E-Mail Fraud Alert

PGCFCU wants to help you keep personal information safe.
PGCFCU is committed to keeping the personal information of our member secure. Because of the increasingly prevalent threats of identity theft, PGCFCU has taken security measures to provide accurate and through information to prevent the members from becoming victims.

Criminals have developed several clever tools to steal your personal information over the internet. Below are helpful general tips and keywords that will aid you in safeguarding your personal information and computer from identity thieves, phishing and scams.

What is e-mail fraud?
Fake e-mail messages sent to you for the purpose of obtaining personal and financial information are some of the most common e-mail fraud messages received by Internet users today. These fraudulent e-mails are called phishing.

Phishing e-mails are made to appear that they are from a legitimate company, typically a financial services organization, like a bank, credit union, or investment brokerage. Others state to be from other organizations that perform financial transactions using personal data; the most common of these claims to be from companies like PayPal, eBay, and America Online (AOL).

The phishing e-mails typically inform you that account information needs to be updated and that action must be taken immediately. The information they ask for ranges from user name and password all the way to name, address, and credit card information, depending on which legitimate company they are posing as.

How to recognize e-mail fraud.
Identifying phishing e-mails is not always easy as criminals are becoming more adept at learning from their past mistakes. However, there are generally certain clues that will give away a phishing e-mail, and the associated fake web page, that you can use when you are in doubt about the integrity of an e-mail message.

Companies with which you have no prior relation.
We all get e-mail messages from companies with whom we've never done business, that's just marketing, but you shouldn't get messages from those companies asking you to update account information, provide personal data, or otherwise imply an existing relationship. This should be your first clue that something isn't right with this e-mail message.

Generic message
These criminals typically do not know who you are; they just have your email address. They tend to either use no salutation at all, or will use phrases like Dear Customer.

The criminals can get your e-mail address many ways, but the most common is through viruses and worms planted on other users' computers. The viruses gather e-mail information from the address book of infected computer's e-mail client (like Outlook or Messenger) and report this back to the criminals. The viruses typically infect tens, if not hundreds, of thousands of computers at one time so given the size of most people's address books, the criminals can build a list pretty quickly. If you're on someone's address book and their computer is infected, the criminals can get your e-mail address.

Requests for personal or secure information.
This is what they are after. They'll indicate that you need to provide your user name and password or credit card number because they have lost it, are ensuring all of their customers are legitimate, or state that they are addressing a security breach and need you to "re-confirm" your information.

Where can you see samples of phishing e-mails?
A non-profit organization called the Anti-Phishing Working Group hosts a web site full of information about phishing as well as samples of select reported phishing e-mails in their Phishing Archive at www.antiphishing.org.

Which companies are most often spoofed in phishing e-mails?
According to the Anti-Phishing Working Group's web site, the most often US-based companies whose names are used by criminals for phishing e-mails include PayPal, eBay, Wells Fargo, Citibank, MSN, and US Bank. This doesn't mean that all communications from these companies should be treated suspiciously, but that the criminals know that these companies have many customers and their chances of finding a customer of one of these companies from the e-mail addresses they have harvested are much greater than if they posed as a smaller company.

What should you do if you receive a phishing e-mail?
First, do not respond to it either by hitting the "Reply" button or by clicking the links. The sender's address is usually fake, so responding that way won't do anything for you, and in the worst case could let the criminals know they have a valid e-mail address they can use for further activity. Clicking through the links will only take you to the phisher's fake web site where they may be able to download spyware and malware onto your computer.

If you want to take some course of action, report the phishing e-mail to the legitimate company or organization that has been spoofed in the e-mail. Most have online mechanisms, either forms or e-mail addresses, where you can communicate this to them. Legitimate companies generally post their phone number, usually a toll-free number; on their web site should you decide to call them instead.

You can also file a complaint with the Internet Fraud Complaint Center at www.ifccfbi.gov. They will probably not be able to address your specific incident, but by providing information to them they can warn others and investigate the crime.

Where can you find more information about phishing?


Alert
Recently, there have been multiple e-mail fraud attempts, known as "Phishing”, that were initiated via e-mail sent to both the general public and to some credit union members that appeared to be from NCUA. This false e-mail asked for the recipient to click on a link to verify their credit union account registration. If the recipient proceeded to do so, the link directed them to a false website and asked for their credit union account number and PIN, along with other personal information.

NCUA does not ask credit unions members for such personal information. Anyone who receives an e-mail that purports to be from NCUA and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.

PGCFCU will never contact you though email or over the phone to verify account information. If you are solicited for confidential information in this manner do not give out your personal account information.

If you responded to such an e-mail and provided any confidential account information pertaining to your PGCFCU account, please notify PGCFCU immediately at 301-627-2666 or 1-800-952-7428. You will be instructed by one of our staff as to the appropriate course of action to be taken, depending upon what information was provided to the scam, which may include anything from changing your PIN to possibly closing any compromised share accounts.

HOME  |  APPLY FOR A LOAN  |  BECOME A MEMBER  |  IMPORTANT INFORMATION  |  PRIVACY POLICY  |  FEE SCHEDULE  |  SITE MAP
Your savings federally insured to at least $100,000 and backed by the full faith and credit of the United States Government - National Credit Union Administration, a U.S. Government Agency Website designed by Visions, Ink. Credit Unions - Get the Difference Login to Home Banking Pay Bills OnlineHome