Common Scams

This flyer has a variety of typical scams to be aware of and things to do if you believe you are a victim.

Equifax Data Breach

As you may be aware, Equifax, one of the nation’s three major credit reporting agencies, reported last week that 143 million American consumers’ sensitive personal information was exposed in a data breach. HEFCU does not request credit reports directly from Equifax.  However, this does not guarantee your personal information was not compromised.  For complete information on this data breach, please visit (new window/tab).

And don’t forget — you can request a free copy of your credit report every 12 months from each credit reporting company by visiting

Vishing Scam

Fraudsters targeting members through a vishing scam (phone-based phishing) are spoofing credit union phone numbers and posing as an employee in the credit union’s fraud or security department.  The fraudsters tell the members they are calling to verify suspicious debit card transactions and, to verify the member’s identity, the member’s are asked to provide the CVV2/CVC2 code and the cards’ expiration date.

Rather than provide any information, the consumer should contact their financial institution or credit card company directly to verify the validity of the message using contact information they already have in their possession (i.e. do not use contact information provided in the suspicious message).  Keep in mind that if a credit/debit card company actually calls to notify you of suspicious charges, they will not ask for personal information. Instead they will verify that they have reached the cardholder and ask for them by name. Then they may ask the cardholder to verify the last 4-digits of their Social Security number (Note: They will not ask for your entire Social Security number, account number, expiration date or PIN). They will then verify if you made that particular charge or not.

Fraud and Identity Theft

You can help protect yourself from fraud this holiday season and all year long.  Here are some simple tips to ward off both fraud and identity theft:

  1. Update your contact information.  Be sure to give HEFCU your most up-to-date info–especially your mobile phone number.  This will allow us to contact you ASAP if there’s suspicious activity.
  2. Beware of emails or texts asking for your personal information.  We will always use your name or reference your account; we will never ask for your account information, SSN, debit card PIN, or password via email or text message.
  3. Check your account frequently.  Enrolling in online banking, or downloading the FREE HEFCU mobile app, makes it easy to stay on top of your transactions.

Protecting Your Plastic from High-Tech Criminals

Please be advised that HEFCU is aware of the data breaches (i.e., Target, Home Depot, etc.) reported in the news recently.

We strongly urge our members to monitor their accounts closely on a regular basis using our online banking program (HEFCU@Home) as well as reviewing periodic account statements. If you believe there were unauthorized charges, you must notify our office no later than 60 days after that statement date on which an error for fraudulent charge appeared.

For certain merchants and locations, we may also require you to enter your Personal Identification Number (PIN) when using your HEFCU Debit Card. Should your debit card transaction be declined if you are using your signature, please try again using “debit” and key in your PIN.

One of the best ways to prevent fraud is to become an educated consumer. Below please find a list of ways to help keep you protected.

Never give out your payment card numbers in response to an unsolicited e-mail, text message or phone call, no matter who the source supposedly is. An “urgent” e-mail or phone call appearing to be from a well-known organization is likely a scam attempting to trick you into divulging your card information. It’s called “phishing,” a high-tech variation of the concept of “fishing” for account information. If they get confidential details, the criminals can use the information to make counterfeit cards and run up charges on your accounts.

Take precautions at the checkout counter, ATM and gas pump. “Be on the lookout for credit and debit card reading devices that look suspicious, such as a plastic sleeve inside a card slot,” Benardo said. “Crooks are getting very good at attaching their own devices over legitimate card readers and gathering account information from the cards that consumers swipe through those readers.”

Also be alert when you hand your payment card to an employee at a restaurant or retail establishment. For example, if he or she swipes your card through two devices instead of one, that second device could be recording your account information to make a fraudulent card. Report that situation to a manager and your card issuer.

To help combat payment card fraud, many card issuers have turned to the technology known as radio frequency identification (RFID). This uses wireless radio signals to identify people or objects from a distance. It is also being used with items such as highway toll passes, subway fare cards and pay-at-the-pump cards to add convenience and speed up many routine transactions. While some news reports indicate that payment cards with RFID chips may be more vulnerable to fraud than traditional cards with magnetic stripes on the back, Benardo said that’s not the case.

“Today an RFID card is nearly impossible to breach because the chip in it creates an encrypted signal that is extremely difficult to hack or compromise,” he said. “If you have questions or concerns about a payment card that is RFID-enabled, ask your bank about the precautions it takes to safeguard your card information.”

Closely monitor your bank statements and credit card bills. “Look at your account statements as soon as they arrive in your mailbox or electronic inbox and report a discrepancy or anything suspicious, such as an unauthorized withdrawal,” advised FDIC attorney Richard M. Schwartz. “While federal and state laws limit your losses if you’re a victim of fraud or theft, your protections may be stronger the quicker you report the problem.” These days, it’s also easy to monitor your accounts using online banking or even your mobile phone (see Using Technology to Remain Financially Fit (new window/tab)).

Also, don’t assume that a small unauthorized transaction isn’t worth reporting to your bank. Some thieves are making low-dollar withdrawals or charges in hopes those will go unnoticed by the account holders. In one recent example, a federal court temporarily halted an operation that allegedly debited hundreds of thousands of consumers’ bank accounts and billed their credit cards for more than $25 million—in small charges— without their consent.

And, contact your institution if your bank statement or credit card bill doesn’t arrive when you normally expect it because that could be a sign that an identity thief has stolen your mail and/or account information to commit fraud in your name.

Periodically review your credit reports for warning signs of fraudulent activity. Credit reports, which are prepared by companies called credit bureaus (or consumer reporting agencies), summarize a consumer’s history of paying debts and other bills. But if a credit report shows a credit card, loan or lease you never signed up for, this could indicate you are a victim of ID theft.

You are entitled to at least one free credit report every 12 months from each of the nation’s three major credit bureaus. To maximize your protection against fraud, some experts suggest spreading out your requests throughout the year, such as by getting one free report every four months instead of all three at the same time. To request your free report, go to (new window/tab) or call toll-free 1-877-322-8228.

For additional information on how to protect your credit or debit card from fraud, start with consumer information about identity theft on the Federal Trade Commission Web site at (new window/tab).