Free ATM and Branch Locations
ZIP CODE
DISTANCE
MORE SEARCH OPTIONS

Email and Websites

Protecting yourself from suspicious email, website's and phone calls

Fraudulent emails and hoax website activity is on the rise. Recently there have been an increasing number of attempts on the Internet to trick people into revealing sensitive and private information about themselves to con artists who use that information to defraud them.

New terms like Vishing, Phishing, Pharming and Spyware have surfaced. To find out more about these new types of Internet threats, review the information below. We have also provided tips on how to protect yourself and your computer.

What is Vishing?

A new scam leaving consumers pockets book empty. It's called "vishing," and it's similar to "phishing" scams that rely on email to steal consumer identities. Vishing uses Internet telephone calls.

Wary consumers now know better than to click on e-mail links from unknown senders, so "vishers" have dropped links in favor of phone numbers. Using spoofed e-mail headers and camouflaged Caller ID information to make requests appear legitimate, con artists have managed to fool customers of banks, credit unions, as well other online payment services.

Victims report receiving either an e-mail that appeared to originate from their institution, or a phone call claiming that their account had experienced fraudulent activity and required immediate attention. When consumers called the supplied number, an automated system, much like legitimate customer service systems, instructed the unsuspecting victims to enter their account number in order to be connected to a customer service representative.

What sets vishing apart from run-of-the-mill phishing is its reliance on voip and computers to execute the attacks. War dialers, which sequentially call numbers in a given region, are used to pull in the maximum number of potential victim in a selected area. Virtual numbers and the ability to select both area code and prefix allow criminals to come up with phone numbers that are very close to the real ones. Voip is also a much less expensive platform from which to launch these attacks.

What is Phishing?

Phishing is a term coined by Internet hackers who use email lures to ‘fish’ passwords and financial data from the sea of Internet users. Email httpmessages designed to look like they came from a merchant or financial institution are mailed to Internet users. The emails direct the recipient to update or provide information back to the company’s web site by instructing the user to click on a URL embedded within the email. The embedded URL links the user to a counterfeit web site designed to look like the company’s legitimate web site. Passwords and other personal information are then solicited and collected by the web site and used by the scammer to defraud the user.

To date, large financial institutions, Internet service providers and Internet based auction services have been the primary targets of these phishing scams. This does not mean that other businesses will not be targeted. Click here  to view current scams that are presently circulating.

What is Pharming?

Pharming (pronounced farming) is a technique used by unsavory individuals and companies to obtain important personal and financial information without your knowledge. It is similar to Phishing, except the information is collected without you needing to click a link in an email.

Pharmers have two main ways of operating: directly on users' computers or on domain name servers that resolve Web site addresses for users. Similar to phishing, Pharmers send e-mails to users requesting that account information needs to be updated. The difference from phishing is that the email contains a virus that installs small software programs on users' computers. When a user tries to go to the real Web site, the program redirects the browser to the pharmer's fake site. It then asks a user to update information such as logons, PIN codes or other sensitive information. Savvy users that do not click on the links in the email are still subject to this attack because it uses a virus to direct the browser to the scammers website.

The pharmers' second method takes advantage of the fact that Web sites have alphanumeric names but reside at numeric addresses on the Internet. When users type a Web site's name into their browsers, Domain Name System, or DNS, servers read the name, look up its numeric address and take users to the site. Pharmers interfere with that process by changing the real site's numeric address to the fake site's numeric address within the DNS server.

What do I do if I think that I have been Vished

If you are contacted by a company you do business with and are asked for your personal information, thank them for alerting you to the problem, hang up immediately, and then call the customer service number listed on the back of your credit card or on other verifiably genuine correspondence. If there is an actual problem, it can then easily be resolved, however if you were targeted in a vishing attempt, your information will stay secure and the institution being spoofed will now be aware that their customers are being scammed.

How to Avoid Pharming

The virus-based method of pharming is stopped by maintaining up-to-date antivirus, anti-spyware and firewall software on your computer. This will greatly reduce the possibility that a virus will redirect you to the malicious web site.

Additionally, be careful when entering sensitive information on a website. Look for the lock or key icon at the bottom of the browser. If the site has changed since your last visit, be suspicious. When in doubt, do not use the website or call the company.Practically all major ISPs and financial institutions, Digital Insight included (Centris web host), are actively safeguarded against pharming attacks.

What is Spyware?

Wondering where all those pop up windows are coming from on your computer or why your machine is running so slow? There is a good chance that your computer may be affected with spyware. Spyware can be described as any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes.

Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.

You can protect yourself from spyware by following the simple steps below.

How can I protect myself from spyware?

  • Install anti-spyware software
  • Install firewall software protection
  • Be cautious when loading freeware/shareware software programs

How can I protect myself from email fraud?

  • If you don't recognize the sender of the email, delete it. Do not open it.
  • Be suspicious of any emails that ask for personal information, PIN numbers, Social Security number or drivers license number. Never give your password or PIN to anyone, regardless of how legitimate the email appears. Centris does not ask for this type of information via an email.
  • Be cautious when clicking on a link in an email that you received. It may be fraudulent, even though the URL may be identical to the companies actual website. To check the URL, open a new browser window and type the URL in that was provided in the email.
  • Use virus protection software and keep the virus list current.
  • Keep your computer operating system and browser versions up-to-date.
  • Do not send confidential information via unsecured email. If you need to contact us with this type of information either call or stop in one our branches.

How can I can protect myself from fake websites?

  • Avoid clicking on links from unknown emails. Open up a browser window and type in the address.
  • Save or "Bookmark" frequently visited pages, then access these pages through your "Favorites".
  • Inspect the website's URL carefully for the presence of @ symbol in the website address. For example centris@centrisfcu.org would be a fraudulent website address. The correct address is www.centrisfcu.org.
  • Be suspicious of web sites that use an IP address (i.e. 193.67.45.244) instead of a domain name. (i.e. centrisfcu.org)
  • Keep virus protection up to date
  • Run adware removal software on your computer

For additional information on:
Who to contact if this happens to you
Identity theft