Skip to main content

Identity Theft & Fraud

Fraud Awareness and Prevention

Additional Fraud Awareness

Or call 1-866-SMART68 (866-762-7868)

NuVista Federal Credit Union reminds you to never, under any circumstances, supply your name, account number, social security number, or password to anyone via email.  The information outlined on this page will be beneficial to help prevent you from becoming a victim of fraud.

NuVista Federal Credit Union wants to encourage all members to follow safe online practices. There are many scams designed to steal your identity and your money. Financial Institutions will never send you directly to an application form, web page, or telephone number asking for your personal account data, including credit card and PIN information.

As a safe practice, when you have requested a secure page within a website, please be sure to check the URL or web address to ensure it matches the official domain name of that organization. For easy verification, most browsers will show a lock symbol indicating a secure site.

We have collected some very valuable information for you to learn how to protect yourself from fraud and identity theft. If you ever become concerned about the safety and security of your accounts or personal identification information, be sure to contact us immediately at (970) 249-8813 or (888) 261-7488.

Strategies for Mitigating Risk

  • Do not respond to or open attachments or click on links in unsolicited email.
  • Use strong passwords for online banking.
  • Disable autoplay to prevent the launching of executable files.
  • Disable file sharing if it is not needed.
  • Install security updates to operating systems and all applications as they become available.
  • Do not use computers accessible to the public to conduct transactions online.

"Free Government Grants" — Beware of Fraudulent Offers

Have you received a letter or seen an ad announcing that you may qualify for a “free grant” to pay for education costs, home repairs, home business expenses, or unpaid bills? Or a phone call from someone who says they are from a “government agency” to offer you the opportunity to apply for a guaranteed grant that you will never have to pay back?

Although they may appear to be legitimate, the Federal Trade Commission (FTC) says that “money for nothing” grant offers are usually scams.

Some scam artists advertise “free grants” in the classifieds, inviting readers to call a toll-free number for more information. Others may call you out of the blue, claiming legitimacy using an official-sounding name like the “Federal Grants Administration.” They may ask you some basic questions to determine if you “qualify” to receive a grant, or congratulate you on your eligibility, then ask for your checking account information so they can “deposit your grant directly into your account,” or cover a one-time “processing fee.” The caller may even reassure you that you can get a refund if you’re not satisfied.

In fact, you’ll never see the grant they promise; they will disappear with your money.

To avoid losing money to these “government grant” scams, the FTC recommends that consumers follow these rules:

  • Don’t give out your bank account information to anyone you don’t know. Scammers pressure people to divulge their bank account information so that they can steal the money in the account. Always keep your bank account information confidential. Don’t share it unless you are familiar with the company and know why the information is necessary.
  • Don’t pay any money for a “free” government grant. If you have to pay money to claim a “free” government grant, it isn’t really free. A real government agency won’t ask you to pay a processing fee for a grant that you have already been awarded — or to pay for a list of grant-making institutions. The names of agencies and foundations that award grants are available for free at any public library or on the Internet. The only official access point for all federal grant-making agencies is www.grants.gov.
  • Look-alikes are not the real thing. Just because the caller says he’s from the “Federal Grants Administration” doesn’t mean that he is. There is no such government agency. Take a moment to check the blue pages in your telephone directory or search the Internet to find out if the agency exists – or not.
  • Phone numbers can be deceiving. Some con artists use Internet technology to disguise their area code in caller ID systems. Although it may look like they’re calling from Washington, DC, they could be calling from anywhere in the world.
  • Take control of the calls you receive. If you want to reduce the number of telemarketing calls you receive, place your telephone number on the National Do Not Call Registry. To register online, visit www.donotcall.gov. To register by phone, call 1-888-382-1222 (TTY: 1-866-290-4236) from the phone number you wish to register.
  • File a complaint with the FTC. If you think you may have been a victim of a government grant scam, file a complaint with the FTC Online at www.ftc.gov, or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them.

"Phishing" — How Not to Get Hooked

Internet scammers casting about for people’s financial information have a new way to lure unsuspecting victims: they go “phishing.”

Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with – for example, your internet service provider (ISP), credit union, online payment service, or even a government agency. The message usually says that you need to “update” or “validate” your account information. It might threaten some dire consequences if you don’t respond. The message directs you to a website that looks just like a legitimate organization’s site, but it isn’t. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

The FTC, the nation’s consumer protection agency, suggests these tips to help you avoid getting hooked by a phishing scam:

  • Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited e-mails from apparent federal banking agencies. Instead, bookmark or type the agency's Web address.
  • Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software applications security patches are installed.
  • Do not open unsolicited or unexpected e-mail attachments because of the risk of malicious code or software in the attachments. Instead, call the agency using a known and appropriate telephone number to verify the legitimacy of the message and attached file.
  • Be alert to different variations of the fraudulent e-mails.
  • If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct web address. In any case, don’t cut and paste the link in the message.
  • Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have even forged security icons.
  • Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your financial institution or credit card company to confirm your billing address and account balances.
  • Use anti-virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting these unwanted files.
  • Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.

You can report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to spam@uce.gov. If you believe you’ve been scammed, file your complaint at www.ftc.gov, and then visit the FTC’s Identity Theft web site at www.consumer.gov/idtheft to learn how to minimize your risk of damage from ID theft. If you have given away personal or financial information, take steps to protect your identity now at http://www.antiphishing.org or call 877.ID.THEFT (877.438.4338).

"Smishing" — Beware of this New Scam Using Text Messaging

"Smishing," which is phishing using SMS messaging, sends a text message to your cell phone urging you to go to a spoofed website where you are prompted to provide your account information such as PINs or passwords. Numerous credit unions across the country have been targets, and some smishing attempts include a phone number to call where you are asked to reveal personal information to an automated system.

If you are “smished,” it is important that you never reply to requests for personal information. Always call NuVista Credit Union if you are concerned about the legitimacy of a text, phone or email message you receive. Suspicious activity should also be reported to the FTC. If you have been scammed, you may file a complaint at www.ftc.gov, and then visit the FTC’s Identity Theft web site at www.consumer.gov/idtheft to learn how you can minimize risk of damage from ID theft. If you have inadvertently given away personal or financial information, you may take steps to protect your identity now at http://www.antiphishing.org or call 877.ID.THEFT (877.438.4338).

"Vishing" Scams Use Phones Instead of Fake Websites

In a new twist, identity thieves are sending spam that warns victims that their credit union, bank account or PayPal accounts were supposedly compromised. However, unlike typical phishing emails, there is no website address in these phishing messages. Instead, the victim is urged to call a phone number to verify account details.

The automated voice message says: "Welcome to account verification. Please type your 16-digit card number." The goal is to get the victim to enter their credit card number. In these reported scams, no mention of the credit union, bank or PayPal is made.

Security experts tracking this scam and other instances of "vishing", short for "voice phishing", say the frauds are particularly despicable because they imitate the legitimate ways people interact with financial institutions. In fact, some vishing attacks don't begin with an e-mail. Some come as calls out of the blue, in which the caller already knows the recipient's credit card number. This increases the perception of legitimacy, the caller asks for the valuable three-digit security code on the back of the card.

Vishing appears to be prospering with the help of Voice over Internet Protocol, or VoIP, the technology that enables cheap and anonymous Internet calling, as well as the ease with which caller ID boxes can be tricked into displaying erroneous information.

Be aware of “Phishing” and "Vishing"

  • Never call a number you receive from a spam email, and certainly don't enter in any private information if you make a mistake and do call. If you want to call your financial institution, use the normal phone number you regularly use, not the phone number you get in an e-mail.
  • NuVista Federal Credit Union and other legitimate financial institution e-mail messages will not directly link you to an online application.
  • Never click on the link provided in an e-mail you believe is fraudulent.
  • Do not open an attachment to an unsolicited e-mail unless you have verified the source.
  • Do not be intimidated by an e-mail or caller who suggest dire consequences if you do not immediately provide or verify information.
  • If you believe the contact is legitimate, go to the company’s website by typing in the site address directly or using a page you have previously book marked, instead of a link provided in the e-mail.
  • Visit the FTC (Federal Trade Commission) website, www.onguardonline.gov. You can take interactive quizzes designed to enlighten them about identity theft, phishing, spam and online-shopping scams. Elsewhere on the site, you can also find detailed guidance on how to monitor your credit history, use effective passwords and recover from identity theft.

Call 877.ID.THEFT (877.438.4338).

10 Tips for Safe ATM Use

Tip 1 - Where possible, use ATMs with which you are most familiar. Alternatively, choose well-lit, well-placed ATMs where you feel comfortable.

Tip 2 - Avoid opening your purse, bag or wallet while in the queue for the ATM. Have your card ready in your hand before you approach the ATM.

Tip 3 - Be especially cautious when strangers offer to help you at an ATM, even if your card is stuck or you are experiencing difficulty with the transaction. You should not allow anyone to distract you while you are at the ATM.

Tip 4 - Stand close to the ATM and shield the keypad with your hand when keying in your PIN.

Tip 5 - Keep your printed transaction record so that you can compare your ATM receipts to your monthly statement.

Tip 6 - Don't be in a hurry during the transaction, and carefully secure your card and cash in your wallet, handbag or pocket before leaving the ATM.

Tip 7 - Memorize your PIN (if you must write it down, do so in a disguised manner and never carry it with your card).

Tip 8 - Never disclose your PIN to anyone.

Tip 9 - Do not use an obvious and guessable number (like your date of birth) for your PIN. It’s also important to change your PIN periodically, and if you think it may have been compromised, change it immediately.

Tip 10 - Regularly check your account balance and statements and report any discrepancies to your bank immediately.

You can take steps to protect your identity now at http://www.antiphishing.org or call 877.ID.THEFT (877.438.4338).

*Please note that you should show the same precautionary care when using your card(s) at a POS (point of sale) pinpad terminal in a retail environment or at a restaurant or when conducting transactions online, telephonically or when writing checks.

Use a dedicated (hardened) computer specifically for conducting online financial transactions. Protect the computer with a firewall and antivirus software. The computer should not be used to check email or for general Internet usage other than to conduct financial transactions. Use a bootable read-only operating system to conduct financial transactions online. The operating system is written to a read-only USB flash drive. The bootable system would be configured with only the services and applications needed to perform financial transactions. When the user needs to access the online banking system to initiate electronic funds transfers, they would boot the read-only USB flash drive on their existing computer, or the dedicated computer established for this purpose. Any malware that exists on the computer would not impact the user using the bootable flash drive. Some vendors offer software programs providing on-demand desktop and session protection tools that safeguard the user's session by creating a virtual locked environment that will not allow malware or viruses to touch the session, even if the computer is infected with malware. This is similar to using a bootable operating system on a flash drive. Additional risk mitigation strategies to share with business members include the following: Install real-time antivirus protection and allow for automatic updates and scanning. Utilize a desktop firewall.

Contact NuVista with more questions (970) 249-8813