Security

Protect Yourself — Watch for Caller ID Spoofing

What Is Spoofing?

Spoofing is when a scammer deliberately falsifies the information transmitted to your caller ID display to disguise their identity. Scammers often use neighbor spoofing so it appears that an incoming call is coming from a local number, or spoof a number from a company or a government agency that you may already know and trust. If you answer, they use scam scripts to try to steal your money or valuable personal information, which can be used in fraudulent activity.

You may not be able to tell right away if an incoming call is spoofed. Be extremely careful about responding to any request for personal identifying information.

• Don't answer calls from unknown numbers. If you answer such a call, hang up immediately.
• If you answer the phone and the caller - or a recording - asks you to hit a button to stop getting the calls, you should just hang up. Scammers often use this trick to identify potential targets.
• Do not respond to any questions, especially those that can be answered with "Yes" or "No."
• Never give out personal information such as account numbers, Social Security numbers, mother's maiden names, passwords or other identifying information in response to unexpected calls or if you are at all suspicious.
• If you get an inquiry from someone who says they represent a company or a government agency, hang up and call the phone number on your account statement, in the phone book, or on the company's or government agency's website to verify the authenticity of the request. You will usually get a written statement in the mail before you get a phone call from a legitimate source, particularly if the caller is asking for a payment.
• Use caution if you are being pressured for information immediately.
• If you have a voice mail account with your phone service, be sure to set a password for it. Some voicemail services are preset to allow access if you call in from your own phone number. A hacker could spoof your home phone number and gain access to your voice mail if you do not set a password.
• Talk to your phone company about call blocking tools and check into apps that you can download to your mobile device. The FCC allows phone companies to block robocalls by default based on reasonable analytics. More information about robocall blocking is available at fcc.gov/robocalls.

Protect Yourself From Fraud

We have received reports of CommonWealth members receiving a phone call from a person claiming to be from CommonWealth's fraud department. As a reminder, don’t send money or give out personal information to anyone whether the communication comes as a text, phone call, or email. Scammers often pretend to be someone you trust, like a government official, a family member, a charity, or your financial institution. If you’re ever unsure of any communications you’ve received, or if you have any questions or concerns, please call us at (800) 564-1588.

Four Signs That It’s a Scam

• Scammers pretend to be from an organization you know — If you get an email, text message, or phone call from a company you do business with and want to check the legitimacy of the communication, contact the business using a website you know is trustworthy or look up their phone number. Don’t call a number the scammer gave you or the number from your caller ID. Never click on a link that you are unsure of. 
• Scammers say there’s a problem or a prize — Don’t give your personal or financial information in response to a request that you didn’t expect.
• Scammers pressure you to act immediately — Resist the pressure to act immediately. Legitimate businesses will give you time to make a decision. Anyone who pressures you to pay or give them your personal information is a scammer.
• Scammers tell you to pay in a specific way — Never pay someone who insists you pay with a gift card or by using a money transfer service. And never deposit a check and send money back to someone.

Here are some additional tips and resources from the Federal Trade Commission (FTC) to help protect you from fraud:

• How to Keep Your Personal Information Secure
• How to Recognize and Avoid Phishing Scams
• Hacked Email

Online Security

In addition to multifactor authentication, CommonWealth protects you with these online banking security features:

• Password Reset. Periodically change your password in the User Options section of Online Banking.
• Encryption. We scramble messages exchanged between your browser and our online banking server.
• Timeout. This prevents curious persons from continuing your online banking session if you left your computer unattended without logging out. Always sign off (log out) when you're finished banking online.
• Online Statements. Eliminating paper statements can stop thieves from stealing your information from your mailbox.
• Check Images. View an exact image of your check transactions online to help prevent fraud.
• Alerts. Using Online Banking, monitor your accounts more actively by using balance alerts to detect suspicious activity.

Mobile Security

Smart Phones are called 'smart' because they contain, or can connect you to, more data than traditional mobile devices. Unfortunately, this also means new avenues for cybercriminals to capture and exploit your personal and financial information. Following mobile security best practices can help you avoid becoming a victim of cybercrime. The following are best practices to keep your mobile devices secure:

Lock the device with a password or Personal Identification Number (PIN). While most mobile devices now contain password / PIN lock options, they are not always on by default. Also, if your device has an auto-lock timer (to place it into locked mode after a period of time), use it. Activating this security measure can help you avoid problems, in case of loss or theft of your mobile device.

Install Apps only from trusted sources. Before you install the latest apps on your mobile devices, do some research. First, ensure you shop at reputable app stores, which would be more likely to be concerned about their public image and credibility. Android users, in particular, should be cautious installing apps from ‘unknown sources’. Read user reviews and ratings to gauge the apps effectiveness at doing what it promises. Even more importantly, read the app’s privacy policy. Your personal data is in demand for both Marketers and hackers. Share only what you are comfortable sharing. For example, if the app is a game, but is requesting full access to your call logs and address book, you may want to reconsider your interest in it.

Back up your data. Data stored locally on a device can be handy, but if the device is lost or damaged, you could lose it all. The most simple solution is to back the data up to another hard drive, or to the cloud. Apple iTunes includes good options for iOS-powered devices. Other device types either have back-up utilities built in, or third parties can provide software facilitating backups.

Keep your system updated. Software updates often include security upgrades that close newly-discovered vulnerabilities. Whenever prompted, update your system. This will keep you more secure, and often improve the performance and functionality of your mobile device.

Do not hack (jail-break) your device. Hacking or ‘jail-breaking’ a device to free it from the limitations set by a provider can leave you more vulnerable to intrusion. A hacked device typically loosens controls over what kinds of apps it can run. Unfortunately, this can also make it easier to be exploited by hackers.

Remember to log out of banking and shopping sites. After banking or shopping, log yourself out instead of just closing the browser. While most sites of this type will automatically log you out after an idle period, it is a best practice to take the time to manually log out. Also, you should bank or shop with a mobile device only while on a secure Wi-Fi connection – not an open connection shared by other users, such as those found in cafes and airports.

Turn off Wi-Fi and Bluetooth services when not in use. Cybercriminals often look for unsecured devices using Wi-Fi and Bluetooth signals. One easy way to prevent this kind of intrusion is to turn off your Wi-Fi and Bluetooth transmitter. If you are away from home and do not require a data intensive connection for activities like streaming video, rely on your mobile phone data plan connection for light surfing.

Avoid sending personal information via Text or Email. A text claiming to be from your bank or an online store may not be what it appears. This is a common practice of cybercriminals. Instead of replying with any personal information, take your response offline, and contact the business directly to confirm the message’s authenticity, and answer any questions. Similarly, sending personal information via email is ill-advised, as a copy of this data would be stored in your Sent folder, and possibly placed in the wrong hands if the device is lost.

Be careful what you click. Internet best practices, whether on a mobile device or a PC, remain the same. Links and attachments in any unsolicited email should be treated as suspicious, even if the message appears to be coming from someone you know. Be especially wary of shortened URLs or QR codes, as these give no hint as to their actual destination (as the URL is hidden).

Install a Mobile Security App. Cybercriminals are relentlessly working on the creation of malware to uncover your valuable digital assets. Mobile Security software much like Anti-Virus software on your personal computer is a critical component in your defense against becoming a victim.

Making Mobile Payments? Protect Yourself From Scams

Using mobile payment apps like CashApp, Venmo, or Zelle can be a convenient way to get quick cash to your family and friends. But remember the first rule of sending money, whether you’re using an app or money wiring service: Be sure you know who’s on the receiving end. Otherwise, you might lose the money you sent — and then some.

For more information from the Federal Trade Commission, Click Here.

Identity theft is today's number one crime-and technology just expands the criminal opportunities. Protecting your identity and financial assets from identity thieves and cyber-criminals requires consistency and discipline. These basic guidelines will go a long way toward protecting your identity.

• Be very discerning when revealing any personal financial information, especially your social security number (SSN). Know who you are communicating with. You are only required to provide your SSN for income tax records, medical records, college records, loan applications, and vehicle registration.
• If your bank or the IRS is contacting you, they should already have your social security or account number.
• Don't carry your social security card in your wallet.
• Most ID theft uses information obtained via the trash or your mailbox. If you have a street-side mailbox, consider sending your bills and statements to a P.O. Box.
• Keep items with personal information in a safe place. Shred anything you don't need, such as bank statements and paycheck stubs (yearly), checking/share draft copies and credit card receipts (every 45 days), insurance forms, and credit card solicitations (immediately).
• Order a free copy of your credit report from each credit reporting agency every year. Verify the accuracy of your credit report and any credit activity.

Phishing scams continue to fill the headlines these days. Phishers use spam (unwanted e-mail) to lure people to bogus Web sites to obtain personal information and commit identity theft. Be advised: Phishing scams and their Web sites often appear authentic or from a trusted source, using a company's proper logo, colors, and design elements. Use these measures to avoid being hooked by a phisher:

• Install and use a firewall, antivirus software and anti-spyware programs on your computer.
• Delete emails requesting personal information. Note: CommonWealth will never send you an email requesting personal information.
• Don't visit a Web site listed in an unsolicited email if you have any suspicion about its authenticity. And never use a link within an email to visit a Web site-instead, open a new browser and type in the URL.
• Change your online banking and shopping account passwords every three to six months.
• Only enter credit card or account information via a secure Web site -- one that begins with "https" in the URL and has a padlock icon on the browser frame (click on the browser frame to view the security certificate).

If you have online access, monitor your accounts frequently.

Many seniors are trusting to a fault, and most aren't aware of the sophisticated scams and technologies used by today's criminals. Those who perpetrate crimes against the elderly include both family members and predatory individuals. At-risk adults are vulnerable to illegal or unethical exploitation targeting funds, property, or other assets. Financial exploitation typically involves one of the following:

• Theft of Income. Typically involving less than $1,000 per transaction, this is the most common form of financial exploitation and fraud.
• Theft of Assets. This type of fraud is typically more extensive, and often involves abuse associated with Powers of Attorney, real estate transactions, identity theft, or tax manipulation.

Watch for these red flags:

• A signature that seems forged, unusual, or suspicious.
• Out-of-sync check numbers.
• Allegations of "missing funds" from a vulnerable adult's account.
• A vulnerable adult who fails to understand recently completed transactions or the repercussions of his or her actions.
• Credit union or credit card statements sent to an address other than the vulnerable adult's home.
• Unusual cash withdrawals from a checking account in a short period of time.
• Abrupt increase in credit card activity or a sudden flurry of "bounced" checks.
• ATM activity in the vulnerable adult's account, even though he or she is physically unable to leave home.
• Abrupt and unexplained change in a financial Power of Attorney, new names added to signature cards, or a new joint account.
• Sudden appearance of previously uninvolved relatives claiming their rights to a vulnerable adult's affairs and possessions.
• A caregiver who appears to be getting paid too much or too often.
• Change in the vulnerable adult's appearance (disheveled hair or clothes, or a lack of hygiene).

Report abuse immediately:

The Santa Clara County Department of Aging and Adult Services (DAAS) has formed the Financial Abuse Specialist Team (FAST) to intervene quickly in incidences of financial abuse. To report abuse and/or neglect, or discuss your concerns, call: (408) 975-4900 or (800) 414-2002.

If you think your identity or any of your accounts have been compromised, there's plenty you can do. However, it's critical that you act immediately!

• Lost your CommonWealth Visa credit or debit card? Call (800) 564-1588, option 6--24 hours a day, 7 days a week--to report your lost or stolen Visa credit or debit card. You will automatically be redirected to our card service provider so that a representative can block your card immediately. You can also call our card service provider directly by dialing (800) 682-6075.
• Notice suspicious charges or unusual activity on your CommonWealth Visa credit or debit card? Please contact us at (800) 564-1588, option 0. Should you reach us outside of our regular business hours of Monday - Thursday, 9:00 am - 5:00 pm and Friday, 9:00 am - 6:00 pm, our after hours call center will make note of your contact information and forward it to us on the next business day. One of our Member Service Representatives will then contact you.
• Notice unusual activity on your CommonWealth checking or share accounts? Please visit your nearest branch or contact us at (800) 564-1588, option 0. Should you reach us outside of our regular business hours of Monday - Thursday, 9:00 am - 5:00 pm and Friday, 9:00 am - 6:00 pm, our after hours call center will make note of your contact information and forward it to us on the next business day. One of our Member Service Representatives will then contact you.
• Free Credit Reports. You're entitled to one free credit report from each reporting agency every year. To request a copy, call (877) 322-8228, visit annualcreditreport.com., or contact these credit bureaus directly:

• ID Theft Center. Think your identity has been compromised? If so, visit idtheftcenter.org immediately to learn more about the next steps you should take.
• Social Security Statement. If it appears someone is using your SSN, call the Social Security Administration at (800) 772-1213 to check your Social Security Statement.
• FTC. The Federal Trade Commission provides a national resource for ID theft.
• FTC Brochure. Get a free copy of Take Charge: Fighting Back Against Identity Theft.