Security

  • Current Security Alerts

    June 6, 2018

    Tech Support Scam

    Hey computer users, it’s time for a pop quiz.

    A) You get an urgent call or email from a tech support company, saying your computer has a problem. Should you give the company remote access to your computer to make repairs?

    B) A warning announcing “suspicious activity” or “security threat detected” appears on your computer screen. Should you call the number shown on the screen to talk to a technician?

    C) One of these tech support companies asks you to pay for its services, maybe by using a gift card (like from iTunes or Amazon) or wire transfer. Should you?

    The answer to all of these questions is No.

    For more information from the Federal Trade Commission, Click Here.

    May 31, 2018

    Gift Card Scam

    Has someone asked you to go get a gift card to pay for something? Lots of people have told us they’ve been asked to pay with gift cards – by a caller claiming to be with the IRS, or tech support, or a so-called family member in need. If you’ve gotten a call like this, you know that the caller will then demand the gift card numbers and PIN. And, poof, your money is gone. For more information from The Federal Trade Commission, Click Here. 

    March 6, 2018

    Tax Scams Alert 

    The Internal Revenue Service (IRS) warned taxpayers of a quickly growing scam involving erroneous tax refunds being deposited into their bank accounts. The IRS also offered a step-by-step explanation for how to return the funds and avoid being scammed. For more information from the IRS, Click Here.

    September 8, 2017

    The Equifax Data Breach

    Equifax Inc announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Here at CommonWealth, we typically use Experian for our member credit reports. However, it is still important for you to check your credit reports regularly and monitor your credit card and bank accounts closely for charges you don’t recognize. For more information and additional resources, Click Here.

    August 18, 2017

    Scams Affect All Of Us

    How many of us get scam calls? Maybe it’s someone saying they’re the IRS. Or a debt collector. Or tech support. Or a so-called friend in so-called trouble. And they want you to send money. Sound familiar? All of us are targeted for scams. Every one of us. Which is why the FTC created this video to make exactly that point – fraud really does affect all of us, in every community. And we all can do something about it.

    April 13, 2017

    Telephone Phishing Scam

    Please be aware of a recently reported telephone phishing scam in which consumers are receiving calls telling them they have been approved for Visa with CommonWealth and asking them for personal information such as their driver's license and social security number. Do not provide this or any other information to the caller. These phone calls are not coming from CommonWealth. Please visit the NCUA's Fraud Prevention Center for tips on how to protect yourself from scams like this.

    Tips To Reduce Your Risk

    • Secure home computers and mobile devices: Members should ensure their home computers are secured with a firewall and antivirus software before performing any online transactions. Operating system patches should be downloaded when made available by software vendors. Members should also protect mobile devices (mobile phones, tablets, etc.) used to conduct online transactions by installing antivirus software.
    • Monitor accounts: Members should periodically monitor their deposit and credit card accounts to identify any unauthorized transactions. Members should be instructed to immediately report unauthorized transactions to the credit union.
    • Click here for additional information about Phishing from the Federal Trade Commission or to report a scam.
  • Online Security Features

    Online Security

    In addition to multifactor authentication, CommonWealth protects you with these online banking security features:

    • Password Reset. Periodically change your password in the User Options section of Online Banking.
    • Encryption. We scramble messages exchanged between your browser and our online banking server.
    • Timeout. This prevents curious persons from continuing your online banking session if you left your computer unattended without logging out. Always sign off (log out) when you're finished banking online.
    • Online Statements. Eliminating paper statements can stop thieves from stealing your information from your mailbox.
    • Check Images. View an exact image of your check transactions online to help prevent fraud.
    • Alerts. Using Online Banking, monitor your accounts more actively by using balance alerts to detect suspicious activity.
  • Mobile Security

    Mobile Security

    Smart Phones are called 'smart' because they contain, or can connect you to, more data than traditional mobile devices. Unfortunately, this also means new avenues for cybercriminals to capture and exploit your personal and financial information. Following mobile security best practices can help you avoid becoming a victim of cybercrime. The following are best practices to keep your mobile devices secure:

    Lock the device with a password or Personal Identification Number (PIN). While most mobile devices now contain password / PIN lock options, they are not always on by default. Also, if your device has an auto-lock timer (to place it into locked mode after a period of time), use it. Activating this security measure can help you avoid problems, in case of loss or theft of your mobile device.

    Install Apps only from trusted sources. Before you install the latest apps on your mobile devices, do some research. First, ensure you shop at reputable app stores, which would be more likely to be concerned about their public image and credibility. Android users, in particular, should be cautious installing apps from ‘unknown sources’. Read user reviews and ratings to gauge the apps effectiveness at doing what it promises. Even more importantly, read the app’s privacy policy. Your personal data is in demand for both Marketers and hackers. Share only what you are comfortable sharing. For example, if the app is a game, but is requesting full access to your call logs and address book, you may want to reconsider your interest in it.

    Back up your data. Data stored locally on a device can be handy, but if the device is lost or damaged, you could lose it all. The most simple solution is to back the data up to another hard drive, or to the cloud. Apple iTunes includes good options for iOS-powered devices. Other device types either have back-up utilities built in, or third parties can provide software facilitating backups.

    Keep your system updated. Software updates often include security upgrades that close newly-discovered vulnerabilities. Whenever prompted, update your system. This will keep you more secure, and often improve the performance and functionality of your mobile device.

    Do not hack (jail-break) your device. Hacking or ‘jail-breaking’ a device to free it from the limitations set by a provider can leave you more vulnerable to intrusion. A hacked device typically loosens controls over what kinds of apps it can run. Unfortunately, this can also make it easier to be exploited by hackers.

    Remember to log out of banking and shopping sites. After banking or shopping, log yourself out instead of just closing the browser. While most sites of this type will automatically log you out after an idle period, it is a best practice to take the time to manually log out. Also, you should bank or shop with a mobile device only while on a secure Wi-Fi connection – not an open connection shared by other users, such as those found in cafes and airports.

    Turn off Wi-Fi and Bluetooth services when not in use. Cybercriminals often look for unsecured devices using Wi-Fi and Bluetooth signals. One easy way to prevent this kind of intrusion is to turn off your Wi-Fi and Bluetooth transmitter. If you are away from home and do not require a data intensive connection for activities like streaming video, rely on your mobile phone data plan connection for light surfing.

    Avoid sending personal information via Text or Email. A text claiming to be from your bank or an online store may not be what it appears. This is a common practice of cybercriminals. Instead of replying with any personal information, take your response offline, and contact the business directly to confirm the message’s authenticity, and answer any questions. Similarly, sending personal information via email is ill-advised, as a copy of this data would be stored in your Sent folder, and possibly placed in the wrong hands if the device is lost.

    Be careful what you click. Internet best practices, whether on a mobile device or a PC, remain the same. Links and attachments in any unsolicited email should be treated as suspicious, even if the message appears to be coming from someone you know. Be especially wary of shortened URLs or QR codes, as these give no hint as to their actual destination (as the URL is hidden).

    Install a Mobile Security App. Cybercriminals are relentlessly working on the creation of malware to uncover your valuable digital assets. Mobile Security software much like Anti-Virus software on your personal computer is a critical component in your defense against becoming a victim.

  • Identity Theft

    Identity theft is today's number one crime-and technology just expands the criminal opportunities. Protecting your identity and financial assets from identity thieves and cyber-criminals requires consistency and discipline. These basic guidelines will go a long way toward protecting your identity.

    • Be very discerning when revealing any personal financial information, especially your social security number (SSN). Know who you are communicating with. You are only required to provide your SSN for income tax records, medical records, college records, loan applications, and vehicle registration.
    • If your bank or the IRS is contacting you, they should already have your social security or account number.
    • Don't carry your social security card in your wallet.
    • Most ID theft uses information obtained via the trash or your mailbox. If you have a street-side mailbox, consider sending your bills and statements to a P.O. Box.
    • Keep items with personal information in a safe place. Shred anything you don't need, such as bank statements and paycheck stubs (yearly), checking/share draft copies and credit card receipts (every 45 days), insurance forms, and credit card solicitations (immediately).
    • Order a free copy of your credit report from each credit reporting agency every year. Verify the accuracy of your credit report and any credit activity.
  • Phishing

    Phishing scams continue to fill the headlines these days. Phishers use spam (unwanted e-mail) to lure people to bogus Web sites to obtain personal information and commit identity theft. Be advised: Phishing scams and their Web sites often appear authentic or from a trusted source, using a company's proper logo, colors, and design elements. Use these measures to avoid being hooked by a phisher:

    • Install and use a firewall, antivirus software and anti-spyware programs on your computer.
    • Delete emails requesting personal information. Note: CommonWealth will never send you an email requesting personal information.
    • Don't visit a Web site listed in an unsolicited email if you have any suspicion about its authenticity. And never use a link within an email to visit a Web site-instead, open a new browser and type in the URL.
    • Change your online banking and shopping account passwords every three to six months.
    • Only enter credit card or account information via a secure Web site -- one that begins with "https" in the URL and has a padlock icon on the browser frame (click on the browser frame to view the security certificate).

    If you have online access, monitor your accounts frequently.

  • Elder Abuse

    Many seniors are trusting to a fault, and most aren't aware of the sophisticated scams and technologies used by today's criminals. Those who perpetrate crimes against the elderly include both family members and predatory individuals. At-risk adults are vulnerable to illegal or unethical exploitation targeting funds, property, or other assets. Financial exploitation typically involves one of the following:

    • Theft of Income. Typically involving less than $1,000 per transaction, this is the most common form of financial exploitation and fraud.
    • Theft of Assets. This type of fraud is typically more extensive, and often involves abuse associated with Powers of Attorney, real estate transactions, identity theft, or tax manipulation.

    Watch for these red flags:

    • A signature that seems forged, unusual, or suspicious.
    • Out-of-sync check numbers.
    • Allegations of "missing funds" from a vulnerable adult's account.
    • A vulnerable adult who fails to understand recently completed transactions or the repercussions of his or her actions.
    • Credit union or credit card statements sent to an address other than the vulnerable adult's home.
    • Unusual cash withdrawals from a checking account in a short period of time.
    • Abrupt increase in credit card activity or a sudden flurry of "bounced" checks.
    • ATM activity in the vulnerable adult's account, even though he or she is physically unable to leave home.
    • Abrupt and unexplained change in a financial Power of Attorney, new names added to signature cards, or a new joint account.
    • Sudden appearance of previously uninvolved relatives claiming their rights to a vulnerable adult's affairs and possessions.
    • A caregiver who appears to be getting paid too much or too often.
    • Change in the vulnerable adult's appearance (disheveled hair or clothes, or a lack of hygiene).

    Report abuse immediately:

    The Santa Clara County Department of Aging and Adult Services (DAAS) has formed the Financial Abuse Specialist Team (FAST) to intervene quickly in incidences of financial abuse. To report abuse and/or neglect, or discuss your concerns, call: (408) 975-4900 or (800) 414-2002.

  • Security Resources

    If you think your identity or any of your accounts have been compromised, there's plenty you can do. However, it's critical that you act immediately!

    • Lost your CommonWealth Visa credit or debit card? Call (800) 564-1588, option 6--24 hours a day, 7 days a week--to report your lost or stolen Visa credit or debit card. You will automatically be redirected to our card service provider so that a representative can block your card immediately. You can also call our card service provider directly by dialing (800) 682-6075.
    • Notice suspicious charges or unusual activity on your CommonWealth Visa credit or debit card? Please contact us at (800) 564-1588, option 0. Should you reach us outside of our regular business hours of Monday - Thursday, 9:00 am - 5:00 pm and Friday, 9:00 am - 6:00 pm, our after hours call center will make note of your contact information and forward it to us on the next business day. One of our Member Service Representatives will then contact you.
    • Notice unusual activity on your CommonWealth checking or share accounts? Please visit your nearest branch or contact us at (800) 564-1588, option 0. Should you reach us outside of our regular business hours of Monday - Thursday, 9:00 am - 5:00 pm and Friday, 9:00 am - 6:00 pm, our after hours call center will make note of your contact information and forward it to us on the next business day. One of our Member Service Representatives will then contact you.
    • Free Credit Reports. You're entitled to one free credit report from each reporting agency every year. To request a copy, call (877) 322-8228, visit annualcreditreport.com., or contact these credit bureaus directly:
      Credit Reports Fraud Unit

    Experian:

    (888) 397-3742

    (888) 397-3742

    Equifax:

    (800) 685-1111

    (800) 525-6285

    TransUnion:

    (800) 888-4213

    (800) 680-7289