Welcome to Our Security Center

Fraud prevention button, concept about cyber-security, credit card and identity protection against cyber-attack and online thievesSecurity Alert April 14, 2020! – We were made aware of a “spoofing” scam where calls appear to be coming from Sierra Central Credit Union and the fraudsters are requesting your account and/or credit card information.  This is a “spoofing ” scam and scammers are trying to get your personal and financial information.  Sierra Central would not call requesting you to provide this information.  Please be aware, this is a scam.

These types of scams are happening all over the country, and Sierra Central would like to provide some tips to help protect your accounts and identity from potential theft:


• Texts and calls can be “spoofed” to make the phone number look like it’s coming from a trusted source
• Do not respond to text messages you were not expecting
• Do not give out personal identifying information like full card numbers, full social security numbers or account login credentials
• Rather, call us directly to ensure you’re speaking with a true credit union representative first
• They can verify if the call or text you received is in fact legitimate

Our Members could receive a phone call letting you know that there appears to be fraudulent activity on your account, and these individuals on the other end of the line are there to assist and will NOT ask you to provide your credit card number, account numbers, social security numbers, or any other personal identifying information.  They will ask you to verify your most recent transactions.

At this unprecedented time, fraudsters are hard at work! However, it’s always a good idea to keep a close eye on your financial transactions, history and balances.

Here at Sierra Central, we value the security and privacy of your personal information. Our security center provides you with information to help you avoid identity theft and fraud. It is important to monitor your transactions history and credit card statements for evidence of unauthorized transactions. If you identify suspicious charges, please don’t hesitate to contact us at 1-800-222-7228 and speak to a Member Services Representative.

Here in our Security Center we will post up-to-date information regarding recent scams and security alerts, as well as provide you with helpful tools and resources to assist you with protecting yourself from online fraud, protecting your money and your identity.


Security Alerts!

April 21, 2020-Fraudulent Treasury Checks on the Horizon?

Stimulus payments from the Internal Revenue Service (IRS) are expected via direct deposit; however, individuals without direct deposit information on file with the IRS will receive payments via Treasury checks. The IRS plans to issue approximately 100 million paper checks at the rate of 5 million per week. Fraudsters may steal issued Treasury checks and/or manufacture counterfeit Treasury checks.

If you recieve a Treasury check in the mail, be sure that the check is authentic prior to attempting to deposit or cash. Click HERE for the security features of genuine U.S. Treasury Checks.


The IRS will not ask that you pay a fee or confirm personal information before issuing an economic impact payment. IT IS A SCAM.

April 15, 2020-

The Internal Revenue Service (IRS) has begun to distribute COVID-19 Economic Impact Payments. For most Americans, this will be a direct deposit into your bank/credit union account. For those unbanked, elderly or those who receive tax refunds via paper check, their Economic Impact Payments will be mailed as a paper check.

Criminals and scammers are using this opportunity to take advantage of the American public.

  • Scammers may try to get you sign over your check to them.
  • Scammers may use this as an opportunity to get you to “verify” your filing information in order to direct your money to them, using your personal info to file false tax returns in an identity theft scheme.

Between these two schemes, everyone receiving an economic payment is at risk.

Top Line Messages from the IRS

  • The IRS will deposit your economic impact payment into the direct deposit account you previously provided on your tax return or will send you a paper check if no account has been used in the past. The IRS will not call and ask you to verify your payment details. DO NOT give your your back account, debit account, or PayPal account information – even if someone claims it is necessary to get your economic impact payment. Beware of this scam!
  • If you receive a call, DO NOT engage with scammers or thieves. Just hang up. If you receive texts or emails claiming that you can get your money faster by sending personal information or clicking on links, delete them immediately. DO NOT click on any links in those emails!
  • Reports are also swirling about bogus checks. If you receive a “check” in the mail now, it’s a fraud – it will take the Treasury Department a few weeks to distribute the paper check payments. If you receive a “check” for an odd amount (especially one with cents), or a check that requires you to verify the check on line or by calling a number, it’s a fraud.

Beware Scams and Schemes

  • IRS-Impersonation Telephone Scams
    • An aggressive and sophisticated phone scam targeting taxpayers, including recent immigrants, has been making the rounds. Callers are falsely claiming to be IRS agents. Victims are told that they owe the IRS money and it must be paid immediately via pre-loaded debit card or wire transfer. If the victim refuses, they are then threatened with arrest, deportation or suspension of a business or driver’s license. Or, victims may be told they have a refund due to try to trick them into sharing private information.
    • With COVID-19 scams, they may urge you to pay this fake “debt” with your economic impact check. For those who receive an actual check, they may ask you to endorse it and forward to them for “payment of past debts.”
    • Remember: scammers change tactics. Variations of the IRS impersonation scam continue on a year-round basis and tend to peak when prime opportunities strike – like a new economic impact check being sent.
  • Surge in Email, Phishing and Malware Schemes
    • Scam emails are designed to trick taxpayers into thinking these are official communications from the IRS, tax industry professionals or tax software companies. These phishing emails ask taxpayers about a wide range of topics – related to refunds, filing status, ordering transcripts and verifying PIN information – in order to steal your personal info or file false tax returns in your name.
    • When people click on links from these phishing emails, they are taken to sites designed to imitate an official-looking website, such as IRS.gov. The sites may also carry malware, which can infect personal or work computers to steal files or record keystrokes.
    • Also be aware of email phishing scams that appear to be from the IRS and include a link to a bogus web site intended to mirror the official IRS web site. These emails contain the direction “you are to update your IRS e-file immediately.” The emails mention USA.gov and IRSgov (without the dot between “IRS” and “gov”). Don’t get scammed! These emails are NOT from the IRS.
    • Don’t be a victim! Visit IRS.gov or IRS.gov/coronavirus for the latest information.

April 15, 2020 – Federal Trade Commission’s COVID-19 Scam Reports

Scammers are out in force, taking advantage of all aspects of the Cornoavirus pandemic. There are many straight-up scams, like texts/emails/calls from a “government agency” promising to get you your relief money for you. There are other scams like websites that promise scarce cleaning products or masks, or to help with getting money back for cancelled travel plans.

From January 1, 2020 until today, the FTC has gotten 18,235 reports related to COVID-19, and people reported losing $13.44 million dollars to fraud.

If you’re getting calls, emails, or texts, or you’re seeing ads or offers online, keep a few things in mind:

  • The government will never call out of the blue to ask for money or your personal information (like Social Security, bank account, or credit card numbers).
  • Anyone who tells you to pay by Western Union or Money Gram, or by putting money on a gift card, is a scammer. The government and legit businesses will never tell you to pay that way.

To report a scam, visit ftc.gov/complaint.


April 3, 2020 – BBB Scam Alert: Small Businesses, Don’t Fall for This Phony SBA Grant Offer

Small business owners are getting hit with a lot of information and making tough decisions on how to survive the COVID-19 crisis. Emails are coming in from every direction about local, state, and federal government relief loans. They’re also sifting through advice on how to keep employees, maintaining a safe work environment and tips on how to stay cybersecure online. With all of these messages flooding their inbox, social media, and phone, it’s easy to mistake a scam for a real offer.

How the Scam Works:
An email, text or caller ID appears to be from the U.S. Small business Administration or an attorney representing the SBA. The “SBA” is offering grants just for small businesses affected by the coronavirus outbreak. The application looks simple and may involve completing a short form requesting banking and business information. After being approved, the business owner is asked to pay a “processing fee” up to a couple thousand dollars. This is just one example of the type of scam going around.

BBB.org/ScamTracker has received several recent reports about a sophisticated new twist. After the “government agency” contacts business owners about the grant, a friend then reaches out through Facebook. This “friend” claims to have successfully received money from the exact same grant and wants you to know about the program. What a coincidence! Naturally, the “friend” is not really a friend, but a compromised Facebook account, contacting all of your friends on Facebook.

No matter how convincing the idea sounds and how much your business could use “free” money, don’t fall for it. If you receive an offer that appears to come from the SBA or another state or local government small business agency, research it before sharing any personal information.

Tips for Spotting a Small Business Loan Scam:

  • Look for a website that ends in .gov or .ca: Legitimate government entities will have websites and emails that end with .gov such as SBA.gov.
  • Do a quick internet search for similar offers: Many government agencies helping small businesses are offering loans and other programs. Be sure to confirm that the offer is real before sharing personal or business information. Find the agency website through an online search (never click on a link in an email) and be sure the program is on their website.
  • Government agencies do not typically text or communicate through social media avenues such as Facebook. Be wary of unsolicited messages.
  • There is no such thing as a “free” government grant. If you have to pay money to claim a “free” government grant, it is not really free. A real government agency will not ask you to pay an advanced processing fee.
  • Businesses typically don’t receive government grants. In general, the federal government only offers grants to nonprofits, educational institutions, and state and local governments. Learn more at SBA.gov.

For More Information:
Check out the SBA’s website (SBA.gov) for business resources and loans.

For consumer tips on COVID-19, go to BBB.org/Coronavirus.

For more business tips, go to BBB.org/smallbusiness.

If you’ve spotted a scam (whether or not you’ve lost money), report it to BBB.org/ScamTracker. Your report can help others avoid falling victim to scams.


March 24, 2020

Fraudsters are getting smarter; stay vigilant and protect your information!

Cybercriminals are posing as legitimate medical organizations, non-profits or financial institutions to commit crimes.

Fraud likely goes all the way back to the start of civilization, but it’s never been as sophisticated and technology driven as it is today. Gone are the days where you receive an email from a stranger asking you to wire funds to them for an unforeseen emergency. Today, fraudsters do their homework to learn as much as they can about you.

Due to the significant amount of personal information that can be gathered online from social media platforms, compromised accounts due to weak passwords, and breached data sold on the dark web, fraudsters have personal information about you such as:

  • The stores you frequent
  • The bank or credit union you belong to
  • The subscription services you’ve signed up for

This means the phone call claiming to be your bank, your wireless carrier or your favorite retailer may actually be a fraudster. Most institutions including government agencies, do not call you directly on the phone so you should never share any personal or financial information with them unless you are the one initiating the call.

According to an announcement by the U.S. Secret Service, cybercriminals are also leveraging fear, curiosity and trust as communities respond to the spread of the coronavirus (COVID-19) by posing as legitimate medical or non-profit organizations to steal your sensitive information.


October 5, 2017-Image of a text message phishing scam.

A Phishing attack-began on October 5, 2017 at approximately 5:00pm where consumers are receiving text messages asking them to contact SCCU and provide their account information and security codes. This is not Sierra Central, please do not call the number back; just delete the message.

Phishing is an attempt by fraudsters to obtain account numbers, security codes and passwords from consumers. Phishing is not Hacking and you can learn more about Phishing on this page. The text messages are coming from 530-407-4441. An example of the text is shown to the right.


September 7, 2017-Equifax Breach

Equifax is one of three nationwide credit-reporting companies that track and rates the financial history of U.S. consumers. The companies are supplied with data about loans, loan payments and credit cards, as well as information on everything from child support payments, credit limits, missed rent and utilities payments, addresses and employer history, which all factor into credit scores.

Equifax says a giant cybersecurity breach compromised the personal information of as many as 143 million Americans — almost half the country.

Cyber criminals have accessed sensitive information — including names, social security numbers, birth dates, addresses, and the numbers of some driver’s licenses.

Additionally, Equifax said that credit card numbers for about 209,000 U.S. customers were exposed, as was “personal identifying information” on roughly 182,000 U.S. customers involved in credit report disputes. Residents in the U.K. and Canada were also impacted.

The breach occurred between mid-May and July, Equifax said. The company said it discovered the hack on July 29.

The data breach is one of the worst ever, by its reach and by the kind of information exposed to the public.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” said Equifax chairman and CEO Richard F. Smith.

Unlike other data breaches, not all of the people affected by the Equifax breach may be aware that they’re customers of the company. Equifax gets its data from credit card companies, banks, retailers, and lenders who report on the credit activity of individuals to credit reporting agencies, as well as by purchasing public records.

Equifax is mailed notices to people whose credit cards or dispute documents were affected.

It also says that consumers can check to see if they’ve potentially been impacted by submitting their name and the last six digits of their social security number. Users are given a date when they will be enrolled in free identity theft protection and credit file monitoring services.

“This is reason Number 10,000 to check your online bank statements and credit card statements on a regular basis, ideally weekly,” said Matt Schulz, senior industry analyst at CreditCards.com. “Bad guys can be very patient, so it’s important to keep an eye out long after this story fades from the headlines.”


April 19, 2017 – Text Message Spam, a NEW scam that is happening now, so beware!

Text message spam is to your cell phone what email spam is to your personal computer. Both may try to get you to reveal personal information.

Text Message Spam is a Triple Threat

  • It often uses the promise of free gifts, like computers or gift cards, or product offers, like cheap mortgages, credit cards, or debt relief services to get you to reveal personal information. If you want to claim your gift or pursue an offer, you may need to share personal information, like how much money you make, how much you owe, or your bank account information, credit card number, or Social Security number. Clicking on a link in the message can install malwarethat collects information from your phone. Once the spammer has your information, it is sold to marketers or, worse, identity thieves.
  • It can lead to unwanted charges on your cell phone bill. Your wireless carrier may charge you simply for receiving a text message, regardless of whether you requested it.
  • It can slow cell phone performance by taking up space on your phone’s memory

Can the Spam

Here are a few steps to can text message spam:

  • Delete text messages that ask you to confirm or provide personal information: Legitimate companies don’t ask for information like your account numbers or passwords by email or text.
  • Don’t reply, and don’t click on links provided in the message: Links can install malwareon your computer and take you to spoof sites that look real but whose purpose is to steal your information.
  • Treat your personal information like cash: Your Social Security number, credit card numbers, and bank and utility account numbers can be used to steal your money or open new accounts in your name. Don’t give them out in response to a text.
  • Place your cell phone number on the National Do Not Call Registry.
  • If you are an AT&T, T-Mobile, Verizon, Sprint or Bell subscriber, you can report spam texts to your carrier by copying the original message and forwarding it to the number 7726 (SPAM), free of charge.
  • Review your cell phone bill for unauthorized charges, and report them to your carrier.

File a Complaint

If you receive unwanted commercial text messages, file a complaint with the FTC.

The Federal Communications Commission (FCC) also accepts complaints about unwanted text messages.


November 17, 2016 – IRS WARNS OF A NEW TAX BILL SCAM

by Seena Gressin

Attorney, Division of Consumer & Business Education, FTC

We certainly understand if the latest IRS imposter scam makes you queasy: it involves a fake IRS tax notice that claims you owe money as a result of the Affordable Care Act.

The IRS says the fake notices are designed to look like real IRS CP2000 notices, which the agency sends if information it receives about your income doesn’t match the information reported on your tax return. The IRS says many people have gotten the bogus notices, which usually claim you owe money for the previous tax year under the Affordable Care Act.

It’s one of many IRS imposter scams that have popped up. As tax season nears, we’ll see more. The good news? There are red-flag warnings that can help you avoid becoming a victim. For example, the IRS will never:

  • Initiate contact with you by email or through social media.
  • Ask you to pay using a gift card, pre-paid debit card, or wire transfer.
  • Request personal or financial information by email, texts, or social media.
  • Threaten to immediately have you arrested or deported for not paying.

In the new scam, the fake CP2000 notices often arrive as an attachment to an email — a red-flag — or by U.S. mail. Other telltale signs of this fraud:

  • There may be a “payment” link within the email. Scam emails can link you to sites that steal your personal information, take your money, or infect your computer with malware. Don’t click on the link.
  • The notices request that a check be made out to “I.R.S.” Real CP2000s ask taxpayers to make their checks out to “United States Treasury” if they agree they owe taxes.

In the version we saw, a payment voucher refers to letter number LTR0105C, and requests that checks be sent to the “Austin Processing Center” in Texas. But scammers are crafty. They could send messages with a variety of return addresses.

You can review IRS Forms on the IRS web page, Understanding Your CP2000 Notice. If you get a scam IRS notice, forward it to phishing@irs.gov and then delete it from your email account. Let the FTC know too.


July 20, 2016 – Scam falsely claims association with Western Union, United Nations

The Department of Business Oversight (DBO) has received reports of a scam fraudulently using Western Union’s name. Several consumers reported receiving emails purporting to be from Western Union claiming the recipient has been approved to receive the sum of $1.5 million from a United Nations (UN) “poverty alleviation program.” The message claims the recipient will receive installment payments of $7,600 via Western Union, but only after providing the sender personal information.

A second email claims the recipient has been awarded a $600,000 prize as part of a celebration of the UN’s 161st anniversary. The fraudulent solicitation says the recipient will receive their prize only after providing personal and financial information, including bank account number and bank routing number.

These emails are NOT from Western Union and do not represent legitimate prize awards. Western Union has no connection with the perpetrators of this scam, whose goal is to steal victims’ money or their identity.

The DBO urges consumers to exercise extreme caution before responding to any solicitation that claims they’re in line to win a large sum of money from a program or contest or promotion they know nothing about. For more information on this type of scam and other fraudulent schemes, check out DBO’s website for current publications posted.


April 2014 – HeartBleed Bug

Recently you may have heard of the recent trending ‘HeartBleed Bug’ cyber security vulnerability that has caused concerns across the Internet. Although recently glorified, Security Researchers who uncovered the threat are particularly worried about the lapse because it went undetected for more than two years.

HeartBleed is a security vulnerability in OpenSSL, a popular, open-source protocol used to encrypt vast portions of the web. It’s used to protect your usernames, passwords, and sensitive information set on secure websites. However, please note that Sierra Central platform DOES NOT employ ‘OpenSSL’ for secure HTTPS connections, and rest assured that neither SCCU nor our clients are exposed or impacted by this vulnerability.

HOW TO PROTECT YOURSELF:
It is always recommended that users should change their passwords, and temporarily avoid any site that is known to be vulnerable.


Online Fraud

Email Fraud

Emails purporting to be from financial institutions continue to surface on the world wide web. These “phishing” scams bait unsuspecting users into clicking on links to allegedly update or verify their information. In fact, you are not connecting to the financial institution’s site at all if you use the supplied link. Instead, you are going to a site the scammer has set up to get your personal information, such as social security numbers, bank account numbers, passwords, etc. The scammers send these same emails to millions of email addresses on the premise that at least a small percentage of those people will have an account with the financial institution and therefore believe it is legitimate. Some of these scams even offer money if you complete their “survey.” Rest assured, these offers are 100% bogus. They want your personal account info, and the promised money is just a come on to get you to supply it. DON’T! Watch a video on Protecting Your Email.

Samples of recent phishing scam emails are shown below. If you receive something similar, do not click on the supplied link as it will take you to a site set up by the scammer.

***Sierra Central would never request that you update or verify your account information via a link or attachment supplied in an email**

Fraudulent Email Content – see notes added in brackets [ ]:

[START OF PHISHING EMAIL EXAMPLE #1]

Dear Sierra Central CU client,

We are sorry to inform you that your online payments and transfers services are expired, and must be renewed immediately. If you intend to use this services in the future, and prevent any similarly situations you must take action at one!

To continue click here [link in email goes to fraudulent website] and complete the renew form with your current information.

Many Thanks and Kind Regards - Sierra Central CU Online Department

[END PHISHING EMAIL EXAMPLE #1]

[START OF PHISHING EMAIL EXAMPLE #2]

CONGRATULATIONS !!!

You have been chosen by Sierra Central Credit Union online department to take part in our quick and easy 5 question survey. In return we will credit $20 to your account - Just for your time!

Helping us better understand how our customers feel, benefits everyone. With the information collected we can decide to direct a number of changes to improve and expand our online service. The information you provide us is all non-sensitive and anonymous - No part of it is handed down to any third party groups. It will be stored in our secure database for maximum of 3 days while we process the results of this nationwide survey.

We kindly ask you to spare two minutes of your time in taking part with this unique offer!

To Continue click on the link below:

https://www.sierracpu.com/asp/USERS/Common/Login/NetLogin.asp?cmd=survey

SIERRA CENTRAL CREDIT UNION
1351 Harter Parkway
YUBA CITY, CA 95993

[END PHISHING EMAIL EXAMPLE #2]

Below are some helpful bullet points to help protect yourself from phishing scams. You can also check the Federal Trade Commission’s (FTC) Consumer Alert on phishing.

  • Check the sender email address to verify that it is from a valid email account.
  • Make sure that the URL provided in the email leads to a valid website.
  • Open emails only when you know the sender.
  • Attachments that look questionable or unknown may have viruses, so be careful opening or downloading files, even from friends.
  • Stay up-to-date on email fraud trends.
  • Be careful before clicking on links contained in an unknown email. Even if you don’t supply it, just clicking can enable thieves to access your computer, record your keystrokes and capture passwords you use to access various websites.
  • Never fill in an email with input fields that ask you for sensitive data such as username, passwords, ATM PIN’s and account number information.
  • Do not open or follow instructions in any email asking you to verify information.

As a provider of online banking services, Sierra Central will occasionally communicate with its members via email.

  • If you use a link in an email from Sierra Central, you can make sure that you are on a Sierra Central’s webpage by comparing it against the known URL (www.sierracentral.com) you use to access your account.
  • Sierra Central will ask you to enter your username and password ONLY when you are on our site.
  • Sierra Central will NEVER ask you to send sensitive account information such as your credit card number, account number, password, username, etc. through email.

Websites

Fraudulent websites are created to look identical to those of a legitimate company. Phony websites, also known as spoofed websites, use an organization’s website graphics and logos, but are created in an attempt to steal sensitive personal and financial information. Once at a phony site, you might unknowingly enter personal information that will be transmitted directly to the fraudulent party who created the site, giving them access to purchase goods, apply for a new credit card or even steal your identity.

  • A phony website will not contain the padlock symbol or https:// in the URL.
  • Most commonly, phony websites will lure customers through spam email(see above).
  • Be suspicious of sites that display an IP Address, or numerical address, e.g., http://190.192.100.255 in the address bar instead of a domain name.

Phishing

Phishing is a way of attempting to acquire sensitive information by pretending to be a legitimate company. Victims are lured in by phony websites, email spoofing or instant messaging where they are then susceptible to giving out or verifying private information that can be used to hack into your finances and more.

  • Practice safe banking etiquette to avoid phishing.
  • Verify that emails are legitimate.
  • Be aware of phony websites and how they work.
  • If you become aware of a phishing attack, report it to the authorities.

Vishing

Vishing is a combination of “voice” and phishing because it is the criminal practice of social engineering over the telephone. If you use a Voice over Internet Protocol (VoIP) phone service, you are particularly vulnerable to this scam. Vishing is very hard for authorities to trace and monitor, so it is important that you are alert to such a behavior.

  • Be highly suspicious when receiving calls or messages asking for or verifying sensitive financial information.
  • Be leery of any automated recordings posing as a credit card company or financial institution.
  • Never give suspicious parties your information. Even if you use your telephone keypad or keyboard to type in your details, if you are on the line, the scammer can record them.
  • Do not use a contact number provided by the caller.
  • Directly call the organization to check the legitimacy of the request.

Dumpster Diving

Not only can dumpster diving help criminals gather information for fraud purposes, it can also be used for spying on companies and neighbors. Once you throw something in the trash for pickup, your privacy is thrown to the curb too.

  • Shred mail that has personal information such as account statements, utility bills, credit card pre-approvals, expired credit cards, canceled checks, etc.
  • Destroy electronic items that may have data stored on them including laptops, USB devices, iPods, phones, etc. before throwing them away.
  • Consider when you place your trash bins outside for pick up. The less time between pickup and when you put the trash outside, the less time a thief has to grab information.
  • The less paper trail, the better. Sign up for eStatements and Online Banking.

Re-routing and stealing mail are the top two offline identity theft methods.

  • Watch your mailbox. Drop mail off at the post office instead leaving it in your mailbox.
  • If you’re going out of town, put a hold on your mail.
  • Not getting mail? Contact the post office immediately.

Trends in Fraud

Foreign Business Offers. They pretend to be business people or government officials from various countries with business propositions that will make you money.

Warning signs:

  • They ask you to transfer money from their country to your bank account.
  • They ask you to invest in a partnership that will make you rich.
  • They say they will send you a check or money order as an advance on the millions you will receive. In return they ask you to send cash for legal services, bonding or other expenses.
  • They ask you to set up a domestic bank account because they can’t from out of country.
  • A soldier is trying to ship home money to help his struggling family and needs your help.

Overpayments. They offer overpayments on items you advertised in the classifieds or an online auction such as Craigslist.

Warning signs:

  • They claim they want to buy the item you have for sale and will overpay for it to receive it sooner…they just need some information from you.
  • They send or give you a check or money order for more than the purchase price and ask you to return the excess to them or someone else.
  • They say a check or money order payment will come from someone who owes them money, then tell you to deduct your share and send them the rest.

Rental Schemes. They want to rent your property, but have some suspicious requirements.

Warning signs:

  • They claim to be moving from outside the area or another country and will send a check or money order for rent, plus extra for the shipping of their items. They ask that you forward the extra cost to someone else.
  • They have unexpected expenses and ask you to cash a check or money order, then send some of the money back as a favor.
  • Their check or money order for rent includes extra to rent a car, asking you to send the money to someone who will make the car arrangements.

Sudden Riches. You won a foreign lottery, sweepstakes or a cash grant! Watch out for prize scams.

Warning Signs:

  • They send you a check or money order as an advance and ask you to send money to get the rest of your payment to cover fees or shipping costs.
  • To gain your trust, they pose as a well-known sweepstakes company. If you feel you may have won, call that company directly—not from the information you received—and verify.
  • They say you won a foreign lottery or sweepstakes. That’s impossible unless you traveled to that country to enter. It is illegal to buy or sell tickets across the U.S. border.
  • They say you’ve been selected for a cash grant that you did not apply for.

Work-at-Home. They promise easy money and the ability to work from home.

Warning Signs:

  • They will hire you on the basis of an email or phone call without any formal interview or background check.
  • They ask you to help process payments by depositing checks or money orders intended for their company into your bank account.
  • They ask you to be a “mystery shopper” and for you to send funds from a check or money order to test a service. We currently utilize a service for mystery shopping but they will not ask you to send them money.

Love Losses. You think you’ve found that special someone online.

Warning Signs:

  • They promise to come to the U.S. to be with you, but they need you to send money to help get them there.
  • They live in a foreign country and they have a check or money order that need help to cash.
  • They claim to have a medical emergency or some other problem and ask that you cash a check or money order and send it to them.

Exploitation through Education. Targets education-seeking and unemployed individuals looking for a fast, easy way to change careers and make more money.

Warning Signs:

  • They offer a secret system that promises easy success and riches.
  • They promise streamlined schooling to a high-paying job.
  • If you pass a test you could get a nice government job.

Trumped Up Diagnoses of Problems. Scammers exploit consumers’ lack of expertise, their trust in authority and any critical need.

Warning Signs:

  • They know something about a product or procedure you’ve had before you do.
  • They scare you with an undetected problem in a product or medicine.

PROTECT YOUR INFORMATION

Monitor Your Accounts

  • Login to your Sierra Central online account(s) at least once a week to review your account information. If you notice any activity that was not made by you, contact us immediately at 1-800-222-7228.
  • Set up alerts on your account that will keep you posted on your account activity.
  • Check your credit report regularly to ensure that all accounts listed are ones you’ve created, so you can minimize damage to your credit score. View a copy of your credit report at Annual Credit Report.
  • Consider using electronic alternatives when making purchases or paying bills. By eliminating the use of a check, you reduce the possibility of fraud.

Passwords & Personal Identification Numbers (PIN)

  • Create strong PIN’s that are a minimum of 8 characters, alphanumeric and have no consecutive characters that are the same.
  • Do not create passwords that are similar to your real name, nickname, birth date or online screen name. Create Strong Passwords.
  • Protect your PIN and password, and do not disclose them to anyone (including Sierra Central employees).
  • Memorize your PIN. Do not write it on your ATM/debit card.
  • Use a different password for each of your accounts, and change them regularly.
  • Do not store your passwords near your computer or on your desk where others might easily find them.

Safe Social Networking

Sierra Central has a presence in several social networking sites that help us keep in touch with you, including the following:

With more and more people joining the social network world, there is an increased danger of social engineering, a form of identity theft where thieves use the information you share on social network sites to prey on you.

  • Use legitimate sites that have safety precautions.
  • Post only information that you are comfortable with others seeing; regard this information as public and permanent.
  • Do not use the same username and password to log in to social networking accounts that you use on other online accounts.
  • Be careful when clicking links and using applications connected with the site. Even if a friend sends you a message with a link, make sure it is authentic first. Most social network applications are not governed and collect personal information.
  • Use privacy settings to limit access to your information.
  • Do not “friend,” “follow” or “connect” with anyone or organization you do not know.
  • Sierra Central will never ask you for personal account information or account access through social media.

Go Paperless

  • Signing up for eStatements will ensure that no one else receives your account statements but you, and eliminates your paper trail that is susceptible to fraud.
  • Save time and clutter by accessing your statements from anywhere 24/7.
  • If you have old checks or statements lying around, shred them before throwing away.
  • Do not carry your checkbook around with you unnecessarily.
  • Pay your bills online to reduce the risk of having checks in the mail.
  • Report lost or stolen checks/checkbooks immediately by calling 1-800-222-7228.

Safe Banking Etiquette

  • Do not email personal or financial information unless it is encrypted on a secure website.
  • Log off from the Sierra Central Online Banking access after you are finished and then close your browser.
  • Clear your browser cache regularly so that your browser does not store any data.
  • Be careful when accessing your financial information online from a public/shared computer. If using a shared computer, it is a good idea to clear your browser’s cache and history after each session.
  • Disable the AutoComplete option for online financial companies or secured sites. The convenience of saving user details and passwords when logging into websites makes it very easy for those accessing an unprotected device to do the same.
  • Never fill in an email with input fields that ask you for sensitive data such as username, password, social security number and account number information.
  • Look for the padlock symbol and https:// in the URL to confirm that the site is secure before you enter sensitive information.
  • Beware of pop-up windows that ask for your account number and password. Sierra Central login pages are always on a web page and never in a pop-up window.
  • If you suspect a website is fraudulent, leave the site immediately.
  • Add or bookmark the URL – www.SierraCentral.com to your favorites.

PROTECT YOUR PHONE

Pin / Key lock Code Pin

  • Use a pin/key lock code; otherwise if your phone is lost, stolen or left unattended, anyone that picks it up will have unrestricted access.
  • Avoid using a password that is easy to guess such as “1234” and other common phrases.
  • Screen locks are good to prevent unwanted calls, sharing data or unwanted downloads, but they won’t stop someone from removing your SIM card and using it on another phone. To prevent this from happening, set up a SIM card lock in the form of a PIN number that will need to be entered when a phone is turned on in order to connect to a network.
  • Another way to retrieve data is by simply plugging the phone into a computer. Most Smartphone platforms offer software that can encrypt files or folders on a device with industry-standard protection. This means a code must be entered before a file can be viewed or copied to prevent accessing personal information.

Wireless Connections

  • On most Smartphone’s or tablets you have the ability to connect to wireless networks. Turn off the wireless connection when not in use. Apart from helping you save on battery power, it ensures that other parties can’t connect to a device without your knowledge.
  • If your device has Bluetooth capability, set it to “non-discoverable” and turn off when not in use. This will help prevent hackers from remotely accessing your device and using it to make calls, access data or listen in on your conversation.
  • If you get a request to “pair” your device with an unknown user, ignore or decline the offer.
  • Be careful when logging into wireless hotspots and unknown networks, they are also hotspots for hackers to get your information. A malicious party may have set up a free wireless connection that looks similar to a legitimate hotspot from a large company, so be sure that you are connecting to a trusted network.
  • You should not receive requests for passwords, login details and other information at a hotspot location. Any request for information that does not seem legitimate should be ignored.

Applications & Tips

  • When downloading applications, purchase them from a trusted source such as the App Store or Android Market. Do not download apps from third party sources, low rated or poorly reviewed companies.
  • Do not root or jailbreak your device to get around limitations set by your carrier or manufacturer. It may remove any protection to defend against threats. While you may benefit from more flexibility, writers of malicious code can also benefit from access to your device if it becomes infected.
  • Disable the AutoComplete option for online financial companies or secured sites. The convenience of saving user details and passwords when logging into websites makes it very easy for those accessing an unprotected device to do the same.
  • Pay attention to any security warnings before downloading documents or visiting sites.
  • Look for the padlock symbol and https:// in the URL to confirm that the site is secure before you enter sensitive information.
  • Regularly back-up your device. Most devices allow users to “synchronize” information with a computer or website for productivity, backup purposes or in the event of loss.

PROTECT YOUR COMPUTER

Firewalls & Browsers

  • Install a personal firewall to control the information that goes to and from your computer, therefore preventing unauthorized access to your information.
  • Use an Internet browser that supports 128-bit encryption.
  • Disable the AutoComplete option for online financial companies or secured sites. The convenience of saving user details and passwords when logging into websites makes it very easy for those accessing an unprotected device to do the same.
  • Keep your operating system and browser up-to-date. Software updates often include security enhancements that you can usually download free from the particular software provider.
  • Save or “bookmark” frequently visited and trusted websites to your list of favorites, then access those sites through your saved links.

Anti-Virus Protection

  • Install anti-virus software on your computer to minimize the risk of your computer getting infected.
  • Configure the anti-virus software to automatically notify you when new updates are available for download and to scan all in-coming and out-going emails.
  • Daily, or at least once a week, perform a complete scan of your computer for viruses. These scans can usually be scheduled to run when you are asleep.

Anti-Spyware Protection

  • To protect your computer against spying or Trojan horse programs, ad/spyware scanner software is recommended.
  • Make sure that the anti-spy software is updated on a regular basis and that it is scanning to detect any ad/spyware.