Welcome To Our Security Center

Fraud prevention button, concept about cybersecurity, credit card and identity protection against cyberattack and online thieves

Here at Sierra Central, we value the security and privacy of your personal information. Our security center provides you with information to help you avoid identity theft and fraud.  It is important to monitor your transactions history and credit card statements for evidence of unauthorized transactions. If you identify suspicious charges, please don’t hesitate to contact us at 1-800-222-7228 and speak to a Member Services Representative.

Here in our Security Center we will post up-to-date information regarding recent scams and security alerts, as well as provide you with helpful tools and resources to assist you with protecting yourself from online fraud, protecting your money and your identity.


Security Alerts!

November 17, 2016 – IRS WARNS OF A NEW TAX BILL SCAM

by Seena Gressin

Attorney, Division of Consumer & Business Education, FTC

We certainly understand if the latest IRS imposter scam makes you queasy: it involves a fake IRS tax notice that claims you owe money as a result of the Affordable Care Act.

The IRS says the fake notices are designed to look like real IRS CP2000 notices, which the agency sends if information it receives about your income doesn’t match the information reported on your tax return. The IRS says many people have gotten the bogus notices, which usually claim you owe money for the previous tax year under the Affordable Care Act.

It’s one of many IRS imposter scams that have popped up. As tax season nears, we’ll see more. The good news? There are red-flag warnings that can help you avoid becoming a victim. For example, the IRS will never:

  • Initiate contact with you by email or through social media.
  • Ask you to pay using a gift card, pre-paid debit card, or wire transfer.
  • Request personal or financial information by email, texts, or social media.
  • Threaten to immediately have you arrested or deported for not paying.

In the new scam, the fake CP2000 notices often arrive as an attachment to an email — a red-flag — or by U.S. mail. Other telltale signs of this fraud:

  • There may be a “payment” link within the email. Scam emails can link you to sites that steal your personal information, take your money, or infect your computer with malware. Don’t click on the link.
  • The notices request that a check be made out to “I.R.S.” Real CP2000s ask taxpayers to make their checks out to “United States Treasury” if they agree they owe taxes.

In the version we saw, a payment voucher refers to letter number LTR0105C, and requests that checks be sent to the “Austin Processing Center” in Texas. But scammers are crafty. They could send messages with a variety of return addresses.

You can see an image of a real CP2000 notice on the IRS web page, Understanding Your CP2000 Notice. If you get a scam IRS notice, forward it to phishing@irs.gov and then delete it from your email account. Let the FTC know too.

July 20, 2016 – Scam falsely claims association with Western Union, United Nations 

The Department of Business Oversight (DBO) has received reports of a scam fraudulently using Western Union’s name. Several consumers reported receiving emails purporting to be from Western Union claiming the recipient has been approved to receive the sum of $1.5 million from a United Nations (UN) “poverty alleviation program.” The message claims the recipient will receive installment payments of $7,600 via Western Union, but only after providing the sender personal information.

A second email claims the recipient has been awarded a $600,000 prize as part of a celebration of the UN’s 161st anniversary. The fraudulent solicitation says the recipient will receive their prize only after providing personal and financial information, including bank account number and bank routing number.

These emails are NOT from Western Union and do not represent legitimate prize awards. Western Union has no connection with the perpetrators of this scam, whose goal is to steal victims’ money or their identity.

The DBO urges consumers to exercise extreme caution before responding to any solicitation that claims they’re in line to win a large sum of money from a program or contest or promotion they know nothing about. For more information on this type of scam and other fraudulent schemes, check out DBO’s Protect Yourself From Fraud publication posted on the DBO website.

April 2014 – HeartBleed Bug

Recently you may have heard of the recent trending ‘HeartBleed Bug’ cyber security vulnerability that has caused concerns across the Internet. Although recently glorified, Security Researchers who uncovered the threat are particularly worried about the lapse because it went undetected for more than two years.

HeartBleed is a security vulnerability in OpenSSL, a popular, open-source protocol used to encrypt vast portions of the web. It’s used to protect your usernames, passwords, and sensitive information set on secure websites. However, please note that Sierra Central platform DOES NOT employ ‘OpenSSL’ for secure HTTPS connections, and rest assureRd that neither SCCU nor our clients are exposed or impacted by this vulnerability.

HOW TO PROTECT YOURSELF:
It is always recommended that users should change their passwords, and temporarily avoid any site that is known to be vulnerable.


online-protection-iconOnline Fraud

Email Fraud

Emails purporting to be from financial institutions continue to surface on the world wide web. These “phishing” scams bait unsuspecting users into clicking on links to allegedly update or verify their information. In fact, you are not connecting to the financial institution’s site at all if you use the supplied link. Instead, you are going to a site the scammer has set up to get your personal information, such as social security numbers, bank account numbers, passwords, etc. The scammers send these same emails to millions of email addresses on the premise that at least a small percentage of those people will have an account with the financial institution and therefore believe it is legitimate. Some of these scams even offer money if you complete their “survey.” Rest assured, these offers are 100% bogus. They want your personal account info, and the promised money is just a come on to get you to supply it. DON’T! Watch a video on Protecting Your Email.

Samples of recent phishing scam emails are shown below. If you receive something similar, do not click on the supplied link as it will take you to a site set up by the scammer.

***Sierra Central would never request that you update or verify your account information via a link or attachment supplied in an email**

Fraudulent Email Content – see notes added in brackets [ ]:

[START OF PHISHING EMAIL EXAMPLE #1]

Dear Sierra Central CU client,

We are sorry to inform you that your online payments and transfers services are expired, and must be renewed immediately. If you intend to use this services in the future, and prevent any similarly situations you must take action at one!

To continue click here [link in email goes to fraudulent website] and complete the renew form with your current information.

Many Thanks and Kind Regards - Sierra Central CU Online Department

[END PHISHING EMAIL EXAMPLE #1]

[START OF PHISHING EMAIL EXAMPLE #2]

CONGRATULATIONS !!!

You have been chosen by Sierra Central Credit Union online department to take part in our quick and easy 5 question survey. In return we will credit $20 to your account - Just for your time!

Helping us better understand how our customers feel, benefits everyone. With the information collected we can decide to direct a number of changes to improve and expand our online service. The information you provide us is all non-sensitive and anonymous - No part of it is handed down to any third party groups. It will be stored in our secure database for maximum of 3 days while we process the results of this nationwide survey.

We kindly ask you to spare two minutes of your time in taking part with this unique offer!

To Continue click on the link below:

https://www.sierracpu.com/asp/USERS/Common/Login/NetLogin.asp?cmd=survey

SIERRA CENTRAL CREDIT UNION
1351 Harter Parkway
YUBA CITY, CA 95993

[END PHISHING EMAIL EXAMPLE #2]

Below are some helpful bullet points to help protect yourself from phishing scams.  You can also check the Federal Trade Commission’s (FTC) Consumer Alert on phishing.

  • Check the sender email address to verify that it is from a valid email account.
  • Make sure that the URL provided in the email leads to a valid website.
  • Open emails only when you know the sender.
  • Attachments that look questionable or unknown may have viruses, so be careful opening or downloading files, even from friends.
  • Stay up-to-date on email fraud trends.
  • Be careful before clicking on links contained in an unknown email. Even if you don’t supply it, just clicking can enable thieves to access your computer, record your keystrokes and capture passwords you use to access various websites.
  • Never fill in an email with input fields that ask you for sensitive data such as username, passwords, ATM PIN’s and account number information.
  • Do not open or follow instructions in any email asking you to verify information.

As a provider of online banking services, Sierra Central will occasionally communicate with its members via email.

  • If you use a link in an email from Sierra Central, you can make sure that you are on a Sierra Central’s webpage by comparing it against the known URL (www.sierracentral.com) you use to access your account.
  • Sierra Central will ask you to enter your username and password ONLY when you are on our site.
  • Sierra Central will NEVER ask you to send sensitive account information such as your credit card number, account number, password, username, etc. through email.

Websites

Fraudulent websites are created to look identical to those of a legitimate company. Phony websites, also known as spoofed websites, use an organization’s website graphics and logos, but are created in an attempt to steal sensitive personal and financial information. Once at a phony site, you might unknowingly enter personal information that will be transmitted directly to the fraudulent party who created the site, giving them access to purchase goods, apply for a new credit card or even steal your identity.

  • A phony website will not contain the padlock symbol or https:// in the URL.
  • Most commonly, phony websites will lure customers through spam email(see above).
  • Be suspicious of sites that display an IP Address, or numerical address, e.g., http://190.192.100.255 in the address bar instead of a domain name.

Phishing

Phishing is a way of attempting to acquire sensitive information by pretending to be a legitimate company. Victims are lured in by phony websites, email spoofing or instant messaging where they are then susceptible to giving out or verifying private information that can be used to hack into your finances and more.

  • Practice safe banking etiquette to avoid phishing.
  • Verify that emails are legitimate.
  • Be aware of phony websites and how they work.
  • If you become aware of a phishing attack, report it to the authorities.

Vishing

Vishing is a combination of “voice” and phishing because it is the criminal practice of social engineering over the telephone. If you use a Voice over Internet Protocol (VoIP) phone service, you are particularly vulnerable to this scam. Vishing is very hard for authorities to trace and monitor, so it is important that you are alert to such a behavior.

  • Be highly suspicious when receiving calls or messages asking for or verifying sensitive financial information.
  • Be leery of any automated recordings posing as a credit card company or financial institution.
  • Never give suspicious parties your information. Even if you use your telephone keypad or keyboard to type in your details, if you are on the line, the scammer can record them.
  • Do not use a contact number provided by the caller.
  • Directly call the organization to check the legitimacy of the request.

Dumpster Diving

Not only can dumpster diving help criminals gather information for fraud purposes, it can also be used for spying on companies and neighbors. Once you throw something in the trash for pickup, your privacy is thrown to the curb too.

  • Shred mail that has personal information such as account statements, utility bills, credit card pre-approvals, expired credit cards, canceled checks, etc.
  • Destroy electronic items that may have data stored on them including laptops, USB devices, iPods, phones, etc. before throwing them away.
  • Consider when you place your trash bins outside for pick up. The less time between pickup and when you put the trash outside, the less time a thief has to grab information.
  • The less paper trail, the better. Sign up for eStatements and Online Banking.

Re-routing and stealing mail are the top two offline identity theft methods.

  • Watch your mailbox. Drop mail off at the post office instead leaving it in your mailbox.
  • If you’re going out of town, put a hold on your mail.
  • Not getting mail? Contact the post office immediately.

Trends in Fraud

Foreign Business Offers. They pretend to be business people or government officials from various countries with business propositions that will make you money.

Warning signs:

  • They ask you to transfer money from their country to your bank account.
  • They ask you to invest in a partnership that will make you rich.
  • They say they will send you a check or money order as an advance on the millions you will receive. In return they ask you to send cash for legal services, bonding or other expenses.
  • They ask you to set up a domestic bank account because they can’t from out of country.
  • A soldier is trying to ship home money to help his struggling family and needs your help.

Overpayments. They offer overpayments on items you advertised in the classifieds or an online auction such as Craigslist.

Warning signs:

  • They claim they want to buy the item you have for sale and will overpay for it to receive it sooner…they just need some information from you.
  • They send or give you a check or money order for more than the purchase price and ask you to return the excess to them or someone else.
  • They say a check or money order payment will come from someone who owes them money, then tell you to deduct your share and send them the rest.

Rental Schemes. They want to rent your property, but have some suspicious requirements.

Warning signs:

  • They claim to be moving from outside the area or another country and will send a check or money order for rent, plus extra for the shipping of their items. They ask that you forward the extra cost to someone else.
  • They have unexpected expenses and ask you to cash a check or money order, then send some of the money back as a favor.
  • Their check or money order for rent includes extra to rent a car, asking you to send the money to someone who will make the car arrangements.

Sudden Riches. You won a foreign lottery, sweepstakes or a cash grant! Watch out for prize scams.

Warning Signs:

  • They send you a check or money order as an advance and ask you to send money to get the rest of your payment to cover fees or shipping costs.
  • To gain your trust, they pose as a well-known sweepstakes company. If you feel you may have won, call that company directly—not from the information you received—and verify.
  • They say you won a foreign lottery or sweepstakes. That’s impossible unless you traveled to that country to enter. It is illegal to buy or sell tickets across the U.S. border.
  • They say you’ve been selected for a cash grant that you did not apply for.

Work-at-Home. They promise easy money and the ability to work from home.

Warning Signs:

  • They will hire you on the basis of an email or phone call without any formal interview or background check.
  • They ask you to help process payments by depositing checks or money orders intended for their company into your bank account.
  • They ask you to be a “mystery shopper” and for you to send funds from a check or money order to test a service. We currently utilize a service for mystery shopping but they will not ask you to send them money.

Love Losses. You think you’ve found that special someone online.

Warning Signs:

  • They promise to come to the U.S. to be with you, but they need you to send money to help get them there.
  • They live in a foreign country and they have a check or money order that need help to cash.
  • They claim to have a medical emergency or some other problem and ask that you cash a check or money order and send it to them.

Exploitation through Education. Targets education-seeking and unemployed individuals looking for a fast, easy way to change careers and make more money.

Warning Signs:

  • They offer a secret system that promises easy success and riches.
  • They promise streamlined schooling to a high-paying job.
  • If you pass a test you could get a nice government job.

Trumped Up Diagnoses of Problems. Scammers exploit consumers’ lack of expertise, their trust in authority and any critical need.

Warning Signs:

  • They know something about a product or procedure you’ve had before you do.
  • They scare you with an undetected problem in a product or medicine.

PROTECT YOUR INFORMATIONpassword-protection-copy

Monitor Your Accounts

  • Login to your Sierra Central online account(s) at least once a week to review your account information. If you notice any activity that was not made by you, contact us immediately at 1-800-222-7228.
  • Set up alerts on your account that will keep you posted on your account activity.
  • Check your credit report regularly to ensure that all accounts listed are ones you’ve created, so you can minimize damage to your credit score. View a copy of your credit report at Annual Credit Report.
  • Consider using electronic alternatives when making purchases or paying bills. By eliminating the use of a check, you reduce the possibility of fraud.

Passwords & Personal Identification Numbers (PIN)

  • Create strong PIN’s that are a minimum of 8 characters, alphanumeric and have no consecutive characters that are the same.
  • Do not create passwords that are similar to your real name, nickname, birth date or online screen name. Create Strong Passwords.
  • Protect your PIN and password, and do not disclose them to anyone (including Sierra Central employees).
  • Memorize your PIN. Do not write it on your ATM/debit card.
  • Use a different password for each of your accounts, and change them regularly.
  • Do not store your passwords near your computer or on your desk where others might easily find them.

Safe Social Networking

Sierra Central has a presence in several social networking sites that help us keep in touch with you, including the following:

With more and more people joining the social network world, there is an increased danger of social engineering, a form of identity theft where thieves use the information you share on social network sites to prey on you.

  • Use legitimate sites that have safety precautions.
  • Post only information that you are comfortable with others seeing; regard this information as public and permanent.
  • Do not use the same username and password to log in to social networking accounts that you use on other online accounts.
  • Be careful when clicking links and using applications connected with the site. Even if a friend sends you a message with a link, make sure it is authentic first. Most social network applications are not governed and collect personal information.
  • Use privacy settings to limit access to your information.
  • Do not “friend,” “follow” or “connect” with anyone or organization you do not know.
  • Sierra Central will never ask you for personal account information or account access through social media.

Go Paperless

  • Signing up for eStatements will ensure that no one else receives your account statements but you, and eliminates your paper trail that is susceptible to fraud.
  • Save time and clutter by accessing your statements from anywhere 24/7.
  • If you have old checks or statements lying around, shred them before throwing away.
  • Do not carry your checkbook around with you unnecessarily.
  • Pay your bills online to reduce the risk of having checks in the mail.
  • Report lost or stolen checks/checkbooks immediately by calling 1-800-222-7228.

Safe Banking Etiquette

  • Do not email personal or financial information unless it is encrypted on a secure website.
  • Log off from the Sierra Central Online Banking access after you are finished and then close your browser.
  • Clear your browser cache regularly so that your browser does not store any data.
  • Be careful when accessing your financial information online from a public/shared computer. If using a shared computer, it is a good idea to clear your browser’s cache and history after each session.
  • Disable the AutoComplete option for online financial companies or secured sites. The convenience of saving user details and passwords when logging into websites makes it very easy for those accessing an unprotected device to do the same.
  • Never fill in an email with input fields that ask you for sensitive data such as username, password, social security number and account number information.
  • Look for the padlock symbol and https:// in the URL to confirm that the site is secure before you enter sensitive information.
  • Beware of pop-up windows that ask for your account number and password. Sierra Central login pages are always on a web page and never in a pop-up window.
  • If you suspect a website is fraudulent, leave the site immediately.
  • Add or bookmark the URL – www.SierraCentral.com to your favorites.

data-protection-iconPROTECT YOUR PHONE

Pin / Key lock Code Pin

  • Use a pin/key lock code; otherwise if your phone is lost, stolen or left unattended, anyone that picks it up will have unrestricted access.
  • Avoid using a password that is easy to guess such as “1234” and other common phrases.
  • Screen locks are good to prevent unwanted calls, sharing data or unwanted downloads, but they won’t stop someone from removing your SIM card and using it on another phone. To prevent this from happening, set up a SIM card lock in the form of a PIN number that will need to be entered when a phone is turned on in order to connect to a network.
  • Another way to retrieve data is by simply plugging the phone into a computer. Most Smartphone platforms offer software that can encrypt files or folders on a device with industry-standard protection. This means a code must be entered before a file can be viewed or copied to prevent accessing personal information.

Wireless Connections

  • On most Smartphone’s or tablets you have the ability to connect to wireless networks. Turn off the wireless connection when not in use. Apart from helping you save on battery power, it ensures that other parties can’t connect to a device without your knowledge.
  • If your device has Bluetooth capability, set it to “non-discoverable” and turn off when not in use. This will help prevent hackers from remotely accessing your device and using it to make calls, access data or listen in on your conversation.
  • If you get a request to “pair” your device with an unknown user, ignore or decline the offer.
  • Be careful when logging into wireless hotspots and unknown networks, they are also hotspots for hackers to get your information. A malicious party may have set up a free wireless connection that looks similar to a legitimate hotspot from a large company, so be sure that you are connecting to a trusted network.
  • You should not receive requests for passwords, login details and other information at a hotspot location. Any request for information that does not seem legitimate should be ignored.

Applications & Tips

  • When downloading applications, purchase them from a trusted source such as the App Store or Android Market. Do not download apps from third party sources, low rated or poorly reviewed companies.
  • Do not root or jailbreak your device to get around limitations set by your carrier or manufacturer. It may remove any protection to defend against threats. While you may benefit from more flexibility, writers of malicious code can also benefit from access to your device if it becomes infected.
  • Disable the AutoComplete option for online financial companies or secured sites. The convenience of saving user details and passwords when logging into websites makes it very easy for those accessing an unprotected device to do the same.
  • Pay attention to any security warnings before downloading documents or visiting sites.
  • Look for the padlock symbol and https:// in the URL to confirm that the site is secure before you enter sensitive information.
  • Regularly back-up your device. Most devices allow users to “synchronize” information with a computer or website for productivity, backup purposes or in the event of loss.

PROTECT YOUR COMPUTERsecure-cloud-access-conver

Firewalls & Browsers

  • Install a personal firewall to control the information that goes to and from your computer, therefore preventing unauthorized access to your information.
  • Use an Internet browser that supports 128-bit encryption.
  • Disable the AutoComplete option for online financial companies or secured sites. The convenience of saving user details and passwords when logging into websites makes it very easy for those accessing an unprotected device to do the same.
  • Keep your operating system and browser up-to-date. Software updates often include security enhancements that you can usually download free from the particular software provider.
  • Save or “bookmark” frequently visited and trusted websites to your list of favorites, then access those sites through your saved links.

Anti-Virus Protection

  • Install anti-virus software on your computer to minimize the risk of your computer getting infected.
  • Configure the anti-virus software to automatically notify you when new updates are available for download and to scan all in-coming and out-going emails.
  • Daily, or at least once a week, perform a complete scan of your computer for viruses. These scans can usually be scheduled to run when you are asleep.

Anti-Spyware Protection

  • To protect your computer against spying or Trojan horse programs, ad/spyware scanner software is recommended.
  • Make sure that the anti-spy software is updated on a regular basis and that it is scanning to detect any ad/spyware.