Security

Please read on below to find out about detecting fraud , what to do it you have given out your personal information and information about scams.

Quick Links to Hot Topics

Detecting Fraud Tips for Recognizing Scams
Learn how to recognize it you may be a victim Reduce Your Chances of Being Victimized
How to Report if you are a victim Reporting Lost or Stolen Cards Activate Debit Card

Detecting Fraud

The best way to detect if you have been a victim of fraud is by monitoring your credit card and account activity.

Monitor your accounts on a regular basis:

The fastest way to detect fraud and identity theft is by using our Online Account access, WEPCO Pal Plus. Click here for more details and to apply.

Learn how to recognize it you may be a victim

Among some of the benefits of frequent account monitoring online are:

  • Over 50 percent of all identity fraud is first discovered by the victim.
  • The sooner fraud is detected, the lower the financial impact.
  • Customers who access their accounts online detect identity crime earlier than those who rely on mailed statements.

Below are some tips for recognizing whether you have possibly been a victim of identity theft: 

  • If, on your credit report, you find that new accounts have been opened but are not yours.
  • If a bill or statement that you receive in the mail regularly is not delivered.
  • If unexpected charges appear on your account that are not authorized by you.
  • If there are charges on your account from unrecognized vendors or merchants.
  • If posted checks appear on your account significantly out of sequence.
  • If you receive credit cards that you didn't apply for.
  • If you are denied credit or are offered less than favorable credit terms for no reason.
  • If you get calls from creditors or debt collectors regarding merchandise or services that you did not buy.

Check your credit report annually

A recent amendment to the federal Fair Credit Reporting Act (FCRA) requires each of the nationwide consumer reporting companies to provide you with a free copy of your credit report, at your request, once every 12 months, from www.annualcreditreport.com.

Eligibility for an annual free credit report is determined by your state of residence based on the rollout schedule set by federal law. Please visit www.annualcreditreport.com to see when a free credit report becomes available in your state.

The Federal Trade Commission (FTC), the nation's consumer protection agency, has prepared a brochure, Your Access to Free Credit Reports, explaining your rights and how to order a free annual credit report.

For more details from the FTC, go to http://www.ftc.gov/bcp/edu/microsites/freereports/index.shtml.

Reporting Lost of Stolen Cards

Please report immediately if your debit or credit card has been lost or stolen. 

  • Debit Cards:  You may contact us during business hours.  After hours, please call 800-264-5578.
  • Credit Cards:  You will need to contact either 800-558-3424.

Activate Debit Cards

When ordering or reissuing a debit card, VISA does not mail the card activated for security reasons.  Once you recieve your card, you will need to activate the card using your personal PIN provided by VISA.  To activate you will need to call, 1-800-448-8268. 

How to Report if you are a victim

Alert a credit bureau with your concerns

If you suspect you might be a victim of identity theft, contact the three major credit bureaus listed below to place a fraud alert on your credit file. You also can order a credit report to identify any unauthorized activity.

  • Equifax 1.800.525.6285
  • Experian 1.888.397.3742
  • Trans Union 1.800.680.7289

Contact WEPCO immediately!  If the scam or fraud may have affected other accounts that you may hold with a financial institution or credit card company, contact them immediately!  You should have your debit and/or credit card(s) blocked if you have given out those card numbers.  If you have given out your account information, you should strongly consider closing the account and reopening a new account number.  If you have given out your social security number, you should contact your local social security office to report that your social security number may be compromised.  Check out this website for complete details; www.ssa.gov/pubs/10064.html

If you have responded to an e-mail, text or call asking for personal or account information, you should notify us or the financial institution/credit card company immediately and closely monitor.  You must FORWARD emails to phishing@wepcofcu.com.  You must use the forward option so the the link remains live and we have the site shut down.

Please contact us if you have questions or we can help you in any way.

Tips for Recognizing Scams

Fraudulent calls, text,  emails, and web sites are designed to deceive you and can be difficult to distinguish from the real thing. You should be suspicious of any call, text or email that requests your personal or account information.

Most legitimate companies, including WEPCO Federal Credit Union, will never use these forms of contact to ask you to provide or verify your personal or account information. Most likely, they already have this information.  If you are asked for this type of information, assume it's a scam.

Identifying Fake Emails, Text or Calls

  • False sense of urgency. Most fraud attemps try to deceive you with the threat that your account will be in jeopardy if it’s not updated right away or that it has been compromised. These urgent requests for you to supply sensitive personal information are typically fraudulent.
  • Emails: fake links. Many phishing emails have a link that looks valid, but they send you to a fraudulent site that may or may not have an URL different from the link. Check where a link is going by moving your mouse over the link in the e-mail and looking at the URL in the bottom bar of the browser. If it looks suspicious, don't click it.

    Here are some examples of fake links:
      • http://signin.wepcofcu.com@10.19.32.40
      • www.secure-wepcofcu.com
      • http://83.16.12.18/update.htm?=https://www.wepcofcu.org
     

  • Emails or text with misspellings and bad grammar. Fake emails or text often, but may not always, contain misspellings, poor grammar, missing words, and gaps in logic. These types of mistakes help scammers avoid spam filters.

It's more difficult to identify a fake email, text or call using the following:

  •  Sender's e-mail address. To give you a false sense of security, the “From” line may include an official-looking email address. The address may actually be copied from a genuine one. The e-mail address can easily be altered, so it’s not an indication of the validity of any e-mail communication.
  • Generic greeting. A typical phishing e-mail, smishing text  or vishing call has a generic greeting, such as “Dear Customer,” but legitimate emails or calls may use them too, so please don't be fooled.

Phishing, Vishing, and Smishing!

These scams share more than rhymes: they all involve tricking people into voluntarily giving out sensitive information such as account, card, and/or PIN numbers and Social Security Number.

In each one, scammers pass themselves off as employees of a business. They send certain messages to persuade people of the importance in giving sensitive information; examples include suspected account fraud activity, suspension of services, card deactivation, billing problems, and requests to update information.

The difference between them is their methods.

  • Phishing uses deceptive emails and websites to obtain information. Scammers can also set emails and sites to infect computers with viruses.
  • Smishing uses text messages that inform people to contact a number or visit a website; the number or website is set to gather information for scammers.
  • Vishing uses telephones and automated voice response systems to obtain information.

To protect yourself from the dastardly trio, we recommend a few ideas:

Never click a link or call a provided number. Instead, contact the business directly using a legitimate source, such as the Yellow Book.

  1. Keep your computer security and firewalls up-to-date. These measures prevent viruses from infecting your computer.
  2. Learn about the latest fraud scams. If you know which businesses are affected, you can better defend yourselves from the scams.
  3. Forward any emails to the business so they can shut down any bogus site. For WEPCO, please forward emails to phishing@wepcofcu.com

 Identifying a Fake (Spoof) Website or Caller ID Display

  • Deceptive URLs or Caller ID display.
    • Some scammers will insert a fake browser address bar over the real one or fake calling from number, so it looks like you’re on a legitimate site or that the phone call my be legitmate.
    • URL:  The words on an email may be slightly altered by adding, omitting, or transposing letters. Even if an URL contains the word "wepcofcu", it may not be a WEPCO Federal Credit Union website. 
    • Caller ID: The number on you caller ID is most likely not legitmate and no return call can be made to that number.  If you are directed to call a different number, PLEASE FORWARD THAT NUMBER to us.  We may be able to have the phone number shut down to prevent others from being vulnerable and attacked.   
  • Out-of-place lock icon. Make sure there is a secure lock icon in the status bar at the bottom of the browser window. Some fake sites will put this icon inside the window to deceive you.

Reduce Your Chances of Being Victimized

  • Do not use links included in the e-mail. Open a new browser window, and type in the URL you know to be correct.
  • Do not open attachments. Like fake links, attachments may be used in phishing emails and are dangerous. Opening one, even an image or PDF, could cause you to download spyware or a virus.  
  • Do not give out your personal or account information.  Whether it be by email, call or text, if someone is asking for your personal or account information, never give out your information! 
  • Call the company in question using a phone number you know to be correct. The person you speak with will confirm whether they actually need the information, and if so, whether you can provide it over the telephone.
  • Use anti-phishing software. There are a number of programs available that will warn you if a web address is on a list of known phishing scams.
  • Update your computer with the latest browsers, upgrades and security patches. Some spoof sites are able to obtain your information through your internet host company's address if you simply visit the site.