PERFORMING DAMAGE CONTROL WHEN YOUR MEMBERS’ IDENTITIES ARE COMPROMISED

Photo Credit: http://www.acma.gov.au

According to The Worthington Daily Globe, people in the Worthington, MN area received a phishing text that looked like it came from Fulda Area Credit Union (FACU) claiming a discrepancy or problem with the recipients’ accounts on Monday morning, February 15, 2016. Upon further investigation, these SMS messages were from scammers who targeted both members and non-members, indicating there was not a breach in FACU’s core, but rather a purchased list of phone numbers.

“It seems to be a classic phishing attempt where they just target a group of phone numbers trying to get information,” said Laura Honken, vice president of operations for Fulda Area Credit Union (FACU). “It just seems they’ve probably purchased a block of phone numbers and started out with that.”

Although Monday was a federal holiday, FACU employees acted quickly in order to ensure that their members and potential members’ information is safe and the brand is protected. 

“It is our priority to make sure that if anybody did click on that, we are getting them protected as soon as possible,” Honken said.

Aside from immediately reporting the scam to authorities and cell phone carrier fraud departments, FACU employees started closely monitoring the credit union’s official Facebook page to field member questions, as well as answered the phones at the Fulda and Worthington locations. 

As new details are sure to unfold, we want to first give kudos to FACU employees for their proactive approach in helping members and non-members ensure data safety. Secondly, we want to provide some quick tips on how to quickly and effectively communicate emergencies to members:

1. Designate “important messaging” areas on your ePresentment and Home Banking platforms.
2. Ensure brand consistency across all delivery channels so that members do not click on something that does not match your brand.
3. Utilize member statements to provide instructions on how to handle suspicious activity/data compromise, as well as contact information.
4. Communicate prevention methods in the onboarding process.

Member communications do require frequent revisions in order to maintain compliance. However, the following steps from the FTC to consumers on avoiding a phishing attack via text or email are a great start:

• Use trusted security software and set it to update automatically. 
• Don’t email personal or financial information. Email is not a secure method of transmitting personal information. 
• Only provide personal or financial information through an organization’s website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins with https (the “s” stands for secure.) Unfortunately, no indicator is foolproof: some phishers have forged security icons. 
• Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances.
• Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer’s security.
  
  ​To learn more on how to effectively handle data safety compromise, click here.

---