Security

Common Scams and Frauds

These are examples of common fraud schemes
(not necessarily experienced by Direct Financial members).

woman in hat and wearing mask

Common COVID Scams

Criminals can take advantage of the fear and uncertainty around COVID-19. They can attempt to take money and steal information. Do not respond directly or click on links in messages you receive via text, phone call or email; especially from an unknown or untrusted source and particularly those involving:

CDC Impersonators: These can come as fake phone calls, emails, social media posts, or web sites.

Phishing Attacks: The most common are regarding: Fake cures, treatments, and testing kits; and refunds or cancelations from airlines and shipping companies.

Visit the following FTC link for further details: https://www.ftc.gov/coronavirus/scams-consumer-advice

Fraudulent Notification Regarding Your Account

You get an email, phone call or text message informing you that fraud has been detected on your account. This communication may even appear to come from your own financial institution. You are asked to provide information, usually a credit card number or log in credentials, to resolve the supposed fraud or to prevent the account from being closed.

older woman on mobile phone

Impersonation of Family or Friend

Generally done by phone, the fraudster takes advantage of your desire to be helpful. In a common version, you receive a call telling you that your grandchild needs money, sometimes with further explanation that they have been in an accident or arrested. The fraudster asks you to wire or send money through Western Union, further advising "Don't tell Mom and Dad", so the grandchild won't get in trouble.

security officer

Impersonation of Law Enforcement or Government Agency

Generally done by phone call, the scammer will call you pretending to be from a government agency such as the Social Security Administration, the IRS, or even Medicare. They will often threaten that something bad will happen if you do not provide your personal information or provide what they are requesting. Your caller ID may even say the call is from the government, but caller ID can be faked. A scammer may also impersonate law enforcement, such as FBI, threatening that you may be arrested if you do not provide personal information or do not send them money. No government agency or law enforcement official will ever ask you for your personal information over the phone or request that you send them money! Visit the following FTC link for further details: https://www.consumer.ftc.gov/articles/how-avoid-government-impersonator-scam

woman with pencil

Phony Virus Warning or “Scareware”

You see a pop-up message on your computer that tells you your computer has a virus. The message may look similar to legitimate anti-virus software messages. In some case, the fraudster is trying to sell you bogus security software that does little or nothing. In other cases, this fraud may involve illegitimately capturing credit card information, or installing malicious software such as a keystroke logging program. If you click to accept a download, you have likely allowed the installation of malicious software and given control of your computer to the fraudster.

business people at table with computer

Business Impersonation Scam

The scammer will contact their victims via phone call, email, or text and pose as someone from an often-well-known business such as Amazon or Norton Anti-Virus. The scammer will generally state that something is wrong with your account or that a charge has been made for something you didn’t purchase. They will request that you contact them immediately to rectify the issue and at that point they may also request access to your device to process a refund. Once they gain access to your device, they ask you to login to your online banking which in the process of doing so they are stealing your login credentials/gaining access to your accounts and account information. Visit the following FTC link for further details: https://www.consumer.ftc.gov/articles/how-spot-avoid-and-report-tech-support-scams

man looking out window

Employment Scam

Scammers advertise jobs the same way legitimate employers do — online (in ads, on job sites, and social media). They promise you a job, but what they want is your money and your personal information. They will often send you a check and ask you to purchase equipment or material for the job. They may also ask you to purchase gift cards with the funds. No legitimate potential employer will ever send you a check and then tell you to send on part of the money or buy gift cards with it. The check will bounce, and the bank will want you to repay the amount of the fake check. Visit the following FTC link for further details: https://www.consumer.ftc.gov/articles/job-scams

man table computer

Fake Check/Overpayment Scam

A scammer will contact their victim via an online sales ad, such as an ad on Craigslist or Facebook Marketplace, asking to purchase the item. The scammer will send their victim a check in an amount that is more than the agreed upon purchase price and ask the victim to send the overage back to them immediately. The check gets returned and the victim is left to cover the loss. Visit the following FTC link for further details: https://www.consumer.ftc.gov/features/fake-check-scams

girl walking

Romance Scam

Scammers will contact their victims through fake profiles on dating sites and apps, or through popular social media sites like Instagram, Facebook, or Google Hangouts. They will then strike up a relationship with their victims to build trust, often talking or chatting several times a day. Then, the scammer will make up a story and ask for their victim to send them money. Often times the scammer will continue to manipulate their victim for months at a time before asking for money. Visit the following FTC link for further details: https://www.consumer.ftc.gov/articles/what-you-need-know-about-romance-scams

woman sitting in chair

Lottery Winnings Scam

Generally initiated via email or postal mail, a letter is sent by the scammer stating that you have won a lottery. Within the letter, there’s often instructions asking you to send funds and/or your bank account information, to pay for processing fees, taxes, and other miscellaneous fees in order to receive your winnings. No legitimate lottery will ever require payment or bank account information to receive your winnings. Visit the follow FTC site for further details: https://www.consumer.ftc.gov/articles/fake-prize-sweepstakes-and-lottery-scams

Words of Advice

If something sounds too good to be true, it probably is!

Common-Sense Guidelines to Follow

Do not send money to someone you don't know or trust.
Do not respond to an e-mail that asks you to share personal information.
Do not call any phone number provided to you via email, text, or over the phone if you do not trust the source. Instead, obtain valid phone number from a credible source such as a secure website or a phone book.
When in doubt about an email, do not click any links.
Do not accept checks you receive that are for an amount greater than the expected amount or checks that are mailed to you that you were not expecting.
Do not send gift cards or funds via a money transfer service to someone you do not know, even if the request appears urgent.
Stop. Think. Call us or someone you trust! – Scam artists prey on your emotions and want you to act before you have time to think.
Block unwanted calls and text messages – See resource below for a “How to Guide”.

What You Can Do

Always have up-to-date anti-virus software installed on your computer
Enable the authenticator application for NEFCUonline online banking
Ask us to scan your driver's license or photo ID the next time you visit a Direct Financial branch. This way we'll know if anyone tries to impersonate you.
Ask us to put a password on your accounts.
Passwords you use to access your online financial accounts should never be reused on other online accounts. Make your Direct Financial login one-of-a-kind! That way, if a security breach happens somewhere else, your most important accounts won't be affected.
To monitor your accounts, use NEFCUOnline and set-up Account Alerts to receive customized notifications of your account activity.
When you conduct a transaction with a teller, present your membership card or write down your membership number instead of speaking it aloud.
Shred sensitive papers.
Visit the resources below to stay up to date on how to protect yourself from fraud.
NEVER provide your online banking credentials to anyone, not even your financial institutions - no legitimate business will ask you for this information.
NEVER give out personal identifying information to someone you do not know or trust.
NEVER allow anyone remote access to your computer.
Visit a branch to pick up flyers which provide information on various types of scams.
Check Direct Financial newsletters and directfinancial.com/security for updates on security topics - stay informed!

What Direct Financial Is Doing

We know our members. Scanned IDs are one tool that help us protect you against impersonation.
Our teller and ATM receipts are printed with truncated card numbers, so your account information is protected from dumpster divers.

We provide up-to-date information about how you can protect yourself from fraud and scams on our website, our newsletters, and via our social media page.
We follow up-to-date industry standards for password protection.

Direct Financial has various debit and credit card fraud monitoring tools in place to help detect unauthorized activity on your accounts. If activity meets the parameters within the tool, you or Direct Financial will be alerted to verify the activity.

Online Security

NEFCUOnline Account Access

Is it safe to access my accounts? Are my accounts secure?

Your Credit Union has taken many steps to ensure the security of NEFCUOnline. We provide system and transaction security through strong authentication, encryption and digital certification software. Access to your account via NEFCUOnline is only allowed through the devices you have designated to have access to your account. You will be required to use your username and a valid password to access the system. For your protection, your credit union recommends that you memorize your password and do not write it down (just like an ATM PIN). You should never give your password to anyone or let anyone see you enter your password when you are logging in to NEFCUOnline. In addition, you should change your password periodically and do not use easily identified passwords such as birth dates, years, etc. To better protect you, you will have only a limited number of tries to input the password correctly. If you accidentally become locked out of NEFCUOnline, you will need to call Direct Financial at 800.966.8200 or stop in to one of our branches for assistance.
Can I securely grant access to my account to another user?

With Shared Access, you can grant access to designated individuals. As the account holder, you determine which accounts your subuser(s) should see and you choose whether you want them to have “View Only” access or whether you want them to perform certain types of transactions such as internal transfers and bill payments. If you opt to grant access to BillPay, you must set a per transaction limit. Any transactions submitted by a subuser that exceed this limit will require your approval before they process.

To get started, click on “Additional Services” and select “Share Access with Others” from the dropdown menu. This link will take you to the page where you can add subusers, manage their permissions, or revoke access at any time. If you have any pending transaction to approve, they will also be displayed at the top of this page.
Can any other member see my account information?

Your information is kept strictly confidential. NEFCUOnline requires a combination of the correct username and corresponding password to access any confidential information. Plus, login is only allowed from the device(s) that you have designated to have access to your account. Unless you share your login information with others and give them physical access to your devices or you opt to grant access to another user through the Shared Access (entitlements) feature, no one but you will be able to access your account information through NEFCUOnline or over the Internet.
Where is my data stored? Who has access to my data?

Transaction data that appears in NEFCUOnline is refreshed each time NEFCUOnline is loaded. Consequently, there is no account data storage outside the Credit Union with NEFCUOnline.

Turbo Tax and FinanceWorks data is stored within Digital Insight systems. Digital Insight systems are secured with encryption, perimeter and internal firewalls, screening and filtering routers, intrusion detection, strict authentication, virus protection, and application security. Digital Insight network architecture is structured so servers that store member information are not directly connected to the Internet.

Additionally, Digital Insight employs policies and procedures to ensure the highest level of security throughout their organization including physical controls such as retina eye scan authentication for access to their data centers, administrative controls such as clear personnel policies and background checks, and a team of security specialists who provide 24/7 support. In addition, Ernst & Young performs an SSAE 16 Audit (the latest AICPA standard) of Digital Insight's service controls, and measures their effectiveness. This assessment includes physical facilities as well as Internet operations.

As always, some Credit Union employees have access to member financial data by virtue of their role at the Credit Union. However, that access is governed by internal policies and by several layers of security safeguards. In addition, the Credit Union's security is examined annually by external auditors and by the National Credit Union Administration (NCUA).

To Protect Yourself

Each year, millions of Americans discover that criminals have fraudulently assumed their identities. A fraudster using a stolen Social Security number or other personal information can quickly run up thousands of dollars in purchases before the victim becomes aware that their identity has been stolen.

Identity theft has become the fastest-growing crime in America, a crime which usually leaves victims with the responsibility of cleaning up a web of phony purchases, bogus accounts, and damaged credit ratings.

Take Action to Avoid Identity Theft

To Help Protect Minors

If you are concerned about potential identity theft for your child or children under 18 years of age, you can use this form to send a letter to the three primary credit bureaus. You will need to enter your information three times, since the form creates letters to all three bureaus.

If you are concerned that your child under the age of 18 is a victim of identity theft, you should contact the three credit bureaus and ask them to search for your child’s information. Visit the following FTC’s website for further information: How To Protect Your Child From Identity Theft | FTC Consumer Information

If you think you are a victim, call us at 800.966.8200.

Resources

Visit the sites below for further information on fraud prevention and what to do if you become a victim.

To help limit the amount of telemarketing calls you receive and your chances of a scammer contacting you, you can register your phone number(s) with the National Do Not Call Registry here: https://www.donotcall.gov/

To stay up to date on scams, visit the following summary page on the FTC website and subscribe to Consumer Alerts by clicking on “Get Email Updates”: Scam Alerts | FTC Consumer Information

Identity Theft Resources

Consumer Protection

ReportFraud.ftc.gov is the federal government's website where you can report fraud, scams, and bad business practices.

Money Smart for Older Adults Guide

Visit consumer.ftc.gov to find tips and learn how to avoid scams.

Consider placing a security freeze with the three major credit reporting agencies. This can be done online or by phone. A security freeze prohibits, with certain specific exceptions, the credit reporting agency from releasing the consumer’s credit report or any information from it without the authorization of the consumer.

Equifax
Security Freeze | Freeze or Unfreeze Your Credit | Equifax®

Experian
Security Freeze Center at Experian

Transunion
Credit Freeze | Freeze My Credit | TransUnion

The Attorney’s General Office is also another Consumer Protection resource that you can reach out to if you are a victim of fraud. Visit this direct link to the Vermont AGO’s website: Scams - Office of the Vermont Attorney General

If you think you have become a victim of identity theft, or if you have any questions, call the Contact Center at 800.966.8200.

Fraud Prevention

Common Scams and Frauds

Common COVID Scams

Fraudulent Notification Regarding Your Account

Impersonation of Family or Friend

Impersonation of Law Enforcement or Government Agency

Phony Virus Warning or “Scareware”

Business Impersonation Scam

Employment Scam

Fake Check/Overpayment Scam

Romance Scam

Lottery Winnings Scam

Words of Advice

Common-Sense Guidelines to Follow

What You Can Do

What Direct Financial Is Doing

Online Security

NEFCUOnline Account Access

Learn how to safeguard your personal and financial records from fraud and identity theft.

To Protect Yourself

To Help Protect Minors

Resources

NEFCU Online

Security

Fraud Prevention

Common Scams and Frauds

Common COVID Scams

Fraudulent Notification Regarding Your Account

Impersonation of Family or Friend

Impersonation of Law Enforcement or Government Agency

Phony Virus Warning or “Scareware”

Business Impersonation Scam

Employment Scam

Fake Check/Overpayment Scam

Romance Scam

Lottery Winnings Scam

Words of Advice

Common-Sense Guidelines to Follow

What You Can Do

What Direct Financial Is Doing

Online Security

NEFCUOnline Account Access

Learn how to safeguard your personal and financial records from fraud and identity theft.

To Protect Yourself

To Help Protect Minors

Resources