Internet Security

Technology brings us all kinds of convenience and entertainment. It also creates new ways for crooks to take advantage of consumers. The scams and the lingo change all the time.

Here's an abbreviated technology fraud dictionary to keep you in the know:

Pharming

This secretly plants a virus or malicious program in your computer and hijacks your web browser. Pharming crimeware misdirects users to fraudulent sites or proxy servers. When you type in the address of a legitimate Web site, you're sent to a fake site without knowing it. If you give your password or account information on the fake site, thieves will use your account fraudulently.

Phishing

In this scam attempt, you receive an e-mail prompting you to reveal personal details--say, your Social Security number, passwords, or credit card information--by clicking on a link to a bogus Web page mimicking that of a legitimate company. These e-mails and linked sites used to have an amateurish look that was easy to spot; now, they often are indistinguishable from the real thing.

A clear tip-off that it's a fake--typically the greeting will be generic and not addressed to you by name. Another characteristic is a sense of urgency or alarm, say, that your account is about to be closed. Delete the message and report it to the credit union or other financial institution immediately.

Pretexting

This isn't new, but another scam aided by technology. Sometimes referred to as "social engineering," it occurs when someone tries to get personal private information without authority to do so. The scammer may ask for private information while impersonating an account holder by phone, mail, e-mail, or even by phishing--using a phony Web site or e-mail to collect data.

Smishing

The term "smishing" comes from SMS plus phishing (SMS stands for "short message service," used for mobile text messaging). You may receive a text message, seemingly from your credit union, stating that your account has been closed. To reactivate it, you're told to call a toll-free number and enter your account number and PIN.

Some messages also warn that you will be charged for an order unless you go to a Web site that then steals credit card numbers and other private data.

Spim

Spim is spam--unsolicited bulk e-mail--delivered by IM, instant messaging. Not yet as common as spam, it reaches more people all the time. IM can be especially useful for spammers and dangerous for recipients because they may be more likely to click on links, bypassing virus software available on computers. Block messages from anyone not on your buddy list as a defense.

Spoof

A spoof is an attempt to fool. Web spoofing is the act of secretly tricking your Web browser into talking to a different Web server than you intend. E-mail spoofing involves forging an e-mail header to make it appear as if it came from somewhere or someone other than the real source. Either can seduce you into supplying information to an unintended recipient.

If you hold your mouse over a link, the status line displays the corresponding URL. Be suspicious if the status line URL is different from what you think you should see. If Web pages you're familiar with suddenly prompt you to fill in private information, think carefully before you comply. If possible, call or send mail to the official source to verify that this change is legitimate. As always, when in doubt, do not enter any information you feel uncomfortable providing.

Vishing

Vishing uses Voice over Internet Protocol (VoIP) phones instead of a misdirected Web link to steal your personal information. Instead of an e-mail blast, the thieves use a "war dial" attack over a VoIP system to blanket an area. A recorded message tells you, for example, that your credit card has been breached and tells you to call a number immediately. The number connects to a VoIP phone that can recognize telephone keystrokes. When you dial, another message states "this is account verification; please enter your 16- digit account number."

The same rules apply--don't bite, and notify the "vished" entity right away. Even caller ID can be spoofed, so don't think you're secure if you believe the number looks legitimate. A similar telephone message can arrive by e-mail--again, don't bite.

The Federal Trade Commission recommends the following tips to help you avoid getting hooked:

  1. If you get a pop-up or e-mail message requesting personal or financial information, don’t reply or click on the link in the message. Legitimate companies won’t ask for this information.

  2. Be cautious about opening attachments or downloading files from e-mail messages.

  3. Never send personal information via e-mail. Look for a closed padlock at the bottom of your browser window, or a URL that begins with “https”--the “s” stands for secure. However, some phishers forge these security icons.

  4. Review statements for accuracy as you receive them. If they’re late, call the company to confirm billing address and balance.

  5. Use antivirus software and keep it up-to-date. Run a firewall, particularly if you have a broadband connection. Take advantage of free software “patches.”

  6. Report suspicious activity immediately.

Important Contact Information

Harvard University Credit Union
16 Dunster Street
Cambridge, MA 02138
(617) 495-4460
Email Us
Federal Trade Commission
Identity Theft Clearinghouse, FTC
600 Pennsylvania Avenue, NW
Washington, DC 20580
1-877-ID-THEFT (toll-free hotline)
Online Complaint Assistant

For more information, view our page on Protecting Your Identity. HUECU also offers additional protection through the AlertME consumer credit monitoring service. If you have any questions or concerns about your online security, please contact us at CUMemberContact@harvard.edu, call us at (617) 495-4460, or stop by any of our branch locations.