Member Security

Credit Union West useful links

Security Tip

Top 5 Social Media Scams

We’re wired to be social creatures, and sites like Twitter and Facebook have capitalized on this to great success. According to its COO Sheryl Sandberg, Facebook draws 175 million logins every day.

But with this tremendous popularity comes a dark side as well. Virus writers and other cybercriminals go where the numbers are -- and that includes popular social media sites. To help you avoid a con or viral infection, we’ve put together this list of the top five social media scams.

5. Chain Letters

You’ve likely seen this one before -- the dreaded chain letter has returned. It may appear in the form of, "Retweet this and Bill Gates will donate $5 million to charity!" But hold on, let’s think about this. Bill Gates already does a lot for charity. Why would he wait for something like this to take action? Answer: He wouldn’t. Both the cause and claim are fake. So why would someone post this? Good question. It could be some prankster looking for a laugh, or a spammer needing "friends" to hit up later. Many well-meaning people pass these fake claims onto others. Break the chain and inform them of the likely ruse.

4. Cash Grabs

By their very nature, social media sites make it easy for us to stay in touch with friends, while reaching out to meet new ones. But how well do you really know these new acquaintances? That person with the attractive profile picture who just friended you -- and suddenly needs money -- is probably some cybercriminal looking for easy cash. Think twice before acting. In fact, the same advice applies even if you know the person.

Picture this: You just received an urgent request from one of your real friends who "lost his wallet on vacation and needs some cash to get home." So, being the helpful person you are, you send some money right away, per his instructions. But there’s a problem: Your friend never sent this request. In fact, he isn’t even aware of it. His malware-infected computer grabbed all of his contacts and forwarded the bogus email to everyone, waiting to see who would bite. Again, think before acting. Call your friend. Inform him of the request and see if it's true. Next, make sure your computer isn't infected as well.

3. Hidden Charges

"What type of STAR WARS character are you? Find out with our quiz! All of your friends have taken it!" Hmm, this sounds interesting, so you enter your info and cell number, as instructed. After a few minutes, a text turns up. It turns out you’re more Yoda than Darth Vader. Well, that’s interesting … but not as much as your next month’s cell bill will be. You’ve also just unwittingly subscribed to some dubious service that charges $9.95 every month. As it turns out, that "free, fun service" is neither. Be wary of these bait-and-switch games. They tend to thrive on social sites.

2. Phishing Requests

"Somebody just put up these pictures of you drunk at this wild party! Check 'em out here!" Huh? Let me see that! Immediately, you click on the enclosed link, which takes you to your Twitter or Facebook login page. There, you enter your account info -- and a cybercriminal now has your password, along with total control of your account.

How did this happen? Both the email and landing page were fake. That link you clicked took you to a page that only looked like your intended social site. It's called phishing, and you've just been had. To prevent this, make sure your Internet security includes antiphishing defenses. Many freeware programs don't include this essential protection.

1. Hidden URLs

Beware of blindly clicking on shortened URLs. You'll see them everywhere on Twitter, but you never know where you're going to go since the URL ("Uniform Resource Locator," the Web address) hides the full location. Clicking on such a link could direct you to your intended site, or one that installs all sorts of malware on your computer. URL shorteners can be quite useful. Just be aware of their potential pitfalls and make sure you have real-time protection against spyware and viruses.

Bottom line: Sites that attract a significant number of visitors are going to lure in a criminal element, too. If you take security precautions ahead of time, such as using antivirus and anti-spyware protection, you can defend yourself against these dangers and surf with confidence.

Source:, Top 5 Social Media Scams, Retrieved from, Copyright (c) Studio One Networks. All rights reserved.
This is for informational purposes. No endorsement intended.


Protecting Yourself

At Credit Union West, your personal information is safe and secure. We have several security measures in place to protect your account information.

Protecting your personal information is vital in diminishing your risk of identity theft. Please review the following tips to learn more about protecting yourself as well as our member communication and security practices.

Protect Yourself from Identity Theft

Never give out personal or sensitive information over the phone, email, or an unsecured Internet connection. Never give your account number or card number, ID’s, PIN, passwords, or other sensitive information. We would never make unsolicited phone calls or send text messages or emails requesting your personal information! Should a Credit Union West employee contact you for any reason, you can always call the credit union back at our published number.

More Security Tips

Phishing is a crime that uses social engineering to fool its victims. That means phishers try to look and act as you would expect your real financial institution to act. This makes it VERY DIFFICULT to recognize a good phishing attempt just by looking. In fact, a really good phishing Web site can fool 9 out of 10 people, including people who are experts with computers. So don’t be afraid to use all the help available to you when it comes to protecting yourself against phishing attacks. Remember - Credit Union West will never ask you to provide personal financial information via an unsecured email. Do not reply to emails that ask for personal identification or account information -- even if they look official.

Here are a few suggestions for how to protect yourself.

  • Use a spam filtering service from your ISP or use spam filtering software to keep phishing emails out of your inbox. And when you are sorting through your inbox, be wary of emails that say they are from your financial institution (and financial institutions you don’t have accounts with) and that you need to click a link to “Confirm” or “Update” or “Verify” your account.
  • Pay attention to the lock icon your Web browser. It can give you good clues about whether a Web site you are visiting is really what you think it is. If you are submitting information, look for the lock icon in the browser border but not in the site content itself. It means nothing there. If there is no lock icon do NOT submit any personal information. A lock icon does NOT mean the site is safe. But the absence of a lock icon tells you the site is NOT safe.
  • Pay attention to the address bar, where the page URL is displayed. If the address doesn’t look right, leave the page. Use a search engine or your bookmarks to get to the real home page for the site you want and navigate from there to what you need. Again, just because the address looks “right” doesn’t mean it is safe, but if it looks suspicious then it probably is not right. If the address bar has been hidden from you without your consent, be suspicious.
  • Get a Web browser toolbar with anti-phishing capability. A good toolbar will warn you if you visit a known phishing Web site. Microsoft, Google and GeoTrust’s TrustWatch all offer good browser toolbars.
  • Protect your computer with anti-virus and anti-spyware software, and a firewall, and keep them up to date. Many phishing sites will try to secretly download a malicious program onto your PC. Anti-virus and anti-spyware software will not only block the download but also alert you that the attempt was made.
  • Never enter your personal information in a pop-up window. Phishers often will load a pop up window over a window showing the real Web site of your financial institution. Just because both windows are on your screen together does not mean they are related. Pop up windows almost never show the address bar, so you have no idea where you are sending your information. Close the pop up window and go to the real financial institution Web site to navigate to your account log in area.
  • Report phishing, whether you’re a victim or not, always assume that you are the first to find the site. Report it to the targeted financial institution or retailer and to the Anti-Phishing Working Group (APWG). The APWG is a clearinghouse that distributes your report to many ISPs and others who are trying to block phishing sites. And the APWG shares the sites reported to it with law enforcement agencies. You can also report directly to the FBI.
  • Act immediately if you’ve been hooked by a phisher. Let your financial institution know immediately. Close any affected accounts. Put a fraud watch on your credit report.