BVCU - Security Resource Center

Online Magazine with great consumer information click here

Promos and Info

BVCU is YOUR Eco-Conscious C.U.! Click here for details!

Win a $1500 or $1000 College Scholarship! Click here for details!

BVCU wins prestigious Business Sustainability Award! Click here for details!

IMPORTANT note regarding Changing Your Address. Click here for details!

BVCU is the FIRST financial institution to be PACE certified!

We recycle and compost at our branches through our eco-partnership with Eco-Cycle!

BVCU wins National Mortgage Lending Award for our mortgage programs and education! Click here for details!.

Special rates available on eco-friendly autos! Click here for details!

Go Solar on your home with discounted rates! Click here for details!

Please review our Security Resource Center for information on recent FRAUD ALERTS.

Easily SWITCH your CHECKING account to BVCU ! Click here for details.

Rainbow Rewards Are Here!

Security Information

More Info

ID Theft Resources

Visit the FTC identity theft website to view a copy of its publication, "ID Theft: When Bad Things Happen To Your Good Name."

Avoid Phishing scams, check out NCUA ID Theft and protect yourself.

Visit the US Dept. of Justice website to learn about ID Theft and ways to protect your name, records, etc.

Test your ID Theft knowledge with this quiz in PDF format. Note - Requires the free Adobe Reader to view.

Security Resource Center

Protecting our members' privacy and educating them about Identity Theft is a top priority at BVCU. Read below for information on how best to protect yourself against Identity Theft and other types of fraud.

CLICK HERE for a copy of the FRAUD ALERT NOTICE mailed to our members.

*********FRAUD ALERT***********
2/26/08

Dear Boulder Valley Credit Union Customer,

This is your official notification from Boulder Valley Credit Union, your online account has expired. If you want
to continue using our service you have to renew your online account. If not, your online account
will be deactivated and deleted.

To continue click here, complete the renew form with your current
information.

Many Thanks and Kind Regards - Boulder Valley Credit Union - Update Department

*********FRAUD ALERT***********
1/7/2008

Some members and non-member have received the following "phishing" email. Please be advised that this email is NOT legitimate and is NOT from BVCU. BVCU will NEVER request confidential account information via email. If you have received this email please ignore it and delete it.

NOTE: The link that is contained within this email is from a foreign country. Typically these links take longer to get shut down, so the link may be active for an extended period of time. Please trust that we are doing everything possible to get this link shut down as soon as possible.

{Begin Fraudulent Email Copy}

We have recently updated our Internet Banking technology to include multi socket layer secure authentication. This is intended to provide you with the best security possible when accessing your account.
You will need to verify your account information. This allows us to verify that you are in fact, you.

The security update is a three step process:

Log in using your Account Number.
Set up your account information.
Verify that you are the account owner.

Click here {Fraudulent Link Removed} to start the security update.

Regards,
Boulder Valley Credit Union

{End Fraudulent Email Copy}

*********FRAUD ALERT***********

7/25/2007

Dear Boulder Valley Credit Union,

Thank you for your recent email to undisclosed-recipients:. This email system is protected to reduce the amount of unsolicited email (spam).

Your message is being held until you click on the link below to verify that this is a legitimate email message. Sender verification is a one-time process which takes only a few seconds. Once verified, all future correspondence will be allowed automatically. Thank you for your assistance.

Message details:

From: info@bvcu.org
To: undisclosed-recipients:
Subject: Online Banking and Bill Payer Deactivation
Date: July 25, 2007

Sender Verification: Verify your identity here {Fraudulent Link Removed}

Please be aware that if you do not complete sender verification within one day, our system will automatically delete your original message and you will need to resend the message again.

Kind regards,

Email Adminstrator at Pinpoint Solutions, Inc.

{End Fraudulent Email Copy}

*********FRAUD ALERT***********
7/25/2007

You have received this email because we have strong reason to believe that your Boulder Valley Credit Union account had been recently compromised. In order to prevent any fraudulent activity from ocurring we are required to open an investigation into this matter.

If your account informations is not updated within the next 12 hours, then will assume this account is fraudulent and will be suspended. We apologize for this inconvenience, but the purpose of this verification is to ensure that your Boulder Valley Credit Union account has not fraudulently used and to combat fraud. To speed up the process, you are required to verify your Boulder Valley Credit Union account by following the link below:

https://www.bvcu.org{Fraudulent Link Deleted}

We apologize in advance for any incovenience this may cause you and we would like to thank you for cooperation as we reveiw this matter.

Regards,

Boulder Valley Credit Union Online.

{End Fruadulent Email Copy}

*********FRAUD ALERT***********
7/23/2007

Some members and non-member have received the following "phishing" email. Please be advised that this email is NOT legitimate and is NOT from BVCU. BVCU will NEVER request confidential account information via email. If you have received this email please ignore it and delete it.

{Begin Fraudulent Email Copy}

Dear Member,

This is your official notification from Boulder Valley Credit Union that the service(s) listed below will be deactivated and deleted if not renewed immediately. Previous notifications have been sent to the Billing Contact assigned to this account. As the Primary Contact, you must renew the service(s) listed below or it will be deactivated and deleted.

Renew Now{Fraudulent Link Deleted} your BVCU Online and Bill Payer services.

SERVICE: BVCU Online and Bill Payer.
EXPIRATION: July, 25 2007

Thank you for using Boulder Valley Credit Union.
We appreciate your business and the opportunity to serve you.

*********FRAUD ALERT***********
6/28/2007

Some members have received the following "phishing" email advertising a Member Satisfaction Survey from BVCU. Please be advised that this email is NOT legitimate and is NOT from BVCU. BVCU will NEVER request confidential account information via email. If you have received this email please ignore it and delete it.

{Begin Fraudulent Email Copy}

Dear Member,

Now we'd like to know what you think!
Here's your invitation to participate in our convenient, new and easy survey that will improve customer service we provide. Spare two minutes of your time and take part in our Member Satisfaction Survey. Helping us better understand how our members feel benefits everyone.

To continue click on the link below:

Boulder Valley Credit Union {Fraudulent Link Deleted} Member Satisfaction Survey.

{End Fraudulent Email Copy}

*********FRAUD ALERT***********
1/29/2007

BVCU was notified by VISA USA Fraud Control of an unauthorized intrusion into a database file of TJX Companies, Inc. TJX brands include TJ Maxx, Marshalls, and other retail stores. If your account has been compromised you will be receiving a letter in the mail within a week with more information specific to your account.

Please note that this security breach was not a result of any action taken by BVCU, but a security compromise at TJX Companies, a major retailer. We apologize for any inconvenience caused by our fraud prevention efforts. If you have any question please feel free to call us at 303.442.8850.

*********FRAUD ALERT**********

If you have been a victim of Identity Theft, click on Identity Theft Affidavit* to begin taking the steps necessary to protect yourself.

Please be advised: Boulder Valley will NEVER contact you via e-mail soliciting personal information or confirmation. If you do receive an e-mail asking for personal information, do not reply and do not use the link provided regardless if the link leads to a website that resembles the BVCU website. Read below for further information on this Identity Theft concern.

Main Sections

Mail

If you do not have a mailbox with a lock, be sure to pick up your incoming mail every day. Or, consider using a P.O. Box.
Take outgoing mail to the Post Office.
Shred all credit card offers that you receive in the mail. Never dispose of these items without first shredding them.
Make a list of all bills and statements you receive and the dates you normally receive them. If you're expecting a bill and you do not receive it, contact the issuer right away.

Telephone

Never give private information, such as social security number, account or credit card numbers, passwords, etc. over the phone unless you initiated the call.
If you receive a call from someone claiming to be a credit union employee, and they ask for your account information (such as your credit card number, account number, etc.) do not give any information to them. Even if the caller has one identifying piece of information (such as your Social Security Number) this call is not legitimate. Do not provide any additional account information or any sensitive or personal information.

Remember: The credit union will not call you and ask for this information.

Don't agree to any offer or prize where you have to pay a registration or shipping fee, or send money, to claim the "prize."
Don't be pressured to make an immediate decision.

Passwords

Never write your password/PIN down where someone might be able to find it.
Do not send your password or any other personally identifying information (i.e. social security number, account number, etc.) via e-mail.
Avoid easy-to-guess passwords/PINs - like birthdays, anniversaries, phone numbers, names, etc. Use a combination of letters, numbers and symbols for passwords.
Keep your password/PIN private.

Identity Theft

Identity theft occurs when someone uses your personal information to open new accounts, to obtain access to your existing accounts or open credit lines in your name. Thieves may gain access to your personal information in a number of ways:

Personal information stolen from your purse or wallet
Home break in
Automobile theft
Dumpster diving (stealing trash with personal information from a residential or business trash receptacle)
Personal information on your imprinted checks
Medical or school records that are accessed by an untrustworthy employee
Information you provide to a fraudulent telemarketer
Information you supply over the Internet

You can avoid becoming a victim of identity theft by following the tips listed above. You may also want to consider the following:

Do not print unnecessary information on your personal checks (i.e. phone number, driver's license number). Never print your Social Security Number on your checks.
Maintain an unlisted home phone number. This listing is just one more source of information for someone who has a desire to defraud you. You may also consider listing just your name and telephone number without an address.
Review your credit reports from the three credit reporting agencies at least once a year.
Opt out of pre-approved credit card offers by calling 1-888-5-OPTOUT. This establishes a two-year opt out. For permanent opt-out status, put your request in writing and send it to the three credit reporting agencies listed on this page.

If you are a victim of Identity Theft, begin taking the necessary steps to protect yourself immediately by filling out the Identity Theft Affidavit*. You should also contact the three credit reporting agencies and ask them to place a fraud alert on your account.

Equifax: 1-800-685-1111
http://www.equifax.com

Experian: 1-888-397-3742
http://www.experian.com

Trans Union: 1-800-888-4213
http://www.transunion.com

The web sites below provide more information about how to avoid becoming a victim of identity theft, and what to do if you are a victim.

Federal Trade Commission
http://www.consumer.gov/idtheft

Privacy Rights Clearinghouse
http://www.privacyrights.org/identity.htm

Better Business Bureau
http://www.bbb.org/idtheft

Phishing

Phishing occurs when someone impersonates your financial institution, Internet service provider, credit card company, or some other entity and sends a bogus e-mail requesting your personal financial information (such as account number, credit card number, social security number, passwords, etc.). The e-mail will probably warn you of a serious problem that requires your immediate attention. It may use phrases like "Immediate attention required," or "Please contact us immediately about your account," or "You must update your account information immediately to maintain your account with us."

These e-mails look very official and often contain graphics and/or logos that are copied from a legitimate company's web site. Because these e-mails look official, many people believe that they must respond to the request for information. The e-mail may include a link to what appears to be a legitimate web site. In reality, you're redirected to a phony web site that may look exactly like the web site of your financial institution, credit card company, etc. You're asked to provide personal information, which is then used by the thieves to gain access to your existing accounts and credit cards so they can loot your checking account or run up bills on your credit cards. In the worst case, you could find yourself a victim of identity theft. Your financial history and personal reputation can be damaged, and it can take years to unravel.

Beware of new Phishing scams:

Most of us are familiar with the standard Phishing e-mails: you receive an e-mail that your account has been compromised, or that your account needs to be updated or it will be closed, and you are urged to click the link and enter the requested information (usually your account number, SSN, PIN, credit card number, etc.).

The new Phishing e-mails that are making the rounds today offer a reward (usually money) if you complete a short survey about the company. The e-mail promises that you will not have to provide any sensitive information when you complete the survey. The survey will most likely contain the name and logo of the company, and may look very legitimate. You will be asked some simple questions that are not personal in nature. However, later in the survey you are asked to provide personal information so that the reward can be deposited into your account. The survey usually asks for your account number, credit card number, mother's maiden name, and a whole lot of other personal information that the phishers can use to open accounts in your name and perpetrate other types of fraud - including identity theft.

Remember- no legitimate business will ever ask for this kind of information in an e-mail. This is a fraudulent attempt to obtain your personal information for illegal purposes and you should not respond. Read on for more information about Phishing.

Here are some tips to help you avoid falling victim to phishing scams:

The credit union, another financial institution, or any other legitimate company will never send you an e-mail asking for your personal information. If you believe the e-mail (or phone call) may be legitimate, contact the business yourself. The credit union's contact information is listed on your monthly statement, or you can look in your local phone book.
A financial institution will not ask you via e-mail to verify your ATM PIN or Social Security Number, for example. We do have procedures in place to verify your identity when YOU CALL US, and this is for your protection. We will never call you and ask for this information.
Do not respond to any e-mail that asks for your personal information, and do not click on any link in an e-mail that requests your personal information. Delete any suspicious e-mails, or forward the e-mail to the Federal Trade Commission (FTC) at uce@ftc.gov.
Do not disclose any personal information (such as credit card numbers, social security number, birth date, passwords, account numbers, etc) to an unsolicited source, whether by e-mail, phone, online or mail.
Ignore online pop-up windows asking for personal information, no matter how official they may look.
Review your monthly statements for accuracy.

Here's what to do if you're a victim of a phishing scam:

Contact the company represented in the e-mail immediately.
Immediately upon receipt, review all credit card and other account statements for unauthorized transactions.
Take note of when your statements arrive every month, and if any of them are more than a day or two late, notify the appropriate companies immediately.
If you've disclosed personally identifying information, contact the three major credit reporting agencies listed above. They will help you determine if a fraud alert should be placed on your file, which will help prevent thieves from opening accounts in your name.
If your response to a Phish e-mail results in your becoming a victim of identity theft, file a complaint with the Federal Trade Commission at www.ftc.gov and the Internet Crime Complaint Center. Click the "File a Complaint" link on screen.

Helpful information regarding identity theft is available by visiting the FTC web site at www.ftc.gov/idtheft.

Tips for Online Buying and Selling

Buying and selling online has become very popular. As with any sales transaction, you should exercise caution when transacting business online.

Do your research. Select a reputable online company.
Use common sense. If you feel uneasy about the online transaction, pass on it.
If you receive payment by check for an item you sell, make sure the check clears your account before sending the merchandise. Even cashier's checks can sometimes be fraudulent.
When buying online, get as much information about the seller and the merchandise as possible. If a picture isn't available online, ask the seller to send one via e-mail or postal service. Ask for the seller's address and phone number in case you need to contact him/her at a later date.
There are many options for paying online; select the option that you feel most comfortable with. Many online auction houses have payment protection programs. Do your research before making a decision.
Familiarize yourself with the online auction site's security, privacy, and online buying and selling policies.

Foreign Lottery Scams

Remember the old saying, "If it sounds too good to be true, it probably is?" This is especially true of phone calls or mail solicitations offering instant wealth through foreign lotteries.

Here's an example of a lottery scam:

"Congratulations! You may receive a certified check for up to $400,000,000 U.S. CASH! One Lump sum! Tax free! Your odds to WIN are 1-6." "Hundreds of U.S. citizens win every week using our secret system! You can win as much as you want!"

Of course, all you need to do is provide your credit card number or bank account number to purchase the lottery tickets. And when you do, the lottery hustlers will make unauthorized withdrawals or run up charges on your credit card. You'll never get the lottery tickets you were promised.

The FTC has these words of caution for consumers who are thinking about responding to a foreign lottery:

If you play a foreign lottery - through the mail or over the telephone - you're violating federal law. There are no secret systems for winning foreign lotteries. Your chances of winning more than the cost of your tickets are slim to none.
If you purchase one foreign lottery ticket, expect many more bogus offers for lottery or investment "opportunities." Your name will be placed on "sucker lists" that fraudulent telemarketers buy and sell.
Keep your credit card and bank account numbers to yourself. Scam artists often ask for them during an unsolicited sales pitch.

The bottom line, according to the FTC: Ignore all mail and phone solicitations for foreign lottery promotions. If you receive what looks like lottery material from a foreign country, give it to your local postmaster.

Other lottery scams proclaim that you are a winner in a foreign lottery (which you didn't even enter). All you have to do to collect your winnings is send a "contest fee" to cover expenses associated with the lottery and taxes. You're also instructed not to tell anyone that you have won the lottery - especially bank employees, or you will lose your winnings. If you send the fee, whether by mail or through a wire transfer, you'll never see your money or the lottery winnings again.

Another lottery scam involves overnight courier services to give the appearance of legitimacy. You receive a letter that you have won a lot of money (let's say $50,000) in a foreign lottery (typically Canada or Australia). You call the number in the letter and are told that in a few days you will receive a letter and a check to cover the cost of the lottery fees and taxes. The letter arrives by overnight courier service (like FedEx) along with a check (let's say it's for $2,200). The letter explains that the fees and taxes are part of federal law, and you can use the check to cover the costs.

Since the check looks very real, you deposit it into your account and then, as instructed, you write a check out of your account for the fees (or you wire transfer the fees). Of course, their check is fake and now you're out the $2,200.

Here are five tips from ScamBusters.org about these scams:

First of all, playing any kind of cross-border lottery system is a violation of Federal law, and law enforcement officials ARE paying attention. It's illegal. Don't do it!
You can't win a prize in a lottery if you didn't buy a lottery ticket.
Real lotteries don't ask you to pay a fee. If you have to write a check to win a lottery prize, it's a scam. Never, ever send any money for "processing fees," or share any other financial information, in order to claim a prize.
Never fill out any prize forms or "claims" either through snail mail or online -- you may end up on scammers' "sucker" lists as a result, which means you'll just get more solicitations.
Don't believe -- or pay for -- any "secret systems" that will help you win lotteries. If someone really had a foolproof secret system to win lotteries, why would they sell it to you?

Home Computer Security

Firewalls, virus protection software, network intrusion detection systems, and encryption are just some of the ways the credit union protects your account information from unauthorized access. How you protect your personal computer is just as important to the security of your personal information. If you plan to use your computer in an online environment, you need to educate yourself about computer security.

Anti-Virus Software

A virus is a computer program that replicates itself and can harm other programs and files on your computer. Anti-virus software is designed to protect your computer against known viruses. There are many anti-virus software programs available. Keep in mind that with new viruses emerging daily, the program needs regular updates to recognize and prevent new viruses from infecting your computer.

Firewall

A firewall is a barrier that protects your computer from unauthorized access when you are connected to the Internet. A firewall will filter information coming in to your computer from the internet, and will not allow any information to come through that is "flagged" by the filters. If you don't have a firewall installed on your computer, you should do so soon for your own protection.

Spam

Spam is unwanted and unsolicited e-mail. It's similar to the "junk" mail you receive in your mailbox at home. You didn't ask for it, but there it is. Some Internet Service Providers have filters built into their e-mail programs to catch the spam before it reaches your e-mail inbox. Check with your provider to see if they offer this service.

If you get a spam e-mail, don't respond to it. If you respond, or click the "unsubscribe" link in the e-mail, this simply verifies your e-mail address so the sender can continue spamming your e-mail box. Delete the spam and consider using a filter.

Spyware

Spyware is a program installed on your computer, without your knowledge, that is used to "spy" on you as you navigate the Internet. The spyware tracks your web site visits and then sends you advertisements it thinks may appeal to you. Some spyware may even capture user ID and password information you provide online when accessing accounts or placing online orders.

Some companies sell software that combines anti-virus, firewall, and spyware protection all in one.

Boulder Valley Credit Union