Credential stuffing occurs when hackers use stolen information, such as usernames and passwords, from database breaches or phishing software from one account, and attempt to gain access to another. The hackers prey on people's habit of using the same usernames and passwords for multiple sites. Using automated tools, they run large amounts of stolen information across multiple sites looking to find the same usernames and passwords being used elsewhere. Once they find a match, they can monetize the personal and financial information they gather.
Credential stuffing attacks are on the rise, but there are steps you can take to protect your DFCU accounts:
- Select a Login ID that is unique to you and to your DFCU account. This means you would only use that Login ID with DFCU Online and no other websites. Choose something that is unique...not your email address, your name, or anything else easily guessed. To change your DFCU Online Login ID, login using your existing login credentials, go to Settings and select Security Preferences.
- Change your password to something strong and unique that is only used with DFCU Online. Using the same password for multiple websites can increase the chances of fraudulent activity.
- DFCU Online uses multi-factor authentication to verify a login attempt. It is important to ensure the email address and phone numbers used to receive these secure access codes are accurate and only accessible by you. To review and edit these delivery options, login into DFCU Online, go to Settings and select Security Preferences.
While no breaches have occurred at DFCU Financial, fraudsters may use compromised credentials from other websites to attempt to access your accounts through DFCU Online. When these attempts occur, you may receive invalid password security alerts. If this happens to you, this is a signal that you need to strengthen your login credentials for DFCU Online.
Debit & Credit Card Fraud
Debit & credit card fraud involves the unauthorized use of another person’s card information to make purchases from their accounts or access funds.
Please contact us if your Debit or Credit card is lost or stolen, or you suspect there have been unauthorized charges.
- Debit: Call us at 888.336.2700 during normal business hours or 833.448.0024 after hours to close your card.
- Credit: Call 888.999.0095.
DFCU Online and DFCU Mobile
When you use DFCU Online and DFCU Mobile, we encrypt your Member Number and password and use firewalls that act as a shield between the Internet and DFCU Financial’s internal systems. These precautions are intended to prevent anyone other than you and DFCU Financial from accessing your personal information.
While we work hard to protect and secure your accounts, there are several steps you can also take to help prevent unauthorized account activity:
- Install security software on your computer.
- Do not write down or share your log-in credentials or any other personal information.
- Log off when leaving your computer.
- Provide personal information only once you have logged in to DFCU Online from our website's homepage.
In addition to the safeguards outlined above, the federal government also provides protection for consumers. The same law protecting you from fraudulent credit card usage also protects you from unauthorized account access activity. Please refer to your Online Account Access Agreement for details.
Bill Payment and PopMoney
FraudNet, our Bill Payment & PopMoney Fraud Detection solution, provides fraud prevention capabilities by analyzing daily bill payment and PopMoney transaction data, comparing the data to suspicious fraud scenarios and examining user behavioral patterns.
When fraud is suspected, our representatives may hold processing of suspicious payments until the transaction can be verified as fraudulent or authentic. You may be contacted with questions and asked to verify your name and address, but will never be asked to provide your Social Security number.
If you have any problems or questions, call Bill Pay and PopMoney Customer Service at 888.918.7436 or send us a Secure Message through DFCU Online.
When someone is a victim of identity theft, his/her name and personal information, such as Social Security number, address, health insurance information or job history is compromised. The identity thief takes this information and applies for credit by taking out loans or opening new accounts in the victim’s name. The thief might also use that information to fraudulently apply for a job or use the victim’s health insurance plan to cover prescription drugs or see a doctor.
If you believe identity theft has taken place, here are steps you can take:
Place an initial fraud alert with all three credit bureaus in the United States to make it harder for an identity thief to open an account in your name. When you have an alert on your report, a business must verify your identity before it issues credit. The initial alert stays active for 90 days.
Order your credit reports. After you place an initial fraud alert, the credit reporting company will explain your rights and how you can get a copy of your credit report. Placing an initial fraud alert entitles you to a free credit report from each of the three credit reporting agencies.
Complete the Report Identity Theft process on the Federal Trade Commission (FTC) site at www.ftc.gov. After you complete the process, print a copy of the Identity Theft Report. Take your Identity Theft Report to the police department and file a report. Obtain a copy of the police report or the report number and keep it with your Identity Theft Report.
The Identity Theft Report can be used to:
Get fraudulent information removed from your credit report
Stop a company from collecting debts that result from identity theft or from selling the debt to another company for collection
Get information from companies about accounts the identity thief opened or misused
Account Fraud or Compromise
Account fraud or compromise occurs when an unauthorized transaction posts to a member’s DFCU Financial account. If you suspect fraud in connection with your DFCU Financial accounts, contact us right away at 888.336.2700.
Phishing is when someone sends an email pretending to be a legitimate entity to scam someone else into providing personal information that will be used for identity theft. The email usually directs the user to visit a website where they are asked to update personal information (Member Numbers, Social Security numbers, PIN numbers, passwords) that the legitimate organization already has.
Read the FTC consumer alert on phishing.
DFCU Financial will never request that you send personal information via email and will not sell your email address to our partners and vendors. If you encounter a suspicious email or website that says it's from DFCU Financial, do not respond to it and consider this an unauthorized attempt to gain access to your personal information for purposes of fraud.
You should be suspicious of any email that appears to be from DFCU Financial containing links (other than a link to our website) to a page asking you for your personal information. Never provide personal information in response to an unsolicited request.
Forward suspicious emails and websites that claim to be affiliated with DFCU Financial to email@example.com so we can investigate the source. Once you have forwarded the email, please delete it from your mailbox. Please do not use this email address for conducting other business with DFCU Financial.
Tech Support Scams
Every year, millions of people are conned into giving access to their computers by tech support imposters. These imposters claim to be from Microsoft or other computer firms, but in reality, they are imposters looking to steal your information.
Every year, some 3.3 million people fall victim to the tech support scam, costing victims around $1.5 billion. Once you realize what has happened, you'll need to take immediate action to minimize the potential damage.
We want to help keep you protected, so we have come up with a 10-point plan to help you. You can read our plan here.
In the constant fight against fraud, it is imperative that we work together to maintain your privacy and security. To that end, please remember that DFCU Financial will never ask you for confidential information.
If you receive a call requesting your account information, debit card PIN, or online banking password - even if it appears to be from a DFCU Financial phone number - please immediately terminate the call and contact us at 888.336.2700.
This is a fraud scheme known as "spoofing." Please refer to FCC guidance to learn more about spoofing.