Security Center

When you transact business with Los Angeles Federal Credit Union (LAFCU), you can feel confident that your data is secure, whether online, by telephone, or in our branches. Below are links to helpful information.

Top 7 Mobile Device Security Tips
We know how much you enjoy the convenience of accessing your accounts and making a check deposit from your mobile device. We want you to do so safety and securely. Here are some tips to help ensure you have a safe and secure mobile experience:

  1. Lock your phone with a long password. Be sure to use numbers, letters (upper & lower case) and special symbols.
  2. Set the automatic screen-locking feature for the phone. The shorter the time period the better.
  3. Activate your “find my phone,” software and test it often. This features will securely wipe the phone in the event of loss or theft.
  4. Backup your phone data regularly to a safe computer or laptop daily or weekly.
  5. Update your mobile operating system regularly.
  6. Update your mobile applications, too. Make sure you are using the latest version of the LAFCU apps.
  7. Don’t share your personal information.
More Mobile Device Security Tips

Shopping Tips

SECURITY VIDEOS
Security is a hot topic in the news and it’s critically important. At LAFCU, we place the highest value on respecting and protecting the security of your data and transactions. To help you, please click on each topic then watch a short video:

FRAUD ALERTS

• HEARTBLEED BUG: All LAFCU online, mobile and telephone services (including e-Branch, e-Bill Pay, mobile account access, mobile check deposit, TouchTel-24, etc.) were NOT impacted by the “Heartbleed” bug (Open SSL), that was reported in the news on April 9, 2014. However, for your safety and security, we recommend you change your online passwords every 90 days, make your passwords long and complex, and ensure your computer has the latest security updates from the device manufacturer.
More info
about this bug.

• NCUA FRAUD! A fraudulent email is being sent to credit union members claiming to be from the NCUA asking them to participate in an online or member survey. This is a phishing email that has NOT been approved by NCUA. If you receive this email, please do not respond. If you think you are being phished, please contact LAFCU and forward the email to securityinfo@lafcu.org.

•  ELECTRONIC FUNDS TRANSFERS (EFT) FRAUD:  Most of these frauds involve business customers whose online banking software credentials were compromised. The attack vectors can include ways to distribute hostile links or infected attachments, including emails, hostile websites, social media, instant messaging and browser pop-up windows. The most prevalent threats to date are:

  • The Clampi Trojan virus: This attempts to use targeted information such as e-mail addresses and contacts from social networking sites to lure users into getting their computer infected.
  • The Zeus bank Trojan virus: This also attempts to enter user systems though hostile links and other sources. Since this virus is capable of evading most up-to-date Anti- Virus programs, the best defense is to avoid clicking suspicious or potentially hostile links via the internet or email.
  • The new URLZone bank Trojan virus: This was built to evade most Anti Fraud programs that monitor suspicious transactions. It has targeted only European Union accounts at the time of this report.

The common thread of all infections is that the end users were somehow tricked into clicking hostile links, websites or attachments to become infected with malware. All of these malware items were designed to steal end user credentials and wire money to fraudulent accounts through EFT. Here are helpful links that can help protect you from online viruses:

 http://www.fdic.gov/consumers/consumer/guard/index.html
 http://www.onguardonline.gov/topics/overview.aspx

DO YOU KNOW THE WARNING SIGNS OF FRAUD? You can avoid becoming a victim of fraud; here are some warning signs and play it safe suggestions:

  • Update Software: To aid in the prevention of virus attacks on your computer, at least weekly please check then update, if needed, your computer´s software, especially anti-virus and all web browsers.
  • Helpful Tips: Click to read the "Secure Online Account Access" document with details to help protect your financial security and personal privacy.>
  • Warning Signs: sounds too good to be true; pressures you to act "right away;" guarantees success; promises unusually high returns; requires an upfront investment - even for a "free" prize; buyers want to overpay you for an item and have you send them the difference; doesn´t have the look of a real business; something just doesn´t feel right.
  • Play it Safe: it´s easy for a business to look legitimate online - if you have any doubts - verify with the Better Business Bureau; according to the U.S. Postal Inspectors, only 2% of reported identity theft occurs through the mail - report online fraud to the Federal Trade Commission; retain your receipts, statements, and packing slips - review them for accuracy; shred confidential documents instead of simply discarding them in the trash.
  • Fraud Facts: the credit union will never email you for your account number; for at home jobs - there no legitimate jobs that involve reshipping items or financial instruments from your home; foreign lotteries are illegal in the U.S. - you can´t win no matter what they say; check you monthly statements and order a copy of your credit report annually and review for accuracy.
  • If you notice any signs of fraud, notify the appropriate authorities. If you account is impacted, call the Credit Union directly.

Members affected by this scam, and variants of this scam, are advised to forward the entire e-mail message to mailto:Phishing@ncua.gov. Additionally, formal complaints concerning any suspected fraudulent
e-mail can be filed with the Internet Fraud Complaint Center (IFCC) at www.ic3.gov The IFCC is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center. Other reporting agencies include:

"ACH TRANSFER REVIEW" EMAIL MESSAGE: The Automated Clearing House (ACH), a financial service offered by the National Automated Clearing House Association (NACHA), the U.S. electronic payments association, was recently impersonated in a campaign of spam messages sent out to unsuspecting users with the purpose of spreading "malware." The message seemed to be sent from a legitimate NACHA e-mail account. This specific message, named "ACH Transfer Review," informs the victim a transaction has failed and that they must review the input data for the payment. The victim is asked to fill the application form attached to the e-mail. The attachment is represented by a ZIP file that contains what seems to be a .pdf document that must be reviewed by the recipient. The .pdf file is actually an executable that installs a downloader on the soon-to-be infected computer. The downloader´s purpose is to get other malware from the Web, and onto the computer. A few moments later, the Zeus bot, also known as "Trojan(dot)Generic.6152125," is installed on the victim´s computer, then monitors all electronic financial transactions and sends out username and password information. The routing details from the message appear to come from a domain called "digitalskys.com", the website of a wireless solutions company, likely used by the cybercriminals to mask their true identity.

CONTRACT/INHERITANCE FUNDS CLAIMS NOTIFICATION SCAM: Credit Union members and non-members have been receiving email from Scammers notifying the recipient that he/she has large sums of unclaimed inheritance in the tens of millions. The scammers want your personal and sensitive information. To receive your inheritance, complete, and submit a claims form to Los Angeles Federal Credit Union. This is a scam. Do not provide your personal or sensitive information or reply to email and do not complete or send the claim forms. Contact the credit union directly at (877) 695-2328.

E-BRANCH LOG-IN SCAM: When logging into e-Branch, if you see an additional login screen that asks you to fill in detailed credit card or Check Card data or an ATM PIN...DO NOT PROVIDE ANY INFORMATION! The appearance of this fraudulent "Challenge Question" or identity confirmation screen means your computer has been compromised by a virus ("mal-ware"). You should 1) have your computer inspected quickly by a trusted technician who can remove this virus, and 2) contact LAFCU member services (at 877/695-2328) and have your e-Branch PIN changed.

E-MAIL SCAM: There is a current fraudulent email being sent to some LAFCU members and non-members claiming to be from a LAFCU Board member or director. Do NOT respond to this email. LAFCU does NOT and will NOT ever ask you to email us private information. If you think you are being phished, please contact LAFCU and forward the email to memberservices@lafcu.org. Click to view an informative brochure about phishing.

MEGA MILLION LOTTERY SCAM: Credit Union members have been receiving notification that he/she has won a mega million lottery. In order to claim the millions promised and before a payout can be honored; the Scammers want you to send upfront expenses for various fees, taxes, etc. This is a scam. If you are unsure, please contact the California State Lottery Office or the credit union at (877) 695-2328.

"MYSTERY SHOPPER" ONLINE FRAUD: In this highly technical and sophisticated age, unfortunately there are people who attempt to lure you into illegal schemes. One involves you receiving a counterfeit check or money order from a "Mystery Shopper" who nicely asks you to deposit the funds into your credit union checking account, then immediately send the shopper most of the deposited funds except your fee. Unfortunately, the original check bounces and you are responsible for the loss. Don´t be fooled by frauds like this…always report them to the appropriate authorities, including LAFCU’s security department.

TEXT MESSAGE SCAM: There are some fraudulent TEXT MESSAGES currently being sent to cell phones with messages like "Visa Alert. Unusual Activity. Call now at (###) ###-####" or "Your account has been deactivated. Call (###) ###-####." Do NOT respond to these types of "phone phishing" messages... they are NOT from LAFCU. It is an attempt to steal your account info then commit fraud. If you receive this type of a "phone phish," please email the fraudulent message to memberservices@lafcu.org

NCUA Fraud Alert: Info about recent scams will be listed here, when available.


   Basic Security Advice: This page has tips on ATM usage, Checking & Savings Accounts, Credit & Debit Cards, Credit Reports, e-Mail, Internet Crime Complaint Center, Reducing/Eliminating Paper, Personal Computer usage, PINs, and Personal Information Protection.
   Credit Card Breaches: Credit Card breaches seem to be happening more and more and may affect you. Find out what LAFCU is doing to protect you and how you can help!
   e-Branch "Multi-Factor Authentication": Read about the "Enhanced Security" we provide users of our online account access service. This security helps protect your online identity, combat "phishing" attacks, and prevent fraud.
   e-Mail Security: Send sensitive, encrypted emails to LAFCU 24/7 from this secure webpage.
   ID Theft Coach : This online guide helps coach you to safeguard personal and financial records from fraud and identity theft.
   ID Theft Protection: We offer a referral service that, for a small fee, can help protect your good name.
   ID Theft & Security Terms: This glossary provides a list of commonly-used terms.
   Online Fraud Protection: This online site helps you detect and prevent fraud.
   Phishing & ID Theft: Read how to protect yourself from this form of e-Mail fraud.
   Privacy Policy: This explains how LAFCU protects the privacy of our members, and complies with National Credit Union Administration (NCUA) regulations.
   Verified by Visa: Use this FREE service to protect yourself when shopping online with your LAFCU Check Card or LAFCU Visa® Credit Card.