Know how to spot suspicious activity.

Contact Us

Scams

Firefly provides information you need to stay safe.

There's never a shortage of scammers looking for new victims, and our activities can expose us to significant threats that are damaging to our finances and personal information. Take the time to learn about scams and how to reduce your risk.

Safeguard Your Info

Safeguard Your Info

Never share account data

Monitor Accounts

Monitor Accounts

Review account statements regularly

Protect Your Computer

Protect Your Computer

Update firewalls and anti-spyware

Act Immediately

Act Immediately

Contact us if data has been compromised

What it is:
When someone makes accessible an electronic device such as a USB drive that is preloaded with malware with the intent that you will use the device and allow them access into your computer.

How to protect yourself:
Do not leave your computer unattended and do not use preloaded devices unless you know they are from a trusted source.

What it is:
Botnets are groups of computers (robot networks) that work together without your knowledge to scan computers for vulnerable software holes and access important information. Each computer added to the robot network increases its overall strength.

What it does:
If your computer is vulnerable and becomes part of the botnet, it may attack through keylogging; spam or phishing scams; click fraud (activates viruses through clicking other sites); denial of service (using numerous infected devices to access a single website causing it to become unresponsive); and stealing, storing, or propagating wares (Illegally obtained or pirated software).

 How to protect yourself:
Protect yourself by using updated anti-virus and anti-spyware programs. Disconnect online when you are not using your computer to avoid activity while you’re away. It’s also best not to click on sites you don’t trust, monitor your 'Sent' and 'Outgoing' email boxes for messages you didn’t send, and be cautious about opening email attachments regardless of who they are from.

What it is:
Keylogging uses a device (hardware) or program (software) to track and record what you type. If it’s in a software program, a file is created and sent to a specified recipient. If it’s in hardware, the person who installed the hardware must retrieve it in order to access the information gathered.

What it does:
Keyloggers are typically used maliciously to gain account numbers, PINs, usernames and passwords. A keylogger can be installed undetected via a virus or spyware, which then uses trojans to execute. The program also can use email to direct you to respond or click on an attachment and enter personal information. Keyloggers sit on various websites waiting to install themselves on unpatched or unsecured machines that hit their site.

How to protect yourself:
In addition to the tips found on the Computers & Laptops section on our Electronic Device Security page, you can protect yourself by doing the following:

  • Make sure all the programs running on your computer are ones you recognize. If you do not recognize a program, get advice immediately to determine if it should be uninstalled.
  • Be wary of emails from banking or financial institutions (whether it is one you use or not), and Pay Pal. Do not respond if you believe the email is fraudulent – remember never send personal or financial information via email.
  • Visually inspect the back of the computer. Look specifically for a small connector device between the keyboard wire and the computer.

A word of note:
Keylogging also has constructive purposes including software development. The examination of keystrokes will indicate any errors, which developers can easily correct. Some employers use keylogging to determine the productivity of employees, or to ensure work computers are used for business purposes. Law enforcement officials may use keyloggers to circumvent applied security measures and obtain passwords or encryption keys. Concerned parents might use them to monitor their children's online activity.

What it is:
Phishing is an email scam that asks you to verify personal information using replicas of existing web pages.

What it does:
Since the pages appear to be legitimate, many people are deceived into entering personal, financial or password data. Phishing scams often try scaring you into action by threatening to close accounts if you don’t respond.

How to protect yourself:
If you are suspicious of phishing based on the sender or subject details, don’t open the message. If you do open it, do not open attachments or click links and don’t respond if prompted to verify your information. Updating your virus protection software and your computer operating system also will be helpful against these scams.

Common phishing scams:
The Federal Trade Commission (FTC) gives these examples of phishing messages:

  • "We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
  • "During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."
  • “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

Click here to read more about what the FTC advises to avoid phishing.

Also be aware:
There is a second type of phishing known as “spear phishing” where a user receives a fake email from a hacker posing as a colleague or friend. The email contains a dirty link or file corrupt with malware. If you receive an email from someone you know that seems out of the ordinary (misspellings when there typically aren’t any, they are not making sense, they make an unusual request, etc.) or an email containing only a link, do not open it or respond. In this type of scam, the fake email may even appear as the exact email you typically receive from this person.

What it is:
While phishing requires victims to voluntarily visit a fraudulent site, pharming simply redirects victims to fraudulent websites without assistance.

How to protect yourself:
Pharming is only successful when software or server vulnerabilities exist; otherwise, the criminal needs an insider to make unauthorized changes in order to redirect site visitors. To prevent these scams, we work diligently to manage and update our server software while maintaining a high standard of security.

What it is:
Smishing uses phishing tactics through SMS (text message) communication and attempts to obtain sensitive information by impersonating a trustworthy source. It is especially dangerous because, on rare occasion, these scams can infect your phone with a virus, too.

How to protect yourself:
If you are suspicious of smishing based on the sender or subject details alone, don’t open the message. If you do open it, do not open attachments, click links or call phone numbers and don’t respond if prompted to verify your information. Use your usual log in processes to check your account and call the company directly.

What it does:

Caller ID spoofing is the process of changing the caller ID to any number other than the calling number. This is done through an online service that, for a fee, creates a conference-type phone call connecting the user with the number they provide. This tactic is often used to impersonate a trusted person or organization in order to gain sensitive information. 

How to protect yourself:

If you experience this situation, remember the following:

  • Firefly will not call you and request personal information – if someone does it’s probably a scam. If you receive a suspect call from someone posing as a credit union employee, hang up and call the credit union directly (phone numbers can be found on this website, our digital banking app, or on your statement).
  • It’s usually a good practice to never give out any personal information over the telephone.
  • When giving out any information, it’s a good practice to verify the person on the other end of the phone before doing so.

What it does:

Trojans attempt to gain information from your computer by disguising as a trusted program. Spyware attempts to gather information about you and your browsing habits in order to send you targeted ads via spam email. Both are often hidden inside other programs (e.g., screen savers, time and date updaters, weather updaters) and infect your computer when the program runs.

How to protect yourself:

Avoid these by being aware of what you install on or download to your computer. If you are unsure of its legitimacy, search for reliable information regarding the program before adding it to your system. Updated anti-virus and spyware detection programs also are helpful in protecting your computer.

If you think you’ve been infected, update all virus definitions and run a full scan with your anti-virus software. If your system still appears compromised, fix it and change your password again. Also, check your online accounts (email, bank accounts) and change those passwords in case they have been compromised.

What it is:
Vishing uses a combination of VoIP (Voice over IP, i.e., phone calls through web) and phishing to identify key strokes or phone tones to gather personal information.

What it does:
It takes advantage of comfortable and secure methods used by financial institutions to deceive consumers, and often uses local area codes to make it seem more legitimate.

How to protect yourself:
Be skeptical of anyone contacting you and attempting to obtain your private banking or personal information. Firefly will never ask you for this information over the phone. Contact us immediately if you receive such a request.

The Federal Trade Commission (FTC) frequently updates their list of scams that consumers may fall victim to. To view this list to better protect yourself, visit the FTC’s site here.

Have you detected suspicious activity?

Contact Us

Your go-to Minneapolis-St. Paul credit union.

Firefly CU is the Minnesota credit union that offers full banking services and ATM access for your convenience. We'll help you open new accounts and loans, apply for mortgages, access wealth management services and strengthen your business with the right solutions.