Privacy and Security

Fraud & ID Theft Scams

Phishing Threats
"Phishing" is the act of sending an e-mail, voicemail or a Text message to as many people as possible requesting that they give personal information (SSN, account numbers, bank numbers, etc.). The message is designed to look like it has come from or is supported by a bank or credit union. At some point, the message may even look like it was sent out by HarborOne.

Beware of Phone Scams
Individuals fraudulently claiming to represent local financial institutions will sometimes call people and ask for confidential information about their accounts. Please be assured that HarborOne will not contact you and ask you to provide us with personal, financial information over the phone, unless you personally initiate the conversation. We urge you to please carefully guard and protect your personal financial data.

Beware of Fraud E-mail and Text Messages
Many Phishing attempts are also involved in electronic communication. Many people have received an e-mail, voicemail or even a Text message to their cell phone requesting that they call, text “the Bank” with personal information (SSN, account numbers, bank numbers, etc.). The message is designed to look like it was sent from the Credit Union (or Their Financial Institution) At some point, the message may even say they are sent out by HarborOne.

HarborOne does not send E-mails, Voicemails or Text messages requesting personal information under any circumstances. If you receive a message that looks like it came from us and requests personal information, do not respond to the e-mail. Please forward the e-mail to compliance-home@harborone.com along with your name and phone number, and keep the e-mail since we may have questions about it. As a Member, your personal information is secure with us and we want to help you keep your personal information secure from anyone else attempting to use fraudulent methods to obtain it.

Beware Online(Internet) Phishing Threats
We have discovered “phishing” activity in which users are presented a web page that requests certain personal data such as account number, social security number, ATM card, PIN and credit card information. This web page may be titled “Security Confirmation” and appears to come from within the online banking and bill pay service, but it is actually a fraudulent page caused by malicious code that has infected your personal computers.

• If you see this web page, DO NOT PROVIDE YOUR INFORMATION and DO NOT SUBMIT THE FORM.
• Most anti-virus software providers have recently issued updated software which eliminates the malicious code. It is important that you update and run anti-virus protection software immediately to protect yourself.

As a reminder, we want to protect your identity and will NEVER ask you for your personal information online. If you ever receive a call, e-mail or unusual web page where this information is requested, DO NOT give this information out. As your credit union, it is our responsibility to protect your financial assets and safeguard the confidentiality of your personal information.

We have been advised that there are some fraudulent websites on the internet that appear similar in format to that of a financial institution.
These phony websites may ask or E-mail you for confidential information such as social security number, date of birth, credit, ATM or debit card number and related personal identification number (PIN). The intent of these websites is to obtain information illegally to access customers’ accounts and personal identities.

How Not to Get Hooked by a ‘Phishing’ Scam.
Internet scammers casting about for people’s financial information have a new way to lure unsuspecting victims: They go “phishing.”
Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.

According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with, for example, your Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to “update” or “validate” your account information. It might threaten some dire consequence if you don’t respond. The message directs you to a Web site that looks just like a legitimate organization’s site, but it isn’t. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

The FTC, the nation’s consumer protection agency, suggests these tips to help you avoid getting hooked by a phishing scam:

• If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address. In any case, don’t cut and paste the link in the message.
• Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s Web site, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
• Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
• Use anti-virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection. Finally, your operating system (like Windows or Linux) may offer free software “patches” to close holes in the system that hackers or phishers could exploit.
• Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
• Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to spam@uce.gov. If you believe you’ve been scammed, file your complaint at www.ftc.gov, and then follow the steps under the ID Theft Resources page of this website.

ID Theft Resources

What is ID Theft?
Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.

The FTC estimates that as many as 9 million Americans have their identities stolen each year. In fact, you or someone you know may have experienced some form of identity theft. The crime takes many forms. Identity thieves may rent an apartment, obtain a credit card, or establish a telephone account in your name. You may not find out about the theft until you review your credit report or a credit card statement and notice charges you didn’t make—or until you’re contacted by a debt collector.

Identity theft is serious. While some identity theft victims can resolve their problems quickly, others spend hundreds of dollars and many days repairing damage to their good name and credit record. Some consumers victimized by identity theft may lose out on job opportunities, or be denied loans for education, housing or cars because of negative information on their credit reports. In rare cases, they may even be arrested for crimes they did not commit.

For more detailed information about ID Theft visit the FTC website.

Protecting yourself from ID Theft
The following website is an excellent resource that can aid you to take the steps necessary to help protect against identity theft.

Victim of Identity Theft
If you are a victim of identity theft, take the following four steps as soon as possible, and keep a record with the details of your conversations and copies of all correspondence.

1. Place a fraud alert on your credit reports, and review your credit reports.
2. Close the accounts that you know, or believe, have been tampered with or opened fraudulently.
3. File a complaint with the Federal Trade Commission
4. File a report with your local police or the police in the community where the identity theft took place.

Important Websites and Phone Numbers You Should Know

The Credit Reporting Bureaus/Fraud Departments