Fraud Protection Tips

At First Heritage we prioritize your financial security, and we want to help you stay safe online with some helpful tips.

Tips for Protecting your Data

Fraudsters continue to devise new schemes and scams to steal your personal information. First Heritage wants to make sure you are well-informed to protect yourself. If you suspect that you have fallen victim to a scam or experienced fraud on your account, please contact us by calling 800.833.3338, schedule an appointment online at fhfcu.org or stop into one of our branches.

Verify the contact information you are using for support

If you are reaching out to a company for support, always use the contact information provided on the company’s official website rather than trusting a search engine’s results. Fraudsters will often advertise a false phone number and/or email address in search engine results to trick you into thinking that they are the actual company.

What is social engineering?

The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

How do fraudsters get information?

There are several ways that a fraudster can get information directly from you.

Spoofed phone calls
Social media
Phishing emails
False websites

How do they get your phone number or email?

Data breaches
Purchases on the dark web

Smishing and Phishing

Fraudsters will take examples of real text messages and pretend to be from a bank or credit union to convince a cardholder to give information that can be used for fraudulent purposes. There will always be a request to either click a link or respond with information that can benefit a fraudster.

It is important to NEVER give out your one-time passcode, user name, and/or password.

One-Time Passcode (OTP) Fraud Prevention Techniques

You can implement the following techniques to secure yourself from OTP frauds:

Beware of unsolicited calls

OTP scammers often use phone calls, SMS, or emails to trick you into sharing your OTP. They pose as bank representatives, lenders, and other service providers, typically creating an urgency to get the OTP from you. It is important to note that legitimate institutions or companies do not ask for your OTP unless you initiate a transaction that prompts two-factor authentication. It is best to stay cautious of unsolicited sources.

Safeguard your sensitive information

By keeping your OTP, personal details, and account information private, you are not giving scammers a chance to trick you. Do not share these details over the phone, write them down, or leave them on unprotected networks.

Stay cautious of suspicious links

Fraudsters send malware-infested links under various pretexts like declaring a cash price, offering discounts, etc. Some attackers also impersonate service providers. You should never click on any of these links as they are used to read your device and capture OTPs. Always manually search for apps or websites instead of clicking on suspicious links.

Avoid unknown/non-verified apps

Upon downloading an app, you often need to grant permissions to access your device’s camera, photo gallery, etc. Sometimes, approving these permissions becomes necessary for in-app functions and SMS alerts. But if a suspicious app asks for access to these functions, it can easily steal your OTP and much more. You should only download legitimate apps and grant only the necessary permissions.

Transact through secure networks

Public Wi-Fi networks tend to be risky. Scammers can use these networks to spy on your online activities and steal your sensitive information, including OTPs. When you transact through secure networks, like your home Wi-Fi or a trusted Virtual Private Network (VPN), you prevent others from accessing your confidential data.

Double-check the source

As awareness of OTP fraud prevention techniques is increasing, scammers have come up with new ways to trick you. Sometimes, their messages or emails are indistinguishable from those of legitimate sources. But they cannot duplicate the source. You should verify the sender’s number, email ID, and other details to authenticate the medium.

Update contact details

If you have changed your email ID or mobile number, ensure you update it with your bank and other financial institutions. Doing so gives you more control over your accounts. By updating your contact details on time, you can redirect important alerts like OTPs, logins, etc., to your new number and avoid unauthorized access.

Track your account activity

Sometimes, scammers ensure you stay unaware of your account being hacked to continue exploiting your financial information. They may make small transactions initially to avoid drawing your attention. By tracking your account activity through mobile apps or websites, you can detect such suspicious attempts and report them immediately.

FAQ's

How to stay safe from OTP phishing

To stay safe from OTP phishing, you must never share your OTP with anyone. You must also avoid clicking on suspicious links and only enter OTPs on trusted websites or apps. Also, be cautious of unexpected requests for OTPs and double-check the sender’s identity.

How can I verify if an email/sms requesting an OTP is genuine?

To verify if an email/SMS requesting an OTP is genuine, you must confirm the sender’s identity through their official contact information. Additionally, you should check for spelling errors, unusual language, and casual greetings.

Can I use the same OTP for multiple transactions?

No, you cannot. Each OTP is designed for one-time use and provides security by being unique to each transaction. Hence, you cannot reuse it for multiple transactions.

What should I do if I receive a suspicious call/message requesting an OTP?

If you receive a suspicious call/message requesting an OTP, do not share the OTP. Hang up the call or delete the message. You should also block and report such communication.