Your Account Safety and Security
How We Protect You
Protect Your Personal Information
Protect Yourself from Phishing Scams
Tips for ATM Use
Verified by Visa®
Online Banking Security
Hughes Protects our Members
The security of your Hughes Federal Credit Union account is one of our highest priorities. We value the trust you have placed in us by choosing to become a member, which is why we have stringent safeguards to protect your account information. Our commitment to your account's security includes:
Any information submitted through Hughes online banking is encrypted using industry-standard technology. This ensures that in the unlikely event the information is intercepted by a third party, it is scrambled and very difficult to decode.
This innovative service puts the power to prevent credit and debit card fraud in your hands. With one quick phone call to the automated system—or a visit to the secure website—you can lock or unlock purchase authorizations on your credit and debit card.
CardLock™ works hand-in-hand with advanced fraud protection systems already in place, but gives you a greater role in the fight against fraud. You can use the service when traveling or if you've made an online purchase and feel nervous about Internet security. No matter how you choose to use CardLock™, if anyone tries to make an unauthorized purchase while your card is locked, you'll be notified by phone of the transaction attempt.
To register your Hughes Visa® Debit Card or Credit Card call toll-free (877) CULOCK1 (285-6251). Click here to login.
Close the Door on Fraud
Here are just a few examples of the ways CardLock™ can fight against fraud:
After paying for a restaurant meal or any purchase, you can lock the card to prevent fraudulent usage. Next time you need to use the card, you can unlock it in less than 30 seconds. When traveling, be safe and lock the card when not in use. If you've made an online purchase with your card and feel nervous about Internet security, take a few moments to lock the card.
Your account is protected by a password of your choosing that may be changed as often as you need. Credit Union employees do not have access to your password and will never ask you for it. If someone claims to be a credit union employee requests your password, refuse and immediately report the incident to our call center.
For security purposes, we "lock out" anyone who tries more than a few times to log in without the correct account number and password. A call to our call center to verify ownership of the account will be required to unlock the account.
Automatic Log Out
We strongly recommend taking the time to properly log out of your online banking session when complete, however for added security, the online program will automatically log out after 10 to 15 minutes of inactivity.
It is important that you carefully review your credit union statements as well as any other communications you receive from us. If you feel that your account information has been compromised, please contact our call center immediately at (520) 794-8341 (Tucson) or (800) 253-8245 (Outside Tucson), or write to us using our secure email form and we'll take steps to block further access to your account while the matter is investigated.
APRIL 11, 2014
HEARTBLEED VULNERABILITY UPDATE
Hughes Federal Credit Union continually tests all systems that are directly under our control for all known vulnerabilities. Additionally, Hughes Federal Credit Union confirms that our third party providers continually test for these same vulnerabilities. We can assure you that we have no evidence that any of our systems or our third party providers have been improperly accessed due to this vulnerability.
Hughes Federal Credit Union’s primary responsibility is the safety and security of member information through all channels including our electronic channels which include online banking, mobile banking, ATMs, and text messaging. Due to the awareness of “Heartbleed”, members may receive phishing emails with links that encourage them to change their online passwords to compensate for the vulnerability. We encourage you to please take precaution and adhere to Safety & Security guidelines available on our website.
If you have any questions, please contact us at (520) 794-8342; or outside Tucson (800) 253-8245 or visit our website HughesFCU.org. Thank you.
For additional information please visit:
Recent Fraud Alerts
March 17, 2014
Phone Phishing Scam
Hughes Federal Credit Union has learned of a widespread telephone phishing scam. Cardholders may receive what appear to be automated phone calls or texts, telling them that their ATM/Debit cards are locked.
The automated message requests call recipients to "Press 1" where they are to enter their 16-digit card number into their telephone key pad. Once this is entered, the scammers are then requesting the card’s Personal Identification Number (PIN). The scam artists are attempting to obtain customer card numbers and PINs in order to gain access to customer accounts via ATMs or POS (point of sale) purchases.
A reminder that Hughes Federal Credit Union will not request card, account information or PIN numbers from members over the phone. In many cases, phishing scams, whether by phone or through emails, attempt to gain personal information from the call or email recipients such as:
- First and Last Name
- Debit Card or ATM Card Number
- Debit or ATM Card Personal Identification Number (PIN)
- Date of Birth
- Social Security Number
- Account Number and/or Account Type
Please call Hughes Federal Credit Union at (520) 794-8341 (Tucson) or (800) 253-8245 (Outside Tucson) if you receive any suspicious calls regarding your personal information.
March 11, 2014
Phone Scams and Computer Repair
Cybercriminals pretending to work for tech companies are calling individuals claiming they’ve scanned their computers remotely and found viruses on them. Relying on computer users’ fear of viruses, lost data and identity theft, they trick people into giving them access to their credit card numbers and computers. Not only have they provided personal information, they may have given criminals access to their computer so they can install malware to capture the victim’s online shopping or bank information.
Scammers often use publicly available information such as name and phone number to make initial contact. They can often make an educated guess about your computer operating system. It is important to understand that reputable companies will not scan computers remotely without permission from the owner. They will not call computers users unless they already working with them on a support issue.
If you receive one of these telephone calls, here are a few tips to help protect yourself:
- When in doubt, hang up and call the company back at their publicly listed phone number.
- You can find contact information on their website.
- NEVER provide credit card or bank account information to someone on a cold call – even if they claim to be from a reputable company.
- NEVER give remote access to your computer or any technician unless they can confirm they are a legitimate employee of a computer support company that you have an existing agreement with.
If you’ve been victimized by a scammer:
- Contact your credit card company or financial institution immediately to report the incident and to protect your account from future charges.
- Change your computer password, along with the password of any online accounts that may have been provided to the cybercriminal.
- Update your security software and run a full scan on your computer to check for malware.
Phone scams are successful because criminals rely on computer users trust of an unknown person. You can defeat these scams by hanging up when you receive an unrequested call, regardless of who they say they are.
December 26, 2013
Target retails stores announced there was a security breach of credit/debit card information for consumers who shopped at their stores between November 27 and December 15, 2013. Hughes Federal Credit Union is unaware of any fraudulent activity on member credit/debit card accounts, but that could change. Members affected by the breach will be contacted by Hughes Federal Credit Union with instructions. They will be asked to closely monitor their account for unusual or fraudulent charges and to report it to the Credit Union immediately and receive a new card.
CREDIT CARD INFORMATION
Members wishing to avoid any potential risk may request a NEW credit card now by calling:
Cardholder Services at 866-820-3941 to have your new Visa® Credit Card issued automatically.
Hughes is issuing NEW card(s) at no cost for members affected by the breach (If you are inadvertently charged a fee for a new card, please contact the credit union for a prompt credit). If requesting a credit card by mail, you should receive it within 7-10 business days. Your new card will have a new number and new CVV (three-digit security code) on the back of the card.
Once you contact Cardholder Services, your card will be deactivated preventing any further charges. When you receive your new card in the mail, please activate it by following instructions provided in the mail as soon as possible. To activate, simply call the number displayed on the front of your card. Then, destroy your old card by cutting it up. Please note that recurring card payments will be affected and will require members to provide updated information associated with the new card.
DEBIT CARD INFORMATION
Members wishing to avoid any potential risk may request a NEWdebit card now by calling or visiting any one of our branches. Choose from our traditional debit card or several University of Arizona® designs. For your convenience, a list of our Tucson locations and hours is provided where you can get your new card instantly.
Instant Issue Debit Cards are available at these branches and times: (excluding holidays)
|971 W. Wetmore
|7970 N. Thornydale
|280 N. Pantano
|3131 E. Speedway
|Hermans Road Branch
|951 E. Hermans Rd
Target has more information on their website at www.target.com. A link at the top of the page will take you to full information about the breach.
For more information, please view your account online or contact Operations Support during regular business hours at (520) 794-8341 or (800) 253-8245 (outside Tucson).
- Members should continue to monitor their accounts and immediately report to Hughes Federal Credit Union any unauthorized activity;
- Members can establish immediate alerts through Online Banking to help monitor their accounts. To login or enroll, visit https://online.hughesfcu.org.
- Members may experience additional card verification inquiries from Falcon while traveling because the continuous fraud protection monitoring has been heightened. If fraudulent activity is suspected, members will receive a telephone call to verify transaction validity. Please make sure Hughes has your current mobile phone number or current contact information on file.
- See the latest regarding Bill Pay, eStatement and Mobile Banking.
October 9, 2013
Several members have reported receiving phone calls from an automated system for "The National Credit Union Registry" that indicates that their debit or credit card has been blocked, and in order to unblock the card they must input their card number. Please note that this is a fraud scam and was not sent by the Credit Union or any affiliation of credit unions. Fraudsters and scam artists are creative in trying to capture your personal information. A safe reminder is to never give personal information over the phone to a recorded message or to anyone who initiates contact with you.
December 14, 2012: Avoid Online Shopping/Shipping Scams During the Holidays
This is the time of year you might be eagerly waiting for a package to arrive at your door. But fraudsters know that so don't let your guard down.
Lots of us are buying cool stuff online these days; presents for ourselves and others and of course when you buy online the item has to be shipped.
That's why scammers send out emails in mass. If you've order something online from a legit store and you just can't wait for that item, think twice about emails which ask for additional information or steps to complete the delivery. Even if you see companies you know like Fed-Ex and DHL. It could be scammers preying on your lack of patience. Here's how it works.
"They have a package that you need to pick up. And you need to enter some personal information so they can give you directions to pick it up," says Nick LaFleur with the BBB of Southern Arizona. "Or it will have you download something onto your computer. It's a virus. It's after you personal information. They're trying to steal your identity. Do not fall for it."
Best advice: if you really are expecting a shipment go back to the original email you received confirming your purchase. Instructions to track packages are always there or contact the shipping companies directly.
December 4, 2012: Ransomware Attack
There is a significant uptick in a ransomware attack that declares a law enforcement agency has determined that a computer with the victim's IP address has accessed child pornography and other illegal content.
Moreover, this scam uses the good name of the Internet Crime Complaint Center (IC3) to lure the victim to a drive-by download website, which in turn installs the ransomware on the victim's computer, and tries to extort money.
As you well know, cyber criminals use social engineering to make people click on links to 'prevent a negative consequence'. To trick users to click this latest version of the malware claims that the victim's computer activity is being recorded using audio, video, and other devices. This type of social engineering can be encountered both at home and in the office. Click here (Link to PDFs/SocialEngineeringRedFlags.pdf) for a PDF file showing you the red flags in a malicious Email.
November 30, 2012
Consumers around the country are gearing up for the holiday shopping season. Fraudsters are also preparing for the holiday season
to prey upon unsuspecting consumers. Ongoing awareness of these scams is critical to help you protect your personal and financial information this holiday season.
Secure home computers and mobile devices: Members should ensure their home computers are secured with a firewall and antivirus software before performing any online transactions. Operating system patches should be downloaded when made available by software vendors. Members should also protect mobile devices (mobile phones, tablets, etc.) used to conduct online transactions by installing antivirus software.
Phishing scams: Members should not respond to emails, text messages, and phone calls that advertise the sale of gift cards, holiday gifts, promotions, contests and jobs.
Be wary of holiday offers for free items: Members should avoid tempting holiday offers, such as free downloadable applications for smartphones, antivirus software, screen savers, ring-tones and electronic greeting cards, which may be infected with viruses and/or malware.
Be wary of shopping online at Craigslist and public auction sites: Members might purchase merchandise that is never delivered. Members should follow the best practices published by Craigslist and other public auction websites to avoid scams.
Bogus charity scams: Members should confirm the legitimacy of the charity through the Better Business Bureau.
Monitor accounts: Members should periodically monitor their deposit and credit card accounts to identify any unauthorized transactions. Members should be instructed to immediately report unauthorized transactions to the credit union.
Report scams to the Federal Trade Commission at www.ftc.gov or call toll-free 1.877.FTC.HELP (1.877.382.4357).
October 12, 2012
The Better Business Bureau of Southern Arizona is warning seniors of telephone calls from scammers, claiming to be with Medicare, and asking for personal information- like social security numbers and bank account numbers.
"Consumers should be suspicious of unsolicited calls from anyone claiming to be from Medicare," said Kim States, BBB President. "Medicare will generally not make unsolicited calls to update information, issue a new card or offer free medical equipment. We recommend seniors hang up and call a trusted Medicare number if they have questions regarding their benefits."
September 28, 2012
The Better Business Bureau has received complaints about the Utah-based online payday lender, Zeal Funding Services, also known as 'My Cash Guardian', 'Money Leaf' and 'My Money Toolbox'. BBB offers the following tips for consumers to protect themselves when doing business on the Internet:
Verify the business's contact information (name, address, phone numbers) before you give out any personal information.
Read the terms and conditions carefully. If you don't understand them, ask. If you are unable to get a suitable response, don't do business with the company.
If a pop-up box appears after purchasing an item, read the box carefully to see how you can close it out without agreeing to a purchase.
August 24, 2012
A number of credit unions have reported that their members are being recruited as money mules by fraudsters. Money mules unknowingly assist fraudsters in laundering stolen funds. Money mules are most often recruited through bogus job offers for payment processors, financial managers, or overseas representatives. Fraudsters typically find their potential money mules by searching websites where job seekers post their resumes. A key consideration in accepting the position is the ability to work from home.
July 13, 2012
Some members reported receiving calls asking for personal information regarding their accounts. A reminder that Hughes Federal Credit Union will never ask for personal information or ask you to confirm information of any kind by phone, email or text message. This includes PINs, passwords, credit or debit card numbers, expiration dates, routing numbers, or other confidential information. If you suspect that your account information has been compromised, please contact the Credit Union or other financial institutions or credit card issuers as soon as possible. Advise them of possible criminal activity. Close any account you believe has been tampered with or opened fraudulently.
April 4, 2012
On the heels of the recent Global Payments breach, members should be aware of the potential for increased phishing attacks. These attacks could also target members who were not affected by the recent card breach. Members should be prepared for any suspicious e-mails, text messages or phone calls requesting any personal or financial information.
March 29, 2012
Better Business Bureau of Southern Arizona has issued an urgent scam alert cautioning businesses and consumers about an e-mail that is purporting to be from BBB about a complaint concerning an "unauthorized transaction." The e-mail contains a dangerous link and bogus sign in information. This is a scam - BBB does not accept or send complaints concerning private financial transactions. Should you receive such an e-mail, please disregard its message, and forward any information received to firstname.lastname@example.org, and then delete it. If you have clicked on the link, immediately do a virus scan.
March 26, 2012
Members have received fraudulent phone calls from individuals who claim to be Hughes Federal Credit Union representatives. The individual asks members for their member number and other personal information. Please do not provide this information to any person who initiates contact with you. Hughes will never ask you to provide or confirm personal information, such as your member number or social security number, over the phone.
March 13, 2012
Fraud investigators in Tucson warn about a counterfeit money scam. Many of the cases take place in the parking lots of convenience stores or gas stations. The suspect will approach the victim and ask to make change. Then that person gives the victim a fake bill in exchange for the money. The scam has involved $10, $20, $50 and $100 bills, and the fake money is typically used to buy items at yard and garage sales. Please be cautious when exchanging money with strangers.
February 1, 2012
Some members have received fraudulent text messages from the phone number 866-208-0109. Please do not reply to this message. Hughes Federal Credit Union will never ask for personal information or ask you to confirm personal information of any kind in an e-mail or text message. This includes your PIN, passwords, credit or debit card account numbers, expiration dates, or other confidential information.
The more you know about protecting yourself from scams, fraud and identity theft, the less likely it is that you'll become a victim. We are committed to keeping our account holders informed of important resources for financial safety and security. Click on to the items below to find ways to protect yourself:
Protect Your Personal Information
Protect Yourself from Phishing Scams
Tips for ATM Use
Verified by Visa®
Protect Your Personal Information
To help you control the increase in scams, we've provided these links to keep you informed of how to protect your personal information (remember to contact your financial institution immediately should you become a victim of phishing or other fraudulent activity).
National Credit Union Administration (NCUA): How to Avoid Becoming a Victim of Identity Theft
Please forward any fraudulent phishing email that appears to be from the NCUA to Phishing@ncua.gov. Additionally, you can file formal complaints concerning suspected fraudulent email with the Internet Fraud Complaint Center (IFCC) at www.ic3.gov.
If you suspect that your personal information has been compromised, follow these three important steps:
Contact the credit union and other financial institutions you do business with including credit card issuers, as soon as possible. Advise them of possible criminal activity. Close any accounts that you believe have been tampered with or opened fraudulently.
Contact the fraud department of each of the credit bureaus listed below and advise them you are a victim of fraud.
File a report with the local police of where the fraud took place.
Phone: (800) 525-6285
Phone: (888) 397-3742
Phone: (800) 680-7289
ATM Safety Tips
Choosing an ATM
When possible, use familiar ATMs or choose well-lit, well-placed ATMs where you feel comfortable.
Scan the whole ATM area before you approach it. Avoid using the ATM altogether if there are any suspicious-looking individuals around or if it looks too isolated or unsafe.
Have your card accessible before approaching the ATM and avoid opening your purse, bag, or wallet while in line..
Check to see if anything looks unusual or suspicious about the ATM indicating it might have been altered. If the ATM appears to have any attachments to the card slot or keypad, do not use it. Check for unusual instructions on the display screen and for suspicious blank screens. If you suspect that the ATM has been interfered with, proceed to another ATM and inform the bank.
Avoid ATMs which have messages or signs fixed to them indicating that the screen directions have been changed, especially if the message is posted over the card reader. ATM owners will not put up messages directing you to specific ATMs, nor will they direct you to use an ATM which has been altered.
Click here for information on how to find a CO-OP ATM via text messaging.
Using an ATM
Be cautious when strangers offer to help you at an ATM, even if your card is stuck or you are experiencing difficulty with the transaction. You should not allow anyone to distract you.
Check that other individuals in line keep an acceptable distance from you. Be on the lookout for individuals who might be watching you enter your PIN.
Stand close to the ATM and shield the keypad with your hand when keying in your PIN (you may wish to use the knuckle of your middle finger to key in the PIN).
Follow the instructions on the display screen, e.g., do not key in your PIN until the ATM requests you to do so.
If you feel the ATM is not working normally, press the cancel key, withdraw your card, and proceed to another ATM. Report the matter to your financial institution.
Never force your card into the card slot.
Keep your printed transaction record so that you can compare your ATM receipt to your monthly statement.
If your card gets jammed, retained, or lost, or if you are interfered with at an ATM, report this immediately to the ATM owner or police using the help line provided or nearest phone.
Carefully secure your card and cash in your wallet, handbag or pocket before leaving the ATM.
Managing Your ATM Use
Memorize your PIN (if you must write it down, do so in a disguised manner and never carry it with your card).
NEVER disclose your PIN to anyone, even a family member, credit union staff member, or police officer.
Do not use numbers that are obvious or easy to guess for your PIN like your date of birth.
If you think your card number or PIN may have been compromised, report it to the credit union immediately.
Set your daily ATM withdrawal limit at your branch at levels you consider reasonable.
Regularly check your account balance and statements and report any discrepancies to the credit union immediately.
Online Banking Security
Any information that you submit through online banking is encrypted using 128-bit SSL technology, the current standard for financial institutions nationwide. Even if the information you submit is intercepted by a third party, it is scrambled and very difficult to decode.