Security Information

Identity theft is a serious and increasingly common crime whereby someone gains access to your personal information and uses it to spend your money, sign you up for loans or credit cards, and ruin your credit as a result. While identity theft was around before the popularity of the World Wide Web, scammers have since begun using it to seduce and ensnare unsuspecting victims through increasingly inventive schemes.

How you can avoid being scammed online:

Always ensure that you are visiting the correct website when performing Online Banking activities or using your debit/credit cards. Be familiar with the addresses of your online services and don’t trust the site if the address appears to be different, even if the layout of the page is the same.

Before submitting personal information such as account numbers, login information, or other sensitive details, be sure that you are on a secure website (the address will beg with https://, rather than http://). Browsers such as Firefox 2 and Internet Explorer 7 will tint the address bar to indicate that you are on a secure site, and all browsers will include a padlock icon either beside the address bar at the top of the window, or in the status bar at the bottom of the window.

Be suspicious of any email with urgent requests for personal financial information. Scammers using a technique called “phishing” will send emails claiming to be from a trusted financial institution (or even sites such as PayPal or eBay) asking that you re-confirm your financial information or your accounts will be closed. Emails that ask you to directly fill in, or link to a form online that asks you for your username, password, credit card number, social security number, account number, etc. are highly likely to be scams. If you are ever in doubt about the authenticity of an email you have received, contact GCU or the institution requesting the information before providing it.

Don’t use the links in an email to get to any web page if you suspect that the message may not be authentic. Instead, call the company on the phone or log into the website by typing the address into your browser directly.

Regularly log into your online accounts, and don’t wait for as long as a month between each logon.

Regularly check your financial institution, credit, and debit card statements to ensure that all transactions are legitimate. If anything is suspicious, contact your financial institution and card holders.

Ensure that you are always using the latest version of your browser, and that you have applied all available security updates. Internet Explorer 7, Firefox 3, and Safari 3.1 are the current latest releases of the three major browsers as of June 17, 2008.

Always report phishing or “spoofed” emails by forwarding them to the following groups:, (Federal Trade Commission), and the “abuse” email address of the company being spoofed. Also, file a complaint with the Fraud Complaint Center of the FBI. When forwarding a spoofed message, always include the entire original email with its original headers.

What to do if you’ve given out personal financial information:

Phishing attacks are growing quite sophisticated and difficult to detect, even for the most technically savvy people. And many people are getting onto the Internet and using email or Web browsers for the first time. As a result, some people are going to continue to be fooled into giving up their personal financial information in response to a phishing email or on a phishing website. If you have been tricked this way, you should assume that you will become a victim of credit card fraud, financial institution fraud, or identity theft. Below is some advice on what to do if you are in this situation:

Report the theft of this information to the card issuer as quickly as possible. Many companies have toll-free numbers and 24-hour service to deal with such emergencies.

Cancel your account and open a new one.

Review your billing statements carefully after the loss. If they show any unauthorized charges, it’s best to send a letter to the card issuer describing each questionable charge.

Your maximum liability under federal law for unauthorized use of your credit card is $50. If the loss involves your credit card number, but not the card itself, you have no liability for unauthorized use.

Your liability under federal lay for unauthorized use of your ATM or debit card depends on how quickly you report the loss. You risk unlimited loss if you fail to report an unauthorized transfer within 60 days after your bank statement containing the unauthorized use is mailed to you.

Report the theft of this information to GCU or the bank in question as quickly as possible.

Some phishing attacks use viruses and/or Trojans to install programs called “key loggers” on your computer. These programs capture and send out any information that you type to the phisher, including credit card numbers, usernames, passwords, Social Security Numbers, etc. In this case, you should:

Install and/or update anti-virus and personal firewall software.

Update all virus definitions and run a full scan.

Confirm every connection your firewall is currently set to allow.

If your system appears to have been compromised, repair it and then change your computer’s password and online account passwords again, as you may have transmitted the new one to the hacker.

Check your other accounts! The hackers may have helped themselves to many different accounts: eBay, PayPal, your ISP, online banking accounts, online trading accounts, e-commerce accounts, and everything else for which you use your online password.

Identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes. If you have given out this kind of information to a phisher, you should do the following:

Report the theft to the three major credit reporting agencies: Experian, Equifax, and Trans Union Corporation, and do the following:

-Request that they place a fraud alert and a victim’s statement in your file.

-Request a FREE copy of your credit report to check whether any accounts were opened without your consent. You can find information about obtaining free credit reports on the Federal Trade Commission’s website.

-Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft.

Notify your financial institution(s) and ask them to flag your account and contact you regarding any unusual activity. If bank accounts were set up without your consent, close them. If your ATM card was stolen, get a new card, account number, and PIN.

Contact your local police department to file a criminal report.

Contact the Social Security Administration’s Fraud Hotline to report the unauthorized use of your personal information.

Notify the Department of Motor Vehicles of your identity theft. Check to see whether an unauthorized license number has been issued in your name.

Notify the passport office to watch out for anyone ordering a passport in your name.

File a complaint with the Federal Trade Commission. Ask for a free copy of “ID Theft: When Bad Things Happen in Your Good Name”, a guide that will help you guard against and recover from your theft.

File a complaint with the Internet Fraud Complaint Center (IFCC). The IFCC is a partnership between the FBI and the National White Collar Crime Center (NW3C), with a mission to address fraud committed over the Internet. For victims of Internet fraud, IFCC provides a convenient and easy-to-use reporting mechanism that alerts authorities of a suspected criminal or civil violation.

Document the names and phone numbers of everyone you speak to regarding the incident. Follow-up your phone calls with letters. Keep copies of all correspondence.

Major Credit Bureaus:

Equifax –

  • To order a credit report, call 800-685-1111 or write: P.O. Box 740241, Atlanta, GA 30374-0241.

  • To report fraud, call 800-525-6285 and write: P.O. Box 740241, Atlanta GA 30374-0241.

  • Hearing impaired call 800-255-0056 and ask the operator to call the Auto Disclosure Line at 800-685-1111 to request a copy of your report.

Experian –

  • To order your report, call 888-EXPERIAN (397-3742) or write: P.O. Box 2002, Allen, TX 75013.

  • To report fraud, call 888-EXPERIAN (397-3742) (TDD: 800-972-0322) and write: P.O. Box 9530, Allen, TX 75013.

Trans Union –

  • To order your report, call 800-888-4213 or write: P.O. Box 1000, Chester, PA 19022.

  • To report fraud, call 800-680-7289 (TDD: 877-553-7803) and write: Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92634.


For questions or concerns regarding this notice, please contact:

Gundersen Credit Union
Attn: Member Services
1910 South Avenue
La Crosse, WI 54601